Page 1 of 2 12 LastLast
Results 1 to 10 of 11

Thread: slow computer and pop ups

  1. #1
    Junior Member
    Join Date
    Dec 2016
    Posts
    5

    Default slow computer and pop ups

    My computer is very slow and I get multiple pop ups when surfing the web. below is my log.


    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 07-12-2016
    Ran by Cindy (administrator) on CINDY-PC (13-12-2016 23:53:28)
    Running from C:\Users\Cindy\Desktop
    Loaded Profiles: Cindy & DefaultAppPool (Available Profiles: Cindy & DefaultAppPool)
    Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (iWin Inc.) C:\Program Files (x86)\iWin Games\iWinTrusted.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (iWin Inc.) C:\Program Files (x86)\Pogo Games\PGMTrusted.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe
    (Microsoft Corporation) C:\Windows\System32\snmp.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TosCoSrv.exe
    (TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\TecoService.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Symantec Corporation) C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
    (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
    (Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
    (Intel Corporation) C:\Windows\System32\igfxtray.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\Power Saver\TPwrMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TECO\Teco.exe
    () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TCrdKBB.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\BulletinBoard\TosNcCore.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe
    (Cuddeback Digital) C:\Program Files (x86)\Trophy Room\Cuddeback_Update.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (TOSHIBA CORPORATION) C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe
    (TOSHIBA) C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe
    (Sony Corporation) C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
    () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe
    (Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_23_0_0_207.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosSENotify.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHSrv.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TPHM\TPCHWMsg.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
    (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
    (Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.14393.350_none_43278ee965418581\TiWorker.exe

    ==================== Registry (Whitelisted) ====================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1402624 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [590256 2011-05-17] (TOSHIBA Corporation)
    HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
    HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [972672 2011-04-27] (TOSHIBA Corporation)
    HKLM\...\Run: [ThpSrv] => C:\windows\system32\thpsrv /logon
    HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1544624 2011-05-24] (TOSHIBA Corporation)
    HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710560 2011-06-09] (TOSHIBA Corporation)
    HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [712096 2011-07-01] (TOSHIBA Corporation)
    HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
    HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [597936 2011-07-27] (TOSHIBA Corporation)
    HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38824 2011-06-28] (TOSHIBA Corporation)
    HKLM\...\Run: [LifeChat] => C:\Program Files\Microsoft LifeChat\LifeChat.exe [371712 2009-09-24] (Microsoft Corporation)
    HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-01-07] (Adobe Systems Incorporated)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [169768 2015-02-13] (Apple Inc.)
    HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944648 2015-06-12] (Synaptics Incorporated)
    HKLM\...\Run: [WindowsDefender] => C:\Program Files\Windows Defender\MSASCuiL.exe [631808 2016-10-06] (Microsoft Corporation)
    HKLM-x32\...\Run: [SVPWUTIL] => C:\Program Files (x86)\TOSHIBA\Utilities\SVPWUTIL.exe [532480 2010-11-09] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2010-08-16] (TOSHIBA CORPORATION)
    HKLM-x32\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [252792 2010-06-04] (TOSHIBA)
    HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218864 2011-06-22] (Toshiba)
    HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2368736 2014-06-03] (Microsoft Corp.)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe [3498720 2016-06-23] (Adobe Systems Inc.)
    HKLM-x32\...\Run: [PMBVolumeWatcher] => C:\Program Files (x86)\Sony\PlayMemories Home\PMBVolumeWatcher.exe [2687488 2015-09-29] (Sony Corporation)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [595992 2016-05-20] (Oracle Corporation)
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\...\Run: [iCloudServices] => C:\Program Files (x86)\Common Files\Apple\Internet Services\iCloudServices.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\...\Run: [ApplePhotoStreams] => C:\Program Files (x86)\Common Files\Apple\Internet Services\ApplePhotoStreams.exe [43816 2014-11-21] (Apple Inc.)
    HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\...\Policies\system: [DisableLockWorkstation] 0
    HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\RunOnce: [WAB Migrate] => C:\Program Files\Windows Mail\wab.exe [516608 2016-07-16] (Microsoft Corporation)
    Startup: C:\Users\Cindy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Shortcut to Cuddeback_Update.exe.lnk [2015-05-18]
    ShortcutTarget: Shortcut to Cuddeback_Update.exe.lnk -> C:\Users\Cindy\AppData\Roaming\Microsoft\Installer\{2A1BF350-9776-497F-883F-B0137902ECA6}\_376BD021929A5C038DC913.exe ()

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{17ccf5b8-75d6-4a3a-8998-1989bba8a3f0}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{4874eab2-9245-46cf-8ed2-d03e8d236b5e}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{bb1e11d5-94de-4e23-86fa-34a0ccaf84f5}: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{bfb53060-0e61-47c4-a5ef-797d69d1810d}: [DhcpNameServer] 192.168.0.1 192.168.0.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    SearchScopes: HKLM -> {9A570A82-66DD-4CA2-AEFB-1AF1027C1A43} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
    SearchScopes: HKLM-x32 -> {9A570A82-66DD-4CA2-AEFB-1AF1027C1A43} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
    SearchScopes: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> {6D477F41-76F8-4565-A340-8F4CD377BDE0} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP_enUS486
    SearchScopes: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> {9A570A82-66DD-4CA2-AEFB-1AF1027C1A43} URL = hxxp://www.google.com/search?sourceid=ie9&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7TSNP
    SearchScopes: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> {B8B8A03B-F528-4FF2-B089-457284109C28} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    BHO: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
    BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
    BHO: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-23] (Oracle Corporation)
    BHO-x32: Adobe Acrobat Create PDF Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-23] (Oracle Corporation)
    BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
    BHO-x32: Adobe Acrobat Create PDF from Selection -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
    Toolbar: HKLM - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
    Toolbar: HKLM-x32 - mefeediaTest - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll No File
    Toolbar: HKLM-x32 - Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
    Toolbar: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    Toolbar: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> Adobe Acrobat Create PDF Toolbar - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\WCIEActiveX\x64\AcroIEFavClient.dll [2016-06-23] (Adobe Systems Incorporated)
    DPF: HKLM-x32 {05D44720-58E3-49E6-BDF6-D00330E511D3} hxxp://zone.msn.com/binFramework/v10/ZPAFramework.cab102118.cab
    DPF: HKLM-x32 {8A94C905-FF9D-43B6-8708-F0F22D22B1CB} hxxp://www.worldwinner.com/games/shared/wwlaunch.cab
    DPF: HKLM-x32 {9BDF4724-10AA-43D5-BD15-AEA0D2287303} hxxp://zone.msn.com/bingame/zpagames/zpa_txhe.cab79352.cab
    DPF: HKLM-x32 {B8BE5E93-A60C-4D26-A2DC-220313175592} hxxp://cdn2.zone.msn.com/binFramework/v10/ZIntro.cab102118.cab
    DPF: HKLM-x32 {C82BB209-F528-46F9-96D5-69DEF7260916} hxxp://www.worldwinner.com/games/v45/mysterypi/mysterypi.cab
    Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-03-29] (Belarc, Inc.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default [2016-12-13]
    FF DefaultSearchEngine: Mozilla\Firefox\Profiles\knx140lm.default -> Yahoo
    FF DefaultSearchEngine.US: Mozilla\Firefox\Profiles\knx140lm.default -> Google
    FF SelectedSearchEngine: Mozilla\Firefox\Profiles\knx140lm.default -> Google
    FF Homepage: Mozilla\Firefox\Profiles\knx140lm.default -> hxxp://www.msn.com/?pc=U142&ocid=U142DHP
    FF NetworkProxy: Mozilla\Firefox\Profiles\knx140lm.default -> no_proxies_on", "localhost,127.0.0.1"
    FF Extension: (convert2mp3.net YouTube2MP3 Converter) - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\Extensions\info@convert2mp3.net.xpi [2016-05-16]
    FF Extension: (Search and New Tab by Yahoo) - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\Extensions\jid1-16aeif9OQIRKxA@jetpack.xpi [2016-11-26]
    FF Extension: (Forecastfox) - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\Extensions\{0538E3E3-7E9B-4d49-8831-A227C80A7AD3} [2016-05-16]
    FF Extension: (entrusted11 ) - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\Extensions\{77beece6-3997-403a-92fa-0055bfcf88e5} [2014-11-20] [not signed]
    FF Extension: (ArcadeYum) - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\Extensions\{C7928956-827D-4649-A234-BB758377C005}.xpi [2015-09-17]
    FF SearchPlugin: C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\searchplugins\ask-web-search.xml [2016-02-02]
    FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension.15@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
    FF Extension: (Adobe Acrobat - Create PDF) - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2016-10-07]
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_23_0_0_207.dll [2016-11-27] ()
    FF Plugin: @java.com/DTPlugin,version=1.6.0_33 -> C:\windows\system32\npdeployJava1.dll [2012-07-12] (Sun Microsystems, Inc.)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2015-07-29] (Adobe Systems)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWoW64\Macromed\Flash\NPSWF32_23_0_0_207.dll [2016-11-27] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
    FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-23] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-23] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50901.0\npctrl.dll [2016-08-31] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3538.0513 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2011-05-13] (Microsoft Corporation)
    FF Plugin-x32: @oberon-media.com/ONCAdapter -> C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.14\npapicomadapter.dll [2012-05-31] (Oberon-Media )
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-26] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-08-26] (Google Inc.)
    FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2012-11-07] ()
    FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-06-23] (Adobe Systems Inc.)
    FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2015-07-29] (Adobe Systems)
    FF Plugin HKU\S-1-5-21-4015324910-1557653689-3941867134-1001: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Cindy\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-06-08] (Unity Technologies ApS)

    Chrome:
    =======
    CHR DefaultProfile: Default
    CHR HomePage: Default -> hxxp://msn.com/
    CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=U142&ocid=U142DHP","hxxp://mymsn.com/"
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\PepperFlash\pepflashplayer.dll => No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\54.0.2840.71\pdf.dll => No File
    CHR Plugin: (ArcadeCandy Textlinks Plugin) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac\1.24.366_0\npCandyx.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPAUTHZ.DLL (Microsoft Corporation)
    CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL (Microsoft Corporation)
    CHR Plugin: (Oberon com adapter) - C:\Program Files (x86)\Common Files\Oberon Media\NCAdapter\1.0.0.8\npapicomadapter.dll (Oberon-Media )
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.123\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (WildTangent Games App V2 Presence Detector) - C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll => No File
    CHR Plugin: (Windows Live\™ Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\windows\SysWOW64\npDeployJava1.dll => No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
    CHR Profile: C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default [2016-11-09]
    CHR Extension: (Google Drive) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-30]
    CHR Extension: (YouTube) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-17]
    CHR Extension: (Google Search) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-30]
    CHR Extension: (Adobe Acrobat) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2016-10-06]
    CHR Extension: (Google Docs Offline) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-09-07]
    CHR Extension: (SaveDailyDeals) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbdpeojilomanppfkafnnglkjpkpajf [2015-01-30]
    CHR Extension: (Colorfull Sun Set) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\iknflcjkkahjgichcidlfcalplplegii [2014-08-12]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-09-07]
    CHR Extension: (ArcadeCandy) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac [2015-01-18]
    CHR Extension: (ArcadeFrontier Ads) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl [2016-11-05]
    CHR Extension: (Gmail) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
    CHR Extension: (Chrome Media Router) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-11-05]
    CHR Profile: C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Guest Profile [2015-02-10]
    CHR Profile: C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1 [2015-02-10]
    CHR Extension: (Google Slides) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-08]
    CHR Extension: (Google Docs) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-08]
    CHR Extension: (Google Drive) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-08]
    CHR Extension: (Google Voice Search Hotword (Beta)) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\bepbmhgboaologfdajaanbcjmnhjmhfn [2015-02-08]
    CHR Extension: (YouTube) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-08]
    CHR Extension: (Google Search) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-02-08]
    CHR Extension: (Adobe Acrobat - Create PDF) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\efaidnbmnnnibpcajpcglclefindmkaj [2015-02-08]
    CHR Extension: (Google Sheets) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-08]
    CHR Extension: (Google Wallet) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-02-08]
    CHR Extension: (Gmail) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-02-08]
    CHR HKLM-x32\...\Chrome\Extension: [bhfhojbhbnajajgihpicejdalbjlpcep] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2016-06-23]

    ==================== Services (Whitelisted) ====================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2207960 2016-09-26] (Adobe Systems, Incorporated)
    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
    S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2014-06-03] (Microsoft Corp.)
    R2 PCCUJobMgr; C:\Program Files (x86)\Norton PC Checkup\Engine\2.0.13.11\ccSvcHst.exe [126392 2011-07-19] (Symantec Corporation)
    R2 PGMTrusted; C:\Program Files (x86)\Pogo Games\PGMTrusted.exe [519920 2012-09-06] (iWin Inc.)
    R2 PMBDeviceInfoProvider; C:\Program Files (x86)\Sony\PlayMemories Home\PMBDeviceInfoProvider.exe [496128 2015-09-29] (Sony Corporation)
    R2 SNMP; C:\WINDOWS\System32\snmp.exe [53248 2016-10-14] (Microsoft Corporation)
    R2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [47104 2016-10-14] (Microsoft Corporation)
    R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-06-12] (Synaptics Incorporated)
    S2 Thpsrv; C:\windows\system32\ThpSrv.exe [558592 2011-04-20] (TOSHIBA Corporation) [File not signed]
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
    S2 RtkAudioService; "C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe" [X]

    ===================== Drivers (Whitelisted) ======================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [129752 2015-01-25] (Malwarebytes Corporation)
    S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
    R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek )
    R3 rtwlane_13; C:\WINDOWS\System32\drivers\rtwlane_13.sys [3717120 2016-07-16] (Realtek Semiconductor Corporation )
    R3 SmbDrvI; C:\WINDOWS\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-06-12] (Synaptics Incorporated)
    R3 Thotkey; C:\WINDOWS\System32\drivers\Thotkey.sys [52816 2016-08-03] (Toshiba Client Solutions Co., Ltd.)
    S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
    R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
    R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
    U3 idsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-13 23:53 - 2016-12-13 23:55 - 00030795 _____ C:\Users\Cindy\Desktop\FRST.txt
    2016-12-13 23:52 - 2016-12-13 23:53 - 00000000 ____D C:\FRST
    2016-12-13 23:51 - 2016-12-13 23:52 - 02420224 _____ (Farbar) C:\Users\Cindy\Desktop\FRST64.exe
    2016-12-10 02:09 - 2016-11-11 02:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
    2016-12-10 02:09 - 2016-11-11 02:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
    2016-12-10 02:09 - 2016-11-11 02:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
    2016-12-10 02:09 - 2016-11-11 01:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-12-10 02:09 - 2016-11-11 01:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
    2016-12-10 02:09 - 2016-11-11 01:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
    2016-12-10 02:09 - 2016-11-11 01:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-12-10 02:09 - 2016-11-11 01:47 - 01503032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
    2016-12-10 02:09 - 2016-11-11 01:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2016-12-10 02:09 - 2016-11-11 01:47 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2016-12-10 02:09 - 2016-11-11 01:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-12-10 02:09 - 2016-11-11 01:42 - 06668032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-12-10 02:09 - 2016-11-11 01:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-12-10 02:09 - 2016-11-11 01:42 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2016-12-10 02:09 - 2016-11-11 01:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2016-12-10 02:09 - 2016-11-11 01:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-12-10 02:09 - 2016-11-11 01:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
    2016-12-10 02:09 - 2016-11-11 01:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
    2016-12-10 02:09 - 2016-11-11 01:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
    2016-12-10 02:09 - 2016-11-11 01:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
    2016-12-10 02:09 - 2016-11-11 01:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-12-10 02:09 - 2016-11-11 01:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
    2016-12-10 02:09 - 2016-11-11 01:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2016-12-10 02:09 - 2016-11-11 01:26 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
    2016-12-10 02:09 - 2016-11-11 01:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
    2016-12-10 02:09 - 2016-11-11 01:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-12-10 02:09 - 2016-11-11 01:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
    2016-12-10 02:09 - 2016-11-11 01:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
    2016-12-10 02:09 - 2016-11-11 01:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
    2016-12-10 02:09 - 2016-11-11 01:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
    2016-12-10 02:09 - 2016-11-11 01:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
    2016-12-10 02:09 - 2016-11-11 01:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2016-12-10 02:09 - 2016-11-11 01:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2016-12-10 02:09 - 2016-11-11 01:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
    2016-12-10 02:09 - 2016-11-11 01:20 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2016-12-10 02:09 - 2016-11-11 01:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2016-12-10 02:09 - 2016-11-11 01:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
    2016-12-10 02:09 - 2016-11-11 01:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
    2016-12-10 02:09 - 2016-11-11 01:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
    2016-12-10 02:09 - 2016-11-11 01:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
    2016-12-10 02:09 - 2016-11-11 01:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
    2016-12-10 02:09 - 2016-11-11 01:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
    2016-12-10 02:09 - 2016-11-11 01:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
    2016-12-10 02:09 - 2016-11-11 01:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
    2016-12-10 02:09 - 2016-11-11 01:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
    2016-12-10 02:09 - 2016-11-11 01:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
    2016-12-10 02:09 - 2016-11-11 01:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
    2016-12-10 02:09 - 2016-11-11 01:17 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
    2016-12-10 02:09 - 2016-11-11 01:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
    2016-12-10 02:09 - 2016-11-11 01:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-12-10 02:09 - 2016-11-11 01:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-12-10 02:09 - 2016-11-11 01:15 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-12-10 02:09 - 2016-11-11 01:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2016-12-10 02:09 - 2016-11-11 01:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2016-12-10 02:09 - 2016-11-11 01:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
    2016-12-10 02:09 - 2016-11-11 01:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2016-12-10 02:09 - 2016-11-11 01:13 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
    2016-12-10 02:09 - 2016-11-11 01:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
    2016-12-10 02:09 - 2016-11-11 01:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-12-10 02:09 - 2016-11-11 01:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-12-10 02:09 - 2016-11-11 01:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
    2016-12-10 02:09 - 2016-11-11 01:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
    2016-12-10 02:09 - 2016-11-11 01:06 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-12-10 02:09 - 2016-11-11 01:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
    2016-12-10 02:09 - 2016-11-11 01:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
    2016-12-10 02:09 - 2016-11-11 01:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
    2016-12-10 02:09 - 2016-11-11 01:06 - 00807424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.OnlineId.dll
    2016-12-10 02:09 - 2016-11-11 01:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
    2016-12-10 02:09 - 2016-11-11 01:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
    2016-12-10 02:09 - 2016-11-11 01:05 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-12-10 02:09 - 2016-11-11 01:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
    2016-12-10 02:09 - 2016-11-11 01:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
    2016-12-10 02:09 - 2016-11-11 01:04 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2016-12-10 02:09 - 2016-11-11 01:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-12-10 02:09 - 2016-11-11 01:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
    2016-12-10 02:09 - 2016-11-11 01:04 - 00873472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
    2016-12-10 02:09 - 2016-11-11 01:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2016-12-10 02:09 - 2016-11-11 01:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
    2016-12-10 02:09 - 2016-11-11 01:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-12-10 02:09 - 2016-11-11 01:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
    2016-12-10 02:09 - 2016-11-11 01:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
    2016-12-10 02:09 - 2016-11-11 01:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2016-12-10 02:09 - 2016-11-11 01:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2016-12-10 02:09 - 2016-11-11 01:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
    2016-12-10 02:09 - 2016-11-11 01:01 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
    2016-12-10 02:08 - 2016-11-11 02:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2016-12-10 02:08 - 2016-11-11 02:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-12-10 02:08 - 2016-11-11 01:56 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2016-12-10 02:08 - 2016-11-11 01:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
    2016-12-10 02:08 - 2016-11-11 01:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2016-12-10 02:08 - 2016-11-11 01:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2016-12-10 02:08 - 2016-11-11 01:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
    2016-12-10 02:08 - 2016-11-11 01:45 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-12-10 02:08 - 2016-11-11 01:45 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2016-12-10 02:08 - 2016-11-11 01:42 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2016-12-10 02:08 - 2016-11-11 01:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2016-12-10 02:08 - 2016-11-11 01:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-12-10 02:08 - 2016-11-11 01:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2016-12-10 02:08 - 2016-11-11 01:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
    2016-12-10 02:08 - 2016-11-11 01:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
    2016-12-10 02:08 - 2016-11-11 01:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
    2016-12-10 02:08 - 2016-11-11 01:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
    2016-12-10 02:08 - 2016-11-11 01:20 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
    2016-12-10 02:08 - 2016-11-11 01:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-12-10 02:08 - 2016-11-11 01:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
    2016-12-10 02:08 - 2016-11-11 01:19 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2016-12-10 02:08 - 2016-11-11 01:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
    2016-12-10 02:08 - 2016-11-11 01:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
    2016-12-10 02:08 - 2016-11-11 01:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
    2016-12-10 02:08 - 2016-11-11 01:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
    2016-12-10 02:08 - 2016-11-11 01:16 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-12-10 02:08 - 2016-11-11 01:16 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
    2016-12-10 02:08 - 2016-11-11 01:14 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-12-10 02:08 - 2016-11-11 01:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
    2016-12-10 02:08 - 2016-11-11 01:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2016-12-10 02:08 - 2016-11-11 01:11 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2016-12-10 02:08 - 2016-11-11 01:10 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-12-10 02:08 - 2016-11-11 01:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
    2016-12-10 02:08 - 2016-11-11 01:09 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2016-12-10 02:08 - 2016-11-11 01:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
    2016-12-10 02:08 - 2016-11-11 01:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2016-12-10 02:08 - 2016-11-11 01:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-12-10 02:08 - 2016-11-11 01:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
    2016-12-10 02:08 - 2016-11-11 01:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
    2016-12-10 02:08 - 2016-11-11 01:03 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
    2016-12-10 02:08 - 2016-11-11 00:40 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
    2016-12-10 02:04 - 2016-11-11 04:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
    2016-12-10 02:04 - 2016-11-11 04:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
    2016-12-10 02:04 - 2016-11-11 04:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
    2016-12-10 02:04 - 2016-11-11 04:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
    2016-12-10 02:04 - 2016-11-11 04:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2016-12-10 02:04 - 2016-11-11 04:01 - 01738048 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
    2016-12-10 02:04 - 2016-11-11 04:01 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2016-12-10 02:04 - 2016-11-11 04:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
    2016-12-10 02:04 - 2016-11-11 03:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-12-10 02:04 - 2016-11-11 03:57 - 08170048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-12-10 02:04 - 2016-11-11 03:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
    2016-12-10 02:04 - 2016-11-11 03:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
    2016-12-10 02:04 - 2016-11-11 03:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-12-10 02:04 - 2016-11-11 03:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2016-12-10 02:04 - 2016-11-11 03:27 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2016-12-10 02:04 - 2016-11-11 03:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
    2016-12-10 02:04 - 2016-11-11 03:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
    2016-12-10 02:04 - 2016-11-11 03:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
    2016-12-10 02:04 - 2016-11-11 03:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
    2016-12-10 02:04 - 2016-11-11 03:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
    2016-12-10 02:04 - 2016-11-11 03:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
    2016-12-10 02:04 - 2016-11-11 03:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
    2016-12-10 02:04 - 2016-11-11 03:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
    2016-12-10 02:04 - 2016-11-11 03:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
    2016-12-10 02:04 - 2016-11-11 03:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2016-12-10 02:04 - 2016-11-11 03:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2016-12-10 02:04 - 2016-11-11 03:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
    2016-12-10 02:04 - 2016-11-11 03:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2016-12-10 02:04 - 2016-11-11 03:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
    2016-12-10 02:04 - 2016-11-11 03:20 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2016-12-10 02:04 - 2016-11-11 03:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-12-10 02:04 - 2016-11-11 03:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
    2016-12-10 02:04 - 2016-11-11 03:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
    2016-12-10 02:04 - 2016-11-11 03:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-12-10 02:04 - 2016-11-11 03:19 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2016-12-10 02:04 - 2016-11-11 03:18 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
    2016-12-10 02:04 - 2016-11-11 03:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2016-12-10 02:04 - 2016-11-11 03:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
    2016-12-10 02:04 - 2016-11-11 03:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-12-10 02:04 - 2016-11-11 03:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
    2016-12-10 02:04 - 2016-11-11 03:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2016-12-10 02:04 - 2016-11-11 03:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
    2016-12-10 02:04 - 2016-11-11 03:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2016-12-10 02:04 - 2016-11-11 03:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
    2016-12-10 02:04 - 2016-11-11 03:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-12-10 02:04 - 2016-11-11 03:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
    2016-12-10 02:04 - 2016-11-11 03:08 - 08127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-12-10 02:04 - 2016-11-11 03:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-12-10 02:04 - 2016-11-11 03:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2016-12-10 02:04 - 2016-11-11 03:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
    2016-12-10 02:04 - 2016-11-11 03:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2016-12-10 02:04 - 2016-11-11 03:04 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-12-10 02:04 - 2016-11-11 03:04 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2016-12-10 02:04 - 2016-11-11 03:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-12-10 02:04 - 2016-11-11 03:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2016-12-10 02:04 - 2016-11-11 03:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
    2016-12-10 02:04 - 2016-11-11 03:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
    2016-12-10 02:04 - 2016-11-11 03:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
    2016-12-10 02:04 - 2016-11-11 03:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
    2016-12-10 02:04 - 2016-11-11 03:03 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-12-10 02:04 - 2016-11-11 03:03 - 01513472 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-12-10 02:04 - 2016-11-11 03:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2016-12-10 02:04 - 2016-11-11 03:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
    2016-12-10 02:04 - 2016-11-11 03:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
    2016-12-10 02:04 - 2016-11-11 03:02 - 00730112 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2016-12-10 02:04 - 2016-11-11 03:01 - 01107456 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
    2016-12-10 02:03 - 2016-11-11 04:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
    2016-12-10 02:03 - 2016-11-11 04:13 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-12-10 02:03 - 2016-11-11 04:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-12-10 02:03 - 2016-11-11 04:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-12-10 02:03 - 2016-11-11 04:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
    2016-12-10 02:03 - 2016-11-11 04:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
    2016-12-10 02:03 - 2016-11-11 04:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
    2016-12-10 02:03 - 2016-11-11 04:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-12-10 02:03 - 2016-11-11 04:01 - 02189152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-12-10 02:03 - 2016-11-11 04:01 - 00658264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-12-10 02:03 - 2016-11-11 04:01 - 00401760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2016-12-10 02:03 - 2016-11-11 03:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
    2016-12-10 02:03 - 2016-11-11 03:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-12-10 02:03 - 2016-11-11 03:57 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2016-12-10 02:03 - 2016-11-11 03:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2016-12-10 02:03 - 2016-11-11 03:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-12-10 02:03 - 2016-11-11 03:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
    2016-12-10 02:03 - 2016-11-11 03:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
    2016-12-10 02:03 - 2016-11-11 03:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
    2016-12-10 02:03 - 2016-11-11 03:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
    2016-12-10 02:03 - 2016-11-11 03:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2016-12-10 02:03 - 2016-11-11 03:31 - 22563840 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-12-10 02:03 - 2016-11-11 03:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
    2016-12-10 02:03 - 2016-11-11 03:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
    2016-12-10 02:03 - 2016-11-11 03:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
    2016-12-10 02:03 - 2016-11-11 03:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-12-10 02:03 - 2016-11-11 03:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
    2016-12-10 02:03 - 2016-11-11 03:24 - 00226816 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
    2016-12-10 02:03 - 2016-11-11 03:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
    2016-12-10 02:03 - 2016-11-11 03:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
    2016-12-10 02:03 - 2016-11-11 03:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2016-12-10 02:03 - 2016-11-11 03:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
    2016-12-10 02:03 - 2016-11-11 03:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
    2016-12-10 02:03 - 2016-11-11 03:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2016-12-10 02:03 - 2016-11-11 03:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
    2016-12-10 02:03 - 2016-11-11 03:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
    2016-12-10 02:03 - 2016-11-11 03:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
    2016-12-10 02:03 - 2016-11-11 03:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2016-12-10 02:03 - 2016-11-11 03:20 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
    2016-12-10 02:03 - 2016-11-11 03:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
    2016-12-10 02:03 - 2016-11-11 03:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
    2016-12-10 02:03 - 2016-11-11 03:18 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-12-10 02:03 - 2016-11-11 03:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
    2016-12-10 02:03 - 2016-11-11 03:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
    2016-12-10 02:03 - 2016-11-11 03:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
    2016-12-10 02:03 - 2016-11-11 03:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
    2016-12-10 02:03 - 2016-11-11 03:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
    2016-12-10 02:03 - 2016-11-11 03:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
    2016-12-10 02:03 - 2016-11-11 03:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-12-10 02:03 - 2016-11-11 03:14 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-12-10 02:03 - 2016-11-11 03:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
    2016-12-10 02:03 - 2016-11-11 03:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
    2016-12-10 02:03 - 2016-11-11 03:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-12-10 02:03 - 2016-11-11 03:11 - 23678464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-12-10 02:03 - 2016-11-11 03:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
    2016-12-10 02:03 - 2016-11-11 03:10 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-12-10 02:03 - 2016-11-11 03:10 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2016-12-10 02:03 - 2016-11-11 03:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2016-12-10 02:03 - 2016-11-11 03:08 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
    2016-12-10 02:03 - 2016-11-11 03:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
    2016-12-10 02:03 - 2016-11-11 03:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
    2016-12-10 02:03 - 2016-11-11 03:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
    2016-12-10 02:03 - 2016-11-11 03:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2016-12-10 02:03 - 2016-11-11 03:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
    2016-12-10 02:03 - 2016-11-11 03:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
    2016-12-10 02:03 - 2016-11-11 03:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2016-12-10 02:03 - 2016-11-11 03:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2016-12-10 02:03 - 2016-11-11 03:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
    2016-12-10 02:03 - 2016-11-11 03:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-12-10 02:03 - 2016-11-11 03:05 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-12-10 02:03 - 2016-11-11 03:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-12-10 02:03 - 2016-11-11 03:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
    2016-12-10 02:03 - 2016-11-11 03:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
    2016-12-10 02:03 - 2016-11-11 03:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-12-10 02:03 - 2016-11-11 03:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2016-12-10 02:03 - 2016-11-11 03:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
    2016-12-10 02:03 - 2016-11-11 03:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2016-12-10 02:03 - 2016-11-11 03:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2016-12-10 02:03 - 2016-11-11 03:03 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
    2016-12-10 02:03 - 2016-11-11 03:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2016-12-10 02:02 - 2016-11-11 04:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-12-10 02:02 - 2016-11-11 04:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
    2016-12-10 02:02 - 2016-11-11 04:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
    2016-12-10 02:02 - 2016-11-11 04:10 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2016-12-10 02:02 - 2016-11-11 04:09 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
    2016-12-10 02:02 - 2016-11-11 04:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
    2016-12-10 02:02 - 2016-11-11 04:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2016-12-10 02:02 - 2016-11-11 04:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2016-12-10 02:02 - 2016-11-11 04:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2016-12-10 02:02 - 2016-11-11 03:59 - 02913136 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-12-10 02:02 - 2016-11-11 03:59 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2016-12-10 02:02 - 2016-11-11 03:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-12-10 02:02 - 2016-11-11 03:56 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2016-12-10 02:02 - 2016-11-11 03:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2016-12-10 02:02 - 2016-11-11 03:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-12-10 02:02 - 2016-11-11 03:56 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
    2016-12-10 02:02 - 2016-11-11 03:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
    2016-12-10 02:02 - 2016-11-11 03:51 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
    2016-12-10 02:02 - 2016-11-11 03:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2016-12-10 02:02 - 2016-11-11 03:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
    2016-12-10 02:02 - 2016-11-11 03:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
    2016-12-10 02:02 - 2016-11-11 03:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
    2016-12-10 02:02 - 2016-11-11 03:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
    2016-12-10 02:02 - 2016-11-11 03:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2016-12-10 02:02 - 2016-11-11 03:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
    2016-12-10 02:02 - 2016-11-11 03:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
    2016-12-10 02:02 - 2016-11-11 03:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2016-12-10 02:02 - 2016-11-11 03:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
    2016-12-10 02:02 - 2016-11-11 03:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2016-12-10 02:02 - 2016-11-11 03:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
    2016-12-10 02:02 - 2016-11-11 03:23 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
    2016-12-10 02:02 - 2016-11-11 03:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
    2016-12-10 02:02 - 2016-11-11 03:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
    2016-12-10 02:02 - 2016-11-11 03:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
    2016-12-10 02:02 - 2016-11-11 03:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
    2016-12-10 02:02 - 2016-11-11 03:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
    2016-12-10 02:02 - 2016-11-11 03:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
    2016-12-10 02:02 - 2016-11-11 03:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
    2016-12-10 02:02 - 2016-11-11 03:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
    2016-12-10 02:02 - 2016-11-11 03:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2016-12-10 02:02 - 2016-11-11 03:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
    2016-12-10 02:02 - 2016-11-11 03:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
    2016-12-10 02:02 - 2016-11-11 03:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
    2016-12-10 02:02 - 2016-11-11 03:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
    2016-12-10 02:02 - 2016-11-11 03:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-12-10 02:02 - 2016-11-11 03:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
    2016-12-10 02:02 - 2016-11-11 03:18 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
    2016-12-10 02:02 - 2016-11-11 03:17 - 01004032 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-12-10 02:02 - 2016-11-11 03:17 - 00956416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
    2016-12-10 02:02 - 2016-11-11 03:17 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2016-12-10 02:02 - 2016-11-11 03:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
    2016-12-10 02:02 - 2016-11-11 03:14 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
    2016-12-10 02:02 - 2016-11-11 03:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
    2016-12-10 02:02 - 2016-11-11 03:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
    2016-12-10 02:02 - 2016-11-11 03:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-12-10 02:02 - 2016-11-11 03:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-12-10 02:02 - 2016-11-11 03:09 - 05111296 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2016-12-10 02:02 - 2016-11-11 03:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
    2016-12-10 02:02 - 2016-11-11 03:07 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
    2016-12-10 02:02 - 2016-11-11 03:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2016-12-10 02:02 - 2016-11-11 03:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
    2016-12-10 02:02 - 2016-11-11 03:06 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2016-12-10 02:02 - 2016-11-11 03:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
    2016-12-10 02:02 - 2016-11-11 03:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2016-12-10 02:02 - 2016-11-11 03:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2016-12-10 02:02 - 2016-11-11 03:04 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2016-12-10 02:02 - 2016-11-11 03:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2016-12-10 02:02 - 2016-11-11 03:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-12-10 02:02 - 2016-11-11 03:03 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
    2016-12-10 02:02 - 2016-11-11 03:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
    2016-12-10 02:01 - 2016-11-11 04:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
    2016-12-10 02:01 - 2016-11-11 04:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
    2016-12-10 02:01 - 2016-11-11 03:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
    2016-12-10 00:39 - 2016-12-10 00:39 - 00000000 ____D C:\Users\Cindy\Desktop\rescuedisk11
    2016-12-10 00:34 - 2016-12-10 00:38 - 113029095 _____ C:\Users\Cindy\Desktop\rescuedisk11.zip
    2016-12-08 09:36 - 2016-12-13 23:39 - 00000000 ____D C:\Users\Cindy\AppData\LocalLow\Mozilla
    2016-11-30 01:04 - 2016-11-30 01:04 - 02645240 _____ (Panda Security S.L.) C:\Users\Cindy\Desktop\PandaCloudCleanerUSB.exe
    2016-11-30 00:49 - 2016-11-30 00:50 - 04713984 _____ (Geza Kovacs) C:\Users\Cindy\Desktop\unetbootin-windows-625.exe
    2016-11-30 00:42 - 2016-11-30 00:49 - 225832960 _____ C:\Users\Cindy\Desktop\SafeCD.iso
    2016-11-27 00:54 - 2016-11-27 00:54 - 00000000 ___HD C:\$Windows.~WS
    2016-11-26 23:22 - 2016-11-27 03:09 - 00000000 ____D C:\ESD
    2016-11-26 23:21 - 2016-11-26 23:21 - 00000000 ____D C:\$WINDOWS.~BT
    2016-11-26 23:18 - 2016-11-26 23:19 - 18309328 _____ (Microsoft Corporation) C:\Users\Cindy\Desktop\MediaCreationTool.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-12-13 23:53 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-12-13 23:48 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-12-13 23:48 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-12-13 23:42 - 2016-10-06 19:59 - 01345056 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-12-13 23:36 - 2016-10-06 20:29 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-12-13 23:36 - 2016-10-06 20:00 - 00000000 ____D C:\Users\Cindy
    2016-12-13 23:35 - 2016-07-16 00:04 - 00786432 _____ C:\WINDOWS\system32\config\BBI
    2016-12-13 23:16 - 2016-10-06 19:52 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2016-12-11 23:54 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache
    2016-12-11 18:15 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
    2016-12-11 18:10 - 2015-08-06 13:04 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-12-11 18:08 - 2016-10-06 19:52 - 00339384 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-12-11 18:06 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
    2016-12-11 18:06 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2016-12-11 18:05 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-12-11 18:05 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-12-11 18:05 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-12-11 18:05 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
    2016-12-11 18:05 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-12-11 18:05 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2016-12-11 18:05 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\Dism
    2016-12-11 18:05 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\servicing
    2016-12-11 09:16 - 2016-10-07 09:32 - 00000000 ____D C:\Users\Public\Documents\AdobeGC
    2016-12-10 05:24 - 2012-08-24 17:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-12-10 00:41 - 2016-07-16 05:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2016-12-08 09:36 - 2014-12-10 23:06 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-12-07 11:02 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2016-12-06 19:59 - 2012-07-28 18:04 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-12-06 19:49 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-11-27 18:12 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2016-11-27 18:12 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2016-11-27 03:09 - 2016-10-06 22:50 - 00000000 ___DC C:\WINDOWS\Panther
    2016-11-27 00:54 - 2016-10-06 20:30 - 00020192 _____ C:\WINDOWS\diagwrn.xml
    2016-11-27 00:54 - 2016-10-06 20:30 - 00016442 _____ C:\WINDOWS\diagerr.xml
    2016-11-26 22:51 - 2015-08-06 13:03 - 00000000 ____D C:\Users\Cindy\AppData\Local\Packages
    2016-11-26 22:34 - 2015-08-06 12:38 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-11-26 22:34 - 2012-11-18 16:45 - 00002283 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-11-18 23:12 - 2015-01-08 23:48 - 00000000 ____D C:\Users\Cindy\AppData\Local\E9B89CE2-19F6-404D-94F1-C10D4A9EBFAA.aplzod
    2016-11-18 23:07 - 2012-09-15 19:06 - 00000000 ____D C:\Users\Cindy\AppData\Local\ElevatedDiagnostics

    ==================== Files in the root of some directories =======

    2012-05-30 18:46 - 2012-05-30 18:46 - 3993600 _____ () C:\Program Files (x86)\GUT5BD6.tmp
    2013-07-17 00:05 - 2015-07-25 03:58 - 0006656 _____ () C:\Users\Cindy\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2012-06-15 02:42 - 2012-06-15 02:42 - 0003284 _____ () C:\Users\Cindy\AppData\Local\Q$_140066.ENU_SoftGridUserSettings_S-1-5-21-4015324910-1557653689-3941867134-1001_settings.cp.temp

    Some files in TEMP:
    ====================
    C:\Users\Cindy\AppData\Local\Temp\jre-8u101-windows-au.exe


    ==================== Bamital & volsnap ======================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

    LastRegBack: 2016-12-08 23:20

    ==================== End of FRST.txt ============================

    here is second log.

    Additional scan result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
    Ran by Cindy (13-12-2016 23:56:52)
    Running from C:\Users\Cindy\Desktop
    Windows 10 Home Version 1607 (X64) (2016-10-07 02:33:53)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-4015324910-1557653689-3941867134-500 - Administrator - Disabled)
    Cindy (S-1-5-21-4015324910-1557653689-3941867134-1001 - Administrator - Enabled) => C:\Users\Cindy
    DefaultAccount (S-1-5-21-4015324910-1557653689-3941867134-503 - Limited - Disabled)
    Guest (S-1-5-21-4015324910-1557653689-3941867134-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-4015324910-1557653689-3941867134-1004 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    4 Elements (HKLM-x32\...\4 Elements) (Version: - Pogo.com)
    7 Wonders 2 (HKLM-x32\...\7 Wonders 2) (Version: 1.0.1.0 - Pogo.com)
    Adobe Acrobat XI Standard (HKLM-x32\...\{AC76BA86-1033-FFFF-BA7E-000000000006}) (Version: 11.0.17 - Adobe Systems)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.5.0.880 - Adobe Systems Incorporated)
    Adobe Flash Player 23 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 23.0.0.207 - Adobe Systems Incorporated)
    Adobe Reader XI (11.0.17) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.17 - Adobe Systems Incorporated)
    Adventure Inlay Safari EditionTM (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-510005195}) (Version: - Oberon Media)
    Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    ArcadeFrontier (HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\...\{4AFCAFDC-D870-41FA-B9FB-1442B9DAFE76}) (Version: - ArcadeFrontier)
    Around the World in 80 Days Extended Edition (HKLM-x32\...\Around the World in 80 Days Extended Editionv1.0) (Version: v1.0 - Tri Synergy)
    Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Belarc Advisor 8.3 (HKLM-x32\...\Belarc Advisor) (Version: 8.3.2.0 - Belarc Inc.)
    Big Fish: Game Manager (HKLM-x32\...\BFGC) (Version: 3.3.0.2 - )
    Big Money (HKLM-x32\...\Big Money) (Version: - PopCap Games)
    Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.470.0 - Microsoft Corporation)
    Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Digital Copy (HKLM-x32\...\Digital Copy) (Version: - )
    Download Navigator (HKLM-x32\...\{E728441A-7820-4B1C-87C9-DE7BE37B2953}) (Version: 1.1.0 - SEIKO EPSON CORPORATION)
    Dream Day Wedding Collection (HKLM-x32\...\{B013BDB5-9C4A-41E1-B2A1-CF0F02A2EE10}) (Version: 1.00.0000 - Encore)
    Enchanted Cavern (remove only) (HKLM-x32\...\Enchanted Cavern) (Version: - )
    ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
    FATE - The Traitor Soul (x32 Version: 2.2.0.95 - WildTangent) Hidden
    ffdshow [rev 2527] [2008-12-19] (HKLM-x32\...\ffdshow_is1) (Version: 1.0 - )
    Ghost Whisperer (x32 Version: 3.0.2.32 - WildTangent) Hidden
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 54.0.2840.99 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
    Hidden Object Crosswords (HKLM-x32\...\BFG-Hidden Object Crosswords) (Version: - )
    iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
    Infinite Crosswords (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-110125217}) (Version: - Oberon Media)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2430 - Intel Corporation)
    iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
    iWin Games (HKLM-x32\...\iWinArcade) (Version: 2.93 - )
    Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.15 - Oracle Corporation)
    Jewel Quest Online Party (remove only) (HKLM-x32\...\Jewel Quest Online Party) (Version: - )
    Jewel Quest Solitaire (HKLM-x32\...\Jewel Quest Solitaire) (Version: 1.2.0.0 - Pogo.com)
    Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
    Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
    Letters from Nowhere 2 (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Mahjongg - The Ultimate Collection (HKLM-x32\...\Mahjongg - The Ultimate Collection) (Version: - On Hand Software)
    Mahjongg Dimensions (remove only) (HKLM-x32\...\Mahjongg Dimensions) (Version: - )
    Malwarebytes Anti-Malware version 2.0.4.1028 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.0.4.1028 - Malwarebytes Corporation)
    MeFeedia (HKLM-x32\...\mefeediatest) (Version: 1.0.0.1 - )
    Mega Camera Manager (HKLM-x32\...\{BBB82B04-41B9-43C6-89A3-320AE2040899}) (Version: - )
    MergeModule_x86 (x32 Version: 9.3.00 - Sony Corporation) Hidden
    Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
    Microsoft LifeChat (HKLM\...\{BD198331-FF8A-4DEB-9F30-A0AC56625A3B}) (Version: 1.40.224.0 - Microsoft)
    Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.2.173.0 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50901.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    Mobile Hotspot Admin (HKLM-x32\...\{A9E5EDA7-2E6C-49E7-924B-A32B89C24A04}) (Version: 1.0.0.1 - ZTE Corporation)
    Mozilla Firefox 50.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 50.0 (x86 en-US)) (Version: 50.0 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 50.0.0.6152 - Mozilla)
    MusicOasis (HKLM-x32\...\MusicOasis) (Version: 1.0.3 - InstallX, LLC) <==== ATTENTION
    MusicOasis (x32 Version: 1.0.3 - InstallX, LLC) Hidden <==== ATTENTION
    Mystery Case Files: Huntsville ™ (HKLM-x32\...\BFG-Mystery Case Files - Huntsville) (Version: - )
    Mystery Case Files: Ravenhearst &reg; (HKLM-x32\...\BFG-Mystery Case Files - Ravenhearst) (Version: - )
    Our Worst Fears: Stained Skin (HKLM-x32\...\Our Worst Fears: Stained Skin) (Version: - Pogo.com)
    Peggle Nights 1.0 (HKLM-x32\...\Peggle Nights 1.0) (Version: 1.0 - PopCap Games)
    Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Pictureka Museum Mayhem (remove only) (HKLM-x32\...\Pictureka Museum Mayhem) (Version: - )
    Pictureka! - Museum Mayhem (HKLM-x32\...\BFG-Pictureka - Museum Mayhem) (Version: - )
    Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
    PlayMemories Home (HKLM-x32\...\{94F4815B-755A-4FFA-AFDC-EE8FE776981E}) (Version: 5.0.02.09290 - Sony Corporation)
    PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
    PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
    PMB_ModeEditor (x32 Version: 9.3.00 - Sony Corporation) Hidden
    PMB_ServiceUploader (x32 Version: 10.0.02 - Sony Corporation) Hidden
    Pogo Games (HKLM-x32\...\PogoDGC) (Version: 1.0 - ) <==== ATTENTION
    Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.38.113.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
    Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
    Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.0.34.0 - Renesas Electronics Corporation)
    Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.0.34.0 - Renesas Electronics Corporation) Hidden
    RollerCoaster Tycoon 3: Platinum (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Scholastic's I SPY Spooky Mansion Deluxe (HKLM-x32\...\Scholastic's I SPY Spooky Mansion Deluxe) (Version: - )
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Slingo Mystery 2: The Golden Escape (HKLM-x32\...\Slingo Mystery 2: The Golden Escape) (Version: 1.0.0.86 - Pogo.com)
    Slingo Quest (remove only) (HKLM-x32\...\Slingo Quest) (Version: - Funkitron)
    Snood for Windows version 2.4.5-W (HKLM-x32\...\Snood_is1) (Version: - Snood LLC)
    Software Updater (HKLM-x32\...\{FA7EE274-7370-43B7-9A45-A39B17CCCDC5}) (Version: 4.3.3 - SEIKO EPSON CORPORATION)
    Solitaire Mystery: Four Seasons (HKLM-x32\...\Solitaire Mystery: Four Seasons) (Version: - Pogo.com)
    Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.10.0 - Synaptics Incorporated)
    Tales of Lagoona (x32 Version: 2.2.0.98 - WildTangent) Hidden
    Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
    TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
    TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.2.3.0 - TOSHIBA CORPORATION)
    TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
    Toshiba Book Place (HKLM-x32\...\{A14962A7-2B7D-456E-BFCD-F54E3A88D41F}) (Version: 2.2.7530 - K-NFB Reading Technology, Inc.)
    TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{1C8C049A-145F-4A6E-8290-B5C245EBE39D}) (Version: 1.6.11.64 - TOSHIBA Corporation)
    TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.11 for x64 - TOSHIBA Corporation)
    TOSHIBA eco Utility (HKLM\...\{C2F94B5E-201A-4754-8F2F-4395E1D90DA3}) (Version: 1.3.5.64 - TOSHIBA Corporation)
    TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.17.64 - TOSHIBA Corporation)
    TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.63.0.12C - TOSHIBA CORPORATION)
    TOSHIBA HDD Protection (HKLM\...\{94A90C69-71C1-470A-88F5-AA47ECC96B40}) (Version: 2.2.2.15 - TOSHIBA Corporation)
    TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.9 - TOSHIBA Corporation)
    Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.13.11 - Symantec Corporation)
    TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.87.4 - TOSHIBA CORPORATION)
    TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
    Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.31 - Toshiba)
    TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.9.64 - TOSHIBA Corporation)
    TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.4 - TOSHIBA)
    TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.5.5109a - TOSHIBA CORPORATION)
    TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.21.64 - TOSHIBA Corporation)
    TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.2001 - TOSHIBA Corporation)
    TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
    TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.8 - TOSHIBA Corporation)
    TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{51B4E156-14A5-4904-9AE4-B1AA2A0E46BE}) (Version: 1.63.51.2C - TOSHIBA CORPORATION)
    TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.6.1.64 - TOSHIBA Corporation)
    TOSHIBA VIDEO PLAYER (HKLM-x32\...\{6C5F3BDC-0A1B-4436-A696-5939629D5C31}) (Version: 4.00.7.06-A - TOSHIBA Corporation)
    TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.3.38 - TOSHIBA Corporation)
    TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.9 - TOSHIBA)
    Treasure Island Extended Edition (HKLM-x32\...\Treasure Island Extended Editionv1.0) (Version: v1.0 - Tri Synergy)
    Trophy Room (HKLM-x32\...\{2A1BF350-9776-497F-883F-B0137902ECA6}) (Version: 3.0.1 - Cuddeback)
    Tweaking.com - Windows Repair (All in One) (HKLM-x32\...\Tweaking.com - Windows Repair (All in One)) (Version: 2.10.2 - Tweaking.com)
    Unity Web Player (HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\...\UnityWebPlayer) (Version: 5.0.3f2 - Unity Technologies ApS)
    Unlikely Suspects (HKLM-x32\...\{82C36957-D2B8-4EF2-B88C-5FA03AA848C7-119431947}) (Version: - Oberon Media)
    Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
    Utility Common Driver (x32 Version: 1.0.52.3C - TOSHIBA) Hidden
    Vacation Quest: The Hawaiian Islands (remove only) (HKLM-x32\...\Vacation Quest: The Hawaiian Islands) (Version: - )
    VideoFileDownload (HKLM-x32\...\vfd-cb) (Version: 1.0 - VideoFileDownload)
    Vivitar Experience Image Manager (HKLM-x32\...\Vivitar Experience Image Manager) (Version: - Sakar)
    VUDU To Go (HKLM-x32\...\com.vudu.air.Downloader) (Version: 1.3.4 - Vudu)
    VUDU To Go (x32 Version: 1.3.4 - Vudu) Hidden
    Weather Lord: Hidden Realm (HKLM-x32\...\Weather Lord: Hidden Realm) (Version: - Pogo.com)
    WildTangent Games (HKLM-x32\...\WildTangent toshiba Master Uninstall) (Version: 1.0.2.5 - WildTangent)
    WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
    WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.16 - WildTangent) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3538.0513 - Microsoft Corporation)
    Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
    Wordscape Online Party (remove only) (HKLM-x32\...\Wordscape Online Party) (Version: - )
    Yahoo Search Set (HKLM-x32\...\Yahoo! SearchSet) (Version: - Yahoo Inc.)
    Zuma Deluxe 1.0 (HKLM-x32\...\Zuma Deluxe 1.0) (Version: - )
    Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {01CA9D95-723A-401A-8C31-A3668851924C} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {115C8356-343B-4D47-99AF-82CD3F69322D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {12F26E03-513A-46D3-B347-1E47DF9047C9} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\WINDOWS\ehome\mcupdate.exe
    Task: {1F0208B8-42CA-4BB2-8B35-F1B0CF133DEA} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {1F51819B-363C-462A-B0FB-3C76E48FAF81} - System32\Tasks\{9C83799E-D30C-41E3-98A9-8BA1B41F14BC} => pcalua.exe -a D:\INSTALL.EXE -d D:\
    Task: {221A0B54-43B6-464A-B130-9086F8B8B44F} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {25233777-CEFE-45CC-BE56-3EA6DB5995ED} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\WINDOWS\ehome\ehrec.exe
    Task: {27C46D90-981E-4EA5-A5B5-9DC0EAEEAC08} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {28C851D6-037B-4314-BEF1-9FDD9A942B46} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\WINDOWS\ehome\ehrec.exe
    Task: {30C33732-DCC1-4973-B1F2-5BC04894323D} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2013-05-13] (Microsoft)
    Task: {3C3660F1-52AE-447F-9B20-248340985886} - System32\Tasks\RunAsStdUser Task => C:\Program Files (x86)\iWin Games\iWinGames.exe [2015-06-19] (iWin Inc.)
    Task: {3D6E660E-80E0-4D3B-8CF0-6E77C38FDC39} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {3EAAAF23-38E1-4E02-8D55-A60F68219A4C} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {42A6A79B-E4CC-4117-A918-D7E6B3A1B361} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {43A9F38F-95A7-41C3-8BF7-4ED73E68C484} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {49726E86-7D9E-4B8C-8BB4-72C880D64C2E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {4B7407F5-9181-4828-8E60-74C3A187BF85} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2013-05-13] (Microsoft Corporation)
    Task: {5264F1F7-AE29-4944-989D-62FF31EE2FE1} - System32\Tasks\{745CD748-5B93-48F3-B34C-CB7D5F311499} => C:\Program Files (x86)\Hasbro Interactive\Super Scattergories\Scattergories.exe
    Task: {54937C1A-A02D-4BC5-B404-FB55827A7D4C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated)
    Task: {54B805FC-AAE0-4726-85A9-09511F831DC0} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {58AAA2E0-DC8F-4181-9588-50EF697D0D51} - System32\Tasks\{C86B180C-F0CF-4309-B4FD-E7EA80401713} => C:\Program Files (x86)\Hasbro Interactive\Super Scattergories\Scattergories.exe
    Task: {71C60627-5DFF-45AB-9D9D-F5E22773B4B1} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {739A460D-2023-4D0B-B7AE-9A2B1A30424F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {75756050-9CAD-4BAF-9F63-25CB76524783} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-11-27] (Adobe Systems Incorporated)
    Task: {79030AE6-8C98-48AA-8384-AC29967D3D8C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {7EB44766-4FD2-4819-A839-801354F0C70E} - System32\Tasks\{D0FCCE98-B58D-4235-B7CD-45574AF49B92} => pcalua.exe -a C:\Users\Cindy\Downloads\mp470sosmwin120us.exe -d C:\Users\Cindy\Downloads
    Task: {7FF3748C-A9B5-4E3D-A33A-88FDBE89535E} - System32\Tasks\{A91D52D1-8F03-44D9-8F68-C5A4CF13A97B} => C:\Program Files (x86)\Hasbro Interactive\Super Scattergories\Scattergories.exe
    Task: {816F931B-FA81-46A8-9FFC-277774D037F6} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {86325A03-D12F-4BA1-88BC-89C1BC86F742} - System32\Tasks\{5445B679-8937-4098-A504-90FF10055BC7} => C:\Program Files (x86)\Hasbro Interactive\Super Scattergories\Scattergories.exe
    Task: {8D230185-A6BC-4DDB-BA39-6B4722650B77} - System32\Tasks\{585041DB-ADC7-4871-9249-E3B2A55E4564} => C:\Program Files (x86)\Hasbro Interactive\Super Scattergories\Scattergories.exe
    Task: {8DA48121-CA86-464C-9004-DEB6A6326274} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {98449CC4-129B-4B51-AAD1-385BD0891102} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {9B3E242D-6F09-4584-9B6A-0483FD30C0CD} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {9E3A3282-8B1F-4F56-A211-121C92CC351F} - System32\Tasks\LifeChatTask => C:\Program Files\Microsoft LifeChat\LifeChat.exe [2009-09-24] (Microsoft Corporation)
    Task: {A23D408E-9FB1-49C7-B973-E9A4FCC513D9} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {A9B04D95-99EB-4461-A1AF-E926BA9B3B98} - System32\Tasks\{6D7C01F1-9104-403E-9C7C-41D0A9893A97} => pcalua.exe -a "C:\Users\Cindy\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\EYV4WWUS\boxrinst.EXE" -d C:\Users\Cindy\Desktop
    Task: {AC2A6BB5-16DA-4117-801A-7369B520C5D4} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\WINDOWS\ehome\mcupdate.exe
    Task: {ADFF47B5-CE58-4F83-9453-1912160CD555} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
    Task: {AECC5E5A-BD33-45EE-9A14-BCDB617494CF} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {B0097F2E-055E-4231-A0B4-F39C82699292} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {B1CF4F29-ADBE-47E7-8859-08828A3179F7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {B4CAF6E6-24C9-47F7-ABF5-2C8731EA9629} - System32\Tasks\{EA70D382-4ECC-494E-92C4-AD0458E5210E} => C:\Program Files (x86)\Hasbro Interactive\Super Scattergories\Scattergories.exe
    Task: {B6E69CC6-91FA-4651-B574-14C5062D13BA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {B7D414E4-7866-4E19-A2D3-755FF9755DCC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {BA1F4160-DA2E-4574-831E-AC05169833D1} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {BFDADE85-B2E1-456E-993E-928204417104} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2013-05-13] (Microsoft Corporation)
    Task: {C15A2B07-7FB0-4C8E-88B7-A3EC0CF1207F} - System32\Tasks\{BDA44233-2A5B-4F95-8A94-F23C5644626F} => C:\Program Files (x86)\Hasbro Interactive\Super Scattergories\Scattergories.exe
    Task: {C22554B5-A2F0-4B16-B814-874DE3AB3F18} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    Task: {C8662E84-06FF-4B16-A330-78E304C1DE6C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\WINDOWS\ehome\MCUpdate.exe
    Task: {D45D3FFE-2813-4042-A6D5-D81942A1CB46} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {D90218A0-8C0D-42E3-BD47-A0A2F7036FBE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {DEA19F1F-B18A-4222-B81A-5CE6C3062762} - System32\Tasks\{13E7519A-0D15-41EB-A072-05E717EE246D} => C:\Program Files (x86)\Hasbro Interactive\Super Scattergories\Scattergories.exe
    Task: {E478945A-7133-4F1E-8EEF-25E5753198A7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-26] (Apple Inc.)
    Task: {E7F51087-B971-4430-8901-2ACD88EA4995} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {EFF7FB5D-6722-4294-BC5B-501BDD0D9908} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
    Task: {F5052A5F-1081-47CE-B1B9-172CBA1E4433} - System32\Tasks\{39B0FAD6-29D7-4B41-A9E8-2B3DC315FCC7} => pcalua.exe -a C:\Users\Cindy\Downloads\boxrinst.EXE -d C:\Users\Cindy\Desktop
    Task: {FA86B9F0-07D9-4249-A15C-05E1BF53770B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {FAAC0230-2C5E-4F04-B972-17806793DBE1} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\WINDOWS\ehome\ehPrivJob.exe
    Task: {FB2EE3CA-4DF3-4590-BEC1-49A3297718A5} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\WINDOWS\ehome\mcupdate.exe
    Task: {FFA79626-8EBC-4897-8996-16EF86652291} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ShortcutWithArgument: C:\Users\Cindy\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"

    ==================== Loaded Modules (Whitelisted) ==============

    2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-12-10 02:02 - 2016-11-11 04:10 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-01-20 22:35 - 2015-01-20 22:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-01-20 22:35 - 2015-01-20 22:35 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-12-10 02:02 - 2016-11-11 04:10 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
    2016-10-07 08:34 - 2016-10-07 08:34 - 00959168 _____ () C:\Users\Cindy\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
    2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:23 - 2010-10-20 14:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2016-10-06 22:38 - 2016-10-06 22:38 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
    2016-12-10 02:04 - 2016-11-11 03:23 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
    2016-11-09 19:22 - 2016-11-02 04:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-11-09 19:22 - 2016-11-02 04:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-11-09 19:22 - 2016-11-02 04:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
    2016-11-09 19:22 - 2016-11-02 04:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2016-11-09 19:22 - 2016-11-02 04:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-11-09 19:22 - 2016-11-02 04:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-06-01 20:00 - 2015-06-01 20:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2010-11-18 18:18 - 2010-11-18 18:18 - 11190784 _____ () C:\Program Files\TOSHIBA\FlashCards\BlackPng.dll
    2010-11-30 11:37 - 2010-11-30 11:37 - 00048504 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\FnZ.dll
    2010-12-15 16:19 - 2010-12-15 16:19 - 00124320 _____ () C:\Program Files\TOSHIBA\TECO\MUIHelp.dll
    2011-02-22 20:22 - 2011-02-22 20:22 - 00429432 _____ () C:\Program Files\TOSHIBA\FlashCards\Hotkey\TcrdKBB.exe
    2016-11-26 22:41 - 2016-11-26 22:45 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeHost.exe
    2016-11-26 22:41 - 2016-11-26 22:45 - 00178688 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
    2016-11-26 22:41 - 2016-11-26 22:45 - 41609728 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x64__kzf8qxf38zg5c\SkyWrap.dll
    2011-06-09 22:09 - 2011-06-09 22:09 - 00079784 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
    2015-01-20 22:35 - 2015-01-20 22:35 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-10-07 08:34 - 2016-10-07 08:34 - 00679624 _____ () C:\Users\Cindy\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
    2013-09-05 00:14 - 2013-09-05 00:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 14:45 - 2010-10-20 14:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:1DA424AA [143]
    AlternateDataStreams: C:\ProgramData\TEMP:214562D2 [754]
    AlternateDataStreams: C:\ProgramData\TEMP:260575F1 [191]
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\TEMP:3684CEF1 [128]
    AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA [394]
    AlternateDataStreams: C:\ProgramData\TEMP:5EEC292D [137]
    AlternateDataStreams: C:\ProgramData\TEMP:62F26ACE [141]
    AlternateDataStreams: C:\ProgramData\TEMP:729F0E7F [234]
    AlternateDataStreams: C:\ProgramData\TEMP:75DBEC56 [133]
    AlternateDataStreams: C:\ProgramData\TEMP:7DC5D762 [264]
    AlternateDataStreams: C:\ProgramData\TEMP:878ECA8B [129]
    AlternateDataStreams: C:\ProgramData\TEMP:9B7E8561 [135]
    AlternateDataStreams: C:\ProgramData\TEMP:9E95073D [250]
    AlternateDataStreams: C:\ProgramData\TEMP:B3B423E1 [146]
    AlternateDataStreams: C:\ProgramData\TEMP:C2151AD3 [446]
    AlternateDataStreams: C:\ProgramData\TEMP:E6F5146C [121]

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:34 - 2015-01-10 21:31 - 00000027 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
    HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Control Panel\Desktop\\Wallpaper ->
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
    HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run: => "LifeChat"
    HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
    HKLM\...\StartupApproved\Run32: => "BingDesktop"
    HKLM\...\StartupApproved\Run32: => "BCSSync"
    HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
    HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\...\StartupApproved\Run: => "OneDrive"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => LPort=139
    FirewallRules: [MSMQ-In-TCP] => %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => LPort=808
    FirewallRules: [UDP Query User{D33770C3-5672-402B-B62A-DC5950DE57CB}C:\users\cindy\appdata\local\temp\ignd716.tmp\lmiignition.exe] => C:\users\cindy\appdata\local\temp\ignd716.tmp\lmiignition.exe
    FirewallRules: [TCP Query User{89625D13-C43B-4C4B-8506-96913BF04526}C:\users\cindy\appdata\local\temp\ignd716.tmp\lmiignition.exe] => C:\users\cindy\appdata\local\temp\ignd716.tmp\lmiignition.exe
    FirewallRules: [UDP Query User{59DE5950-9EC5-488A-AA82-37E493D51BD3}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [TCP Query User{5DED573A-FBF8-4DD6-8A78-0A5662E72100}C:\program files (x86)\mozilla firefox\firefox.exe] => C:\program files (x86)\mozilla firefox\firefox.exe
    FirewallRules: [{5A49FA80-DCD3-4A23-BBA1-067143E5324D}] => C:\Program Files\iTunes\iTunes.exe
    FirewallRules: [{5AE63CA9-1014-44EE-BE85-48246400599F}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{6B793E2A-7694-4D51-B514-4FB42EF55588}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{3735E11E-5743-4C51-B368-A3B7E2E66031}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{3B78898C-1835-445A-AA89-5C782745A22E}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{9D787510-3ABD-4AC5-8FBA-DC8A320DB418}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{93C96870-2EA9-404A-A35C-B8D283284EB5}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [UDP Query User{2AD4B246-CA3B-476B-BC12-3C0F9CA6D483}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
    FirewallRules: [TCP Query User{DAD83954-5CE6-4817-8FE3-EAEB5C4CCACC}C:\program files (x86)\java\jre7\bin\javaw.exe] => C:\program files (x86)\java\jre7\bin\javaw.exe
    FirewallRules: [{290B6FF6-D23E-4B20-A586-C70663607E95}] => LPort=10255
    FirewallRules: [UDP Query User{BB2CE12D-6AE8-452D-8244-8B02EF9B3B9C}C:\program files (x86)\imesh applications\imesh\imesh.exe] => C:\program files (x86)\imesh applications\imesh\imesh.exe
    FirewallRules: [TCP Query User{046C9B8A-4BDC-4979-8890-CD394254375E}C:\program files (x86)\imesh applications\imesh\imesh.exe] => C:\program files (x86)\imesh applications\imesh\imesh.exe
    FirewallRules: [{71D89403-1FB6-42E6-B953-C383617FFD64}] => C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
    FirewallRules: [{78916D75-FCD8-49F6-AD73-4D121EB45C50}] => C:\Program Files (x86)\iMesh Applications\iMesh\iMesh.exe
    FirewallRules: [{B2003BE0-E890-4ED9-A736-B29D6B862944}] => C:\Program Files (x86)\Pogo Games\WebUpdater.exe
    FirewallRules: [{1BC3CBE0-2693-41C2-9CFD-0D9267343CE3}] => C:\Program Files (x86)\Pogo Games\WebUpdater.exe
    FirewallRules: [{42D95926-CE67-4A68-96E1-B5C6BD7EFE2C}] => C:\Program Files (x86)\Pogo Games\PogoDGC.exe
    FirewallRules: [{AA7295B5-CC1C-4B0B-A0AD-98D3B5495199}] => C:\Program Files (x86)\Pogo Games\PogoDGC.exe
    FirewallRules: [{1DB8B6B1-6F97-4B1C-8CC1-93DCF81A2053}] => C:\Program Files (x86)\iWin Games\WebUpdater.exe
    FirewallRules: [{DE7EC420-BEDE-41C8-B68F-A76DC1746213}] => C:\Program Files (x86)\iWin Games\WebUpdater.exe
    FirewallRules: [{28A0144D-055C-43EA-840A-C9B799E2AC51}] => C:\Program Files (x86)\iWin Games\iWinGames.exe
    FirewallRules: [{F4FC860B-9302-4C15-A336-7F088275AA8D}] => C:\Program Files (x86)\iWin Games\iWinGames.exe
    FirewallRules: [{53C30A38-375B-4EAC-A4FC-7255FEE57685}] => C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
    FirewallRules: [{14F238E0-5D87-457F-9A4F-08BF95E2FCFC}] => C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
    FirewallRules: [{5450716C-A89B-49DA-A7EB-39BCE09ABC90}] => LPort=1900
    FirewallRules: [{5908E83F-A67E-4D95-B275-37A845D908C0}] => LPort=2869
    FirewallRules: [{C872428A-EEC0-4859-981B-44A990B4821D}] => C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{85ED9E39-867E-47C6-B65A-4EE1ED75F509}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{32C867EA-32E5-42CA-91C0-857E760A950E}] => C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{4275A755-EFE7-4F78-86B2-173C5EFA2F40}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{96461AB5-BF03-4EB4-BCF9-A757BB534434}] => C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [SNMP-In-UDP] => %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-Out-UDP] => %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-In-UDP-NoScope] => %SystemRoot%\system32\snmp.exe
    FirewallRules: [SNMP-Out-UDP-NoScope] => %SystemRoot%\system32\snmp.exe
    FirewallRules: [{5F615C78-3B9C-4303-AC39-978FF244B2DC}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Restore Points =========================

    27-11-2016 01:16:50 Scheduled Checkpoint
    06-12-2016 18:35:04 Scheduled Checkpoint
    10-12-2016 05:38:20 Windows Update

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/13/2016 11:39:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Local Hostname Cindy-PC.local already in use; will try Cindy-PC-2.local instead

    Error: (12/13/2016 11:39:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: ProbeCount 0; will deregister 4 Cindy-PC.local. Addr 192.168.0.14

    Error: (12/13/2016 11:39:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: mDNSCoreReceiveResponse: Received from 192.168.0.14:5353 16 Cindy-PC.local. AAAA 2604:2D80:4005:C377:CD1A:DFCD:9FA6:3537

    Error: (12/13/2016 11:39:04 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
    Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
    Parameter name: dueTime
    Stack Trace:
    at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
    at System.Timers.Timer.set_Enabled(Boolean value)
    at SnappCloud.ActivationReminder.AraClient.PostInit()
    at SnappCloud.ActivationReminder.Program.Main(String[] args)

    Error: (12/13/2016 11:35:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CINDY-PC)
    Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (12/13/2016 01:59:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 93894328

    Error: (12/13/2016 01:59:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 93894328

    Error: (12/13/2016 01:59:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (12/13/2016 01:59:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 93878922

    Error: (12/13/2016 01:59:30 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 93878922


    System errors:
    =============
    Error: (12/13/2016 11:36:37 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the BingDesktopUpdate service to connect.

    Error: (12/13/2016 11:36:19 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
    The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

    Error: (12/13/2016 11:36:16 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The RtkAudioService service failed to start due to the following error:
    The system cannot find the file specified.

    Error: (12/13/2016 11:36:20 PM) (Source: SNMP) (EventID: 1500) (User: )
    Description: The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.

    Error: (12/13/2016 11:36:16 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 11:29:47 PM on ‎12/‎13/‎2016 was unexpected.

    Error: (12/11/2016 09:39:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
    Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

    Code: 8 0x0 0x0

    Error: (12/11/2016 09:39:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
    Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

    Code: 2 0xdeaddeed 0xeeec

    Error: (12/11/2016 09:39:36 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
    Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.

    Code: 1 0xc 0x4

    Error: (12/11/2016 06:10:40 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
    {8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
    and APPID
    {F72671A9-012C-4725-9D2F-2A4D32D65169}
    to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

    Error: (12/11/2016 06:09:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NetPipeActivator service failed to start due to the following error:
    The service did not respond to the start or control request in a timely fashion.


    CodeIntegrity:
    ===================================
    Date: 2016-12-11 23:27:58.508
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-11 23:27:58.506
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-11 23:27:58.501
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-11 23:27:58.183
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-11 23:27:58.181
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-11 23:27:58.176
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-11 23:27:57.915
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-11 23:27:57.912
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-11 23:27:57.908
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-12-11 23:27:57.739
    Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2450M CPU @ 2.50GHz
    Percentage of memory in use: 49%
    Total physical RAM: 6051.76 MB
    Available physical RAM: 3071.43 MB
    Total Virtual: 12195.76 MB
    Available Virtual: 9011.1 MB

    ==================== Drives ================================

    Drive c: (TI106332W0C) (Fixed) (Total:579.14 GB) (Free:465.92 GB) NTFS ==>[system with boot components (obtained from drive)]
    Drive d: (KIRBY SENTRIA II) (CDROM) (Total:1.63 GB) (Free:0 GB) UDF

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 596.2 GB) (Disk ID: 27058636)
    Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
    Partition 2: (Not Active) - (Size=579.1 GB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=508 MB) - (Type=27)
    Partition 4: (Not Active) - (Size=15.1 GB) - (Type=17)

    ==================== End of Addition.txt ============================

  2. #2
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    MusicOasis (HKLM-x32\...\MusicOasis) (Version: 1.0.3 - InstallX, LLC) <==== ATTENTION
    MusicOasis (x32 Version: 1.0.3 - InstallX, LLC) Hidden <==== ATTENTION

    This needs to be uninstalled/removed from Add/Remove programs list.


    ~~~~

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CreateRestorePoint:
    CloseProcesses:
    HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-23] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-23] (Oracle Corporation)
    Toolbar: HKLM-x32 - mefeediaTest - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll No File
    Toolbar: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF Extension: (entrusted11 ) - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\Extensions\{77beece6-3997-403a-92fa-0055bfcf88e5} [2014-11-20] [not signed]
    FF SearchPlugin: C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\searchplugins\ask-web-search.xml [2016-02-02]
    FF Plugin: @java.com/DTPlugin,version=1.6.0_33 -> C:\windows\system32\npdeployJava1.dll [2012-07-12] (Sun Microsystems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-23] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-23] (Oracle Corporation)
    CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\windows\SysWOW64\npDeployJava1.dll => No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
    CHR Extension: (SaveDailyDeals) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbdpeojilomanppfkafnnglkjpkpajf [2015-01-30]
    U3 idsvc; no ImagePath
    C:\Users\Cindy\AppData\Local\Temp\jre-8u101-windows-au.exe
    Task: {C22554B5-A2F0-4B16-B814-874DE3AB3F18} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    ShortcutWithArgument: C:\Users\Cindy\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
    AlternateDataStreams: C:\ProgramData\TEMP:1DA424AA [143]
    AlternateDataStreams: C:\ProgramData\TEMP:214562D2 [754]
    AlternateDataStreams: C:\ProgramData\TEMP:260575F1 [191]
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\TEMP:3684CEF1 [128]
    AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA [394]
    AlternateDataStreams: C:\ProgramData\TEMP:5EEC292D [137]
    AlternateDataStreams: C:\ProgramData\TEMP:62F26ACE [141]
    AlternateDataStreams: C:\ProgramData\TEMP:729F0E7F [234]
    AlternateDataStreams: C:\ProgramData\TEMP:75DBEC56 [133]
    AlternateDataStreams: C:\ProgramData\TEMP:7DC5D762 [264]
    AlternateDataStreams: C:\ProgramData\TEMP:878ECA8B [129]
    AlternateDataStreams: C:\ProgramData\TEMP:9B7E8561 [135]
    AlternateDataStreams: C:\ProgramData\TEMP:9E95073D [250]
    AlternateDataStreams: C:\ProgramData\TEMP:B3B423E1 [146]
    AlternateDataStreams: C:\ProgramData\TEMP:C2151AD3 [446]
    AlternateDataStreams: C:\ProgramData\TEMP:E6F5146C [121]
    EmptyTemp:
    Hosts:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    ~~~~~~~~~~~`

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
      In order to use AdwCleaner, you have to agree the Eula:
    • Right-click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Logfile. A log (AdwCleaner[S1].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Return to AdwCleaner. Ensure anything you know to be legitimate does not have a checkmark under the corresponding tab.
    • Click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After the reboot, a log (AdwCleaner[C1].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and folder backups are made for items removed using this programme. Should a legitimate file or folder be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the item. Please do not overly concern yourself with the contents of AdwCleaner[C1].txt.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~

    Please download Junkware Removal Tool
    or from here http://downloads.malwarebytes.org/file/jrt
    to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ~~~
    please post
    Fixlog.txt
    AdwCleaner[C1].txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Junior Member
    Join Date
    Dec 2016
    Posts
    5

    Default

    Here are the logs you requested. I don't think I saved the adw(c1) file but I sent you the other one I had. Sorry!

    Fix result of Farbar Recovery Scan Tool (x64) Version: 07-12-2016
    Ran by Cindy (14-12-2016 22:31:57) Run:1
    Running from C:\Users\Cindy\Desktop
    Loaded Profiles: Cindy (Available Profiles: Cindy & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    BHO: No Name -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> No File
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre6\bin\jp2ssv.dll => No File
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-23] (Oracle Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-23] (Oracle Corporation)
    Toolbar: HKLM-x32 - mefeediaTest - {154d932f-dc51-4a4f-9d52-b78b1419d3b4} - C:\Program Files (x86)\mefeediatest\w3itemplateX.dll No File
    Toolbar: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - No File
    Toolbar: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    FF Extension: (entrusted11 ) - C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\Extensions\{77beece6-3997-403a-92fa-0055bfcf88e5} [2014-11-20] [not signed]
    FF SearchPlugin: C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\searchplugins\ask-web-search.xml [2016-02-02]
    FF Plugin: @java.com/DTPlugin,version=1.6.0_33 -> C:\windows\system32\npdeployJava1.dll [2012-07-12] (Sun Microsystems, Inc.)
    FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-23] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-23] (Oracle Corporation)
    CHR Plugin: (Java(TM) Platform SE 7 U9) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.90.5) - C:\windows\SysWOW64\npDeployJava1.dll => No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => No File
    CHR Extension: (SaveDailyDeals) - C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbdpeojilomanppfkafnnglkjpkpajf [2015-01-30]
    U3 idsvc; no ImagePath
    C:\Users\Cindy\AppData\Local\Temp\jre-8u101-windows-au.exe
    Task: {C22554B5-A2F0-4B16-B814-874DE3AB3F18} - \OfficeSoftwareProtectionPlatform\SvcRestartTask -> No File <==== ATTENTION
    ShortcutWithArgument: C:\Users\Cindy\Desktop\Person 1 - Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Default"
    AlternateDataStreams: C:\ProgramData\TEMP:1DA424AA [143]
    AlternateDataStreams: C:\ProgramData\TEMP:214562D2 [754]
    AlternateDataStreams: C:\ProgramData\TEMP:260575F1 [191]
    AlternateDataStreams: C:\ProgramData\TEMP:2CB9631F [134]
    AlternateDataStreams: C:\ProgramData\TEMP:3684CEF1 [128]
    AlternateDataStreams: C:\ProgramData\TEMP:4673E9EA [394]
    AlternateDataStreams: C:\ProgramData\TEMP:5EEC292D [137]
    AlternateDataStreams: C:\ProgramData\TEMP:62F26ACE [141]
    AlternateDataStreams: C:\ProgramData\TEMP:729F0E7F [234]
    AlternateDataStreams: C:\ProgramData\TEMP:75DBEC56 [133]
    AlternateDataStreams: C:\ProgramData\TEMP:7DC5D762 [264]
    AlternateDataStreams: C:\ProgramData\TEMP:878ECA8B [129]
    AlternateDataStreams: C:\ProgramData\TEMP:9B7E8561 [135]
    AlternateDataStreams: C:\ProgramData\TEMP:9E95073D [250]
    AlternateDataStreams: C:\ProgramData\TEMP:B3B423E1 [146]
    AlternateDataStreams: C:\ProgramData\TEMP:C2151AD3 [446]
    AlternateDataStreams: C:\ProgramData\TEMP:E6F5146C [121]
    EmptyTemp:
    Hosts:
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    "HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
    HKCR\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43} => key not found.
    "HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
    "HKCR\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{761497BB-D6F0-462C-B6EB-D4DAF1D92D43}" => key removed successfully
    "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
    "HKCR\Wow6432Node\CLSID\{DBC80044-A445-435b-BC74-9C25C1C588A9}" => key removed successfully
    HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{154d932f-dc51-4a4f-9d52-b78b1419d3b4} => value removed successfully
    "HKCR\Wow6432Node\CLSID\{154d932f-dc51-4a4f-9d52-b78b1419d3b4}" => key removed successfully
    HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
    HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
    HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
    C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\Extensions\{77beece6-3997-403a-92fa-0055bfcf88e5} => moved successfully
    C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\searchplugins\ask-web-search.xml => moved successfully
    "HKLM\Software\MozillaPlugins\@java.com/DTPlugin,version=1.6.0_33" => key removed successfully
    C:\windows\system32\npdeployJava1.dll => moved successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/DTPlugin,version=11.91.2" => key removed successfully
    C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll => moved successfully
    "HKLM\Software\Wow6432Node\MozillaPlugins\@java.com/JavaPlugin,version=11.91.2" => key removed successfully
    C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll => moved successfully
    C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
    C:\windows\SysWOW64\Macromed\Flash\NPSWF32_11_4_402_287.dll => not found.
    C:\windows\SysWOW64\npDeployJava1.dll => not found.
    c:\Program Files (x86)\Microsoft Silverlight\4.1.10329.0\npctrl.dll => not found.
    C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkbdpeojilomanppfkafnnglkjpkpajf => moved successfully
    idsvc => service removed successfully
    C:\Users\Cindy\AppData\Local\Temp\jre-8u101-windows-au.exe => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C22554B5-A2F0-4B16-B814-874DE3AB3F18}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C22554B5-A2F0-4B16-B814-874DE3AB3F18}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\OfficeSoftwareProtectionPlatform\SvcRestartTask" => key removed successfully
    C:\Users\Cindy\Desktop\Person 1 - Chrome.lnk => Shortcut argument removed successfully.
    C:\ProgramData\TEMP => ":1DA424AA" ADS removed successfully.
    C:\ProgramData\TEMP => ":214562D2" ADS removed successfully.
    C:\ProgramData\TEMP => ":260575F1" ADS removed successfully.
    C:\ProgramData\TEMP => ":2CB9631F" ADS removed successfully.
    C:\ProgramData\TEMP => ":3684CEF1" ADS removed successfully.
    C:\ProgramData\TEMP => ":4673E9EA" ADS removed successfully.
    C:\ProgramData\TEMP => ":5EEC292D" ADS removed successfully.
    C:\ProgramData\TEMP => ":62F26ACE" ADS removed successfully.
    C:\ProgramData\TEMP => ":729F0E7F" ADS removed successfully.
    C:\ProgramData\TEMP => ":75DBEC56" ADS removed successfully.
    C:\ProgramData\TEMP => ":7DC5D762" ADS removed successfully.
    C:\ProgramData\TEMP => ":878ECA8B" ADS removed successfully.
    C:\ProgramData\TEMP => ":9B7E8561" ADS removed successfully.
    C:\ProgramData\TEMP => ":9E95073D" ADS removed successfully.
    C:\ProgramData\TEMP => ":B3B423E1" ADS removed successfully.
    C:\ProgramData\TEMP => ":C2151AD3" ADS removed successfully.
    C:\ProgramData\TEMP => ":E6F5146C" ADS removed successfully.
    C:\Windows\System32\Drivers\etc\hosts => moved successfully
    Hosts restored successfully.

    =========== EmptyTemp: ==========

    BITS transfer queue => 845131 B
    DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 123122606 B
    Java, Flash, Steam htmlcache => 1642 B
    Windows/system/drivers => 8748221 B
    Edge => 2533866 B
    Chrome => 412186684 B
    Firefox => 276988516 B
    Opera => 0 B

    Temp, IE cache, history, cookies, recent:
    Default => 6166 B
    Users => 0 B
    ProgramData => 0 B
    Public => 0 B
    systemprofile => 0 B
    systemprofile32 => 0 B
    LocalService => 0 B
    NetworkService => 239950 B
    Cindy => 196428057 B
    DefaultAppPool => 0 B

    RecycleBin => 135870 B
    EmptyTemp: => 973.9 MB temporary data Removed.

    ================================


    The system needed a reboot.

    ==== End of Fixlog 22:33:31 ====



    # AdwCleaner v6.040 - Logfile created 14/12/2016 at 22:44:46
    # Updated on 02/12/2016 by Malwarebytes
    # Database : 2016-12-14.1 [Server]
    # Operating System : Windows 10 Home (X64)
    # Username : Cindy - CINDY-PC
    # Running from : C:\Users\Cindy\Desktop\AdwCleaner.exe
    # Mode: Clean
    # Support : https://www.malwarebytes.com/support



    ***** [ Services ] *****

    [-] Service deleted: iWinTrusted


    ***** [ Folders ] *****

    [-] Folder deleted: C:\Users\Cindy\AppData\Roaming\VideoBuzz
    [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoBuzz
    [-] Folder deleted: C:\Program Files (x86)\VideoBuzz
    [-] Folder deleted: C:\Users\Cindy\AppData\Local\YSearchUtil
    [-] Folder deleted: C:\Users\Cindy\AppData\LocalLow\Yahoo!\Companion
    [-] Folder deleted: C:\Users\Cindy\AppData\Roaming\Yahoo!\Companion
    [-] Folder deleted: C:\Users\Cindy\AppData\Roaming\Pogo Games
    [-] Folder deleted: C:\ProgramData\iwin games
    [#] Folder deleted on reboot: C:\ProgramData\Application Data\iwin games
    [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iwin games
    [-] Folder deleted: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pogo Games
    [-] Folder deleted: C:\Program Files (x86)\iwin games
    [-] Folder deleted: C:\Program Files (x86)\Yahoo!\Companion
    [-] Folder deleted: C:\Program Files (x86)\Pogo Games
    [-] Folder deleted: C:\Program Files (x86)\Yahoo!\yset
    [-] Folder deleted: C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nnfegheljpcijmdgonkecjpcaopjlpac
    [-] Folder deleted: C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\nnfegheljpcijmdgonkecjpcaopjlpac
    [-] Folder deleted: C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Extensions\peglehonblabfemopkgmfcpofbchegcl
    [-] Folder deleted: C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\peglehonblabfemopkgmfcpofbchegcl


    ***** [ Files ] *****

    [-] File deleted: C:\Users\Cindy\AppData\LocalLow\Microsoft\Internet Explorer\Services\Search_ask.com.xml
    [-] File deleted: C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\extensions\jid1-16aeif9OQIRKxA@jetpack.xpi


    ***** [ DLL ] *****



    ***** [ WMI ] *****



    ***** [ Shortcuts ] *****



    ***** [ Scheduled Tasks ] *****



    ***** [ Registry ] *****

    [-] Key deleted: HKLM\SOFTWARE\Classes\AppID\{635ADC07-6F19-42A7-8043-EDD19678CE14}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
    [-] Key deleted: HKLM\SOFTWARE\Classes\CLSID\{635ADC07-6F19-42A7-8043-EDD19678CE14}
    [-] Key deleted: HKLM\SOFTWARE\Classes\TypeLib\{44E6B68E-8DA5-4093-921B-7275E5B3906A}
    [-] Key deleted: HKU\.DEFAULT\Software\PogoDGC
    [-] Key deleted: HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\Software\PogoDGC
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4015324910-1557653689-3941867134-1001\Software\wecarereminder
    [-] Key deleted: HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4015324910-1557653689-3941867134-1001\Software\PogoDGC
    [#] Key deleted on reboot: HKU\S-1-5-18\Software\PogoDGC
    [#] Key deleted on reboot: HKCU\Software\PogoDGC
    [-] Key deleted: HKLM\SOFTWARE\PogoDGC
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Yahoo! SearchSet
    [-] Key deleted: HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\PogoDGC
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4015324910-1557653689-3941867134-1001\Software\wecarereminder
    [#] Key deleted on reboot: [x64] HKCU\Software\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-4015324910-1557653689-3941867134-1001\Software\PogoDGC
    [#] Key deleted on reboot: [x64] HKCU\Software\PogoDGC
    [-] Key deleted: HKCU\SOFTWARE\Microsoft\IntelliPoint\AppSpecific\PogoDGC.exe


    ***** [ Web browsers ] *****

    [-] Chrome preferences cleaned: "browser.search.hiddenOneOffs" - "Yahoo,Ask Web Search,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en)"
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark._dzMembers_.lastActivePing" - "1454980878443"
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark.hp.enabled" - false
    [-] Chrome preferences cleaned: "extensions.toolbar.mindspark.lastInstalled" - "pconverter@mindspark.com"
    [-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: ask.com
    [-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: search.conduit.com
    [-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Deleted: dts.search-results.com
    [-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: nnfegheljpcijmdgonkecjpcaopjlpac
    [-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: pcajpdcjfekhfnapaiphaecoajeollnc
    [-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Default] [extension] Deleted: peglehonblabfemopkgmfcpofbchegcl
    [-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: aol.com
    [-] [C:\Users\Cindy\AppData\Local\Google\Chrome\User Data\Profile 1\Web data] [Search Provider] Deleted: ask.com


    *************************

    :: "Tracing" keys deleted
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C0].txt - [5637 Bytes] - [14/12/2016 22:44:46]
    C:\AdwCleaner\AdwCleaner[R0].txt - [27130 Bytes] - [29/11/2014 13:54:32]
    C:\AdwCleaner\AdwCleaner[S0].txt - [27096 Bytes] - [29/11/2014 14:02:29]
    C:\AdwCleaner\AdwCleaner[S1].txt - [6008 Bytes] - [14/12/2016 22:42:20]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C0].txt - [5931 Bytes] ##########




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.1.0 (12.05.2016)
    Operating System: Windows 10 Home x64
    Ran by Cindy (Administrator) on Wed 12/14/2016 at 22:51:47.34
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 13

    Successfully deleted: C:\Users\Cindy\AppData\Local\{01CBDC91-2762-403B-9654-32B171393558} (Empty Folder)
    Successfully deleted: C:\Users\Cindy\AppData\Local\{1DACF147-FBA9-4E70-8989-685B2BBB5EAD} (Empty Folder)
    Successfully deleted: C:\Users\Cindy\AppData\Local\{7DE4FD06-6B71-4758-A0FC-F84CBC971528} (Empty Folder)
    Successfully deleted: C:\Users\Cindy\AppData\Local\{8045FD57-AF7B-4382-9D4A-E8EC551E3181} (Empty Folder)
    Successfully deleted: C:\Users\Cindy\AppData\Local\{A13ABDA7-80C8-446A-885E-BF5901353DB7} (Empty Folder)
    Successfully deleted: C:\Users\Cindy\AppData\Local\{AC341EB7-C79E-4CB7-A8D4-6B7F78B17D81} (Empty Folder)
    Successfully deleted: C:\Users\Cindy\AppData\Local\{BB52D58A-C03B-4272-B72B-D2B4D53A686B} (Empty Folder)
    Successfully deleted: C:\Users\Cindy\AppData\Local\{C4D94058-73BA-44B6-BA1A-728BAC1E39E0} (Empty Folder)
    Successfully deleted: C:\Users\Cindy\AppData\Local\{C8CE374D-A6E9-4D4B-9B8D-05D69B3FD3EC} (Empty Folder)
    Successfully deleted: C:\Users\Cindy\AppData\Local\{E9777F46-D74C-414B-91C3-33A10EE67316} (Empty Folder)
    Successfully deleted: C:\Users\Cindy\AppData\Local\{F1AEE845-0C1C-404F-9A6B-F06B8F738A2E} (Empty Folder)
    Successfully deleted: C:\Users\Cindy\AppData\Roaming\alawarentertainment (Folder)
    Successfully deleted: C:\Program Files (x86)\GUT5BD6.tmp (File)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Wed 12/14/2016 at 22:57:36.86
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  4. #4
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Did you allow AdwCleaner to remove what it found?



    Let's update Malwarebytes Anti-Malware and run a new scan.

    Open Malwarebytes Anti-Malware

    • On the Dashboard click on Update Now
    • Go to the Setting Tab
    • Under Setting go to Detection and Protection
    • Under PUP and PUM make sure both are set to show Treat Detections as Malware
    • Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked
    • Then on the Dashboard click on Scan
    • Make sure to select THREAT SCAN
    • Then click on Scan
    • Note: You may see the following message, "Could not load DDA driver". Click Yes, allow your PC to reboot and continue afterwards.
    • If threats are detected, click Remove Selected. If you are prompted to reboot, click Yes.
    • Upon completion of the scan (or after the reboot), click the History tab.
    • Click Application Logs, followed by the first Scan Log.
    • Click Export,followed by Copy to Clipboard. Paste the log in your next reply.


    How is your computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  5. #5
    Junior Member
    Join Date
    Dec 2016
    Posts
    5

    Default

    It seems like it is getting better. Thanks!

    Here is the log:

    Malwarebytes
    www.malwarebytes.com

    -Log Details-
    Scan Date: 12/15/16
    Scan Time: 8:45 AM
    Logfile:
    Administrator: Yes

    -Software Information-
    Version: 3.0.4.1269
    Components Version: 1.0.39
    Update Package Version: 1.0.746
    License: Trial

    -System Information-
    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: CINDY-PC\Cindy

    -Scan Summary-
    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 457665
    Time Elapsed: 7 min, 1 sec

    -Scan Options-
    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    -Scan Details-
    Process: 0
    (No malicious items detected)

    Module: 0
    (No malicious items detected)

    Registry Key: 4
    PUP.Optional.MeFeedia, HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\SETTINGS\{154D932F-DC51-4A4F-9D52-B78B1419D3B4}, Quarantined, [12474], [168190],1.0.746
    PUP.Optional.MeFeedia, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{154D932F-DC51-4A4F-9D52-B78B1419D3B4}, Quarantined, [12474], [168190],1.0.746
    PUP.Optional.MeFeedia, HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\EXT\STATS\{154D932F-DC51-4A4F-9D52-B78B1419D3B4}, Quarantined, [12474], [168190],1.0.746
    PUP.Optional.ConduitTB.Gen, HKU\S-1-5-21-4015324910-1557653689-3941867134-1001\SOFTWARE\GOOGLE\CHROME\NATIVEMESSAGINGHOSTS\nmhostct3299568, Quarantined, [13360], [186833],1.0.746

    Registry Value: 0
    (No malicious items detected)

    Data Stream: 0
    (No malicious items detected)

    Folder: 2
    PUP.Optional.Blekko, C:\USERS\CINDY\APPDATA\LOCALLOW\blekkotb_019, Quarantined, [8209], [181688],1.0.746
    PUP.Optional.ConduitTB.Gen, C:\USERS\CINDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KNX140LM.DEFAULT\CT3299568, Quarantined, [13360], [181765],1.0.746

    File: 4
    PUP.Optional.ConduitTB.Gen, C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\CT3299568\CT3299568.fullUserID, Quarantined, [13360], [181765],1.0.746
    PUP.Optional.ConduitTB.Gen, C:\Users\Cindy\AppData\Roaming\Mozilla\Firefox\Profiles\knx140lm.default\CT3299568\CT3299568.UserID, Quarantined, [13360], [181765],1.0.746
    PUP.Optional.SafeInstall, C:\USERS\CINDY\DESKTOP\MANUALDOWNLOAD.EXE, Quarantined, [3674], [77133],1.0.746
    PUP.Optional.ArcadeYum, C:\USERS\CINDY\APPDATA\ROAMING\MOZILLA\FIREFOX\PROFILES\KNX140LM.DEFAULT\EXTENSIONS\{C7928956-827D-4649-A234-BB758377C005}.XPI, Quarantined, [8200], [235580],1.0.746

    Physical Sector: 0
    (No malicious items detected)


    (end)

  6. #6
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Glad it's better now.

    Follow the instructions below to run a scan using the Emsisoft Emergency Kit.
    • Download the Emsisoft Emergency Kit and execute it.
      From there, click on the Extract button to extract the program in the EEK folder;
    • Once the extraction is complete, Emsisoft Emergency Kit will open, and suggest you to run an online update before using the program.

      Click on Yes to launch it.
    • After the update, click on Malware Scan under 2. Scan and accept to let Emsisoft Emergency Kit detect PUPs (click on Yes).
    • Once the scan is complete, make sure that every item in the list is checked, and click on Quarantine selected;
    • If it asks you for a reboot to delete some items, click on Ok to reboot automatically;
    • After the restart, click on the Start Emsisoft Emergency Kit icon again on your desktop to open it;
    • This time, click on Logs;
    • From there, go under the Quarantine Log tab, and click on the Export button;
    • Save the log on your desktop, then open it, and copy/paste its content in your next reply;
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  7. #7
    Junior Member
    Join Date
    Dec 2016
    Posts
    5

    Default

    Here is the log......not much there.

    Emsisoft Emergency Kit - Version 12.0
    Scan log

    Date Scan Method Objects Scanned Objects Detected Duration Type Computer Name
    12/16/2016 10:08:20 AM Malware 79591 1 0:12:31 Manual scan CINDY-PC

  8. #8
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Computer better now?, ready to remove tools and quarantine folders?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  9. #9
    Junior Member
    Join Date
    Dec 2016
    Posts
    5

    Default

    Yes it is running much better. I can't thank you enough!!

  10. #10
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    We're glad to help

    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:
    • Activate UAC
    • Remove disinfection tools
    • Click the Run button.
    • -- This will remove the specialized tools we used to disinfect your system.
      Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete
      ).

    *****************


    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg. CryptoWall), helping prevent the execution of malware.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secunia PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • Unchecky automatically removes checkmarks for bunlded software in programme installers; helping you avoid adware and PUPs.
    • Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •