PDA

View Full Version : slow computer and pop ups



ckingcin63
2016-12-14, 08:04
My computer is very slow and I get multiple pop ups when surfing the web. below is my log.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
Ran by Cindy (administrator) on CINDY-PC (13-12-2016 23:53:28)
Running from C:\Users\Cindy\Desktop
Loaded Profiles: Cindy & DefaultAppPool (Available Profiles: Cindy & DefaultAppPool)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(iWin Inc.) C:\Program Files (x86)\iWin Games\iWinTrusted.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(iWin Inc.) C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
() C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
(Cuddeback Digital) C:\Program Files (x86)\Trophy Room\Cuddeback_Update.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
(TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
(Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
HKLM\...\Run: [LifeChat] => C:\Program Files\Microsoft LifeChat\LifeChat.exe [371712 2009-09-24] (Microsoft Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-06] (Microsoft Corporation)
HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-06-23] (Adobe Systems Inc.)
HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2687488 2015-09-29] (Sony Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\...\Policies\system: [DisableLockWorkstation] 0
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
Startup: C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to Cuddeback_Update.exe.lnk [2015-05-18]
ShortcutTarget: Shortcut to Cuddeback_Update.exe.lnk -> C:\Users\Cindy\AppData\Roaming\Microsoft\Installer\{2A1BF350-9776-497F-883F-B0137902ECA6}\_376BD021929A5C038DC913.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{17ccf5b8-75d6-4a3a-8998-1989bba8a3f0}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{4874eab2-9245-46cf-8ed2-d03e8d236b5e}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{bb1e11d5-94de-4e23-86fa-34a0ccaf84f5}: [DhcpNameServer] 192.168.0.1
Tcpip\..\Interfaces\{bfb53060-0e61-47c4-a5ef-797d69d1810d}: [DhcpNameServer] 192.168.0.1 192.168.0.1

Internet Explorer:
==================
HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKLM -> {9A570A82-66DD-4CA2-AEFB-1AF1027C1A43} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKLM-x32 -> {9A570A82-66DD-4CA2-AEFB-1AF1027C1A43} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> {6D477F41-76F8-4565-A340-8F4CD377BDE0} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS486
SearchScopes: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> {9A570A82-66DD-4CA2-AEFB-1AF1027C1A43} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
SearchScopes: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> {B8B8A03B-F528-4FF2-B089-457284109C28} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-23] (Oracle Corporation)
BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-23] (Oracle Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - mefeediaTest - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll No File
Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
Toolbar: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
Toolbar: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
DPF: HKLM-x32 {05D44720-58E3-49E6-BDF6-D00330E511D3} hxxp://zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
DPF: HKLM-x32 {9BDF4724-10AA-43D5-BD15-AEA0D2287303} hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab102118.cab
DPF: HKLM-x32 {C82BB209-F528-46F9-96D5-69DEF7260916} hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)

FireFox:
========
FF ProfilePath: C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default [2016-12-13]
FF DefaultSearchEngine: Mozilla\Firefox\Profiles\knx140lm.default -> Yahoo
FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\knx140lm.default -> Google
FF SelectedSearchEngine: Mozilla\Firefox\Profiles\knx140lm.default -> Google
FF Homepage: Mozilla\Firefox\Profiles\knx140lm.default -> hxxp://www.msn.com/?pc=U142&ocid=U142DHP
FF NetworkProxy: Mozilla\Firefox\Profiles\knx140lm.default -> no_proxies_on", "localhost,127.0.0.1"
FF Extension: (convert2mp3.net YouTube2MP3 Converter) - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\Extensions\info@convert2mp3.net.xpi [2016-05-16]
FF Extension: (Search and New Tab by Yahoo) - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-11-26]
FF Extension: (Forecastfox) - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2016-05-16]
FF Extension: (entrusted11 ) - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\Extensions\{77beece6-3997-403a-92fa-0055bfcf88e5} [2014-11-20] [not signed]
FF Extension: (ArcadeYum) - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\Extensions\{C7928956-827D-4649-A234-BB758377C005}.xpi [2015-09-17]
FF SearchPlugin: C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\searchplugins\ask-web-search.xml [2016-02-02]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-10-07]
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-27] ()
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 -> C:\windows\system32\npdeployJava1.dll [2012-07-12] (Sun Microsystems, Inc.)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-27] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-23] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-26] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-26] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2012-11-07] ()
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
FF Plugin HKU\S-1-5-21-4015324910-1557653689-3941867134-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cindy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)

Chrome:
=======
CHR DefaultProfile: Default
CHR HomePage: Default -> hxxp://msn.com/
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=U142&ocid=U142DHP","hxxp://mymsn.com/"
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => No File
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
CHR Plugin: (ArcadeCandy Textlinks Plugin) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\1.24.366_0\npCandyx.dll => No File
CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll => No File
CHR Plugin: (Windows Live\™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Profile: C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default [2016-11-09]
CHR Extension: (Google Drive) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
CHR Extension: (YouTube) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]
CHR Extension: (Google Search) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
CHR Extension: (Adobe Acrobat) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-10-06]
CHR Extension: (Google Docs Offline) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-07]
CHR Extension: (SaveDailyDeals) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbdpeojilomanppfkafnnglkjpkpajf [2015-01-30]
CHR Extension: (Colorfull Sun Set) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iknflcjkkahjgichcidlfcalplplegii [2014-08-12]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-07]
CHR Extension: (ArcadeCandy) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac [2015-01-18]
CHR Extension: (ArcadeFrontier Ads) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl [2016-11-05]
CHR Extension: (Gmail) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR Extension: (Chrome Media Router) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05]
CHR Profile: C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-02-10]
CHR Profile: C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1 [2015-02-10]
CHR Extension: (Google Slides) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08]
CHR Extension: (Google Docs) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
CHR Extension: (Google Drive) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08]
CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-08]
CHR Extension: (YouTube) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08]
CHR Extension: (Google Search) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08]
CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-02-08]
CHR Extension: (Google Sheets) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08]
CHR Extension: (Google Wallet) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08]
CHR Extension: (Gmail) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08]
CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-06-23]

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
R2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [519920 2012-09-06] (iWin Inc.)
R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [496128 2015-09-29] (Sony Corporation)
R2 SNMP; C:\WINDOWS\System32\snmp.exe [53248 2016-10-14] (Microsoft Corporation)
R2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [47104 2016-10-14] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
S2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S2 RtkAudioService; "C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-25] (Malwarebytes Corporation)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2016-07-16] (Realtek Semiconductor Corporation )
R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [52816 2016-08-03] (Toshiba Client Solutions Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-13 23:53 - 2016-12-13 23:55 - 00030795 _____ C:\Users\Cindy\Desktop\FRST.txt
2016-12-13 23:52 - 2016-12-13 23:53 - 00000000 ____D C:\FRST
2016-12-13 23:51 - 2016-12-13 23:52 - 02420224 _____ (Farbar) C:\Users\Cindy\Desktop\FRST64.exe
2016-12-10 02:09 - 2016-11-11 02:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-10 02:09 - 2016-11-11 02:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-10 02:09 - 2016-11-11 02:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-10 02:09 - 2016-11-11 01:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-10 02:09 - 2016-11-11 01:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-10 02:09 - 2016-11-11 01:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-10 02:09 - 2016-11-11 01:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-10 02:09 - 2016-11-11 01:47 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-10 02:09 - 2016-11-11 01:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-10 02:09 - 2016-11-11 01:47 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-10 02:09 - 2016-11-11 01:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-10 02:09 - 2016-11-11 01:42 - 06668032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-10 02:09 - 2016-11-11 01:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-10 02:09 - 2016-11-11 01:42 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-10 02:09 - 2016-11-11 01:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-10 02:09 - 2016-11-11 01:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-10 02:09 - 2016-11-11 01:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-10 02:09 - 2016-11-11 01:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-10 02:09 - 2016-11-11 01:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-10 02:09 - 2016-11-11 01:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-10 02:09 - 2016-11-11 01:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-10 02:09 - 2016-11-11 01:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-10 02:09 - 2016-11-11 01:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-10 02:09 - 2016-11-11 01:26 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-10 02:09 - 2016-11-11 01:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-10 02:09 - 2016-11-11 01:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-10 02:09 - 2016-11-11 01:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-10 02:09 - 2016-11-11 01:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-10 02:09 - 2016-11-11 01:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-10 02:09 - 2016-11-11 01:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-10 02:09 - 2016-11-11 01:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-10 02:09 - 2016-11-11 01:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-10 02:09 - 2016-11-11 01:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-10 02:09 - 2016-11-11 01:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 02:09 - 2016-11-11 01:20 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-10 02:09 - 2016-11-11 01:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-10 02:09 - 2016-11-11 01:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-10 02:09 - 2016-11-11 01:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-10 02:09 - 2016-11-11 01:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-10 02:09 - 2016-11-11 01:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-10 02:09 - 2016-11-11 01:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-10 02:09 - 2016-11-11 01:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-10 02:09 - 2016-11-11 01:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-10 02:09 - 2016-11-11 01:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-10 02:09 - 2016-11-11 01:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-10 02:09 - 2016-11-11 01:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-10 02:09 - 2016-11-11 01:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-10 02:09 - 2016-11-11 01:17 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-10 02:09 - 2016-11-11 01:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-10 02:09 - 2016-11-11 01:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 02:09 - 2016-11-11 01:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-10 02:09 - 2016-11-11 01:15 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-10 02:09 - 2016-11-11 01:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-10 02:09 - 2016-11-11 01:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-10 02:09 - 2016-11-11 01:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-10 02:09 - 2016-11-11 01:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-10 02:09 - 2016-11-11 01:13 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-10 02:09 - 2016-11-11 01:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-10 02:09 - 2016-11-11 01:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-10 02:09 - 2016-11-11 01:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-10 02:09 - 2016-11-11 01:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-10 02:09 - 2016-11-11 01:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-10 02:09 - 2016-11-11 01:06 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-10 02:09 - 2016-11-11 01:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-10 02:09 - 2016-11-11 01:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-10 02:09 - 2016-11-11 01:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-10 02:09 - 2016-11-11 01:06 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
2016-12-10 02:09 - 2016-11-11 01:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-10 02:09 - 2016-11-11 01:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-10 02:09 - 2016-11-11 01:05 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-10 02:09 - 2016-11-11 01:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-10 02:09 - 2016-11-11 01:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-10 02:09 - 2016-11-11 01:04 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-10 02:09 - 2016-11-11 01:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-10 02:09 - 2016-11-11 01:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-10 02:09 - 2016-11-11 01:04 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-10 02:09 - 2016-11-11 01:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-10 02:09 - 2016-11-11 01:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-10 02:09 - 2016-11-11 01:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-10 02:09 - 2016-11-11 01:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-10 02:09 - 2016-11-11 01:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-10 02:09 - 2016-11-11 01:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-10 02:09 - 2016-11-11 01:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-10 02:09 - 2016-11-11 01:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-10 02:09 - 2016-11-11 01:01 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-10 02:08 - 2016-11-11 02:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-10 02:08 - 2016-11-11 02:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-10 02:08 - 2016-11-11 01:56 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-10 02:08 - 2016-11-11 01:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-10 02:08 - 2016-11-11 01:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-10 02:08 - 2016-11-11 01:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-10 02:08 - 2016-11-11 01:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-10 02:08 - 2016-11-11 01:45 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-10 02:08 - 2016-11-11 01:45 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-10 02:08 - 2016-11-11 01:42 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-10 02:08 - 2016-11-11 01:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-10 02:08 - 2016-11-11 01:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-10 02:08 - 2016-11-11 01:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-10 02:08 - 2016-11-11 01:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-10 02:08 - 2016-11-11 01:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-10 02:08 - 2016-11-11 01:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-10 02:08 - 2016-11-11 01:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-10 02:08 - 2016-11-11 01:20 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-10 02:08 - 2016-11-11 01:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-10 02:08 - 2016-11-11 01:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-10 02:08 - 2016-11-11 01:19 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-10 02:08 - 2016-11-11 01:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-10 02:08 - 2016-11-11 01:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-10 02:08 - 2016-11-11 01:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-10 02:08 - 2016-11-11 01:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-10 02:08 - 2016-11-11 01:16 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-10 02:08 - 2016-11-11 01:16 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-10 02:08 - 2016-11-11 01:14 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-10 02:08 - 2016-11-11 01:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-10 02:08 - 2016-11-11 01:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-10 02:08 - 2016-11-11 01:11 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-10 02:08 - 2016-11-11 01:10 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-10 02:08 - 2016-11-11 01:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-10 02:08 - 2016-11-11 01:09 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-10 02:08 - 2016-11-11 01:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-10 02:08 - 2016-11-11 01:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-10 02:08 - 2016-11-11 01:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-10 02:08 - 2016-11-11 01:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-10 02:08 - 2016-11-11 01:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-10 02:08 - 2016-11-11 01:03 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-10 02:08 - 2016-11-11 00:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-10 02:04 - 2016-11-11 04:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-10 02:04 - 2016-11-11 04:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-10 02:04 - 2016-11-11 04:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-10 02:04 - 2016-11-11 04:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-10 02:04 - 2016-11-11 04:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-10 02:04 - 2016-11-11 04:01 - 01738048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-10 02:04 - 2016-11-11 04:01 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-10 02:04 - 2016-11-11 04:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-10 02:04 - 2016-11-11 03:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-10 02:04 - 2016-11-11 03:57 - 08170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-10 02:04 - 2016-11-11 03:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-10 02:04 - 2016-11-11 03:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-10 02:04 - 2016-11-11 03:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-10 02:04 - 2016-11-11 03:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-10 02:04 - 2016-11-11 03:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-10 02:04 - 2016-11-11 03:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-10 02:04 - 2016-11-11 03:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-10 02:04 - 2016-11-11 03:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-10 02:04 - 2016-11-11 03:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-10 02:04 - 2016-11-11 03:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-10 02:04 - 2016-11-11 03:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-10 02:04 - 2016-11-11 03:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-10 02:04 - 2016-11-11 03:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-10 02:04 - 2016-11-11 03:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-10 02:04 - 2016-11-11 03:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-10 02:04 - 2016-11-11 03:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-10 02:04 - 2016-11-11 03:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-10 02:04 - 2016-11-11 03:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-10 02:04 - 2016-11-11 03:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-10 02:04 - 2016-11-11 03:20 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-10 02:04 - 2016-11-11 03:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-10 02:04 - 2016-11-11 03:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-10 02:04 - 2016-11-11 03:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-10 02:04 - 2016-11-11 03:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 02:04 - 2016-11-11 03:19 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-10 02:04 - 2016-11-11 03:18 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-10 02:04 - 2016-11-11 03:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-10 02:04 - 2016-11-11 03:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-10 02:04 - 2016-11-11 03:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-10 02:04 - 2016-11-11 03:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-10 02:04 - 2016-11-11 03:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-10 02:04 - 2016-11-11 03:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-10 02:04 - 2016-11-11 03:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-10 02:04 - 2016-11-11 03:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-10 02:04 - 2016-11-11 03:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-10 02:04 - 2016-11-11 03:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-10 02:04 - 2016-11-11 03:08 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-10 02:04 - 2016-11-11 03:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-10 02:04 - 2016-11-11 03:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-10 02:04 - 2016-11-11 03:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-10 02:04 - 2016-11-11 03:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-10 02:04 - 2016-11-11 03:04 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-10 02:04 - 2016-11-11 03:04 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-10 02:04 - 2016-11-11 03:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-10 02:04 - 2016-11-11 03:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-10 02:04 - 2016-11-11 03:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-10 02:04 - 2016-11-11 03:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-10 02:04 - 2016-11-11 03:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-10 02:04 - 2016-11-11 03:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-10 02:04 - 2016-11-11 03:03 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-10 02:04 - 2016-11-11 03:03 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-10 02:04 - 2016-11-11 03:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-10 02:04 - 2016-11-11 03:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-10 02:04 - 2016-11-11 03:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-10 02:04 - 2016-11-11 03:02 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-10 02:04 - 2016-11-11 03:01 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-10 02:03 - 2016-11-11 04:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-10 02:03 - 2016-11-11 04:13 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-10 02:03 - 2016-11-11 04:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-10 02:03 - 2016-11-11 04:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-10 02:03 - 2016-11-11 04:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-10 02:03 - 2016-11-11 04:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-10 02:03 - 2016-11-11 04:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-10 02:03 - 2016-11-11 04:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-10 02:03 - 2016-11-11 04:01 - 02189152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-10 02:03 - 2016-11-11 04:01 - 00658264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-10 02:03 - 2016-11-11 04:01 - 00401760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-10 02:03 - 2016-11-11 03:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-10 02:03 - 2016-11-11 03:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-10 02:03 - 2016-11-11 03:57 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-10 02:03 - 2016-11-11 03:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-10 02:03 - 2016-11-11 03:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-10 02:03 - 2016-11-11 03:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-10 02:03 - 2016-11-11 03:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-10 02:03 - 2016-11-11 03:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-10 02:03 - 2016-11-11 03:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-10 02:03 - 2016-11-11 03:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-10 02:03 - 2016-11-11 03:31 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-10 02:03 - 2016-11-11 03:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-10 02:03 - 2016-11-11 03:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-10 02:03 - 2016-11-11 03:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-10 02:03 - 2016-11-11 03:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-10 02:03 - 2016-11-11 03:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-10 02:03 - 2016-11-11 03:24 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-10 02:03 - 2016-11-11 03:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 02:03 - 2016-11-11 03:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-10 02:03 - 2016-11-11 03:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-10 02:03 - 2016-11-11 03:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-10 02:03 - 2016-11-11 03:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-10 02:03 - 2016-11-11 03:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-10 02:03 - 2016-11-11 03:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-10 02:03 - 2016-11-11 03:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-10 02:03 - 2016-11-11 03:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-10 02:03 - 2016-11-11 03:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-10 02:03 - 2016-11-11 03:20 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-10 02:03 - 2016-11-11 03:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-10 02:03 - 2016-11-11 03:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-10 02:03 - 2016-11-11 03:18 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-10 02:03 - 2016-11-11 03:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-10 02:03 - 2016-11-11 03:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-10 02:03 - 2016-11-11 03:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-10 02:03 - 2016-11-11 03:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-10 02:03 - 2016-11-11 03:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-10 02:03 - 2016-11-11 03:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-10 02:03 - 2016-11-11 03:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-10 02:03 - 2016-11-11 03:14 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-10 02:03 - 2016-11-11 03:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-10 02:03 - 2016-11-11 03:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-10 02:03 - 2016-11-11 03:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-10 02:03 - 2016-11-11 03:11 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-10 02:03 - 2016-11-11 03:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-10 02:03 - 2016-11-11 03:10 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-10 02:03 - 2016-11-11 03:10 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-10 02:03 - 2016-11-11 03:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-10 02:03 - 2016-11-11 03:08 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-10 02:03 - 2016-11-11 03:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-10 02:03 - 2016-11-11 03:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-10 02:03 - 2016-11-11 03:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-10 02:03 - 2016-11-11 03:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-10 02:03 - 2016-11-11 03:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-10 02:03 - 2016-11-11 03:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-10 02:03 - 2016-11-11 03:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-10 02:03 - 2016-11-11 03:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-10 02:03 - 2016-11-11 03:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-10 02:03 - 2016-11-11 03:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-10 02:03 - 2016-11-11 03:05 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-10 02:03 - 2016-11-11 03:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-10 02:03 - 2016-11-11 03:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-10 02:03 - 2016-11-11 03:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-10 02:03 - 2016-11-11 03:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-10 02:03 - 2016-11-11 03:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-10 02:03 - 2016-11-11 03:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-10 02:03 - 2016-11-11 03:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-10 02:03 - 2016-11-11 03:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-10 02:03 - 2016-11-11 03:03 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-10 02:03 - 2016-11-11 03:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-10 02:02 - 2016-11-11 04:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-10 02:02 - 2016-11-11 04:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-10 02:02 - 2016-11-11 04:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-10 02:02 - 2016-11-11 04:10 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-10 02:02 - 2016-11-11 04:09 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-10 02:02 - 2016-11-11 04:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-10 02:02 - 2016-11-11 04:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-10 02:02 - 2016-11-11 04:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-10 02:02 - 2016-11-11 04:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-10 02:02 - 2016-11-11 03:59 - 02913136 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-10 02:02 - 2016-11-11 03:59 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-10 02:02 - 2016-11-11 03:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-10 02:02 - 2016-11-11 03:56 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-10 02:02 - 2016-11-11 03:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-10 02:02 - 2016-11-11 03:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-10 02:02 - 2016-11-11 03:56 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-10 02:02 - 2016-11-11 03:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-10 02:02 - 2016-11-11 03:51 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-10 02:02 - 2016-11-11 03:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-10 02:02 - 2016-11-11 03:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-10 02:02 - 2016-11-11 03:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-10 02:02 - 2016-11-11 03:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-10 02:02 - 2016-11-11 03:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-10 02:02 - 2016-11-11 03:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-10 02:02 - 2016-11-11 03:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-10 02:02 - 2016-11-11 03:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-10 02:02 - 2016-11-11 03:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-10 02:02 - 2016-11-11 03:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-10 02:02 - 2016-11-11 03:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-10 02:02 - 2016-11-11 03:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-10 02:02 - 2016-11-11 03:23 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-10 02:02 - 2016-11-11 03:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-10 02:02 - 2016-11-11 03:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-10 02:02 - 2016-11-11 03:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-10 02:02 - 2016-11-11 03:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-10 02:02 - 2016-11-11 03:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-10 02:02 - 2016-11-11 03:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-10 02:02 - 2016-11-11 03:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-10 02:02 - 2016-11-11 03:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-10 02:02 - 2016-11-11 03:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-10 02:02 - 2016-11-11 03:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-10 02:02 - 2016-11-11 03:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-10 02:02 - 2016-11-11 03:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-10 02:02 - 2016-11-11 03:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-10 02:02 - 2016-11-11 03:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-10 02:02 - 2016-11-11 03:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-10 02:02 - 2016-11-11 03:18 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-10 02:02 - 2016-11-11 03:17 - 01004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-10 02:02 - 2016-11-11 03:17 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-10 02:02 - 2016-11-11 03:17 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-10 02:02 - 2016-11-11 03:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-10 02:02 - 2016-11-11 03:14 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-10 02:02 - 2016-11-11 03:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-10 02:02 - 2016-11-11 03:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-10 02:02 - 2016-11-11 03:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-10 02:02 - 2016-11-11 03:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-10 02:02 - 2016-11-11 03:09 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-10 02:02 - 2016-11-11 03:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-10 02:02 - 2016-11-11 03:07 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-10 02:02 - 2016-11-11 03:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-10 02:02 - 2016-11-11 03:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-10 02:02 - 2016-11-11 03:06 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-10 02:02 - 2016-11-11 03:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-10 02:02 - 2016-11-11 03:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-10 02:02 - 2016-11-11 03:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-10 02:02 - 2016-11-11 03:04 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-10 02:02 - 2016-11-11 03:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-10 02:02 - 2016-11-11 03:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-10 02:02 - 2016-11-11 03:03 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-10 02:02 - 2016-11-11 03:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-10 02:01 - 2016-11-11 04:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-10 02:01 - 2016-11-11 04:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-10 02:01 - 2016-11-11 03:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-10 00:39 - 2016-12-10 00:39 - 00000000 ____D C:\Users\Cindy\Desktop\rescuedisk11
2016-12-10 00:34 - 2016-12-10 00:38 - 113029095 _____ C:\Users\Cindy\Desktop\rescuedisk11.zip
2016-12-08 09:36 - 2016-12-13 23:39 - 00000000 ____D C:\Users\Cindy\AppData\LocalLow\Mozilla
2016-11-30 01:04 - 2016-11-30 01:04 - 02645240 _____ (Panda Security S.L.) C:\Users\Cindy\Desktop\PandaCloudCleanerUSB.exe
2016-11-30 00:49 - 2016-11-30 00:50 - 04713984 _____ (Geza Kovacs) C:\Users\Cindy\Desktop\unetbootin-windows-625.exe
2016-11-30 00:42 - 2016-11-30 00:49 - 225832960 _____ C:\Users\Cindy\Desktop\SafeCD.iso
2016-11-27 00:54 - 2016-11-27 00:54 - 00000000 ___HD C:\$Windows.~WS
2016-11-26 23:22 - 2016-11-27 03:09 - 00000000 ____D C:\ESD
2016-11-26 23:21 - 2016-11-26 23:21 - 00000000 ____D C:\$WINDOWS.~BT
2016-11-26 23:18 - 2016-11-26 23:19 - 18309328 _____ (Microsoft Corporation) C:\Users\Cindy\Desktop\MediaCreationTool.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-13 23:53 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-13 23:48 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-13 23:48 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-13 23:42 - 2016-10-06 19:59 - 01345056 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-13 23:36 - 2016-10-06 20:29 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-13 23:36 - 2016-10-06 20:00 - 00000000 ____D C:\Users\Cindy
2016-12-13 23:35 - 2016-07-16 00:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
2016-12-13 23:16 - 2016-10-06 19:52 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-11 23:54 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-11 18:15 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-11 18:10 - 2015-08-06 13:04 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-11 18:08 - 2016-10-06 19:52 - 00339384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-11 18:06 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-11 18:06 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-11 18:05 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-11 18:05 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-11 18:05 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-11 18:05 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-11 18:05 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-11 18:05 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-11 18:05 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-11 18:05 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-11 09:16 - 2016-10-07 09:32 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
2016-12-10 05:24 - 2012-08-24 17:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-12-10 00:41 - 2016-07-16 05:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-08 09:36 - 2014-12-10 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-12-07 11:02 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-06 19:59 - 2012-07-28 18:04 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-12-06 19:49 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-27 18:12 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-11-27 18:12 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-11-27 03:09 - 2016-10-06 22:50 - 00000000 ___DC C:\WINDOWS\Panther
2016-11-27 00:54 - 2016-10-06 20:30 - 00020192 _____ C:\WINDOWS\diagwrn.xml
2016-11-27 00:54 - 2016-10-06 20:30 - 00016442 _____ C:\WINDOWS\diagerr.xml
2016-11-26 22:51 - 2015-08-06 13:03 - 00000000 ____D C:\Users\Cindy\AppData\Local\Packages
2016-11-26 22:34 - 2015-08-06 12:38 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-11-26 22:34 - 2012-11-18 16:45 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-11-18 23:12 - 2015-01-08 23:48 - 00000000 ____D C:\Users\Cindy\AppData\Local\E9B89CE2-19F6-404D-94F1-C10D4A9EBFAA.aplzod
2016-11-18 23:07 - 2012-09-15 19:06 - 00000000 ____D C:\Users\Cindy\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2012-05-30 18:46 - 2012-05-30 18:46 - 3993600 _____ () C:\Program Files (x86)\GUT5BD6.tmp
2013-07-17 00:05 - 2015-07-25 03:58 - 0006656 _____ () C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2012-06-15 02:42 - 2012-06-15 02:42 - 0003284 _____ () C:\Users\Cindy\AppData\Local\Q$_140066.ENU_SoftGridUserSettings_S-1-5-21-4015324910-1557653689-3941867134-1001_settings.cp.temp

Some files in TEMP:
====================
C:\Users\Cindy\AppData\Local\Temp\jre-8u101-windows-au.exe


==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-12-08 23:20

==================== End of FRST.txt ============================

here is second log.

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Cindy (13-12-2016 23:56:52)
Running from C:\Users\Cindy\Desktop
Windows 10 Home Version 1607 (X64) (2016-10-07 02:33:53)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4015324910-1557653689-3941867134-500 - Administrator - Disabled)
Cindy (S-1-5-21-4015324910-1557653689-3941867134-1001 - Administrator - Enabled) => C:\Users\Cindy
DefaultAccount (S-1-5-21-4015324910-1557653689-3941867134-503 - Limited - Disabled)
Guest (S-1-5-21-4015324910-1557653689-3941867134-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4015324910-1557653689-3941867134-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements (HKLM-x32\...\4 Elements) (Version: - Pogo.com)
7 Wonders 2 (HKLM-x32\...\7 Wonders 2) (Version: 1.0.1.0 - Pogo.com)
Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.17 - Adobe Systems)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
Adventure Inlay Safari EditionTM (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005195}) (Version: - Oberon Media)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ArcadeFrontier (HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\...\{4AFCAFDC-D870-41FA-B9FB-1442B9DAFE76}) (Version: - ArcadeFrontier)
Around the World in 80 Days Extended Edition (HKLM-x32\...\Around the World in 80 Days Extended Editionv1.0) (Version: v1.0 - Tri Synergy)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)
Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
Big Money (HKLM-x32\...\Big Money) (Version: - PopCap Games)
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Digital Copy (HKLM-x32\...\Digital Copy) (Version: - )
Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
Dream Day Wedding Collection (HKLM-x32\...\{B013BDB5-9C4A-41E1-B2A1-CF0F02A2EE10}) (Version: 1.00.0000 - Encore)
Enchanted Cavern (remove only) (HKLM-x32\...\Enchanted Cavern) (Version: - )
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
Ghost Whisperer (x32 Version: 3.0.2.32 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hidden Object Crosswords (HKLM-x32\...\BFG-Hidden Object Crosswords) (Version: - )
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Infinite Crosswords (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110125217}) (Version: - Oberon Media)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
iWin Games (HKLM-x32\...\iWinArcade) (Version: 2.93 - )
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
Jewel Quest Online Party (remove only) (HKLM-x32\...\Jewel Quest Online Party) (Version: - )
Jewel Quest Solitaire (HKLM-x32\...\Jewel Quest Solitaire) (Version: 1.2.0.0 - Pogo.com)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Mahjongg - The Ultimate Collection (HKLM-x32\...\Mahjongg - The Ultimate Collection) (Version: - On Hand Software)
Mahjongg Dimensions (remove only) (HKLM-x32\...\Mahjongg Dimensions) (Version: - )
Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
MeFeedia (HKLM-x32\...\mefeediatest) (Version: 1.0.0.1 - )
Mega Camera Manager (HKLM-x32\...\{BBB82B04-41B9-43C6-89A3-320AE2040899}) (Version: - )
MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft LifeChat (HKLM\...\{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}) (Version: 1.40.224.0 - Microsoft)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mobile Hotspot Admin (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
MusicOasis (HKLM-x32\...\MusicOasis) (Version: 1.0.3 - InstallX, LLC) <==== ATTENTION
MusicOasis (x32 Version: 1.0.3 - InstallX, LLC) Hidden <==== ATTENTION
Mystery Case Files: Huntsville ™ (HKLM-x32\...\BFG-Mystery Case Files - Huntsville) (Version: - )
Mystery Case Files: Ravenhearst &reg; (HKLM-x32\...\BFG-Mystery Case Files - Ravenhearst) (Version: - )
Our Worst Fears: Stained Skin (HKLM-x32\...\Our Worst Fears: Stained Skin) (Version: - Pogo.com)
Peggle Nights 1.0 (HKLM-x32\...\Peggle Nights 1.0) (Version: 1.0 - PopCap Games)
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pictureka Museum Mayhem (remove only) (HKLM-x32\...\Pictureka Museum Mayhem) (Version: - )
Pictureka! - Museum Mayhem (HKLM-x32\...\BFG-Pictureka - Museum Mayhem) (Version: - )
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.0.02.09290 - Sony Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
PMB_ServiceUploader (x32 Version: 10.0.02 - Sony Corporation) Hidden
Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
Scholastic's I SPY Spooky Mansion Deluxe (HKLM-x32\...\Scholastic's I SPY Spooky Mansion Deluxe) (Version: - )
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Slingo Mystery 2: The Golden Escape (HKLM-x32\...\Slingo Mystery 2: The Golden Escape) (Version: 1.0.0.86 - Pogo.com)
Slingo Quest (remove only) (HKLM-x32\...\Slingo Quest) (Version: - Funkitron)
Snood for Windows version 2.4.5-W (HKLM-x32\...\Snood_is1) (Version: - Snood LLC)
Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
Solitaire Mystery: Four Seasons (HKLM-x32\...\Solitaire Mystery: Four Seasons) (Version: - Pogo.com)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.38 - TOSHIBA Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
Treasure Island Extended Edition (HKLM-x32\...\Treasure Island Extended Editionv1.0) (Version: v1.0 - Tri Synergy)
Trophy Room (HKLM-x32\...\{2A1BF350-9776-497F-883F-B0137902ECA6}) (Version: 3.0.1 - Cuddeback)
Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
Unity Web Player (HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
Unlikely Suspects (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119431947}) (Version: - Oberon Media)
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
Vacation Quest: The Hawaiian Islands (remove only) (HKLM-x32\...\Vacation Quest: The Hawaiian Islands) (Version: - )
VideoFileDownload (HKLM-x32\...\vfd-cb) (Version: 1.0 - VideoFileDownload)
Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version: - Sakar)
VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 1.3.4 - Vudu)
VUDU To Go (x32 Version: 1.3.4 - Vudu) Hidden
Weather Lord: Hidden Realm (HKLM-x32\...\Weather Lord: Hidden Realm) (Version: - Pogo.com)
WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.16 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
Wordscape Online Party (remove only) (HKLM-x32\...\Wordscape Online Party) (Version: - )
Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
Zuma Deluxe 1.0 (HKLM-x32\...\Zuma Deluxe 1.0) (Version: - )
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01CA9D95-723A-401A-8C31-A3668851924C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {115C8356-343B-4D47-99AF-82CD3F69322D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {12F26E03-513A-46D3-B347-1E47DF9047C9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
Task: {1F0208B8-42CA-4BB2-8B35-F1B0CF133DEA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {1F51819B-363C-462A-B0FB-3C76E48FAF81} - System32\Tasks\{9C83799E-D30C-41E3-98A9-8BA1B41F14BC} => pcalua.exe -a D:\INSTALL.EXE -d D:\
Task: {221A0B54-43B6-464A-B130-9086F8B8B44F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {25233777-CEFE-45CC-BE56-3EA6DB5995ED} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
Task: {27C46D90-981E-4EA5-A5B5-9DC0EAEEAC08} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {28C851D6-037B-4314-BEF1-9FDD9A942B46} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
Task: {30C33732-DCC1-4973-B1F2-5BC04894323D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
Task: {3C3660F1-52AE-447F-9B20-248340985886} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\iWin Games\iWinGames.exe [2015-06-19] (iWin Inc.)
Task: {3D6E660E-80E0-4D3B-8CF0-6E77C38FDC39} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {3EAAAF23-38E1-4E02-8D55-A60F68219A4C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {42A6A79B-E4CC-4117-A918-D7E6B3A1B361} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {43A9F38F-95A7-41C3-8BF7-4ED73E68C484} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {49726E86-7D9E-4B8C-8BB4-72C880D64C2E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {4B7407F5-9181-4828-8E60-74C3A187BF85} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
Task: {5264F1F7-AE29-4944-989D-62FF31EE2FE1} - System32\Tasks\{745CD748-5B93-48F3-B34C-CB7D5F311499} => C:\Program Files (x86)\Hasbro Interactive\Super Scattergories\Scattergories.exe
Task: {54937C1A-A02D-4BC5-B404-FB55827A7D4C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
Task: {54B805FC-AAE0-4726-85A9-09511F831DC0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {58AAA2E0-DC8F-4181-9588-50EF697D0D51} - System32\Tasks\{C86B180C-F0CF-4309-B4FD-E7EA80401713} => C:\Program Files (x86)\Hasbro Interactive\Super Scattergories\Scattergories.exe
Task: {71C60627-5DFF-45AB-9D9D-F5E22773B4B1} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {739A460D-2023-4D0B-B7AE-9A2B1A30424F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {75756050-9CAD-4BAF-9F63-25CB76524783} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-27] (Adobe Systems Incorporated)
Task: {79030AE6-8C98-48AA-8384-AC29967D3D8C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {7EB44766-4FD2-4819-A839-801354F0C70E} - System32\Tasks\{D0FCCE98-B58D-4235-B7CD-45574AF49B92} => pcalua.exe -a C:\Users\Cindy\Downloads\mp470sosmwin120us.exe -d C:\Users\Cindy\Downloads
Task: {7FF3748C-A9B5-4E3D-A33A-88FDBE89535E} - System32\Tasks\{A91D52D1-8F03-44D9-8F68-C5A4CF13A97B} => C:\Program Files (x86)\Hasbro Interactive\Super Scattergories\Scattergories.exe
Task: {816F931B-FA81-46A8-9FFC-277774D037F6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {86325A03-D12F-4BA1-88BC-89C1BC86F742} - System32\Tasks\{5445B679-8937-4098-A504-90FF10055BC7} => C:\Program Files (x86)\Hasbro Interactive\Super Scattergories\Scattergories.exe
Task: {8D230185-A6BC-4DDB-BA39-6B4722650B77} - System32\Tasks\{585041DB-ADC7-4871-9249-E3B2A55E4564} => C:\Program Files (x86)\Hasbro Interactive\Super Scattergories\Scattergories.exe
Task: {8DA48121-CA86-464C-9004-DEB6A6326274} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {98449CC4-129B-4B51-AAD1-385BD0891102} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {9B3E242D-6F09-4584-9B6A-0483FD30C0CD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {9E3A3282-8B1F-4F56-A211-121C92CC351F} - System32\Tasks\LifeChatTask => C:\Program Files\Microsoft LifeChat\LifeChat.exe [2009-09-24] (Microsoft Corporation)
Task: {A23D408E-9FB1-49C7-B973-E9A4FCC513D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {A9B04D95-99EB-4461-A1AF-E926BA9B3B98} - System32\Tasks\{6D7C01F1-9104-403E-9C7C-41D0A9893A97} => pcalua.exe -a "C:\Users\Cindy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYV4WWUS\boxrinst.EXE" -d C:\Users\Cindy\Desktop
Task: {AC2A6BB5-16DA-4117-801A-7369B520C5D4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
Task: {ADFF47B5-CE58-4F83-9453-1912160CD555} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {AECC5E5A-BD33-45EE-9A14-BCDB617494CF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B0097F2E-055E-4231-A0B4-F39C82699292} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B1CF4F29-ADBE-47E7-8859-08828A3179F7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {B4CAF6E6-24C9-47F7-ABF5-2C8731EA9629} - System32\Tasks\{EA70D382-4ECC-494E-92C4-AD0458E5210E} => C:\Program Files (x86)\Hasbro Interactive\Super Scattergories\Scattergories.exe
Task: {B6E69CC6-91FA-4651-B574-14C5062D13BA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B7D414E4-7866-4E19-A2D3-755FF9755DCC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {BA1F4160-DA2E-4574-831E-AC05169833D1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {BFDADE85-B2E1-456E-993E-928204417104} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
Task: {C15A2B07-7FB0-4C8E-88B7-A3EC0CF1207F} - System32\Tasks\{BDA44233-2A5B-4F95-8A94-F23C5644626F} => C:\Program Files (x86)\Hasbro Interactive\Super Scattergories\Scattergories.exe
Task: {C22554B5-A2F0-4B16-B814-874DE3AB3F18} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
Task: {C8662E84-06FF-4B16-A330-78E304C1DE6C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
Task: {D45D3FFE-2813-4042-A6D5-D81942A1CB46} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {D90218A0-8C0D-42E3-BD47-A0A2F7036FBE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {DEA19F1F-B18A-4222-B81A-5CE6C3062762} - System32\Tasks\{13E7519A-0D15-41EB-A072-05E717EE246D} => C:\Program Files (x86)\Hasbro Interactive\Super Scattergories\Scattergories.exe
Task: {E478945A-7133-4F1E-8EEF-25E5753198A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
Task: {E7F51087-B971-4430-8901-2ACD88EA4995} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {EFF7FB5D-6722-4294-BC5B-501BDD0D9908} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {F5052A5F-1081-47CE-B1B9-172CBA1E4433} - System32\Tasks\{39B0FAD6-29D7-4B41-A9E8-2B3DC315FCC7} => pcalua.exe -a C:\Users\Cindy\Downloads\boxrinst.EXE -d C:\Users\Cindy\Desktop
Task: {FA86B9F0-07D9-4249-A15C-05E1BF53770B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FAAC0230-2C5E-4F04-B972-17806793DBE1} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
Task: {FB2EE3CA-4DF3-4590-BEC1-49A3297718A5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
Task: {FFA79626-8EBC-4897-8996-16EF86652291} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Cindy\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"

==================== Loaded Modules (Whitelisted) ==============

2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-10 02:02 - 2016-11-11 04:10 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-10 02:02 - 2016-11-11 04:10 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-10-07 08:34 - 2016-10-07 08:34 - 00959168 _____ () C:\Users\Cindy\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-10-06 22:38 - 2016-10-06 22:38 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-10 02:04 - 2016-11-11 03:23 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 19:22 - 2016-11-02 04:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 19:22 - 2016-11-02 04:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-09 19:22 - 2016-11-02 04:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 19:22 - 2016-11-02 04:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 19:22 - 2016-11-02 04:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 19:22 - 2016-11-02 04:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 18:18 - 2010-11-18 18:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
2010-11-30 11:37 - 2010-11-30 11:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
2010-12-15 16:19 - 2010-12-15 16:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
2011-02-22 20:22 - 2011-02-22 20:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
2016-11-26 22:41 - 2016-11-26 22:45 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-11-26 22:41 - 2016-11-26 22:45 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-11-26 22:41 - 2016-11-26 22:45 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2011-06-09 22:09 - 2011-06-09 22:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2016-10-07 08:34 - 2016-10-07 08:34 - 00679624 _____ () C:\Users\Cindy\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:1DA424AA [143]
AlternateDataStreams: C:\ProgramData\TEMP:214562D2 [754]
AlternateDataStreams: C:\ProgramData\TEMP:260575F1 [191]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:3684CEF1 [128]
AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA [394]
AlternateDataStreams: C:\ProgramData\TEMP:5EEC292D [137]
AlternateDataStreams: C:\ProgramData\TEMP:62F26ACE [141]
AlternateDataStreams: C:\ProgramData\TEMP:729F0E7F [234]
AlternateDataStreams: C:\ProgramData\TEMP:75DBEC56 [133]
AlternateDataStreams: C:\ProgramData\TEMP:7DC5D762 [264]
AlternateDataStreams: C:\ProgramData\TEMP:878ECA8B [129]
AlternateDataStreams: C:\ProgramData\TEMP:9B7E8561 [135]
AlternateDataStreams: C:\ProgramData\TEMP:9E95073D [250]
AlternateDataStreams: C:\ProgramData\TEMP:B3B423E1 [146]
AlternateDataStreams: C:\ProgramData\TEMP:C2151AD3 [446]
AlternateDataStreams: C:\ProgramData\TEMP:E6F5146C [121]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 20:34 - 2015-01-10 21:31 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 192.168.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run: => "LifeChat"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "BingDesktop"
HKLM\...\StartupApproved\Run32: => "BCSSync"
HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
FirewallRules: [UDP Query User{D33770C3-5672-402B-B62A-DC5950DE57CB}C:\users\cindy\appdata\local\temp\ignd716.tmp\lmiignition.exe] => C:\users\cindy\appdata\local\temp\ignd716.tmp\lmiignition.exe
FirewallRules: [TCP Query User{89625D13-C43B-4C4B-8506-96913BF04526}C:\users\cindy\appdata\local\temp\ignd716.tmp\lmiignition.exe] => C:\users\cindy\appdata\local\temp\ignd716.tmp\lmiignition.exe
FirewallRules: [UDP Query User{59DE5950-9EC5-488A-AA82-37E493D51BD3}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{5DED573A-FBF8-4DD6-8A78-0A5662E72100}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [{5A49FA80-DCD3-4A23-BBA1-067143E5324D}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{5AE63CA9-1014-44EE-BE85-48246400599F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6B793E2A-7694-4D51-B514-4FB42EF55588}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{3735E11E-5743-4C51-B368-A3B7E2E66031}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3B78898C-1835-445A-AA89-5C782745A22E}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{9D787510-3ABD-4AC5-8FBA-DC8A320DB418}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{93C96870-2EA9-404A-A35C-B8D283284EB5}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{2AD4B246-CA3B-476B-BC12-3C0F9CA6D483}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{DAD83954-5CE6-4817-8FE3-EAEB5C4CCACC}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
FirewallRules: [{290B6FF6-D23E-4B20-A586-C70663607E95}] => LPort=10255
FirewallRules: [UDP Query User{BB2CE12D-6AE8-452D-8244-8B02EF9B3B9C}C:\program files (x86)\imesh applications\imesh\imesh.exe] => C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [TCP Query User{046C9B8A-4BDC-4979-8890-CD394254375E}C:\program files (x86)\imesh applications\imesh\imesh.exe] => C:\program files (x86)\imesh applications\imesh\imesh.exe
FirewallRules: [{71D89403-1FB6-42E6-B953-C383617FFD64}] => C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{78916D75-FCD8-49F6-AD73-4D121EB45C50}] => C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
FirewallRules: [{B2003BE0-E890-4ED9-A736-B29D6B862944}] => C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{1BC3CBE0-2693-41C2-9CFD-0D9267343CE3}] => C:\Program Files (x86)\Pogo Games\WebUpdater.exe
FirewallRules: [{42D95926-CE67-4A68-96E1-B5C6BD7EFE2C}] => C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{AA7295B5-CC1C-4B0B-A0AD-98D3B5495199}] => C:\Program Files (x86)\Pogo Games\PogoDGC.exe
FirewallRules: [{1DB8B6B1-6F97-4B1C-8CC1-93DCF81A2053}] => C:\Program Files (x86)\iWin Games\WebUpdater.exe
FirewallRules: [{DE7EC420-BEDE-41C8-B68F-A76DC1746213}] => C:\Program Files (x86)\iWin Games\WebUpdater.exe
FirewallRules: [{28A0144D-055C-43EA-840A-C9B799E2AC51}] => C:\Program Files (x86)\iWin Games\iWinGames.exe
FirewallRules: [{F4FC860B-9302-4C15-A336-7F088275AA8D}] => C:\Program Files (x86)\iWin Games\iWinGames.exe
FirewallRules: [{53C30A38-375B-4EAC-A4FC-7255FEE57685}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{14F238E0-5D87-457F-9A4F-08BF95E2FCFC}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{5450716C-A89B-49DA-A7EB-39BCE09ABC90}] => LPort=1900
FirewallRules: [{5908E83F-A67E-4D95-B275-37A845D908C0}] => LPort=2869
FirewallRules: [{C872428A-EEC0-4859-981B-44A990B4821D}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{85ED9E39-867E-47C6-B65A-4EE1ED75F509}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{32C867EA-32E5-42CA-91C0-857E760A950E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4275A755-EFE7-4F78-86B2-173C5EFA2F40}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{96461AB5-BF03-4EB4-BCF9-A757BB534434}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [SNMP-In-UDP] => %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => %SystemRoot%\system32\snmp.exe
FirewallRules: [{5F615C78-3B9C-4303-AC39-978FF244B2DC}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

27-11-2016 01:16:50 Scheduled Checkpoint
06-12-2016 18:35:04 Scheduled Checkpoint
10-12-2016 05:38:20 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/13/2016 11:39:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Cindy-PC.local already in use; will try Cindy-PC-2.local instead

Error: (12/13/2016 11:39:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 Cindy-PC.local. Addr 192.168.0.14

Error: (12/13/2016 11:39:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.14:5353 16 Cindy-PC.local. AAAA 2604:2D80:4005:C377:CD1A:DFCD:9FA6:3537

Error: (12/13/2016 11:39:04 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
at System.Timers.Timer.set_Enabled(Boolean value)
at SnappCloud.ActivationReminder.AraClient.PostInit()
at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (12/13/2016 11:35:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CINDY-PC)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/13/2016 01:59:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 93894328

Error: (12/13/2016 01:59:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 93894328

Error: (12/13/2016 01:59:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (12/13/2016 01:59:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 93878922

Error: (12/13/2016 01:59:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 93878922


System errors:
=============
Error: (12/13/2016 11:36:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BingDesktopUpdate service to connect.

Error: (12/13/2016 11:36:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (12/13/2016 11:36:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The RtkAudioService service failed to start due to the following error:
The system cannot find the file specified.

Error: (12/13/2016 11:36:20 PM) (Source: SNMP) (EventID: 1500) (User: )
Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

Error: (12/13/2016 11:36:16 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 11:29:47 PM on ‎12/‎13/‎2016 was unexpected.

Error: (12/11/2016 09:39:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

Code: 8 0x0 0x0

Error: (12/11/2016 09:39:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

Code: 2 0xdeaddeed 0xeeec

Error: (12/11/2016 09:39:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

Code: 1 0xc 0x4

Error: (12/11/2016 06:10:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/11/2016 06:09:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The NetPipeActivator service failed to start due to the following error:
The service did not respond to the start or control request in a timely fashion.


CodeIntegrity:
===================================
Date: 2016-12-11 23:27:58.508
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-11 23:27:58.506
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-11 23:27:58.501
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-11 23:27:58.183
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-11 23:27:58.181
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-11 23:27:58.176
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-11 23:27:57.915
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-11 23:27:57.912
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-11 23:27:57.908
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-12-11 23:27:57.739
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 49%
Total physical RAM: 6051.76 MB
Available physical RAM: 3071.43 MB
Total Virtual: 12195.76 MB
Available Virtual: 9011.1 MB

==================== Drives ================================

Drive c: (TI106332W0C) (Fixed) (Total:579.14 GB) (Free:465.92 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (KIRBY SENTRIA II) (CDROM) (Total:1.63 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 27058636)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=579.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=508 MB) - (Type=27)
Partition 4: (Not Active) - (Size=15.1 GB) - (Type=17)

==================== End of Addition.txt ============================

Juliet
2016-12-14, 13:21
MusicOasis (HKLM-x32\...\MusicOasis) (Version: 1.0.3 - InstallX, LLC) <==== ATTENTION
MusicOasis (x32 Version: 1.0.3 - InstallX, LLC) Hidden <==== ATTENTION

This needs to be uninstalled/removed from Add/Remove programs list.


~~~~

Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
To do this highlight the contents of the box and right click on it and select copy.
Paste this into the open notepad. save it to the Desktop as fixlist.txt
NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)


https://dl.dropboxusercontent.com/u/73555776/FRSTfix.JPG




start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-23] (Oracle Corporation)
Toolbar: HKLM-x32 - mefeediaTest - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll No File
Toolbar: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Extension: (entrusted11 ) - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\Extensions\{77beece6-3997-403a-92fa-0055bfcf88e5} [2014-11-20] [not signed]
FF SearchPlugin: C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\searchplugins\ask-web-search.xml [2016-02-02]
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 -> C:\windows\system32\npdeployJava1.dll [2012-07-12] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-23] (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Extension: (SaveDailyDeals) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbdpeojilomanppfkafnnglkjpkpajf [2015-01-30]
U3 idsvc; no ImagePath
C:\Users\Cindy\AppData\Local\Temp\jre-8u101-windows-au.exe
Task: {C22554B5-A2F0-4B16-B814-874DE3AB3F18} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Cindy\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
AlternateDataStreams: C:\ProgramData\TEMP:1DA424AA [143]
AlternateDataStreams: C:\ProgramData\TEMP:214562D2 [754]
AlternateDataStreams: C:\ProgramData\TEMP:260575F1 [191]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:3684CEF1 [128]
AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA [394]
AlternateDataStreams: C:\ProgramData\TEMP:5EEC292D [137]
AlternateDataStreams: C:\ProgramData\TEMP:62F26ACE [141]
AlternateDataStreams: C:\ProgramData\TEMP:729F0E7F [234]
AlternateDataStreams: C:\ProgramData\TEMP:75DBEC56 [133]
AlternateDataStreams: C:\ProgramData\TEMP:7DC5D762 [264]
AlternateDataStreams: C:\ProgramData\TEMP:878ECA8B [129]
AlternateDataStreams: C:\ProgramData\TEMP:9B7E8561 [135]
AlternateDataStreams: C:\ProgramData\TEMP:9E95073D [250]
AlternateDataStreams: C:\ProgramData\TEMP:B3B423E1 [146]
AlternateDataStreams: C:\ProgramData\TEMP:C2151AD3 [446]
AlternateDataStreams: C:\ProgramData\TEMP:E6F5146C [121]
EmptyTemp:
Hosts:
End


Open FRST/FRST64 and press the > Fix < button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
~~~~~~~~~~~`

http://i.imgur.com/BY4dvz9.png AdwCleaner

Please download AdwCleaner (http://www.bleepingcomputer.com/download/adwcleaner/dl/125/) and save the file to your Desktop.
In order to use AdwCleaner, you have to agree the Eula:
Right-click AdwCleaner.exe and select http://i.imgur.com/AVOiBNU.jpg Run as administrator to run the programme.
Follow the prompts.
Click http://i.imgur.com/A49sxPr.png Scan.
Upon completion, click http://i.imgur.com/6cyn5v5.png Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
Click http://i.imgur.com/MqHawIb.png Clean.
Follow the prompts and allow your computer to reboot.
After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

-- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

~~~~~~~~~~~~~~~~~~~~~~~~~~~

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/)
or from here http://downloads.malwarebytes.org/file/jrt
to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.


~~~
please post
Fixlog.txt
AdwCleaner[C1].txt
JRT.txt

ckingcin63
2016-12-15, 08:07
Here are the logs you requested. I don't think I saved the adw(c1) file but I sent you the other one I had. Sorry!

Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
Ran by Cindy (14-12-2016 22:31:57) Run:1
Running from C:\Users\Cindy\Desktop
Loaded Profiles: Cindy (Available Profiles: Cindy & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-23] (Oracle Corporation)
Toolbar: HKLM-x32 - mefeediaTest - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll No File
Toolbar: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
Toolbar: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
FF Extension: (entrusted11 ) - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\Extensions\{77beece6-3997-403a-92fa-0055bfcf88e5} [2014-11-20] [not signed]
FF SearchPlugin: C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\searchplugins\ask-web-search.xml [2016-02-02]
FF Plugin: @java.com/DTPlugin,version=1.6.0_33 -> C:\windows\system32\npdeployJava1.dll [2012-07-12] (Sun Microsystems, Inc.)
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-23] (Oracle Corporation)
CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\windows\SysWOW64\npDeployJava1.dll => No File
CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
CHR Extension: (SaveDailyDeals) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbdpeojilomanppfkafnnglkjpkpajf [2015-01-30]
U3 idsvc; no ImagePath
C:\Users\Cindy\AppData\Local\Temp\jre-8u101-windows-au.exe
Task: {C22554B5-A2F0-4B16-B814-874DE3AB3F18} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
ShortcutWithArgument: C:\Users\Cindy\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
AlternateDataStreams: C:\ProgramData\TEMP:1DA424AA [143]
AlternateDataStreams: C:\ProgramData\TEMP:214562D2 [754]
AlternateDataStreams: C:\ProgramData\TEMP:260575F1 [191]
AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
AlternateDataStreams: C:\ProgramData\TEMP:3684CEF1 [128]
AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA [394]
AlternateDataStreams: C:\ProgramData\TEMP:5EEC292D [137]
AlternateDataStreams: C:\ProgramData\TEMP:62F26ACE [141]
AlternateDataStreams: C:\ProgramData\TEMP:729F0E7F [234]
AlternateDataStreams: C:\ProgramData\TEMP:75DBEC56 [133]
AlternateDataStreams: C:\ProgramData\TEMP:7DC5D762 [264]
AlternateDataStreams: C:\ProgramData\TEMP:878ECA8B [129]
AlternateDataStreams: C:\ProgramData\TEMP:9B7E8561 [135]
AlternateDataStreams: C:\ProgramData\TEMP:9E95073D [250]
AlternateDataStreams: C:\ProgramData\TEMP:B3B423E1 [146]
AlternateDataStreams: C:\ProgramData\TEMP:C2151AD3 [446]
AlternateDataStreams: C:\ProgramData\TEMP:E6F5146C [121]
EmptyTemp:
Hosts:
End
*****************

Restore point was successfully created.
Processes closed successfully.
"HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{154d932f-dc51-4a4f-9d52-b78b1419d3b4} => value removed successfully
"HKCR\Wow6432Node\CLSID\{154d932f-dc51-4a4f-9d52-b78b1419d3b4}" => key removed successfully
HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\Extensions\{77beece6-3997-403a-92fa-0055bfcf88e5} => moved successfully
C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\searchplugins\ask-web-search.xml => moved successfully
"HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33" => key removed successfully
C:\windows\system32\npdeployJava1.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2" => key removed successfully
C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll => moved successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2" => key removed successfully
C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll => moved successfully
C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll => not found.
C:\windows\SysWOW64\npDeployJava1.dll => not found.
c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbdpeojilomanppfkafnnglkjpkpajf => moved successfully
idsvc => service removed successfully
C:\Users\Cindy\AppData\Local\Temp\jre-8u101-windows-au.exe => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C22554B5-A2F0-4B16-B814-874DE3AB3F18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C22554B5-A2F0-4B16-B814-874DE3AB3F18}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
C:\Users\Cindy\Desktop\Person 1 - Chrome.lnk => Shortcut argument removed successfully.
C:\ProgramData\TEMP => ":1DA424AA" ADS removed successfully.
C:\ProgramData\TEMP => ":214562D2" ADS removed successfully.
C:\ProgramData\TEMP => ":260575F1" ADS removed successfully.
C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
C:\ProgramData\TEMP => ":3684CEF1" ADS removed successfully.
C:\ProgramData\TEMP => ":4673E9EA" ADS removed successfully.
C:\ProgramData\TEMP => ":5EEC292D" ADS removed successfully.
C:\ProgramData\TEMP => ":62F26ACE" ADS removed successfully.
C:\ProgramData\TEMP => ":729F0E7F" ADS removed successfully.
C:\ProgramData\TEMP => ":75DBEC56" ADS removed successfully.
C:\ProgramData\TEMP => ":7DC5D762" ADS removed successfully.
C:\ProgramData\TEMP => ":878ECA8B" ADS removed successfully.
C:\ProgramData\TEMP => ":9B7E8561" ADS removed successfully.
C:\ProgramData\TEMP => ":9E95073D" ADS removed successfully.
C:\ProgramData\TEMP => ":B3B423E1" ADS removed successfully.
C:\ProgramData\TEMP => ":C2151AD3" ADS removed successfully.
C:\ProgramData\TEMP => ":E6F5146C" ADS removed successfully.
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

=========== EmptyTemp: ==========

BITS transfer queue => 845131 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 123122606 B
Java, Flash, Steam htmlcache => 1642 B
Windows/system/drivers => 8748221 B
Edge => 2533866 B
Chrome => 412186684 B
Firefox => 276988516 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6166 B
Users => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 0 B
NetworkService => 239950 B
Cindy => 196428057 B
DefaultAppPool => 0 B

RecycleBin => 135870 B
EmptyTemp: => 973.9 MB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 22:33:31 ====



# AdwCleaner v6.040 - Logfile created 14/12/2016 at 22:44:46
# Updated on 02/12/2016 by Malwarebytes
# Database : 2016-12-14.1 [Server]
# Operating System : Windows 10 Home (X64)
# Username : Cindy - CINDY-PC
# Running from : C:\Users\Cindy\Desktop\AdwCleaner.exe
# Mode: Clean
# Support : https://www.malwarebytes.com/support



***** [ Services ] *****

[-] Service deleted: iWinTrusted


***** [ Folders ] *****

[-] Folder deleted: C:\Users\Cindy\AppData\Roaming\VideoBuzz
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoBuzz
[-] Folder deleted: C:\Program Files (x86)\VideoBuzz
[-] Folder deleted: C:\Users\Cindy\AppData\Local\YSearchUtil
[-] Folder deleted: C:\Users\Cindy\AppData\LocalLow\Yahoo!\Companion
[-] Folder deleted: C:\Users\Cindy\AppData\Roaming\Yahoo!\Companion
[-] Folder deleted: C:\Users\Cindy\AppData\Roaming\Pogo Games
[-] Folder deleted: C:\ProgramData\iwin games
[#] Folder deleted on reboot: C:\ProgramData\Application Data\iwin games
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iwin games
[-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
[-] Folder deleted: C:\Program Files (x86)\iwin games
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\Companion
[-] Folder deleted: C:\Program Files (x86)\Pogo Games
[-] Folder deleted: C:\Program Files (x86)\Yahoo!\yset
[-] Folder deleted: C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac
[-] Folder deleted: C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnfegheljpcijmdgonkecjpcaopjlpac
[-] Folder deleted: C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl
[-] Folder deleted: C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\peglehonblabfemopkgmfcpofbchegcl


***** [ Files ] *****

[-] File deleted: C:\Users\Cindy\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml
[-] File deleted: C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\extensions\jid1-16aeif9OQIRKxA@jetpack.xpi


***** [ DLL ] *****



***** [ WMI ] *****



***** [ Shortcuts ] *****



***** [ Scheduled Tasks ] *****



***** [ Registry ] *****

[-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{635ADC07-6F19-42A7-8043-EDD19678CE14}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{635ADC07-6F19-42A7-8043-EDD19678CE14}
[-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{44E6B68E-8DA5-4093-921B-7275E5B3906A}
[-] Key deleted: HKU\.DEFAULT\Software\PogoDGC
[-] Key deleted: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\Software\PogoDGC
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4015324910-1557653689-3941867134-1001\Software\wecarereminder
[-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4015324910-1557653689-3941867134-1001\Software\PogoDGC
[#] Key deleted on reboot: HKU\S-1-5-18\Software\PogoDGC
[#] Key deleted on reboot: HKCU\Software\PogoDGC
[-] Key deleted: HKLM\SOFTWARE\PogoDGC
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
[-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PogoDGC
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4015324910-1557653689-3941867134-1001\Software\wecarereminder
[#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4015324910-1557653689-3941867134-1001\Software\PogoDGC
[#] Key deleted on reboot: [x64] HKCU\Software\PogoDGC
[-] Key deleted: HKCU\SOFTWARE\Microsoft\IntelliPoint\AppSpecific\PogoDGC.exe


***** [ Web browsers ] *****

[-] Chrome preferences cleaned: "browser.search.hiddenOneOffs" - "Yahoo,Ask Web Search,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en)"
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.lastActivePing" - "1454980878443"
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark.hp.enabled" - false
[-] Chrome preferences cleaned: "extensions.toolbar.mindspark.lastInstalled" - "pconverter@mindspark.com"
[-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
[-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.conduit.com
[-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: dts.search-results.com
[-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: nnfegheljpcijmdgonkecjpcaopjlpac
[-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pcajpdcjfekhfnapaiphaecoajeollnc
[-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: peglehonblabfemopkgmfcpofbchegcl
[-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
[-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com


*************************

:: "Tracing" keys deleted
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C0].txt - [5637 Bytes] - [14/12/2016 22:44:46]
C:\AdwCleaner\AdwCleaner[R0].txt - [27130 Bytes] - [29/11/2014 13:54:32]
C:\AdwCleaner\AdwCleaner[S0].txt - [27096 Bytes] - [29/11/2014 14:02:29]
C:\AdwCleaner\AdwCleaner[S1].txt - [6008 Bytes] - [14/12/2016 22:42:20]

########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5931 Bytes] ##########




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.1.0 (12.05.2016)
Operating System: Windows 10 Home x64
Ran by Cindy (Administrator) on Wed 12/14/2016 at 22:51:47.34
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 13

Successfully deleted: C:\Users\Cindy\AppData\Local\{01CBDC91-2762-403B-9654-32B171393558} (Empty Folder)
Successfully deleted: C:\Users\Cindy\AppData\Local\{1DACF147-FBA9-4E70-8989-685B2BBB5EAD} (Empty Folder)
Successfully deleted: C:\Users\Cindy\AppData\Local\{7DE4FD06-6B71-4758-A0FC-F84CBC971528} (Empty Folder)
Successfully deleted: C:\Users\Cindy\AppData\Local\{8045FD57-AF7B-4382-9D4A-E8EC551E3181} (Empty Folder)
Successfully deleted: C:\Users\Cindy\AppData\Local\{A13ABDA7-80C8-446A-885E-BF5901353DB7} (Empty Folder)
Successfully deleted: C:\Users\Cindy\AppData\Local\{AC341EB7-C79E-4CB7-A8D4-6B7F78B17D81} (Empty Folder)
Successfully deleted: C:\Users\Cindy\AppData\Local\{BB52D58A-C03B-4272-B72B-D2B4D53A686B} (Empty Folder)
Successfully deleted: C:\Users\Cindy\AppData\Local\{C4D94058-73BA-44B6-BA1A-728BAC1E39E0} (Empty Folder)
Successfully deleted: C:\Users\Cindy\AppData\Local\{C8CE374D-A6E9-4D4B-9B8D-05D69B3FD3EC} (Empty Folder)
Successfully deleted: C:\Users\Cindy\AppData\Local\{E9777F46-D74C-414B-91C3-33A10EE67316} (Empty Folder)
Successfully deleted: C:\Users\Cindy\AppData\Local\{F1AEE845-0C1C-404F-9A6B-F06B8F738A2E} (Empty Folder)
Successfully deleted: C:\Users\Cindy\AppData\Roaming\alawarentertainment (Folder)
Successfully deleted: C:\Program Files (x86)\GUT5BD6.tmp (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 12/14/2016 at 22:57:36.86
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Juliet
2016-12-15, 12:25
Did you allow AdwCleaner to remove what it found?



Let's update Malwarebytes Anti-Malware and run a new scan.

Open Malwarebytes Anti-Malware



On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
Upon completion of the scan (or after the reboot), click the History tab.
Click Application Logs, followed by the first Scan Log.
Click Export, followed by Copy to Clipboard. Paste the log in your next reply.



How is your computer now?

ckingcin63
2016-12-15, 17:02
It seems like it is getting better. Thanks!

Here is the log:

Malwarebytes
www.malwarebytes.com

-Log Details-
Scan Date: 12/15/16
Scan Time: 8:45 AM
Logfile:
Administrator: Yes

-Software Information-
Version: 3.0.4.1269
Components Version: 1.0.39
Update Package Version: 1.0.746
License: Trial

-System Information-
OS: Windows 10
CPU: x64
File System: NTFS
User: CINDY-PC\Cindy

-Scan Summary-
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 457665
Time Elapsed: 7 min, 1 sec

-Scan Options-
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

-Scan Details-
Process: 0
(No malicious items detected)

Module: 0
(No malicious items detected)

Registry Key: 4
PUP.Optional.MeFeedia, HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{154D932F-DC51-4A4F-9D52-B78B1419D3B4}, Quarantined, [12474], [168190],1.0.746
PUP.Optional.MeFeedia, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{154D932F-DC51-4A4F-9D52-B78B1419D3B4}, Quarantined, [12474], [168190],1.0.746
PUP.Optional.MeFeedia, HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{154D932F-DC51-4A4F-9D52-B78B1419D3B4}, Quarantined, [12474], [168190],1.0.746
PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\nmhostct3299568, Quarantined, [13360], [186833],1.0.746

Registry Value: 0
(No malicious items detected)

Data Stream: 0
(No malicious items detected)

Folder: 2
PUP.Optional.Blekko, C:\USERS\CINDY\APPDATA\LOCALLOW\blekkotb_019, Quarantined, [8209], [181688],1.0.746
PUP.Optional.ConduitTB.Gen, C:\USERS\CINDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KNX140LM.DEFAULT\CT3299568, Quarantined, [13360], [181765],1.0.746

File: 4
PUP.Optional.ConduitTB.Gen, C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\CT3299568\CT3299568.fullUserID, Quarantined, [13360], [181765],1.0.746
PUP.Optional.ConduitTB.Gen, C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\CT3299568\CT3299568.UserID, Quarantined, [13360], [181765],1.0.746
PUP.Optional.SafeInstall, C:\USERS\CINDY\DESKTOP\MANUALDOWNLOAD.EXE, Quarantined, [3674], [77133],1.0.746
PUP.Optional.ArcadeYum, C:\USERS\CINDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KNX140LM.DEFAULT\EXTENSIONS\{C7928956-827D-4649-A234-BB758377C005}.XPI, Quarantined, [8200], [235580],1.0.746

Physical Sector: 0
(No malicious items detected)


(end)

Juliet
2016-12-16, 00:08
Glad it's better now.

Follow the instructions below to run a scan using the Emsisoft Emergency Kit.

Download the Emsisoft Emergency Kit (https://www.emsisoft.com/en/software/eek/download/) and execute it.
From there, click on the Extract button to extract the program in the EEK folder;
Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program.

Click on Yes to launch it.
After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;

If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
This time, click on Logs;
From there, go under the Quarantine Log tab, and click on the Export button;

Save the log on your desktop, then open it, and copy/paste its content in your next reply;

ckingcin63
2016-12-16, 18:24
Here is the log......not much there.

Emsisoft Emergency Kit - Version 12.0
Scan log

Date Scan Method Objects Scanned Objects Detected Duration Type Computer Name
12/16/2016 10:08:20 AM Malware 79591 1 0:12:31 Manual scan CINDY-PC

Juliet
2016-12-16, 20:31
Computer better now?, ready to remove tools and quarantine folders?

ckingcin63
2016-12-17, 06:14
Yes it is running much better. I can't thank you enough!!

Juliet
2016-12-17, 14:31
We're glad to help


Please download DelFix (http://general-changelog-team.fr/en/downloads/finish/20-outils-de-xplode/9-delfix) or from Here (http://www.bleepingcomputer.com/download/delfix/) and save the file to your Desktop.
Double-click DelFix.exe to run the programme.
Place a checkmark next to the following items:
Activate UAC
Remove disinfection tools
Click the Run button.
-- This will remove the specialized tools we used to disinfect your system.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

*****************


Answers to common security questions - Best Practices (http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/) by quietman7, MVP
How Malware Spreads - How did I get infected? (http://www.bleepingcomputer.com/forums/t/287710/how-malware-spreads-how-did-i-get-infected/) by quietman7, MVP
Simple and easy ways to keep your computer safe and secure on the Internet (http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/) by Lawrence Abrams, MVP
How to Prevent Malware (http://users.telenet.be/bluepatchy/miekiemoes/prevention.html) by miekiemoes, MVP
How to backup and restore your data using Cobian Backup (http://www.bleepingcomputer.com/tutorials/backup-and-restore-data-with-cobian-backup/) by YourHighness
Slow Computer/browser? It May Not Be Malware (http://www.bleepingcomputer.com/forums/t/87058/slow-computerbrowser-check-here-first;-it-may-not-be-malware/) by quietman7, MVP


AdBlock (https://adblockplus.org/en/firefox) is a browser add-on that blocks annoying banners, pop-ups and video ads.
http://i.imgur.com/E8I37RF.pngCryptoPrevent (https://www.foolishit.com/) places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
http://i.imgur.com/EG85Vjt.png Malwarebytes Anti-Exploit (https://www.malwarebytes.org/antiexploit/) (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
http://i.imgur.com/6YRrgUC.png Malwarebytes Anti-Malware Premium (https://www.malwarebytes.org/) (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
http://i.imgur.com/jv4nhMJ.png NoScript (http://noscript.net/) is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
http://i.imgur.com/3O8r9Uq.png (http://www.sandboxie.com/) Sandboxie (http://www.sandboxie.com/) isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
http://i.imgur.com/DgW1XL2.png Secunia PSI (http://secunia.com/vulnerability_scanning/personal/) will scan your computer for vulnerable software that is outdated, and automatically find the latest update for you.
http://i.imgur.com/j1OLIec.png SpywareBlaster (https://www.brightfort.com/spywareblaster.html) is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
http://i.imgur.com/sHjS79L.png Unchecky (http://unchecky.com/) automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
http://i.imgur.com/JEP5iWI.png Web of Trust (https://www.mywot.com/) (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.

Juliet
2016-12-21, 03:04
Glad we could help. :)

Since this issue appears resolved ... this Topic is closed.