Page 1 of 2 12 LastLast
Results 1 to 10 of 17

Thread: Spybots freezes up at CNNIC.searchbar

  1. #1
    Junior Member
    Join Date
    Mar 2016
    Posts
    10

    Default Spybots freezes up at CNNIC.searchbar

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-03-2016
    Ran by Remi (administrator) on LAPTOP (03-03-2016 10:38:09)
    Running from C:\Users\Remi\Downloads
    Loaded Profiles: Remi (Available Profiles: Remi & nela)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: FF)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AMD) C:\Windows\System32\atiesrxx.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
    (Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
    (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (AMD) C:\Windows\System32\atieclxx.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OFFICE15\CSISYNCCLIENT.EXE
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
    () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_20_0_0_306.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [289008 2015-05-22] (Intel Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [446392 2012-04-04] (Adobe Systems Incorporated)
    HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 1999-12-31] (IDT, Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3952800 2015-08-21] (Synaptics Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
    HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-11-04] (Advanced Micro Devices, Inc.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
    HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [580512 2012-07-31] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1343904 2012-11-05] (Hewlett-Packard Development Company, L.P.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Raptr] => C:\Program Files (x86)\Raptr\raptrstub.exe [56080 2015-07-27] (Raptr, Inc)
    HKLM-x32\...\Run: [SwitchBoard] => C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [AdobeCS6ServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CS6ServiceManager\CS6ServiceManager.exe [1073312 2012-03-09] (Adobe Systems Incorporated)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\Run: [Power2GoExpress8] => C:\Program Files (x86)\CyberLink\Power2Go8\Power2GoExpress8.exe [1711680 2013-01-27] (CyberLink Corp.)
    HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\Run: [BitTorrent] => C:\Program Files (x86)\BitTorrent\BitTorrent.exe [4770672 2015-09-20] (BitTorrent, Inc.)
    HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\iSCTsysTray.lnk [2012-09-13]
    ShortcutTarget: iSCTsysTray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray.exe (Intel Corporation)
    Startup: C:\Users\Remi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SharePort Plus Utility.lnk [2015-11-01]
    ShortcutTarget: SharePort Plus Utility.lnk -> C:\Program Files\D-Link\SharePort Utility\Connect.exe (D-Link Corp.)
    Startup: C:\Users\Remi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\SharePort Utility.lnk [2015-11-01]
    ShortcutTarget: SharePort Utility.lnk -> C:\Program Files\D-Link\SharePort Utility\Connect.exe (D-Link Corp.)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{4a3bc4ee-b3ef-472f-be9e-098b94e11e3c}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
    HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
    HKU\S-1-5-21-4011410636-728019058-727978947-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.ca/
    HKU\S-1-5-21-4011410636-728019058-727978947-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
    HKU\S-1-5-21-4011410636-728019058-727978947-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/HPNOT13/1
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {8F03DA48-38C4-4195-B8A6-5ECDBE4D8AF3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\S-1-5-21-4011410636-728019058-727978947-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4011410636-728019058-727978947-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKU\S-1-5-21-4011410636-728019058-727978947-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
    BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
    BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
    BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-01-12] (Microsoft Corporation)
    BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-01-12] (Microsoft Corporation)
    BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
    Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Remi\AppData\Roaming\Mozilla\Firefox\Profiles\amwalmu5.default-1442841602520
    FF NewTab: about:newtab
    FF Homepage: www.google.ca
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-09] ()
    FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-09] ()
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw.dll [2012-04-26] (Adobe Systems, Inc.)
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
    FF Plugin-x32: @authentec.com/ffwloplugin -> C:\Program Files (x86)\HP SimplePass\npffwloplugin.dll [2013-06-07] ( HP)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.56 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-10-10] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-10-10] (Intel Corporation)
    FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin.dll [2015-12-22] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin2.dll [2015-12-22] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin3.dll [2015-12-22] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin4.dll [2015-12-22] (Apple Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npqtplugin5.dll [2015-12-22] (Apple Inc.)
    FF Extension: TrueSuite Website Logon - C:\Program Files (x86)\Mozilla Firefox\distribution\bundles\websitelogon@truesuite.com [2015-11-06] [not signed]

    Chrome:
    =======
    CHR HomePage: Default -> hxxp://www.google.ca/
    CHR StartupUrls: Default -> "hxxp://www.google.ca/"
    CHR Profile: C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Slides) - C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-09-25]
    CHR Extension: (Google Docs) - C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-09-25]
    CHR Extension: (Google Drive) - C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
    CHR Extension: (YouTube) - C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-25]
    CHR Extension: (Google Search) - C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
    CHR Extension: (Google Sheets) - C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-09-25]
    CHR Extension: (Google Docs Offline) - C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-10]
    CHR Extension: (Website Logon) - C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default\Extensions\kanflfepiobnpjbljmngfgegijhdpljm [2015-09-25]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-25]
    CHR Extension: (Gmail) - C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-09-25]
    CHR HKLM-x32\...\Chrome\Extension: [kanflfepiobnpjbljmngfgegijhdpljm] - C:\Program Files (x86)\HP SimplePass\tschrome.crx [2013-04-01]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    S4 D-Link SharePort Helper; C:\Program Files\D-Link\SharePort Utility\Spnuhelper.exe [49152 2009-12-10] () [File not signed]
    S4 FPLService; C:\Program Files (x86)\HP SimplePass\TrueSuiteService.exe [1641768 2013-06-07] (HP)
    R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
    S4 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [18672 2015-05-22] (Intel Corporation)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
    S4 Intel(R) Bluetooth Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [160712 2013-03-11] (Intel Corporation)
    S4 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [158496 2014-10-10] (Intel Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    R2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [333824 1999-12-31] (IDT, Inc.) [File not signed]
    S4 SwitchBoard; C:\Program Files (x86)\Common Files\Adobe\SwitchBoard\SwitchBoard.exe [517096 2010-02-19] (Adobe Systems Incorporated) [File not signed]
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247968 2015-08-21] (Synaptics Incorporated)
    S4 TrueService; C:\Program Files\Common Files\AuthenTec\TrueService.exe [401856 2013-01-08] (AuthenTec, Inc.)
    S4 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [28160 2012-09-06] () [File not signed]
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
    S2 ZAMSvc; "C:\Program Files (x86)\Zemana AntiMalware\ZAM.exe" /service [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [62152 2014-10-27] (Advanced Micro Devices, Inc.)
    R3 anvsnddrv; C:\Windows\system32\drivers\anvsnddrv.sys [33872 2011-11-28] (AnvSoft Inc.)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [20968 2012-07-24] ()
    R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [19944 2012-07-24] ()
    R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2014-10-10] (Intel Corporation)
    R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-30] (Intel Corporation)
    R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-12] (Corel Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44192 2015-08-21] (Synaptics Incorporated)
    S2 sxuptp; C:\Windows\System32\drivers\sxuptp.sys [297032 2010-08-25] (silex technology, Inc.)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    R3 WirelessButtonDriver64; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [30544 2015-08-13] (HP)
    S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-11-12] ()
    S3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188384 2012-08-09] (Windows (R) Win 7 DDK provider)
    R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [202144 2016-01-15] (Zemana Ltd.)
    S1 ZAM; \??\C:\WINDOWS\System32\drivers\zam64.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-03 10:38 - 2016-03-03 10:38 - 00020915 _____ C:\Users\Remi\Downloads\FRST.txt
    2016-03-03 10:37 - 2016-03-03 10:38 - 00000000 ____D C:\FRST
    2016-03-03 10:37 - 2016-03-03 10:37 - 02371584 _____ (Farbar) C:\Users\Remi\Downloads\FRST64.exe
    2016-03-03 10:36 - 2016-03-03 10:36 - 01722368 _____ (Farbar) C:\Users\Remi\Downloads\FRST.exe
    2016-03-03 10:34 - 2016-03-03 10:34 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-LAPTOP-Windows-10-Home-(64-bit).dat
    2016-03-03 10:34 - 2016-03-03 10:34 - 00000000 ____D C:\RegBackup
    2016-03-03 10:30 - 2016-03-03 10:30 - 04777232 _____ (Tweaking.com) C:\Users\Remi\Downloads\tweaking.com_registry_backup_setup.exe
    2016-03-03 10:30 - 2016-03-03 10:30 - 00016383 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2016-03-03 10:30 - 2016-03-03 10:30 - 00002308 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2016-03-03 10:30 - 2016-03-03 10:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-03-03 10:30 - 2016-03-03 10:30 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2016-03-03 10:27 - 2016-03-03 10:27 - 00388608 _____ (Trend Micro Inc.) C:\Users\Remi\Downloads\HijackThis.exe
    2016-03-03 09:27 - 2013-08-22 08:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20160303-092747.backup
    2016-03-03 09:14 - 2016-03-03 09:14 - 00001460 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2016-03-03 09:14 - 2016-03-03 09:14 - 00001448 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2016-03-03 09:14 - 2016-03-03 09:14 - 00000000 ___HD C:\OneDriveTemp
    2016-03-03 09:14 - 2016-03-03 09:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2016-03-03 09:14 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
    2016-03-03 09:12 - 2016-03-03 09:12 - 00000332 _____ C:\Users\Remi\Desktop\BEFORE You POST(Please read this Procedure Before Requesting Assistance)- Updated.URL
    2016-03-03 09:12 - 2016-03-03 09:12 - 00000258 _____ C:\Users\Remi\Desktop\CNNIC.Searchbar.URL
    2016-03-03 09:11 - 2016-03-03 09:11 - 00000282 _____ C:\Users\Remi\Desktop\Search and Destroy hangs at CNNIC.searhbar - Resolved or inactive Malware Removal - SpywareInfo Forum.URL
    2016-03-02 18:53 - 2016-03-02 18:53 - 22908888 _____ (Malwarebytes ) C:\Users\Remi\Downloads\mbam-setup-org-2.2.0.1024.exe
    2016-03-02 15:28 - 2016-02-23 06:27 - 07475040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-03-02 15:28 - 2016-02-23 06:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-03-02 15:28 - 2016-02-23 05:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-03-02 15:28 - 2016-02-23 05:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-03-02 15:28 - 2016-02-23 05:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-03-02 15:28 - 2016-02-23 05:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-03-02 15:28 - 2016-02-23 05:21 - 06606568 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-03-02 15:28 - 2016-02-23 04:45 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-03-02 15:28 - 2016-02-23 04:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-03-02 15:28 - 2016-02-23 04:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-03-02 15:28 - 2016-02-23 04:26 - 05241984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-03-02 15:28 - 2016-02-23 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-03-02 15:28 - 2016-02-23 03:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-03-02 15:28 - 2016-02-23 03:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-03-02 15:28 - 2016-02-23 03:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-03-02 15:28 - 2016-02-23 03:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-03-02 15:28 - 2016-02-23 03:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-03-02 15:28 - 2016-02-23 02:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-03-02 15:28 - 2016-02-23 02:41 - 03594240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-03-02 15:28 - 2016-02-23 02:30 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-03-02 15:28 - 2016-02-23 02:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-03-02 15:28 - 2016-02-23 02:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-03-02 15:28 - 2016-02-23 02:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-03-02 15:28 - 2016-02-23 02:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-03-02 15:28 - 2016-02-23 01:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-03-02 15:28 - 2016-02-23 01:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-03-02 15:28 - 2016-02-23 01:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-03-02 15:28 - 2016-02-23 01:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-03-02 15:28 - 2016-02-23 01:50 - 22396416 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-03-02 15:28 - 2016-02-23 01:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-03-02 15:28 - 2016-02-23 01:40 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-03-02 15:28 - 2016-02-23 01:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-03-02 15:28 - 2016-02-23 01:36 - 19341312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-03-02 15:28 - 2016-02-23 01:36 - 18680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-03-02 15:28 - 2016-02-23 01:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-03-02 15:28 - 2016-02-23 01:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-03-02 15:28 - 2016-02-08 22:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-03-02 15:28 - 2016-02-08 22:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-03-02 15:28 - 2016-02-08 22:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-03-02 15:27 - 2016-02-23 06:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-03-02 15:27 - 2016-02-23 06:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2016-03-02 15:27 - 2016-02-23 06:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2016-03-02 15:27 - 2016-02-23 06:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-03-02 15:27 - 2016-02-23 06:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-03-02 15:27 - 2016-02-23 06:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2016-03-02 15:27 - 2016-02-23 06:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
    2016-03-02 15:27 - 2016-02-23 06:23 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-03-02 15:27 - 2016-02-23 06:22 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-03-02 15:27 - 2016-02-23 06:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
    2016-03-02 15:27 - 2016-02-23 06:15 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-03-02 15:27 - 2016-02-23 06:09 - 01614176 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2016-03-02 15:27 - 2016-02-23 06:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2016-03-02 15:27 - 2016-02-23 05:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2016-03-02 15:27 - 2016-02-23 05:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2016-03-02 15:27 - 2016-02-23 05:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2016-03-02 15:27 - 2016-02-23 05:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-03-02 15:27 - 2016-02-23 05:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2016-03-02 15:27 - 2016-02-23 05:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2016-03-02 15:27 - 2016-02-23 05:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2016-03-02 15:27 - 2016-02-23 05:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2016-03-02 15:27 - 2016-02-23 05:31 - 00847656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-03-02 15:27 - 2016-02-23 05:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2016-03-02 15:27 - 2016-02-23 05:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2016-03-02 15:27 - 2016-02-23 05:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-03-02 15:27 - 2016-02-23 05:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-03-02 15:27 - 2016-02-23 05:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
    2016-03-02 15:27 - 2016-02-23 05:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-03-02 15:27 - 2016-02-23 05:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
    2016-03-02 15:27 - 2016-02-23 04:49 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2016-03-02 15:27 - 2016-02-23 04:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2016-03-02 15:27 - 2016-02-23 04:45 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-03-02 15:27 - 2016-02-23 04:45 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2016-03-02 15:27 - 2016-02-23 04:45 - 00259336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
    2016-03-02 15:27 - 2016-02-23 04:44 - 00640984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2016-03-02 15:27 - 2016-02-23 04:44 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2016-03-02 15:27 - 2016-02-23 04:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2016-03-02 15:27 - 2016-02-23 04:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2016-03-02 15:27 - 2016-02-23 04:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-03-02 15:27 - 2016-02-23 04:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2016-03-02 15:27 - 2016-02-23 04:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2016-03-02 15:27 - 2016-02-23 04:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2016-03-02 15:27 - 2016-02-23 04:38 - 00709176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-03-02 15:27 - 2016-02-23 04:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2016-03-02 15:27 - 2016-02-23 04:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2016-03-02 15:27 - 2016-02-23 04:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2016-03-02 15:27 - 2016-02-23 04:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-03-02 15:27 - 2016-02-23 04:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-03-02 15:27 - 2016-02-23 04:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
    2016-03-02 15:27 - 2016-02-23 04:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2016-03-02 15:27 - 2016-02-23 04:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
    2016-03-02 15:27 - 2016-02-23 04:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
    2016-03-02 15:27 - 2016-02-23 04:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
    2016-03-02 15:27 - 2016-02-23 04:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2016-03-02 15:27 - 2016-02-23 04:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
    2016-03-02 15:27 - 2016-02-23 04:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
    2016-03-02 15:27 - 2016-02-23 04:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2016-03-02 15:27 - 2016-02-23 04:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
    2016-03-02 15:27 - 2016-02-23 04:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
    2016-03-02 15:27 - 2016-02-23 04:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
    2016-03-02 15:27 - 2016-02-23 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
    2016-03-02 15:27 - 2016-02-23 04:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
    2016-03-02 15:27 - 2016-02-23 03:58 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2016-03-02 15:27 - 2016-02-23 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-03-02 15:27 - 2016-02-23 03:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
    2016-03-02 15:27 - 2016-02-23 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2016-03-02 15:27 - 2016-02-23 03:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2016-03-02 15:27 - 2016-02-23 03:55 - 00221600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
    2016-03-02 15:27 - 2016-02-23 03:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
    2016-03-02 15:27 - 2016-02-23 03:54 - 00539256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2016-03-02 15:27 - 2016-02-23 03:54 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
    2016-03-02 15:27 - 2016-02-23 03:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
    2016-03-02 15:27 - 2016-02-23 03:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
    2016-03-02 15:27 - 2016-02-23 03:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2016-03-02 15:27 - 2016-02-23 03:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
    2016-03-02 15:27 - 2016-02-23 03:51 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
    2016-03-02 15:27 - 2016-02-23 03:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-03-02 15:27 - 2016-02-23 03:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2016-03-02 15:27 - 2016-02-23 03:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
    2016-03-02 15:27 - 2016-02-23 03:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2016-03-02 15:27 - 2016-02-23 03:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2016-03-02 15:27 - 2016-02-23 03:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
    2016-03-02 15:27 - 2016-02-23 03:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
    2016-03-02 15:27 - 2016-02-23 03:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-03-02 15:27 - 2016-02-23 03:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2016-03-02 15:27 - 2016-02-23 03:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2016-03-02 15:27 - 2016-02-23 03:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
    2016-03-02 15:27 - 2016-02-23 03:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
    2016-03-02 15:27 - 2016-02-23 03:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
    2016-03-02 15:27 - 2016-02-23 03:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2016-03-02 15:27 - 2016-02-23 03:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2016-03-02 15:27 - 2016-02-23 03:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2016-03-02 15:27 - 2016-02-23 03:30 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
    2016-03-02 15:27 - 2016-02-23 03:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2016-03-02 15:27 - 2016-02-23 03:28 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
    2016-03-02 15:27 - 2016-02-23 03:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
    2016-03-02 15:27 - 2016-02-23 03:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
    2016-03-02 15:27 - 2016-02-23 03:25 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
    2016-03-02 15:27 - 2016-02-23 03:25 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
    2016-03-02 15:27 - 2016-02-23 03:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2016-03-02 15:27 - 2016-02-23 03:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
    2016-03-02 15:27 - 2016-02-23 03:22 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2016-03-02 15:27 - 2016-02-23 03:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
    2016-03-02 15:27 - 2016-02-23 03:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2016-03-02 15:27 - 2016-02-23 03:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
    2016-03-02 15:27 - 2016-02-23 03:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-03-02 15:27 - 2016-02-23 03:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2016-03-02 15:27 - 2016-02-23 03:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2016-03-02 15:27 - 2016-02-23 03:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2016-03-02 15:27 - 2016-02-23 03:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
    2016-03-02 15:27 - 2016-02-23 03:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2016-03-02 15:27 - 2016-02-23 03:13 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2016-03-02 15:27 - 2016-02-23 03:13 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
    2016-03-02 15:27 - 2016-02-23 03:13 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
    2016-03-02 15:27 - 2016-02-23 03:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2016-03-02 15:27 - 2016-02-23 03:11 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2016-03-02 15:27 - 2016-02-23 03:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2016-03-02 15:27 - 2016-02-23 03:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2016-03-02 15:27 - 2016-02-23 03:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
    2016-03-02 15:27 - 2016-02-23 03:09 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-03-02 15:27 - 2016-02-23 03:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
    2016-03-02 15:27 - 2016-02-23 03:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2016-03-02 15:27 - 2016-02-23 03:06 - 01848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
    2016-03-02 15:27 - 2016-02-23 03:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2016-03-02 15:27 - 2016-02-23 03:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2016-03-02 15:27 - 2016-02-23 03:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
    2016-03-02 15:27 - 2016-02-23 03:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2016-03-02 15:27 - 2016-02-23 03:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2016-03-02 15:27 - 2016-02-23 03:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-03-02 15:27 - 2016-02-23 03:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
    2016-03-02 15:27 - 2016-02-23 03:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2016-03-02 15:27 - 2016-02-23 02:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-03-02 15:27 - 2016-02-23 02:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
    2016-03-02 15:27 - 2016-02-23 02:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2016-03-02 15:27 - 2016-02-23 02:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
    2016-03-02 15:27 - 2016-02-23 02:54 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
    2016-03-02 15:27 - 2016-02-23 02:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2016-03-02 15:27 - 2016-02-23 02:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
    2016-03-02 15:27 - 2016-02-23 02:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
    2016-03-02 15:27 - 2016-02-23 02:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
    2016-03-02 15:27 - 2016-02-23 02:47 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
    2016-03-02 15:27 - 2016-02-23 02:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
    2016-03-02 15:27 - 2016-02-23 02:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
    2016-03-02 15:27 - 2016-02-23 02:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2016-03-02 15:27 - 2016-02-23 02:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
    2016-03-02 15:27 - 2016-02-23 02:37 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
    2016-03-02 15:27 - 2016-02-23 02:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
    2016-03-02 15:27 - 2016-02-23 02:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
    2016-03-02 15:27 - 2016-02-23 02:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-03-02 15:27 - 2016-02-23 02:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2016-03-02 15:27 - 2016-02-23 02:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
    2016-03-02 15:27 - 2016-02-23 02:31 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
    2016-03-02 15:27 - 2016-02-23 02:30 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2016-03-02 15:27 - 2016-02-23 02:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2016-03-02 15:27 - 2016-02-23 02:29 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2016-03-02 15:27 - 2016-02-23 02:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
    2016-03-02 15:27 - 2016-02-23 02:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
    2016-03-02 15:27 - 2016-02-23 02:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
    2016-03-02 15:27 - 2016-02-23 02:26 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2016-03-02 15:27 - 2016-02-23 02:26 - 01498112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
    2016-03-02 15:27 - 2016-02-23 02:25 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2016-03-02 15:27 - 2016-02-23 02:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2016-03-02 15:27 - 2016-02-23 02:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
    2016-03-02 15:27 - 2016-02-23 02:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2016-03-02 15:27 - 2016-02-23 02:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-03-02 15:27 - 2016-02-23 02:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
    2016-03-02 15:27 - 2016-02-23 02:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2016-03-02 15:27 - 2016-02-23 02:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2016-03-02 15:27 - 2016-02-23 02:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2016-03-02 15:27 - 2016-02-23 02:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
    2016-03-02 15:27 - 2016-02-23 02:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2016-03-02 15:27 - 2016-02-23 01:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
    2016-03-02 15:27 - 2016-02-23 01:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2016-03-02 15:27 - 2016-02-23 01:55 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
    2016-03-02 15:27 - 2016-02-23 01:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2016-03-02 15:27 - 2016-02-23 01:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2016-03-02 15:27 - 2016-02-23 01:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-03-02 15:27 - 2016-02-23 01:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
    2016-03-02 15:27 - 2016-02-23 01:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-03-02 15:27 - 2016-02-23 01:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2016-03-02 15:27 - 2016-02-23 01:33 - 14254080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2016-03-02 15:27 - 2016-02-23 01:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
    2016-03-02 15:27 - 2016-02-23 01:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-03-02 15:27 - 2016-02-23 01:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2016-03-02 15:27 - 2016-02-23 01:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2016-03-02 15:27 - 2016-02-23 01:26 - 12587520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2016-03-02 15:27 - 2016-02-08 23:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2016-03-02 15:27 - 2016-02-08 23:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2016-03-02 15:27 - 2016-02-08 22:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
    2016-03-02 15:27 - 2016-02-08 22:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
    2016-03-02 15:27 - 2016-02-08 22:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2016-03-02 15:09 - 2016-03-03 09:11 - 00000085 _____ C:\WINDOWS\wininit.ini
    2016-03-02 15:09 - 2016-03-02 15:09 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2016-03-02 15:08 - 2016-03-02 15:11 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\Remi\Downloads\spybot-2.4.exe
    2016-02-21 13:23 - 2016-02-21 13:23 - 00000910 _____ C:\Users\Remi\Downloads\file.qfx
    2016-02-18 14:47 - 2016-02-18 14:47 - 00000253 _____ C:\Users\Remi\Desktop\How to fix gm gauge cluster (with pictures, videos) Answermeup.URL
    2016-02-17 18:14 - 2016-02-17 18:14 - 00000345 _____ C:\Users\Remi\Desktop\Black&Decker LSW20 20V lithium ion sweeper lawnmowers, leaf blowers Windsor Region Kijiji.URL
    2016-02-17 15:50 - 2016-02-17 15:50 - 00000241 _____ C:\Users\Remi\Desktop\registration.URL
    2016-02-09 18:57 - 2016-01-29 01:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-02-09 18:57 - 2016-01-29 01:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-02-09 18:57 - 2016-01-27 01:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-02-09 18:57 - 2016-01-27 01:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-02-09 18:57 - 2016-01-27 00:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2016-02-09 18:57 - 2016-01-27 00:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-02-09 18:57 - 2016-01-27 00:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2016-02-09 18:57 - 2016-01-27 00:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
    2016-02-09 18:57 - 2016-01-27 00:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-02-09 18:57 - 2016-01-27 00:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-02-09 18:57 - 2016-01-27 00:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2016-02-09 18:57 - 2016-01-27 00:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-02-09 18:57 - 2016-01-27 00:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
    2016-02-09 18:57 - 2016-01-27 00:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-02-09 18:57 - 2016-01-27 00:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-02-09 18:57 - 2016-01-27 00:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
    2016-02-09 18:57 - 2016-01-27 00:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-02-09 18:57 - 2016-01-27 00:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
    2016-02-09 18:57 - 2016-01-27 00:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
    2016-02-09 18:57 - 2016-01-27 00:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
    2016-02-09 18:57 - 2016-01-27 00:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
    2016-02-09 18:57 - 2016-01-27 00:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-02-09 18:57 - 2016-01-27 00:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
    2016-02-09 18:57 - 2016-01-27 00:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-02-09 18:57 - 2016-01-26 23:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
    2016-02-09 18:57 - 2016-01-26 23:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-02-09 18:57 - 2016-01-26 23:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-02-09 18:57 - 2016-01-26 23:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2016-02-09 18:57 - 2016-01-26 23:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-02-09 18:57 - 2016-01-26 23:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
    2016-02-09 18:57 - 2016-01-26 23:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-02-09 18:57 - 2016-01-26 23:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-02-09 18:57 - 2016-01-26 23:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2016-02-09 18:57 - 2016-01-26 23:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
    2016-02-09 16:47 - 2016-02-09 16:47 - 00000314 _____ C:\Users\Remi\Desktop\Bauer Nexus 800 Gloves Size 13 hockey Windsor Region Kijiji.URL
    2016-02-07 18:20 - 2016-02-07 18:20 - 00000000 ____D C:\Users\Remi\Documents\Avatar
    2016-02-07 18:15 - 2016-02-07 18:15 - 00000254 _____ C:\Users\Remi\Desktop\(2) John Phillip Bughaw aka Balang.URL
    2016-02-06 18:35 - 2016-02-06 18:35 - 00000268 _____ C:\Users\Remi\Desktop\Chase Canada Online.URL
    2016-02-03 23:40 - 2016-02-03 23:40 - 00000217 _____ C:\Users\Remi\Desktop\Done.URL
    2016-02-03 08:40 - 2016-02-21 21:08 - 00000000 ____D C:\WINDOWS\Minidump

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-03 10:26 - 2016-01-15 16:56 - 00001194 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
    2016-03-03 10:26 - 2016-01-15 16:56 - 00000781 _____ C:\WINDOWS\ZAM.krnl.trace
    2016-03-03 10:26 - 2016-01-15 16:56 - 00000000 ____D C:\Program Files (x86)\Zemana AntiMalware
    2016-03-03 09:42 - 2015-09-25 12:27 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-03-03 09:39 - 2016-01-11 19:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-03-03 09:23 - 2015-12-28 11:00 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-03-03 09:19 - 2015-12-07 17:33 - 00973984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-03-03 09:19 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
    2016-03-03 09:17 - 2015-12-28 11:00 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-03-03 09:16 - 2015-10-14 12:43 - 00003808 _____ C:\WINDOWS\System32\Tasks\AutoKMS
    2016-03-03 09:14 - 2015-09-22 08:46 - 00000000 __RDO C:\Users\Remi\OneDrive
    2016-03-03 09:13 - 2015-12-07 17:38 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-03-03 09:13 - 2015-12-07 17:32 - 04975832 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-03-03 09:13 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2016-03-03 09:13 - 2015-09-25 12:27 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-03-03 09:13 - 2015-09-22 09:10 - 00000000 __SHD C:\Users\Remi\IntelGraphicsProfiles
    2016-03-03 09:13 - 2012-09-13 07:18 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-03-03 09:12 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
    2016-03-03 09:12 - 2015-10-30 02:24 - 00000000 __RSD C:\WINDOWS\Media
    2016-03-03 09:12 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-03-03 09:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-03-03 09:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2016-03-03 09:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-03-03 09:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-03-03 09:12 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-03-03 09:12 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
    2016-03-03 09:12 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
    2016-03-03 09:12 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2016-03-03 09:12 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
    2016-03-03 09:12 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2016-03-03 09:12 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism
    2016-03-03 08:11 - 2015-09-23 08:09 - 00004144 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2BCF6D58-7FE0-45BE-AA80-E7D9F6B282F9}
    2016-03-03 04:16 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-03-02 20:32 - 2015-09-20 15:39 - 00000000 ____D C:\Users\Remi\Desktop\Notepads
    2016-03-02 18:54 - 2016-01-15 16:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-03-02 18:54 - 2016-01-15 16:38 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-03-02 15:29 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-03-02 15:09 - 2016-01-04 09:09 - 00000342 _____ C:\WINDOWS\Tasks\HPCeeScheduleForRemi.job
    2016-03-01 23:08 - 2015-09-20 13:52 - 00000000 ____D C:\Users\Remi\AppData\Local\Packages
    2016-03-01 20:05 - 2015-09-20 20:10 - 00000000 ____D C:\Users\Remi\AppData\Roaming\BitTorrent
    2016-02-29 07:02 - 2016-01-04 09:09 - 00003230 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForRemi
    2016-02-23 11:29 - 2015-12-07 17:33 - 00000000 ____D C:\Users\Remi
    2016-02-21 21:08 - 2012-09-13 07:18 - 00200487 ____N C:\WINDOWS\Minidump\022116-6875-01.dmp
    2016-02-20 13:29 - 2015-09-20 14:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-02-19 16:42 - 2015-09-25 12:28 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-19 10:04 - 2015-09-21 09:03 - 00000000 ____D C:\Users\Remi\AppData\Roaming\vlc
    2016-02-18 18:23 - 2015-09-20 14:23 - 00003278 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForLAPTOP$
    2016-02-18 18:23 - 2015-09-20 14:23 - 00000360 _____ C:\WINDOWS\Tasks\HPCeeScheduleForLAPTOP$.job
    2016-02-13 19:21 - 2015-11-06 22:34 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-02-11 08:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-02-11 07:46 - 2015-12-07 17:52 - 00002396 _____ C:\Users\Remi\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-02-09 19:18 - 2015-10-14 12:22 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
    2016-02-09 19:17 - 2013-08-22 08:25 - 00000167 _____ C:\WINDOWS\win.ini
    2016-02-09 19:16 - 2015-09-20 16:04 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-02-09 19:13 - 2015-09-20 16:04 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-02-08 19:16 - 2015-12-30 20:57 - 00000000 ____D C:\Users\Remi\Documents\Youcam
    2016-02-03 14:01 - 2015-10-30 02:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-02-03 14:01 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-03 08:40 - 2012-09-13 07:18 - 00199519 ____N C:\WINDOWS\Minidump\020316-8250-01.dmp
    2016-02-03 03:35 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-02-03 03:35 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-02-03 03:35 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-02-02 05:37 - 2015-09-25 12:27 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-02-02 05:37 - 2015-09-25 12:27 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-25 08:40

    ==================== End of FRST.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version:02-03-2016
    Ran by Remi (2016-03-03 10:38:30)
    Running from C:\Users\Remi\Downloads
    Windows 10 Home Version 1511 (X64) (2015-12-07 22:51:15)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4011410636-728019058-727978947-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-4011410636-728019058-727978947-503 - Limited - Disabled)
    Guest (S-1-5-21-4011410636-728019058-727978947-501 - Limited - Disabled)
    nela (S-1-5-21-4011410636-728019058-727978947-1007 - Limited - Enabled) => C:\Users\nela2_000
    Remi (S-1-5-21-4011410636-728019058-727978947-1001 - Administrator - Enabled) => C:\Users\Remi

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 2.6.0.19140 - Adobe Systems Incorporated)
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    Adobe Photoshop CS6 (HKLM-x32\...\{74EB3499-8B95-4B5C-96EB-7B342F3FD0C6}) (Version: 13.0 - Adobe Systems Incorporated)
    Adobe Shockwave Player 11.6 (HKLM-x32\...\Adobe Shockwave Player) (Version: 11.6.5.635 - Adobe Systems, Inc.)
    AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
    AMD Catalyst Install Manager (HKLM\...\{770EA7C3-0B5A-C557-E641-A09244603B84}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
    Any Video Converter Ultimate 5.8.0 (HKLM-x32\...\Any Video Converter Ultimate_is1) (Version: - Any-Video-Converter.com)
    Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    AuthenTec TrueAPI 64-bit (Version: 1.6.0.87 - AuthenTec, Inc.) Hidden
    BitTorrent (HKLM-x32\...\BitTorrent) (Version: 7.2.1 - )
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
    ChrisPC Win Experience Index 4.00 (HKLM-x32\...\{1116089C-14B5-1A23-8113-6124567ABCDE}_is1) (Version: - Chris P.C. srl)
    CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.3.6326 - CyberLink Corp.)
    CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
    CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.3.2527 - CyberLink Corp.)
    CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.6.4319 - CyberLink Corp.)
    CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.4.5527 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Energy Star (HKLM\...\{0FA995CC-C849-4755-B14B-5404CC75DC24}) (Version: 1.0.8 - Hewlett-Packard)
    Galerie de photos Windows Live (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    Hewlett-Packard ACLM.NET v1.2.0.0 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
    HP 3D DriveGuard (HKLM\...\{54CE68A8-4F2D-4328-B1F7-D6C720405F7F}) (Version: 4.2.9.1 - Hewlett-Packard Company)
    HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: v1.0 - Meridian Audio Ltd)
    HP CoolSense (HKLM-x32\...\{11AF9A96-6D83-4C3B-8DCB-16EA2A358E3F}) (Version: 2.10.51 - Hewlett-Packard Company)
    HP Documentation (HKLM-x32\...\{0EF47DBD-7E67-492F-9423-DAF028BEF627}) (Version: 1.1.0.0 - Hewlett-Packard)
    HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
    HP Quick Launch (HKLM-x32\...\{609B11CC-8CED-4116-AD8A-A72168894D39}) (Version: 3.0.4 - Hewlett-Packard Company)
    HP Registration Service (HKLM\...\{E4D6CCF2-0AAF-4B9C-9DE5-893EDC9B4BAA}) (Version: 1.0.5976.4186 - Hewlett-Packard)
    HP SimplePass (HKLM-x32\...\{4BACA3B8-F63A-44ED-9A8D-48B4D02AD268}) (Version: 6.0.100.276 - Hewlett-Packard)
    HP Software Framework (HKLM-x32\...\{675D093B-815D-47FD-AB2C-192EC751E8E2}) (Version: 4.6.10.1 - Hewlett-Packard Company)
    HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company)
    HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)
    HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.7 - Hewlett-Packard)
    HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
    iCloud (HKLM\...\{4B48E22A-2FB0-4EFA-B99E-954B1E50CD69}) (Version: 5.1.0.34 - Apple Inc.)
    IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6482.0 - IDT)
    Intel(R) Chipset Device Software (x32 Version: 10.0.22 - Intel(R) Corporation) Hidden
    Intel(R) Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 10.0.30.1072 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
    Intel(R) PROSet/Wireless Software for Bluetooth(R) Technology (HKLM\...\{302600C1-6BDF-4FD1-1303-148929CC1385}) (Version: 3.0.1303.0326 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.20.1002 - Intel Corporation)
    Intel(R) Smart Connect Technology 3.0 x64 (HKLM\...\{EE21578E-DE14-46D5-83D7-EA4D347B2F9A}) (Version: 3.0.30.1526 - Intel)
    Intel(R) WiDi (HKLM\...\{EDBA2433-0910-4C72-8C5B-8FEDAE3EF18E}) (Version: 3.5.34.0 - Intel Corporation)
    Intel® PROSet/Wireless Software (HKLM-x32\...\{8e41467d-297e-496d-8b0f-e771b6c87c06}) (Version: 16.11.0 - Intel Corporation)
    iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
    K-Lite Codec Pack 11.8.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.8.0 - )
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MKVToolNix 8.4.0 (64bit) (HKLM-x32\...\MKVToolNix) (Version: 8.4.0 - Moritz Bunkus)
    Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
    Outils de vérification linguistique 2013 de Microsoft Office*- Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
    PDF Settings CS6 (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden
    PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
    QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
    Raptr (HKLM-x32\...\Raptr) (Version: - )
    Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.370.94 - Realtek Semiconductor Corp.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.38.115.2015 - Realtek)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
    Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
    SharePort Utility (HKLM\...\SharePort Utility) (Version: 4.0.0 - D-Link Corporation)
    SlimDrivers (HKLM-x32\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.)
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
    Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-00C1-0000-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
    Update for Skype for Business 2015 (KB3114732) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{AD89B6F9-C98A-4506-ABDE-782B0959CC84}) (Version: - Microsoft)
    Validity WBF DDK (HKLM\...\{1F91C200-8F0F-4009-A75E-DB6CE151BD4E}) (Version: 4.4.234.0 - Validity Sensors, Inc.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3555.0308 - Microsoft Corporation)
    WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-4011410636-728019058-727978947-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Remi\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-4011410636-728019058-727978947-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0AF359B2-D8D7-40AD-B59D-0BA22C268B58} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {0C25F986-3988-44E0-837D-58390CA08593} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
    Task: {0E6EE69A-241B-40B3-9B6E-9AAE24D3B3F2} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {10468BDE-003A-44D8-9698-9BDDC20BCF9A} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated)
    Task: {17183C09-AF55-464F-BF1E-A8A29AE33D09} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-07-27] (CyberLink)
    Task: {178210A3-AB34-419D-8E98-840A4AC17E5E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {1D3D4205-9D0D-410A-A3CC-FA78DB4B4098} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
    Task: {34FDC156-A473-4384-B710-ECDCE9A6F68B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-01-12] (Hewlett-Packard Company)
    Task: {36F6B6D9-D925-43DA-BE59-A4A720AA8F17} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {3F0F5CCF-6A5E-48D8-BC42-9C85043EB309} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2012-07-24] (CyberLink Corp.)
    Task: {509AAA9D-21C6-47A7-8C54-5449621AD20D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-21] (Synaptics Incorporated)
    Task: {60BCCCDB-B6B4-4925-B63C-ED74152887FD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
    Task: {69FEA84E-011C-4B60-B433-8BEA428A1CBB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {6C7479A4-4CCB-4220-8A07-ECD3111F6E7C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-07] (CyberLink)
    Task: {812C26E6-1AA0-4D97-8647-DD3F918D6C8A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {86867982-B73E-42FD-BBB1-D364FE6D7EF5} - System32\Tasks\HPCeeScheduleForLAPTOP$ => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {8BEE1BF3-AD7D-4484-B1D2-4A65364B82E9} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-25] (Google Inc.)
    Task: {91E4982B-97E5-455F-A128-51014AFAD05F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {92EADE79-2A50-41C7-A6DF-155C5815D95F} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-12-23] ()
    Task: {9A287A04-9F5D-4B9C-9AE2-ADD1D15094B4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-25] (Google Inc.)
    Task: {9B7C038F-EC8F-4F6C-9D6C-977799C25627} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {9DD6FE57-AFE5-4049-B87C-96BF9FD9376C} - System32\Tasks\HPCeeScheduleForRemi => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
    Task: {AC998A7F-B82C-4B5C-8F68-4824DC3733C1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
    Task: {B4F4F4EC-FB03-4678-A0D7-2161B36E69EE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
    Task: {BE7EB1D1-2F79-450D-B847-33955DC643AF} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {BFFA78AF-47F4-46A7-A821-1DB45D8E472B} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
    Task: {C83D7C00-7650-4EA4-BFA2-5C8808CF60A6} - System32\Tasks\AutoKMS => C:\WINDOWS\AutoKMS\AutoKMS.exe [2015-10-14] ()
    Task: {CF085324-A5F4-49AE-9DBF-6B660FA95F30} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-09] (Microsoft Corporation)
    Task: {D2740988-C26E-4616-9C1B-1E1641EA6ADE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {D62FA8A2-DD1E-4CAB-81FE-FA9F969C32D3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {D77B1E05-421D-45FE-883D-A55AD9B6BA6F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {D9139854-8B20-43C9-84F9-56DA68A80FE0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {E0B154A7-4617-4E25-90F8-46060D222DA5} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
    Task: {EA4EDB44-5D25-442D-A2A6-DF27AC447235} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {F4B731EF-1567-48AB-808C-E844D7A9EBE8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-01-20] (Hewlett-Packard)
    Task: {F5A5DB10-2164-4965-A6D9-D3DD6A6EC79D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForLAPTOP$.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\HPCeeScheduleForRemi.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe
    Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2015-09-23 15:47 - 2015-09-23 15:47 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-03-02 15:27 - 2016-02-23 06:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-03-02 15:27 - 2016-02-23 06:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-11-10 15:45 - 2015-11-10 15:45 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
    2016-01-22 09:18 - 2016-01-22 09:18 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2015-12-17 18:15 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-03-02 15:27 - 2016-02-23 03:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-03-02 15:27 - 2016-02-23 03:38 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
    2016-01-12 19:56 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-12 19:56 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-01-30 10:03 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-01-30 10:03 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-01-21 12:28 - 2016-01-21 12:28 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
    2016-01-12 18:21 - 2016-01-12 18:21 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
    2016-02-05 10:09 - 2016-02-05 10:09 - 00015872 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2016-02-05 10:09 - 2016-02-05 10:09 - 14869504 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2015-12-07 18:36 - 2015-12-07 18:37 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.201.11370.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
    2016-01-22 09:18 - 2016-01-22 09:18 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-01-22 09:18 - 2016-01-22 09:18 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2015-09-20 15:18 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 13:34 - 2012-06-08 13:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2016-03-03 09:14 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2016-03-03 09:14 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-03-03 09:14 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2016-03-03 09:14 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2016-03-03 09:14 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
    IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
    IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
    IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

    There are 7872 more sites.

    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\123simsen.com -> www.123simsen.com

    There are 7872 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2016-03-03 09:27 - 00451004 ____R C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15472 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4011410636-728019058-727978947-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Remi\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\best-nature-full-hd-wallpapers31.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\Services: AMD External Events Utility => 2
    MSCONFIG\Services: AMPPALR3 => 2
    MSCONFIG\Services: Apple Mobile Device Service => 2
    MSCONFIG\Services: Bluetooth Device Monitor => 2
    MSCONFIG\Services: Bluetooth OBEX Service => 2
    MSCONFIG\Services: BTHSSecurityMgr => 2
    MSCONFIG\Services: cphs => 3
    MSCONFIG\Services: D-Link SharePort Helper => 2
    MSCONFIG\Services: EvtEng => 2
    MSCONFIG\Services: FPLService => 2
    MSCONFIG\Services: gupdate => 2
    MSCONFIG\Services: gupdatem => 3
    MSCONFIG\Services: hpqwmiex => 3
    MSCONFIG\Services: hpsrv => 2
    MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
    MSCONFIG\Services: HPWMISVC => 2
    MSCONFIG\Services: IAStorDataMgrSvc => 2
    MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
    MSCONFIG\Services: Intel(R) Bluetooth Radio Management => 2
    MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
    MSCONFIG\Services: iPod Service => 3
    MSCONFIG\Services: ISCTAgent => 2
    MSCONFIG\Services: jhi_service => 2
    MSCONFIG\Services: LMS => 2
    MSCONFIG\Services: MozillaMaintenance => 3
    MSCONFIG\Services: MyWiFiDHCPDNS => 3
    MSCONFIG\Services: RegSrvc => 2
    MSCONFIG\Services: STacSV => 2
    MSCONFIG\Services: SwitchBoard => 3
    MSCONFIG\Services: TrueService => 3
    MSCONFIG\Services: valWBFPolicyService => 2
    MSCONFIG\Services: ZeroConfigService => 2
    HKLM\...\StartupApproved\Run: => "IAStorIcon"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "Raptr"
    HKLM\...\StartupApproved\Run32: => "AdobeCS6ServiceManager"
    HKLM\...\StartupApproved\Run32: => "SwitchBoard"
    HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\StartupApproved\StartupFolder: => "SharePort Utility.lnk"
    HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\StartupApproved\StartupFolder: => "SharePort Plus Utility.lnk"
    HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\StartupApproved\Run: => "Power2GoExpress8"
    HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\StartupApproved\Run: => "BitTorrent"
    HKU\S-1-5-21-4011410636-728019058-727978947-1001\...\StartupApproved\Run: => "CAHeadless"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{2F6003AA-3004-4AA8-9E12-0F60D9EEA2EF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{9B47969F-047D-427C-B8FC-B45EAEFC3383}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{ECF7BA83-A97B-46AF-97DF-62B8F5997D0C}] => (Allow) LPort=19540
    FirewallRules: [{DE1B57FE-96AD-491D-8AE1-A1B40928E14E}] => (Allow) C:\Program Files\D-Link\SharePort Utility\Connect.exe
    FirewallRules: [{B12855C5-4CE7-4A75-AB53-4010031310A7}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{1584F045-CB99-42F7-852F-CCEF37485BF8}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
    FirewallRules: [{30FD8EBE-20BE-4D35-8CB7-656F62D75EA0}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{49A6C1AD-1E9A-4F26-9B4E-076F544C6AEE}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
    FirewallRules: [{69A40712-E012-4051-9F17-4FEDE2DC4FED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{25E8E80C-03BC-4FA9-B002-F78450B6D326}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{006C8AE0-5BE4-4BE7-BF54-010471492552}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{CAC24D15-2674-4E6D-B598-A3B169C59023}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{87D9A2B0-73E0-403B-978A-2A7EDAD27D90}] => (Allow) C:\Users\Remi\AppData\Local\Temp\nsb34ED.tmp\Installer-76048074.exe
    FirewallRules: [{61B076A9-5682-4F98-B72C-0CD9C99330E5}] => (Allow) C:\Users\Remi\AppData\Local\Temp\nsb34ED.tmp\Installer-76048074.exe
    FirewallRules: [{9C50E7FD-CDD2-4B7E-98E2-4E9064F74C44}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{9A91909F-5AEA-4C3C-ACF4-2773D1A6CD42}] => (Allow) C:\Program Files (x86)\Raptr\raptr_im.exe
    FirewallRules: [{8909542B-038D-44D2-A998-4B0F9CD9FBC2}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{2A47940C-4926-4CC0-A8F3-33C535118438}] => (Allow) C:\Program Files (x86)\Raptr\raptr.exe
    FirewallRules: [{807CB6F2-7E98-4F5D-A933-56F406203180}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{926CB9A3-C1A1-4F00-81DA-845C8FB474D6}] => (Allow) LPort=2869
    FirewallRules: [{47825591-F10B-426F-8E65-DD5C8E024BED}] => (Allow) LPort=1900
    FirewallRules: [{88D09498-690A-42A5-899D-0E8D34DC1053}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{72D2A45A-14BA-489C-BE53-9E325C271029}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{0900BFC2-B12B-4662-9839-28E000AC56F1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{DB587346-9A4D-4A23-B551-D36EA9D0E513}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{4462F132-0F2C-41AB-B885-AB4402578634}] => (Allow) C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
    FirewallRules: [{3B2F6B40-CFB5-478D-9CE7-6D18B559F1AA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{B8124E28-0E85-40A2-B730-0C11DF383E9D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3581C797-6248-4561-8B06-3B36AF231DEB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{B566E79B-CDBC-480C-8E9A-A6F363529921}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
    FirewallRules: [{9F2D0E5C-7D12-4AEF-980C-1FFA1988F645}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
    FirewallRules: [{A09581F5-E828-4F72-AB1B-578636E528AE}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
    FirewallRules: [{FFECBF58-0AC4-4D7A-9718-7C8C1446A8C4}] => (Allow) C:\Program Files (x86)\BitTorrent\BitTorrent.exe
    FirewallRules: [{4B24884A-7F6E-4461-8F8A-101FF2856F6A}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{95DAFA31-29E8-439D-AF86-E9A5DEE5EEE4}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    07-02-2016 07:26:21 Scheduled Checkpoint
    20-02-2016 14:10:43 Scheduled Checkpoint
    02-03-2016 15:28:39 Windows Update
    02-03-2016 15:28:54 Windows Update

    ==================== Faulty Device Manager Devices =============

    Name: SXUPTP Driver
    Description: SXUPTP Driver
    Class Guid: {4d36e97d-e325-11ce-bfc1-08002be10318}
    Manufacturer: D-Link Corporation
    Service: sxuptp
    Problem: : The software for this device has been blocked from starting because it is known to have problems with Windows. Contact the hardware vendor for a new driver. (Code 48)
    Resolution: Download the latest drivers from the manufacturer, uninstall the current driver, and then install the latest drivers.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/02/2016 06:45:03 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDScan.exe, version: 2.4.40.181, time stamp: 0x535a5179
    Faulting module name: KERNELBASE.dll, version: 10.0.10586.103, time stamp: 0x56a853fe
    Exception code: 0x0eedfade
    Fault offset: 0x000bd928
    Faulting process id: 0x10a8
    Faulting application start time: 0xSDScan.exe0
    Faulting application path: SDScan.exe1
    Faulting module path: SDScan.exe2
    Report Id: SDScan.exe3
    Faulting package full name: SDScan.exe4
    Faulting package-relative application ID: SDScan.exe5

    Error: (03/02/2016 03:28:56 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (03/02/2016 03:28:40 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (03/02/2016 03:28:37 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SkypeHost.exe, version: 10.1.2123.10, time stamp: 0x569054dc
    Faulting module name: SkyWrap.dll, version: 10.1.2123.10, time stamp: 0x569054c9
    Exception code: 0xc0000005
    Fault offset: 0x00ac6197
    Faulting process id: 0xe54
    Faulting application start time: 0xSkypeHost.exe0
    Faulting application path: SkypeHost.exe1
    Faulting module path: SkypeHost.exe2
    Report Id: SkypeHost.exe3
    Faulting package full name: SkypeHost.exe4
    Faulting package-relative application ID: SkypeHost.exe5

    Error: (03/02/2016 03:14:03 PM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (03/02/2016 03:08:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: SDScan.exe, version: 2.4.40.181, time stamp: 0x535a5179
    Faulting module name: KERNELBASE.dll, version: 10.0.10586.103, time stamp: 0x56a853fe
    Exception code: 0x0eedfade
    Fault offset: 0x000bd928
    Faulting process id: 0x11f88
    Faulting application start time: 0xSDScan.exe0
    Faulting application path: SDScan.exe1
    Faulting module path: SDScan.exe2
    Report Id: SDScan.exe3
    Faulting package full name: SDScan.exe4
    Faulting package-relative application ID: SDScan.exe5

    Error: (03/02/2016 10:24:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 351703

    Error: (03/02/2016 10:24:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 351703

    Error: (03/02/2016 10:24:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (02/28/2016 08:08:56 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: plugin-container.exe, version: 44.0.2.5884, time stamp: 0x56bbf417
    Faulting module name: mozglue.dll, version: 44.0.2.5884, time stamp: 0x56bbe58e
    Exception code: 0x80000003
    Fault offset: 0x0000ed3b
    Faulting process id: 0xa8bc
    Faulting application start time: 0xplugin-container.exe0
    Faulting application path: plugin-container.exe1
    Faulting module path: plugin-container.exe2
    Report Id: plugin-container.exe3
    Faulting package full name: plugin-container.exe4
    Faulting package-relative application ID: plugin-container.exe5


    System errors:
    =============
    Error: (03/03/2016 09:13:41 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The sxuptp service failed to start due to the following error:
    %%1275

    Error: (03/03/2016 09:13:29 AM) (Source: Application Popup) (EventID: 875) (User: )
    Description: sxuptp.sys

    Error: (03/03/2016 09:12:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_2d5b3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (03/03/2016 09:12:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_2d5b3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (03/03/2016 09:12:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_2d5b3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (03/03/2016 09:12:25 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_2d5b3 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (03/03/2016 09:12:25 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (03/02/2016 03:09:54 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The sxuptp service failed to start due to the following error:
    %%1275

    Error: (03/02/2016 03:09:47 PM) (Source: Application Popup) (EventID: 875) (User: )
    Description: sxuptp.sys

    Error: (03/02/2016 03:09:23 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
    Description: {7006698D-2974-4091-A424-85DD0B909E23}


    CodeIntegrity:
    ===================================
    Date: 2016-03-03 09:13:46.995
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-03-02 20:22:51.648
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-20 13:50:09.910
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\amdhdl64.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-20 13:50:09.892
    Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE15\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-11 07:49:17.810
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-10 03:41:07.549
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-10 03:39:34.063
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-03 03:36:09.124
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-12 21:51:13.887
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-01-12 19:14:41.204
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
    Percentage of memory in use: 28%
    Total physical RAM: 8088.28 MB
    Available physical RAM: 5783.92 MB
    Total Virtual: 8600.28 MB
    Available Virtual: 6006.95 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:427.09 GB) (Free:333.96 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (RECOVERY) (Fixed) (Total:29.08 GB) (Free:3.32 GB) NTFS ==>[system with boot components (obtained from drive)]

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 465.8 GB) (Disk ID: 0E97FE10)

    Partition: GPT.

    ==================== End of Addition.txt ============================


    Unable to access the aswMBR download site.

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,814

    Default

    C:\WINDOWS\System32\Tasks\AutoKMS
    This suggest that either your version of Microsoft Windows is cracked or your version of Microsoft Office could be.

    We do not support the use of Pirated-Warez-Keygens-Cracked software.

    If seeking help in our Malware removal forum please know that users who have programs obtained by such methods will be asked to remove them, since our help could otherwise be seen as aiding copyright violations. In doing the crack, the 'cracker' has broken the 'End User License Agreement' (EULA) of the product.

    ~~~~~~~~~~~~~~~~~~~~

    P2P Warning


    ------------------------------

    I see you have peer-to-peer (P2P) file sharing software installed on your computer (BitTorrent). I advise you avoid P2P file sharing programmes; they are a security risk which can make your computer susceptible to malware. File sharing networks are thoroughly infested with malware - worms, backdoor Trojans, IRCBots, and rootkits propagate via P2P file sharing networks, gaming, and underground sites. Users visiting such pages may see innocuous-looking banner ads containing code which can trigger pop-up ads and malicious Flash ads that install malware. The best way to reduce the risk of infection is to avoid these types of web sites and P2P programmes. Please read the following articles for more information.

    Your P2P software can be removed by following the instructions below.
    • Press the Windows Key [img=http://i.imgur.com/pdKOQKY.png] + r on your keyboard at the same time. Type appwiz.cpl and click OK.
    • Search for the aforementioned programme(s), right-click and click Uninstall. Follow the prompts.

    If you choose not to, please refrain from using the programme(s) during this process.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    Running from C:\Users\Remi\Downloads

    It's best we move Farbar's to desktop.

    Please go to your downloads folder, locate Farbar Recovery Scan Tool, right click and select CUT
    Go to an open spot on your desktop, right click and select PASTE
    You should now have Farbar Recovery Scan Tool on your desktop.


    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CreateRestorePoint:
    CloseProcesses:
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {8F03DA48-38C4-4195-B8A6-5ECDBE4D8AF3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\S-1-5-21-4011410636-728019058-727978947-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4011410636-728019058-727978947-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKU\S-1-5-21-4011410636-728019058-727978947-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    2016-03-03 09:12 - 2016-03-03 09:12 - 00000258 _____ C:\Users\Remi\Desktop\CNNIC.Searchbar.URL
    Task: {0AF359B2-D8D7-40AD-B59D-0BA22C268B58} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {178210A3-AB34-419D-8E98-840A4AC17E5E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {36F6B6D9-D925-43DA-BE59-A4A720AA8F17} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {69FEA84E-011C-4B60-B433-8BEA428A1CBB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {812C26E6-1AA0-4D97-8647-DD3F918D6C8A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {D2740988-C26E-4616-9C1B-1E1641EA6ADE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {D62FA8A2-DD1E-4CAB-81FE-FA9F969C32D3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {D77B1E05-421D-45FE-883D-A55AD9B6BA6F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {D9139854-8B20-43C9-84F9-56DA68A80FE0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    EmptyTemp:
    Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

    Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~``

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
    • Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Please download Junkware Removal Tool
    or from here http://downloads.malwarebytes.org/file/jrt
    to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ~~~~~~~~~~~~~`
    please post
    Fixlog.txt
    AdwCleaner[CX].txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Mar 2016
    Posts
    10

    Default Fixlog

    Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    Ran by Remi (2016-03-05 10:37:40) Run:1
    Running from C:\Users\Remi\Desktop
    Loaded Profiles: Remi (Available Profiles: Remi & nela)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKLM -> {8F03DA48-38C4-4195-B8A6-5ECDBE4D8AF3} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
    SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    SearchScopes: HKU\S-1-5-21-4011410636-728019058-727978947-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-4011410636-728019058-727978947-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPNTDF
    SearchScopes: HKU\S-1-5-21-4011410636-728019058-727978947-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
    2016-03-03 09:12 - 2016-03-03 09:12 - 00000258 _____ C:\Users\Remi\Desktop\CNNIC.Searchbar.URL
    Task: {0AF359B2-D8D7-40AD-B59D-0BA22C268B58} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {178210A3-AB34-419D-8E98-840A4AC17E5E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {36F6B6D9-D925-43DA-BE59-A4A720AA8F17} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {69FEA84E-011C-4B60-B433-8BEA428A1CBB} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {812C26E6-1AA0-4D97-8647-DD3F918D6C8A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {D2740988-C26E-4616-9C1B-1E1641EA6ADE} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {D62FA8A2-DD1E-4CAB-81FE-FA9F969C32D3} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {D77B1E05-421D-45FE-883D-A55AD9B6BA6F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {D9139854-8B20-43C9-84F9-56DA68A80FE0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    EmptyTemp:
    Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f

    Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{8F03DA48-38C4-4195-B8A6-5ECDBE4D8AF3}" => key removed successfully
    HKCR\CLSID\{8F03DA48-38C4-4195-B8A6-5ECDBE4D8AF3} => key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
    HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
    "HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
    HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
    HKCR\Wow6432Node\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
    HKU\S-1-5-21-4011410636-728019058-727978947-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
    "HKU\S-1-5-21-4011410636-728019058-727978947-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
    HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
    "HKU\S-1-5-21-4011410636-728019058-727978947-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D944BB61-2E34-4DBF-A683-47E505C587DC}" => key removed successfully
    HKCR\CLSID\{D944BB61-2E34-4DBF-A683-47E505C587DC} => key not found.
    C:\Users\Remi\Desktop\CNNIC.Searchbar.URL => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0AF359B2-D8D7-40AD-B59D-0BA22C268B58}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0AF359B2-D8D7-40AD-B59D-0BA22C268B58}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{178210A3-AB34-419D-8E98-840A4AC17E5E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{178210A3-AB34-419D-8E98-840A4AC17E5E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36F6B6D9-D925-43DA-BE59-A4A720AA8F17}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36F6B6D9-D925-43DA-BE59-A4A720AA8F17}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{69FEA84E-011C-4B60-B433-8BEA428A1CBB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{69FEA84E-011C-4B60-B433-8BEA428A1CBB}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{812C26E6-1AA0-4D97-8647-DD3F918D6C8A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{812C26E6-1AA0-4D97-8647-DD3F918D6C8A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D2740988-C26E-4616-9C1B-1E1641EA6ADE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D2740988-C26E-4616-9C1B-1E1641EA6ADE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D62FA8A2-DD1E-4CAB-81FE-FA9F969C32D3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D62FA8A2-DD1E-4CAB-81FE-FA9F969C32D3}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D77B1E05-421D-45FE-883D-A55AD9B6BA6F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D77B1E05-421D-45FE-883D-A55AD9B6BA6F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9139854-8B20-43C9-84F9-56DA68A80FE0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9139854-8B20-43C9-84F9-56DA68A80FE0}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully

    ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

    The operation completed successfully.



    ========= End of Reg: =========


    ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

    The operation completed successfully.



    ========= End of Reg: =========


    ========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

    The operation completed successfully.



    ========= End of Reg: =========


    ========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

    The operation completed successfully.



    ========= End of Reg: =========

    EmptyTemp: => 14.3 GB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 10:41:56 ====

  4. #4
    Junior Member
    Join Date
    Mar 2016
    Posts
    10

    Default adwcleaner

    # AdwCleaner v5.029 - Logfile created 15/01/2016 at 16:33:00
    # Updated 11/01/2016 by Xplode
    # Database : 2016-01-15.2 [Server]
    # Operating system : Windows 10 Home (x64)
    # Username : Remi - LAPTOP
    # Running from : C:\Users\Remi\Downloads\adwcleaner_5.029.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore
    [-] Folder Deleted : C:\Users\Remi\AppData\Local\slimware utilities inc
    [-] Folder Deleted : C:\Users\Remi\AppData\Roaming\RPEng

    ***** [ Files ] *****

    [-] File Deleted : C:\Users\Public\Desktop\eBay.lnk

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKCU\Software\eSupport.com
    [-] Key Deleted : HKCU\Software\DriverRestore
    [-] Key Deleted : HKCU\Software\PRODUCTSETUP
    [-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
    [-] Key Deleted : HKCU\Software\CoinisRevShare
    [-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
    [-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [-] Data Restored : HKCU\Software\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
    [-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
    [-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}

    ***** [ Web browsers ] *****

    [-] [C:\Users\Remi\AppData\Roaming\Mozilla\Firefox\Profiles\amwalmu5.default-1442841602520\prefs.js] [Preference] Deleted : user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,DuckDuckGo,Palikan,Twitter");
    [-] [C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Startup_URLs] Deleted : hxxp://www.palikan.com/?f=7&a=plk_coinisre_15_40&cd=2XzuyEtN2Y1L1QzuyC0CtA0B0EyDyB0CyEtB0EyE0BzztDzytN0D0Tzu0StCtAyBtCtN1L2XzutAtFtCtBtFyDtFtDtN1L1Czu1BtAtN1L1G1B1V1N2Y1L1Qzu2SyDtB0BtD0Dzy0FtAtGyDyB0BtBtGyEyE0F0AtG0A0F0AzytG0C0D0Dzy0A0DzytDzztBzyzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2SyC0AyEyC0CzytD0DtG0AtCtD0FtGyEyDtA0AtG0BtB0D0FtGyD0D0DtD0F0DzztC0EyD0EyB2QtN0A0LzuyE&cr=1889056257&ir=

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [2737 bytes] ##########
    # AdwCleaner v5.037 - Logfile created 05/03/2016 at 13:22:49
    # Updated 28/02/2016 by Xplode
    # Database : 2016-02-28.2 [Local]
    # Operating system : Windows 10 Home (x64)
    # Username : Remi - LAPTOP
    # Running from : C:\Users\Remi\Desktop\AdwCleaner.exe
    # Option : Clean
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****

    [-] [C:\Users\Remi\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : ljibkigjccbegnbeojkoafejpoiachej

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [3645 bytes] - [15/01/2016 16:33:00]
    C:\AdwCleaner\AdwCleaner[S1].txt - [3643 bytes] - [15/01/2016 16:31:18]
    C:\AdwCleaner\AdwCleaner[S2].txt - [1018 bytes] - [05/03/2016 13:21:06]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3864 bytes] ##########

  5. #5
    Junior Member
    Join Date
    Mar 2016
    Posts
    10

    Default Jrt

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.3 (02.09.2016)
    Operating System: Windows 10 Home x64
    Ran by Remi (Administrator) on Sat 03/05/2016 at 13:30:56.21
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 1

    Successfully deleted: C:\WINDOWS\wininit.ini (File)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 03/05/2016 at 13:32:18.66
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  6. #6
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,814

    Default

    Download Malwarebytes' Anti-Malware TO YOUR DESKTOP


    • Windows XP : Double click on the icon to run it.
    • Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"







    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan


    After the restart once you are back at your desktop, open MBAM once more.
    Click on the History tab > Application Logs.
    Double click on the scan log which shows the Date and time of the scan just performed.
    Click 'Copy to Clipboard'
    Paste the contents of the clipboard into your reply

    ~~~~

    Please tell me what the computer is doing now.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Junior Member
    Join Date
    Mar 2016
    Posts
    10

    Default Malwarebytes Anti-Malware

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 3/5/2016
    Scan Time: 3:55 PM
    Logfile:
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.03.05.05
    Rootkit Database: v2016.02.27.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Remi

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 416675
    Time Elapsed: 6 min, 23 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 1
    Rogue.SearchAndDestroy, C:\Users\Remi\Desktop\Search and Destroy hangs at CNNIC.searhbar - Resolved or inactive Malware Removal - SpywareInfo Forum.URL, Quarantined, [d6531e66aeeb45f1d26c0f3d867d5da3],

    Physical Sectors: 0
    (No malicious items detected)


    (end)

  8. #8
    Junior Member
    Join Date
    Mar 2016
    Posts
    10

    Default Laptop Performance

    My Laptop seams to be running ok.

    Should Install Spybots and see if still freezes up at CNNIC.searchbar or?

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,814

    Default

    Quote Originally Posted by remi2292 View Post
    My Laptop seams to be running ok.

    Should Install Spybots and see if still freezes up at CNNIC.searchbar or?
    You can, then if it does it would suggest it's an issue with the tool.

    What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
    Most reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.



    Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

    ESET Online Scan
    Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
    • Please download ESET Online Scan and save the file to your Desktop.
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Double-click esetsmartinstaller_enu.exe to run the programme.
    • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
    • Agree to the Terms of Use once more and click Start. Allow components to download.
    • Place a checkmark next to Enable detection of potentially unwanted applications.
    • Click Advanced settings. Place a checkmark next to:
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

    • Ensure Remove found threats is unchecked.
    • Click Start.
    • Wait for the scan to finish. Please be patient as this can take some time.
    • Upon completion, click . If no threats were found, skip the next two bullet points.
    • Click and save the file to your Desktop, naming it something such as "MyEsetScan".
    • Push the Back button.
    • Place a checkmark next to and click .
    • Re-enable your anti-virus software.
    • Copy the contents of the log and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Junior Member
    Join Date
    Mar 2016
    Posts
    10

    Default MyEsetScan

    C:\AdwCleaner\Quarantine\C\Users\Remi\AppData\Roaming\RPEng\8C9AAF7BF7634C0B9DC48AEB5F38CA22\WWE_1.52.5.3.exe.vir multiple threats
    C:\Windows\AutoKMS\AutoKMS.exe a variant of MSIL/HackKMS.G potentially unsafe application

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •