Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Virus disabled my antivirus and some other programs on my computer [Cl


  • This topic is locked This topic is locked

#1
seasun

seasun

    Member

  • Member
  • PipPip
  • 16 posts

Yesterday I went to a trusted site and I got one of those pop ups advising me that my computer was infected and I had to call a number immediately. From there everything went downhill. I ran Eset, Hitman Pro, Malawarebytes, Bitdefender online scanner but neither of them found anything but antivirus and firewall remain disabled. I know the virus is there but, I just can't find it. I am working in safemode. Please help

 

I ran Farbar and ere are the logs:

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-04-2016
Ran by Sylvia (2016-04-29 11:31:45)
Running from C:\Users\Sylvia\Downloads
Windows 10 Home Version 1511 (X64) (2016-03-02 23:48:43)
Boot Mode: Safe Mode (with Networking)
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4044022209-2194366084-123958388-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-4044022209-2194366084-123958388-503 - Limited - Disabled)
Guest (S-1-5-21-4044022209-2194366084-123958388-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4044022209-2194366084-123958388-1003 - Limited - Enabled)
Sylvia (S-1-5-21-4044022209-2194366084-123958388-1000 - Administrator - Enabled) => C:\Users\Sylvia
Work (S-1-5-21-4044022209-2194366084-123958388-1004 - Administrator - Enabled) => C:\Users\Work

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Bitdefender Antivirus (Disabled - Up to date) {3FB17364-4FCC-0FA7-6BBF-973897395371}
AS: Bitdefender Antispyware (Disabled - Up to date) {84D09280-69F6-0029-510F-AC4AECBE19CC}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
FW: Bitdefender Firewall (Disabled) {078AF241-05A3-0EFF-40E0-3E0D69EA140A}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
A.I.type (HKLM-x32\...\{CA708BFE-EE7F-4B9D-88B5-AFA091047BEC}) (Version: 0.8 - A.I.type)
AC-3 ACM Codec x64 2.1 (HKLM\...\AC3ACM) (Version: 2.1 - fccHandler)
Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.176 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Amazon Cloud Drive (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\Amazon Cloud Drive) (Version: 2.5.1.38 - Amazon Digital Services, LLC.)
Amazon Kindle (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\Amazon Kindle) (Version:  - Amazon)
Amazon Music (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\Amazon Amazon Music) (Version: 4.1.0.1229 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{AFA1153A-F547-409B-B837-3A0D6C5A3FEC}) (Version: 3.1.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avensen Domain Name Finder 2.24 (HKLM-x32\...\{C2BD2D80-3531-4D00-8368-93FF75EE82FE}_is1) (Version:  - Avensen Software)
Backlink Pirate 1.0 (HKLM-x32\...\Backlink Pirate_is1) (Version:  - mtisoftware.com)
Bitdefender Agent (HKLM\...\Bitdefender Agent) (Version: 20.0.23.1252 - Bitdefender)
Bitdefender Total Security 2016 (HKLM\...\Bitdefender) (Version: 20.0.24.1290 - Bitdefender)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Canon MP Navigator EX 1.0 (HKLM-x32\...\MP Navigator EX 1.0) (Version:  - )
Canon My Printer (HKLM\...\CanonMyPrinter) (Version:  - )
Canon Utilities Solution Menu (HKLM-x32\...\CanonSolutionMenu) (Version:  - )
Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)
CopyTrans Control Center Uninstall Only (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\CopyTrans Suite) (Version: 4.004 - WindSolutions)
CoverFactory 2.50 (HKLM-x32\...\CoverFactory 2.50_is1) (Version: 2.50 - Answers 2000 Limited)
CurationSoft (HKLM-x32\...\CurationSoft) (Version: 3.94 - UNKNOWN)
CurationSoft (x32 Version: 3.94 - UNKNOWN) Hidden
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DomainInspect (HKLM-x32\...\DomainInspect) (Version:  - AntsSoft)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.18.1 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Freemake Audio Converter version 1.1.4 (HKLM-x32\...\Freemake Audio Converter_is1) (Version: 1.1.4 - Ellora Assets Corporation)
Freemake Video Converter version 4.1.7 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.7 - Ellora Assets Corporation)
Freemake Video Downloader (HKLM-x32\...\Freemake Video Downloader_is1) (Version: 3.8.0 - Ellora Assets Corporation)
Freemake YouTube To MP3 Boom (HKLM-x32\...\Freemake YouTube To MP3 Boom_is1) (Version: 1.0.4 - Ellora Assets Corporation)
Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Gateway Recovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 5.00.3002 - Gateway Incorporated)
Gateway Registration (HKLM-x32\...\Gateway Registration) (Version: 1.03.3003 - Gateway Incorporated)
Gateway ScreenSaver (HKLM-x32\...\Gateway Screensaver) (Version: 1.1.0225.2011 - Gateway Incorporated)
GIMP 2.8.14 (HKLM\...\GIMP-2_is1) (Version: 2.8.14 - The GIMP Team)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.75 - Google Inc.)
Google Photos Backup (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\Google Photos Backup) (Version: 1.1.2.13 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 5.1.0.880 (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\GoToMeeting) (Version: 5.1.0.880 - CitrixOnline)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.14.263 - SurfRight B.V.)
Hotkey Utility (HKLM-x32\...\Hotkey Utility) (Version: 2.05.3014 - Gateway Incorporated)
Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3006 - Gateway Incorporated)
InPixio Photo Clip Demo (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\{2FFE93F0-BB72-4E52-8761-354D1AAA9387}) (Version: 6.00 - Avanquest)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2869 - Intel Corporation)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.6.101 - IObit)
iolo technologies' System Mechanic (HKLM-x32\...\{55FD1D5A-7AEF-4DA3-8FAF-A71B2A52FFC7}_is1) (Version: 15.5.0 - iolo technologies, LLC)
iTunes (HKLM\...\{5D239A92-31A4-4FCA-967D-F9EA8E1FDF6A}) (Version: 12.1.2.27 - Apple Inc.)
Jarte (HKLM-x32\...\Jarte_is1) (Version: 5.4 - Carolina Road Software L.L.C.)
Java 8 Update 77 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218077F0}) (Version: 8.0.770.3 - Oracle Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
KeyScrambler (HKLM-x32\...\KeyScrambler) (Version: 2.9.1.0 - QFX Software Corporation)
Keyword Blaze (HKLM-x32\...\com.blueprintcentral.keywordblaze) (Version: 1.8.4 - UNKNOWN)
Keyword Blaze (x32 Version: 1.8.4 - UNKNOWN) Hidden
K-Lite Mega Codec Pack 8.7.0 (HKLM-x32\...\KLiteCodecPack_is1) (Version: 8.7.0 - )
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version:  - LastPass)
Logitech Scroll App 3.0 (HKLM\...\Sn1) (Version: 3.00.31 - Logitech)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MEGAsync (HKLM-x32\...\MEGAsync) (Version:  - Mega Limited)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Converter Pack (HKLM-x32\...\{6EECB283-E65F-40EF-86D3-D51BF02A8D43}) (Version: 11.0.0.0 - Microsoft Corporation - Office Resource Kit Group)
Microsoft Office Live Meeting 2007 (HKLM-x32\...\{E30E7561-A466-4393-B8BF-FD93E733EF3C}) (Version: 8.0.6362.202 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.5131.5000 - Microsoft Corporation)
Microsoft Office Word Viewer 2003 (HKLM-x32\...\{90850409-6000-11D3-8CFE-0150048383C9}) (Version: 11.0.8173.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Mozilla Firefox 46.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0 (x86 en-US)) (Version: 46.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.0.5955 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Music Manager (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\MusicManager) (Version:  - Google, Inc.)
Mz CPU Accelerator (HKLM\...\MzCPUAccelerator_is1) (Version: 4.1.0 - Mz CPU Accelerator)
Nero DiscSpeed 10 (HKLM-x32\...\{34490F4E-48D0-492E-8249-B48BECF0537C}) (Version: 6.2.10500.2.100 - Nero AG)
Nero Express 10 (HKLM-x32\...\{70550193-1C22-445C-8FA4-564E155DB1A7}) (Version: 10.2.12000.21.100 - Nero AG)
Nero Multimedia Suite 10 Essentials (HKLM-x32\...\{62BF4BD3-B1F6-4FA2-8388-CC0647ACBF86}) (Version: 10.5.10300 - Nero AG)
Nero StartSmart 10 (HKLM-x32\...\{F61D489E-6C44-49AC-AD02-7DA8ACA73A65}) (Version: 10.2.11600.14.100 - Nero AG)
Nero Update (HKLM-x32\...\{65BB0407-4CC8-4DC7-952E-3EEFDF05602A}) (Version: 1.0.0018 - Nero AG)
OpenOffice.org 3.3 (HKLM-x32\...\{3E171899-0175-47CC-84C4-562ACDD4C021}) (Version: 3.3.9567 - OpenOffice.org)
paint.net (HKLM\...\{DF3A46D9-67B3-44B2-9D01-25C8BA772C8A}) (Version: 4.0.6 - dotPDN LLC)
PeaZip 6.0.0 (HKLM-x32\...\{5A2BC38A-406C-4A5B-BF45-6991F9A05325}_is1) (Version: 6.0.0 - Giorgio Tani)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.)
PlayOn (HKLM-x32\...\{a8580830-79da-4f33-9fac-3377a789b85e}) (Version: 4.0.10.13030 - MediaMall Technologies, Inc.)
PlayOn (x32 Version: 4.0.10 - MediaMall Technologies, Inc.) Hidden
PlayOn Dependencies (x32 Version: 1.0.0.0 - MediaMall Technologies, Inc.) Hidden
Pure Networks Platform (x32 Version: 11.1.9051.0 - Pure Networks) Hidden
Pushbullet version 338 (HKLM-x32\...\{7578F204-49E7-4830-B051-14C23F408BFE}_is1) (Version: 338 - Pushbullet Inc)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
ScanSoft OmniPage SE 4 (HKLM-x32\...\{B2F3DBD9-A9D2-4838-B45D-C917DAB32BC3}) (Version: 15.2.0020 - Nuance Communications, Inc.)
Spotify (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\Spotify) (Version: 1.0.25.127.g58007b4c - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1126 - SUPERAntiSpyware.com)
System Requirements Lab for Intel (HKLM-x32\...\{04C4B49D-45D9-4A28-9ED1-B45CBD99B8C7}) (Version: 4.5.24.0 - Husdawg, LLC)
Unity Web Player (HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\UnityWebPlayer) (Version: 4.6.4f1 - Unity Technologies ApS)
VirtualDub Filter Pack 1.1 (HKLM-x32\...\VirtualDub Filter Pack_is1) (Version:  - Infognition Co. Ltd.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Waterfox 12.0 (x64 en-US) (HKLM\...\Waterfox 12.0 (x64 en-US)) (Version: 12.0 - Mozilla)
WavePad Sound Editor (HKLM-x32\...\WavePad) (Version: 6.11 - NCH Software)
WebDwarf V2 (HKLM-x32\...\{8E77A94F-AEE6-4B44-9330-514B08D042BA}) (Version: 2.92.17 - Virtual Mechanics)
Welcome Center (HKLM-x32\...\Gateway Welcome Center) (Version: 1.02.3102 - Gateway Incorporated)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
WinPcap 4.1.2 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2001 - CACE Technologies)
Wondershare PDF to Word (Build 3.5.0) (HKLM-x32\...\{DE718DF0-3874-4873-9BC3-3A94944C916E}_is1) (Version: 3.5.0 - Wondershare Software)
ZipItFree 2.30 (HKLM-x32\...\zipitfree) (Version: 2.30 - MicroSmarts LLC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4044022209-2194366084-123958388-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4044022209-2194366084-123958388-1000_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Sylvia\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-4044022209-2194366084-123958388-1000_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Program Files (x86)\Citrix\GoToMeeting\880\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-4044022209-2194366084-123958388-1000_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Sylvia\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {042B28F6-96D1-4E94-B120-19D7BE96CE16} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {05A58A71-313A-491D-B65F-AEBC746CA3A1} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {0902CC0F-B401-4A6D-AFAC-AD7F1CE1B23B} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044022209-2194366084-123958388-1000Core => C:\Users\Sylvia\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {0F39EEE8-80EC-4973-A106-C4A64A594F31} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {14F57CD1-CFEB-4005-B36E-F4840717E44B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {15ED5D55-F4F2-4352-A540-304BCCA2A368} - System32\Tasks\{51544CC1-1D98-4A6B-A4F1-DB814B5295E3} => pcalua.exe -a "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller\Revouninstaller.exe" -d "C:\Program Files (x86)\VS Revo Group\Revo Uninstaller"
Task: {1621C9ED-1D6C-4023-80B9-9B0606E23586} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {16AED659-136B-4C07-BC1C-3A9D60723BD3} - System32\Tasks\Uninstaller_SkipUac_Sylvia => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-04] (IObit)
Task: {1ABDDF65-6589-4B51-BE42-2ED072D372DA} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {2264806E-0E9A-4136-B397-4C08C8C3F63A} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {291CF3B5-7795-4233-B59C-DC336A4E0B6D} - System32\Tasks\SUPERAntiSpyware Scheduled Task 2a22458e-257e-4b72-8313-12aa3d1e78b8 => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {2C0C3086-949D-4B8C-89EF-382B2166B98C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-14] (Microsoft Corporation)
Task: {2D42AB1F-3CA3-43D3-BE13-32F50501BABC} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {356CCD50-D33C-483D-AEF5-B760414E7EE4} - System32\Tasks\Run RoboForm TaskBar Icon => C:\Program Files (x86)\Siber Systems\AI RoboForm\RoboTaskBarIcon.exe
Task: {35BFCAC6-8E38-4FB7-970E-3FE921274964} - System32\Tasks\SUPERAntiSpyware Scheduled Task dbfffb97-9cf2-4b86-b186-7cc759ae2f0d => C:\Program Files\SUPERAntiSpyware\SASTask.exe [2013-11-07] (SUPERAdBlocker.com)
Task: {3E6E5456-02AF-40DC-B9CA-1AE54320EF9E} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-09] (Adobe Systems Incorporated)
Task: {455C8359-2783-4FEB-9DC4-F4ED24A21BE1} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {4DBA1C39-5CE9-4576-9953-022434906B65} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {4F58DD95-72DC-4DD5-86AC-065EEC960107} - System32\Tasks\Bitdefender Agent WatchDog_65D6944A0EF74FDAB96E31112AD39864 => C:\Program Files\Bitdefender Agent\WatchDog.exe [2016-03-30] (Bitdefender)
Task: {5965114A-B5B9-423B-950B-C0B21D317C96} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {5EF093E4-0E4F-4D27-8752-A2278486FB92} - System32\Tasks\ASC Task (One-Time) => C:\Program Files (x86)\IObit\Advanced SystemCare\ASCPromote.exe
Task: {61932A53-C79A-45C5-BCB8-E60916DC989F} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {66C1BA5E-0D6A-48D1-93DC-5B02BC9A20B9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6C36EFDF-1AA0-4706-BC95-1D262ADA61E5} - System32\Tasks\{7FF363EE-EFEA-48B2-AE93-9B4C2E30F8E8} => pcalua.exe -a C:\Users\Sylvia\Downloads\AudibleDM_iTunesSetup.exe -d "C:\Program Files (x86)\Mozilla Firefox"
Task: {6C4F11DB-7945-4923-8CD5-4BFFDC39EB2D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7333543E-CD29-4134-84F1-BECEEC588092} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {77C93557-7547-49E8-B0D5-FBA2CA76828B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7A75DBD5-523C-44AE-B9F9-86442927C468} - System32\Tasks\iolo DelOnReboot => /c IF EXIST C:\ProgramData\iolo\ops\smrr.dll del /f C:\ProgramData\iolo\ops\smrr.dll
Task: {7D2C8AAD-3DEE-4FF5-BD7A-AFCBA0144ACA} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {7EF9970B-7260-421E-A8B0-CE4061C2DCA2} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {80C19242-1AAB-4F8B-908C-934E444A2312} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8196B0C5-09F7-4DA7-9797-705E9A9BE591} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8C837870-9581-4564-9956-DBBC4445455F} - System32\Tasks\{C71D4CB6-41FA-46D3-B69E-5478F015EE5C} => pcalua.exe -a "C:\Program Files\Desktop Calendar\DesktopCalendar.exe" -d C:\Users\Sylvia\Desktop
Task: {91FC9C37-8E9A-4D31-9489-591557A9CC2C} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {9E938577-801A-4777-B539-3C4FEC44E78C} - System32\Tasks\Open URL by RoboForm => Rundll32.exe url.dll,FileProtocolHandler "hxxp://www.roboform.com/uninstall.html?aaa=KICMNMLMKMKJLMMJOMNJCNNMMJGMOMCNLMIMMMKMCNHMOMNJKJCNKJJJIMPMKJJMNMMMJJHMKMHMJNJICMIMCNIMCNGMFMGMCNOMOMCNGMJMPMPMFMJMCNOMCNIMJMPMOMCNNMJNPICMOMFMFMHMMMMMJNHICMOMNMKJOMMMJNBJCMMKGIDJJIGJOJPNMKPIKJBJMJKJJNKJCMJNNICMJNDJCMKJBJ"
Task: {A138CCA1-D67E-4D4D-B317-ED0ACF0A0E77} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A223E981-9EF8-4300-9AA4-5D4C3D66F49D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {A379950E-135A-4FB5-B14E-F24BA6B0D0A2} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-07] (Dropbox, Inc.)
Task: {A6496C87-F958-4F24-B4EC-CD1352E8E4AE} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {AE59EC9C-C5AC-4805-BA59-2E787E6E5C45} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {B2F019B2-52D0-4279-A381-06A1B6373AB6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {B7463965-AA8E-4D15-ADA8-C8DCB5CDEACE} - System32\Tasks\{BCDDBC84-315E-481E-8CF3-0C0BBF98CD66} => pcalua.exe -a "C:\Users\Sylvia\Documents\My Downloads\Install_CopyTransControlCenter.exe" -d "C:\Users\Sylvia\Documents\My Downloads"
Task: {B7D44FD6-F1D2-4836-A7DC-2EEBA3DE8770} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BB4FD66B-8147-4A4C-8CFF-13C67F2E2C7A} - System32\Tasks\Uninstaller_SkipUac_Administrator => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-03-04] (IObit)
Task: {C6D6E601-0232-4EAA-9705-ADE7D5EF83D8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {C6ED9901-85EA-4E65-82E3-02D61396B41D} - System32\Tasks\{1C08320F-9E50-44CA-8099-F73BE4F2E066} => pcalua.exe -a D:\startinstall.exe -d D:\
Task: {CF0A5A7D-AE0A-4D7E-9945-0CB58F5FAE0C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {D2CF1736-AB75-4A39-A971-A37F73C06855} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-4044022209-2194366084-123958388-1000UA => C:\Users\Sylvia\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-27] (Google Inc.)
Task: {DB690CDF-FE8F-4691-B8A8-69BBCAA18053} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DE234142-6602-4FA6-B0BB-910EEB22441B} - \Driver Booster SkipUAC (Sylvia) -> No File <==== ATTENTION
Task: {E6C69022-3807-4A75-BBC2-64FB25E61A39} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {E820ADF2-7DB3-4B17-A4AF-009A65F7E8EA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-14] (Google Inc.)
Task: {EE153C7C-5A18-4308-8ABF-DAA32DCD4EC4} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {EE3E13E2-E0D6-44E2-AF29-50EDF04786B9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {F36F239B-EBA1-48E3-B313-4F3A0C6043BF} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
Task: {F5738708-4C9C-4BB0-B7DB-6022122C1D41} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-08-07] (Dropbox, Inc.)
Task: {F5AFD05F-B6A7-4959-8F29-5A79A4F121A3} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {FBB73A29-00C5-43B0-8002-4F451CDCEB6B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-14] (Google Inc.)
Task: {FEDCB278-CD00-489B-BDEE-0E263C1AB117} - System32\Tasks\iolo Process Governor => C:\Program Files (x86)\iolo\System Mechanic\iologovernor64.exe [2016-02-19] (iolo technologies, LLC)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\Chrome Cleanup Tool logs upload retry.job => C:\Users\Work\Downloads\chrome_cleanup_tool.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4044022209-2194366084-123958388-1000Core.job => C:\Users\Sylvia\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4044022209-2194366084-123958388-1000UA.job => C:\Users\Sylvia\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2a22458e-257e-4b72-8313-12aa3d1e78b8.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
Task: C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dbfffb97-9cf2-4b86-b186-7cc759ae2f0d.job => C:\Program Files\SUPERAntiSpyware\SASTask.exedC:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-13 10:35 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 10:35 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-05-01 10:13 - 2014-05-01 10:13 - 00470016 _____ () C:\Users\Sylvia\AppData\Local\MEGAsync\ShellExtX64.dll
2016-03-02 22:04 - 2016-03-02 22:04 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-04-13 10:25 - 2016-04-01 23:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-04-13 10:32 - 2016-04-01 23:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-04-13 10:30 - 2016-04-01 22:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-04-13 10:33 - 2016-04-01 22:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-04-13 10:34 - 2016-04-01 23:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Sylvia\Downloads\7z1514-x64.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\AdobeAIRInstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\esetsmartinstaller_enu(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\esetsmartinstaller_enu.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\FreemakeYouTubeToMP3BoomSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\fu123mx310swin1040us.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\InPixio_PhotoClip_EN_FT.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\jarte_54_setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\MEGAsyncSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\MessengerSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\musicmanagerinstaller.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\OneDriveSetup (1).exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\OneDriveSetup(1).exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\OneDriveSetup.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\peazip-6.0.0.WINDOWS.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\pushbullet_installer.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\setupBacklinkPirate.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\YP-DNA-Setup.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Downloads\zip-it-free.exe:BDU [0]
AlternateDataStreams: C:\Users\Sylvia\Documents\It's All About chosing.rtf:com.dropbox.attributes [168]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Option => "OptionValue"="2"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-04-17 18:47 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4044022209-2194366084-123958388-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows Live Photo Gallery\Windows Live Photo Gallery Wallpaper.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 1) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: AdvancedSystemCareService9 => 2
MSCONFIG\Services: Apple Mobile Device => 2
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Browser => 3
MSCONFIG\Services: CouponPrinterService => 2
MSCONFIG\Services: Freemake Improver => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MediaBrowser => 3
MSCONFIG\Services: MF NTFS Monitor => 2
MSCONFIG\Services: OnlineStorageService => 3
MSCONFIG\Services: TeamViewer9 => 2
MSCONFIG\Services: WMZuneComm => 3
MSCONFIG\Services: ZuneNetworkSvc => 3
MSCONFIG\startupfolder: C:^ProgramData^Microsoft^Windows^Start Menu^Programs^Startup^Trend Micro SafeSync.lnk => C:\Windows\pss\Trend Micro SafeSync.lnk.CommonStartup
MSCONFIG\startupfolder: C:^Users^Sylvia^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^Jacquie Lawson Quick Send Widget.lnk => C:\Windows\pss\Jacquie Lawson Quick Send Widget.lnk.Startup
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Amazon Music => "C:\Users\Sylvia\AppData\Local\Amazon Music\Amazon Music Helper.exe"
MSCONFIG\startupreg: CanonMyPrinter => C:\Program Files\Canon\MyPrinter\BJMyPrt.exe /logon
MSCONFIG\startupreg: CanonSolutionMenu => C:\Program Files (x86)\Canon\SolutionMenu\CNSLMAIN.exe /logon
MSCONFIG\startupreg: CCleaner Monitoring =>
MSCONFIG\startupreg: Dashlane =>
MSCONFIG\startupreg: DelaypluginInstall =>
MSCONFIG\startupreg: Dropbox => "C:\Program Files (x86)\Dropbox\Client\Dropbox.exe" /systemstartup
MSCONFIG\startupreg: Google Update => "C:\Users\Sylvia\AppData\Local\Google\Update\GoogleUpdate.exe" /c
MSCONFIG\startupreg: Google+ Auto Backup =>
MSCONFIG\startupreg: GoogleChromeAutoLaunch_D2E080A0B0D3FA5E85FCBE61F49B379B =>
MSCONFIG\startupreg: Hotkey Utility => C:\Program Files (x86)\Gateway\Hotkey Utility\HotkeyUtility.exe
MSCONFIG\startupreg: HotKeysCmds =>
MSCONFIG\startupreg: IgfxTray =>
MSCONFIG\startupreg: iolo Startup => "C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe"
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files (x86)\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: LogiScrollApp => C:\Program Files\Logitech\ScrollApp\KhalScroll.exe
MSCONFIG\startupreg: MediaFire Tray =>
MSCONFIG\startupreg: OOTag => C:\Program Files (x86)\Gateway\OOBEOffer\ootag.exe
MSCONFIG\startupreg: OpwareSE4 => "C:\Program Files (x86)\ScanSoft\OmniPageSE4\OpwareSE4.exe"
MSCONFIG\startupreg: Persistence =>
MSCONFIG\startupreg: RtHDVCpl => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: Sidebar =>
MSCONFIG\startupreg: Spotify => "C:\Users\Sylvia\AppData\Roaming\Spotify\Spotify.exe" /uri spotify:autostart
MSCONFIG\startupreg: Spotify Web Helper =>
MSCONFIG\startupreg: SSBkgdUpdate => "C:\Program Files (x86)\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
MSCONFIG\startupreg: SUPERAntiSpyware => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
MSCONFIG\startupreg: Wondershare Helper Compact.exe => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
MSCONFIG\startupreg: WrtMon.exe => C:\Windows\system32\spool\drivers\x64\3\WrtMon.exe
MSCONFIG\startupreg: Zune Launcher =>
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "MalwareProtectionLive"
HKLM\...\StartupApproved\Run32: => "ProductUpdater"
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\StartupApproved\Run: => "PlayOn"
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\StartupApproved\Run: => "Google Update"
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\StartupApproved\Run: => "Pushbullet"
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\StartupApproved\Run: => "Amazon Music"
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\StartupApproved\Run: => "MusicManager"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{FB32CFC7-68D9-445B-A7B9-6F07297BEDD2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F7795259-585F-402F-B4D7-40F92E513FCC}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECB67A89-C81E-42F3-A1E0-E5E2842294C7}] => (Allow) C:\Program Files (x86)\MediaMall\Surfer.exe
FirewallRules: [{A8F84D69-0067-4530-9267-1676C5B64DF2}] => (Allow) C:\Program Files (x86)\MediaMall\PlayMark.exe
FirewallRules: [{4686BE66-F714-43D1-883E-B359F726FE5B}] => (Allow) C:\Program Files (x86)\MediaMall\PlayOn.exe
FirewallRules: [{2696A0AB-93D6-4DFE-8913-547025F10868}] => (Allow) C:\Program Files (x86)\MediaMall\SettingsManager.exe
FirewallRules: [{344DBEB8-D60A-4615-8E88-762E32AE3128}] => (Allow) C:\Program Files (x86)\MediaMall\MediaMallServer.exe
FirewallRules: [{F1AE7181-3F30-4812-829C-BFD09523DFDB}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nse443C.tmp\Installer-10408138.exe
FirewallRules: [{54CB5400-7869-4429-910E-626611B634B1}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nse443C.tmp\Installer-10408138.exe
FirewallRules: [{6D7155E6-0A58-4F7E-AE2A-416E8B31407D}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsk39D2.tmp\Installer-10366810.exe
FirewallRules: [{6F07937E-6D2C-4449-A3AC-F79A8B5BDD91}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsk39D2.tmp\Installer-10366810.exe
FirewallRules: [{BE47FD72-2AEC-48DE-ABF4-4AF98D749EB1}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsn9D45.tmp\Installer-10256071.exe
FirewallRules: [{1C609DED-4A80-40A4-AB42-BF251EF0C4D0}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsn9D45.tmp\Installer-10256071.exe
FirewallRules: [{ED17C921-CB95-4048-82BD-97F04E9B3D2F}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsi234C.tmp\Installer-10256071.exe
FirewallRules: [{7D7D13AC-8759-4CA0-B2CB-33FB45C64B6C}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsi234C.tmp\Installer-10256071.exe
FirewallRules: [{61D277A5-9837-43E6-A1AA-0561008B5989}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsu7CBE.tmp\Installer-10256071.exe
FirewallRules: [{046C0303-2D4E-4CB2-A302-C4FA99BDF540}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsu7CBE.tmp\Installer-10256071.exe
FirewallRules: [{C8416BE5-FC20-47EC-9E14-36AC9067CA9C}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsh45B5.tmp\Installer-10256071.exe
FirewallRules: [{E995D1F4-17E2-42DE-9F82-D98ACA46FAE4}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsh45B5.tmp\Installer-10256071.exe
FirewallRules: [{93128737-852C-4399-B879-319632A5B9CC}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsc6EC4.tmp\Installer-10967099.exe
FirewallRules: [{1312276B-EDEC-4923-B892-33D8CD3CA4FC}] => (Allow) C:\Users\Sylvia\AppData\Local\Temp\nsc6EC4.tmp\Installer-10967099.exe
FirewallRules: [{B87BD1A6-FE36-465F-8BBA-34989181FF45}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{EF99279B-6B48-4ED6-A5A5-0C9010A9DB32}] => (Allow) LPort=2869
FirewallRules: [{257EA145-6F5A-4A4E-93A6-79EB28CF432F}] => (Allow) LPort=1900
FirewallRules: [{2402752B-0451-405D-B6CD-7A00838F1578}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{8FE0DD2A-3C70-4BFE-B975-E9638A213B70}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{02457991-DF03-4F56-A23E-7660FF178298}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{65A33E0B-B7CB-4B6A-8F51-BDF86A3A10FE}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{CAC566DA-FDB0-4E86-B7B2-762CA9114877}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{42A8A587-1D3D-4553-9513-FFD67A53D171}] => (Allow) C:\Program Files (x86)\Microsoft Office\Live Meeting 8\Console\PWConsole.exe
FirewallRules: [{314C7C95-7349-4595-B5FA-5B65F00D3034}] => (Allow) C:\Users\Sylvia\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{047C476F-FD62-49BE-86B1-768CE4D7EEF4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{2C65A81F-367D-41AD-B84A-51C6B01D95EB}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [TCP Query User{26500248-0376-478A-B17E-B4DC00752783}C:\users\sylvia\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sylvia\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{11F2F9D5-F007-47B5-A5B8-1DDE6CDFF95D}C:\users\sylvia\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\sylvia\appdata\roaming\spotify\spotify.exe
FirewallRules: [{F34C6A53-249E-41CB-8069-4E37373C7602}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{9E641E34-93E2-448A-A219-B35799C7444C}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{E442368C-AB9E-4C80-A44C-BB8FF54FEDEA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{FBBDB62B-A19C-4959-93ED-0D3FCD828109}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{F968339B-69A8-45B2-AF55-11CB06C893D6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C6A88EF3-F768-4A51-8BEE-C299F9DCB1BB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{F2FE9E56-F0F2-47C2-8439-E8E628186957}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe
FirewallRules: [{6C392394-4065-474C-88D4-F72925F8B91A}] => (Allow) LPort=7359
FirewallRules: [{CB73A292-2717-458E-9752-A8E76034A324}] => (Allow) LPort=8096
FirewallRules: [{7BDE6EA8-D327-4310-A7F8-9FCBB1C7EA62}] => (Allow) LPort=8920
FirewallRules: [{08B75D9C-9894-43D2-AFBD-6BD7DFFE77A0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{8A785DD1-05A7-457D-9714-B1A8002615EB}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe

==================== Restore Points =========================

14-04-2016 12:59:07 Checkpoint by HitmanPro
16-04-2016 16:36:51 Checkpoint by HitmanPro
17-04-2016 19:00:08 Windows Backup
21-04-2016 15:49:36 Windows Live Essentials
21-04-2016 15:52:16 Installed DirectX
29-04-2016 00:49:03 Windows Backup

==================== Faulty Device Manager Devices =============

Name: Microsoft PS/2 Mouse
Description: Microsoft PS/2 Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.


==================== Event log errors: =========================

Application errors:
==================
Error: (04/29/2016 12:49:26 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (04/29/2016 12:41:15 AM) (Source: ESENT) (EventID: 455) (User: )
Description: svchost (1100) SRUJet: Error -1811 (0xfffff8ed) occurred while opening logfile C:\WINDOWS\system32\SRU\SRU0002D.log.

Error: (04/28/2016 11:56:33 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe" /UninstallExplorer; Description = Bitdefender Agent restore point; Error = 0x8007043c).

Error: (04/28/2016 11:52:12 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe" /UninstallExplorer; Description = Bitdefender Total Security 2016 restore point; Error = 0x8007043c).

Error: (04/28/2016 11:23:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Sylvia-PC)
Description: Activation of app Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppXeb42j1vh6rk395pm0vmcx57dxqjhej5d.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (04/28/2016 11:21:49 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe" /UninstallExplorer; Description = Google Chrome restore point; Error = 0x8007043c).

Error: (04/28/2016 05:07:04 PM) (Source: System Restore) (EventID: 8193) (User: )
Description: Failed to create restore point (Process = C:\Program Files\HitmanPro\HitmanPro.exe Files\HitmanPro\HitmanPro.exe" ; Description = Checkpoint by HitmanPro; Error = 0x8007043c).

Error: (04/28/2016 11:43:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.218, time stamp: 0x56ff3cf7
Faulting module name: StartUI.dll, version: 10.0.10586.218, time stamp: 0x56ff3bfe
Exception code: 0xc0000005
Fault offset: 0x0000000000103439
Faulting process id: 0x8e0
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (04/27/2016 12:00:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SUPERANTISPYWARE.EXE version 6.0.0.1216 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1790

Start Time: 01d1a08fbe2df2d3

Termination Time: 77

Application Path: C:\Program Files\SUPERAntiSpyware\SUPERANTISPYWARE.EXE

Report Id: 258fdc7a-0c91-11e6-9d72-f80f4134d067

Faulting package full name:

Faulting package-relative application ID:

Error: (04/25/2016 04:22:13 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 45.0.2.5941, time stamp: 0x57071d64
Faulting module name: mozglue.dll, version: 45.0.2.5941, time stamp: 0x57070ebc
Exception code: 0x80000003
Fault offset: 0x0000ec22
Faulting process id: 0x19c4
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5


System errors:
=============
Error: (04/29/2016 11:33:11 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: 1084EventSystemUnavailable{1BE1F766-5536-11D1-B726-00C04FB926AF}

Error: (04/29/2016 11:33:01 AM) (Source: DCOM) (EventID: 10005) (User: Sylvia-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/29/2016 11:33:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/29/2016 11:33:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/29/2016 11:33:01 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/29/2016 11:30:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/29/2016 11:30:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/29/2016 11:30:52 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Server service which failed to start because of the following error:
%%1068

Error: (04/29/2016 11:30:44 AM) (Source: DCOM) (EventID: 10005) (User: Sylvia-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}

Error: (04/29/2016 11:29:55 AM) (Source: DCOM) (EventID: 10005) (User: Sylvia-PC)
Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}


CodeIntegrity:
===================================
  Date: 2016-04-15 19:06:28.321
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-04-14 23:54:36.209
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-24 10:24:19.764
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-13 12:06:29.717
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-10 11:10:14.873
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-04 11:34:58.376
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-03 19:19:22.768
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-02 18:48:19.884
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-02 18:41:47.771
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-02 18:37:05.176
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Pentium® Dual-Core CPU E6700 @ 3.20GHz
Percentage of memory in use: 30%
Total physical RAM: 4061.17 MB
Available physical RAM: 2810.58 MB
Total Virtual: 8157.17 MB
Available Virtual: 7078.58 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:914.91 GB) (Free:771.99 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: C7CF2891)
Partition 1: (Not Active) - (Size=16.5 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=914.9 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================


  • 0

Advertisements


#2
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Could you also post the main FRST log please


  • 0

#3
seasun

seasun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Thank you for replying so promptly. It's really hard working in safe mode. Here's the first part:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
Ran by Sylvia (administrator) on SYLVIA-PC (29-04-2016 11:29:50)
Running from C:\Users\Sylvia\Downloads
Loaded Profiles: Sylvia (Available Profiles: Sylvia & Work)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Safe Mode (with Networking)
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Microsoft Corporation) C:\Windows\HelpPane.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\SysMech.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\SysMech.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\SysMech.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1644824 2016-03-17] (Bitdefender)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4612544 2016-02-19] (iolo technologies, LLC)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23248560 2016-04-08] (Dropbox, Inc.)
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\Run: [Google Update] => C:\Users\Sylvia\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\Run: [Amazon Music] => C:\Users\Sylvia\AppData\Local\Amazon Music\Amazon Music Helper.exe [5895968 2016-02-01] ()
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe [1447328 2016-03-17] (Bitdefender)
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\RunOnce: [Uninstall C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\amd64\FileSyncShell64.dll [2016-04-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\amd64\FileSyncShell64.dll [2016-04-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\amd64\FileSyncShell64.dll [2016-04-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sylvia\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sylvia\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sylvia\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\FileSyncShell.dll [2016-04-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\FileSyncShell.dll [2016-04-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\FileSyncShell.dll [2016-04-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sylvia\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sylvia\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sylvia\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
BootExecute: autocheck autochk *
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9d25297a-5b61-41c4-86c4-ca26be3d0491}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{9d25297a-5b61-41c4-86c4-ca26be3d0491}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a1b58d0d-516e-4a3b-b0f4-fbe86a594e92}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{a1b58d0d-516e-4a3b-b0f4-fbe86a594e92}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL =
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL =
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.com/
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4044022209-2194366084-123958388-1000 -> {5BB5229C-A5FC-4890-BECD-A13D981BF5AD} URL = hxxp://www.bing.com/search?FORM=U217DF&PC=U217&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4044022209-2194366084-123958388-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4044022209-2194366084-123958388-1000 -> {F80236B3-2F4C-4D1D-BFC5-0F117C9309A3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US1134D20150724&p={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-03-17] (Bitdefender)
BHO: KeyScramblerBHO Class -> {2B9F5787-88A5-4945-90E7-C4B18563BC5E} -> C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll [2012-03-08] (QFX Software Corporation)
BHO: LastPass Browser Helper Object -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPBar64.dll [2012-05-19] (LastPass)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Logitech Scroll App -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\ScrollApp\LogiSmooth.dll [2011-12-14] (Logitech, Inc.)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-03-17] (Bitdefender)
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-14] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-14] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll [2012-05-19] (LastPass)
Toolbar: HKLM - No Name - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-03-17] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-03-17] (Bitdefender)
Toolbar: HKU\S-1-5-21-4044022209-2194366084-123958388-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-02-20] (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-02-20] (Cisco Systems, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File

Edge:
======
Edge HomeButtonPage: HKU\S-1-5-21-4044022209-2194366084-123958388-1000 -> hxxp://www.facebook.com/

FireFox:
========
FF ProfilePath: C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\zk03ocp4.Sylvia S
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.facebook.com/
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\WINDOWS\SysWOW64\npdeployJava1.dll [2016-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4044022209-2194366084-123958388-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Sylvia\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-4044022209-2194366084-123958388-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Sylvia\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-4044022209-2194366084-123958388-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sylvia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-09] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4044022209-2194366084-123958388-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Sylvia\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [No File]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-07-28]
FF Extension: Priv3 - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\zk03ocp4.Sylvia S\extensions\[email protected] [2016-04-28]
FF Extension: Session Manager - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\8at14fns.default-1460606279328\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-04-14]
FF Extension: Session Manager - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\xq740vj5.default-1460763705533\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-04-15]
FF Extension: FillForm - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\zk03ocp4.Sylvia S\Extensions\[email protected] [2016-04-29]
FF Extension: Ghostery - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\zk03ocp4.Sylvia S\Extensions\[email protected] [2016-04-16]
FF Extension: AmazonSmile 1Button for Firefox - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\zk03ocp4.Sylvia S\Extensions\[email protected] [2016-04-28]
FF Extension: Session Manager - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\zk03ocp4.Sylvia S\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-04-16]
FF Extension: Adblock Plus - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\zk03ocp4.Sylvia S\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: Bitdefender QuickScan - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\zk03ocp4.Sylvia S\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-04-29]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: No Name - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-04-29] [not signed]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: No Name - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-04-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\ScrollApp\LogiSmoothFirefoxExt
FF Extension: Logitech Scroll App - C:\Program Files\Logitech\ScrollApp\LogiSmoothFirefoxExt [2011-12-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2014-06-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2014-06-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext

Chrome:
=======
CHR Profile: C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflpeapppfijfecjmibidlnfggdifmic [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbfpjledahoajcppakbgilmojkaghgm [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdfmeimafcmmefpiebpeodknddagimg [2016-04-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx <not found>

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-07] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-07] (Dropbox, Inc.)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-03-28] (Freemake) [File not signed]
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-03-14] (Ellora Assets Corp.) [File not signed]
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-04-29] (SurfRight B.V.)
S2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4759600 2016-02-19] (iolo technologies, LLC)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
S2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [135176 2016-03-17] (Bitdefender)
S2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1679672 2016-03-17] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1622512 2016-02-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [806344 2016-02-02] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
S3 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [118608 2016-03-17] (BitDefender LLC)
S1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
S1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
S0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
S1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-30] (REALiX™)
S0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [290032 2016-03-17] (Bitdefender)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222904 2011-12-14] (QFX Software Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-29] (Malwarebytes)
S3 msvad_simple; C:\Windows\system32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2504192 2015-10-30] (MediaTek Inc.)
S2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
S1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
S1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-29 11:29 - 2016-04-29 11:30 - 00027820 _____ C:\Users\Sylvia\Downloads\FRST.txt
2016-04-29 11:29 - 2016-04-29 11:29 - 02376704 _____ (Farbar) C:\Users\Sylvia\Downloads\FRST64.exe
2016-04-29 11:29 - 2016-04-29 11:29 - 00000000 ____D C:\FRST
2016-04-29 01:56 - 2016-04-29 01:56 - 00000000 ____D C:\Users\Sylvia\Desktop\rkill
2016-04-29 01:55 - 2016-04-29 01:56 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Sylvia\Downloads\rkill.exe
2016-04-29 01:04 - 2016-04-29 01:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-29 00:43 - 2016-04-29 00:43 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Bitdefender
2016-04-29 00:05 - 2016-04-29 00:05 - 00025644 _____ C:\ProgramData\1461902753.bdinstall.bin
2016-04-29 00:05 - 2016-04-29 00:05 - 00025643 _____ C:\ProgramData\1461902743.bdinstall.bin
2016-04-29 00:04 - 2016-04-29 00:04 - 00044331 _____ C:\ProgramData\1461902695.bdinstall.bin
2016-04-29 00:04 - 2016-04-29 00:04 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-04-28 23:56 - 2016-04-28 23:56 - 00238577 _____ C:\ProgramData\1461901934.bdinstall.bin
2016-04-28 23:56 - 2016-04-28 23:56 - 00027349 _____ C:\ProgramData\1461902194.bdinstall.bin
2016-04-28 23:30 - 2016-04-29 01:57 - 00002800 _____ C:\Users\Sylvia\Desktop\Rkill.txt
2016-04-28 23:20 - 2016-04-29 04:38 - 00000000 ____D C:\ProgramData\ProductData
2016-04-28 19:50 - 2016-04-29 04:37 - 00000000 ____D C:\Users\Sylvia\Desktop\mbar
2016-04-26 19:22 - 2016-04-26 19:22 - 00000000 ____D C:\Users\Sylvia\AppData\Local\{59A79ABB-2F6B-42ED-9CA3-3FE3F43EBABC}
2016-04-26 18:26 - 2016-04-26 19:17 - 00008003 _____ C:\Users\Sylvia\Documents\starburn.txt
2016-04-26 18:25 - 2016-04-29 04:37 - 00000000 ____D C:\Users\Sylvia\Documents\Wondershare Filmora
2016-04-26 18:25 - 2016-04-26 18:25 - 00000000 ____D C:\ProgramData\Wondershare Video Editor
2016-04-26 18:25 - 2016-04-26 18:25 - 00000000 ____D C:\Program Files\Wondershare
2016-04-24 13:20 - 2016-04-29 04:38 - 00000000 ____D C:\Program Files (x86)\Easy Auto Spinner
2016-04-23 21:00 - 2016-04-23 21:00 - 00000020 _____ C:\Users\Sylvia\Documents\AMAZON.txt
2016-04-21 15:53 - 2016-04-21 15:53 - 00000000 ____D C:\Users\Sylvia\AppData\Local\{5A7B1867-658B-4130-954E-3614476600DA}
2016-04-16 17:16 - 2016-04-16 17:16 - 00000118 _____ C:\WINDOWS\aebmark.ini
2016-04-16 17:15 - 2016-04-16 17:15 - 00000036 _____ C:\WINDOWS\AEBFONT.INI
2016-04-16 17:15 - 2016-04-16 17:15 - 00000023 _____ C:\WINDOWS\ANS2000.INI
2016-04-16 17:15 - 2016-04-16 17:15 - 00000020 ____H C:\WINDOWS\akebook.ini
2016-04-16 17:15 - 2016-04-16 17:15 - 00000004 ____H C:\WINDOWS\a3kebook.ini
2016-04-16 17:00 - 2016-04-16 17:00 - 00000015 _____ C:\WINDOWS\cfwin.ini
2016-04-16 16:59 - 2016-04-16 16:59 - 00000110 _____ C:\WINDOWS\cfwinlib.ini
2016-04-16 16:59 - 2016-04-16 16:59 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoverFactory 2.50
2016-04-16 16:59 - 2016-04-16 16:59 - 00000000 ____D C:\Program Files (x86)\CoverFactory 2.50
2016-04-16 16:58 - 2016-04-16 16:58 - 04611619 _____ C:\Users\Sylvia\Downloads\setupcfw250.exe
2016-04-15 23:09 - 2016-04-15 23:09 - 00000000 ____D C:\Users\Firefox Profile
2016-04-15 22:18 - 2016-04-29 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-14 12:20 - 2016-04-29 01:01 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{878C54A3-5224-4505-B8CF-88C3DA4BDD39}
2016-04-14 12:18 - 2016-04-14 12:14 - 00905280 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npdeployJava1.dll
2016-04-14 12:18 - 2016-04-14 12:14 - 00825408 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll
2016-04-14 12:15 - 2016-04-29 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-14 12:15 - 2016-04-14 12:15 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-04-14 12:15 - 2016-04-14 12:15 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Sun
2016-04-14 12:15 - 2016-04-14 12:15 - 00000000 ____D C:\Users\Sylvia\.oracle_jre_usage
2016-04-14 12:14 - 2016-04-14 12:19 - 00000000 ____D C:\ProgramData\Oracle
2016-04-14 12:12 - 2016-04-14 12:12 - 00734784 _____ (Oracle Corporation) C:\Users\Sylvia\Downloads\JavaSetup8u77.exe
2016-04-14 12:12 - 2016-04-14 12:12 - 00000000 ____D C:\Users\Sylvia\AppData\LocalLow\Oracle
2016-04-14 00:16 - 2016-04-14 00:16 - 00002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-14 00:16 - 2016-04-14 00:16 - 00002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-14 00:15 - 2016-04-29 01:20 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-14 00:15 - 2016-04-29 00:42 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-14 00:15 - 2016-04-14 00:15 - 00987728 _____ (Google Inc.) C:\Users\Sylvia\Downloads\ChromeSetup.exe
2016-04-14 00:15 - 2016-04-14 00:15 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-14 00:15 - 2016-04-14 00:15 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-13 23:58 - 2016-04-15 19:41 - 00000000 ____D C:\Users\Sylvia\Desktop\Old Firefox Data
2016-04-13 23:38 - 2016-04-13 23:39 - 00002550 _____ C:\Users\Work\Desktop\Rkill.txt
2016-04-13 23:38 - 2016-04-13 23:38 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Work\Downloads\rkill.exe
2016-04-13 23:14 - 2016-04-28 23:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-13 23:13 - 2016-04-13 23:37 - 00000000 ____D C:\Users\Work\Desktop\mbar
2016-04-13 23:13 - 2016-04-13 23:13 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Work\Downloads\mbar-1.09.3.1001.exe
2016-04-13 23:11 - 2016-04-13 23:11 - 00002053 _____ C:\Users\Work\Downloads\FSS.txt
2016-04-13 23:10 - 2016-04-13 23:10 - 00899584 _____ (Farbar) C:\Users\Work\Downloads\FSS.exe
2016-04-13 23:08 - 2016-04-13 23:08 - 00852798 _____ C:\Users\Work\Downloads\SecurityCheck.exe
2016-04-13 22:44 - 2016-04-13 22:45 - 00000304 _____ C:\WINDOWS\Tasks\Chrome Cleanup Tool logs upload retry.job
2016-04-13 22:43 - 2016-04-13 22:45 - 04621272 _____ (Google) C:\Users\Work\Downloads\chrome_cleanup_tool.exe
2016-04-13 22:40 - 2016-04-13 22:40 - 00002562 _____ C:\WINDOWS\system32\.crusader
2016-04-13 22:27 - 2016-04-29 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-04-13 22:27 - 2016-04-29 04:38 - 00000000 ____D C:\Program Files\HitmanPro
2016-04-13 22:27 - 2016-04-13 22:27 - 00001969 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-04-13 22:26 - 2016-04-13 22:41 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-13 22:26 - 2016-04-13 22:26 - 11441744 _____ (SurfRight B.V.) C:\Users\Work\Downloads\hitmanpro_x64.exe
2016-04-13 21:54 - 2016-04-13 21:54 - 00003608 _____ C:\Users\Work\Desktop\JRT.txt
2016-04-13 21:52 - 2016-04-13 21:52 - 01610352 _____ (Malwarebytes) C:\Users\Work\Downloads\JRT.exe
2016-04-13 21:27 - 2016-04-13 21:27 - 03465280 _____ C:\Users\Sylvia\Downloads\adwcleaner_5.110.exe
2016-04-13 20:52 - 2016-04-13 20:52 - 02870984 _____ (ESET) C:\Users\Sylvia\Downloads\esetsmartinstaller_enu (1).exe
2016-04-13 20:11 - 2016-04-13 20:11 - 02870984 _____ (ESET) C:\Users\Sylvia\Downloads\esetsmartinstaller_enu(2).exe
2016-04-13 19:55 - 2016-04-13 19:55 - 00000000 ____D C:\Users\Work\AppData\Roaming\QuickScan
2016-04-13 19:49 - 2016-04-29 11:10 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-13 19:40 - 2016-04-29 11:29 - 00831786 _____ C:\WINDOWS\ntbtlog.txt
2016-04-13 19:26 - 2016-04-13 19:26 - 00000020 ___SH C:\Users\Work\ntuser.ini
2016-04-13 10:36 - 2016-03-29 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 10:36 - 2016-03-29 03:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 10:36 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 10:36 - 2016-03-29 03:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 10:36 - 2016-03-29 02:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 10:36 - 2016-03-29 02:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 10:36 - 2016-03-29 01:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 10:35 - 2016-03-29 06:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 10:35 - 2016-03-29 06:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 10:35 - 2016-03-29 06:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 10:35 - 2016-03-29 05:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 10:35 - 2016-03-29 04:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 10:35 - 2016-03-29 04:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 10:35 - 2016-03-29 04:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 10:35 - 2016-03-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 10:35 - 2016-03-29 03:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 10:35 - 2016-03-29 03:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 10:35 - 2016-03-29 03:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 10:35 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 10:35 - 2016-03-29 03:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 10:35 - 2016-03-29 03:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 10:35 - 2016-03-29 02:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 10:35 - 2016-03-29 02:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 10:35 - 2016-03-29 02:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 10:35 - 2016-03-29 02:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 10:35 - 2016-03-29 02:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 10:35 - 2016-03-29 02:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 10:35 - 2016-03-29 01:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 10:35 - 2016-03-29 01:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 10:35 - 2016-03-29 01:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 10:35 - 2016-03-29 01:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 10:35 - 2016-03-29 01:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 10:34 - 2016-04-01 23:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 10:34 - 2016-03-29 04:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 10:34 - 2016-03-29 03:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 10:34 - 2016-03-29 03:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 10:34 - 2016-03-29 03:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 10:34 - 2016-03-29 03:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 10:34 - 2016-03-29 02:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 10:34 - 2016-03-29 02:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 10:34 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 10:34 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 10:34 - 2016-03-29 02:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 10:34 - 2016-03-29 01:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 10:34 - 2016-03-29 01:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 10:34 - 2016-03-29 01:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 10:34 - 2016-03-29 01:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 10:34 - 2016-03-29 01:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 10:33 - 2016-04-01 23:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 10:33 - 2016-04-01 23:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 10:33 - 2016-04-01 23:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 10:33 - 2016-04-01 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 10:33 - 2016-03-29 05:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 10:33 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 10:33 - 2016-03-29 05:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 10:33 - 2016-03-29 03:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 10:33 - 2016-03-29 03:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 10:33 - 2016-03-29 02:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 10:33 - 2016-03-29 02:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 10:33 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 10:33 - 2016-03-29 02:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 10:33 - 2016-03-29 02:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 10:33 - 2016-03-29 02:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 10:33 - 2016-03-29 01:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 10:33 - 2016-03-29 01:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 10:33 - 2016-03-29 01:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 10:33 - 2016-03-29 01:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 10:33 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 10:32 - 2016-04-02 00:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 10:32 - 2016-04-01 23:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 10:32 - 2016-04-01 23:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 10:32 - 2016-04-01 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 10:32 - 2016-04-01 23:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 10:32 - 2016-04-01 23:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 10:32 - 2016-03-29 06:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 10:32 - 2016-03-29 06:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 10:32 - 2016-03-29 06:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 10:32 - 2016-03-29 06:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 10:32 - 2016-03-29 06:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 10:32 - 2016-03-29 05:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 10:32 - 2016-03-29 04:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 10:32 - 2016-03-29 03:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 10:32 - 2016-03-29 03:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 10:32 - 2016-03-29 03:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 10:32 - 2016-03-29 03:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 10:32 - 2016-03-29 03:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 10:32 - 2016-03-29 03:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 10:32 - 2016-03-29 03:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 10:32 - 2016-03-29 03:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 10:32 - 2016-03-29 03:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 10:32 - 2016-03-29 03:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 10:32 - 2016-03-29 03:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 10:32 - 2016-03-29 03:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 10:32 - 2016-03-29 02:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 10:32 - 2016-03-29 02:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 10:32 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 10:32 - 2016-03-29 02:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 10:32 - 2016-03-29 02:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 10:32 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 10:32 - 2016-03-29 01:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 10:31 - 2016-04-02 00:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 10:31 - 2016-03-29 05:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 10:31 - 2016-03-29 05:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 10:31 - 2016-03-29 04:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 10:31 - 2016-03-29 04:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 10:31 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 10:31 - 2016-03-29 03:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 10:31 - 2016-03-29 03:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 10:31 - 2016-03-29 03:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 10:31 - 2016-03-29 03:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 10:31 - 2016-03-29 03:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 10:31 - 2016-03-29 03:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 10:31 - 2016-03-29 03:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 10:31 - 2016-03-29 03:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 10:31 - 2016-03-29 03:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 10:31 - 2016-03-29 03:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 10:31 - 2016-03-29 03:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 10:31 - 2016-03-29 02:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 10:31 - 2016-03-29 02:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 10:31 - 2016-03-29 02:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 10:31 - 2016-03-29 02:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 10:31 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 10:31 - 2016-03-29 02:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 10:31 - 2016-03-29 02:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 10:31 - 2016-03-29 02:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 10:31 - 2016-03-29 02:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 10:31 - 2016-03-29 02:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 10:31 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 10:31 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 10:31 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 10:31 - 2016-03-29 02:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 10:31 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 10:31 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 10:30 - 2016-04-01 23:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 10:30 - 2016-03-29 06:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 10:30 - 2016-03-29 06:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 10:30 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 10:30 - 2016-03-29 05:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 10:30 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 10:30 - 2016-03-29 05:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 10:30 - 2016-03-29 04:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 10:30 - 2016-03-29 04:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 10:30 - 2016-03-29 04:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 10:30 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 10:30 - 2016-03-29 03:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 10:30 - 2016-03-29 03:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 10:30 - 2016-03-29 03:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 10:30 - 2016-03-29 03:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 10:30 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 10:30 - 2016-03-29 03:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 10:30 - 2016-03-29 03:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 10:30 - 2016-03-29 03:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 10:30 - 2016-03-29 03:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 10:30 - 2016-03-29 03:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 10:30 - 2016-03-29 03:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 10:30 - 2016-03-29 02:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 10:30 - 2016-03-29 02:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 10:30 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 10:30 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 10:30 - 2016-03-29 02:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 10:30 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 10:30 - 2016-03-29 02:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 10:30 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 10:30 - 2016-03-29 02:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 10:30 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 10:30 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 10:30 - 2016-03-29 02:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 10:30 - 2016-03-29 02:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 10:29 - 2016-04-02 00:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 10:29 - 2016-04-02 00:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 10:29 - 2016-04-01 23:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 10:29 - 2016-03-29 06:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 10:29 - 2016-03-29 06:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 10:29 - 2016-03-29 06:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 10:29 - 2016-03-29 05:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 10:29 - 2016-03-29 05:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 10:29 - 2016-03-29 05:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 10:29 - 2016-03-29 05:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 10:29 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 10:29 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 10:29 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 10:29 - 2016-03-29 04:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 10:29 - 2016-03-29 03:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 10:29 - 2016-03-29 03:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 10:29 - 2016-03-29 03:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 10:29 - 2016-03-29 03:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 10:29 - 2016-03-29 03:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 10:29 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 10:29 - 2016-03-29 03:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 10:29 - 2016-03-29 02:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 10:29 - 2016-03-29 02:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 10:29 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 10:29 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 10:29 - 2016-03-29 02:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 10:29 - 2016-03-29 02:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 10:29 - 2016-03-29 02:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 10:29 - 2016-03-29 02:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 10:29 - 2016-03-29 01:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 10:29 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 10:28 - 2016-04-01 23:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 10:28 - 2016-04-01 23:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 10:28 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 10:28 - 2016-04-01 23:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 10:28 - 2016-04-01 23:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 10:28 - 2016-03-29 05:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 10:28 - 2016-03-29 05:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 10:28 - 2016-03-29 05:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 10:28 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 10:28 - 2016-03-29 04:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 10:28 - 2016-03-29 03:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 10:28 - 2016-03-29 03:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 10:28 - 2016-03-29 03:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 10:28 - 2016-03-29 03:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 10:28 - 2016-03-29 03:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 10:28 - 2016-03-29 03:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 10:28 - 2016-03-29 03:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 10:28 - 2016-03-29 03:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 10:28 - 2016-03-29 03:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 10:28 - 2016-03-29 03:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 10:28 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 10:28 - 2016-03-29 03:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 10:28 - 2016-03-29 03:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 10:28 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 10:28 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 10:28 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 10:28 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 10:28 - 2016-03-29 02:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 10:28 - 2016-03-29 02:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 10:27 - 2016-04-01 23:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 10:27 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 10:27 - 2016-03-29 04:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 10:27 - 2016-03-29 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 10:27 - 2016-03-29 04:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 10:27 - 2016-03-29 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 10:27 - 2016-03-29 03:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 10:27 - 2016-03-29 03:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 10:27 - 2016-03-29 03:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 10:27 - 2016-03-29 03:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 10:27 - 2016-03-29 03:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 10:27 - 2016-03-29 03:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 10:27 - 2016-03-29 03:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 10:27 - 2016-03-29 03:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 10:27 - 2016-03-29 03:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 10:27 - 2016-03-29 03:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 10:27 - 2016-03-29 03:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 10:27 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 10:27 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 10:27 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 10:27 - 2016-03-29 03:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 10:27 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 10:27 - 2016-03-29 02:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 10:27 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 10:27 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 10:27 - 2016-03-29 02:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 10:27 - 2016-03-29 01:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 10:27 - 2016-03-29 01:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 10:27 - 2016-03-29 01:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 10:27 - 2016-03-29 01:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 10:27 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 10:27 - 2016-03-29 01:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-13 10:26 - 2016-04-01 23:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 10:26 - 2016-03-29 04:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 10:26 - 2016-03-29 04:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 10:26 - 2016-03-29 04:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 10:26 - 2016-03-29 04:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 10:26 - 2016-03-29 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 10:26 - 2016-03-29 03:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 10:26 - 2016-03-29 03:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 10:26 - 2016-03-29 03:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 10:26 - 2016-03-29 03:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 10:26 - 2016-03-29 03:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 10:26 - 2016-03-29 03:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 10:26 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 10:26 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 10:26 - 2016-03-29 03:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 10:26 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 10:26 - 2016-03-29 03:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 10:26 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 10:26 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 10:26 - 2016-03-29 03:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 10:26 - 2016-03-29 02:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 10:26 - 2016-03-29 02:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 10:26 - 2016-03-29 02:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 10:26 - 2016-03-29 02:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 10:25 - 2016-03-29 02:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-10 23:59 - 2016-04-15 18:31 - 00000000 ____D C:\Users\Sylvia\Documents\EMPOWR
2016-04-10 17:58 - 2016-04-10 17:58 - 00000000 ____D C:\Program Files (x86)\CurationSoft
2016-04-10 17:57 - 2016-04-10 17:57 - 02670626 _____ C:\Users\Sylvia\Downloads\CurationSoft.air
2016-04-10 17:03 - 2016-04-10 17:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-04-10 17:03 - 2016-04-10 17:03 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-04-10 17:02 - 2016-04-10 17:02 - 18667480 _____ (Adobe Systems Inc.) C:\Users\Sylvia\Downloads\AdobeAIRInstaller.exe
2016-04-09 00:08 - 2016-04-09 00:08 - 08886976 _____ (Microsoft Corporation) C:\Users\Sylvia\Downloads\OneDriveSetup (1).exe
2016-04-09 00:01 - 2016-04-09 00:00 - 08886976 _____ (Microsoft Corporation) C:\Users\Sylvia\Downloads\OneDriveSetup(1).exe
2016-04-08 23:58 - 2016-04-08 23:58 - 08886976 _____ (Microsoft Corporation) C:\Users\Sylvia\Downloads\OneDriveSetup.exe
2016-04-07 13:17 - 2016-04-07 15:52 - 00000000 ____D C:\Users\Sylvia\Documents\STOCK IMAGES
2016-04-06 22:56 - 2016-04-06 22:56 - 01308909 _____ C:\Users\Sylvia\Downloads\FashionForLess.zip
2016-04-06 22:54 - 2016-04-13 22:30 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZipItFree
2016-04-06 22:54 - 2016-04-06 22:54 - 00008115 _____ C:\WINDOWS\ZipItFree Setup Log.txt
2016-04-06 22:54 - 2016-04-06 22:54 - 00002007 _____ C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZipItFree.lnk
2016-04-06 22:54 - 2016-04-06 22:54 - 00002001 _____ C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\ZipItFree.lnk
2016-04-06 22:54 - 2016-04-06 22:54 - 00001977 _____ C:\Users\Sylvia\Desktop\ZipItFree.lnk
2016-04-06 22:54 - 2016-04-06 22:54 - 00000000 ____D C:\WINDOWS\ZipItFree
2016-04-06 22:54 - 2016-04-06 22:54 - 00000000 ____D C:\Program Files (x86)\ZipItFree
2016-04-06 22:53 - 2016-04-06 22:54 - 04724312 _____ C:\Users\Sylvia\Downloads\zip-it-free.exe
2016-04-06 19:21 - 2016-04-06 19:21 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\PeaZip
2016-04-06 19:06 - 2016-04-29 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
2016-04-06 19:06 - 2016-04-06 19:06 - 00001055 _____ C:\Users\Sylvia\Desktop\PeaZip.lnk
2016-04-06 19:05 - 2016-04-06 19:06 - 00000000 ____D C:\Program Files (x86)\PeaZip
2016-04-06 19:04 - 2016-04-06 19:04 - 06783560 _____ (Giorgio Tani ) C:\Users\Sylvia\Downloads\peazip-6.0.0.WINDOWS.exe
2016-04-06 18:36 - 2016-04-29 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-04-06 18:36 - 2016-04-06 18:36 - 00003372 _____ C:\WINDOWS\System32\Tasks\ASC Task (One-Time)
2016-04-06 18:25 - 2016-04-13 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-04-06 18:25 - 2016-04-06 18:25 - 01371668 _____ (Igor Pavlov) C:\Users\Sylvia\Downloads\7z1514-x64.exe
2016-04-06 18:25 - 2016-04-06 18:25 - 00000000 ____D C:\Program Files\7-Zip
2016-04-05 15:56 - 2016-04-05 15:56 - 00000000 ____D C:\Users\Sylvia\Documents\My IMS Projects
2016-04-05 14:21 - 2016-04-05 14:21 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-04-05 01:53 - 2016-04-29 04:31 - 00000000 ____D C:\Users\Sylvia\Documents\EMPOWR EBOOKS
2016-04-04 18:39 - 2016-04-04 18:39 - 00001368 _____ C:\Users\Public\Desktop\Freemake YouTube To MP3 Boom.lnk
2016-04-04 18:38 - 2016-04-04 18:39 - 01309912 _____ (Ellora Assets Corporation ) C:\Users\Sylvia\Downloads\FreemakeYouTubeToMP3BoomSetup.exe
2016-04-03 20:33 - 2016-04-29 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTI
2016-04-03 20:33 - 2016-04-03 20:33 - 00001155 _____ C:\Users\Sylvia\Desktop\BackLinkPirate.lnk
2016-04-03 20:33 - 2016-04-03 20:33 - 00000000 ____D C:\WINDOWS\SysWOW64\CSIDL_COMMON_DOCUMENTS
2016-04-03 20:33 - 2016-04-03 20:33 - 00000000 ____D C:\Users\Public\Documents\mti
2016-04-03 20:31 - 2016-04-03 20:32 - 02169224 _____ (mtisoftware.com ) C:\Users\Sylvia\Downloads\setupBacklinkPirate.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-29 11:02 - 2016-03-02 19:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-29 10:59 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-29 10:59 - 2015-07-30 01:12 - 00218060 _____ C:\bdlog.txt
2016-04-29 10:58 - 2016-01-26 19:54 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-04-29 04:39 - 2016-01-26 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-04-29 04:39 - 2011-12-25 02:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2016-04-29 04:38 - 2015-11-05 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayOn
2016-04-29 04:38 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-29 04:38 - 2015-09-21 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pushbullet
2016-04-29 04:38 - 2015-01-15 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-04-29 04:38 - 2014-12-20 22:38 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-04-29 04:38 - 2014-10-19 18:37 - 00000000 ____D C:\Users\Sylvia\AppData\LocalLow\IObit
2016-04-29 04:38 - 2014-10-07 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-29 04:38 - 2014-08-07 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-04-29 04:38 - 2014-07-26 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-29 04:38 - 2014-07-11 17:16 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\vlc
2016-04-29 04:38 - 2014-07-11 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-29 04:38 - 2014-07-05 15:33 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\ProductData
2016-04-29 04:38 - 2014-07-05 15:32 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\IObit
2016-04-29 04:38 - 2014-06-03 15:45 - 00000000 ____D C:\AdwCleaner
2016-04-29 04:38 - 2012-06-04 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-04-29 04:38 - 2012-05-27 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2016-04-29 04:38 - 2012-05-19 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2016-04-29 04:38 - 2012-05-13 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-04-29 04:38 - 2012-05-01 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2016-04-29 04:38 - 2012-04-21 12:03 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Jarte
2016-04-29 04:38 - 2012-04-21 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jarte
2016-04-29 04:38 - 2012-02-11 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Meeting 2007
2016-04-29 04:38 - 2012-01-15 14:11 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
2016-04-29 04:38 - 2011-12-09 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft OmniPage SE 4
2016-04-29 04:38 - 2011-12-01 02:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2016-04-29 04:38 - 2011-10-24 19:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-04-29 04:38 - 2011-10-24 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway Documentation
2016-04-29 04:38 - 2011-10-24 18:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-04-29 04:38 - 2011-03-13 05:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway
2016-04-29 04:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\registration
2016-04-29 04:31 - 2014-12-10 23:11 - 00000000 ____D C:\Users\Sylvia\AppData\Local\Packages
2016-04-29 04:30 - 2012-07-23 21:35 - 00000000 ____D C:\Users\Sylvia\AppData\Local\Google
2016-04-29 04:30 - 2011-12-09 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-04-29 04:29 - 2015-07-29 17:44 - 00000000 ____D C:\Program Files\Bitdefender
2016-04-29 04:29 - 2015-07-29 17:41 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-04-29 04:29 - 2015-01-15 17:43 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-29 01:59 - 2014-10-07 14:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-29 01:41 - 2015-12-31 11:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-29 01:40 - 2014-06-03 12:00 - 00000000 ____D C:\ProgramData\ioloGovernor
2016-04-29 01:36 - 2012-07-23 21:35 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4044022209-2194366084-123958388-1000UA.job
2016-04-29 01:22 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-29 01:22 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-29 01:16 - 2015-08-07 15:11 - 00000908 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-29 01:06 - 2012-05-12 21:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-29 01:00 - 2016-03-02 19:17 - 00000000 ____D C:\Users\DefaultAppPool
2016-04-29 00:49 - 2016-03-02 19:17 - 00000000 ____D C:\Users\Work
2016-04-29 00:43 - 2016-01-26 20:04 - 00000000 ____D C:\ProgramData\Bitdefender
2016-04-29 00:41 - 2016-03-02 19:17 - 00000000 ____D C:\Users\Sylvia
2016-04-29 00:41 - 2015-08-07 15:11 - 00000904 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-28 23:50 - 2011-12-20 15:04 - 00000000 ____D C:\Users\Sylvia\AppData\Local\ElevatedDiagnostics
2016-04-28 23:38 - 2015-07-29 17:41 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\QuickScan
2016-04-27 11:14 - 2015-10-30 02:28 - 00065536 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-22 15:20 - 2014-07-31 22:42 - 00000000 ____D C:\Users\Sylvia\AppData\Local\Spotify
2016-04-17 18:19 - 2014-07-07 18:19 - 00000512 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dbfffb97-9cf2-4b86-b186-7cc759ae2f0d.job
2016-04-17 17:36 - 2012-07-23 21:35 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4044022209-2194366084-123958388-1000Core.job
2016-04-17 12:00 - 2014-07-07 18:19 - 00000512 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2a22458e-257e-4b72-8313-12aa3d1e78b8.job
2016-04-16 17:15 - 2009-07-13 22:34 - 00000642 _____ C:\WINDOWS\win.ini
2016-04-16 17:15 - 2009-07-13 22:34 - 00000277 _____ C:\WINDOWS\system.ini
2016-04-16 00:14 - 2016-03-02 19:16 - 01010622 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-15 22:18 - 2015-08-07 15:11 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-04-15 19:03 - 2016-03-02 19:09 - 00227512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-15 18:59 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-15 18:59 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-15 18:59 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-15 18:59 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-15 01:07 - 2015-08-07 15:14 - 00000000 ___RD C:\Users\Sylvia\Dropbox
2016-04-14 14:00 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-14 13:54 - 2014-06-23 21:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-14 13:41 - 2014-06-23 21:15 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-14 12:18 - 2011-12-09 11:52 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-14 12:14 - 2011-12-09 11:52 - 00268352 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2016-04-13 23:59 - 2012-05-15 09:14 - 00000000 ____D C:\Users\Work\AppData\Roaming\iolo
2016-04-13 23:13 - 2014-10-07 14:31 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-13 22:43 - 2015-12-28 01:38 - 00000000 ____D C:\Users\Work\AppData\Local\Google
2016-04-13 22:31 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-04-13 22:31 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-04-13 22:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-04-13 22:31 - 2014-11-02 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX310 series
2016-04-13 22:31 - 2011-10-24 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AUPEO!
2016-04-13 22:30 - 2016-03-29 19:41 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2016-04-13 22:30 - 2015-09-07 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avensen Domain Name Finder
2016-04-13 22:30 - 2015-07-22 19:13 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
2016-04-13 22:30 - 2012-05-01 15:07 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\iolo
2016-04-13 22:30 - 2012-04-03 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A.I.type
2016-04-13 22:30 - 2011-12-09 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-04-13 22:30 - 2011-12-09 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX310 series Manual
2016-04-13 22:30 - 2011-03-13 05:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2016-04-13 22:21 - 2015-08-23 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mz Ultimate Tools
2016-04-10 17:58 - 2015-09-12 20:04 - 00000999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CurationSoft.lnk
2016-04-10 17:58 - 2015-09-12 20:04 - 00000987 _____ C:\Users\Public\Desktop\CurationSoft.lnk
2016-04-10 17:04 - 2011-11-30 23:00 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Adobe
2016-04-10 17:03 - 2011-03-13 05:12 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-09 15:41 - 2014-10-11 21:16 - 00000000 ____D C:\Users\Sylvia\Documents\RECIPES
2016-04-09 11:39 - 2014-08-07 09:36 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-09 00:01 - 2015-08-17 11:22 - 00002413 _____ C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-09 00:01 - 2012-07-14 21:47 - 00000000 ___RD C:\Users\Sylvia\SkyDrive
2016-04-08 15:33 - 2015-11-01 17:52 - 00000000 ____D C:\Users\Sylvia\Documents\MARKETING
2016-04-06 18:45 - 2014-10-19 18:37 - 00002490 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Sylvia
2016-04-06 18:42 - 2011-03-13 05:01 - 00000000 ____D C:\ProgramData\Skype
2016-04-06 18:39 - 2014-07-05 15:32 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-06 18:36 - 2016-01-26 19:38 - 00001434 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-04-06 14:32 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 14:32 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-03 20:34 - 2014-08-25 10:50 - 00000000 ____D C:\Users\Sylvia\AppData\Local\Adobe
2016-04-03 20:33 - 2011-11-30 23:01 - 00000000 ____D C:\Users\Sylvia\AppData\Local\VirtualStore
2016-04-03 20:16 - 2015-11-10 19:08 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-04-03 20:16 - 2015-05-12 23:52 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-04-02 22:19 - 2015-09-21 17:46 - 00000000 ____D C:\Users\Sylvia\AppData\Local\Pushbullet
2016-04-02 13:07 - 2012-04-26 10:38 - 00000386 _____ C:\WINDOWS\system32\ioloBootDefrag.cfg
2016-04-02 13:03 - 2012-01-13 14:22 - 00001764 _____ C:\EventLOG.txt
2016-04-01 21:35 - 2011-11-30 23:00 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Macromedia
2016-04-01 20:37 - 2015-04-10 19:08 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2016-04-01 20:37 - 2015-04-10 19:08 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
2016-04-01 20:37 - 2015-04-08 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2016-04-01 20:37 - 2015-04-08 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
2016-04-01 20:33 - 2014-10-07 14:31 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-01 20:33 - 2014-10-07 14:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-30 01:38 - 2012-01-27 18:44 - 00000000 ____D C:\Users\Sylvia\Documents\My Downloads

==================== Files in the root of some directories =======

2011-01-18 04:50 - 2011-01-18 04:50 - 132609310 _____ () C:\Program Files\openofficeorg1.cab
2011-01-18 04:53 - 2011-01-18 04:53 - 2994688 _____ () C:\Program Files\openofficeorg33.msi
2011-01-18 04:52 - 2011-01-18 04:52 - 0475016 _____ () C:\Program Files\setup.exe
2011-01-18 04:05 - 2011-01-18 04:05 - 0000290 _____ () C:\Program Files\setup.ini
2011-12-09 11:47 - 2011-12-09 11:51 - 0000005 _____ () C:\Program Files (x86)\eula.txt
2011-12-09 11:47 - 2011-12-09 11:51 - 0000014 _____ () C:\Program Files (x86)\version.txt
2012-05-15 13:27 - 2015-07-28 23:43 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2012-01-13 21:27 - 2011-12-22 13:45 - 0076407 _____ () C:\Users\Sylvia\AppData\Roaming\Smiley.ico
2014-09-18 16:59 - 2014-09-18 16:59 - 0893239 _____ () C:\Users\Sylvia\AppData\Local\a.zip
2014-09-18 16:59 - 2014-09-18 16:59 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Sylvia\AppData\Local\BcsKtYcHW.dll
2012-07-11 01:05 - 2015-01-29 18:35 - 0020992 _____ () C:\Users\Sylvia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-27 12:55 - 2014-09-27 12:55 - 0000861 _____ () C:\Users\Sylvia\AppData\Local\recently-used.xbel
2015-08-30 11:39 - 2015-08-30 11:39 - 0013863 _____ () C:\Users\Sylvia\AppData\Local\{B9A9BB22-2640-47C9-BFD8-4A75DA9A3A16}
2016-04-28 23:56 - 2016-04-28 23:56 - 0238577 _____ () C:\ProgramData\1461901934.bdinstall.bin
2016-04-28 23:56 - 2016-04-28 23:56 - 0027349 _____ () C:\ProgramData\1461902194.bdinstall.bin
2016-04-29 00:04 - 2016-04-29 00:04 - 0044331 _____ () C:\ProgramData\1461902695.bdinstall.bin
2016-04-29 00:05 - 2016-04-29 00:05 - 0025643 _____ () C:\ProgramData\1461902743.bdinstall.bin
2016-04-29 00:05 - 2016-04-29 00:05 - 0025644 _____ () C:\ProgramData\1461902753.bdinstall.bin
2016-03-02 19:14 - 2016-03-02 19:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-04-07 20:57

==================== End of FRST.txt ============================


  • 0

#4
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
You appear to have thrown everything at this bar the kitchen sink..

After the FRST fix allow the computer to boot to normal windows to run adwcleaner

Let me know what the behaviour is when you are in normal mode

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
Toolbar: HKLM - No Name - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - No File
Toolbar: HKU\S-1-5-21-4044022209-2194366084-123958388-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} - No File
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - No File
FF Session Restore: -> is enabled.
FF Plugin HKU\S-1-5-21-4044022209-2194366084-123958388-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Sylvia\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [No File]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff => not found
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff => not found
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fdjamakpfbbddfjaooikfcpapjohcfmg [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\gflpeapppfijfecjmibidlnfggdifmic [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdgenjhkjihnmigcommchefpajjhdmba [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgbfpjledahoajcppakbgilmojkaghgm [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\oiiaigjnkhngdbnoookogelabohpglmd [2016-04-29]
CHR Extension: (No Name) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\omdfmeimafcmmefpiebpeodknddagimg [2016-04-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx <not found>
2016-04-26 19:22 - 2016-04-26 19:22 - 00000000 ____D C:\Users\Sylvia\AppData\Local\{59A79ABB-2F6B-42ED-9CA3-3FE3F43EBABC}
2016-04-21 15:53 - 2016-04-21 15:53 - 00000000 ____D C:\Users\Sylvia\AppData\Local\{5A7B1867-658B-4130-954E-3614476600DA}
2014-09-18 16:59 - 2014-09-18 16:59 - 0893239 _____ () C:\Users\Sylvia\AppData\Local\a.zip
2014-09-18 16:59 - 2014-09-18 16:59 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Sylvia\AppData\Local\BcsKtYcHW.dll
2012-07-11 01:05 - 2015-01-29 18:35 - 0020992 _____ () C:\Users\Sylvia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Task: {14F57CD1-CFEB-4005-B36E-F4840717E44B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {1621C9ED-1D6C-4023-80B9-9B0606E23586} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {5965114A-B5B9-423B-950B-C0B21D317C96} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {66C1BA5E-0D6A-48D1-93DC-5B02BC9A20B9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {6C4F11DB-7945-4923-8CD5-4BFFDC39EB2D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {77C93557-7547-49E8-B0D5-FBA2CA76828B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {8196B0C5-09F7-4DA7-9797-705E9A9BE591} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A223E981-9EF8-4300-9AA4-5D4C3D66F49D} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {AE59EC9C-C5AC-4805-BA59-2E787E6E5C45} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C6D6E601-0232-4EAA-9705-ADE7D5EF83D8} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DB690CDF-FE8F-4691-B8A8-69BBCAA18053} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DE234142-6602-4FA6-B0BB-910EEB22441B} - \Driver Booster SkipUAC (Sylvia) -> No File <==== ATTENTION
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#5
seasun

seasun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-04-2016
Ran by Sylvia (administrator) on SYLVIA-PC (30-04-2016 11:43:44)
Running from C:\Users\Sylvia\Downloads
Loaded Profiles: Sylvia (Available Profiles: Sylvia & Work & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Bitdefender) C:\Program Files\Bitdefender Agent\ProductAgentService.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\ioloGovernor64.exe
(Bitdefender) C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe
(iolo technologies, LLC) C:\Program Files (x86)\iolo\System Mechanic\LiveBoost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\Program Files\WindowsApps\CardinalBlue.PicCollage_1.7.11.0_x64__nyvb5jmhdxy8g\PicCollage.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Bdagent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdagent.exe [1644824 2016-03-17] (Bitdefender)
HKLM-x32\...\Run: [iolo Startup] => C:\Program Files (x86)\iolo\Common\Lib\ioloLManager.exe [4612544 2016-02-19] (iolo technologies, LLC)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23248560 2016-04-08] (Dropbox, Inc.)
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\Run: [Google Update] => C:\Users\Sylvia\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-27] (Google Inc.)
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\Run: [Amazon Music] => C:\Users\Sylvia\AppData\Local\Amazon Music\Amazon Music Helper.exe [5895968 2016-02-01] ()
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\Run: [Bitdefender Wallet Agent] => C:\Program Files\Bitdefender\Bitdefender 2016\bdwtxag.exe [1447328 2016-03-17] (Bitdefender)
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\...\RunOnce: [Uninstall C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\amd64\FileSyncShell64.dll [2016-04-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\amd64\FileSyncShell64.dll [2016-04-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\amd64\FileSyncShell64.dll [2016-04-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sylvia\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sylvia\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sylvia\AppData\Local\MEGAsync\ShellExtX64.dll [2014-05-01] ()
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.30.dll [2016-04-08] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\FileSyncShell.dll [2016-04-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\FileSyncShell.dll [2016-04-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Sylvia\AppData\Local\Microsoft\OneDrive\17.3.6381.0405_1\FileSyncShell.dll [2016-04-09] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [###MegaShellExtPending] -> {056D528D-CE28-4194-9BA3-BA2E9197FF8C} => C:\Users\Sylvia\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSynced] -> {05B38830-F4E9-4329-978B-1DD28605D202} => C:\Users\Sylvia\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
ShellIconOverlayIdentifiers-x32: [###MegaShellExtSyncing] -> {0596C850-7BDD-4C9D-AFDF-873BE6890637} => C:\Users\Sylvia\AppData\Local\MEGAsync\ShellExtX32.dll [2014-05-01] ()
BootExecute: autocheck autochk * autocheck smrgdf C:\Users\Sylvia\AppData\Roaming\iolo\
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{9d25297a-5b61-41c4-86c4-ca26be3d0491}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{9d25297a-5b61-41c4-86c4-ca26be3d0491}: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a1b58d0d-516e-4a3b-b0f4-fbe86a594e92}: [NameServer] 192.168.1.1
Tcpip\..\Interfaces\{a1b58d0d-516e-4a3b-b0f4-fbe86a594e92}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = 
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = 
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://www.msn.com/?pc=AV01
HKU\S-1-5-21-4044022209-2194366084-123958388-1000\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.facebook.com/
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4044022209-2194366084-123958388-1000 -> {5BB5229C-A5FC-4890-BECD-A13D981BF5AD} URL = hxxp://www.bing.com/search?FORM=U217DF&PC=U217&q={searchTerms}&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-4044022209-2194366084-123958388-1000 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
SearchScopes: HKU\S-1-5-21-4044022209-2194366084-123958388-1000 -> {F80236B3-2F4C-4D1D-BFC5-0F117C9309A3} URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C011US1134D20150724&p={searchTerms}
BHO: Bitdefender Wallet  -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-03-17] (Bitdefender)
BHO: KeyScramblerBHO Class -> {2B9F5787-88A5-4945-90E7-C4B18563BC5E} -> C:\Program Files (x86)\KeyScrambler\x64\KeyScramblerIE.dll [2012-03-08] (QFX Software Corporation)
BHO: LastPass Browser Helper Object -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPBar64.dll [2012-05-19] (LastPass)
BHO: No Name -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> No File
BHO: Logitech Scroll App -> {E11DB59D-5008-42ff-9069-535843BC0BE1} -> C:\Program Files\Logitech\ScrollApp\LogiSmooth.dll [2011-12-14] (Logitech, Inc.)
BHO-x32: Bitdefender Wallet -> {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} -> C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-03-17] (Bitdefender)
BHO-x32: No Name -> {6D53EC84-6AAE-4787-AEEE-F4628F01010C} -> No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll [2016-04-14] (Oracle Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll [2016-04-14] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPBar64.dll [2012-05-19] (LastPass)
Toolbar: HKLM - No Name - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} -  No File
Toolbar: HKLM - Bitdefender Wallet  - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\pmbxie.dll [2016-03-17] (Bitdefender)
Toolbar: HKLM-x32 - Bitdefender Wallet - {1DAC0C53-7D23-4AB3-856A-B04D98CD982A} - C:\Program Files\Bitdefender\Bitdefender 2016\Antispam32\pmbxie.dll [2016-03-17] (Bitdefender)
Toolbar: HKU\S-1-5-21-4044022209-2194366084-123958388-1000 -> &RoboForm Toolbar - {724D43A0-0D85-11D4-9908-00400523E39A} -  No File
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
DPF: HKLM-x32 {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://appldnld.apple.com.edgesuite.net/content.info.apple.com/QuickTime/qtactivex/qtplugin.cab
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://www.pcpitstop.com/betapit/PCPitStop.CAB
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
Handler: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\amd64\puresp4.dll [2009-02-20] (Cisco Systems, Inc.)
Handler-x32: pure-go - {4746C79A-2042-4332-8650-48966E44ABA8} - C:\Program Files (x86)\Common Files\Pure Networks Shared\Platform\puresp4.dll [2009-02-20] (Cisco Systems, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} -  No File
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-4044022209-2194366084-123958388-1000 -> hxxp://www.facebook.com/
 
FireFox:
========
FF ProfilePath: C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\zk03ocp4.Sylvia S
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.facebook.com/
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-09] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-09] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-08-12] (Google, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.77.2 -> C:\WINDOWS\SysWOW64\npdeployJava1.dll [2016-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-14] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.77.2 -> C:\Program Files (x86)\Java\jre1.8.0_77\bin\plugin2\npjp2.dll [2016-04-14] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-14] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-04-14] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-4044022209-2194366084-123958388-1000: @tools.google.com/Google Update;version=3 -> C:\Users\Sylvia\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-4044022209-2194366084-123958388-1000: @tools.google.com/Google Update;version=9 -> C:\Users\Sylvia\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
FF Plugin HKU\S-1-5-21-4044022209-2194366084-123958388-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Sylvia\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-09] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-4044022209-2194366084-123958388-1000: CouponNetwork.com/CMDUniversalCouponPrintActivator -> C:\Users\Sylvia\AppData\Roaming\CATALI~1\NPBCSK~1.DLL [No File]
FF SearchPlugin: C:\Program Files (x86)\mozilla firefox\browser\searchplugins\McSiteAdvisor.xml [2015-07-28]
FF Extension: Priv3 - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\zk03ocp4.Sylvia S\extensions\[email protected] [2016-04-28]
FF Extension: Session Manager - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\8at14fns.default-1460606279328\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-04-14]
FF Extension: Session Manager - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\xq740vj5.default-1460763705533\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-04-15]
FF Extension: FillForm - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\zk03ocp4.Sylvia S\Extensions\[email protected] [2016-04-29]
FF Extension: Ghostery - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\zk03ocp4.Sylvia S\Extensions\[email protected] [2016-04-16]
FF Extension: AmazonSmile 1Button for Firefox - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\zk03ocp4.Sylvia S\Extensions\[email protected] [2016-04-28]
FF Extension: Session Manager - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\zk03ocp4.Sylvia S\Extensions\{1280606b-2510-4fe0-97ef-9b5a22eafe30}.xpi [2016-04-16]
FF Extension: Adblock Plus - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\zk03ocp4.Sylvia S\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF Extension: Bitdefender QuickScan - C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\zk03ocp4.Sylvia S\Extensions\{e001c731-5e37-4538-a5cb-8168736a2360} [2016-04-29]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff => not found
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF Extension: No Name - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff [2016-04-29] [not signed]
FF HKLM\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
FF Extension: No Name - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext [2016-04-29] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{5D3F3872-91E9-4d59-AD9F-AA174A3145DD}] - C:\Program Files\Logitech\ScrollApp\LogiSmoothFirefoxExt
FF Extension: Logitech Scroll App - C:\Program Files\Logitech\ScrollApp\LogiSmoothFirefoxExt [2011-12-23] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: Freemake Video Downloader Plugin - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2014-06-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected]
FF Extension: Freemake Youtube Download Button - C:\Program Files (x86)\Freemake\Freemake Video Downloader\BrowserPlugin\Firefox\[email protected] [2014-06-02] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2015\\antispam32\bdwteff => not found
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\antispam32\bdwteff
FF HKLM-x32\...\Thunderbird\Extensions: [[email protected]] - C:\Program Files\Bitdefender\Bitdefender 2016\bdtbext
 
Chrome: 
=======
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-04-29]
CHR Extension: (Google Docs) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-04-29]
CHR Extension: (Google Drive) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-04-29]
CHR Extension: (YouTube) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-29]
CHR Extension: (Bitdefender Wallet) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\dhhejlifdlcgcmogbggeomfodgklfaem [2016-04-29]
CHR Extension: (Google Sheets) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-04-29]
CHR Extension: (SiteAdvisor) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-04-29]
CHR Extension: (Google Docs Offline) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-29]
CHR Extension: (Gmail) - C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-29]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [dhhejlifdlcgcmogbggeomfodgklfaem] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM-x32\...\Chrome\Extension: [lggaaajacmlhgbpldaboipiinndchjgm] - C:\Program Files (x86)\MediaMall\toolbar\ce.crx <not found>
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S4 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-07] (Dropbox, Inc.)
S4 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-08-07] (Dropbox, Inc.)
S4 Freemake Improver; C:\ProgramData\Freemake\FreemakeUtilsService\FreemakeUtilsService.exe [108032 2016-03-28] (Freemake) [File not signed]
S4 FreemakeVideoCapture; C:\Program Files (x86)\Freemake\CaptureLib\CaptureLibService.exe [9216 2016-03-14] (Ellora Assets Corp.) [File not signed]
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-04-29] (SurfRight B.V.)
R2 ioloSystemService; C:\Program Files (x86)\iolo\Common\Lib\ioloServiceManager.exe [4759600 2016-02-19] (iolo technologies, LLC)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-14] (IObit)
R2 ProductAgentService; C:\Program Files\Bitdefender Agent\ProductAgentService.exe [947640 2016-03-30] (Bitdefender)
S2 UPDATESRV; C:\Program Files\Bitdefender\Bitdefender 2016\updatesrv.exe [135176 2016-03-17] (Bitdefender)
R2 VSSERV; C:\Program Files\Bitdefender\Bitdefender 2016\vsserv.exe [1679672 2016-03-17] (Bitdefender)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1622512 2016-02-02] (BitDefender)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [806344 2016-02-02] (BitDefender)
S0 bdelam; C:\Windows\System32\drivers\bdelam.sys [23568 2013-09-08] (Bitdefender)
S3 bdfwfpf; C:\Program Files\Common Files\Bitdefender\Bitdefender Firewall\bdfwfpf.sys [118608 2016-03-17] (BitDefender LLC)
R1 BDVEDISK; C:\Windows\system32\DRIVERS\bdvedisk.sys [87912 2015-12-04] (BitDefender)
R1 ElRawDisk; C:\Windows\system32\drivers\ElRawDsk.sys [31432 2012-04-17] (EldoS Corporation)
R0 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [160032 2015-04-29] (BitDefender LLC)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2014-12-30] (REALiX™)
R0 ignis; C:\Windows\system32\DRIVERS\ignis.sys [290032 2016-03-17] (Bitdefender)
R3 KeyScrambler; C:\Windows\System32\drivers\keyscrambler.sys [222904 2011-12-14] (QFX Software Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-04-29] (Malwarebytes)
R3 msvad_simple; C:\Windows\system32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2504192 2015-10-30] (MediaTek Inc.)
R2 npf; C:\Windows\System32\drivers\npf.sys [35344 2011-02-11] (CACE Technologies, Inc.)
R1 RawDisk3; C:\Windows\system32\drivers\rawdsk3.sys [32912 2014-07-13] (EldoS Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R0 trufos; C:\Windows\System32\DRIVERS\trufos.sys [477272 2015-06-02] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-30 11:38 - 2016-04-30 11:38 - 00000000 _____ C:\WINDOWS\system32\smrgdf.txt
2016-04-30 11:26 - 2016-04-30 11:26 - 00006269 _____ C:\Users\Sylvia\Desktop\virus forum.txt
2016-04-29 18:37 - 2016-04-29 18:37 - 00000218 _____ C:\Users\Sylvia\Desktop\empowr cashout.txt
2016-04-29 17:01 - 2016-04-29 17:01 - 00088511 _____ C:\Users\Sylvia\Desktop\FRST.txt
2016-04-29 11:51 - 2016-04-29 11:51 - 00987728 _____ (Google Inc.) C:\Users\Sylvia\Downloads\ChromeSetup(1).exe
2016-04-29 11:34 - 2016-04-29 11:34 - 00054095 _____ C:\Users\Sylvia\Desktop\Addition.txt
2016-04-29 11:31 - 2016-04-29 11:33 - 00054095 _____ C:\Users\Sylvia\Downloads\Addition.txt
2016-04-29 11:29 - 2016-04-30 11:43 - 00027741 _____ C:\Users\Sylvia\Downloads\FRST.txt
2016-04-29 11:29 - 2016-04-30 11:21 - 00000000 ____D C:\FRST
2016-04-29 11:29 - 2016-04-29 11:29 - 02376704 _____ (Farbar) C:\Users\Sylvia\Downloads\FRST64.exe
2016-04-29 01:56 - 2016-04-29 01:56 - 00000000 ____D C:\Users\Sylvia\Desktop\rkill
2016-04-29 01:55 - 2016-04-29 01:56 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Sylvia\Downloads\rkill.exe
2016-04-29 01:04 - 2016-04-29 11:02 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-29 00:43 - 2016-04-29 00:43 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Bitdefender
2016-04-29 00:05 - 2016-04-29 00:05 - 00025644 _____ C:\ProgramData\1461902753.bdinstall.bin
2016-04-29 00:05 - 2016-04-29 00:05 - 00025643 _____ C:\ProgramData\1461902743.bdinstall.bin
2016-04-29 00:04 - 2016-04-29 00:04 - 00044331 _____ C:\ProgramData\1461902695.bdinstall.bin
2016-04-29 00:04 - 2016-04-29 00:04 - 00000000 ____D C:\ProgramData\Bitdefender Agent
2016-04-28 23:56 - 2016-04-28 23:56 - 00238577 _____ C:\ProgramData\1461901934.bdinstall.bin
2016-04-28 23:56 - 2016-04-28 23:56 - 00027349 _____ C:\ProgramData\1461902194.bdinstall.bin
2016-04-28 23:30 - 2016-04-29 01:57 - 00002800 _____ C:\Users\Sylvia\Desktop\Rkill.txt
2016-04-28 23:20 - 2016-04-29 04:38 - 00000000 ____D C:\ProgramData\ProductData
2016-04-28 19:50 - 2016-04-29 04:37 - 00000000 ____D C:\Users\Sylvia\Desktop\mbar
2016-04-26 19:22 - 2016-04-26 19:22 - 00000000 ____D C:\Users\Sylvia\AppData\Local\{59A79ABB-2F6B-42ED-9CA3-3FE3F43EBABC}
2016-04-26 18:26 - 2016-04-26 19:17 - 00008003 _____ C:\Users\Sylvia\Documents\starburn.txt
2016-04-26 18:25 - 2016-04-29 04:37 - 00000000 ____D C:\Users\Sylvia\Documents\Wondershare Filmora
2016-04-26 18:25 - 2016-04-26 18:25 - 00000000 ____D C:\ProgramData\Wondershare Video Editor
2016-04-26 18:25 - 2016-04-26 18:25 - 00000000 ____D C:\Program Files\Wondershare
2016-04-24 13:20 - 2016-04-29 04:38 - 00000000 ____D C:\Program Files (x86)\Easy Auto Spinner
2016-04-23 21:00 - 2016-04-23 21:00 - 00000020 _____ C:\Users\Sylvia\Documents\AMAZON.txt
2016-04-21 15:53 - 2016-04-21 15:53 - 00000000 ____D C:\Users\Sylvia\AppData\Local\{5A7B1867-658B-4130-954E-3614476600DA}
2016-04-16 17:16 - 2016-04-16 17:16 - 00000118 _____ C:\WINDOWS\aebmark.ini
2016-04-16 17:15 - 2016-04-16 17:15 - 00000036 _____ C:\WINDOWS\AEBFONT.INI
2016-04-16 17:15 - 2016-04-16 17:15 - 00000023 _____ C:\WINDOWS\ANS2000.INI
2016-04-16 17:15 - 2016-04-16 17:15 - 00000020 ____H C:\WINDOWS\akebook.ini
2016-04-16 17:15 - 2016-04-16 17:15 - 00000004 ____H C:\WINDOWS\a3kebook.ini
2016-04-16 17:00 - 2016-04-16 17:00 - 00000015 _____ C:\WINDOWS\cfwin.ini
2016-04-16 16:59 - 2016-04-16 16:59 - 00000110 _____ C:\WINDOWS\cfwinlib.ini
2016-04-16 16:59 - 2016-04-16 16:59 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CoverFactory 2.50
2016-04-16 16:59 - 2016-04-16 16:59 - 00000000 ____D C:\Program Files (x86)\CoverFactory 2.50
2016-04-16 16:58 - 2016-04-16 16:58 - 04611619 _____ C:\Users\Sylvia\Downloads\setupcfw250.exe
2016-04-15 23:09 - 2016-04-15 23:09 - 00000000 ____D C:\Users\Firefox Profile
2016-04-15 22:18 - 2016-04-29 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-04-14 12:20 - 2016-04-30 11:16 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{878C54A3-5224-4505-B8CF-88C3DA4BDD39}
2016-04-14 12:18 - 2016-04-14 12:14 - 00905280 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\npdeployJava1.dll
2016-04-14 12:18 - 2016-04-14 12:14 - 00825408 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\deployJava1.dll
2016-04-14 12:15 - 2016-04-29 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-04-14 12:15 - 2016-04-14 12:15 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-04-14 12:15 - 2016-04-14 12:15 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Sun
2016-04-14 12:15 - 2016-04-14 12:15 - 00000000 ____D C:\Users\Sylvia\.oracle_jre_usage
2016-04-14 12:14 - 2016-04-14 12:19 - 00000000 ____D C:\ProgramData\Oracle
2016-04-14 12:12 - 2016-04-14 12:12 - 00734784 _____ (Oracle Corporation) C:\Users\Sylvia\Downloads\JavaSetup8u77.exe
2016-04-14 12:12 - 2016-04-14 12:12 - 00000000 ____D C:\Users\Sylvia\AppData\LocalLow\Oracle
2016-04-14 00:16 - 2016-04-29 11:52 - 00002351 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-04-14 00:16 - 2016-04-29 11:52 - 00002339 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-04-14 00:15 - 2016-04-30 11:20 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-04-14 00:15 - 2016-04-30 11:08 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-04-14 00:15 - 2016-04-14 00:15 - 00987728 _____ (Google Inc.) C:\Users\Sylvia\Downloads\ChromeSetup.exe
2016-04-14 00:15 - 2016-04-14 00:15 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-04-14 00:15 - 2016-04-14 00:15 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-04-13 23:58 - 2016-04-15 19:41 - 00000000 ____D C:\Users\Sylvia\Desktop\Old Firefox Data
2016-04-13 23:38 - 2016-04-13 23:39 - 00002550 _____ C:\Users\Work\Desktop\Rkill.txt
2016-04-13 23:38 - 2016-04-13 23:38 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Work\Downloads\rkill.exe
2016-04-13 23:14 - 2016-04-28 23:10 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-04-13 23:13 - 2016-04-13 23:37 - 00000000 ____D C:\Users\Work\Desktop\mbar
2016-04-13 23:13 - 2016-04-13 23:13 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Work\Downloads\mbar-1.09.3.1001.exe
2016-04-13 23:11 - 2016-04-13 23:11 - 00002053 _____ C:\Users\Work\Downloads\FSS.txt
2016-04-13 23:10 - 2016-04-13 23:10 - 00899584 _____ (Farbar) C:\Users\Work\Downloads\FSS.exe
2016-04-13 23:08 - 2016-04-13 23:08 - 00852798 _____ C:\Users\Work\Downloads\SecurityCheck.exe
2016-04-13 22:44 - 2016-04-13 22:45 - 00000304 _____ C:\WINDOWS\Tasks\Chrome Cleanup Tool logs upload retry.job
2016-04-13 22:43 - 2016-04-13 22:45 - 04621272 _____ (Google) C:\Users\Work\Downloads\chrome_cleanup_tool.exe
2016-04-13 22:40 - 2016-04-13 22:40 - 00002562 _____ C:\WINDOWS\system32\.crusader
2016-04-13 22:27 - 2016-04-29 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-04-13 22:27 - 2016-04-29 04:38 - 00000000 ____D C:\Program Files\HitmanPro
2016-04-13 22:27 - 2016-04-13 22:27 - 00001969 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-04-13 22:26 - 2016-04-13 22:41 - 00000000 ____D C:\ProgramData\HitmanPro
2016-04-13 22:26 - 2016-04-13 22:26 - 11441744 _____ (SurfRight B.V.) C:\Users\Work\Downloads\hitmanpro_x64.exe
2016-04-13 21:54 - 2016-04-13 21:54 - 00003608 _____ C:\Users\Work\Desktop\JRT.txt
2016-04-13 21:52 - 2016-04-13 21:52 - 01610352 _____ (Malwarebytes) C:\Users\Work\Downloads\JRT.exe
2016-04-13 21:27 - 2016-04-13 21:27 - 03465280 _____ C:\Users\Sylvia\Downloads\adwcleaner_5.110.exe
2016-04-13 20:52 - 2016-04-13 20:52 - 02870984 _____ (ESET) C:\Users\Sylvia\Downloads\esetsmartinstaller_enu (1).exe
2016-04-13 20:11 - 2016-04-13 20:11 - 02870984 _____ (ESET) C:\Users\Sylvia\Downloads\esetsmartinstaller_enu(2).exe
2016-04-13 19:55 - 2016-04-13 19:55 - 00000000 ____D C:\Users\Work\AppData\Roaming\QuickScan
2016-04-13 19:49 - 2016-04-29 11:10 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-04-13 19:40 - 2016-04-29 17:21 - 00833114 _____ C:\WINDOWS\ntbtlog.txt
2016-04-13 19:26 - 2016-04-13 19:26 - 00000020 ___SH C:\Users\Work\ntuser.ini
2016-04-13 10:36 - 2016-03-29 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-04-13 10:36 - 2016-03-29 03:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-04-13 10:36 - 2016-03-29 03:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-04-13 10:36 - 2016-03-29 03:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-04-13 10:36 - 2016-03-29 02:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-04-13 10:36 - 2016-03-29 02:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-04-13 10:36 - 2016-03-29 01:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-04-13 10:35 - 2016-03-29 06:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-04-13 10:35 - 2016-03-29 06:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-13 10:35 - 2016-03-29 06:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-04-13 10:35 - 2016-03-29 05:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-04-13 10:35 - 2016-03-29 04:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-04-13 10:35 - 2016-03-29 04:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-04-13 10:35 - 2016-03-29 04:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-04-13 10:35 - 2016-03-29 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-04-13 10:35 - 2016-03-29 03:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-04-13 10:35 - 2016-03-29 03:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-04-13 10:35 - 2016-03-29 03:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-04-13 10:35 - 2016-03-29 03:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-04-13 10:35 - 2016-03-29 03:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-04-13 10:35 - 2016-03-29 03:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-04-13 10:35 - 2016-03-29 02:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-04-13 10:35 - 2016-03-29 02:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-04-13 10:35 - 2016-03-29 02:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-04-13 10:35 - 2016-03-29 02:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-04-13 10:35 - 2016-03-29 02:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-04-13 10:35 - 2016-03-29 02:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-04-13 10:35 - 2016-03-29 01:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-04-13 10:35 - 2016-03-29 01:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-04-13 10:35 - 2016-03-29 01:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-04-13 10:35 - 2016-03-29 01:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-04-13 10:35 - 2016-03-29 01:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-04-13 10:34 - 2016-04-01 23:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-04-13 10:34 - 2016-03-29 04:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-04-13 10:34 - 2016-03-29 03:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-04-13 10:34 - 2016-03-29 03:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-04-13 10:34 - 2016-03-29 03:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-04-13 10:34 - 2016-03-29 03:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-04-13 10:34 - 2016-03-29 02:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-04-13 10:34 - 2016-03-29 02:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-04-13 10:34 - 2016-03-29 02:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-04-13 10:34 - 2016-03-29 02:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-04-13 10:34 - 2016-03-29 02:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-04-13 10:34 - 2016-03-29 01:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-04-13 10:34 - 2016-03-29 01:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-04-13 10:34 - 2016-03-29 01:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-04-13 10:34 - 2016-03-29 01:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-04-13 10:34 - 2016-03-29 01:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-04-13 10:33 - 2016-04-01 23:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-04-13 10:33 - 2016-04-01 23:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-04-13 10:33 - 2016-04-01 23:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-04-13 10:33 - 2016-04-01 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-04-13 10:33 - 2016-03-29 05:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-04-13 10:33 - 2016-03-29 05:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-04-13 10:33 - 2016-03-29 05:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-04-13 10:33 - 2016-03-29 03:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-04-13 10:33 - 2016-03-29 03:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-04-13 10:33 - 2016-03-29 02:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-04-13 10:33 - 2016-03-29 02:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-04-13 10:33 - 2016-03-29 02:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-04-13 10:33 - 2016-03-29 02:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-04-13 10:33 - 2016-03-29 02:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-04-13 10:33 - 2016-03-29 02:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-04-13 10:33 - 2016-03-29 01:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-04-13 10:33 - 2016-03-29 01:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-04-13 10:33 - 2016-03-29 01:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2016-04-13 10:33 - 2016-03-29 01:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-04-13 10:33 - 2016-03-29 01:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-04-13 10:32 - 2016-04-02 00:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-04-13 10:32 - 2016-04-01 23:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-04-13 10:32 - 2016-04-01 23:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-04-13 10:32 - 2016-04-01 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-04-13 10:32 - 2016-04-01 23:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-04-13 10:32 - 2016-04-01 23:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-04-13 10:32 - 2016-03-29 06:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-04-13 10:32 - 2016-03-29 06:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-04-13 10:32 - 2016-03-29 06:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-04-13 10:32 - 2016-03-29 06:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-04-13 10:32 - 2016-03-29 06:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-04-13 10:32 - 2016-03-29 05:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-04-13 10:32 - 2016-03-29 04:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-04-13 10:32 - 2016-03-29 03:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-04-13 10:32 - 2016-03-29 03:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-04-13 10:32 - 2016-03-29 03:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-04-13 10:32 - 2016-03-29 03:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-04-13 10:32 - 2016-03-29 03:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-04-13 10:32 - 2016-03-29 03:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-04-13 10:32 - 2016-03-29 03:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-04-13 10:32 - 2016-03-29 03:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-04-13 10:32 - 2016-03-29 03:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2016-04-13 10:32 - 2016-03-29 03:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-04-13 10:32 - 2016-03-29 03:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-04-13 10:32 - 2016-03-29 03:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-04-13 10:32 - 2016-03-29 02:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-04-13 10:32 - 2016-03-29 02:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-04-13 10:32 - 2016-03-29 02:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-04-13 10:32 - 2016-03-29 02:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-04-13 10:32 - 2016-03-29 02:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-04-13 10:32 - 2016-03-29 01:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2016-04-13 10:32 - 2016-03-29 01:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2016-04-13 10:31 - 2016-04-02 00:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-04-13 10:31 - 2016-03-29 05:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-04-13 10:31 - 2016-03-29 05:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-04-13 10:31 - 2016-03-29 04:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-04-13 10:31 - 2016-03-29 04:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-04-13 10:31 - 2016-03-29 04:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-04-13 10:31 - 2016-03-29 03:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-04-13 10:31 - 2016-03-29 03:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-04-13 10:31 - 2016-03-29 03:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-04-13 10:31 - 2016-03-29 03:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-04-13 10:31 - 2016-03-29 03:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-04-13 10:31 - 2016-03-29 03:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-04-13 10:31 - 2016-03-29 03:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-04-13 10:31 - 2016-03-29 03:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll
2016-04-13 10:31 - 2016-03-29 03:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-04-13 10:31 - 2016-03-29 03:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-04-13 10:31 - 2016-03-29 03:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2016-04-13 10:31 - 2016-03-29 02:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-04-13 10:31 - 2016-03-29 02:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll
2016-04-13 10:31 - 2016-03-29 02:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-04-13 10:31 - 2016-03-29 02:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-04-13 10:31 - 2016-03-29 02:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll
2016-04-13 10:31 - 2016-03-29 02:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2016-04-13 10:31 - 2016-03-29 02:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-04-13 10:31 - 2016-03-29 02:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-04-13 10:31 - 2016-03-29 02:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-04-13 10:31 - 2016-03-29 02:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-04-13 10:31 - 2016-03-29 02:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2016-04-13 10:31 - 2016-03-29 02:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-04-13 10:31 - 2016-03-29 02:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-04-13 10:31 - 2016-03-29 02:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-04-13 10:31 - 2016-03-29 02:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll
2016-04-13 10:31 - 2016-03-29 01:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2016-04-13 10:30 - 2016-04-01 23:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-04-13 10:30 - 2016-03-29 06:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll
2016-04-13 10:30 - 2016-03-29 06:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2016-04-13 10:30 - 2016-03-29 05:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll
2016-04-13 10:30 - 2016-03-29 05:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-04-13 10:30 - 2016-03-29 05:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-04-13 10:30 - 2016-03-29 05:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe
2016-04-13 10:30 - 2016-03-29 04:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-04-13 10:30 - 2016-03-29 04:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2016-04-13 10:30 - 2016-03-29 04:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2016-04-13 10:30 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-04-13 10:30 - 2016-03-29 03:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-04-13 10:30 - 2016-03-29 03:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-04-13 10:30 - 2016-03-29 03:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-04-13 10:30 - 2016-03-29 03:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll
2016-04-13 10:30 - 2016-03-29 03:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-04-13 10:30 - 2016-03-29 03:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-04-13 10:30 - 2016-03-29 03:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-04-13 10:30 - 2016-03-29 03:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-04-13 10:30 - 2016-03-29 03:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2016-04-13 10:30 - 2016-03-29 03:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2016-04-13 10:30 - 2016-03-29 03:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-04-13 10:30 - 2016-03-29 02:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2016-04-13 10:30 - 2016-03-29 02:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-04-13 10:30 - 2016-03-29 02:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll
2016-04-13 10:30 - 2016-03-29 02:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2016-04-13 10:30 - 2016-03-29 02:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-04-13 10:30 - 2016-03-29 02:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2016-04-13 10:30 - 2016-03-29 02:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-04-13 10:30 - 2016-03-29 02:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll
2016-04-13 10:30 - 2016-03-29 02:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-04-13 10:30 - 2016-03-29 02:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll
2016-04-13 10:30 - 2016-03-29 02:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-04-13 10:30 - 2016-03-29 02:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll
2016-04-13 10:30 - 2016-03-29 02:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2016-04-13 10:29 - 2016-04-02 00:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll
2016-04-13 10:29 - 2016-04-02 00:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-04-13 10:29 - 2016-04-01 23:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-04-13 10:29 - 2016-03-29 06:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-04-13 10:29 - 2016-03-29 06:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2016-04-13 10:29 - 2016-03-29 06:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-04-13 10:29 - 2016-03-29 05:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-04-13 10:29 - 2016-03-29 05:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll
2016-04-13 10:29 - 2016-03-29 05:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll
2016-04-13 10:29 - 2016-03-29 05:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll
2016-04-13 10:29 - 2016-03-29 04:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll
2016-04-13 10:29 - 2016-03-29 04:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll
2016-04-13 10:29 - 2016-03-29 04:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll
2016-04-13 10:29 - 2016-03-29 04:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-04-13 10:29 - 2016-03-29 03:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2016-04-13 10:29 - 2016-03-29 03:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys
2016-04-13 10:29 - 2016-03-29 03:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2016-04-13 10:29 - 2016-03-29 03:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-04-13 10:29 - 2016-03-29 03:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2016-04-13 10:29 - 2016-03-29 03:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll
2016-04-13 10:29 - 2016-03-29 03:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-04-13 10:29 - 2016-03-29 02:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe
2016-04-13 10:29 - 2016-03-29 02:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll
2016-04-13 10:29 - 2016-03-29 02:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-04-13 10:29 - 2016-03-29 02:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2016-04-13 10:29 - 2016-03-29 02:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-04-13 10:29 - 2016-03-29 02:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-04-13 10:29 - 2016-03-29 02:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-04-13 10:29 - 2016-03-29 02:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-04-13 10:29 - 2016-03-29 01:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll
2016-04-13 10:29 - 2016-03-29 01:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2016-04-13 10:28 - 2016-04-01 23:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-04-13 10:28 - 2016-04-01 23:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2016-04-13 10:28 - 2016-04-01 23:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2016-04-13 10:28 - 2016-04-01 23:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-04-13 10:28 - 2016-04-01 23:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-04-13 10:28 - 2016-03-29 05:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-04-13 10:28 - 2016-03-29 05:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-04-13 10:28 - 2016-03-29 05:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe
2016-04-13 10:28 - 2016-03-29 04:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-04-13 10:28 - 2016-03-29 04:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll
2016-04-13 10:28 - 2016-03-29 03:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2016-04-13 10:28 - 2016-03-29 03:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-04-13 10:28 - 2016-03-29 03:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll
2016-04-13 10:28 - 2016-03-29 03:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2016-04-13 10:28 - 2016-03-29 03:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2016-04-13 10:28 - 2016-03-29 03:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-04-13 10:28 - 2016-03-29 03:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll
2016-04-13 10:28 - 2016-03-29 03:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll
2016-04-13 10:28 - 2016-03-29 03:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2016-04-13 10:28 - 2016-03-29 03:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 10:28 - 2016-03-29 03:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll
2016-04-13 10:28 - 2016-03-29 03:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll
2016-04-13 10:28 - 2016-03-29 03:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-04-13 10:28 - 2016-03-29 02:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll
2016-04-13 10:28 - 2016-03-29 02:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-04-13 10:28 - 2016-03-29 02:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll
2016-04-13 10:28 - 2016-03-29 02:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll
2016-04-13 10:28 - 2016-03-29 02:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2016-04-13 10:28 - 2016-03-29 02:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-04-13 10:27 - 2016-04-01 23:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-04-13 10:27 - 2016-03-29 04:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-04-13 10:27 - 2016-03-29 04:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-04-13 10:27 - 2016-03-29 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll
2016-04-13 10:27 - 2016-03-29 04:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-04-13 10:27 - 2016-03-29 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2016-04-13 10:27 - 2016-03-29 03:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll
2016-04-13 10:27 - 2016-03-29 03:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll
2016-04-13 10:27 - 2016-03-29 03:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys
2016-04-13 10:27 - 2016-03-29 03:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll
2016-04-13 10:27 - 2016-03-29 03:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll
2016-04-13 10:27 - 2016-03-29 03:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe
2016-04-13 10:27 - 2016-03-29 03:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-04-13 10:27 - 2016-03-29 03:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-04-13 10:27 - 2016-03-29 03:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll
2016-04-13 10:27 - 2016-03-29 03:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-04-13 10:27 - 2016-03-29 03:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2016-04-13 10:27 - 2016-03-29 03:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll
2016-04-13 10:27 - 2016-03-29 03:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll
2016-04-13 10:27 - 2016-03-29 03:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe
2016-04-13 10:27 - 2016-03-29 03:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll
2016-04-13 10:27 - 2016-03-29 02:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll
2016-04-13 10:27 - 2016-03-29 02:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-04-13 10:27 - 2016-03-29 02:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll
2016-04-13 10:27 - 2016-03-29 02:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-04-13 10:27 - 2016-03-29 02:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-04-13 10:27 - 2016-03-29 01:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2016-04-13 10:27 - 2016-03-29 01:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll
2016-04-13 10:27 - 2016-03-29 01:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-04-13 10:27 - 2016-03-29 01:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-04-13 10:27 - 2016-03-29 01:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-04-13 10:27 - 2016-03-29 01:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll
2016-04-13 10:26 - 2016-04-01 23:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-04-13 10:26 - 2016-03-29 04:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-04-13 10:26 - 2016-03-29 04:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll
2016-04-13 10:26 - 2016-03-29 04:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll
2016-04-13 10:26 - 2016-03-29 04:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-04-13 10:26 - 2016-03-29 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-04-13 10:26 - 2016-03-29 03:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-04-13 10:26 - 2016-03-29 03:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-04-13 10:26 - 2016-03-29 03:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll
2016-04-13 10:26 - 2016-03-29 03:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-04-13 10:26 - 2016-03-29 03:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-04-13 10:26 - 2016-03-29 03:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-04-13 10:26 - 2016-03-29 03:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2016-04-13 10:26 - 2016-03-29 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll
2016-04-13 10:26 - 2016-03-29 03:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-04-13 10:26 - 2016-03-29 03:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll
2016-04-13 10:26 - 2016-03-29 03:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-04-13 10:26 - 2016-03-29 03:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-04-13 10:26 - 2016-03-29 03:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll
2016-04-13 10:26 - 2016-03-29 03:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-04-13 10:26 - 2016-03-29 02:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-04-13 10:26 - 2016-03-29 02:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-04-13 10:26 - 2016-03-29 02:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-04-13 10:26 - 2016-03-29 02:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-04-13 10:25 - 2016-03-29 02:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-04-10 23:59 - 2016-04-15 18:31 - 00000000 ____D C:\Users\Sylvia\Documents\EMPOWR
2016-04-10 17:58 - 2016-04-10 17:58 - 00000000 ____D C:\Program Files (x86)\CurationSoft
2016-04-10 17:57 - 2016-04-10 17:57 - 02670626 _____ C:\Users\Sylvia\Downloads\CurationSoft.air
2016-04-10 17:03 - 2016-04-10 17:03 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2016-04-10 17:03 - 2016-04-10 17:03 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2016-04-10 17:02 - 2016-04-10 17:02 - 18667480 _____ (Adobe Systems Inc.) C:\Users\Sylvia\Downloads\AdobeAIRInstaller.exe
2016-04-09 00:08 - 2016-04-09 00:08 - 08886976 _____ (Microsoft Corporation) C:\Users\Sylvia\Downloads\OneDriveSetup (1).exe
2016-04-09 00:01 - 2016-04-09 00:00 - 08886976 _____ (Microsoft Corporation) C:\Users\Sylvia\Downloads\OneDriveSetup(1).exe
2016-04-08 23:58 - 2016-04-08 23:58 - 08886976 _____ (Microsoft Corporation) C:\Users\Sylvia\Downloads\OneDriveSetup.exe
2016-04-07 13:17 - 2016-04-07 15:52 - 00000000 ____D C:\Users\Sylvia\Documents\STOCK IMAGES
2016-04-06 22:56 - 2016-04-06 22:56 - 01308909 _____ C:\Users\Sylvia\Downloads\FashionForLess.zip
2016-04-06 22:54 - 2016-04-13 22:30 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZipItFree
2016-04-06 22:54 - 2016-04-06 22:54 - 00008115 _____ C:\WINDOWS\ZipItFree Setup Log.txt
2016-04-06 22:54 - 2016-04-06 22:54 - 00002007 _____ C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ZipItFree.lnk
2016-04-06 22:54 - 2016-04-06 22:54 - 00002001 _____ C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\ZipItFree.lnk
2016-04-06 22:54 - 2016-04-06 22:54 - 00001977 _____ C:\Users\Sylvia\Desktop\ZipItFree.lnk
2016-04-06 22:54 - 2016-04-06 22:54 - 00000000 ____D C:\WINDOWS\ZipItFree
2016-04-06 22:54 - 2016-04-06 22:54 - 00000000 ____D C:\Program Files (x86)\ZipItFree
2016-04-06 22:53 - 2016-04-06 22:54 - 04724312 _____ C:\Users\Sylvia\Downloads\zip-it-free.exe
2016-04-06 19:21 - 2016-04-06 19:21 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\PeaZip
2016-04-06 19:06 - 2016-04-29 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PeaZip
2016-04-06 19:06 - 2016-04-06 19:06 - 00001055 _____ C:\Users\Sylvia\Desktop\PeaZip.lnk
2016-04-06 19:05 - 2016-04-06 19:06 - 00000000 ____D C:\Program Files (x86)\PeaZip
2016-04-06 19:04 - 2016-04-06 19:04 - 06783560 _____ (Giorgio Tani ) C:\Users\Sylvia\Downloads\peazip-6.0.0.WINDOWS.exe
2016-04-06 18:36 - 2016-04-29 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-04-06 18:36 - 2016-04-06 18:36 - 00003372 _____ C:\WINDOWS\System32\Tasks\ASC Task (One-Time)
2016-04-06 18:25 - 2016-04-13 22:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-04-06 18:25 - 2016-04-06 18:25 - 01371668 _____ (Igor Pavlov) C:\Users\Sylvia\Downloads\7z1514-x64.exe
2016-04-06 18:25 - 2016-04-06 18:25 - 00000000 ____D C:\Program Files\7-Zip
2016-04-05 15:56 - 2016-04-05 15:56 - 00000000 ____D C:\Users\Sylvia\Documents\My IMS Projects
2016-04-05 14:21 - 2016-04-05 14:21 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-04-05 01:53 - 2016-04-29 04:31 - 00000000 ____D C:\Users\Sylvia\Documents\EMPOWR EBOOKS
2016-04-04 18:39 - 2016-04-04 18:39 - 00001368 _____ C:\Users\Public\Desktop\Freemake YouTube To MP3 Boom.lnk
2016-04-04 18:38 - 2016-04-04 18:39 - 01309912 _____ (Ellora Assets Corporation ) C:\Users\Sylvia\Downloads\FreemakeYouTubeToMP3BoomSetup.exe
2016-04-03 20:33 - 2016-04-29 04:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MTI
2016-04-03 20:33 - 2016-04-03 20:33 - 00001155 _____ C:\Users\Sylvia\Desktop\BackLinkPirate.lnk
2016-04-03 20:33 - 2016-04-03 20:33 - 00000000 ____D C:\WINDOWS\SysWOW64\CSIDL_COMMON_DOCUMENTS
2016-04-03 20:33 - 2016-04-03 20:33 - 00000000 ____D C:\Users\Public\Documents\mti
2016-04-03 20:31 - 2016-04-03 20:32 - 02169224 _____ (mtisoftware.com ) C:\Users\Sylvia\Downloads\setupBacklinkPirate.exe
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-04-30 11:41 - 2015-12-31 11:26 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-04-30 11:36 - 2012-07-23 21:35 - 00000932 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4044022209-2194366084-123958388-1000UA.job
2016-04-30 11:16 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-30 11:16 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-30 11:16 - 2015-08-07 15:11 - 00000908 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-04-30 11:08 - 2016-03-02 19:17 - 00000000 ____D C:\Users\Sylvia
2016-04-30 11:08 - 2016-01-26 19:54 - 00000000 ____D C:\Program Files\Bitdefender Agent
2016-04-30 11:08 - 2015-08-07 15:11 - 00000904 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-04-30 11:07 - 2016-03-02 19:41 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-30 00:59 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-04-30 00:59 - 2015-07-30 01:12 - 00218836 _____ C:\bdlog.txt
2016-04-30 00:58 - 2012-04-21 12:03 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Jarte
2016-04-29 23:42 - 2015-08-07 15:14 - 00000000 ___RD C:\Users\Sylvia\Dropbox
2016-04-29 22:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-29 11:02 - 2012-05-12 21:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-04-29 04:39 - 2016-01-26 20:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bitdefender 2016
2016-04-29 04:39 - 2011-12-25 02:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2016-04-29 04:38 - 2015-11-05 20:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PlayOn
2016-04-29 04:38 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-04-29 04:38 - 2015-09-21 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pushbullet
2016-04-29 04:38 - 2015-01-15 20:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-04-29 04:38 - 2015-01-15 17:43 - 00000000 ____D C:\Program Files (x86)\Google
2016-04-29 04:38 - 2014-12-20 22:38 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-04-29 04:38 - 2014-10-19 18:37 - 00000000 ____D C:\Users\Sylvia\AppData\LocalLow\IObit
2016-04-29 04:38 - 2014-10-07 14:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-04-29 04:38 - 2014-08-07 09:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-04-29 04:38 - 2014-07-26 15:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-04-29 04:38 - 2014-07-11 17:16 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\vlc
2016-04-29 04:38 - 2014-07-11 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-04-29 04:38 - 2014-07-05 15:33 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\ProductData
2016-04-29 04:38 - 2014-07-05 15:32 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\IObit
2016-04-29 04:38 - 2014-06-03 15:45 - 00000000 ____D C:\AdwCleaner
2016-04-29 04:38 - 2012-07-23 21:35 - 00000000 ____D C:\Users\Sylvia\AppData\Local\Google
2016-04-29 04:38 - 2012-06-04 14:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-04-29 04:38 - 2012-05-27 13:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyScrambler
2016-04-29 04:38 - 2012-05-19 16:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2016-04-29 04:38 - 2012-05-13 17:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\K-Lite Codec Pack
2016-04-29 04:38 - 2012-05-01 15:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Mechanic
2016-04-29 04:38 - 2012-04-21 12:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jarte
2016-04-29 04:38 - 2012-02-11 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Live Meeting 2007
2016-04-29 04:38 - 2012-01-15 14:11 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.3
2016-04-29 04:38 - 2011-12-09 10:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft OmniPage SE 4
2016-04-29 04:38 - 2011-12-01 02:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office Starter (English)
2016-04-29 04:38 - 2011-10-24 19:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2016-04-29 04:38 - 2011-10-24 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway Documentation
2016-04-29 04:38 - 2011-10-24 18:44 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-04-29 04:38 - 2011-03-13 05:02 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Gateway
2016-04-29 04:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\registration
2016-04-29 04:31 - 2014-12-10 23:11 - 00000000 ____D C:\Users\Sylvia\AppData\Local\Packages
2016-04-29 04:30 - 2011-12-09 15:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-04-29 04:29 - 2015-07-29 17:44 - 00000000 ____D C:\Program Files\Bitdefender
2016-04-29 04:29 - 2015-07-29 17:41 - 00000000 ____D C:\Program Files\Common Files\Bitdefender
2016-04-29 01:59 - 2014-10-07 14:31 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-04-29 01:40 - 2014-06-03 12:00 - 00000000 ____D C:\ProgramData\ioloGovernor
2016-04-29 01:00 - 2016-03-02 19:17 - 00000000 ____D C:\Users\DefaultAppPool
2016-04-29 00:49 - 2016-03-02 19:17 - 00000000 ____D C:\Users\Work
2016-04-29 00:43 - 2016-01-26 20:04 - 00000000 ____D C:\ProgramData\Bitdefender
2016-04-28 23:50 - 2011-12-20 15:04 - 00000000 ____D C:\Users\Sylvia\AppData\Local\ElevatedDiagnostics
2016-04-28 23:38 - 2015-07-29 17:41 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\QuickScan
2016-04-27 11:14 - 2015-10-30 02:28 - 00065536 ___SH C:\WINDOWS\system32\config\ELAM
2016-04-22 15:20 - 2014-07-31 22:42 - 00000000 ____D C:\Users\Sylvia\AppData\Local\Spotify
2016-04-17 18:19 - 2014-07-07 18:19 - 00000512 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task dbfffb97-9cf2-4b86-b186-7cc759ae2f0d.job
2016-04-17 17:36 - 2012-07-23 21:35 - 00000880 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-4044022209-2194366084-123958388-1000Core.job
2016-04-17 12:00 - 2014-07-07 18:19 - 00000512 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 2a22458e-257e-4b72-8313-12aa3d1e78b8.job
2016-04-16 17:15 - 2009-07-13 22:34 - 00000642 _____ C:\WINDOWS\win.ini
2016-04-16 17:15 - 2009-07-13 22:34 - 00000277 _____ C:\WINDOWS\system.ini
2016-04-16 00:14 - 2016-03-02 19:16 - 01010622 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-15 22:18 - 2015-08-07 15:11 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-04-15 19:03 - 2016-03-02 19:09 - 00227512 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-04-15 18:59 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-15 18:59 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-15 18:59 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-04-15 18:59 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-04-14 14:00 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-14 13:54 - 2014-06-23 21:15 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-04-14 13:41 - 2014-06-23 21:15 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-04-14 12:18 - 2011-12-09 11:52 - 00000000 ____D C:\Program Files (x86)\Java
2016-04-14 12:14 - 2011-12-09 11:52 - 00268352 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\javaws.exe
2016-04-13 23:59 - 2012-05-15 09:14 - 00000000 ____D C:\Users\Work\AppData\Roaming\iolo
2016-04-13 23:13 - 2014-10-07 14:31 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-04-13 22:43 - 2015-12-28 01:38 - 00000000 ____D C:\Users\Work\AppData\Local\Google
2016-04-13 22:31 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-04-13 22:31 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-04-13 22:31 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-04-13 22:31 - 2014-11-02 16:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX310 series
2016-04-13 22:31 - 2011-10-24 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AUPEO!
2016-04-13 22:30 - 2016-03-29 19:41 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MEGAsync
2016-04-13 22:30 - 2015-09-07 19:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avensen Domain Name Finder
2016-04-13 22:30 - 2015-07-22 19:13 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Photos Backup
2016-04-13 22:30 - 2012-05-01 15:07 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\iolo
2016-04-13 22:30 - 2012-04-03 14:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\A.I.type
2016-04-13 22:30 - 2011-12-09 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-04-13 22:30 - 2011-12-09 10:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX310 series Manual
2016-04-13 22:30 - 2011-03-13 05:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2016-04-13 22:21 - 2015-08-23 17:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mz Ultimate Tools
2016-04-10 17:58 - 2015-09-12 20:04 - 00000999 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CurationSoft.lnk
2016-04-10 17:58 - 2015-09-12 20:04 - 00000987 _____ C:\Users\Public\Desktop\CurationSoft.lnk
2016-04-10 17:04 - 2011-11-30 23:00 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Adobe
2016-04-10 17:03 - 2011-03-13 05:12 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-09 15:41 - 2014-10-11 21:16 - 00000000 ____D C:\Users\Sylvia\Documents\RECIPES
2016-04-09 11:39 - 2014-08-07 09:36 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-04-09 00:01 - 2015-08-17 11:22 - 00002413 _____ C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-09 00:01 - 2012-07-14 21:47 - 00000000 ___RD C:\Users\Sylvia\SkyDrive
2016-04-08 15:33 - 2015-11-01 17:52 - 00000000 ____D C:\Users\Sylvia\Documents\MARKETING
2016-04-06 18:45 - 2014-10-19 18:37 - 00002490 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Sylvia
2016-04-06 18:42 - 2011-03-13 05:01 - 00000000 ____D C:\ProgramData\Skype
2016-04-06 18:39 - 2014-07-05 15:32 - 00000000 ____D C:\Program Files (x86)\IObit
2016-04-06 18:36 - 2016-01-26 19:38 - 00001434 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-04-06 14:32 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-04-06 14:32 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-03 20:34 - 2014-08-25 10:50 - 00000000 ____D C:\Users\Sylvia\AppData\Local\Adobe
2016-04-03 20:33 - 2011-11-30 23:01 - 00000000 ____D C:\Users\Sylvia\AppData\Local\VirtualStore
2016-04-03 20:16 - 2015-11-10 19:08 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-04-03 20:16 - 2015-05-12 23:52 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-04-02 22:19 - 2015-09-21 17:46 - 00000000 ____D C:\Users\Sylvia\AppData\Local\Pushbullet
2016-04-02 13:07 - 2012-04-26 10:38 - 00000386 _____ C:\WINDOWS\system32\ioloBootDefrag.cfg
2016-04-02 13:03 - 2012-01-13 14:22 - 00001764 _____ C:\EventLOG.txt
2016-04-01 21:35 - 2011-11-30 23:00 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Macromedia
2016-04-01 20:37 - 2015-04-10 19:08 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2016-04-01 20:37 - 2015-04-10 19:08 - 00000000 ____D C:\Users\Sylvia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
2016-04-01 20:37 - 2015-04-08 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NCH Software Suite
2016-04-01 20:37 - 2015-04-08 22:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audio Related Programs
2016-04-01 20:33 - 2014-10-07 14:31 - 00001178 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-04-01 20:33 - 2014-10-07 14:31 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
 
==================== Files in the root of some directories =======
 
2011-01-18 04:50 - 2011-01-18 04:50 - 132609310 _____ () C:\Program Files\openofficeorg1.cab
2011-01-18 04:53 - 2011-01-18 04:53 - 2994688 _____ () C:\Program Files\openofficeorg33.msi
2011-01-18 04:52 - 2011-01-18 04:52 - 0475016 _____ () C:\Program Files\setup.exe
2011-01-18 04:05 - 2011-01-18 04:05 - 0000290 _____ () C:\Program Files\setup.ini
2011-12-09 11:47 - 2011-12-09 11:51 - 0000005 _____ () C:\Program Files (x86)\eula.txt
2011-12-09 11:47 - 2011-12-09 11:51 - 0000014 _____ () C:\Program Files (x86)\version.txt
2012-05-15 13:27 - 2015-07-28 23:43 - 32372200 _____ (McAfee) C:\Program Files (x86)\Common Files\lpuninstall.exe
2012-01-13 21:27 - 2011-12-22 13:45 - 0076407 _____ () C:\Users\Sylvia\AppData\Roaming\Smiley.ico
2014-09-18 16:59 - 2014-09-18 16:59 - 0893239 _____ () C:\Users\Sylvia\AppData\Local\a.zip
2014-09-18 16:59 - 2014-09-18 16:59 - 2162416 _____ (Catalina Marketing Corp) C:\Users\Sylvia\AppData\Local\BcsKtYcHW.dll
2012-07-11 01:05 - 2015-01-29 18:35 - 0020992 _____ () C:\Users\Sylvia\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-09-27 12:55 - 2014-09-27 12:55 - 0000861 _____ () C:\Users\Sylvia\AppData\Local\recently-used.xbel
2015-08-30 11:39 - 2015-08-30 11:39 - 0013863 _____ () C:\Users\Sylvia\AppData\Local\{B9A9BB22-2640-47C9-BFD8-4A75DA9A3A16}
2016-04-28 23:56 - 2016-04-28 23:56 - 0238577 _____ () C:\ProgramData\1461901934.bdinstall.bin
2016-04-28 23:56 - 2016-04-28 23:56 - 0027349 _____ () C:\ProgramData\1461902194.bdinstall.bin
2016-04-29 00:04 - 2016-04-29 00:04 - 0044331 _____ () C:\ProgramData\1461902695.bdinstall.bin
2016-04-29 00:05 - 2016-04-29 00:05 - 0025643 _____ () C:\ProgramData\1461902743.bdinstall.bin
2016-04-29 00:05 - 2016-04-29 00:05 - 0025644 _____ () C:\ProgramData\1461902753.bdinstall.bin
2016-03-02 19:14 - 2016-03-02 19:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-04-29 20:31
 
 
 
# AdwCleaner v5.114 - Logfile created 28/04/2016 at 17:17:54
# Updated 27/04/2016 by Xplode
# Database : 2016-04-27.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Sylvia - SYLVIA-PC
# Running from : C:\Users\Sylvia\Downloads\adwcleaner_5.114.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Extensions\elicpjhcidhpjomhibiffojpinpmmpil
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Sylvia\AppData\Roaming\Mozilla\Firefox\Profiles\zk03ocp4.Sylvia S\extensions\[email protected]
[-] File Deleted : C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Chrome Cleanup Tool logs upload retry
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [13454 bytes] - [13/04/2016 21:32:22]
C:\AdwCleaner\AdwCleaner[C2].txt - [1259 bytes] - [28/04/2016 17:17:54]
C:\AdwCleaner\AdwCleaner[R0].txt - [7993 bytes] - [03/06/2014 15:45:08]
C:\AdwCleaner\AdwCleaner[R1].txt - [1616 bytes] - [06/06/2014 10:41:56]
C:\AdwCleaner\AdwCleaner[R2].txt - [11820 bytes] - [13/02/2015 18:56:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [8068 bytes] - [03/06/2014 15:50:07]
C:\AdwCleaner\AdwCleaner[S1].txt - [14640 bytes] - [06/06/2014 10:50:44]
C:\AdwCleaner\AdwCleaner[S2].txt - [13709 bytes] - [13/02/2015 19:04:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1773 bytes] ##########
# AdwCleaner v5.114 - Logfile created 30/04/2016 at 11:54:23
# Updated 27/04/2016 by Xplode
# Database : 2016-04-27.1 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Sylvia - SYLVIA-PC
# Running from : C:\Users\Sylvia\Downloads\AdwCleaner.exe
# Option : Clean
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
[-] File Deleted : C:\Users\Sylvia\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\elicpjhcidhpjomhibiffojpinpmmpil
 
***** [ DLLs ] *****
 
 
***** [ WMI ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Chrome Cleanup Tool logs upload retry
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C1].txt - [13454 bytes] - [13/04/2016 21:32:22]
C:\AdwCleaner\AdwCleaner[C2].txt - [2835 bytes] - [28/04/2016 17:17:54]
C:\AdwCleaner\AdwCleaner[R0].txt - [7993 bytes] - [03/06/2014 15:45:08]
C:\AdwCleaner\AdwCleaner[R1].txt - [1616 bytes] - [06/06/2014 10:41:56]
C:\AdwCleaner\AdwCleaner[R2].txt - [11820 bytes] - [13/02/2015 18:56:53]
C:\AdwCleaner\AdwCleaner[S0].txt - [8068 bytes] - [03/06/2014 15:50:07]
C:\AdwCleaner\AdwCleaner[S1].txt - [14640 bytes] - [06/06/2014 10:50:44]
C:\AdwCleaner\AdwCleaner[S2].txt - [15185 bytes] - [13/02/2015 19:04:30]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3349 bytes] ##########

Edited by seasun, 30 April 2016 - 10:04 AM.

  • 0

#6
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
How is the computer now ? Is Bitdefender working ?

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:

CreateRestorePoint:
2016-04-21 15:53 - 2016-04-21 15:53 - 00000000 ____D C:\Users\Sylvia\AppData\Local\{5A7B1867-658B-4130-954E-3614476600DA}
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that
  • 0

#7
seasun

seasun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Computer seems to be working OK in normal mode except that antivirus ( both windows Defender and Bitdefender) remain turned off and I can't turn either of them on. Also,  boot time is taking forever


  • 0

#8
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we will come to the boot later

When you try to turn them on what error do you get ?

Download and run farbar service scanner

fssscan.JPG

Tick "All" options.
Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.

Please copy and paste the log to your reply.
  • 0

#9
seasun

seasun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

The only restore point I have is 2016-04-29
 

When I try to turn on Bitdefender or Windows Defender nothing happens. They just don't turn on. 

 

Do you want me to run FRST 64 and FFS.exe  again?


  • 0

#10
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

No just farbar system scanner FSS


  • 0

Advertisements


#11
seasun

seasun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

OK, Thanks


  • 0

#12
seasun

seasun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts
Farbar Service Scanner Version: 27-01-2016
Ran by Sylvia (administrator) on 30-04-2016 at 16:04:31
Running from "C:\Users\Sylvia\Downloads"
Microsoft Windows 10 Home  (X64)
Boot Mode: Normal
****************************************************************
 
Internet Services:
============
 
Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.
 
 
Windows Firewall:
=============
 
Firewall Disabled Policy: 
==================
 
 
System Restore:
============
 
System Restore Policy: 
========================
 
 
Security Center:
============
 
 
Windows Update:
============
wuauserv Service is not running. Checking service configuration:
The start type of wuauserv service is set to Demand. The default start type is Auto.
The ImagePath of wuauserv service is OK.
The ServiceDll of wuauserv service is OK.
 
 
Windows Autoupdate Disabled Policy: 
============================
 
 
Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend service is OK.
 
 
Windows Defender Disabled Policy: 
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1
 
 
Other Services:
==============
 
 
File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\SDRSVC.dll => File is digitally signed
C:\Windows\System32\vssvc.exe => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
 
 
**** End of log ****

  • 0

#13
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Windows defender will not run whilst bitdefender is present

First download this reg file to your desktop
Attached File  wuauserv.reg   6.86KB   62 downloads
Right click the file and select merge
Then reboot

Next go to this page http://www.bitdefend...-2015-1311.htmland follow the steps to repair
Then reboot

Then let me know how the computer is behaving
  • 0

#14
seasun

seasun

    Member

  • Topic Starter
  • Member
  • PipPip
  • 16 posts

Nothing happened. Unable to perform Bitdefender online scan or repair. Boot is taking forever.


  • 0

#15
Essexboy

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK slow boot we can either do today or leave until the system is protected.


First ensure that you have your bitdefender licence from here https://myaccount.bitdefender.com/
Download the correct version of Bitdefender from here http://www.bitdefend...o.uk/Downloads/to your desktop
Download the Bitdefender removal tool from here http://www.bitdefend...sumer_paid.htmlto your desktop

Next go to control panel and uninstall Bitdefender
After the reboot run the uninstall tool
Now re-install Bitdefender

For the slow boot :



Download the SDK web installer from here
Run the installer and select the following:

Leave the location to default
wdk%20location.JPG

Windows Performance Toolkit
Wintoolkitselect.JPG

You must reboot on completion of the install

After reboot set aside about 30 minutes when you will not need the computer

To turn UAC off

1.Open User Account Control Settings by clicking the Start button , and then clicking Control Panel. In the search box, type uac, and then click Change User Account Control settings.
2.Do the following: To turn off UAC, move the slider to the Never notify position, and then click OK.


When ready start an elevated command prompt :

Go Start > All Programs > Accessories
Right click Command Prompt and select Run as Administrator

Then copy and paste the following command into the black box :

xbootmgr -trace boot -prepSystem -verboseReadyBoot

sdk%20command.JPG

Now your PC will be restarted 6 times. With a two minute pause before the tool runs after the desktop loads
After the second reboot the MS defragmentation program is running and is placing the files into an optimized layout, so that Windows will boot up faster
The last Reboots are training of readyBoot. After the training is finished, you'll notice a huge improvement in startup.

To turn UAC on

1.Open User Account Control Settings by clicking the Start button , and then clicking Control Panel. In the search box, type uac, and then click Change User Account Control settings.
2.Do the following: To turn on UAC, move the slider to the notify me (default) position, and then click OK.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP