Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Computer Issues


  • Please log in to reply

#1
bkp

bkp

    Member

  • Member
  • PipPip
  • 87 posts

Hello,

 

I have used this site before and have had great success! It has been a long time and I am having computer issues. This computer started out with Windows 7 and then was upgraded to windows 10. I have been having many issues lately with some items.

 

1. This has been happening for a while not sure if related. I can not get the computer out of sleep mode. I usually have to hold the on button down till it restarts. I have been over all my setting and have not been able to fix it.

2. I can not open up pictures it seems to lock up my computer however I am after a while able to close the window. 

3. I can not shut down computer the normal way I have to hold down the on/off button

4. I have downloaded Farbar Scan tool and that starts and runs then eventually goes unresponsive. I have to x out and try again and does the same thing. Did this 3 times.

 

 

Now I did notice on my Desktop there is a file FRST and additions that in the properties was created 44 minutes ago and updated 22 minutes ago. My guess is the first scan I did created this files and the scans after that replaced them.

 

I would like to Thank you for your assistance on this matter! Any help is greatly appreciated! 

 

Here are the two logs below:

 

 

 Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 02-06-2017

Ran by bryan (administrator) on BRIAN-PC (04-06-2017 16:18:19)
Running from C:\Users\bryan\Desktop
Loaded Profiles: bryan (Available Profiles: bryan & Kristen & Kids & DefaultAppPool)
Platform: Microsoft Windows 10 Home Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe
(Sanford, L.P.) C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Hewlett-Packard Company) C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe
() C:\Windows\System32\SecUPDUtilSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office\root\Office16\msoia.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Cisco Systems, Inc.) C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe
(Hewlett-Packard) C:\Program Files\Hp\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Oracle Corporation) C:\Program Files\Common Files\Java\Java Update\jusched.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe
(i-Funbox.com) C:\Program Files\i-Funbox DevTeam\iFunBox.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Co.) C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe
(Advanced Micro Devices Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Apple Application Support\APSDaemon.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Farbar) C:\Users\bryan\Desktop\FRST (1).exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [StartCCC] => C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\x86\CLIStart.exe [748744 2015-08-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [BCSSync] => C:\Program Files\Microsoft Office\Office14\BCSSync.exe [91520 2010-01-21] (Microsoft Corporation)
HKLM\...\Run: [Cisco AnyConnect Secure Mobility Agent for Windows] => C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnui.exe [707496 2014-06-10] (Cisco Systems, Inc.)
HKLM\...\Run: [HP Software Update] => C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [164152 2016-07-26] (Apple Inc.)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [483840 2017-04-27] (Microsoft Corporation)
HKLM\...\Run: [SunJavaUpdateSched] => C:\Program Files\Common Files\Java\Java Update\jusched.exe [587288 2017-03-15] (Oracle Corporation)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2780112 2017-01-20] (Malwarebytes)
HKU\S-1-5-21-191501728-1260249008-2198610037-1000\...\Run: [swg] => C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2014-12-17] (Google Inc.)
HKU\S-1-5-21-191501728-1260249008-2198610037-1000\...\Run: [ApplePhotoStreams] => C:\Program Files\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [67896 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-191501728-1260249008-2198610037-1000\...\Run: [iCloudDrive] => C:\Program Files\Common Files\Apple\Internet Services\iCloudDrive.exe [110392 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-191501728-1260249008-2198610037-1000\...\Run: [iCloudPhotos] => C:\Program Files\Common Files\Apple\Internet Services\iCloudPhotos.exe [356664 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-191501728-1260249008-2198610037-1000\...\Run: [Skype] => C:\Program Files\Skype\Phone\Skype.exe [26424960 2016-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-191501728-1260249008-2198610037-1000\...\Run: [iCloudServices] => C:\Program Files\Common Files\Apple\Internet Services\iCloudServices.exe [67384 2016-04-22] (Apple Inc.)
HKU\S-1-5-21-191501728-1260249008-2198610037-1000\...\Run: [iFunBox] => C:\Program Files\i-Funbox DevTeam\iFunBox.exe [2618368 2015-07-27] (i-Funbox.com)
HKU\S-1-5-21-191501728-1260249008-2198610037-1000\...\Run: [GoogleChromeAutoLaunch_4E0AE40DFBEFCF659ACC42CC2B081204] => C:\Program Files\Google\Chrome\Application\chrome.exe [941912 2017-03-28] (Google Inc.)
HKU\S-1-5-21-191501728-1260249008-2198610037-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7619288 2017-05-19] (Piriform Ltd)
HKU\S-1-5-21-191501728-1260249008-2198610037-1000\...\MountPoints2: {a28ee5ae-bfff-11e6-b4f9-68a3c4bfc53b} - "E:\VZW_Software_upgrade_assistant.exe" 
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2014-12-18]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{882920fe-1602-4251-afb1-447ce56331f0}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{f276b8a1-b82c-4052-a79d-d962c00e9952}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKU\S-1-5-21-191501728-1260249008-2198610037-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.yahoo.com/?fr=yset_ie_syc_oracle&type=orcl_hpset
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
SearchScopes: HKU\S-1-5-21-191501728-1260249008-2198610037-1000 -> {EC4CCF5E-EDA2-4E46-ACA3-23F1D89DDAA1} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: &Yahoo! Toolbar Helper -> {02478D38-C3F9-4efb-9B51-7695ECA05670} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
BHO: HP Print Enhancer -> {0347C33E-8762-4905-BF09-768834316C61} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_printenhancer.dll [2009-10-22] (Hewlett-Packard Co.)
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\root\Office16\OCHelper.dll [2017-05-05] (Microsoft Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2010-01-21] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_131\bin\ssv.dll [2017-05-01] (Oracle Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\root\Office16\GROOVEEX.DLL [2017-05-05] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_131\bin\jp2ssv.dll [2017-05-01] (Oracle Corporation)
BHO: SingleInstance Class -> {FDAD4DA1-61A2-4FD8-9C17-86F7AC245081} -> C:\Program Files\Yahoo!\Companion\Installs\cpn\YTSingleInstance.dll [2008-07-28] (Yahoo! Inc)
BHO: HP Smart BHO Class -> {FFFFFFFF-CF4E-4F2B-BDC2-0E72E116A856} -> C:\Program Files\HP\Digital Imaging\Smart Web Printing\hpswp_BHO.dll [2009-10-22] (Hewlett-Packard Co.)
Toolbar: HKLM - Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll [2008-07-28] (Yahoo! Inc.)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Toolbar: HKU\S-1-5-21-191501728-1260249008-2198610037-1000 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files\Microsoft Office\root\Office16\MSOSB.DLL [2017-05-05] (Microsoft Corporation)
 
FireFox:
========
FF HKLM\...\Firefox\Extensions: [[email protected]] - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3
FF Extension: (HP Smart Web Printing) - C:\Program Files\HP\Digital Imaging\Smart Web Printing\MozillaAddOn3 [2014-12-18] [not signed]
FF Plugin: @Apple.com/iTunes,version=1.0 -> C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin: @dymo.com/DymoLabelFramework -> C:\Program Files\DYMO\DYMO Label Software\Framework\npDYMOLabelFramework.dll [2014-03-20] ( Sanford L.P.)
FF Plugin: @java.com/DTPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\dtplugin\npDeployJava1.dll [2017-05-01] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.131.2 -> C:\Program Files\Java\jre1.8.0_131\bin\plugin2\npjp2.dll [2017-05-01] (Oracle Corporation)
FF Plugin: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2017-05-05] (Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office\root\Office16\NPSPWRAP.DLL [2017-05-05] (Microsoft Corporation)
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [No File]
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2017-04-04] (Adobe Systems Inc.)
 
Chrome: 
=======
CHR DefaultProfile: Profile 1
CHR HomePage: Profile 1 -> hxxp://www.google.com/
CHR StartupUrls: Profile 1 -> "hxxps://mail.google.com/mail/u/1/#inbox","hxxps://mail.google.com/mail/u/0/?tab=wm#inbox","hxxps://www.facebook.com/groups/849996355077511/","hxxps://www.google.com/"
CHR Profile: C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default [2017-06-04]
CHR Extension: (Google Slides) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-09]
CHR Extension: (Google Docs) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-09]
CHR Extension: (Google Drive) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-24]
CHR Extension: (YouTube) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-24]
CHR Extension: () - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2017-01-30]
CHR Extension: (Google Search) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2017-01-30]
CHR Extension: (Adobe Acrobat) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-01-30]
CHR Extension: (Google Calendar) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2017-01-30]
CHR Extension: (Google Sheets) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-09]
CHR Extension: (Google Docs Offline) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-01-30]
CHR Extension: (Pinterest Save Button) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2017-01-30]
CHR Extension: (Skype) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-01-30]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-01-30]
CHR Extension: (Gmail) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-10-24]
CHR Extension: (Chrome Media Router) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-01-30]
CHR Profile: C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Guest Profile [2017-06-04]
CHR Profile: C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Profile 1 [2017-06-04]
CHR Extension: (Google Drive) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2017-05-31]
CHR Extension: (Ebates Cash Back) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\chhjbpecpncaggjpdakmflnfcopglcmi [2017-05-31]
CHR Extension: (Adobe Acrobat) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2017-05-31]
CHR Extension: (Google Docs Offline) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2017-05-31]
CHR Extension: (Skype) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2017-05-31]
CHR Extension: (Chrome Web Store Payments) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2017-05-31]
CHR Extension: (Chrome Media Router) - C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2017-05-31]
CHR Profile: C:\Users\bryan\AppData\Local\Google\Chrome\User Data\System Profile [2017-06-04]
CHR HKLM\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - hxxps://clients2.google.com/service/update2/crx
CHR HKU\S-1-5-21-191501728-1260249008-2198610037-1000\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [276992 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2290880 2017-05-05] (Microsoft Corporation)
R2 DymoPnpService; C:\Program Files\DYMO\DYMO Label Software\DymoPnpService.exe [33072 2014-03-20] (Sanford, L.P.)
S2 Garmin Device Interaction Service; C:\Program Files\Garmin\Device Interaction Service\GarminService.exe [708616 2015-04-08] (Garmin Ltd. or its subsidiaries)
R2 HPSupportSolutionsFrameworkService; C:\Program Files\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [3303888 2017-01-20] (Malwarebytes)
R2 Net Driver HPZ12; C:\WINDOWS\system32\HPZinw12.dll [45568 2012-07-31] (Hewlett-Packard) [File not signed]
R2 Pml Driver HPZ12; C:\WINDOWS\system32\HPZipm12.dll [55808 2012-07-31] (Hewlett-Packard) [File not signed]
R2 SamsungUPDUtilSvc; C:\WINDOWS\system32\SecUPDUtilSvc.exe [143664 2016-09-28] ()
R2 vpnagent; C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\vpnagent.exe [561064 2014-06-10] (Cisco Systems, Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271488 2017-04-27] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84920 2017-04-27] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 acsock; C:\WINDOWS\System32\DRIVERS\acsock.sys [92528 2014-06-10] (Cisco Systems, Inc.)
R0 amd_sata; C:\WINDOWS\System32\drivers\amd_sata.sys [70464 2013-06-27] (Advanced Micro Devices)
R0 amd_xata; C:\WINDOWS\System32\drivers\amd_xata.sys [34624 2013-06-27] (Advanced Micro Devices)
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\i386\AODDriver2.sys [50400 2014-02-11] (Advanced Micro Devices)
R3 athr; C:\WINDOWS\System32\drivers\athwn.sys [3228672 2016-07-16] (Qualcomm Atheros Communications, Inc.)
R3 BtFilter; C:\WINDOWS\system32\DRIVERS\btfilter.sys [521248 2016-06-26] (Qualcomm Atheros)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [109184 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 L1C; C:\WINDOWS\System32\drivers\L1C62x86.sys [110280 2013-11-29] (Qualcomm Atheros Co., Ltd.)
R0 MBAMSwissArmy; C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys [220088 2017-06-04] (Malwarebytes)
R1 MpKsl13511da7; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{976CD3E9-3F7A-4181-B8AB-8013C86204A4}\MpKsl13511da7.sys [39168 2017-05-28] (Microsoft Corporation)
R1 MpKsl3cff471b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D06A65FC-D65C-4AD0-845E-D42BFCA7B7D5}\MpKsl3cff471b.sys [39168 2017-05-24] (Microsoft Corporation)
R1 MpKsl9c58d9b4; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D06A65FC-D65C-4AD0-845E-D42BFCA7B7D5}\MpKsl9c58d9b4.sys [39168 2017-05-23] (Microsoft Corporation)
R1 MpKsla8747fce; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{83C6A32D-B001-46BC-84AB-659165DFA0EC}\MpKsla8747fce.sys [39168 2017-05-31] (Microsoft Corporation)
R1 MpKslac114979; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D06A65FC-D65C-4AD0-845E-D42BFCA7B7D5}\MpKslac114979.sys [39168 2017-05-23] (Microsoft Corporation)
R1 MpKslaec2b23d; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{728F8E49-AC86-4E3C-9BCF-C96692000A97}\MpKslaec2b23d.sys [39168 2017-06-04] (Microsoft Corporation)
R1 MpKslbcabb43c; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D06A65FC-D65C-4AD0-845E-D42BFCA7B7D5}\MpKslbcabb43c.sys [39168 2017-05-25] (Microsoft Corporation)
R1 MpKsle1f1f774; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{D06A65FC-D65C-4AD0-845E-D42BFCA7B7D5}\MpKsle1f1f774.sys [39168 2017-05-21] (Microsoft Corporation)
R1 MpKsleb8fd604; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{83C6A32D-B001-46BC-84AB-659165DFA0EC}\MpKsleb8fd604.sys [39168 2017-06-02] (Microsoft Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
R3 QIOMem; C:\WINDOWS\System32\drivers\QIOMem.sys [20664 2015-05-28] (TOSHIBA)
R2 SSPORT; C:\WINDOWS\system32\Drivers\SSPORT.sys [5120 2014-08-18] (Samsung Electronics) [File not signed]
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [147072 2016-09-05] (Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [42088 2015-12-31] (Toshiba Corporation)
S3 vpnva; C:\WINDOWS\System32\drivers\vpnva-6.sys [43888 2014-06-10] (Cisco Systems, Inc.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)
R3 WUDFWpdMtp; C:\WINDOWS\system32\DRIVERS\WUDFRd.sys [161280 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-04 16:02 - 2017-06-04 16:03 - 00038112 _____ C:\Users\bryan\Desktop\Addition.txt
2017-06-04 16:00 - 2017-06-04 16:18 - 00022950 _____ C:\Users\bryan\Desktop\FRST.txt
2017-06-04 15:57 - 2017-06-04 15:59 - 01774080 _____ (Farbar) C:\Users\bryan\Desktop\FRST (1).exe
2017-06-03 22:29 - 2017-06-03 22:29 - 00001034 _____ C:\Users\Public\Desktop\CCleaner.lnk
2017-06-03 22:29 - 2017-06-03 22:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2017-06-03 22:29 - 2017-06-03 22:29 - 00000000 ____D C:\Program Files\CCleaner
2017-06-03 22:28 - 2017-06-03 22:28 - 09551280 _____ (Piriform Ltd) C:\Users\bryan\Downloads\ccsetup530.exe
2017-06-03 10:16 - 2017-06-03 10:16 - 05897641 _____ C:\Users\bryan\Downloads\NL 06-17 (2).pdf
2017-06-02 18:50 - 2017-06-02 18:50 - 05897648 _____ C:\Users\bryan\Downloads\NL 06-17 (1).pdf
2017-06-02 18:48 - 2017-06-02 18:48 - 05897648 _____ C:\Users\bryan\Downloads\NL 06-17.pdf
2017-06-02 11:30 - 2017-06-02 11:30 - 00000067 _____ C:\Users\bryan\Desktop\Convert your PDF file to JPG now - Free, Simple and Online.url
2017-06-02 11:24 - 2017-06-02 11:24 - 00040183 _____ C:\Users\bryan\Downloads\Report_from_Totem_Pole_Park.pdf
2017-05-31 11:27 - 2017-05-31 11:27 - 00000000 __SHD C:\found.000
2017-05-28 18:57 - 2017-05-28 18:57 - 00005679 _____ C:\Users\bryan\Downloads\Hunter invention.pdf
2017-05-18 15:20 - 2017-05-18 15:20 - 00150534 _____ C:\Users\bryan\Downloads\_rlg_att3939.pdf
2017-05-15 21:52 - 2017-05-15 21:52 - 03396205 _____ C:\Users\bryan\Downloads\tpppicturesoct_2015.zip
2017-05-15 13:06 - 2017-05-15 13:06 - 00081821 _____ C:\Users\bryan\Downloads\Store and Snack Bar survey.pdf
2017-05-14 10:44 - 2017-05-14 10:44 - 00115740 _____ C:\Users\bryan\Downloads\SurveyMonkey_84698392 (1).pdf
2017-05-14 10:43 - 2017-05-14 10:43 - 00071234 _____ C:\Users\bryan\Downloads\SurveyMonkey_84698392.pdf
2017-05-11 21:46 - 2017-05-11 21:46 - 00000017 _____ C:\Users\bryan\AppData\Local\resmon.resmoncfg
2017-05-11 14:48 - 2017-05-11 14:48 - 00021105 _____ C:\Users\bryan\Downloads\Book6.xlsx
2017-05-10 20:58 - 2017-04-27 21:00 - 05996896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2017-05-10 20:58 - 2017-04-27 21:00 - 01725136 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2017-05-10 20:58 - 2017-04-27 20:56 - 02048488 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2017-05-10 20:58 - 2017-04-27 20:55 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2017-05-10 20:58 - 2017-04-27 20:46 - 05722320 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2017-05-10 20:58 - 2017-04-27 20:46 - 01896288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2017-05-10 20:58 - 2017-04-27 20:46 - 00342880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2017-05-10 20:58 - 2017-04-27 20:45 - 02263832 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2017-05-10 20:58 - 2017-04-27 20:43 - 01980768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2017-05-10 20:58 - 2017-04-27 20:43 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2017-05-10 20:58 - 2017-04-27 20:41 - 00080224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2017-05-10 20:58 - 2017-04-27 20:40 - 06665952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2017-05-10 20:58 - 2017-04-27 20:39 - 20967840 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2017-05-10 20:58 - 2017-04-27 20:29 - 05685760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2017-05-10 20:58 - 2017-04-27 20:22 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\odbcconf.dll
2017-05-10 20:58 - 2017-04-27 20:21 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2017-05-10 20:58 - 2017-04-27 20:19 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2017-05-10 20:58 - 2017-04-27 20:19 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
2017-05-10 20:58 - 2017-04-27 20:18 - 00255488 _____ (Microsoft Corporation) C:\WINDOWS\system32\unimdm.tsp
2017-05-10 20:58 - 2017-04-27 20:17 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2017-05-10 20:58 - 2017-04-27 20:14 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2017-05-10 20:58 - 2017-04-27 20:14 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2017-05-10 20:58 - 2017-04-27 20:13 - 13873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2017-05-10 20:58 - 2017-04-27 20:13 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2017-05-10 20:58 - 2017-04-27 20:12 - 00188416 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2017-05-10 20:58 - 2017-04-27 20:11 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2017-05-10 20:58 - 2017-04-27 20:08 - 18365440 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2017-05-10 20:58 - 2017-04-27 20:06 - 01488384 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2017-05-10 20:58 - 2017-04-27 20:06 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2017-05-10 20:58 - 2017-04-27 20:06 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2017-05-10 20:58 - 2017-04-27 20:05 - 19414016 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2017-05-10 20:58 - 2017-04-27 20:05 - 03733504 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_47.dll
2017-05-10 20:58 - 2017-04-27 20:04 - 01284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2017-05-10 20:58 - 2017-04-27 19:59 - 12187136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2017-05-10 20:58 - 2017-04-27 19:58 - 07468544 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2017-05-10 20:58 - 2017-04-27 19:57 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2017-05-10 20:58 - 2017-04-27 19:55 - 06042624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2017-05-10 20:58 - 2017-04-27 19:55 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Maps.dll
2017-05-10 20:58 - 2017-04-27 19:54 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2017-05-10 20:58 - 2017-04-27 19:54 - 02483200 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2017-05-10 20:58 - 2017-04-27 19:54 - 02027008 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2017-05-10 20:58 - 2017-04-27 19:54 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2017-05-10 20:58 - 2017-04-27 19:53 - 01235456 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2017-05-10 20:58 - 2017-04-27 19:53 - 01170944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Phone.dll
2017-05-10 20:58 - 2017-04-27 19:52 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2017-05-10 20:58 - 2017-04-27 19:52 - 02994176 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2017-05-10 20:58 - 2017-04-27 19:52 - 01887232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2017-05-10 20:58 - 2017-04-27 19:52 - 01600000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2017-05-10 20:58 - 2017-04-27 19:50 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSWorkspace.dll
2017-05-10 20:58 - 2017-03-04 02:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2017-05-10 20:57 - 2017-04-27 21:33 - 00448864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2017-05-10 20:57 - 2017-04-27 21:32 - 00685440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2017-05-10 20:57 - 2017-04-27 20:59 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2017-05-10 20:57 - 2017-04-27 20:58 - 01956704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2017-05-10 20:57 - 2017-04-27 20:48 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2017-05-10 20:57 - 2017-04-27 20:46 - 01504056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2017-05-10 20:57 - 2017-04-27 20:46 - 01431232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2017-05-10 20:57 - 2017-04-27 20:45 - 00975744 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2017-05-10 20:57 - 2017-04-27 20:45 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2017-05-10 20:57 - 2017-04-27 20:45 - 00781144 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2017-05-10 20:57 - 2017-04-27 20:43 - 02168288 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2017-05-10 20:57 - 2017-04-27 20:43 - 01557224 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2017-05-10 20:57 - 2017-04-27 20:43 - 00458592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\spaceport.sys
2017-05-10 20:57 - 2017-04-27 20:43 - 00355168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2017-05-10 20:57 - 2017-04-27 20:42 - 00601952 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2017-05-10 20:57 - 2017-04-27 20:40 - 04023008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2017-05-10 20:57 - 2017-04-27 20:40 - 01851696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2017-05-10 20:57 - 2017-04-27 20:40 - 01360456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2017-05-10 20:57 - 2017-04-27 20:40 - 01277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2017-05-10 20:57 - 2017-04-27 20:40 - 01202936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2017-05-10 20:57 - 2017-04-27 20:40 - 00981888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2017-05-10 20:57 - 2017-04-27 20:39 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2017-05-10 20:57 - 2017-04-27 20:39 - 00962760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2017-05-10 20:57 - 2017-04-27 20:38 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2017-05-10 20:57 - 2017-04-27 20:35 - 01411616 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2017-05-10 20:57 - 2017-04-27 20:33 - 00380184 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2017-05-10 20:57 - 2017-04-27 20:26 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2017-05-10 20:57 - 2017-04-27 20:23 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2017-05-10 20:57 - 2017-04-27 20:20 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Radios.dll
2017-05-10 20:57 - 2017-04-27 20:19 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDeviceRegistration.dll
2017-05-10 20:57 - 2017-04-27 20:19 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2017-05-10 20:57 - 2017-04-27 20:17 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.SyncEngine.dll
2017-05-10 20:57 - 2017-04-27 20:17 - 00142336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFi.dll
2017-05-10 20:57 - 2017-04-27 20:17 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinRtTracing.dll
2017-05-10 20:57 - 2017-04-27 20:17 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2017-05-10 20:57 - 2017-04-27 20:16 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Gaming.Input.dll
2017-05-10 20:57 - 2017-04-27 20:16 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2017-05-10 20:57 - 2017-04-27 20:16 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Flights.dll
2017-05-10 20:57 - 2017-04-27 20:16 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2017-05-10 20:57 - 2017-04-27 20:16 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2017-05-10 20:57 - 2017-04-27 20:16 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2017-05-10 20:57 - 2017-04-27 20:16 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Lights.dll
2017-05-10 20:57 - 2017-04-27 20:15 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2017-05-10 20:57 - 2017-04-27 20:15 - 00237568 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncSettings.dll
2017-05-10 20:57 - 2017-04-27 20:14 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.PointOfService.dll
2017-05-10 20:57 - 2017-04-27 20:14 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.AllJoyn.dll
2017-05-10 20:57 - 2017-04-27 20:14 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2017-05-10 20:57 - 2017-04-27 20:13 - 00426496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Wallet.dll
2017-05-10 20:57 - 2017-04-27 20:13 - 00386048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.WiFiDirect.dll
2017-05-10 20:57 - 2017-04-27 20:13 - 00325120 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll
2017-05-10 20:57 - 2017-04-27 20:13 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2017-05-10 20:57 - 2017-04-27 20:13 - 00271360 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2017-05-10 20:57 - 2017-04-27 20:13 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2017-05-10 20:57 - 2017-04-27 20:13 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Identity.Provider.dll
2017-05-10 20:57 - 2017-04-27 20:13 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2017-05-10 20:57 - 2017-04-27 20:13 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2017-05-10 20:57 - 2017-04-27 20:12 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2017-05-10 20:57 - 2017-04-27 20:12 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2017-05-10 20:57 - 2017-04-27 20:12 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2017-05-10 20:57 - 2017-04-27 20:12 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs3D.dll
2017-05-10 20:57 - 2017-04-27 20:12 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Picker.dll
2017-05-10 20:57 - 2017-04-27 20:11 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebcamUi.dll
2017-05-10 20:57 - 2017-04-27 20:11 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Ocr.dll
2017-05-10 20:57 - 2017-04-27 20:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2017-05-10 20:57 - 2017-04-27 20:11 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2017-05-10 20:57 - 2017-04-27 20:10 - 00822272 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2017-05-10 20:57 - 2017-04-27 20:10 - 00816640 _____ (Microsoft Corporation) C:\WINDOWS\system32\NaturalLanguage6.dll
2017-05-10 20:57 - 2017-04-27 20:10 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprddm.dll
2017-05-10 20:57 - 2017-04-27 20:10 - 00661504 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2017-05-10 20:57 - 2017-04-27 20:10 - 00425472 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2017-05-10 20:57 - 2017-04-27 20:10 - 00314368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2017-05-10 20:57 - 2017-04-27 20:10 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.dll
2017-05-10 20:57 - 2017-04-27 20:10 - 00238080 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2017-05-10 20:57 - 2017-04-27 20:09 - 01109504 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2017-05-10 20:57 - 2017-04-27 20:09 - 00584192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2017-05-10 20:57 - 2017-04-27 20:09 - 00561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2017-05-10 20:57 - 2017-04-27 20:08 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2017-05-10 20:57 - 2017-04-27 20:08 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.3D.dll
2017-05-10 20:57 - 2017-04-27 20:08 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2017-05-10 20:57 - 2017-04-27 20:08 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2017-05-10 20:57 - 2017-04-27 20:07 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2017-05-10 20:57 - 2017-04-27 20:07 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2017-05-10 20:57 - 2017-04-27 20:06 - 04614656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2017-05-10 20:57 - 2017-04-27 20:06 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2017-05-10 20:57 - 2017-04-27 20:06 - 00901120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2017-05-10 20:57 - 2017-04-27 20:06 - 00675840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll
2017-05-10 20:57 - 2017-04-27 20:05 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2017-05-10 20:57 - 2017-04-27 20:05 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2017-05-10 20:57 - 2017-04-27 20:04 - 01323008 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_fs.dll
2017-05-10 20:57 - 2017-04-27 20:04 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2017-05-10 20:57 - 2017-04-27 20:04 - 00344576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2017-05-10 20:57 - 2017-04-27 20:03 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2017-05-10 20:57 - 2017-04-27 20:03 - 01137152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_health.dll
2017-05-10 20:57 - 2017-04-27 20:03 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2017-05-10 20:57 - 2017-04-27 20:03 - 01077760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2017-05-10 20:57 - 2017-04-27 20:01 - 00795648 _____ (Microsoft Corporation) C:\WINDOWS\system32\MiracastReceiver.dll
2017-05-10 20:57 - 2017-04-27 20:01 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2017-05-10 20:57 - 2017-04-27 20:01 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2017-05-10 20:57 - 2017-04-27 20:01 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialclient.dll
2017-05-10 20:57 - 2017-04-27 20:00 - 12349440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2017-05-10 20:57 - 2017-04-27 20:00 - 03774464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2017-05-10 20:57 - 2017-04-27 20:00 - 02749440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mispace.dll
2017-05-10 20:57 - 2017-04-27 20:00 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2017-05-10 20:57 - 2017-04-27 19:59 - 02154496 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2017-05-10 20:57 - 2017-04-27 19:58 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2017-05-10 20:57 - 2017-04-27 19:57 - 01700864 _____ (Microsoft Corporation) C:\WINDOWS\system32\smartscreen.exe
2017-05-10 20:57 - 2017-04-27 19:57 - 01221120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2017-05-10 20:57 - 2017-04-27 19:57 - 01136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2017-05-10 20:57 - 2017-04-27 19:57 - 00719872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsp_sr.dll
2017-05-10 20:57 - 2017-04-27 19:57 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2017-05-10 20:57 - 2017-04-27 19:56 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2017-05-10 20:57 - 2017-04-27 19:56 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll
2017-05-10 20:57 - 2017-04-27 19:55 - 01993216 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2017-05-10 20:57 - 2017-04-27 19:55 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2017-05-10 20:57 - 2017-04-27 19:55 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Perception.dll
2017-05-10 20:57 - 2017-04-27 19:55 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll
2017-05-10 20:57 - 2017-04-27 19:54 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2017-05-10 20:57 - 2017-04-27 19:54 - 02747904 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2017-05-10 20:57 - 2017-04-27 19:54 - 01883648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2017-05-10 20:57 - 2017-04-27 19:54 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2017-05-10 20:57 - 2017-04-27 19:54 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll
2017-05-10 20:57 - 2017-04-27 19:54 - 00654336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2017-05-10 20:57 - 2017-04-27 19:54 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll
2017-05-10 20:57 - 2017-04-27 19:54 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2017-05-10 20:57 - 2017-04-27 19:53 - 01525760 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2017-05-10 20:57 - 2017-04-27 19:53 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2017-05-10 20:57 - 2017-04-27 19:53 - 00751104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2017-05-10 20:57 - 2017-04-27 19:53 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2017-05-10 20:57 - 2017-04-27 19:52 - 03596800 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2017-05-10 20:57 - 2017-04-27 19:52 - 02008576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2017-05-10 20:57 - 2017-03-04 03:57 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2017-05-10 20:57 - 2017-03-04 03:09 - 00890984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2017-05-10 20:57 - 2017-03-04 02:46 - 00198496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2017-05-10 20:57 - 2017-03-04 02:23 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2017-05-10 20:57 - 2017-03-04 02:16 - 00500224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Graphics.Printing.dll
2017-05-10 20:57 - 2017-03-04 02:00 - 00691200 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2017-05-10 20:56 - 2017-04-27 21:28 - 00965472 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2017-05-10 20:56 - 2017-04-27 21:01 - 00784064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2017-05-10 20:56 - 2017-04-27 20:55 - 00628440 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernel32.dll
2017-05-10 20:56 - 2017-04-27 20:51 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll
2017-05-10 20:56 - 2017-04-27 20:49 - 00053080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fsdepends.sys
2017-05-10 20:56 - 2017-04-27 20:45 - 00545120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2017-05-10 20:56 - 2017-04-27 20:45 - 00493920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2017-05-10 20:56 - 2017-04-27 20:45 - 00116576 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHostCommon.dll
2017-05-10 20:56 - 2017-04-27 20:45 - 00025440 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser_broker.exe
2017-05-10 20:56 - 2017-04-27 20:41 - 00361104 _____ (Microsoft Corporation) C:\WINDOWS\system32\tsmf.dll
2017-05-10 20:56 - 2017-04-27 20:40 - 00352760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MMDevAPI.dll
2017-05-10 20:56 - 2017-04-27 20:23 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2017-05-10 20:56 - 2017-04-27 20:22 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2017-05-10 20:56 - 2017-04-27 20:22 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\raspppoe.sys
2017-05-10 20:56 - 2017-04-27 20:21 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx
2017-05-10 20:56 - 2017-04-27 20:21 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthTelemetry.dll
2017-05-10 20:56 - 2017-04-27 20:20 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\virtdisk.dll
2017-05-10 20:56 - 2017-04-27 20:20 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifimp.sys
2017-05-10 20:56 - 2017-04-27 20:20 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidcertstorecheck.exe
2017-05-10 20:56 - 2017-04-27 20:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Family.Client.dll
2017-05-10 20:56 - 2017-04-27 20:19 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll
2017-05-10 20:56 - 2017-04-27 20:19 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2017-05-10 20:56 - 2017-04-27 20:18 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2017-05-10 20:56 - 2017-04-27 20:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2017-05-10 20:56 - 2017-04-27 20:17 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2017-05-10 20:56 - 2017-04-27 20:16 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dxpserver.exe
2017-05-10 20:56 - 2017-04-27 20:16 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll
2017-05-10 20:56 - 2017-04-27 20:16 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2017-05-10 20:56 - 2017-04-27 20:16 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2017-05-10 20:56 - 2017-04-27 20:16 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2017-05-10 20:56 - 2017-04-27 20:16 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2017-05-10 20:56 - 2017-04-27 20:15 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2017-05-10 20:56 - 2017-04-27 20:15 - 00774144 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.Handlers.dll
2017-05-10 20:56 - 2017-04-27 20:15 - 00404992 _____ (Microsoft Corporation) C:\WINDOWS\system32\dsreg.dll
2017-05-10 20:56 - 2017-04-27 20:15 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2017-05-10 20:56 - 2017-04-27 20:15 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2017-05-10 20:56 - 2017-04-27 20:15 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthprops.cpl
2017-05-10 20:56 - 2017-04-27 20:15 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2017-05-10 20:56 - 2017-04-27 20:15 - 00102400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsentUX.dll
2017-05-10 20:56 - 2017-04-27 20:14 - 00445952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2017-05-10 20:56 - 2017-04-27 20:13 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2017-05-10 20:56 - 2017-04-27 20:13 - 01243136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.FaceAnalysis.dll
2017-05-10 20:56 - 2017-04-27 20:13 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2017-05-10 20:56 - 2017-04-27 20:13 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\WwaApi.dll
2017-05-10 20:56 - 2017-04-27 20:13 - 00206336 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2017-05-10 20:56 - 2017-04-27 20:13 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2017-05-10 20:56 - 2017-04-27 20:13 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2017-05-10 20:56 - 2017-04-27 20:12 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2017-05-10 20:56 - 2017-04-27 20:12 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
2017-05-10 20:56 - 2017-04-27 20:12 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2017-05-10 20:56 - 2017-04-27 20:11 - 01774080 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2017-05-10 20:56 - 2017-04-27 20:11 - 01378304 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2017-05-10 20:56 - 2017-04-27 20:11 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2017-05-10 20:56 - 2017-04-27 20:11 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2017-05-10 20:56 - 2017-04-27 20:11 - 00323584 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2017-05-10 20:56 - 2017-04-27 20:11 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2017-05-10 20:56 - 2017-04-27 20:10 - 00857600 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2017-05-10 20:56 - 2017-04-27 20:10 - 00819200 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2017-05-10 20:56 - 2017-04-27 20:10 - 00518656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wiaservc.dll
2017-05-10 20:56 - 2017-04-27 20:10 - 00242688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2017-05-10 20:56 - 2017-04-27 20:09 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\system32\PrintDialogs.dll
2017-05-10 20:56 - 2017-04-27 20:09 - 00509440 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2017-05-10 20:56 - 2017-04-27 20:09 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2017-05-10 20:56 - 2017-04-27 20:09 - 00352256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2017-05-10 20:56 - 2017-04-27 20:09 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2017-05-10 20:56 - 2017-04-27 20:08 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2017-05-10 20:56 - 2017-04-27 20:07 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2017-05-10 20:56 - 2017-04-27 20:07 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2017-05-10 20:56 - 2017-04-27 20:03 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2017-05-10 20:56 - 2017-04-27 20:03 - 00355328 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTMediaFrame.dll
2017-05-10 20:56 - 2017-04-27 20:03 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationApi.dll
2017-05-10 20:56 - 2017-04-27 20:03 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsnt.dll
2017-05-10 20:56 - 2017-04-27 20:03 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Energy.dll
2017-05-10 20:56 - 2017-04-27 20:00 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceControl.dll
2017-05-10 20:56 - 2017-04-27 20:00 - 00300544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2017-05-10 20:56 - 2017-04-27 20:00 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2017-05-10 20:56 - 2017-04-27 19:59 - 01017856 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2017-05-10 20:56 - 2017-04-27 19:59 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2017-05-10 20:56 - 2017-04-27 19:59 - 00758784 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll
2017-05-10 20:56 - 2017-04-27 19:59 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToReceiver.dll
2017-05-10 20:56 - 2017-04-27 19:58 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\imapi2.dll
2017-05-10 20:56 - 2017-04-27 19:58 - 00113152 _____ (Microsoft Corporation) C:\WINDOWS\system32\SpaceAgent.exe
2017-05-10 20:56 - 2017-04-27 19:57 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\CameraCaptureUI.dll
2017-05-10 20:56 - 2017-04-27 19:55 - 01413632 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpcServices.dll
2017-05-10 20:56 - 2017-04-27 19:54 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2017-05-10 20:56 - 2017-04-27 19:52 - 00846848 _____ (Microsoft Corporation) C:\WINDOWS\system32\termsrv.dll
2017-05-10 20:56 - 2017-04-27 19:50 - 01438720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ResetEngine.dll
2017-05-10 20:56 - 2017-04-27 19:50 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\spaceman.exe
2017-05-09 13:51 - 2017-05-09 13:51 - 00161216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMChameleon.sys
2017-05-09 13:50 - 2017-06-04 16:15 - 00220088 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2017-05-09 13:50 - 2017-05-23 13:41 - 00073664 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2017-05-09 13:50 - 2017-05-23 13:26 - 00096704 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2017-05-09 13:50 - 2017-05-23 13:26 - 00039360 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2017-05-09 13:50 - 2017-05-09 13:50 - 00002093 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2017-05-09 13:50 - 2017-05-09 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2017-05-09 13:50 - 2017-05-09 13:50 - 00000000 ____D C:\ProgramData\Malwarebytes
2017-05-09 13:50 - 2017-05-09 13:50 - 00000000 ____D C:\Program Files\Malwarebytes
2017-05-09 13:50 - 2017-03-22 11:02 - 00059904 _____ C:\WINDOWS\system32\Drivers\mbae.sys
2017-05-09 13:49 - 2017-05-09 13:49 - 60107896 _____ (Malwarebytes ) C:\Users\bryan\Downloads\mb3-setup-consumer-3.0.6.1469-10103.exe
2017-05-07 19:23 - 2017-05-07 19:25 - 00038468 _____ C:\Users\bryan\Downloads\Addition.txt
2017-05-07 19:20 - 2017-05-07 19:23 - 00061198 _____ C:\Users\bryan\Downloads\FRST.txt
2017-05-07 19:19 - 2017-06-04 16:09 - 00000000 ____D C:\FRST
2017-05-07 19:19 - 2017-05-07 19:19 - 01769984 _____ (Farbar) C:\Users\bryan\Downloads\FRST.exe
2017-05-07 12:36 - 2017-05-07 12:37 - 00000000 ____D C:\Users\bryan\Desktop\kyle go pro
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-06-04 16:14 - 2016-12-05 10:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-06-04 16:14 - 2016-12-05 09:35 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-06-04 15:57 - 2016-05-22 22:00 - 00000000 ____D C:\Users\bryan\AppData\Local\Packages
2017-06-04 13:43 - 2016-12-05 23:42 - 00000000 ____D C:\WINDOWS\Minidump
2017-06-04 13:43 - 2016-12-05 09:34 - 00000000 ___DC C:\WINDOWS\Panther
2017-06-04 13:43 - 2016-07-16 04:28 - 00000000 ____D C:\WINDOWS\INF
2017-06-04 11:43 - 2015-08-25 16:34 - 00000000 ____D C:\Users\bryan\Documents\Outlook Files
2017-06-04 10:32 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-06-03 10:00 - 2016-07-16 04:29 - 00000000 ___HD C:\Program Files\WindowsApps
2017-05-31 16:19 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\system32\appraiser
2017-05-31 16:19 - 2016-07-16 04:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2017-05-31 16:11 - 2015-08-25 16:34 - 00000000 ___RD C:\Users\bryan\iCloudDrive
2017-05-31 12:32 - 2016-12-05 09:42 - 02204390 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-05-31 11:28 - 2016-12-05 09:43 - 00000000 ____D C:\Users\bryan
2017-05-30 20:17 - 2014-10-25 11:55 - 00456360 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2017-05-26 13:50 - 2014-11-18 22:36 - 129479984 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2017-05-26 13:50 - 2014-11-18 22:36 - 00000000 ____D C:\WINDOWS\system32\MRT
2017-05-20 02:21 - 2017-05-02 03:12 - 00000000 ____D C:\WINDOWS\Microsoft Antimalware
2017-05-19 22:09 - 2016-07-15 22:22 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-05-18 19:49 - 2016-07-16 09:08 - 00000000 ____D C:\Users\bryan\Desktop\TPP DOCS
2017-05-18 15:33 - 2016-07-16 04:29 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-05-18 15:31 - 2016-07-16 04:29 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2017-05-18 15:31 - 2014-10-26 15:49 - 00000000 ____D C:\Program Files\Common Files\DESIGNER
2017-05-18 15:27 - 2014-10-26 15:45 - 00000000 ____D C:\Program Files\Microsoft Office
2017-05-13 00:19 - 2015-04-12 18:50 - 00000000 ____D C:\ProgramData\Browser
2017-05-12 23:07 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\rescache
2017-05-12 22:13 - 2014-10-25 12:34 - 00002218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2017-05-12 22:13 - 2014-10-25 12:34 - 00002206 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2017-05-11 11:33 - 2016-02-13 08:21 - 00000000 __RHD C:\Users\Public\AccountPictures
2017-05-11 11:30 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2017-05-11 10:50 - 2016-12-05 09:34 - 00353016 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2017-05-11 10:47 - 2016-07-16 04:29 - 00000000 ___SD C:\WINDOWS\system32\F12
2017-05-11 10:47 - 2016-07-16 04:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2017-05-11 10:47 - 2016-07-16 04:29 - 00000000 ___RD C:\Program Files\Windows Defender
2017-05-11 10:47 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2017-05-11 10:47 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2017-05-11 10:47 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2017-05-11 10:47 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\Provisioning
2017-05-11 10:47 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2017-05-11 10:47 - 2016-07-16 04:29 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2017-05-11 10:47 - 2016-07-15 22:22 - 00000000 ____D C:\WINDOWS\system32\Dism
2017-05-07 20:04 - 2016-09-28 11:46 - 00000000 ____D C:\Users\bryan\AppData\Local\ElevatedDiagnostics
2017-05-06 21:44 - 2016-07-16 04:29 - 00000000 ____D C:\WINDOWS\system32\NDF
2017-05-06 10:10 - 2017-05-02 18:54 - 00061035 _____ C:\Users\bryan\Desktop\HP Installation Error - Windows 8.hta
2017-05-06 09:59 - 2014-12-18 01:00 - 00673102 _____ C:\WINDOWS\hpoins40.dat
2017-05-06 09:56 - 2009-07-13 22:04 - 00000615 _____ C:\WINDOWS\win.ini
2017-05-06 09:02 - 2016-08-21 21:33 - 00673102 ____N C:\WINDOWS\hpoins40.dat.temp
 
==================== Files in the root of some directories =======
 
2015-04-11 17:46 - 2015-04-11 17:47 - 0039853 __RSH () C:\Program Files\DLS8Uninstall.log
2017-05-11 21:46 - 2017-05-11 21:46 - 0000017 _____ () C:\Users\bryan\AppData\Local\resmon.resmoncfg
2017-02-26 03:20 - 2017-02-26 03:20 - 0000000 _____ () C:\Users\bryan\AppData\Local\{52302042-43E6-4833-AC52-B770D68C40D8}
2015-09-02 15:02 - 2015-09-02 15:02 - 0000000 _____ () C:\Users\bryan\AppData\Local\{9BF062BA-FCBF-4822-ADFF-33E6B8F7A33F}
2014-12-18 01:00 - 2017-05-06 10:11 - 0010669 _____ () C:\ProgramData\hpzinstall.log
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
Additional scan result of Farbar Recovery Scan Tool (x86) Version: 02-06-2017
Ran by bryan (04-06-2017 16:21:38)
Running from C:\Users\bryan\Desktop
Microsoft Windows 10 Home Version 1607 (X86) (2016-12-05 14:19:20)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-191501728-1260249008-2198610037-500 - Administrator - Disabled)
bryan (S-1-5-21-191501728-1260249008-2198610037-1000 - Administrator - Enabled) => C:\Users\bryan
DefaultAccount (S-1-5-21-191501728-1260249008-2198610037-503 - Limited - Disabled)
Guest (S-1-5-21-191501728-1260249008-2198610037-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-191501728-1260249008-2198610037-1002 - Limited - Enabled)
Kids (S-1-5-21-191501728-1260249008-2198610037-1004 - Limited - Enabled) => C:\Users\Kids
Kristen (S-1-5-21-191501728-1260249008-2198610037-1003 - Administrator - Enabled) => C:\Users\Kristen
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
32 Bit HP CIO Components Installer (Version: 13.1.2 - Hewlett-Packard) Hidden
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 17.009.20044 - Adobe Systems Incorporated)
Adobe Flash Player 10 ActiveX (HKLM\...\{B7B3E9B3-FB14-4927-894B-E9124509AF5A}) (Version: 10.0.32.18 - Adobe Systems, Inc.)
AMD Catalyst Control Center (HKLM\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Catalyst Install Manager (HKLM\...\{430916C8-9522-61DB-4C65-354FF40982EA}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
AmericasCardroom (HKLM\...\296836EA-EF3A-4C36-8C13-3A6C1DB2D4BE) (Version: 16.6 - IGSoft)
ANT Drivers Installer x86 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{15A0A9A6-6CF0-4EEE-8E12-096B33F92CA7}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
B209a-m (Version: 140.0.690.000 - Hewlett-Packard) Hidden
Bonjour (HKLM\...\{D168AAD0-6686-47C1-B599-CDD4888B9D1A}) (Version: 3.1.0.1 - Apple Inc.)
BovadaPoker (HKLM\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E5}}_is1) (Version:   - )
BufferChm (Version: 140.0.212.000 - Hewlett-Packard) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.30 - Piriform)
Cisco AnyConnect Secure Mobility Client  (HKLM\...\Cisco AnyConnect Secure Mobility Client) (Version: 3.1.05170 - Cisco Systems, Inc.)
Cisco AnyConnect Secure Mobility Client (Version: 3.1.05170 - Cisco Systems, Inc.) Hidden
Coupon Printer for Windows (HKLM\...\Coupon Printer for Windows5.0.0.0) (Version: 5.0.0.0 - Coupons.com Incorporated)
Destinations (Version: 140.0.77.000 - Hewlett-Packard) Hidden
DeviceDiscovery (Version: 140.0.212.000 - Hewlett-Packard) Hidden
DYMO Label v.8 (HKLM\...\DYMO Label v.8) (Version: 8.5.1.1816 - Sanford, L.P.)
Elevated Installer (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM\...\{50755d67-ae60-4e47-b3d6-ce44d01b5a95}) (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries)
Garmin Express (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (Version: 4.0.15.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM\...\Google Chrome) (Version: 58.0.3029.110 - Google Inc.)
Google Earth (HKLM\...\{F6430171-B86B-4639-839E-374913E7911D}) (Version: 7.1.8.3036 - Google)
Google Toolbar for Internet Explorer (HKLM\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.8231.2252 - Google Inc.)
Google Toolbar for Internet Explorer (Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (Version: 1.3.33.3 - Google Inc.) Hidden
GPBaseService2 (Version: 140.0.211.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photo Creations (HKLM\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
HP Photosmart Plus B209a-m All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{B2DAB009-8236-48A0-AD7F-E940F5AB1578}) (Version: 14.0 - HP)
HP Smart Web Printing 4.60 (HKLM\...\HP Smart Web Printing) (Version: 4.60 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (Version: 1.00.0001 - Microsoft) Hidden
HPPhotoGadget (Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (Version: 140.0.212.000 - Hewlett-Packard) Hidden
HPSSupply (Version: 140.0.211.000 - Hewlett-Packard) Hidden
iCloud (HKLM\...\{C3867553-D9F8-416E-8F14-EFF234A48577}) (Version: 5.1.0.34 - Apple Inc.)
iFunbox (v3.0.3109.1352) (HKLM\...\iFunbox_is1) (Version: v3.0.3109.1352 - iFunbox DevTeam)
Ignition Casino (HKLM\...\{D7CA2DF8-95CE-4C80-9296-98E21219A1E4}}_is1) (Version:   - )
iTunes (HKLM\...\{558C7B3E-84D0-4215-96EA-29282037F69D}) (Version: 12.4.3.1 - Apple Inc.)
Java 8 Update 131 (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F32180131F0}) (Version: 8.0.1310.11 - Oracle Corporation)
Malwarebytes version 3.0.6.1469 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.6.1469 - Malwarebytes)
MarketResearch (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 16.0.7369.2130 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUS) (Version: 14.0.4734.1000 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-191501728-1260249008-2198610037-1000\...\OneDriveSetup.exe) (Version: 17.3.6799.0327 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x86) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x86)) (Version: 10.0.50903 - Microsoft Corporation)
MSXML 4.0 SP2 (KB954430) (HKLM\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
Network (Version: 140.0.215.000 - Hewlett-Packard) Hidden
Office 16 Click-to-Run Extensibility Component (Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (Version: 16.0.7369.2130 - Microsoft Corporation) Hidden
PS_AIO_06_B209a-m_SW_Min (Version: 140.0.690.000 - Hewlett-Packard) Hidden
QuickTime 7 (HKLM\...\{FF59BD75-466A-4D5A-AD23-AAD87C5FD44C}) (Version: 7.79.80.95 - Apple Inc.)
QuickTransfer (Version: 140.0.98.000 - Hewlett-Packard) Hidden
Samsung Printer Center (HKLM\...\Samsung Printer Center) (Version: 1.0.0.21 - Samsung Electronics Co., Ltd.)
Scan (Version: 140.0.80.000 - Hewlett-Packard) Hidden
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype Click to Call (HKLM\...\{873F8E7C-10E6-449F-BD7E-5FBA7C8E1C9B}) (Version: 8.5.0.9167 - Microsoft Corporation)
Skype™ 7.25 (HKLM\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.25.106 - Skype Technologies S.A.)
SmartWebPrinting (Version: 140.0.186.000 - Hewlett-Packard) Hidden
SolutionCenter (Version: 140.0.213.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-191501728-1260249008-2198610037-1000\...\Spotify) (Version: 0.9.15.27.g87efe634 - Spotify AB)
Status (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Toolbox (Version: 140.0.428.000 - Hewlett-Packard) Hidden
TrayApp (Version: 140.0.212.000 - Hewlett-Packard) Hidden
Uninstall Samsung Printer Software (HKLM\...\TotalUninstaller) (Version: 4.0.0.13 - Samsung Electronics CO., LTD.)
WebReg (Version: 140.0.212.017 - Hewlett-Packard) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
WinZip 18.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E2}) (Version: 18.5.11111 - WinZip Computing, S.L. )
Yahoo Search Set (HKLM\...\Yahoo! SearchSet) (Version:  - Yahoo Inc.)
Yahoo! Toolbar (HKLM\...\Yahoo! Companion) (Version:  - )
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0075C212-33FC-4FC9-97AA-D42656D627C0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {012CA27D-4164-467F-840C-21DA946D65C1} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2017-04-25] (Adobe Systems Incorporated)
Task: {0827FDE6-1D39-4E79-BD7D-1A90101F2D3A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1B345C7E-77CC-45C1-BA73-EF8990085C2A} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {24E5D595-070D-46B6-A362-6A2F199C5FF2} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2017-05-06] (Microsoft Corporation)
Task: {28360A58-4AD2-456C-8802-DBA9AF885E8A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {29D2F626-0DD4-450B-A063-971468A60581} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {2A1D45D5-4CAE-4132-98B1-06F4701BFCDF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2C49E6D5-2CB4-4F2C-BEB8-2229E942C93A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => %SystemRoot%\ehome\mcupdate.exe 
Task: {2EB8CF56-4C96-434F-B0D0-B991DE1ABE3C} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {3A95063F-75AA-47E7-97ED-01E3413BCC8F} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {3AB2B734-68B6-4D2C-9694-E9DF6DF2EFE2} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {3C01E2A5-AE15-46AD-9AA0-9ECC2F708DD4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {3C75E2C7-2B93-42F0-92A5-68176BFAFAB9} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-05-06] (Microsoft Corporation)
Task: {3ED8D523-0AA5-4E00-B440-809231BFDCEE} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {4633EFE2-0CD8-49C6-B1CC-8EFB379E8132} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => %windir%\ehome\MCUpdate.exe 
Task: {46396EAB-4109-4A48-BB2C-A6AC26556477} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {4F1D5844-28E4-4662-9343-C9A571F0498E} - System32\Tasks\GarminUpdaterTask => C:\Program Files\Garmin\Express Self Updater\ExpressSelfUpdater.exe 
Task: {55F2E223-3445-4DCB-8C21-5FBB8CEE8CA1} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {5913EDAB-E5E4-4C0F-9A01-B23044934121} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {5AEAD1B7-D54B-4DE0-940D-A2ED26B535AE} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {5EC29C89-309A-4E0D-8A60-BE54263CE2C2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {66EDB7DA-FF0E-4A1A-85FB-41DF8ACC7D78} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {6708F655-9EA5-44D1-A75A-DE80BD608A69} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {6DB5C4A0-CB37-4BB0-AB4B-8A8A583CAA48} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-05] (Microsoft Corporation)
Task: {6EBB3FD2-A124-4337-9A93-85339E414F8E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7ED7FEF5-8EA0-445C-8747-7ED15FEA0A69} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {8223C3B5-3B3A-4007-AB44-3C4535300409} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2017-05-05] (Microsoft Corporation)
Task: {85B5AB01-3FFD-4049-A311-6AC710A86A21} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {88B9FE6D-654E-4107-8DB8-287ACBF11225} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9C64321A-4D3B-47FF-9568-D9E7BD859A97} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A1860285-9A8A-4E76-A855-70BE189FFB7A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A60006B6-7987-48CF-B7AE-559D5A1AC479} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\bryan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe 
Task: {A8A6C4AD-2BD7-4716-B803-7640D24D02B0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {AC4C301D-BECE-4911-AE05-B320D6253F71} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => %SystemRoot%\ehome\mcupdate.exe 
Task: {B8898115-C61E-4B39-886B-459D0A8571FC} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe 
Task: {C017034D-54B1-4660-8E8F-D670367DC792} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {C4CDA869-EF12-4A96-8232-E02C50043FE4} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {C6AC1913-8819-4701-A53F-5F39555EFF69} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {CEACD934-FB57-4D57-885D-9CCA3DE619B3} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {D46706C3-1DB8-4C5B-A9B2-5E9436476184} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files\Microsoft Office\root\Office16\msoia.exe [2017-05-06] (Microsoft Corporation)
Task: {DBFD3DB2-488B-4C24-A1CB-051155210E29} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DD77FC03-E3EE-40DA-B3E1-B90CCE2B2904} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {E3C15440-CCFA-4C29-B2E5-1683782C1DD9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => %SystemRoot%\ehome\mcupdate.exe 
Task: {EC16033C-1429-4CBE-9EA9-F2AC5CD624EE} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => %SystemRoot%\ehome\ehrec.exe 
Task: {F09C5EDA-9009-4FAA-9BC6-221350C84736} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2017-05-19] (Piriform Ltd)
Task: {F0C79BEA-14C2-4B70-928D-637CF751E22B} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
Task: {F3AB1ED7-6745-4A59-A9AF-F59D53F85883} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
Task: {F4167EF9-9952-4E97-A09D-7C1DE4F9C742} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => %SystemRoot%\ehome\ehPrivJob.exe 
Task: {FB98395D-B9AF-4041-B9BA-FC9ECE19733F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\Users\bryan\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Brian - Chrome.lnk -> C:\Program Files\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 04:25 - 2016-07-16 04:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2017-05-10 20:58 - 2017-04-27 20:56 - 02048488 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2014-06-10 23:34 - 2014-06-10 23:34 - 00063400 _____ () C:\Program Files\Cisco\Cisco AnyConnect Secure Mobility Client\zlib1.dll
2010-03-11 03:35 - 2010-03-11 03:35 - 00026624 _____ () C:\WINDOWS\System32\sso4ml3.dll
2016-09-28 17:58 - 2015-03-11 22:43 - 00018432 _____ () C:\WINDOWS\System32\ux003lm.dll
2015-08-21 23:08 - 2015-08-21 23:08 - 00203776 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 08:10 - 2014-02-11 08:10 - 03854336 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-02-11 08:10 - 2014-02-11 08:10 - 00618496 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2015-08-21 23:08 - 2015-08-21 23:08 - 00114688 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-09-28 17:58 - 2016-09-28 17:58 - 00143664 _____ () C:\WINDOWS\system32\SecUPDUtilSvc.exe
2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 16:23 - 2016-07-05 16:23 - 01041208 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2017-05-09 13:50 - 2017-03-22 10:24 - 01736992 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-07-18 18:54 - 2017-05-05 16:58 - 08923840 _____ () C:\Program Files\Microsoft Office\root\Office16\1033\GrooveIntlResource.dll
2016-07-16 04:25 - 2016-07-16 04:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2017-03-15 13:10 - 2017-03-04 02:24 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2017-03-15 13:08 - 2017-03-04 02:04 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2017-03-15 13:08 - 2017-03-04 01:58 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-12-04 02:02 - 2016-12-04 02:02 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2017-05-10 20:57 - 2017-04-27 19:52 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2017-05-10 20:57 - 2017-04-27 19:52 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2017-05-10 20:57 - 2017-04-27 19:55 - 03158016 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-05 16:23 - 2016-07-05 16:23 - 00244536 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxslt.dll
2016-09-06 10:12 - 2015-07-27 21:45 - 00497152 _____ () C:\Program Files\i-Funbox DevTeam\exifext.dll
2015-08-21 23:08 - 2015-08-21 23:08 - 00095744 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2017-04-07 15:46 - 2017-03-28 22:04 - 02187096 _____ () C:\Program Files\Google\Chrome\Application\57.0.2987.133\libglesv2.dll
2017-04-07 15:46 - 2017-03-28 22:04 - 00086360 _____ () C:\Program Files\Google\Chrome\Application\57.0.2987.133\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 22:04 - 2009-06-10 17:39 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-191501728-1260249008-2198610037-1000\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKU\S-1-5-21-191501728-1260249008-2198610037-1000\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{7BDF983D-2708-4329-BAAD-956DEBDEC63A}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{067D61F1-5F8F-4B4E-BFFF-DE0065DFBF00}] => (Allow) C:\Program Files\Samsung\Samsung Printer Center\SamsungPrinterCenter.exe
FirewallRules: [{9454F0A1-B05D-4BD6-94FE-F689ABBF7BB0}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{E437411A-E2CA-4BD3-BA71-436AE48B383C}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{7EAE30B6-DCB8-41D1-A12A-B8A22FBA9A41}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{1C307108-3589-47D4-AAD9-0376CD41694D}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{95EF5E5A-3807-4787-8FD8-AE0B773464C0}] => (Allow) C:\Program Files\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{38410317-FE14-4C36-B86D-60D0624781C3}] => (Allow) C:\Windows\Microsoft.NET\Framework\v4.0.30319\SMSvcHost.exe
FirewallRules: [TCP Query User{A1B4595C-1AC3-4185-8CFA-D491B679EBD8}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [UDP Query User{9D20BD4E-9636-4C90-A79C-391DB4C8BA0E}C:\program files\connectify\connectify.exe] => (Allow) C:\program files\connectify\connectify.exe
FirewallRules: [{743D185A-E096-44A9-BA4F-54D53F818269}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{E9236473-19B8-4751-B172-C02B6F660B6E}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{5B86BF6C-B715-427F-A4FA-04AC29B4C1BD}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{65D33ADB-E672-4A6C-86C3-101CE12EB90B}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{1D2BDD16-0DBD-4882-AB10-E1209A721CCC}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{24BF85F3-C533-4FFF-BFF1-FEC5DBB72BD4}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{CDB0E10D-C3D0-4D68-B765-1A649FA9CD5D}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{BB89A69E-110D-4248-BD1F-8D3093797B91}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{F61D125C-A506-4D44-9821-0EF16F122D80}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{B131CB23-7078-491E-A70F-3437FB624C11}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{4CA0672D-624B-4DA8-A3FF-B352A1049879}] => (Allow) C:\Program Files\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{F5B5B2AA-5730-4721-B8C3-EBC6687F9588}] => (Allow) C:\Program Files\HP\hp software update\hpwucli.exe
FirewallRules: [{40257845-35A3-4905-BFA9-502B12DD7A82}] => (Allow) C:\Program Files\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{ED6BEB97-B13F-4FED-AEBB-593767D5D1C6}] => (Allow) C:\Program Files\File Type Assistant\TSAssist.exe
FirewallRules: [{FC1F1C40-9889-4B4E-8C8E-3B2717D55548}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{159B76CB-57CE-4968-BE75-E015EC645536}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{EDF99E1D-0D5F-41B4-A029-03C4B240389B}] => (Allow) C:\Program Files\Skype\Phone\Skype.exe
FirewallRules: [{E409D590-2270-4FC3-BFD8-D2D2576E4BCD}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{ABEB77AB-052E-4AFA-AD5C-5BD08CA8EF84}] => (Allow) C:\ProgramData\BlueStacksGameManager\OBS\HD-OBS.exe
FirewallRules: [{60E9BB51-FC50-4421-B5A4-4289795A6F0C}] => (Allow) C:\Program Files\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
Name: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Description: Cisco AnyConnect Secure Mobility Client Virtual Miniport Adapter for Windows
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Cisco Systems
Service: vpnva
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (06/04/2017 04:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 24
 
Error: (06/04/2017 04:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 23
 
Error: (06/04/2017 04:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 22
 
Error: (06/04/2017 04:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 21
 
Error: (06/04/2017 04:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 20
 
Error: (06/04/2017 04:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 19
 
Error: (06/04/2017 04:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 18
 
Error: (06/04/2017 04:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 17
 
Error: (06/04/2017 04:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 16
 
Error: (06/04/2017 04:20:01 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: ERROR: handle_resolve_request bad interfaceIndex 15
 
 
System errors:
=============
Error: (06/04/2017 04:16:50 PM) (Source: DCOM) (EventID: 10000) (User: BRIAN-PC)
Description: Unable to start a DCOM Server: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}. The error:
"2"
Happened while starting this command:
"C:\Program Files\Google\Update\1.3.33.3\GoogleUpdateOnDemand.exe" -Embedding
 
Error: (06/04/2017 04:16:31 PM) (Source: DCOM) (EventID: 10000) (User: BRIAN-PC)
Description: Unable to start a DCOM Server: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}. The error:
"2"
Happened while starting this command:
"C:\Program Files\Google\Update\1.3.33.3\GoogleUpdateOnDemand.exe" -Embedding
 
Error: (06/04/2017 04:16:18 PM) (Source: DCOM) (EventID: 10000) (User: BRIAN-PC)
Description: Unable to start a DCOM Server: {ABC01078-F197-4B0B-ADBC-CFE684B39C82}. The error:
"2"
Happened while starting this command:
"C:\Program Files\Google\Update\1.3.33.3\GoogleUpdateOnDemand.exe" -Embedding
 
Error: (06/04/2017 04:14:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/04/2017 04:14:54 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{6B3B8D23-FA8D-40B9-8DBD-B950333E2C52}
 and APPID 
{4839DDB7-58C2-48F5-8283-E1D1807D0D7D}
 to the user NT AUTHORITY\LOCAL SERVICE SID (S-1-5-19) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/04/2017 04:14:51 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (06/04/2017 04:14:47 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Garmin Device Interaction Service service failed to start due to the following error: 
The service did not respond to the start or control request in a timely fashion.
 
Error: (06/04/2017 04:14:47 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Garmin Device Interaction Service service to connect.
 
Error: (06/04/2017 04:14:17 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: 
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.
 
Error: (06/04/2017 04:13:43 PM) (Source: Microsoft-Windows-HAL) (EventID: 13) (User: NT AUTHORITY)
Description: The system watchdog timer was triggered.
 
 
CodeIntegrity:
===================================
  Date: 2017-06-04 16:18:04.908
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-04 16:18:04.904
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-04 15:59:49.115
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-04 15:59:49.110
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-04 15:57:46.161
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-04 15:57:46.155
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-04 10:58:06.374
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-03 10:23:52.657
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-06-02 10:51:21.709
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2017-05-30 20:37:53.705
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: AMD A6-3400M APU with Radeon™ HD Graphics
Percentage of memory in use: 51%
Total physical RAM: 3062.86 MB
Available physical RAM: 1485.81 MB
Total Virtual: 6134.86 MB
Available Virtual: 4044.87 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:110.81 GB) (Free:45.07 GB) NTFS
 
 

  • 0

Advertisements


#2
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hello bkp and :welcome:

My name is Bruce1270 and I will be helping you with your malware problem.

A few things before we get started.
  • Please read all instructions carefully. If there is anything you do not understand please ask me first before doing anything.
  • Please be patient. I am a volunteer who does this in my spare time so I will try to get back to you as soon as possible.
  • Please follow all instructions in the order given.
  • Please do not install any other software unless advised. This may hinder the removal process.
  • At the top of your post, please click on the "Follow this topic" button and make sure that the "Received notification" box is checked and set to "Instantly" This will send an email to you as soon as I reply to your topic, allowing us to solve your problem faster.
  • Please make sure you reply within 4 days to my responses, if there is no reply within 4 days, the topic will be closed and you will need to request the topic be reopened.


    Important!

    Please save or print off these instructions. Part of this fix may require you to be in safe mode where you will not be able to access the internet or my instructions!

    I would strongly recommend you back up your personal data and folders before we begin.
    Malware removal can be very long, complicated and may take multiple steps. I understand this may be frustrating but please stay with this topic until your machine is declared clean. The results will hopefully be very rewarding. :happy:
    As we go along please tell me how the computer is running now. Please be as descriptive as possible e.g. I'm still getting web redirects, I am unable to access the internet etc.

    OK. Let's move on.

    Advisory

    CCleaner - be careful with running programs like these. Particularly the registry cleaning function.
    A registry cleaner will not increase your system's speed or performance, and has the potential to break your registry to the point that your PC is no longer bootable.
    We strongly advise that people stay away from any of the registry cleaners out there.
    Go HERE to get more information about why registry cleaners aren't needed.

    Your system restore is disabled. If you did not do this yourself please turn it back on. How to do this can be found here.

    Step1 - Uninstall Programs

    Looks like Bonjour is causing some issues so please uninstall this.

    right-click the Start button and click Control Panel. Go to Programs and Features (if your Control Panel is in Category view, go to Uninstall a Program).
    Find the program you want to uninstall, click it to select it, and then click Uninstall.

    Step2 - FRST fix


    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system.

    Download the attached fixlist.txt to your desktop.Attached File  fixlist.txt   2.69KB   185 downloads
  • Ensure fixlist.txt is in the same location as FRST.exe on your desktop.
    FRSTfix_zpst41jgkuh.jpg
  • Run FRST by right clicking on it and selecting Run as Administrator and press Fix
  • On completion a log (fixlog.txt) will be generated.
  • Please select all text in this fix, copy (CTRL + C) and then Paste (CTRL + V) in your next reply.

  • 0

#3
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

Thank you I will try these steps over the next few days. I will respond with my results.

 

Thanks

 

BKP


  • 0

#4
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

Thank you for your assistance.

 

I remove the program: Bonjour  After I did the fix I tried to open a picture and again was doing the same thing. I had only one website open at the time and it was this page. I tired to use ctrl/alt/del to try and stop program from running. That didn't even come up and eventually the screen went black. Then I held the power button down to reset the computer and came straight here to post the log.

 

BKP

 

Fix result of Farbar Recovery Scan Tool (x86) Version: 12-06-2017
Ran by bryan (12-06-2017 22:53:15) Run:1
Running from C:\Users\bryan\Desktop
Loaded Profiles: bryan (Available Profiles: bryan & Kristen & Kids & DefaultAppPool)
Boot Mode: Normal
 
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
HKU\S-1-5-21-191501728-1260249008-2198610037-1000\...\MountPoints2: {a28ee5ae-bfff-11e6-b4f9-68a3c4bfc53b} - "E:\VZW_Software_upgrade_assistant.exe"
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Winsock: Catalog5 07 C:\Program Files\Bonjour\mdnsNSP.dll [122128 2015-08-12] (Apple Inc.)
SearchScopes: HKLM -> {DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} URL = 
FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [No File]
FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.33.3\npGoogleUpdate3.dll [No File]
U3 idsvc; no ImagePath
Task: {0827FDE6-1D39-4E79-BD7D-1A90101F2D3A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {28360A58-4AD2-456C-8802-DBA9AF885E8A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {2A1D45D5-4CAE-4132-98B1-06F4701BFCDF} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {3AB2B734-68B6-4D2C-9694-E9DF6DF2EFE2} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {3C01E2A5-AE15-46AD-9AA0-9ECC2F708DD4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {55F2E223-3445-4DCB-8C21-5FBB8CEE8CA1} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {6EBB3FD2-A124-4337-9A93-85339E414F8E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {7ED7FEF5-8EA0-445C-8747-7ED15FEA0A69} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {88B9FE6D-654E-4107-8DB8-287ACBF11225} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9C64321A-4D3B-47FF-9568-D9E7BD859A97} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A1860285-9A8A-4E76-A855-70BE189FFB7A} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {A8A6C4AD-2BD7-4716-B803-7640D24D02B0} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {DBFD3DB2-488B-4C24-A1CB-051155210E29} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DD77FC03-E3EE-40DA-B3E1-B90CCE2B2904} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {F0C79BEA-14C2-4B70-928D-637CF751E22B} - \Microsoft\Windows\Setup\gwx\rundetector -> No File <==== ATTENTION
C:\Program Files\Bonjour
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state on
Hosts:
EmptyTemp:
 
*****************
 
Error: (0) Failed to create a restore point.
Processes closed successfully.
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Bonjour\mDNSResponder.exe => No running process found
HKU\S-1-5-21-191501728-1260249008-2198610037-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{a28ee5ae-bfff-11e6-b4f9-68a3c4bfc53b} => key removed successfully.
HKLM\Software\Classes\CLSID\{a28ee5ae-bfff-11e6-b4f9-68a3c4bfc53b} => key not found. 
HKLM\SOFTWARE\Policies\Google => key removed successfully.
HKLM\SYSTEM\CurrentControlSet\Services\WinSock2\Parameters\NameSpace_Catalog5\Catalog_Entries\000000000007 => key removed successfully.
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key removed successfully.
HKLM\Software\Classes\CLSID\{DC91FAFB-6CEA-49E5-BB74-9CEE75D09B77} => key not found. 
HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=3 => key removed successfully.
HKLM\Software\MozillaPlugins\@tools.google.com/Google Update;version=9 => key removed successfully.
HKLM\System\CurrentControlSet\Services\idsvc => key removed successfully.
idsvc => service removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0827FDE6-1D39-4E79-BD7D-1A90101F2D3A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0827FDE6-1D39-4E79-BD7D-1A90101F2D3A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28360A58-4AD2-456C-8802-DBA9AF885E8A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28360A58-4AD2-456C-8802-DBA9AF885E8A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2A1D45D5-4CAE-4132-98B1-06F4701BFCDF} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A1D45D5-4CAE-4132-98B1-06F4701BFCDF} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3AB2B734-68B6-4D2C-9694-E9DF6DF2EFE2} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AB2B734-68B6-4D2C-9694-E9DF6DF2EFE2} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3C01E2A5-AE15-46AD-9AA0-9ECC2F708DD4} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3C01E2A5-AE15-46AD-9AA0-9ECC2F708DD4} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{55F2E223-3445-4DCB-8C21-5FBB8CEE8CA1} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55F2E223-3445-4DCB-8C21-5FBB8CEE8CA1} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{6EBB3FD2-A124-4337-9A93-85339E414F8E} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6EBB3FD2-A124-4337-9A93-85339E414F8E} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7ED7FEF5-8EA0-445C-8747-7ED15FEA0A69} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7ED7FEF5-8EA0-445C-8747-7ED15FEA0A69} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{88B9FE6D-654E-4107-8DB8-287ACBF11225} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{88B9FE6D-654E-4107-8DB8-287ACBF11225} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9C64321A-4D3B-47FF-9568-D9E7BD859A97} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9C64321A-4D3B-47FF-9568-D9E7BD859A97} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A1860285-9A8A-4E76-A855-70BE189FFB7A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A1860285-9A8A-4E76-A855-70BE189FFB7A} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8A6C4AD-2BD7-4716-B803-7640D24D02B0} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8A6C4AD-2BD7-4716-B803-7640D24D02B0} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DBFD3DB2-488B-4C24-A1CB-051155210E29} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DBFD3DB2-488B-4C24-A1CB-051155210E29} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DD77FC03-E3EE-40DA-B3E1-B90CCE2B2904} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DD77FC03-E3EE-40DA-B3E1-B90CCE2B2904} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F0C79BEA-14C2-4B70-928D-637CF751E22B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F0C79BEA-14C2-4B70-928D-637CF751E22B} => key removed successfully.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\rundetector => key removed successfully.
"C:\Program Files\Bonjour" => not found.
 
========= netsh advfirewall reset =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
Ok.
 
 
========= End of CMD: =========
 
 
========= netsh advfirewall set allprofiles state on =========
 
Initialization Function InitHelperDll in NSHHTTP.DLL failed to start with error code 11003
Ok.
 
 
========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
 
=========== EmptyTemp: ==========
 
BITS transfer queue => 4687748 B
DOMStoree, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 40146471 B
Java, Flash, Steam htmlcache => 729 B
Windows/system/drivers => 185939915 B
Edge => 1372 B
Chrome => 86753474 B
Firefox => 0 B
Opera => 0 B
 
Temp, IE cache, history, cookies, recent:
Default => 16674 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 128 B
LocalService => 66016 B
NetworkService => 8626270 B
bryan => 40174857 B
Kristen => 346449 B
Kids => 55060 B
DefaultAppPool => 33058 B
 
RecycleBin => 4192969 B
EmptyTemp: => 353.9 MB temporary data Removed.
 
================================
 
 
The system needed a reboot.
 
==== End of Fixlog 22:55:00 ====

  • 0

#5
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi bkp

Ok, next steps

Step1 - JRT removal tool

Download Junkware Removal Tool by Malwarebytes and save it to your desktop.

Important: Please disable your anti virus prior to running this program.. Advice on how to do this for your anti virus can be found here

1.Ensure all programs and windows are closed before proceeding.
2.Simply double-click the program icon to run it. It will ask for administrator privileges.
3.A black window will appear. Press any key to continue.
4.Wait for it to finish. It won't take long.
5.A log will automatically pop-up once done. Alternatively, you can find JRT.txt at your desktop.
6.Copy (CTRL + C) and paste (CTRL + V) the content of the log in your next reply.
7. Reboot your machine and enable your anti virus again.


Step2 - AdwCleaner



Download AdwCleaner from here to the Desktop
  • Close all open windows and browsers
  • Double click the Adwcleaner icon to execute the program
  • When the Tool opens for the first time accept the Terms of use
    adwcleaner1_zpsfhqm5c1w.jpg
  • Click the Scan button and wait for the program to finish.
  • Click on options
    adwcleaner2_zpsewujy48f.jpg
    tick to reset -
    winsock
    TCP/IP Settings
    IPSec
    IE policies
    Chrome policies
    Chrome preferences
  • When finished, please click Cleaning button.
  • when cleaning is finished, you may be prompted to restart your computer.
  • Upon completion, a log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.


    Step3 - Malwarebytes

    Double-click Malwarebytes and follow the prompts to update the program.

    Once the program has fully updated, Proceed with the Scan options and select "Threat Scan".

    The Scan Pane is the introduction to scan-related options in the program. When you click Scan in the Menu Pane, you will see the screen shown below.

    10a.png

    After a scan has been executed, scan results are displayed as shown below. In this scan, three threats were detected.

    13a.png

    Put a checkmark on all detected and click on "Quarantine Selected"

    18a.png

    Selected reports may be viewed on screen, or exported to a text file for later viewing. Please note that only manual (on demand) scans are available for users of the free version of Malwarebytes.

    19a.png

    Please note that an Export button is shown at the bottom left corner of this screen. This allows you to make a copy of the log for use by other programs. You may export to your clipboard or to a text (TXT) file. Export to a .txt file and post its contents.


    Things for your next post:
  • JRT.txt
  • AdwCleaner[C*].txt
  • MBAM log
  • How is the computer running now?

  • 0

#6
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

Hello,

 

I have noticed a file I had a bunch of photo's in are now gone off my desktop. I tried to open photo form a file I had and locked up my computer still. Had to power off by holding the power button down. Then once started back up had to do the same thing after trying to have the computer do a restart by itself. 

 

Thanks again for you help. I appreciated it.

 

BKP

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.3 (04.10.2017)
Operating System: Windows 10 Home x86 
Ran by bryan (Administrator) on Wed 06/14/2017 at 19:52:21.97
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 0 
 
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 06/14/2017 at 19:54:57.02
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
# AdwCleaner v6.047 - Logfile created 14/06/2017 at 20:26:15
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-14.4 [Server]
# Operating System : Windows 10 Home  (X86)
# Username : bryan - BRIAN-PC
# Running from : C:\Users\bryan\Desktop\adwcleaner_6.047.exe
# Mode: Scan
 
 
 
***** [ Services ] *****
 
No malicious services found.
 
 
***** [ Folders ] *****
 
Folder Found:  C:\Users\bryan\AppData\LocalLow\HPAppData
Folder Found:  C:\Users\bryan\AppData\Roaming\FinalTorrent
Folder Found:  C:\Users\Kristen\AppData\Local\FileTypeAssistant
Folder Found:  C:\Users\Kristen\AppData\Roaming\Yahoo!\Companion
Folder Found:  C:\ProgramData\Yahoo! Companion
Folder Found:  C:\ProgramData\Application Data\Yahoo! Companion
Folder Found:  C:\Program Files\FinalTorrent
Folder Found:  C:\Program Files\Yahoo!\Companion
Folder Found:  C:\Program Files\Yahoo!\yset
Folder Found:  C:\WINDOWS\system32\config\systemprofile\AppData\Local\FileTypeAssistant
 
 
***** [ Files ] *****
 
File Found:  C:\Program Files\Yahoo!\Common\unyt.exe
File Found:  C:\Users\Kristen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage
File Found:  C:\Users\Kristen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_www.superfish.com_0.localstorage-journal
File Found:  C:\Users\Kristen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
File Found:  C:\Users\Kristen\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage-journal
 
 
***** [ DLL ] *****
 
No malicious DLLs found.
 
 
***** [ WMI ] *****
 
No malicious keys found.
 
 
***** [ Shortcuts ] *****
 
No infected shortcut found.
 
 
***** [ Scheduled Tasks ] *****
 
No malicious task found.
 
 
***** [ Registry ] *****
 
Key Found:  HKLM\SOFTWARE\7b45aa5f-0c29-b6c5-5dab-e54ec151cf81
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found:  HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found:  HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin
Key Found:  HKLM\SOFTWARE\Classes\Yahoo.AntiSpyPlugin.6
Key Found:  HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin
Key Found:  HKLM\SOFTWARE\Classes\Yahoo.PopupBlockerPlugin.4
Key Found:  HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar
Key Found:  HKLM\SOFTWARE\Classes\YBrowserToolbar.YBrowserToolbar.1
Key Found:  HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin
Key Found:  HKLM\SOFTWARE\Classes\YCAPlugin.CAYASPlugin.1
Key Found:  HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin
Key Found:  HKLM\SOFTWARE\Classes\YMERemote.YMECompPlugin.1
Key Found:  HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl
Key Found:  HKLM\SOFTWARE\Classes\YPUBC.BlockerCtrl.1
Key Found:  HKLM\SOFTWARE\Classes\YPUBC.DataStore
Key Found:  HKLM\SOFTWARE\Classes\YPUBC.DataStore.1
Key Found:  HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler
Key Found:  HKLM\SOFTWARE\Classes\YPUBC.PUBHTMLEventHandler.1
Key Found:  HKLM\SOFTWARE\Classes\YPUBC.StringList
Key Found:  HKLM\SOFTWARE\Classes\YPUBC.StringList.1
Key Found:  HKLM\SOFTWARE\Classes\yt.CacheLoader
Key Found:  HKLM\SOFTWARE\Classes\yt.CacheLoader.1
Key Found:  HKLM\SOFTWARE\Classes\yt.Clickstream
Key Found:  HKLM\SOFTWARE\Classes\yt.Clickstream.1
Key Found:  HKLM\SOFTWARE\Classes\yt.YTHelper
Key Found:  HKLM\SOFTWARE\Classes\yt.YTHelper.2
Key Found:  HKLM\SOFTWARE\Classes\yt.YToolbarBand
Key Found:  HKLM\SOFTWARE\Classes\yt.YToolbarBand.1
Key Found:  HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl
Key Found:  HKLM\SOFTWARE\Classes\YTabBar.YTabBarControl.1
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBCustomizerAssistant.1
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant
Key Found:  HKLM\SOFTWARE\Classes\ytbbroker.YTBMessengerAssistant.1
Key Found:  HKLM\SOFTWARE\Classes\YTBM.YTBMButton
Key Found:  HKLM\SOFTWARE\Classes\YTBM.YTBMButton.1
Key Found:  HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF
Key Found:  HKLM\SOFTWARE\Classes\YTNavAssist.NameSpaceCF.1
Key Found:  HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP
Key Found:  HKLM\SOFTWARE\Classes\YTNavAssist.NameSpacePP.1
Key Found:  HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin
Key Found:  HKLM\SOFTWARE\Classes\YTNavAssist.YTNavAssistPlugin.1
Key Found:  HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance
Key Found:  HKLM\SOFTWARE\Classes\YTSingleInstance.SingleInstance.1
Key Found:  HKLM\SOFTWARE\Classes\AppID\{07CDAAD9-1226-4C6D-B774-C00E7B323484}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{1CAE874F-F5C7-4BCC-BA46-9AD26DF35B93}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{35860EFB-1589-4F32-A618-99E847A502B2}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{39DCCEAF-C749-4390-9953-527CF916935C}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{41D7CEE0-D91F-498C-BC88-4A6BEE46C2BC}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{7D831388-D405-4272-9511-A07440AD2927}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{9EDCCD11-960D-49AE-B523-C6B5AB7E1345}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{EB2BA65E-41F6-4F64-92A6-216CDFFDF577}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{EFC0651C-B6D7-49CD-A6E0-B1CE9AB5FE46}
Key Found:  HKLM\SOFTWARE\Classes\AppID\{FFFFE1D1-E40D-49a1-9622-BC59BD1879C3}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{1AA60054-57D9-4F99-9A55-D0FBFBE7ECD3}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{5A4E3A41-FA55-4BDA-AED7-CEBE6E7BCB52}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{81017EA9-9AA8-4A6A-9734-7AF40E7D593F}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{1147DC83-6208-4dca-8E88-DD45BAAB3043}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{11CB4723-D5A1-4a55-8D1D-5C2679D54CF5}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{1E57256D-9F39-4267-AB39-D7813D644C5A}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{31371420-098D-4C0E-A11E-EBEC2305DD01}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{37B8167C-B9A4-4316-94B2-67B64BB2BA7C}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{3A06AA27-D94B-48C2-BB55-9FD0FF2120E3}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{46140CE4-76FE-440E-AE88-4C2272BC05C7}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{6E40017D-FB6A-4804-BDE4-3BB09F1719C1}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9F9C4C5C-2BA8-4E00-A697-9F710BB1026B}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{B7A0E898-93E5-43f4-B99A-6C70B303699C}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{C60CCE95-6AF9-4E74-B66B-3212D19F1D2F}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{D40A62D1-8FC0-4F03-90C4-0DE03BE73A41}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{DDCED22E-D018-471D-9A5C-A4EA2F21133D}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{E1A2D448-6334-45ec-8800-6D7F71DC87FC}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{F51C15D4-3D0A-4DBA-A095-EBCC09F24DA2}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{F9A10D86-182A-4946-869B-70C3D109D14D}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{FBE30D66-39A2-4b72-8B43-6D4C335A6F34}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{6EB4349D-4333-442F-ACA4-4C72AF28B6ED}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{4E6354DE-9115-4AEE-BD21-C46C3E8A49DB}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{FC073BDA-C115-4A1D-9DF9-9B5C461482E5}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{8233093C-178B-484B-979E-3C6B5B147DBC}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{F56ACA29-1C99-40F1-AC64-2E44C4F6BC71}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{11D5E9EA-3117-4389-8E58-742F0975C980}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{12D3E096-0FDF-42CC-8F44-04944F9C1648}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{22389F39-2CF4-47C4-B8B2-273BB16BF70C}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{23E3CEB3-D63A-433E-A5D0-4DB1C501B915}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{26A3152F-CF87-4C5B-8093-4D4B9EC084EB}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{2723E96B-905F-4C64-8999-D868A08E6370}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{29E3319C-4B3C-479F-8692-BDD2CA30BEDD}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{2FCB4E7E-E5C7-4D07-BB2C-78DF2DA867AD}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{367BD1CD-74A3-451F-B1A4-6A2DE4129A2D}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{38552F25-8DED-4206-BB21-041EF53328F9}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{3D592FCB-FEFD-43A6-9A4F-BDE2D4607D07}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{49F018EE-F362-4B5B-8EC8-BCF9246ABF21}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{63B73044-FC1A-4FE1-991B-FDBD4CDAA868}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{67E5E37C-E6B8-4782-877D-E9437C4CD982}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{686D40BC-FA43-4317-8474-E634E6B487F2}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{7207E52B-821E-4C05-A8D6-2965B2BE77CF}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{863FCF5D-DC39-4DA9-AF32-CB0025990EEE}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{A310B105-FB7D-4497-A7E8-E046462B012F}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{B09E015A-4D4E-4F8D-A436-95E19140947D}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{B1E712C4-03AA-495F-B0F5-0F057E126E2A}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{D13DC65C-C77B-4986-9078-DEA3D34C71BB}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{DF522774-8CA0-4B15-A93A-5F61AB95DA1C}
Key Found:  HKLM\SOFTWARE\Classes\Interface\{F9A10D86-182A-4946-869B-70C3D109D14D}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{A2D733A7-73B0-4C6B-B0C7-06A432950B66}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{B722ED8B-0B38-408E-BB89-260C73BCF3D4}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{AD34BE7D-2603-43DD-8D1F-E4431D42C44E}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{B82D18E0-1649-48DE-92D7-AA89BBB5F0AD}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{D2EA97F6-6235-4B2D-B5AA-A4472B9CE557}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{003028C2-EA1C-4676-A316-B5CB50917002}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{0548C79F-7B8C-455D-B228-97D35371BB62}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{4A1E52AC-64F2-49E9-BFD7-0806D9494DBB}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{61A2027D-B837-4080-A925-6E30E10DEF32}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{78DB07DF-483E-4829-AB44-ED7952083584}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{8A1AB044-787D-4309-8410-709768E484AB}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{A2C55651-A23E-43CA-B63D-C10B99EFF7E0}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{A31F34A1-EBD2-45A2-BF6D-231C1B987CC8}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{FDAD4DA1-61A2-4FD8-9C17-86F7AC245081}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{02478D38-C3F9-4EFB-9B51-7695ECA05670}
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{EF99BD32-C1FB-11D2-892F-0090271D4F88}
Key Found:  HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}
Key Found:  HKU\.DEFAULT\Software\FileTypeAssistant
Key Found:  HKU\S-1-5-21-191501728-1260249008-2198610037-1000\Software\FileTypeAssistant
Key Found:  HKU\S-1-5-21-191501728-1260249008-2198610037-1000\Software\drpsu
Key Found:  HKU\S-1-5-21-191501728-1260249008-2198610037-1000\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKU\S-1-5-18\Software\FileTypeAssistant
Key Found:  HKCU\Software\FileTypeAssistant
Key Found:  HKCU\Software\drpsu
Key Found:  HKCU\Software\AppDataLow\Software\Yahoo\Companion
Key Found:  HKLM\SOFTWARE\{3A7D3E19-1B79-4E4E-BD96-5467DA2C4EF0}
Key Found:  HKLM\SOFTWARE\Yahoo\Companion
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Companion
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! Toolbar
Key Found:  HKLM\SOFTWARE\Classes\AppID\YMERemote.DLL
Key Found:  HKLM\SOFTWARE\Classes\AppID\YCAPlugin.DLL
Key Found:  HKLM\SOFTWARE\Classes\AppID\YPUBC.DLL
Key Found:  HKLM\SOFTWARE\Classes\AppID\yt.DLL
Key Found:  HKLM\SOFTWARE\Classes\AppID\YTabBar.DLL
Key Found:  HKLM\SOFTWARE\Classes\AppID\ytbbroker.EXE
Key Found:  HKLM\SOFTWARE\Classes\AppID\YTBM.DLL
Key Found:  HKLM\SOFTWARE\Classes\AppID\YTMsgr.DLL
Key Found:  HKLM\SOFTWARE\Classes\AppID\YTNavAssist.DLL
Key Found:  HKLM\SOFTWARE\Classes\AppID\YTSingleInstance.DLL
 
 
***** [ Web browsers ] *****
 
No malicious Firefox based browser items found.
Chrome pref Found:  [C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Web data] - lasaoren.com
Chrome pref Found:  [C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Web data] - vosteran.com
Chrome pref Found:  [C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Web data] - trovi.search
Chrome pref Found:  [C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ehjldlodmkdlooagebfnaghgmkfccipn
Chrome pref Found:  [C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - oilkkkefbalmbfppgjmgjoefbclebkce
Chrome pref Found:  [C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] - ask.com
Chrome pref Found:  [C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] - search.yahoo.com
Chrome pref Found:  [C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] - mystart.incredibar.com/mb185
Chrome pref Found:  [C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] - aol.com
Chrome pref Found:  [C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Profile 1\Secure Preferences ] - igjjkeeamkpihpncmmbgdkhdnjpcfmfb
Chrome pref Found:  [C:\Users\Kristen\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Kristen\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Kristen\AppData\Local\Google\Chrome\User Data\Default\Web data] - lasaoren.com
Chrome pref Found:  [C:\Users\Kristen\AppData\Local\Google\Chrome\User Data\Default\Web data] - vosteran.com
Chrome pref Found:  [C:\Users\Kristen\AppData\Local\Google\Chrome\User Data\Default\Web data] - trovi.search
Chrome pref Found:  [C:\Users\Kristen\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - booedmolknjekdopkepjjeckmjkdpfgl
Chrome pref Found:  [C:\Users\Kristen\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ehjldlodmkdlooagebfnaghgmkfccipn
Chrome pref Found:  [C:\Users\Kristen\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - flpcjncodpafbgdpnkljologafpionhb
Chrome pref Found:  [C:\Users\Kristen\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - oilkkkefbalmbfppgjmgjoefbclebkce
Chrome pref Found:  [C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web data] - aol.com
Chrome pref Found:  [C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Web data] - ask.com
Chrome pref Found:  [C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences ] - ehjldlodmkdlooagebfnaghgmkfccipn
 
[!] You may need to disable the Chrome synchronization from your Google account in order to fully remove the malicious preferences. Please consult this Google help: https://support.goog...r/3097271?hl=en[!]
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[S0].txt - [16906 Bytes] - [14/06/2017 20:26:15]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [16980 Bytes] ##########
 
 
Malwarebytes
www.malwarebytes.com
 
-Log Details-
Scan Date: 6/14/17
Scan Time: 8:36 PM
Logfile: MBAM Log.txt
Administrator: Yes
 
-Software Information-
Version: 3.0.6.1469
Components Version: 1.0.103
Update Package Version: 1.0.2153
License: Free
 
-System Information-
OS: Windows 10
CPU: x86
File System: NTFS
User: BRIAN-PC\bryan
 
-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382935
Time Elapsed: 31 min, 22 sec
 
-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
-Scan Details-
Process: 0
(No malicious items detected)
 
Module: 0
(No malicious items detected)
 
Registry Key: 0
(No malicious items detected)
 
Registry Value: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Data Stream: 0
(No malicious items detected)
 
Folder: 0
(No malicious items detected)
 
File: 0
(No malicious items detected)
 
Physical Sector: 0
(No malicious items detected)
 
 
(end)

  • 0

#7
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

After I posted my last post my computer recommended a scan with windows defender. I did that and left it over night and it never finished the scan. The bar was about 1/4 from completion. 


  • 0

#8
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Hi bkp

Ok, if Win defender is still running please stop the scan.

then unsync google chrome

1. Open your Google Dashboard. Make sure that you are signed in to your Google account.
2. Click Reset sync to stop syncing and clear all of your synced data.
3. Click OK.

then re run AdwCleaner.
  • Click the Scan button and wait for the program to finish.
  • Click on options
    adwcleaner2_zpsewujy48f.jpg
    tick to reset -
    TCP/IP Settings
    IPSec
    IE policies
    Chrome policies
    Chrome preferences
  • When finished, please click Cleaning button.
  • when cleaning is finished, you may be prompted to restart your computer.
  • Upon completion, a log (AdwCleaner[C*].txt) will open.
  • Please copy and paste this in your next reply.

  • 0

#9
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

I did the last step. Had only found 2 threats. It completed and did try and do a auto restart however after 20 minutes of saying it was restarting I did a hard reset. Computer rebooted and had some updates. Showed log below.

 

 

Thanks

 

BKP

 

# AdwCleaner v6.047 - Logfile created 16/06/2017 at 22:13:39
# Updated on 19/05/2017 by Malwarebytes
# Database : 2017-06-16.2 [Local]
# Operating System : Windows 10 Home  (X86)
# Username : bryan - BRIAN-PC
# Running from : C:\Users\bryan\Desktop\adwcleaner_6.047.exe
# Mode: Clean
 
 
 
***** [ Services ] *****
 
 
 
***** [ Folders ] *****
 
 
 
***** [ Files ] *****
 
 
 
***** [ DLL ] *****
 
 
 
***** [ WMI ] *****
 
 
 
***** [ Shortcuts ] *****
 
 
 
***** [ Scheduled Tasks ] *****
 
 
 
***** [ Registry ] *****
 
 
 
***** [ Web browsers ] *****
 
[-] [C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com
 
 
*************************
 
:: "Tracing" keys deleted
:: Winsock settings cleared
:: TCP/IP settings cleared
:: IE policies deleted
:: Chrome policies deleted
!! Chrome preferences not reset: C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Default
:: Chrome preferences reset: C:\Users\bryan\AppData\Local\Google\Chrome\User Data\Profile 1
!! Chrome preferences not reset: C:\Users\Kristen\AppData\Local\Google\Chrome\User Data\Default
!! Chrome preferences not reset: C:\Users\Kids\AppData\Local\Google\Chrome\User Data\Default
 
*************************
 
C:\AdwCleaner\AdwCleaner[C0].txt - [18184 Bytes] - [14/06/2017 20:29:44]
C:\AdwCleaner\AdwCleaner[C2].txt - [1510 Bytes] - [16/06/2017 22:13:39]
C:\AdwCleaner\AdwCleaner[S0].txt - [17060 Bytes] - [14/06/2017 20:26:15]
C:\AdwCleaner\AdwCleaner[S1].txt - [1290 Bytes] - [16/06/2017 22:09:21]
C:\AdwCleaner\AdwCleaner[S2].txt - [1751 Bytes] - [16/06/2017 22:11:26]
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [1803 Bytes] ##########

  • 0

#10
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
hi bkp

Step1 - Emsisoft Emergency Kit
  • Download the Emsisoft Emergency Kit and execute it. From there, click on the Extract button to extract the program in the EEK folder;
  • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program. Click on Yes to launch it.
  • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
  • Once the scan is complete, if items are detected make sure that every item in the list is checked, and click on Quarantine selected;
    Egla2gt_zps9rvyqyyd.png
  • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
  • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
  • This time, click on Logs;
  • From there, go under the Quarantine Log tab, and click on the Export button;
    IgfWDr3_zpsnumgwse6.png
  • Save the log on your desktop, then open it, and copy/paste its content in your next reply;

  • 0

Advertisements


#11
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

Hello,

 

Seems as if it is locked at 64%. I stopped the scan once and restarted and locked up again at 64%. I still have it continuing at this moment. It seems to be stuck at c:\Pharaoh.exe I was going to show a screenshot but can't seem to find a way to add photo to post.

 

BKP


  • 0

#12
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

Here we go found it!

 

BKPscreenshot.jpg


  • 0

#13
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Ok, can you run it and leave and see if the job completes.
  • 0

#14
bkp

bkp

    Member

  • Topic Starter
  • Member
  • PipPip
  • 87 posts

It has been running for over an hour and still no change!

 

BKP


  • 0

#15
Bruce1270

Bruce1270

    Trusted Helper

  • Malware Removal
  • 1,714 posts
Ok. Stop the scan meantime. Can you check the C drive and see if the file zPharoah.exe is actually present?
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP