Maybe by the time we are done with this I'll get it straight!! So sorry will have to do later tonite when I'm on home computer
Maybe by the time we are done with this I'll get it straight!! So sorry will have to do later tonite when I'm on home computer
sorry again - thought it was part of the add txt file
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Corinne (administrator) on CORINNE-PC (21-01-2016 20:04:37)
Running from C:\Users\Corinne\Desktop
Loaded Profiles: Corinne (Available Profiles: Corinne)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\RunOnce: [Uninstall C:\Users\Corinne\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Corinne\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{b0bd7e33-ea32-450a-9299-30cc53ef45df}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-22] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-22] (Oracle Corporation)
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-22] (Oracle Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-18]
CHR Extension: (Google Drive) - C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-18]
CHR Extension: (YouTube) - C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-18]
CHR Extension: (Google Search) - C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-18]
CHR Extension: (Gmail) - C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-18]
Opera:
=======
OPR StartupUrls: "hxxp://msn.com/"
OPR Session Restore: -> is enabled.
OPR Extension: (Adblock Fast) - C:\Users\Corinne\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhobddcbiabdfjmomildokiglpmdicc [2015-11-23]
OPR Extension: (Adblock Plus) - C:\Users\Corinne\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-01-07]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
R3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-21] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [65576 2015-06-16] (Safer-Networking Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-20 00:17 - 2016-01-19 21:01 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160120-001724.backup
2016-01-19 21:27 - 2016-01-19 21:30 - 00000556 _____ C:\Users\Corinne\Desktop\JRT.txt
2016-01-19 21:06 - 2016-01-20 19:00 - 00000000 ____D C:\AdwCleaner
2016-01-19 21:01 - 2016-01-19 21:01 - 00001070 _____ C:\Users\Corinne\Desktop\Fixlog.txt
2016-01-19 20:57 - 2016-01-19 21:25 - 01600184 _____ (Malwarebytes) C:\Users\Corinne\Downloads\JRT.exe
2016-01-19 20:56 - 2016-01-19 21:06 - 01505280 _____ C:\Users\Corinne\Downloads\AdwCleaner.exe
2016-01-16 18:37 - 2016-01-01 04:42 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160116-183749.backup
2016-01-16 17:17 - 2016-01-16 17:17 - 00002431 _____ C:\Users\Corinne\Desktop\aswMBR.txt
2016-01-16 16:52 - 2016-01-21 20:04 - 00007589 _____ C:\Users\Corinne\Desktop\FRST.txt
2016-01-16 16:51 - 2016-01-16 16:51 - 00023679 _____ C:\Users\Corinne\Desktop\Addition.txt
2016-01-16 16:44 - 2016-01-16 16:45 - 00023679 _____ C:\Users\Corinne\Downloads\Addition.txt
2016-01-16 16:43 - 2016-01-21 20:04 - 00000000 ____D C:\FRST
2016-01-16 16:43 - 2016-01-16 16:45 - 00026341 _____ C:\Users\Corinne\Downloads\FRST.txt
2016-01-16 16:40 - 2016-01-16 16:40 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-CORINNE-PC-Windows-10-Pro-(64-bit).dat
2016-01-16 16:40 - 2016-01-16 16:40 - 00000000 ____D C:\RegBackup
2016-01-16 16:39 - 2016-01-16 16:39 - 00002312 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-01-16 16:39 - 2016-01-16 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-01-16 16:39 - 2016-01-16 16:39 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-01-16 16:38 - 2016-01-16 16:39 - 00016401 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-01-16 16:34 - 2016-01-16 16:38 - 04777232 _____ (Tweaking.com) C:\Users\Corinne\Downloads\tweaking.com_registry_backup_setup.exe
2016-01-16 16:33 - 2016-01-16 16:42 - 02370560 _____ (Farbar) C:\Users\Corinne\Desktop\FRST64.exe
2016-01-16 16:32 - 2016-01-16 16:53 - 05198336 _____ (AVAST Software) C:\Users\Corinne\Downloads\aswMBR.exe
2016-01-16 03:02 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-16 03:02 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-16 03:02 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-16 03:02 - 2016-01-04 21:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-16 03:02 - 2016-01-04 21:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-16 03:02 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-16 03:02 - 2016-01-04 21:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-16 03:02 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-16 03:02 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-16 03:02 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-16 03:02 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-16 03:02 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-16 03:02 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-16 03:02 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-16 03:02 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-16 03:02 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-16 03:02 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-16 03:02 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-16 03:02 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-16 03:02 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-16 03:02 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-16 03:02 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-16 03:02 - 2016-01-04 20:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-16 03:02 - 2016-01-04 20:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-16 03:02 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-16 03:02 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-16 03:02 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-16 03:02 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-16 03:02 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-16 03:02 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-16 03:02 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-16 03:02 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-16 03:02 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-16 03:02 - 2016-01-04 20:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-16 03:02 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-16 03:02 - 2016-01-04 20:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-16 03:02 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-16 03:02 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-16 03:02 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-16 03:02 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-16 03:02 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-16 03:02 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-16 03:02 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-16 03:02 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-16 03:02 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-16 03:02 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-16 03:02 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-16 03:02 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-16 03:02 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-16 03:02 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-16 03:02 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-16 03:02 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-16 03:02 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-16 03:02 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-16 03:02 - 2016-01-04 20:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-16 03:02 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-16 03:02 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-16 03:02 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-16 03:02 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-16 03:02 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-16 03:02 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-16 03:02 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-16 03:02 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-16 03:02 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-16 03:02 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-16 03:02 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-16 03:02 - 2016-01-04 20:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-16 03:02 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-16 03:02 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-16 03:02 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-16 03:02 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-16 03:02 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-16 03:02 - 2016-01-04 20:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-16 03:02 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-16 01:01 - 2016-01-16 01:02 - 00062360 _____ C:\TDSSKiller.3.1.0.9_16.01.2016_01.01.39_log.txt
2016-01-16 01:00 - 2016-01-16 01:01 - 04633146 _____ C:\Users\Corinne\Downloads\tdsskiller (1).zip
2016-01-16 01:00 - 2016-01-16 01:00 - 00000366 _____ C:\TDSSKiller.3.0.0.44_16.01.2016_01.00.28_log.txt
2016-01-09 13:00 - 2016-01-09 13:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-12-29 02:26 - 2015-12-29 02:26 - 02560144 _____ (Microsoft Corporation) C:\Users\Corinne\Downloads\DefaultPack (2).EXE
2015-12-28 22:03 - 2015-12-28 22:03 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2015-12-28 22:00 - 2015-12-28 22:02 - 58082952 _____ (Microsoft Corporation) C:\Users\Corinne\Downloads\EIE11_EN-US_MCM_WIN764 (1).EXE
2015-12-28 21:40 - 2015-12-28 21:40 - 00584288 _____ (Oracle Corporation) C:\Users\Corinne\Downloads\JavaSetup8u66 (2).exe
2015-12-28 21:39 - 2015-12-28 21:40 - 00584288 _____ (Oracle Corporation) C:\Users\Corinne\Downloads\JavaSetup8u66 (1).exe
2015-12-28 18:38 - 2016-01-19 19:38 - 19604160 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-21 19:38 - 2015-10-03 15:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-21 19:25 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-21 19:25 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-21 19:23 - 2015-10-03 15:30 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8884C0D3-6CBD-4E47-9640-E7E1C4272A96}
2016-01-21 19:20 - 2015-10-25 20:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-20 19:07 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-20 19:07 - 2015-09-18 21:28 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-20 19:01 - 2015-12-11 05:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-20 19:00 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-19 21:18 - 2015-09-27 18:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-19 21:03 - 2015-10-03 15:29 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-01-19 21:02 - 2015-12-11 04:59 - 00000000 ____D C:\Users\Corinne
2016-01-19 21:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-19 21:01 - 2012-04-06 21:14 - 00000000 ____D C:\Users\Corinne\AppData\LocalLow\Temp
2016-01-19 19:38 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-19 19:38 - 2015-10-03 15:29 - 00004032 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-01-19 19:38 - 2015-09-19 01:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-19 19:37 - 2015-10-03 16:25 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-16 16:44 - 2015-10-30 01:28 - 00000000 ____D C:\Windows
2016-01-16 01:00 - 2015-07-21 19:55 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Corinne\Downloads\tdsskiller (1).exe
2016-01-16 00:57 - 2015-11-07 12:19 - 00003960 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1446916789
2016-01-16 00:57 - 2015-11-07 12:19 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-01-16 00:57 - 2015-09-18 23:07 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-15 23:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-01-10 14:41 - 2015-09-18 21:25 - 00000000 ____D C:\Users\Corinne\AppData\Local\Packages
2016-01-10 14:27 - 2015-10-03 21:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 01:03 - 2015-09-20 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-02 01:03 - 2015-09-20 20:05 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-29 20:53 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-29 20:50 - 2011-08-16 13:34 - 60296312 _____ C:\Users\Corinne\Downloads\eppx-win-4_0_0-en.exe
2015-12-28 18:38 - 2015-10-03 15:29 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
==================== Files in the root of some directories =======
2015-12-11 04:56 - 2015-12-11 04:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Corinne\AppData\Local\Temp\sqlite3.dll
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-12 19:48
==================== End of FRST.txt ============================
Wondering why Chrome is showing up in files since I removed it from uninstall program files thru Windows & am now using Opera - curious. Thanks Ken/
When you uninstall a program like Chome it leaves bits and pieces of it laying around, you may not have uninstalled it completely
The bad hosts file entries came back...
Open notepad , Go to Start --> All Programs --> Accessories --> Notepad.
Please copy the entire contents Inside of the code box below beginning with START and ending with END
(To do this highlight the contents of the box, right click on it and select copy. Right-click in the open notepad and select Paste).
Name the file Fixlist, Save it to your desktop where you have FRST/FRST64 or the fix wont work, . Then open up FRST/FRST64 and click on FIX (Not Scan) It won't take long, after your computer reboots you will find a FIXLOG.TXT on your desktop, post it please
Code:Start CloseProcesses: CreateRestorePoint: 2016-01-20 00:17 - 2016-01-19 21:01 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160120-001724.backup 2016-01-16 18:37 - 2016-01-01 04:42 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160116-183749.backup Hosts: CMD: ipconfig /flushdns EmptyTemp: End
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
here is new fixlog did not run anything else @ this time did run scan spybot last night & got some low threats so clicked fix them & spybot did say my software was being automatically updated, which is good. Will wait to hear back from you will not run anything else.
Fix result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Corinne (2016-01-23 13:27:45) Run:2
Running from C:\Users\Corinne\Desktop
Loaded Profiles: Corinne & (Available Profiles: Corinne)
Boot Mode: Normal
==============================================
fixlist content:
*****************
Start
CloseProcesses:
CreateRestorePoint:
2016-01-20 00:17 - 2016-01-19 21:01 - 00000027 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160120-001724.backup
2016-01-16 18:37 - 2016-01-01 04:42 - 00450771 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160116-183749.backup
Hosts:
CMD: ipconfig /flushdns
EmptyTemp:
End
*****************
Processes closed successfully.
Restore point was successfully created.
C:\WINDOWS\system32\Drivers\etc\hosts.20160120-001724.backup => moved successfully
C:\WINDOWS\system32\Drivers\etc\hosts.20160116-183749.backup => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
========= ipconfig /flushdns =========
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========= End of CMD: =========
EmptyTemp: => 33.9 MB temporary data Removed.
The system needed a reboot.
==== End of Fixlog 13:28:05 ====
Ken, was curious so went to spybot home page to see if updates were still checked updating successfully - were not = said it was stopped again. So I clicked on update & got error could not update! Could not see how to copy this here in thread & not sure of you are able to see this on my spotbot page or not. urgh!!
When were done here i will link you to the Spybot people, there more in tune to issues like this then I am
Go ahead and run a new scan with FRST, make sure to checkmark Additions and post both logs and lets see if what we removed has returned. If it did there may be something else lurking on your system and we will have to dig deeper
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Additional scan result of Farbar Recovery Scan Tool (x64) Version:10-01-2015 01
Ran by Corinne (2016-01-23 20:39:52)
Running from C:\Users\Corinne\Desktop
Windows 10 Pro (X64) (2015-12-11 10:09:26)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-3611819408-1750479240-3027513373-500 - Administrator - Disabled)
Corinne (S-1-5-21-3611819408-1750479240-3027513373-1000 - Administrator - Enabled) => C:\Users\Corinne
DefaultAccount (S-1-5-21-3611819408-1750479240-3027513373-503 - Limited - Disabled)
Guest (S-1-5-21-3611819408-1750479240-3027513373-501 - Limited - Disabled)
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Spybot - Search and Destroy (Enabled - Out of date) {1A0DDE8C-B4BA-EFDD-22A8-0F557C7985F0}
AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Flash Player 20 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 20.0.0.286 - Adobe Systems Incorporated)
Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 38.3.0 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.5.0 (x86 en-US)) (Version: 38.5.0 - Mozilla)
Mozilla Thunderbird 38.5.1 (x86 en-US) (HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\Mozilla Thunderbird 38.5.1 (x86 en-US)) (Version: 38.5.1 - Mozilla)
Opera Stable 34.0.2036.50 (HKLM-x32\...\Opera 34.0.2036.50) (Version: 34.0.2036.50 - Opera Software)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
CustomCLSID: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Corinne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {1CCA805E-90FB-41D7-B921-610BA22003E3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-19] (Microsoft Corporation)
Task: {3E7AF226-071E-4980-A698-B7FF2826B875} - System32\Tasks\Opera scheduled Autoupdate 1446916789 => C:\Program Files (x86)\Opera\launcher.exe [2016-01-18] (Opera Software)
Task: {9526477D-1FA2-44D1-876B-49FCCAB3F606} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {95E78B6A-CD02-4A66-A90B-8BFE559D1A6C} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe [2016-01-19] (Adobe Systems Incorporated)
Task: {ADF2A0F0-28D4-4044-A9A4-B5022F30E16B} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan most recently used file in the background => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDOnAccess.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {B8A541D8-126D-43D0-A242-8A3AD16C255D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
Task: {C55C14AB-2F0F-4CD3-9315-5B15A833484B} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-19] (Adobe Systems Incorporated)
Task: {F47F2896-5E71-4A90-98D6-A8D53894270D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_20_0_0_286_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-11 07:48 - 2015-12-11 07:48 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-11 07:48 - 2015-12-11 07:48 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-17 22:55 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-17 22:55 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-16 03:02 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-16 03:02 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-16 03:02 - 2016-01-04 20:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-16 03:02 - 2016-01-04 20:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-09-27 18:55 - 2014-05-13 11:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-09-27 18:55 - 2014-05-13 11:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-09-27 18:55 - 2014-05-13 11:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-01-22 00:57 - 2016-01-22 00:57 - 61568120 _____ () C:\Program Files (x86)\Opera\34.0.2036.50\opera.dll
2016-01-22 00:57 - 2016-01-22 00:57 - 01983096 _____ () C:\Program Files (x86)\Opera\34.0.2036.50\libglesv2.dll
2016-01-22 00:57 - 2016-01-22 00:57 - 00081528 _____ () C:\Program Files (x86)\Opera\34.0.2036.50\libegl.dll
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== EXE Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
There are 7868 more sites.
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\123simsen.com -> www.123simsen.com
There are 7868 more sites.
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2015-09-19 01:02 - 2016-01-23 13:28 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Corinne\AppData\Local\Microsoft\Windows\Themes\img19.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
==================== Restore Points =========================
05-01-2016 23:04:23 Windows Update
19-01-2016 19:36:36 Windows Update
19-01-2016 21:26:24 JRT Pre-Junkware Removal
19-01-2016 21:28:52 JRT Pre-Junkware Removal
23-01-2016 13:27:46 Restore Point Created by FRST
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (01/23/2016 01:27:55 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (01/23/2016 01:27:46 PM) (Source: VSS) (EventID: 8194) (User: )
Description: Volume Shadow Copy Service error: Unexpected error querying for the IVssWriterCallback interface. hr = 0x80070005, Access is denied.
.
This is often caused by incorrect security settings in either the writer or requestor process.
Operation:
Gathering Writer Data
Context:
Writer Class Id: {e8132975-6f93-4464-a53e-1050253ae220}
Writer Name: System Writer
Writer Instance ID: {a144a7fe-cbe3-457c-9c8d-202c82508ca2}
Error: (01/23/2016 12:41:41 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/22/2016 02:12:36 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/20/2016 11:12:27 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/19/2016 09:28:52 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (01/19/2016 09:26:35 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (01/19/2016 07:56:06 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
Error: (01/19/2016 07:36:49 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
System Error:
Access is denied.
.
Error: (01/19/2016 10:18:00 AM) (Source: ESENT) (EventID: 412) (User: )
Description: %1 (%2) %3Unable to read the header of logfile %4. Error %5.
System errors:
=============
Error: (01/23/2016 05:17:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_268c8 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (01/23/2016 03:53:03 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
Error: (01/23/2016 02:52:02 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_25fd9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (01/23/2016 01:28:30 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1c0875e service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
Error: (01/23/2016 01:28:15 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056
Error: (01/23/2016 01:27:46 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
Error: (01/23/2016 01:27:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
Error: (01/23/2016 01:27:45 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
Error: (01/23/2016 01:27:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The MBAMScheduler service terminated unexpectedly. It has done this 1 time(s).
Error: (01/23/2016 12:30:18 PM) (Source: DCOM) (EventID: 10016) (User: Corinne-PC)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Corinne-PCCorinneS-1-5-21-3611819408-1750479240-3027513373-1000LocalHost (Using LRPC)Microsoft.WindowsStore_2015.25.15.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157
CodeIntegrity:
===================================
Date: 2016-01-19 21:28:58.202
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:26:43.214
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:21:05.762
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:17:28.435
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:13:54.626
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:11:47.952
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:06:10.502
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:06:05.858
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:05:04.917
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook64.dll because the set of per-page image hashes could not be found on the system.
Date: 2016-01-19 21:04:48.901
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Program Files (x86)\Spybot - Search & Destroy 2\SDHook32.dll that did not meet the Microsoft signing level requirements.
==================== Memory info ===========================
Processor: Intel(R) Core(TM) i5-2400 CPU @ 3.10GHz
Percentage of memory in use: 16%
Total physical RAM: 8103.23 MB
Available physical RAM: 6748.74 MB
Total Virtual: 9383.23 MB
Available Virtual: 8078.65 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.22 GB) (Free:440.91 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E85AD74F)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
==================== End of Addition.txt ============================
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:10-01-2015 01
Ran by Corinne (administrator) on CORINNE-PC (23-01-2016 20:39:19)
Running from C:\Users\Corinne\Desktop
Loaded Profiles: Corinne (Available Profiles: Corinne)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Opera)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.50\opera_crashreporter.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.50\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\34.0.2036.50\opera.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3611819408-1750479240-3027513373-1000\...\RunOnce: [Uninstall C:\Users\Corinne\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Corinne\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 192.168.1.1
Tcpip\..\Interfaces\{b0bd7e33-ea32-450a-9299-30cc53ef45df}: [DhcpNameServer] 192.168.1.1 192.168.1.1
Internet Explorer:
==================
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-01-23] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-01-23] (Oracle Corporation)
FireFox:
========
FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-01-23] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-01-23] (Oracle Corporation)
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Docs) - C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-18]
CHR Extension: (Google Drive) - C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-09-18]
CHR Extension: (YouTube) - C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-18]
CHR Extension: (Google Search) - C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-09-18]
CHR Extension: (Gmail) - C:\Users\Corinne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-18]
Opera:
=======
OPR StartupUrls: "hxxp://msn.com/"
OPR Session Restore: -> is enabled.
OPR Extension: (Adblock Fast) - C:\Users\Corinne\AppData\Roaming\Opera Software\Opera Stable\Extensions\klhobddcbiabdfjmomildokiglpmdicc [2015-11-23]
OPR Extension: (Adblock Plus) - C:\Users\Corinne\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-01-07]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S3 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
S3 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
S3 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-23] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
R1 SDHookDriver; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDHookDrv64.sys [65576 2015-06-16] (Safer-Networking Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-22 22:36 - 2016-01-20 00:17 - 00449968 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160122-223622.backup
2016-01-19 21:27 - 2016-01-19 21:30 - 00000556 _____ C:\Users\Corinne\Desktop\JRT.txt
2016-01-19 21:06 - 2016-01-20 19:00 - 00000000 ____D C:\AdwCleaner
2016-01-19 21:01 - 2016-01-23 13:28 - 00001271 _____ C:\Users\Corinne\Desktop\Fixlog.txt
2016-01-19 20:57 - 2016-01-19 21:25 - 01600184 _____ (Malwarebytes) C:\Users\Corinne\Downloads\JRT.exe
2016-01-19 20:56 - 2016-01-19 21:06 - 01505280 _____ C:\Users\Corinne\Downloads\AdwCleaner.exe
2016-01-16 17:17 - 2016-01-16 17:17 - 00002431 _____ C:\Users\Corinne\Desktop\aswMBR.txt
2016-01-16 16:52 - 2016-01-23 20:39 - 00007845 _____ C:\Users\Corinne\Desktop\FRST.txt
2016-01-16 16:51 - 2016-01-21 20:05 - 00023699 _____ C:\Users\Corinne\Desktop\Addition.txt
2016-01-16 16:44 - 2016-01-16 16:45 - 00023679 _____ C:\Users\Corinne\Downloads\Addition.txt
2016-01-16 16:43 - 2016-01-23 20:39 - 00000000 ____D C:\FRST
2016-01-16 16:43 - 2016-01-16 16:45 - 00026341 _____ C:\Users\Corinne\Downloads\FRST.txt
2016-01-16 16:40 - 2016-01-16 16:40 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-CORINNE-PC-Windows-10-Pro-(64-bit).dat
2016-01-16 16:40 - 2016-01-16 16:40 - 00000000 ____D C:\RegBackup
2016-01-16 16:39 - 2016-01-16 16:39 - 00002312 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2016-01-16 16:39 - 2016-01-16 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-01-16 16:39 - 2016-01-16 16:39 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-01-16 16:38 - 2016-01-16 16:39 - 00016401 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-01-16 16:34 - 2016-01-16 16:38 - 04777232 _____ (Tweaking.com) C:\Users\Corinne\Downloads\tweaking.com_registry_backup_setup.exe
2016-01-16 16:33 - 2016-01-16 16:42 - 02370560 _____ (Farbar) C:\Users\Corinne\Desktop\FRST64.exe
2016-01-16 16:32 - 2016-01-16 16:53 - 05198336 _____ (AVAST Software) C:\Users\Corinne\Downloads\aswMBR.exe
2016-01-16 03:02 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-16 03:02 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-16 03:02 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-16 03:02 - 2016-01-04 21:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-16 03:02 - 2016-01-04 21:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-16 03:02 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-16 03:02 - 2016-01-04 21:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-16 03:02 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-16 03:02 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-16 03:02 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-16 03:02 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-16 03:02 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-16 03:02 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-16 03:02 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-16 03:02 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-16 03:02 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-16 03:02 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-16 03:02 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-16 03:02 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-16 03:02 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-16 03:02 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-16 03:02 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-16 03:02 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-16 03:02 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-16 03:02 - 2016-01-04 20:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-16 03:02 - 2016-01-04 20:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-16 03:02 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-16 03:02 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-16 03:02 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-16 03:02 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-16 03:02 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-16 03:02 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-16 03:02 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-16 03:02 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-16 03:02 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-16 03:02 - 2016-01-04 20:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-16 03:02 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-16 03:02 - 2016-01-04 20:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-16 03:02 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-16 03:02 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-16 03:02 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-16 03:02 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-16 03:02 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-16 03:02 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-16 03:02 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-16 03:02 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-16 03:02 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-16 03:02 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-16 03:02 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-16 03:02 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-16 03:02 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-16 03:02 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-16 03:02 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-16 03:02 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-16 03:02 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-16 03:02 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-16 03:02 - 2016-01-04 20:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-16 03:02 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-16 03:02 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-16 03:02 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-16 03:02 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-16 03:02 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-16 03:02 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-16 03:02 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-16 03:02 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-16 03:02 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-16 03:02 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-16 03:02 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-16 03:02 - 2016-01-04 20:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-16 03:02 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-16 03:02 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-16 03:02 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-16 03:02 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-16 03:02 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-16 03:02 - 2016-01-04 20:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-16 03:02 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-16 01:01 - 2016-01-16 01:02 - 00062360 _____ C:\TDSSKiller.3.1.0.9_16.01.2016_01.01.39_log.txt
2016-01-16 01:00 - 2016-01-16 01:01 - 04633146 _____ C:\Users\Corinne\Downloads\tdsskiller (1).zip
2016-01-16 01:00 - 2016-01-16 01:00 - 00000366 _____ C:\TDSSKiller.3.0.0.44_16.01.2016_01.00.28_log.txt
2016-01-09 13:00 - 2016-01-09 13:00 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2015-12-29 02:26 - 2015-12-29 02:26 - 02560144 _____ (Microsoft Corporation) C:\Users\Corinne\Downloads\DefaultPack (2).EXE
2015-12-28 22:03 - 2015-12-28 22:03 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2015-12-28 22:00 - 2015-12-28 22:02 - 58082952 _____ (Microsoft Corporation) C:\Users\Corinne\Downloads\EIE11_EN-US_MCM_WIN764 (1).EXE
2015-12-28 21:40 - 2015-12-28 21:40 - 00584288 _____ (Oracle Corporation) C:\Users\Corinne\Downloads\JavaSetup8u66 (2).exe
2015-12-28 21:39 - 2015-12-28 21:40 - 00584288 _____ (Oracle Corporation) C:\Users\Corinne\Downloads\JavaSetup8u66 (1).exe
2015-12-28 18:38 - 2016-01-19 19:38 - 19604160 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-01-23 20:38 - 2015-10-03 15:29 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-01-23 19:06 - 2015-10-03 15:29 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-01-23 18:52 - 2015-10-03 15:30 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8884C0D3-6CBD-4E47-9640-E7E1C4272A96}
2016-01-23 18:09 - 2015-10-25 20:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-23 17:24 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-23 17:24 - 2015-09-18 21:28 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-23 17:18 - 2015-12-11 05:06 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-01-23 17:17 - 2015-10-30 01:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-01-23 14:51 - 2015-09-20 20:05 - 00000000 ____D C:\ProgramData\Oracle
2016-01-23 14:51 - 2015-09-20 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-01-23 14:50 - 2015-10-03 15:39 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-01-23 14:50 - 2015-09-20 20:05 - 00000000 ____D C:\Program Files (x86)\Java
2016-01-23 14:50 - 2015-09-17 19:37 - 00000000 ____D C:\Users\Corinne\.oracle_jre_usage
2016-01-22 21:17 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-22 00:57 - 2015-11-07 12:19 - 00003960 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1446916789
2016-01-22 00:57 - 2015-11-07 12:19 - 00001120 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2016-01-22 00:57 - 2015-09-18 23:07 - 00000000 ____D C:\Program Files (x86)\Opera
2016-01-21 20:05 - 2015-10-30 01:28 - 00000000 ____D C:\Windows
2016-01-21 19:25 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-19 21:18 - 2015-09-27 18:55 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-01-19 21:02 - 2015-12-11 04:59 - 00000000 ____D C:\Users\Corinne
2016-01-19 21:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-19 21:01 - 2012-04-06 21:14 - 00000000 ____D C:\Users\Corinne\AppData\LocalLow\Temp
2016-01-19 19:38 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-19 19:38 - 2015-10-03 15:29 - 00004032 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-01-19 19:38 - 2015-09-19 01:32 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-19 19:37 - 2015-10-03 16:25 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-16 01:00 - 2015-07-21 19:55 - 04197016 _____ (Kaspersky Lab ZAO) C:\Users\Corinne\Downloads\tdsskiller (1).exe
2016-01-15 23:15 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-01-10 14:41 - 2015-09-18 21:25 - 00000000 ____D C:\Users\Corinne\AppData\Local\Packages
2016-01-10 14:27 - 2015-10-03 21:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-29 20:53 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-29 20:50 - 2011-08-16 13:34 - 60296312 _____ C:\Users\Corinne\Downloads\eppx-win-4_0_0-en.exe
2015-12-28 18:38 - 2015-10-03 15:29 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
==================== Files in the root of some directories =======
2015-12-11 04:56 - 2015-12-11 04:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Some files in TEMP:
====================
C:\Users\Corinne\AppData\Local\Temp\jre-8u71-windows-au.exe
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-01-22 21:51
==================== End of FRST.txt ============================
Ken spybot was working on updating before this came back & now I can't update it - makes me wonder if this is caused by virus? Thanks for your help.
The hosts file back up came back, normally its a sign of malware changing your system but I am wondering if using the Spybot hosts file if its making back ups of this and its ok, not sure but I am going to check on it , be back soon
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.
Thanks Ken - should I go to FRST & fix again & right now since spybot error I have not scanned since it can't update, not have I run Malware since last time you asked me to.
No, dont run another fix, just hang on for a bit. I'll be back as soon as I hear something
Microsoft MVP Consumer Security 2007-2008-2009-2010-2011-2012-2013-2014
ERROR MESSAGE 386
No KeyBoard Detected
Press F1 To Continue
Just a reminder that threads will be closed if no reply in 3 days.