Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Corinne (2016-01-23 20:39:52)
Running from C:\Users\Corinne\Desktop
Windows 10 Pro (X64) (2015-12-11 10:09:26)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3611819408-1750479240-3027513373-500 - Administrator - Disabled)
Corinne (S-1-5-21-3611819408-1750479240-3027513373-1000 - Administrator - Enabled) => C:\Users\Corinne
DefaultAccount (S-1-5-21-3611819408-1750479240-3027513373-503 - Limited - Disabled)
Guest (S-1-5-21-3611819408-1750479240-3027513373-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Spybot - Search and Destroy (Enabled - Out of date) {1A0DDE8C-B4BA-EFDD-22A8-0F557C7985F0}
AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.3.0 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.5.0 (x86 en-US)) (Version: 38.5.0 - Mozilla)
Mozilla Thunderbird 38.5.1 (x86 en-US) (HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\Mozilla Thunderbird 38.5.1 (x86 en-US)) (Version: 38.5.1 - Mozilla)
Opera Stable 34.0.2036.50 (HKLM-x32\...\Opera 34.0.2036.50) (Version: 34.0.2036.50 - Opera Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Corinne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {1CCA805E-90FB-41D7-B921-610BA22003E3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-19] (Microsoft Corporation)
Task: {3E7AF226-071E-4980-A698-B7FF2826B875} - System32\Tasks\Opera scheduled Autoupdate 1446916789 => C:\Program Files (x86)\Opera\launcher.exe [2016-01-18] (Opera Software)
Task: {9526477D-1FA2-44D1-876B-49FCCAB3F606} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {95E78B6A-CD02-4A66-A90B-8BFE559D1A6C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe [2016-01-19] (Adobe Systems Incorporated)
Task: {ADF2A0F0-28D4-4044-A9A4-B5022F30E16B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {B8A541D8-126D-43D0-A242-8A3AD16C255D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {C55C14AB-2F0F-4CD3-9315-5B15A833484B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated)
Task: {F47F2896-5E71-4A90-98D6-A8D53894270D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-11 07:48 - 2015-12-11 07:48 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-11 07:48 - 2015-12-11 07:48 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-17 22:55 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-17 22:55 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-16 03:02 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-16 03:02 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-16 03:02 - 2016-01-04 20:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-16 03:02 - 2016-01-04 20:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-09-27 18:55 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-27 18:55 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-27 18:55 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-22 00:57 - 2016-01-22 00:57 - 61568120 _____ () C:\Program Files (x86)\Opera\34.0.2036.50\opera.dll
2016-01-22 00:57 - 2016-01-22 00:57 - 01983096 _____ () C:\Program Files (x86)\Opera\34.0.2036.50\libglesv2.dll
2016-01-22 00:57 - 2016-01-22 00:57 - 00081528 _____ () C:\Program Files (x86)\Opera\34.0.2036.50\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7868 more sites.
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\123simsen.com -> www.123simsen.com
There are 7868 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-09-19 01:02 - 2016-01-23 13:28 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Corinne\AppData\Local\Microsoft\Windows\Themes\img19.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
05-01-2016 23:04:23 Windows Update
19-01-2016 19:36:36 Windows Update
19-01-2016 21:26:24 JRT Pre-Junkware Removal
19-01-2016 21:28:52 JRT Pre-Junkware Removal
23-01-2016 13:27:46 Restore Point Created by FRST
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/23/2016 01:27:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (01/23/2016 01:27:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a144a7fe-cbe3-457c-9c8d-202c82508ca2}
Error: (01/23/2016 12:41:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/22/2016 02:12:36 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/20/2016 11:12:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/19/2016 09:28:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (01/19/2016 09:26:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (01/19/2016 07:56:06 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/19/2016 07:36:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (01/19/2016 10:18:00 AM) (Source: ESENT) (EventID: 412) (User: )
Description: %1 (%2) %3Unable to read the header of logfile %4. Error %5.
System errors:
=============
Error: (01/23/2016 05:17:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_268c8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (01/23/2016 03:53:03 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (01/23/2016 02:52:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_25fd9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (01/23/2016 01:28:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1c0875e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (01/23/2016 01:28:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (01/23/2016 01:27:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (01/23/2016 01:27:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (01/23/2016 01:27:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (01/23/2016 01:27:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
Error: (01/23/2016 12:30:18 PM) (Source: DCOM) (EventID: 10016) (User: Corinne-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Corinne-PCCorinneS-1-5-21-3611819408-1750479240-3027513373-1000LocalHost (Using LRPC)Microsoft.WindowsStore_2015.25.15.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157
CodeIntegrity:
===================================
Date: 2016-01-19 21:28:58.202
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:26:43.214
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:21:05.762
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:17:28.435
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:13:54.626
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:11:47.952
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:06:10.502
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:06:05.858
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:05:04.917
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:04:48.901
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 16%
Total physical RAM: 8103.23 MB
Available physical RAM: 6748.74 MB
Total Virtual: 9383.23 MB
Available Virtual: 8078.65 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.22 GB) (Free:440.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E85AD74F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Corinne (administrator) on CORINNE-PC (23-01-2016 20:39:19)
Running from C:\Users\Corinne\Desktop
Loaded Profiles: Corinne (Available Profiles: Corinne)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.50\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.50\opera.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\RunOnce: [Uninstall C:\Users\Corinne\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Corinne\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{b0bd7e33-ea32-450a-9299-30cc53ef45df}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-23] (Oracle Corporation)
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-23] (Oracle Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-18]
CHR Extension: (Google Drive) - C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-18]
CHR Extension: (YouTube) - C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-18]
CHR Extension: (Google Search) - C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-18]
CHR Extension: (Gmail) - C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-18]
Opera:
=======
OPR StartupUrls: "hxxp://msn.com/"
OPR Session Restore: -> is enabled.
OPR Extension: (Adblock Fast) - C:\Users\Corinne\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhobddcbiabdfjmomildokiglpmdicc [2015-11-23]
OPR Extension: (Adblock Plus) - C:\Users\Corinne\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-01-07]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-23] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [65576 2015-06-16] (Safer-Networking Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-22 22:36 - 2016-01-20 00:17 - 00449968 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160122-223622.backup
2016-01-19 21:27 - 2016-01-19 21:30 - 00000556 _____ C:\Users\Corinne\Desktop\JRT.txt
2016-01-19 21:06 - 2016-01-20 19:00 - 00000000 ____D C:\AdwCleaner
2016-01-19 21:01 - 2016-01-23 13:28 - 00001271 _____ C:\Users\Corinne\Desktop\Fixlog.txt
2016-01-19 20:57 - 2016-01-19 21:25 - 01600184 _____ (Malwarebytes) C:\Users\Corinne\Downloads\JRT.exe
2016-01-19 20:56 - 2016-01-19 21:06 - 01505280 _____ C:\Users\Corinne\Downloads\AdwCleaner.exe
2016-01-16 17:17 - 2016-01-16 17:17 - 00002431 _____ C:\Users\Corinne\Desktop\aswMBR.txt
2016-01-16 16:52 - 2016-01-23 20:39 - 00007845 _____ C:\Users\Corinne\Desktop\FRST.txt
2016-01-16 16:51 - 2016-01-21 20:05 - 00023699 _____ C:\Users\Corinne\Desktop\Addition.txt
2016-01-16 16:44 - 2016-01-16 16:45 - 00023679 _____ C:\Users\Corinne\Downloads\Addition.txt
2016-01-16 16:43 - 2016-01-23 20:39 - 00000000 ____D C:\FRST
2016-01-16 16:43 - 2016-01-16 16:45 - 00026341 _____ C:\Users\Corinne\Downloads\FRST.txt
2016-01-16 16:40 - 2016-01-16 16:40 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-CORINNE-PC-Windows-10-Pro-(64-bit).dat
2016-01-16 16:40 - 2016-01-16 16:40 - 00000000 ____D C:\RegBackup
2016-01-16 16:39 - 2016-01-16 16:39 - 00002312 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-01-16 16:39 - 2016-01-16 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-01-16 16:39 - 2016-01-16 16:39 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-01-16 16:38 - 2016-01-16 16:39 - 00016401 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-01-16 16:34 - 2016-01-16 16:38 - 04777232 _____ (Tweaking.com) C:\Users\Corinne\Downloads\tweaking.com_registry_backup_setup.exe
2016-01-16 16:33 - 2016-01-16 16:42 - 02370560 _____ (Farbar) C:\Users\Corinne\Desktop\FRST64.exe
2016-01-16 16:32 - 2016-01-16 16:53 - 05198336 _____ (AVAST Software) C:\Users\Corinne\Downloads\aswMBR.exe
2016-01-16 03:02 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-16 03:02 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-16 03:02 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-16 03:02 - 2016-01-04 21:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-16 03:02 - 2016-01-04 21:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-16 03:02 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-16 03:02 - 2016-01-04 21:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-16 03:02 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-16 03:02 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-16 03:02 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-16 03:02 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-16 03:02 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-16 03:02 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-16 03:02 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-16 03:02 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-16 03:02 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-16 03:02 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-16 03:02 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-16 03:02 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-16 03:02 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-16 03:02 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-16 03:02 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-16 03:02 - 2016-01-04 20:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-16 03:02 - 2016-01-04 20:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-16 03:02 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-16 03:02 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-16 03:02 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-16 03:02 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-16 03:02 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-16 03:02 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-16 03:02 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-16 03:02 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-16 03:02 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-16 03:02 - 2016-01-04 20:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-16 03:02 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-16 03:02 - 2016-01-04 20:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-16 03:02 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-16 03:02 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-16 03:02 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-16 03:02 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-16 03:02 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-16 03:02 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-16 03:02 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-16 03:02 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-16 03:02 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-16 03:02 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-16 03:02 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-16 03:02 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-16 03:02 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-16 03:02 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-16 03:02 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-16 03:02 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-16 03:02 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-16 03:02 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-16 03:02 - 2016-01-04 20:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-16 03:02 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-16 03:02 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-16 03:02 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-16 03:02 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-16 03:02 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-16 03:02 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-16 03:02 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-16 03:02 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-16 03:02 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-16 03:02 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-16 03:02 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-16 03:02 - 2016-01-04 20:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-16 03:02 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-16 03:02 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-16 03:02 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-16 03:02 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-16 03:02 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-16 03:02 - 2016-01-04 20:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-16 03:02 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-16 01:01 - 2016-01-16 01:02 - 00062360 _____ C:\TDSSKiller.3.1.0.9_16.01.2016_01.01.39_log.txt
2016-01-16 01:00 - 2016-01-16 01:01 - 04633146 _____ C:\Users\Corinne\Downloads\tdsskiller (1).zip
2016-01-16 01:00 - 2016-01-16 01:00 - 00000366 _____ C:\TDSSKiller.3.0.0.44_16.01.2016_01.00.28_log.txt
2016-01-09 13:00 - 2016-01-09 13:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-12-29 02:26 - 2015-12-29 02:26 - 02560144 _____ (Microsoft Corporation) C:\Users\Corinne\Downloads\DefaultPack (2).EXE
2015-12-28 22:03 - 2015-12-28 22:03 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2015-12-28 22:00 - 2015-12-28 22:02 - 58082952 _____ (Microsoft Corporation) C:\Users\Corinne\Downloads\EIE11_EN-US_MCM_WIN764 (1).EXE
2015-12-28 21:40 - 2015-12-28 21:40 - 00584288 _____ (Oracle Corporation) C:\Users\Corinne\Downloads\JavaSetup8u66 (2).exe
2015-12-28 21:39 - 2015-12-28 21:40 - 00584288 _____ (Oracle Corporation) C:\Users\Corinne\Downloads\JavaSetup8u66 (1).exe
2015-12-28 18:38 - 2016-01-19 19:38 - 19604160 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-23 20:38 - 2015-10-03 15:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-23 19:06 - 2015-10-03 15:29 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-01-23 18:52 - 2015-10-03 15:30 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8884C0D3-6CBD-4E47-9640-E7E1C4272A96}
2016-01-23 18:09 - 2015-10-25 20:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-23 17:24 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-23 17:24 - 2015-09-18 21:28 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-23 17:18 - 2015-12-11 05:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-23 17:17 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-23 14:51 - 2015-09-20 20:05 - 00000000 ____D C:\ProgramData\Oracle
2016-01-23 14:51 - 2015-09-20 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-23 14:50 - 2015-10-03 15:39 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-01-23 14:50 - 2015-09-20 20:05 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-23 14:50 - 2015-09-17 19:37 - 00000000 ____D C:\Users\Corinne\.oracle_jre_usage
2016-01-22 21:17 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-22 00:57 - 2015-11-07 12:19 - 00003960 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1446916789
2016-01-22 00:57 - 2015-11-07 12:19 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-01-22 00:57 - 2015-09-18 23:07 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-21 20:05 - 2015-10-30 01:28 - 00000000 ____D C:\Windows
2016-01-21 19:25 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-19 21:18 - 2015-09-27 18:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-19 21:02 - 2015-12-11 04:59 - 00000000 ____D C:\Users\Corinne
2016-01-19 21:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-19 21:01 - 2012-04-06 21:14 - 00000000 ____D C:\Users\Corinne\AppData\LocalLow\Temp
2016-01-19 19:38 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-19 19:38 - 2015-10-03 15:29 - 00004032 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-01-19 19:38 - 2015-09-19 01:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-19 19:37 - 2015-10-03 16:25 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-16 01:00 - 2015-07-21 19:55 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Corinne\Downloads\tdsskiller (1).exe
2016-01-15 23:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-01-10 14:41 - 2015-09-18 21:25 - 00000000 ____D C:\Users\Corinne\AppData\Local\Packages
2016-01-10 14:27 - 2015-10-03 21:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-29 20:53 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-29 20:50 - 2011-08-16 13:34 - 60296312 _____ C:\Users\Corinne\Downloads\eppx-win-4_0_0-en.exe
2015-12-28 18:38 - 2015-10-03 15:29 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
==================== Files in the root of some directories =======
2015-12-11 04:56 - 2015-12-11 04:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Corinne\AppData\Local\Temp\jre-8u71-windows-au.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-22 21:51
==================== End of FRST.txt ============================
Ken spybot was working on updating before this came back & now I can't update it - makes me wonder if this is caused by virus? Thanks for your help.