Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My computer is infected.

BingProvidedSearch

  • This topic is locked This topic is locked

#1
FUState

FUState

    Member

  • Member
  • PipPipPip
  • 214 posts

64-bit Operating System, x64-based processor

Windows 10

 

I was playing tankionline.com when a strange chrome update request popped up. I tried to close it but could not. I tried to close the entire window when another window popped up.

I tried closing that window when Windows notifications started alerting me of a virus and Windows' intentions of removing it. It was late, I shutdown the machine.

 

Today when I look at installed 'Programs and Features' "BingProvidedSearch" shows up at the top of the list (installed on 15/08/2016 ( installed today)).

 

In 'Task Manager' 'Startup' "ProductUpdater" is also listed and my google searches do not look promising for this either.

 

I have pasted the logs below.

 

*** FRST.txt ***

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 15-08-2016 01
Ran by Eva (administrator) on HENRY-PC (15-08-2016 19:00:40)
Running from C:\Users\Eva\Desktop
Loaded Profiles: Eva & postgres (Available Profiles: HENRY & Eva & postgres & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe
(HP) C:\Windows\System32\HPSIsvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 9 Organizer\PhotoshopElementsFileAgent.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe
(Sage) C:\Program Files (x86)\winsim\ConnectionManager\SimplyConnectionManager.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(PostgreSQL Global Development Group) C:\Program Files\PostgreSQL\9.2\bin\postgres.exe
(Seagate Technology LLC) C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(IBM Corp.) C:\Program Files (x86)\Trusteer\Rapport\bin\RapportService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Spotify Ltd) C:\Users\Eva\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Sage) C:\Program Files (x86)\winsim\ConnectionManager\Simply.SystemTrayIcon.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\Brother\ControlCenter3\BrccMCtl.exe
(Adobe Systems Inc.) C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\acrotray.exe
(Nullsoft, Inc.) C:\Program Files (x86)\Winamp\winampa.exe
(Dropbox, Inc.) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
() C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE16\CSISYNCCLIENT.EXE
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Microsoft Corporation) C:\Windows\System32\SmartScreenSettings.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [497648 2010-09-16] (Adobe Systems Incorporated)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1797064 2014-03-20] (NVIDIA Corporation)
HKLM-x32\...\Run: [APSDaemon] => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
HKLM-x32\...\Run: [ConnectionManager] => C:\Program Files (x86)\Winsim\ConnectionManager\Simply.SystemTrayIcon.exe [372232 2016-06-10] (Sage)
HKLM-x32\...\Run: [ControlCenter3] => C:\Program Files (x86)\Brother\ControlCenter3\brctrcen.exe [114688 2008-12-24] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2372800 2014-11-26] (Microsoft Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrobat_sl.exe [41360 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Acrotray.exe [840592 2015-09-24] (Adobe Systems Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [DBAgent] => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [1519176 2014-04-30] (Seagate Technology LLC)
HKLM-x32\...\Run: [WinampAgent] => C:\Program Files (x86)\Winamp\winampa.exe [85600 2013-11-26] (Nullsoft, Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [23546672 2016-08-01] (Dropbox, Inc.)
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75776 2016-07-19] ()
HKU\S-1-5-21-460736838-1080885726-4207931419-1002\...\Run: [Spotify Web Helper] => C:\Users\Eva\AppData\Roaming\Spotify\SpotifyWebHelper.exe [1555056 2016-08-05] (Spotify Ltd)
HKU\S-1-5-21-460736838-1080885726-4207931419-1002\...\Run: [Spotify] => C:\Users\Eva\AppData\Roaming\Spotify\Spotify.exe [6937200 2016-08-05] (Spotify Ltd)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.38.dll [2016-08-01] (Dropbox, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{4471eb47-7262-43c2-9d25-fcb4fdd4a1f9}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{b759b702-5312-4a99-aa79-72e16c9fb308}: [DhcpNameServer] 209.91.107.11 209.121.225.11
Tcpip\..\Interfaces\{b9d371f6-bd4f-4aa3-b1e1-399908959482}: [DhcpNameServer] 192.168.1.254 75.153.171.122
Tcpip\..\Interfaces\{c22fc63b-0edb-463b-8e6b-1817b8b657b8}: [DhcpNameServer] 192.168.0.1
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-334e1111
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-334e1111
HKU\S-1-5-21-460736838-1080885726-4207931419-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-334e1111
HKU\S-1-5-21-460736838-1080885726-4207931419-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-460736838-1080885726-4207931419-1002 -> DefaultScope {AAE01011-C803-40C8-B932-1F086BF9BBFD} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-460736838-1080885726-4207931419-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-460736838-1080885726-4207931419-1002 -> {AAE01011-C803-40C8-B932-1F086BF9BBFD} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-08-09] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-08-09] (Microsoft Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2015-09-24] (Adobe Systems Incorporated)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-09] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-09] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-09] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-08-09] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe
 
FireFox:
========
FF ProfilePath: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\5aysy0h3.default
FF NewTab: about:newtab
FF DefaultSearchEngine: Yahoo! Powered
FF SelectedSearchEngine: Yahoo! Powered
FF Homepage: hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
FF Keyword.URL: user_pref("keyword.URL", true);
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-08-09] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-07-22] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-460736838-1080885726-4207931419-1002: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Eva\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2014-11-18] (Unity Technologies ApS)
FF Plugin HKU\S-1-5-21-460736838-1080885726-4207931419-1002: vsee.com/VSeeDetection -> C:\Users\Eva\AppData\Roaming\VSeeInstall\npVSeeDetection.dll [2015-12-18] (VSee Lab)
FF SearchPlugin: C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\5aysy0h3.default\searchplugins\yahoo! powered.xml [2016-07-24]
FF Extension: FlashGot - C:\Users\Eva\AppData\Roaming\Mozilla\Firefox\Profiles\5aysy0h3.default\extensions\{19503e42-ca3c-4c27-b1e2-9cdb2170ee34}.xpi [2016-07-24]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-10-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension
FF Extension: SmartPrintButton - C:\Program Files (x86)\Hewlett-Packard\SmartPrint\QPExtension [2011-01-26] [not signed]
StartMenuInternet: FIREFOX.EXE - firefox.exe
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
CHR Profile: C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-03-09]
CHR Extension: (Google Docs) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-03-09]
CHR Extension: (Google Drive) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (Rapport) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\bbjllphbppobebmjpjcijfbakobcheof [2016-02-09]
CHR Extension: (YouTube) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
CHR Extension: (Google Search) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-03-09]
CHR Extension: (Google Docs Offline) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-02]
CHR Extension: (Gmail) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-19]
CHR Extension: (Chrome Media Router) - C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-09]
CHR HKLM\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-460736838-1080885726-4207931419-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [bbjllphbppobebmjpjcijfbakobcheof] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-460736838-1080885726-4207931419-1002\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [pilplloabdedfmialnfchjomjmpjcoej] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173248 2014-11-26] (Microsoft Corp.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2950856 2016-07-25] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-24] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-24] (Dropbox, Inc.)
S3 ose; C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE [200240 2016-07-23] (Microsoft Corporation) [File not signed]
R2 postgresql-x64-9.2; C:\Program Files\PostgreSQL\9.2\bin\pg_ctl.exe [89600 2013-04-01] (PostgreSQL Global Development Group) [File not signed]
R2 RapportMgmtService; C:\Program Files (x86)\Trusteer\Rapport\bin\RapportMgmtService.exe [2383344 2016-07-11] (IBM Corp.)
S3 Sage 50 Transaction Manager 2015 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2015 - CDN\Sage_SA.TransactionManager.exe [35848 2015-12-10] (Sage)
S3 Sage 50 Transaction Manager 2016 - CDN; C:\Program Files (x86)\Winsim\TransactionManager2016 - CDN\Sage_SA.TransactionManager.exe [35848 2016-06-10] (Sage)
R2 Seagate Dashboard Services; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Seagate.Dashboard.DASWindowsService.exe [16000 2014-04-30] (Seagate Technology LLC)
R2 Seagate MobileBackup Service; C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\MobileService.exe [157264 2014-04-30] (Seagate Technology LLC)
R2 Simply Accounting Database Connection Manager; C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe [25608 2016-06-10] (Sage)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 RapportCerberus_1609042; C:\ProgramData\Trusteer\Rapport\store\exts\RapportCerberus\baseline\RapportCerberus64_1609042.sys [1157960 2016-08-10] (IBM Corp.)
R1 RapportEI64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportEI64.sys [544360 2016-07-11] (IBM Corp.)
R0 RapportHades64; C:\Windows\System32\Drivers\RapportHades64.sys [215560 2016-07-11] (IBM Corp.)
S3 RapportKE64; C:\Windows\System32\Drivers\RapportKE64.sys [470056 2016-07-11] (IBM Corp.)
R1 RapportPG64; C:\Program Files (x86)\Trusteer\Rapport\bin\x64\RapportPG64.sys [525992 2016-07-11] (IBM Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 RtlWlanu; C:\Windows\System32\drivers\rtwlanu.sys [3870464 2015-10-01] (Realtek Semiconductor Corporation                           )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-15 19:00 - 2016-08-15 19:01 - 00027665 _____ C:\Users\Eva\Desktop\FRST.txt
2016-08-15 19:00 - 2016-08-15 19:00 - 00000000 ____D C:\Users\Eva\Desktop\FRST-OlderVersion
2016-08-15 19:00 - 2016-08-15 19:00 - 00000000 ____D C:\FRST
2016-08-15 18:47 - 2016-08-15 19:00 - 02394624 _____ (Farbar) C:\Users\Eva\Desktop\FRST64.exe
2016-08-15 18:39 - 2016-08-15 18:39 - 00041527 _____ C:\Users\Eva\Downloads\Addition.txt
2016-08-15 18:30 - 2016-08-15 18:30 - 00000000 ___HD C:\OneDriveTemp
2016-08-15 00:12 - 2016-08-15 18:29 - 00000000 ____D C:\Users\Eva\AppData\Local\{291A1F46-0DB2-73FE-602A-56164442AA8E}
2016-08-15 00:12 - 2016-08-15 00:12 - 02415123 _____ C:\Users\Eva\AppData\Roaming\sb953.dat
2016-08-15 00:12 - 2016-08-15 00:12 - 00000000 ____D C:\Users\Eva\AppData\Local\cico
2016-08-12 18:35 - 2016-08-12 18:35 - 02131936 _____ (Irfan Skiljan) C:\Users\Eva\Downloads\iview442_setup.exe
2016-08-12 18:32 - 2016-08-12 18:32 - 00930888 _____ C:\Users\Eva\Downloads\Annual Permits.tiff
2016-08-09 19:46 - 2016-08-03 04:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-09 19:46 - 2016-08-03 04:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-09 19:46 - 2016-08-03 04:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-09 19:46 - 2016-08-03 03:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-09 19:46 - 2016-08-03 03:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-09 19:46 - 2016-08-03 03:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-09 19:46 - 2016-08-03 03:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-09 19:46 - 2016-08-03 03:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-09 19:46 - 2016-08-03 03:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-09 19:46 - 2016-08-03 03:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-09 19:46 - 2016-08-03 03:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-09 19:46 - 2016-08-03 03:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-09 19:46 - 2016-08-03 03:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-09 19:46 - 2016-08-03 03:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-09 19:46 - 2016-08-03 03:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-09 19:46 - 2016-08-03 03:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-09 19:46 - 2016-08-03 03:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-09 19:46 - 2016-08-03 03:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-09 19:46 - 2016-08-03 03:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-09 19:46 - 2016-08-03 03:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-09 19:46 - 2016-08-03 03:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-09 19:46 - 2016-08-03 03:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-09 19:46 - 2016-08-03 02:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-09 19:46 - 2016-08-03 02:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-09 19:46 - 2016-08-03 02:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-09 19:46 - 2016-08-03 02:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-09 19:46 - 2016-08-03 02:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-09 19:46 - 2016-08-03 02:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-09 19:46 - 2016-08-03 02:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-09 19:46 - 2016-08-03 02:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-09 19:46 - 2016-08-03 02:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-09 19:46 - 2016-08-03 02:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-09 19:46 - 2016-08-03 02:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-09 19:46 - 2016-08-03 02:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-09 19:46 - 2016-08-03 02:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-09 19:46 - 2016-08-03 02:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-09 19:46 - 2016-08-03 02:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-09 19:46 - 2016-08-03 02:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-09 19:46 - 2016-08-03 02:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-09 19:46 - 2016-08-03 02:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-09 19:46 - 2016-08-03 02:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-09 19:46 - 2016-08-03 02:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-09 19:46 - 2016-08-03 02:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-09 19:46 - 2016-08-03 02:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-09 19:46 - 2016-08-03 02:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-09 19:46 - 2016-08-03 02:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-09 19:46 - 2016-08-03 02:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-09 19:46 - 2016-08-03 02:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-09 19:46 - 2016-08-03 02:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-09 19:46 - 2016-08-03 02:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-09 19:46 - 2016-08-03 02:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-09 19:46 - 2016-08-03 02:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-09 19:46 - 2016-08-03 02:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-09 19:46 - 2016-08-03 02:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-09 19:46 - 2016-08-03 02:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-09 19:46 - 2016-08-03 02:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-09 19:46 - 2016-08-03 02:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-09 19:46 - 2016-08-03 02:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-09 19:46 - 2016-08-03 02:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-09 19:46 - 2016-08-03 02:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-09 19:46 - 2016-08-03 02:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-09 19:46 - 2016-08-03 02:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-09 19:46 - 2016-08-03 02:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-09 19:46 - 2016-08-03 02:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-09 19:46 - 2016-08-03 02:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-09 19:46 - 2016-08-02 22:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-09 19:46 - 2016-08-02 22:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-09 19:46 - 2016-08-02 22:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-09 19:46 - 2016-08-02 22:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-09 19:46 - 2016-08-02 22:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-09 19:46 - 2016-08-02 22:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-09 19:46 - 2016-08-02 22:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-09 19:46 - 2016-08-02 22:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-09 19:46 - 2016-08-02 22:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-09 19:46 - 2016-08-02 22:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-09 19:46 - 2016-08-02 21:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-09 19:46 - 2016-08-02 21:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-09 19:46 - 2016-08-02 21:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-09 19:46 - 2016-08-02 21:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-09 19:46 - 2016-08-02 21:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-09 19:46 - 2016-08-02 21:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-09 19:46 - 2016-08-02 21:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-09 19:46 - 2016-08-02 21:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-09 19:46 - 2016-08-02 21:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-09 19:46 - 2016-08-02 21:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-09 19:46 - 2016-08-02 21:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-09 19:46 - 2016-08-02 21:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-09 19:46 - 2016-08-02 21:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-09 19:46 - 2016-08-02 21:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-09 19:46 - 2016-08-02 21:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-09 19:46 - 2016-08-02 21:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-09 19:46 - 2016-08-02 21:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-09 19:46 - 2016-08-02 21:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-09 19:46 - 2016-08-02 21:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-09 19:46 - 2016-08-02 21:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-09 19:46 - 2016-08-02 21:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-09 19:46 - 2016-08-02 21:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-09 19:46 - 2016-08-02 21:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-09 19:46 - 2016-08-02 21:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-09 19:46 - 2016-08-02 21:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-09 19:46 - 2016-08-02 21:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-09 19:46 - 2016-08-02 21:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-09 19:46 - 2016-08-02 21:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-09 19:45 - 2016-08-03 03:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-09 19:45 - 2016-08-03 03:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-09 19:45 - 2016-08-03 03:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-09 19:45 - 2016-08-03 03:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-09 19:45 - 2016-08-03 02:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-09 19:45 - 2016-08-03 02:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-09 19:45 - 2016-08-03 02:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-09 19:45 - 2016-08-03 02:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-09 19:45 - 2016-08-03 02:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-09 19:45 - 2016-08-03 02:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-09 19:45 - 2016-08-03 02:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-09 19:45 - 2016-08-03 02:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-09 19:45 - 2016-08-03 02:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-09 19:45 - 2016-08-03 02:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-09 19:45 - 2016-08-03 02:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-09 19:45 - 2016-08-03 02:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-09 19:45 - 2016-08-03 02:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-09 19:45 - 2016-08-03 02:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-09 19:45 - 2016-08-03 02:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-09 19:45 - 2016-08-03 02:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-09 19:45 - 2016-08-03 02:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-09 19:45 - 2016-08-02 21:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-09 19:45 - 2016-08-02 21:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-09 19:45 - 2016-08-02 21:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-09 19:45 - 2016-08-02 21:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-09 19:45 - 2016-08-02 21:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-05 10:44 - 2016-08-05 10:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-07-28 20:28 - 2016-07-28 20:28 - 00018381 _____ C:\Users\Eva\Downloads\GDP by Industry.xlsx
2016-07-24 23:49 - 2016-07-25 06:36 - 00000000 ____D C:\Users\Eva\Downloads\Flashgot
2016-07-24 23:12 - 2016-08-15 00:12 - 00000153 _____ C:\Users\Eva\AppData\Roaming\WB.CFG
2016-07-24 22:12 - 2016-08-15 00:12 - 00000284 _____ C:\WINDOWS\Tasks\{74A9F5F3-7B8F-F503-BA05-2BAACE3A64FF}.job
2016-07-24 22:12 - 2016-07-24 22:12 - 00002824 _____ C:\WINDOWS\System32\Tasks\{74A9F5F3-7B8F-F503-BA05-2BAACE3A64FF}
2016-07-24 22:11 - 2016-08-15 00:12 - 00000344 __RSH C:\ProgramData\ntuser.pol
2016-07-24 22:11 - 2016-08-15 00:11 - 00000992 _____ C:\WINDOWS\Tasks\Yahoo! Powered titil.job
2016-07-24 22:11 - 2016-08-15 00:11 - 00000000 ____D C:\ProgramData\{15FCD09F-9FBE-5A59-1978-C41B833A4FD5}
2016-07-24 22:11 - 2016-08-10 19:11 - 00000000 ____D C:\Users\Eva\AppData\Roaming\{7CE34A58-59B1-272E-3287-00FCEE55FDC2}
2016-07-24 22:11 - 2016-07-24 22:12 - 00000000 ____D C:\Users\Eva\Documents\Freemake
2016-07-24 22:11 - 2016-07-24 22:11 - 00004066 _____ C:\WINDOWS\System32\Tasks\Yahoo! Powered titil
2016-07-24 22:11 - 2016-07-24 22:11 - 00002539 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HowToRemove.html.lnk
2016-07-24 22:11 - 2016-07-24 22:11 - 00001393 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
2016-07-24 22:11 - 2016-07-24 22:11 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2016-07-24 22:11 - 2016-07-24 22:11 - 00000000 ____D C:\Users\Eva\AppData\Local\Setup900792828
2016-07-24 22:11 - 2016-07-24 22:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
2016-07-24 22:11 - 2016-07-24 22:11 - 00000000 ____D C:\ProgramData\Freemake
2016-07-24 22:10 - 2016-07-24 22:12 - 00000000 ____D C:\Users\Eva\AppData\Local\ceri
2016-07-24 22:10 - 2016-07-24 22:12 - 00000000 ____D C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}
2016-07-24 22:10 - 2016-07-24 22:11 - 00000000 ____D C:\Program Files (x86)\Freemake
2016-07-24 22:08 - 2016-07-24 22:08 - 01866512 _____ (Ellora Assets Corporation ) C:\Users\Eva\Downloads\FreemakeVideoConverterSetup.exe
2016-07-24 21:39 - 2016-07-24 21:49 - 00000000 ____D C:\Users\Eva\AppData\Local\CrashDumps
2016-07-24 21:39 - 2016-07-24 21:40 - 00000000 ____D C:\Users\Eva\AppData\Roaming\NVIDIA
2016-07-24 21:36 - 2016-07-24 21:36 - 00001988 _____ C:\Users\Eva\Desktop\Resolve.lnk
2016-07-24 21:36 - 2016-07-24 21:36 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Blackmagic Design
2016-07-24 21:36 - 2016-07-24 21:36 - 00000000 ____D C:\ProgramData\Blackmagic Design
2016-07-24 21:36 - 2016-07-24 21:36 - 00000000 ____D C:\Program Files\Blackmagic Design
2016-07-24 21:35 - 2016-07-24 21:35 - 00000020 ___SH C:\Users\postgres\ntuser.ini
2016-07-24 21:35 - 2016-07-24 21:35 - 00000000 _SHDL C:\Users\postgres\My Documents
2016-07-24 21:35 - 2016-07-24 21:35 - 00000000 _SHDL C:\Users\postgres\Documents\My Videos
2016-07-24 21:35 - 2016-07-24 21:35 - 00000000 _SHDL C:\Users\postgres\Documents\My Pictures
2016-07-24 21:35 - 2016-07-24 21:35 - 00000000 _SHDL C:\Users\postgres\Documents\My Music
2016-07-24 21:35 - 2016-04-20 04:13 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Media Center Programs
2016-07-24 21:35 - 2016-04-20 04:13 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Macromedia
2016-07-24 21:35 - 2016-04-20 04:13 - 00000000 ____D C:\Users\postgres\AppData\Local\Trusteer
2016-07-24 21:35 - 2016-04-20 04:13 - 00000000 ____D C:\Users\postgres\AppData\Local\Microsoft Help
2016-07-24 21:35 - 2014-09-20 12:21 - 00002100 _____ C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2016-07-24 21:33 - 2016-08-14 02:12 - 00000000 ____D C:\Users\postgres
2016-07-24 21:33 - 2016-07-24 21:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 9.2
2016-07-24 21:31 - 2016-07-24 21:31 - 00000000 ____D C:\Program Files\PostgreSQL
2016-07-24 21:29 - 2016-06-07 21:06 - 458277816 ____N (Blackmagic Design) C:\Users\Eva\Downloads\DaVinci_Resolve_12.5_Windows.exe
2016-07-24 20:21 - 2016-07-24 20:29 - 00000000 ____D C:\Users\Eva\AppData\Local\Mozilla
2016-07-24 20:21 - 2016-07-24 20:22 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Mozilla
2016-07-24 20:21 - 2016-07-24 20:21 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-07-24 20:21 - 2016-07-24 20:21 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-07-24 20:21 - 2016-07-24 20:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-07-24 20:21 - 2016-07-24 20:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-07-24 20:19 - 2016-07-24 20:20 - 00242120 _____ C:\Users\Eva\Downloads\Firefox Setup Stub 47.0.1.exe
2016-07-24 20:18 - 2016-07-24 20:22 - 457623546 _____ C:\Users\Eva\Downloads\DaVinci_Resolve_12.5_Windows.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-15 18:46 - 2014-09-13 10:47 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-08-15 18:34 - 2015-12-23 17:58 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4F1A4D66-7CAA-47C5-89FE-139D441F5158}
2016-08-15 18:32 - 2014-10-06 09:09 - 00000000 ___RD C:\Users\Eva\Dropbox
2016-08-15 18:31 - 2015-09-25 14:45 - 00000000 ____D C:\Users\Eva\AppData\Roaming\Spotify
2016-08-15 18:30 - 2015-09-25 14:46 - 00000000 ____D C:\Users\Eva\AppData\Local\Spotify
2016-08-15 18:30 - 2015-09-24 16:22 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-08-15 18:30 - 2014-09-20 12:21 - 00000000 ___RD C:\Users\Eva\OneDrive
2016-08-15 18:30 - 2014-09-13 10:47 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-14 23:34 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-14 23:27 - 2015-09-24 16:22 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-08-14 03:08 - 2016-04-20 04:06 - 00000000 ____D C:\Users\Eva
2016-08-14 02:21 - 2013-09-25 16:23 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-08-14 02:18 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-14 02:12 - 2016-04-20 04:03 - 00000000 ____D C:\ProgramData\NVIDIA
2016-08-14 02:12 - 2016-02-13 06:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-10 13:15 - 2016-02-13 06:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-10 11:50 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-10 11:25 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-10 11:01 - 2013-09-20 12:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trusteer Endpoint Protection
2016-08-10 11:00 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-10 02:19 - 2015-10-29 23:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-08-10 02:18 - 2016-02-13 06:04 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-10 02:18 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-10 02:18 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-09 20:58 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-09 20:58 - 2013-09-18 15:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-09 20:51 - 2013-09-18 15:31 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-09 19:32 - 2015-10-30 00:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-09 19:29 - 2013-09-19 14:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-08-08 17:48 - 2015-08-06 21:51 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-08 17:48 - 2014-09-13 10:47 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-05 10:44 - 2015-09-24 16:22 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-08-04 15:02 - 2014-04-25 12:32 - 00000000 ____D C:\Users\Eva\AppData\Local\Adobe
2016-07-28 19:41 - 2014-09-13 10:47 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-07-28 19:41 - 2014-09-13 10:47 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-07-27 12:25 - 2010-11-20 20:27 - 00504488 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-07-24 22:10 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-07-24 22:10 - 2009-07-13 20:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-07-24 21:39 - 2015-07-28 13:00 - 00000000 ____D C:\Users\Eva\Documents\Henry
 
==================== Files in the root of some directories =======
 
2016-08-15 00:12 - 2016-08-15 00:12 - 2415123 _____ () C:\Users\Eva\AppData\Roaming\sb953.dat
2016-07-24 23:12 - 2016-08-15 00:12 - 0000153 _____ () C:\Users\Eva\AppData\Roaming\WB.CFG
2016-04-20 04:02 - 2016-04-20 04:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Files to move or delete:
====================
C:\Windows\Tasks\{74A9F5F3-7B8F-F503-BA05-2BAACE3A64FF}.job
 
 
Some files in TEMP:
====================
C:\Users\Eva\AppData\Local\Temp\FreemakeVideoConverterFull.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-13 10:29
 
==================== End of FRST.txt ============================
 
*** Addition.txt ***
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by Eva (15-08-2016 19:01:40)
Running from C:\Users\Eva\Desktop
Windows 10 Pro Version 1511 (X64) (2016-04-20 11:31:29)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-460736838-1080885726-4207931419-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-460736838-1080885726-4207931419-503 - Limited - Disabled)
Eva (S-1-5-21-460736838-1080885726-4207931419-1002 - Administrator - Enabled) => C:\Users\Eva
Guest (S-1-5-21-460736838-1080885726-4207931419-501 - Limited - Disabled)
HENRY (S-1-5-21-460736838-1080885726-4207931419-1000 - Administrator - Enabled) => C:\Users\HENRY
HomeGroupUser$ (S-1-5-21-460736838-1080885726-4207931419-1004 - Limited - Enabled)
postgres (S-1-5-21-460736838-1080885726-4207931419-1005 - Limited - Enabled) => C:\Users\postgres
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat X Standard - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-BA7E-000000000005}) (Version: 10.1.16 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.2.0.2070 - Adobe Systems Incorporated)
Adobe Community Help (HKLM-x32\...\chc.4875E02D9FB21EE389F73B8D1702B320485DF8CE.1) (Version: 3.5.23 - Adobe Systems Incorporated.)
Adobe Photoshop Elements 9 (HKLM-x32\...\Adobe Photoshop Elements 9) (Version: 9.0.3.0 - Adobe Systems Incorporated)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.4.167.0 - Microsoft Corporation)
BingProvidedSearch (HKLM-x32\...\BingProvidedSearch) (Version:  - )
Brother MFL-Pro Suite MFC-7840W (HKLM-x32\...\{46E1B1F2-A279-4356-9B17-029F9CC72EAE}) (Version: 1.0.1.0 - Brother Industries, Ltd.)
Canon MP280 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP280_series) (Version:  - Canon Inc.)
DaVinci Resolve (HKLM\...\{5BE8D9B2-D7B5-4059-B9F3-BA984FD2E552}) (Version: 12.5.0052 - Blackmagic Design)
Dropbox (HKLM-x32\...\Dropbox) (Version: 7.4.30 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.37 - Dropbox, Inc.) Hidden
Elements 9 Organizer (x32 Version: 9.0 - Adobe Systems Incorporated) Hidden
Elements STI Installer (x32 Version: 1.0 - Adobe Systems Incorporated) Hidden
ESRI ArcPad 7.1 (HKLM-x32\...\ESRI ArcPad 7.1) (Version:  - )
Etron USB3.0 Host Controller (HKLM-x32\...\InstallShield_{DFBB738C-71D8-4DC5-B8D2-D65C37680E27}) (Version: 0.98 - Etron Technology)
Etron USB3.0 Host Controller (x32 Version: 0.98 - Etron Technology) Hidden
Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP LaserJet Professional P1100-P1560-P1600 Series (HKLM\...\HP LaserJet Professional P1100-P1560-P1600 Series) (Version:  - )
iCloud (HKLM\...\{81E20D41-C277-4526-934D-F2380AF91B78}) (Version: 3.1.0.40 - Apple Inc.)
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.42 - Irfan Skiljan)
Loggers Edge (HKLM-x32\...\{0CCF7918-8217-45F3-9E45-8EB231178045}) (Version: 4.9.2 - Caribou Software)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7070.2033 - Microsoft Corporation)
Microsoft Office Home and Business 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729 (HKLM\...\{14297226-E0A0-3781-8911-E9D529552663}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
MySQL Connector/ODBC 3.51 (HKLM-x32\...\{6A85286D-BA0F-4318-8C30-AD74A33AAD36}) (Version: 3.51.28 - Oracle Corporation)
MySQL Connector/ODBC 5.2(a) (HKLM-x32\...\{6BAA9A62-1520-4063-A5B4-FFB3D6EC62BB}) (Version: 5.2.4 - Oracle Corporation)
NVIDIA 3D Vision Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 353.62 - NVIDIA Corporation)
NVIDIA Graphics Driver 353.62 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 353.62 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.34.3 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.3 - NVIDIA Corporation)
NVIDIA Update 10.4.0 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Update) (Version: 10.4.0 - NVIDIA Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7030.1021 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7030.1021 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7030.1021 - Microsoft Corporation) Hidden
PostgreSQL 9.2  (HKLM\...\PostgreSQL 9.2) (Version: 9.2 - PostgreSQL Global Development Group)
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Rapport (x32 Version: 3.5.1609.76 - Trusteer) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Sage 50 Accounting (x32 Version: 22.30.1001 - Sage Software) Hidden
Sage 50 Accounting (x32 Version: 23.10.1001 - Sage Software) Hidden
Sage 50 Accounting Version 2015 (HKLM-x32\...\InstallShield_{1585982E-766D-476A-BF0D-5FE4A1C1BE9F}) (Version: 22.30.1001 - Sage Software)
Sage 50 Accounting Version 2016 (HKLM-x32\...\InstallShield_{3F4F1778-F87C-4B08-BCE6-1BF3E42F26BD}) (Version: 23.10.1001 - Sage Software)
Sage 50 EFT Direct 2013 (HKLM-x32\...\{24264F52-AC06-4097-92BB-963B88132F32}) (Version: 2013 - Sage Software)
Seagate Dashboard (HKLM-x32\...\{67445E65-3D93-428F-83A5-446F7D02689A}) (Version: 3.1.3.0 - Seagate)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-460736838-1080885726-4207931419-1002\...\Spotify) (Version: 1.0.34.146.g28f9eda2 - Spotify AB)
TP-LINK TL-WN821N©_TL-WN822N_TL-WN823N Driver (HKLM-x32\...\{852E893E-E4FD-45BB-8B17-72ADDF686974}) (Version: 1.3.1 - TP-LINK)
Trusteer Endpoint Protection (HKLM-x32\...\Rapport_msi) (Version: 3.5.1609.76 - Trusteer)
Unity Web Player (HKU\S-1-5-21-460736838-1080885726-4207931419-1002\...\UnityWebPlayer) (Version: 4.6.0f3 - Unity Technologies ApS)
VSee (HKU\S-1-5-21-460736838-1080885726-4207931419-1002\...\VSee) (Version: 3.1.3.22680 - VSee Lab Inc)
Winamp (HKLM-x32\...\Winamp) (Version: 5.666  - Nullsoft, Inc)
Yahoo! Powered (HKLM-x32\...\winsearch) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-460736838-1080885726-4207931419-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Eva\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {04601ED0-20CA-46E9-A6F5-8A0B598B6B15} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {051B0BE3-CB42-4A2A-A121-95E2326E6905} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {05344639-00AA-460E-AC60-5ED54116871F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0D371FB2-D67C-41BE-89BC-015B57EB9010} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {10AA1049-988E-4825-B152-9F74EE2B7D6D} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {20F0A9DC-6EDE-4E74-996C-456964B1381C} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {24859493-3000-4E41-8DA7-F7BB693E2288} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {2BB38784-BED5-4157-A3C4-767D0D2893B3} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {2E58BA30-1440-4FB3-B51B-BE912C1D1467} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {33701670-AFE4-4927-96CC-760C515FFCF7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {34BC0C3F-8224-4FB8-AA62-E802401D5A2A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3992FC68-7E93-461C-8B83-C84C87F2956F} - System32\Tasks\HENRY Merge => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {3D6F0567-D1E4-42AB-ABD6-FB0889D5AF97} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {44E39C71-15B1-4A3B-B280-64848596AF09} - System32\Tasks\AdobeAAMUpdater-1.0-HENRY-PC-Eva => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-16] (Adobe Systems Incorporated)
Task: {45EC807C-9A04-46CE-A3AD-9C525C97612D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4833966E-E8F3-4947-8892-02607BFD9ADE} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {4875EA4F-95CC-4B3F-9664-E5DBA9CC8B14} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {6DEB75E7-C346-4960-A244-A3591C9C7179} - System32\Tasks\HENRY => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\NBCore.exe [2014-04-30] (Seagate Technology LLC)
Task: {78F538BC-513F-474B-B54E-4C410876A879} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {7933B59A-D8C4-4D18-9A72-446FD6584436} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7E3242EB-0899-48D8-84B4-5530029FB4C8} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {811511DF-067D-4F8C-9255-394A04463141} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {880A5C37-0AF3-44DB-95AD-986262BE99B9} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {8DF532FF-8AD8-4F44-9322-53B7D65F4B53} - System32\Tasks\{ED078EDC-2AD6-4EC3-A2B9-47F1CAE94EFB} => pcalua.exe -a C:\Users\HENRY\Downloads\AdobeAcrobatPro.exe -d C:\Users\HENRY\Downloads
Task: {8EE95191-38DD-4100-84C8-6988A5C800E8} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-24] (Dropbox, Inc.)
Task: {8F6AF491-EC19-4C55-BDAE-B4038E2FF290} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {8FCCD9C5-DC60-4A2B-B5A1-7ADC61B839EE} - System32\Tasks\HENRY DBAgent 2 0 => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\DBAgent.exe [2014-04-30] (Seagate Technology LLC)
Task: {91D524EE-9077-4761-975C-F775CF520527} - System32\Tasks\Yahoo! Powered titil => Wscript.exe "C:\ProgramData\{15FCD09F-9FBE-5A59-1978-C41B833A4FD5}\fida.txt" "687474703a2f2f7761676e672e636f6d" "433a5c50726f6772616d446174615c7b31354643443039462d394642452d354135392d313937382d4334314238333341344644357d5c736f73696e65" "433a5c50726f6772616d446174615c7b31354643443039462d394642452d354135392d313937 (the data entry has 78 more characters).
Task: {9202DF34-0627-413B-91A9-C8B832C0614D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-01] (Google Inc.)
Task: {9BF53C32-EF99-483A-A86F-6D6339449C5C} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-24] (Dropbox, Inc.)
Task: {9FE0C662-EC4D-4337-956E-D2D8D9D9611C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A0657C43-F94A-4BC2-955A-117A5C794F88} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-14] (Adobe Systems Incorporated)
Task: {A13B28F8-3B42-4ACF-A5F0-50CDEAE3DDD7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {A1580564-1F07-4BCD-8857-4ADD74F740CA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-08-09] (Microsoft Corporation)
Task: {A552F717-28D5-417E-803B-5A6A665962E5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {AAE89895-09FC-4157-ADCC-A56DEE0208FA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AB1D7B70-EC74-4857-B665-1E96CE3CAB3C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {BACAC453-F3E5-4E12-9A10-D06859A77284} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BD6587E1-6C00-43CF-AE26-2C566840B25A} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C3F7F06D-122C-4432-9860-456307EE1654} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {C6C90145-78CC-44F2-A9F0-5B2405EA6529} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {CCC9982E-CFB8-40D5-8652-28ACB06F659F} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {CDB926C5-89CC-4FDD-990D-001F724C8241} - System32\Tasks\Seagate_Install_Launch => C:\Program Files (x86)\Seagate\Seagate Dashboard 2.0\Dashboard.exe [2014-04-30] (Seagate Technology LLC)
Task: {CDFCFD3D-9A5A-40EC-BCB3-74D0035B9C3A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {D173AE98-7ED6-4FC9-8A51-EE21880991E4} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {E0661C59-570F-4F42-B9BF-BE95EFD26296} - System32\Tasks\AdobeAAMUpdater-1.0-HENRY-PC-HENRY => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2010-09-16] (Adobe Systems Incorporated)
Task: {E067DAAE-FF42-4144-8DB4-EA0E97BD33DF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {E1FFC7BC-FEE4-4630-B3ED-E12383FEFC42} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E21A630B-EBCB-4157-A305-E5D9AB6F2DAE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {E5E5E067-7DD3-426C-9243-A5E2DC18833B} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-25] (Microsoft Corporation)
Task: {E7FEA7B0-9BAA-4A9A-BEC6-8DB544702878} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-09] (Microsoft Corporation)
Task: {EE1F73FD-079D-4350-94A2-6763D198CC52} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F08BAD19-97FC-44D2-A491-3F0777A4F409} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-07-25] (Microsoft Corporation)
Task: {F35C4863-004D-46C0-BD5D-B4BA662B55CE} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {F46DD5EE-16DD-4DC6-B9EA-2F897CACCE78} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F7C30E5B-FC85-44DC-B899-A40E92F8F681} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {FB1668FE-C138-4853-A1C9-45DD0317ED57} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FBDC4AFF-2550-44D8-A1C8-00B01CDE71A4} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {FFD2F104-E0AD-4E36-92E9-DF54E65B9961} - System32\Tasks\{74A9F5F3-7B8F-F503-BA05-2BAACE3A64FF} => C:\Users\Eva\AppData\Roaming\{7CE34~1\SyncTask.exe [2013-04-25] () <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\Yahoo! Powered titil.job => Wscript.exe  C:\ProgramData\{15FCD09F-9FBE-5A59-1978-C41B833A4FD5}\fida.txt <==== ATTENTION
Task: C:\WINDOWS\Tasks\{74A9F5F3-7B8F-F503-BA05-2BAACE3A64FF}.job => C:\Users\Eva\AppData\Roaming\{7CE34~1\SyncTask.exe <==== ATTENTION
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-01-18 18:22 - 2012-08-31 16:03 - 00288768 _____ () C:\WINDOWS\System32\HP1100LM.DLL
2015-01-18 18:23 - 2012-08-31 16:02 - 00074240 _____ () C:\WINDOWS\system32\spool\PRTPROCS\x64\HP1100PP.DLL
2015-01-18 18:23 - 2012-08-31 16:03 - 03034112 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\hp1100su.dll
2015-01-18 18:23 - 2012-08-31 16:02 - 01038336 _____ () C:\WINDOWS\system32\spool\DRIVERS\x64\3\HP1100GC.dll
2013-09-19 14:15 - 2005-04-22 12:36 - 00143360 _____ () C:\WINDOWS\system32\BrSNMP64.dll
2016-07-24 21:31 - 2013-04-01 20:41 - 00176128 _____ () C:\Program Files\PostgreSQL\9.2\bin\LIBPQ.dll
2016-07-24 21:33 - 2012-08-14 06:31 - 01328128 _____ () C:\Program Files\PostgreSQL\9.2\bin\libxml2.dll
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-20 04:03 - 2015-08-06 17:24 - 00116344 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2016-07-13 12:13 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 12:13 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-13 11:06 - 2016-07-13 11:06 - 00959168 _____ () C:\Users\Eva\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-02-13 05:54 - 2016-02-13 05:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 12:15 - 2016-06-30 20:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-24 22:11 - 2016-07-19 16:14 - 00075776 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
2016-07-13 12:13 - 2016-06-30 20:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 12:13 - 2016-06-30 20:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 12:13 - 2016-06-30 20:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 12:13 - 2016-06-30 20:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-02 15:51 - 2015-06-02 15:51 - 00545792 _____ () C:\Program Files (x86)\Trusteer\Rapport\bin\js32.dll
2016-07-13 11:05 - 2016-07-13 11:05 - 00679624 _____ () C:\Users\Eva\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2013-09-19 14:15 - 2009-02-27 15:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-12-11 12:47 - 2016-06-29 19:25 - 00035792 _____ () C:\Program Files (x86)\Dropbox\Client\_multiprocessing.pyd
2016-08-05 10:43 - 2016-06-29 19:25 - 00145864 _____ () C:\Program Files (x86)\Dropbox\Client\pyexpat.pyd
2016-08-05 10:43 - 2016-06-29 19:26 - 00019408 _____ () C:\Program Files (x86)\Dropbox\Client\faulthandler.pyd
2016-08-05 10:43 - 2016-06-29 19:25 - 00116688 _____ () C:\Program Files (x86)\Dropbox\Client\pywintypes27.dll
2015-12-11 12:47 - 2016-06-29 19:25 - 00100296 _____ () C:\Program Files (x86)\Dropbox\Client\_ctypes.pyd
2015-12-11 12:47 - 2016-06-29 19:25 - 00018888 _____ () C:\Program Files (x86)\Dropbox\Client\select.pyd
2015-12-11 12:47 - 2016-08-01 14:27 - 00019760 _____ () C:\Program Files (x86)\Dropbox\Client\tornado.speedups.pyd
2015-12-11 12:47 - 2016-06-29 19:25 - 00694224 _____ () C:\Program Files (x86)\Dropbox\Client\unicodedata.pyd
2016-08-05 10:43 - 2016-08-01 14:26 - 00020816 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._constant_time.pyd
2015-12-11 12:47 - 2016-06-29 19:26 - 00123856 _____ () C:\Program Files (x86)\Dropbox\Client\_cffi_backend.pyd
2016-08-05 10:43 - 2016-08-01 14:26 - 01682760 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._openssl.pyd
2016-08-05 10:43 - 2016-08-01 14:26 - 00020808 _____ () C:\Program Files (x86)\Dropbox\Client\cryptography.hazmat.bindings._padding.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00021312 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.crt.compiled._winffi_crt.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00052024 _____ () C:\Program Files (x86)\Dropbox\Client\psutil._psutil_windows.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00038696 _____ () C:\Program Files (x86)\Dropbox\Client\fastpath.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00105928 _____ () C:\Program Files (x86)\Dropbox\Client\win32api.pyd
2016-08-05 10:43 - 2016-06-29 19:25 - 00392144 _____ () C:\Program Files (x86)\Dropbox\Client\pythoncom27.dll
2016-08-05 10:43 - 2016-06-29 19:27 - 00020936 _____ () C:\Program Files (x86)\Dropbox\Client\mmapfile.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00024528 _____ () C:\Program Files (x86)\Dropbox\Client\win32event.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00114640 _____ () C:\Program Files (x86)\Dropbox\Client\win32security.pyd
2015-12-11 12:47 - 2016-08-01 14:27 - 00381752 _____ () C:\Program Files (x86)\Dropbox\Client\win32com.shell.shell.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00124880 _____ () C:\Program Files (x86)\Dropbox\Client\win32file.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00025424 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.kernel32.compiled._winffi_kernel32.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32clipboard.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00175560 _____ () C:\Program Files (x86)\Dropbox\Client\win32gui.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00030160 _____ () C:\Program Files (x86)\Dropbox\Client\win32pipe.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00043472 _____ () C:\Program Files (x86)\Dropbox\Client\win32process.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00048592 _____ () C:\Program Files (x86)\Dropbox\Client\win32service.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00026456 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox.infinite.win.compiled._driverinstallation.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00057808 _____ () C:\Program Files (x86)\Dropbox\Client\win32evtlog.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00024016 _____ () C:\Program Files (x86)\Dropbox\Client\win32profile.pyd
2016-08-05 10:43 - 2016-08-01 14:26 - 00246592 _____ () C:\Program Files (x86)\Dropbox\Client\breakpad.client.windows.handler.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00028616 _____ () C:\Program Files (x86)\Dropbox\Client\win32ts.pyd
2016-02-17 19:00 - 2016-08-01 14:27 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.iphlpapi._winffi_iphlpapi.pyd
2016-02-17 19:00 - 2016-08-01 14:27 - 00019776 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winerror._winffi_winerror.pyd
2016-02-17 19:00 - 2016-08-01 14:27 - 00020800 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.wininet._winffi_wininet.pyd
2015-12-11 12:47 - 2016-06-29 19:25 - 00144848 _____ () C:\Program Files (x86)\Dropbox\Client\_elementtree.pyd
2016-08-05 10:44 - 2016-06-29 19:26 - 00241104 _____ () C:\Program Files (x86)\Dropbox\Client\_jpegtran.pyd
2016-08-05 10:43 - 2016-08-01 14:26 - 00020280 _____ () C:\Program Files (x86)\Dropbox\Client\cpuid.compiled._cpuid.pyd
2015-12-11 12:47 - 2016-08-01 14:27 - 00023376 _____ () C:\Program Files (x86)\Dropbox\Client\winscreenshot.compiled._CaptureScreenshot.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00350152 _____ () C:\Program Files (x86)\Dropbox\Client\winxpgui.pyd
2016-02-17 19:00 - 2016-08-01 14:27 - 00022352 _____ () C:\Program Files (x86)\Dropbox\Client\winverifysignature.compiled._VerifySignature.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00024392 _____ () C:\Program Files (x86)\Dropbox\Client\librsyncffi.compiled._librsyncffi.pyd
2016-08-05 10:43 - 2016-06-29 19:28 - 00036296 _____ () C:\Program Files (x86)\Dropbox\Client\librsync.dll
2016-08-05 10:43 - 2016-08-01 14:27 - 00031568 _____ () C:\Program Files (x86)\Dropbox\Client\enterprise_data.compiled._enterprise_data.pyd
2016-08-05 10:43 - 2016-08-01 14:17 - 00293392 _____ () C:\Program Files (x86)\Dropbox\Client\EnterpriseDataAdapter.dll
2016-08-05 10:43 - 2016-08-01 14:27 - 00084280 _____ () C:\Program Files (x86)\Dropbox\Client\dropbox_sqlite_ext.DLL
2016-08-05 10:43 - 2016-08-01 14:27 - 01826096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtCore.pyd
2015-12-11 12:47 - 2016-06-29 19:26 - 00083912 _____ () C:\Program Files (x86)\Dropbox\Client\sip.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 03929392 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWidgets.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 01972016 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtGui.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00531248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtNetwork.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00132912 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKit.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00224056 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebKitWidgets.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00207672 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtPrintSupport.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00020288 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.user32._winffi_user32.pyd
2015-12-11 12:47 - 2016-06-29 19:27 - 00060880 _____ () C:\Program Files (x86)\Dropbox\Client\win32print.pyd
2016-04-14 12:14 - 2016-08-01 14:27 - 00037192 _____ () C:\Program Files (x86)\Dropbox\Client\windisplaytoast.compiled._DisplayToast.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00024904 _____ () C:\Program Files (x86)\Dropbox\Client\winffi.winhttp.compiled._winffi_winhttp.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00546096 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQuick.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00357680 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtQml.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00168248 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebEngineWidgets.pyd
2016-08-05 10:43 - 2016-08-01 14:27 - 00042808 _____ () C:\Program Files (x86)\Dropbox\Client\PyQt5.QtWebChannel.pyd
2016-08-08 17:47 - 2016-08-02 17:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 17:47 - 2016-08-02 17:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll
2016-07-20 12:44 - 2016-08-09 19:25 - 03544768 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\gfx.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-460736838-1080885726-4207931419-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Eva\AppData\Local\Microsoft\BingDesktop\themes\2016-08-15.jpg
DNS Servers: 192.168.1.254 - 75.153.171.122
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "APSDaemon"
HKLM\...\StartupApproved\Run32: => "ControlCenter3"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [UDP Query User{5D814BAC-D53D-4FAF-8C4C-9D203CAD519D}C:\users\eva\appdata\roaming\vseeinstall\vsee.exe] => (Block) C:\users\eva\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [TCP Query User{9BF74457-85DB-41D2-9C67-B5DBA8330203}C:\users\eva\appdata\roaming\vseeinstall\vsee.exe] => (Block) C:\users\eva\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [UDP Query User{82CCEE7C-1B5D-4E37-990A-DDB7F3BF6710}C:\users\eva\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\eva\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [TCP Query User{F6568CD4-4F95-42EA-876C-9E63CC74A88C}C:\users\eva\appdata\roaming\vseeinstall\vsee.exe] => (Allow) C:\users\eva\appdata\roaming\vseeinstall\vsee.exe
FirewallRules: [{ACE00E50-DB54-4A74-BD7D-A7FB4E38A7E0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [UDP Query User{44ADFD9F-E3B4-4CC6-9EB5-719CA0EB7E7F}C:\users\eva\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eva\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{A4C77C42-8957-451D-83C6-03E469EB1E9F}C:\users\eva\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eva\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{358FD747-8D64-4067-AD59-69F542DBB8DB}C:\users\eva\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eva\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{63B5D9A2-9F91-411E-891F-7BBC8E48C87B}C:\users\eva\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\eva\appdata\roaming\spotify\spotify.exe
FirewallRules: [{A82793CE-85A5-425F-AA58-1E636E91C2CC}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe
FirewallRules: [{5490EC45-AFCB-4AD2-992B-8C4306553AA5}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.0.38\mysql\mysqld-nt.exe
FirewallRules: [{69CB3AB8-52CF-4334-9B42-636CA8072055}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe
FirewallRules: [{4C1C6C5C-A5E7-4A88-9C0C-75746AAACACE}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\SimplyConnectionManager.exe
FirewallRules: [{C5BD2138-06AC-41D5-A310-F4CD87781FDC}] => (Allow) LPort=54925
FirewallRules: [{1229D260-1B25-4E67-AC14-C97F17E6CFA2}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{CB13356B-6CF6-4E31-8ADD-99A65E962B2C}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.6.10\mysql\mysqld.exe
FirewallRules: [{5460EBD7-9EA3-42B1-8EB8-C171B8BC532E}] => (Allow) C:\Program Files (x86)\Winsim\ConnectionManager\MySqlBinary\5.6.10\mysql\mysqld.exe
FirewallRules: [{DB1243FF-20EB-46DF-9177-1EF64AE80E2E}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{C0A90C95-81E3-44D7-B9C2-D25E3260E332}] => (Allow) C:\Program Files (x86)\Winamp\winamp.exe
FirewallRules: [{02BA34D3-FF95-46F5-80C7-C721D8CDB317}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{3BB2C343-BDC0-4667-8704-D81D3E8E86DC}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [UDP Query User{139170B4-2FEB-4433-B882-6EA5D3F00A11}C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe] => (Allow) C:\program files (x86)\seagate\seagate dashboard 2.0\dashboard.exe
FirewallRules: [{400AA3C6-2737-4B6F-B024-A01EAD8D3F4C}] => (Allow) LPort=8888
FirewallRules: [TCP Query User{12F5A4CE-B802-425F-B8F6-D3980CE4573C}C:\program files (x86)\caribou software\loggers edge\harvboss_xshld4.exe] => (Allow) C:\program files (x86)\caribou software\loggers edge\harvboss_xshld4.exe
FirewallRules: [UDP Query User{956D900D-8EF7-48D1-959B-C45F761ED9DC}C:\program files (x86)\caribou software\loggers edge\harvboss_xshld4.exe] => (Allow) C:\program files (x86)\caribou software\loggers edge\harvboss_xshld4.exe
FirewallRules: [{A926DE7A-9088-4DEC-ABAE-A58C19F2367C}] => (Allow) C:\Users\Eva\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{AD0A225B-E5F8-4C13-B432-3EEA1353C29D}C:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [UDP Query User{08CFE05A-5876-4D82-B8A9-9DF8D8137033}C:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe] => (Block) C:\users\eva\appdata\roaming\dropbox\bin\dropbox.exe
FirewallRules: [{514F34FE-B756-43D5-8451-35EC6963235D}] => (Allow) C:\Users\Eva\AppData\Local\Temp\7zS1E06\ProductInst64.exe
FirewallRules: [{69DB8891-1957-4BE6-AF2A-3EDA02CB8C3D}] => (Allow) C:\Users\Eva\AppData\Local\Temp\7zS1E06\ProductInst64.exe
FirewallRules: [{A4A71837-C2B0-4569-A92B-F55D24AC615A}] => (Allow) LPort=9100
FirewallRules: [{99C8C28E-12FE-4866-AC82-8ABE5B7DA5B0}] => (Allow) LPort=427
FirewallRules: [{1563F330-3941-48D7-BF6A-BC0D15D63184}] => (Allow) LPort=161
FirewallRules: [{F3EDEA11-574C-40DA-A69C-B1F1BFB5025E}] => (Allow) LPort=427
FirewallRules: [{190581B1-8B49-451A-B459-9D2E26D8E358}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{01A0AF62-52B5-45EA-B762-DBAAC63C01D0}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FCE7CC62-C4C4-4DC6-9BA5-3EC58AB6F8A8}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\Resolve.exe
FirewallRules: [{3FA1AC9F-705E-45C5-BD69-1F6D95550264}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\bmdpaneld.exe
FirewallRules: [{4F5F9C0E-C0CA-4238-9E3E-8DC72F928F36}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\JLCooperPanelDaemon.exe
FirewallRules: [{59AE7BCF-BEEB-495B-9B32-7A3082F2A90F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\EuphonixPanelDaemon.exe
FirewallRules: [{BB6E4373-C297-4F36-AA98-E5B0A69BBDCD}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\TangentPanelDaemon.exe
FirewallRules: [{85E36D9A-85E8-48D2-BD70-AB6B44A1B95F}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\ElementsPanelDaemon.exe
FirewallRules: [{36EF34D0-8EF9-413C-B040-6066E2428FC4}] => (Allow) C:\Program Files\Blackmagic Design\DaVinci Resolve\DPDecoder.exe
FirewallRules: [{6DEBE460-DE1A-46AA-BB6E-7EE23FA99C68}] => (Allow) C:\ProgramData\Blackmagic Design\DaVinci Resolve\Support\QtDecoder\QTDecoder.exe
FirewallRules: [{3EE415E9-BE0D-4886-97BC-D0194AD72992}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{1F0264FD-517A-4EB5-AEF5-88AA95274CB0}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
24-07-2016 19:41:41 Scheduled Checkpoint
02-08-2016 01:00:42 Scheduled Checkpoint
09-08-2016 20:43:27 Windows Update
09-08-2016 20:44:51 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (08/15/2016 06:40:01 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program BingDesktop.exe version 1.4.167.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 2b98
 
Start Time: 01d1f75dd201d75e
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
 
Report Id: 5862522a-6352-11e6-9c2e-1c6f65c63558
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (08/14/2016 03:08:55 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HENRY-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/13/2016 04:34:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HENRY-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/13/2016 04:19:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HENRY-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/13/2016 04:04:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HENRY-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/13/2016 03:49:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HENRY-PC)
Description: Activation of app Microsoft.WindowsStore_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/13/2016 03:49:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HENRY-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/13/2016 03:23:49 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HENRY-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/12/2016 04:28:16 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: HENRY-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (08/09/2016 08:45:59 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (08/15/2016 12:13:42 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_80b089 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/14/2016 03:08:55 AM) (Source: DCOM) (EventID: 10010) (User: HENRY-PC)
Description: CortanaUI.AppXtpp90jhw9p0njjb85kvhxpppgrqfp117.mca
 
Error: (08/14/2016 03:08:53 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_53dde service to connect.
 
Error: (08/14/2016 03:08:43 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_53dde service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (08/14/2016 02:12:47 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Seagate Dashboard Services service to connect.
 
Error: (08/14/2016 02:12:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BingDesktopUpdate service to connect.
 
Error: (08/14/2016 02:12:17 AM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (08/14/2016 02:12:13 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\WINDOWS\system32\Rtlihvs.dll
Error Code: 126
 
Error: (08/14/2016 02:12:02 AM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:29:06 PM on ‎8/‎13/‎2016 was unexpected.
 
Error: (08/13/2016 04:40:02 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}
 
 
CodeIntegrity:
===================================
  Date: 2016-08-15 18:48:46.070
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-15 18:48:46.060
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-15 18:48:46.048
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-15 18:48:46.021
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-15 18:48:46.010
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-15 18:48:45.988
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-15 18:41:56.750
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-15 18:41:56.740
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-15 18:41:56.709
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2016-08-15 18:41:56.652
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 20%
Total physical RAM: 16367.11 MB
Available physical RAM: 12934.71 MB
Total Virtual: 32751.11 MB
Available Virtual: 29139.2 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:1396.73 GB) (Free:1165.08 GB) NTFS
Drive f: (WDBlack) (Fixed) (Total:931.51 GB) (Free:659.49 GB) NTFS
Drive g: (Program Files) (Fixed) (Total:232.88 GB) (Free:187.62 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 1397.3 GB) (Disk ID: A9E10684)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=1396.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 394A2742)
Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: 394A2743)
Partition 1: (Not Active) - (Size=232.9 GB) - (Type=42)
 
==================== End of Addition.txt ============================

 


  • 0

Advertisements


#2
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions! :)

Please run these 2 programs while I look over the other log reports you posted.

Next

Please download AdwCleaner by Xplode onto your Desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click the Scan button and wait for the process to complete.
  • Click the logfile button and the log will open in Notepad.
  • Click on the Clean button follow the prompts.
  • A log file will automatically open after the scan has finished and the PC has rebooted.
  • Please post the content of that log file with your next answer.
  • The report will be saved in the C:\AdwCleaner folder.

    Next

    thisisujrt.gif Please download Junkware Removal Tool to your Desktop.
    Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
    Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
    The tool will open and start scanning your system.
    Please be patient as this can take a while to complete, depending on your system's specifications.
    On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
    Please post the contents of JRT.txt into your reply.

    In your next reply post;
  • The AdwCleaner [C1].txt Log
  • The JRT.txt Log


  • 0

#3
FUState

FUState

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 214 posts

Thank you for the quick response.

I have done the above.

 

Note - AdwCleaner ended (Windows detected the program not responding left me with no option) so the first scan had 24 (I think) items. The second scan had 20 items (I am guessing that it removed 4 before "crashing"). Second run went well, it said not responding on the header a few times, but windows never forced a close and it continued.

 

Second Note - The JRT run permission did not load at first, it just dimmed the screens as though the permission was going to pop up, then hung for a few minutes before shutting down. Second run went well.

 

Below are the two logs you requested under "In your next response please post;"

 

*** Adw ***

 

# AdwCleaner v6.000 - Logfile created 15/08/2016 at 19:46:30
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-08-15.2 [Server]
# Operating System : Windows 10 Pro  (X64)
# Username : Eva - HENRY-PC
# Running from : C:\Users\Eva\Desktop\ADW\adwcleaner_6.000.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
[-] Key deleted: HKU\S-1-5-21-460736838-1080885726-4207931419-1002\Software\Microsoft\Internet Explorer\SearchScopes\{AAE01011-C803-40C8-B932-1F086BF9BBFD}
[-] Data restored: HKU\S-1-5-21-460736838-1080885726-4207931419-1002\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[#] Key deleted on reboot: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AAE01011-C803-40C8-B932-1F086BF9BBFD}
[-] Data restored: HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data restored: HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\azlyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\st.chatango.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\www.azlyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\azlyrics.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\st.chatango.com
[-] Key deleted: HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\www.azlyrics.com
[#] Value deleted on reboot: [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej []
[#] Value deleted on reboot: HKCU\Software\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej []
[#] Value deleted on reboot: HKLM\SOFTWARE\Google\Chrome\Extensions\pilplloabdedfmialnfchjomjmpjcoej []
 
 
***** [ Web browsers ] *****
 
[-] Chrome preferences cleaned: "browser.search.defaultenginename" -  "Yahoo! Powered"
[-] Chrome preferences cleaned: "browser.search.selectedEngine" -  "Yahoo! Powered"
[-] Chrome preferences cleaned: "browser.startup.homepage" -  "hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro"
[-] [ask.com] [Search Provider] Deleted: ask.com
[-] [C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pilplloabdedfmialnfchjomjmpjcoej
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [4005 Bytes] - [15/08/2016 19:46:30]
C:\AdwCleaner\AdwCleaner[S0].txt - [5158 Bytes] - [15/08/2016 19:39:14]
C:\AdwCleaner\AdwCleaner[S1].txt - [4515 Bytes] - [15/08/2016 19:44:41]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [4224 Bytes] ##########
 
*** JRT ***
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Pro x64 
Ran by Eva (Administrator) on 15/08/2016 at 20:18:08.60
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 5 
 
Successfully deleted: C:\WINDOWS\prefetch\FREEMAKEVIDEOCONVERTERFULL.TM-B0DFDB5C.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\FREEMAKEVIDEOCONVERTERSETUP.T-6224CF43.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\FREEMAKEVIDEOCONVERTERSETUP.T-7763C62B.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\FREEMAKEVIDEOCONVERTERSETUP.T-7CC3F09C.pf (File) 
Successfully deleted: C:\WINDOWS\prefetch\FREEMAKEVIDEOCONVERTERSETUP.T-89C078CE.pf (File) 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 15/08/2016 at 20:21:04.37
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

  • 0

#4
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,
FYI

Productupdater is a part of freemake video, a legit application,
HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [75776 2016-07-19] ()

Next

Download the enclosed => file.Attached File  fixlist.txt   8.21KB   39 downloads Save it in the location FRST64 is. (C:\Users\Eva\Desktop). Run FRST and click on the Fix button. Wait until finished.
The tool will make a log in the location FRST is, (C:\Users\Eva\Desktop). (Fixlog.txt). Please post it to your reply.

Next

Please run a Malwarebytes scan you may skip the download part if you already have Malwarebytes installed.
  • Please download Malwarebytes Anti-Malware to your desktop.
  • Double-click mbam-setup-version.exe and follow the prompts to install the program.
  • Launch Malwarebytes Anti-Malware
  • Then click Finish.
  • If an update is found, you will be prompted to download and install the latest version.
  • Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
  • When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
  • Reboot your computer if prompted.

    Posting the Malwarebytes log.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • post that saved log to your next reply.

    Post the Fixlist
    Post the Malwarebytes scan log report
    How is the computer what issues remain ?

    Thanks
    Joe :)



  • 0

#5
FUState

FUState

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 214 posts

Thanks Joe.

Honestly, the computer seems better already. Some of the lag seems gone; the network doesn't start with "network connected, no internet" anymore.

I think we may be good.

 

Here are the logs.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 15-08-2016 01
Ran by Eva (15-08-2016 20:42:33) Run:1
Running from C:\Users\Eva\Desktop
Loaded Profiles: Eva & postgres (Available Profiles: HENRY & Eva & postgres & DefaultAppPool)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-334e1111
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-334e1111
HKU\S-1-5-21-460736838-1080885726-4207931419-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-334e1111
HKU\S-1-5-21-460736838-1080885726-4207931419-1002\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ca.msn.com/
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-460736838-1080885726-4207931419-1002 -> DefaultScope {AAE01011-C803-40C8-B932-1F086BF9BBFD} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
SearchScopes: HKU\S-1-5-21-460736838-1080885726-4207931419-1002 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL = hxxps://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-460736838-1080885726-4207931419-1002 -> {AAE01011-C803-40C8-B932-1F086BF9BBFD} URL = hxxps://ca.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro&p={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-08-09] (Microsoft Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> No File
FF Homepage: hxxps://ca.search.yahoo.com/yhs/web?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_fremkfs_16_30&param1=1&param2=f%3D1%26b%3DFirefox%26cc%3Dca%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0EzzzyyE0FyCtByD0D0FtB0EtBtBtCyEtN0D0Tzu0StCyCyCyBtN1L2XzutAtFtBtAtFtCtFtAtN1L1Czu1TtN1L1G1B1V1N2Y1L1Qzu2StCyCyCtDtA0F0CtBtGyDzytB0BtGyB0CyEzztGyD0EtB0CtG0C0Czz0FyDzz0D0EzztD0DtB2QtN1M1F1B2Z1V1N2Y1L1Qzu2SzytBtDtCyDyDyDyCtG0E0BzytAtGyE0DyEyCtG0ByB0FtAtGtAyDzztCtDyByDtD0AyC0DtB2QtN0A0LzuyE%26cr%3D419674973%26a%3Dwbf_fremkfs_16_30%26os_ver%3D10.0%26os%3DWindows%2B10%2BPro
CHR DefaultSearchURL: Default -> hxxp://srch.bar/{searchTerms}
CHR DefaultSuggestURL: Default -> hxxp://srch.bar/?s={searchTerms}
U3 idsvc; no ImagePath
C:\Windows\Tasks\{74A9F5F3-7B8F-F503-BA05-2BAACE3A64FF}.job
Task: {04601ED0-20CA-46E9-A6F5-8A0B598B6B15} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {05344639-00AA-460E-AC60-5ED54116871F} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {0D371FB2-D67C-41BE-89BC-015B57EB9010} - \CCleanerSkipUAC -> No File <==== ATTENTION
Task: {33701670-AFE4-4927-96CC-760C515FFCF7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {34BC0C3F-8224-4FB8-AA62-E802401D5A2A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {45EC807C-9A04-46CE-A3AD-9C525C97612D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7933B59A-D8C4-4D18-9A72-446FD6584436} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {AAE89895-09FC-4157-ADCC-A56DEE0208FA} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {AB1D7B70-EC74-4857-B665-1E96CE3CAB3C} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {E1FFC7BC-FEE4-4630-B3ED-E12383FEFC42} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {EE1F73FD-079D-4350-94A2-6763D198CC52} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {FB1668FE-C138-4853-A1C9-45DD0317ED57} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FFD2F104-E0AD-4E36-92E9-DF54E65B9961} - System32\Tasks\{74A9F5F3-7B8F-F503-BA05-2BAACE3A64FF} => C:\Users\Eva\AppData\Roaming\{7CE34~1\SyncTask.exe [2013-04-25] () <==== ATTENTION
C:\Users\Eva\AppData\Roaming\{7CE34~1\
Task: C:\WINDOWS\Tasks\Yahoo! Powered titil.job => Wscript.exe  C:\ProgramData\{15FCD09F-9FBE-5A59-1978-C41B833A4FD5}\fida.txt <==== ATTENTION
Task: C:\WINDOWS\Tasks\{74A9F5F3-7B8F-F503-BA05-2BAACE3A64FF}.job => C:\Users\Eva\AppData\Roaming\{7CE34~1\SyncTask.exe <==== ATTENTION
C:\ProgramData\{15FCD09F-9FBE-5A59-1978-C41B833A4FD5}
C:\Users\Eva\AppData\Roaming\{7CE34~1\SyncTask.exe
2016-07-24 22:11 - 2016-08-15 00:11 - 00000992 _____ C:\WINDOWS\Tasks\Yahoo! Powered titil.job
2016-07-24 22:11 - 2016-08-15 00:11 - 00000000 ____D C:\ProgramData\{15FCD09F-9FBE-5A59-1978-C41B833A4FD5}
2016-07-24 22:11 - 2016-08-10 19:11 - 00000000 ____D C:\Users\Eva\AppData\Roaming\{7CE34A58-59B1-272E-3287-00FCEE55FDC2}
2016-07-24 22:11 - 2016-07-24 22:11 - 00004066 _____ C:\WINDOWS\System32\Tasks\Yahoo! Powered titil
CMD: bitsadmin /reset /allusers
Emptytemp:
*****************
 
Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-460736838-1080885726-4207931419-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-460736838-1080885726-4207931419-1002\Software\Microsoft\Internet Explorer\Main\\Start Page Redirect Cache => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKCR\Wow6432Node\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found. 
HKU\S-1-5-21-460736838-1080885726-4207931419-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-460736838-1080885726-4207931419-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146}" => key removed successfully
HKCR\CLSID\{2f23ab71-4ac6-41f2-a955-ea576e553146} => key not found. 
HKU\S-1-5-21-460736838-1080885726-4207931419-1002\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{AAE01011-C803-40C8-B932-1F086BF9BBFD} => key not found. 
HKCR\CLSID\{AAE01011-C803-40C8-B932-1F086BF9BBFD} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => key removed successfully
"HKCR\CLSID\{31D09BA0-12F5-4CCE-BE8A-2923E76605DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
"HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
Firefox "homepage" removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSuggestURL => removed successfully
idsvc => service removed successfully
C:\Windows\Tasks\{74A9F5F3-7B8F-F503-BA05-2BAACE3A64FF}.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{04601ED0-20CA-46E9-A6F5-8A0B598B6B15}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{04601ED0-20CA-46E9-A6F5-8A0B598B6B15}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05344639-00AA-460E-AC60-5ED54116871F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05344639-00AA-460E-AC60-5ED54116871F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0D371FB2-D67C-41BE-89BC-015B57EB9010}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0D371FB2-D67C-41BE-89BC-015B57EB9010}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\CCleanerSkipUAC => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{33701670-AFE4-4927-96CC-760C515FFCF7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{33701670-AFE4-4927-96CC-760C515FFCF7}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{34BC0C3F-8224-4FB8-AA62-E802401D5A2A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{34BC0C3F-8224-4FB8-AA62-E802401D5A2A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{45EC807C-9A04-46CE-A3AD-9C525C97612D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{45EC807C-9A04-46CE-A3AD-9C525C97612D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7933B59A-D8C4-4D18-9A72-446FD6584436}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7933B59A-D8C4-4D18-9A72-446FD6584436}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AAE89895-09FC-4157-ADCC-A56DEE0208FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAE89895-09FC-4157-ADCC-A56DEE0208FA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AB1D7B70-EC74-4857-B665-1E96CE3CAB3C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AB1D7B70-EC74-4857-B665-1E96CE3CAB3C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E1FFC7BC-FEE4-4630-B3ED-E12383FEFC42}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E1FFC7BC-FEE4-4630-B3ED-E12383FEFC42}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EE1F73FD-079D-4350-94A2-6763D198CC52}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EE1F73FD-079D-4350-94A2-6763D198CC52}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FB1668FE-C138-4853-A1C9-45DD0317ED57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FB1668FE-C138-4853-A1C9-45DD0317ED57}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{FFD2F104-E0AD-4E36-92E9-DF54E65B9961}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FFD2F104-E0AD-4E36-92E9-DF54E65B9961}" => key removed successfully
C:\WINDOWS\System32\Tasks\{74A9F5F3-7B8F-F503-BA05-2BAACE3A64FF} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{74A9F5F3-7B8F-F503-BA05-2BAACE3A64FF}" => key removed successfully
C:\Users\Eva\AppData\Roaming\{7CE34~1 => moved successfully
C:\WINDOWS\Tasks\Yahoo! Powered titil.job => moved successfully
C:\WINDOWS\Tasks\{74A9F5F3-7B8F-F503-BA05-2BAACE3A64FF}.job => not found.
C:\ProgramData\{15FCD09F-9FBE-5A59-1978-C41B833A4FD5} => moved successfully
"C:\Users\Eva\AppData\Roaming\{7CE34~1\SyncTask.exe" => not found.
"C:\WINDOWS\Tasks\Yahoo! Powered titil.job" => not found.
"C:\ProgramData\{15FCD09F-9FBE-5A59-1978-C41B833A4FD5}" => not found.
"C:\Users\Eva\AppData\Roaming\{7CE34A58-59B1-272E-3287-00FCEE55FDC2}" => not found.
C:\WINDOWS\System32\Tasks\Yahoo! Powered titil => moved successfully
 
========= bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{BE9A5080-D7DA-4851-9D84-C9E7E8930FEC} canceled.
{9C75C5DB-7D41-438B-ACE3-5B1C0C95DEA5} canceled.
{739FD5FC-14E6-47F5-8527-95795946A6AF} canceled.
3 out of 3 jobs canceled.
 
========= End of CMD: =========
 
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 101114048 B
Java, Flash, Steam htmlcache => 41798 B
Windows/system/drivers => 18169756 B
Edge => 153501646 B
Chrome => 896511997 B
Firefox => 372037722 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 6144 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 75458 B
NetworkService => 327324 B
HENRY => 309871 B
Eva => 3139058751 B
postgres => 6144 B
DefaultAppPool => 6144 B
 
RecycleBin => 3565138121 B
EmptyTemp: => 7.7 GB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 20:47:30 ====
 
*** MBam ***
 
Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 15/08/2016
Scan Time: 9:01 PM
Logfile: MBam log.txt
Administrator: Yes
 
Version: 2.2.1.1043
Malware Database: v2016.08.16.03
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Eva
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 453550
Time Elapsed: 21 min, 46 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 6
PUP.Optional.SearchManager, HKLM\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [3e856be06f2b7abc695d56a456ada15f], 
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{91D524EE-9077-4761-975C-F775CF520527}, Quarantined, [1fa456f5b1e9a78f3a4fddd7b1534eb2], 
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\Yahoo! Powered titil, Quarantined, [5271d57636644de986041a9a37cd6c94], 
PUP.Optional.SearchManager, HKLM\SOFTWARE\WOW6432NODE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [606378d3d7c3ae88f6d04ab031d28f71], 
PUP.Optional.SearchManager, HKU\S-1-5-21-460736838-1080885726-4207931419-1002\SOFTWARE\GOOGLE\CHROME\EXTENSIONS\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [685b7dce623849ed08c6ebe02cd64ab6], 
PUP.Optional.WinYahoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\winsearch, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
 
Registry Values: 1
PUP.Optional.WinYahoo, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TASKS\{91D524EE-9077-4761-975C-F775CF520527}|Path, \Yahoo! Powered titil, Quarantined, [1fa456f5b1e9a78f3a4fddd7b1534eb2]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 17
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\external, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\css, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\external, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\fonts, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\_metadata, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\HowToRemove, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
 
Files: 96
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\manifest.json, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\background.html, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\favicon.ico, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\newtab.html, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome\common.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome\lifecycle.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome\settings.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome\setup.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\chrome\utils.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\abtest.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\conf-sys.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\conf.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\nt_ptr.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\prefs-sys.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\prefs.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\settings-dev.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\common\udata.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\external\jquery-2.1.1.min.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\external\md5.min.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\external\string.min.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\external\underscore-min.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\AutoSuggest.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\contentscript.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\newtab-base.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\newtab-msg.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\search-engines.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\search-form.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\content\search\search-redirect.js, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\css\newtab.css, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\css\search.css, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\css\search2.css, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\css\styles.css, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\css\white_bg.css, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\external\normalize.css, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\fonts\HelveticaNeue-Thin.otf, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\fonts\neue-bold.woff, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\fonts\neue.woff, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\128.png, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\16.png, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\48.png, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\close.png, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\01d.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\01n.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\02d.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\02n.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\03d.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\03n.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\04d.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\04n.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\09d.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\09n.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\10d.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\10n.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\11d.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\11n.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\13d.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\13n.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\50d.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\icons\weather\50n.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\bg.jpg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\bing.png, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\bluesky-bg.jpg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\brush.png, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\clock.png, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\cloud.png, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\cupcake-bg.jpg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\desk-bg.jpg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\doodle.png, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\down.png, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\google.png, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\mountain-bg.jpg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\sea-bg.jpg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\yahoo.png, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\skin\images\yahoo.svg, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.SearchManager, C:\Users\Eva\AppData\Local\Google\Chrome\User Data\Default\Extensions\pilplloabdedfmialnfchjomjmpjcoej\1.0.7.102_0\_metadata\verified_contents.json, Quarantined, [5e65a3a8b8e2b87e65a5f2d6738f03fd], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\HowToRemove\HowToRemove.html, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\HowToRemove\chromium-min.jpg, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\HowToRemove\control panel-min-min.JPG, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\HowToRemove\down.png, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\HowToRemove\ff menu.JPG, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\HowToRemove\ff search engine-min.png, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\HowToRemove\hp-min ff.png, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\HowToRemove\hp-min ie.png, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\HowToRemove\search engine.gif, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\HowToRemove\setup pages.gif, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\HowToRemove\sp-min.png, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\HowToRemove\start-min.jpg, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\HowToRemove\up.png, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\bapi.dat, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\cema, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\install.log, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\lice, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\safa, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\Sqlite3.dll, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\uninst.dat, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
PUP.Optional.WinYahoo, C:\Users\Eva\AppData\Local\{7CBE4AE2-5816-265A-358E-03B211E6FF2A}\uninst.exe, Quarantined, [9d2627240496a096e3c1ff9e57ad3bc5], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)

  • 0

#6
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
Hello,

Looks good,

We need to remove the tools we used and then close the topic.


The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.



Download DelFix by Xplode and save it to your desktop.
  • Run the tool by right click on the 51a5ce45263de-delfix.png icon and Run as administrator option.
  • Make sure that these ones are checked:
    • Remove disinfection tools
    • Purge system restore
    • Reset system settings
  • Push Run.
  • The program will run for a few seconds and display a notepad report.
    Paste it for my review.

  • 0

#7
FUState

FUState

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 214 posts

Thank you so much!

 

I manually deleted ADW, but the rest should look good.

 

# DelFix v1.013 - Logfile created 15/08/2016 at 23:09:14
# Updated 17/04/2016 by Xplode
# Username : Eva - HENRY-PC
# Operating System : Windows 10 Pro  (64 bits)
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Eva\Desktop\FRST-OlderVersion
Deleted : C:\Users\Eva\Desktop\Addition.txt
Deleted : C:\Users\Eva\Desktop\Fixlog.txt
Deleted : C:\Users\Eva\Desktop\FRST.txt
Deleted : C:\Users\Eva\Desktop\FRST64.exe
Deleted : C:\Users\Eva\Desktop\JRT.exe
Deleted : C:\Users\Eva\Desktop\JRT.txt
Deleted : HKLM\SOFTWARE\OldTimer Tools
 
~ Cleaning system restore ...
 
Deleted : RP #2 [Scheduled Checkpoint | 07/25/2016 02:41:41]
Deleted : RP #3 [Scheduled Checkpoint | 08/02/2016 08:00:42]
Deleted : RP #4 [Windows Update | 08/10/2016 03:43:27]
Deleted : RP #5 [Windows Update | 08/10/2016 03:44:51]
Deleted : RP #6 [JRT Pre-Junkware Removal | 08/16/2016 03:18:11]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########

  • 0

#8
zep516

zep516

    Trusted Helper

  • Malware Removal
  • 6,811 posts
You usually get infected because your security settings are too low.

Here are a number of recommendations that will help tighten them, and which will contribute to making you a less likely victim:

Safe Computing Practices please read Here


Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.

Thanks
Joe :)
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP