Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

False Detection Banner Ads of Fix Windows Errors & Update Windows Drivers


  • This topic is locked This topic is locked
12 replies to this topic

#1 Caramello222

Caramello222

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:20 AM

Posted 05 April 2016 - 11:56 PM

Hp Pavilion 20-b313w All-In-One
Original OS: Windows 8(x64), Upgraded to Windows 8.1(x64), but I do have a folder "Program Files(x86)"

 

1) Infection date and initial symptoms: I think this started in February. My computer was infected, I hard a very hard time getting rid of it so i decided to nuke it. I did a recovery with the HP recovery set and then did a reset for extra reformatting. After that I did all updates for windows 8 upgraded again to 8.1  more updates everything worked fine, until I opened Microsoft Solitaire Collection. When I signed back into the app the option to sync all my other apps popped-up. When I clicked yes I thought it meant I wouldn't have to log into all my Xbox for PC apps individually and it would keep me logged in. I was wrong, it brought back and replaced almost everything I had on computer before the recovery and reset. Things like my desktop background and my favorites list in internet explorer and who knows what else. Then in the beginning of March I reinstalled "Magic Puzzles" app from the Windows Store App and one day I got a pop-up window stating my flash player is out of date click here to update. I closed the app through task manager because I know click windows like that closed can trigger a download. Unfortunately the third I got annoyed and clicked it closed. I never got the pop-up again but I started getting 'fix windows errors' or 'scan to fix windows errors, then 'you have 1 message', then 'click to update your windows drivers'. The variety and quantity of these banner ads keeps increasing and legitimate ads are appearing less. The other free apps I have don't show these banner ads, they don't show any ads the space is white and the commercials that are suppose to play in my Xbox for PC games don't load. It's like the fake ads have taken over the ad permissions in my apps.

 

2)  Current issues and symptoms: The problems I'm having with my computer are:
 a) It takes longer to boot along with apps, IE, and websites take longer to boot.
 b  Some images on webpages don't load they show a box with an x in it.
 c) The logo/image on some of the icons in IE favorites list are slowly disappearing and being replaced with the IE logo.
 d) Buffer overflow when trying to access Microsft's virus and malware protection site and Saftey scanner page. Links to pages don't exist or can't be found. I was given this link by advisor Broni  when I clicked it I got 'page not found' if you click it and get access to this page then for sure something is messing with my computer. Windows 8/8.1/10  users. Reset IE manually: https://support.microsoft.com/kb/923737?wa=wsignin1.0. If you would like to see what we worked on here is the link to that am I infected post http://www.bleepingcomputer.com/forums/t/608178/possible-rogue-malware/.
 e) I have recieved the following error message twice, once when I clicked the back button while on this site and the other when I refreshed a page on this site.
 "An error occured with the SQL server:
 This is not a problem with the IPS Community Suite but rather with your SQL server. Please contact your host and copy the message shown above.
 www bleepingcomputer com Driver Server Level Error."
 That error message happened after I started seeing "Update Your Windows Drivers" banner ads.
 f) Problems with vidoes on youtube and then I get a pop-up banner to click and find out why the video is messing up. I didn't click it. Also some videos had poorly loaded ads on the flash player screen, like the outline of overlapped boxes.
 g) Wireless mouse connection problems, lagging cursor when there is no over resource use by a process in task manager and process explorer.
 h) Sometimes the computer comes out of sleep right after I put it to sleep and i didn't touch anything.
 i) Websites stop responding frequently
 j) Sound problems: sounds effects that are suppose to be continuious have breaks in them, delayed sound effects, spikes and low sound effects.

 

3)  Steps taken in order to remove the infection: I ran a scan with MalwareBytes Anti-malware nothing was found. I also used SuperAnti-Spyware only some tracking cookies were found, but you can see those results below dated 3/11/16 and 3/15/16. After that I didn't try anything else on my own and I came here and posted in "Am I Infected" becuase I've been wrong about having malware on mycomputer before. I also wasn't sure if the ads were on my computer or if they were just coming through my internet connection. All the steps tried with Broni "( http://www.bleepingcomputer.com/forums/t/608178/possible-rogue-malware/.)". I recently took a look at this location C:\Users\Floretta\AppData\Local\Packages\XIMADINC.MagicPuzzles_np8fj6akx2czy\AC\INetCache\CXES3PDL. The AC folder shows there are 971 files in it and 100 folders but all of them are not visible. The CXES3PDL has 195 files and there are 3 other folders EZ7SZ0HQ 211 files, H5UTOZ0Z 204 files, and MCEFL0K4 205 files. There are other folders like an Anti-Phishing folder but that olny has 1 file in it. All of these folders have the images for the fake banner ads along with lots of pictures of people's facebook profile pics along with other files like java scripts. The app does use facebook as an option for people to download and share puzzles with other users, it's called "Best In The World". I have only downloaded about 10 pictures since the new feature was added, but the number of pictures I'm seeing is well over. It looks like the app cached all the owners of the pictures I browsed not just downloaded.C:\Users\Floretta\AppData\Local\Microsoft\Windows\INetCache has 5,072 files and 33 folders when I opened the InetCache only 208 files were visible out of the 5,072 files 33 folders. Those files were java scripts and favicon.ico. In the folder for Microsoft\Windows following the same path there are hidden folders with that have V01.chk, edb.chk, and edbres00001.jrs recovered file fragments.                                                                 
 

5)  What scan logs have you uploaded to this post?: 2 short SuperAnti-Spyware logs, FRST64 log, and Addition log.

 

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/11/2016 at 09:22 PM

Application Version : 6.0.1216
 Database Version : 12495

Scan type       : Quick Scan
 Total Scan Time : 00:02:06

Operating System Information
 Windows 8.1 Home 64-bit (Build 6.03.9600)
 UAC On - Administrator

Memory items scanned      : 699
 Memory threats detected   : 0
 Registry items scanned    : 41694
 Registry threats detected : 0
 File items scanned        : 8103
 File threats detected     : 10

Adware.Tracking Cookie
  C:\Users\Floretta\AppData\Local\Microsoft\Windows\INetCookies\Low\RQ3Q05ZQ.txtC:\Users\Floretta\AppData\Local\Microsoft\Windows\INetCookies\Low\RQ3Q05ZQ.txt [ /2129670914.log.optimizely.com ]
  C:\Users\Floretta\AppData\Local\Microsoft\Windows\INetCookies\Low\QFHRFZOE.txtC:\Users\Floretta\AppData\Local\Microsoft\Windows\INetCookies\Low\QFHRFZOE.txt [ /222980912.log.optimizely.com ]
  tapad.com/.TapAd_DID [ C:\USERS\FLORETTA\APPDATA\LOCAL\PACKAGES\MICROSOFT.MICROSOFTSOLITAIRECOLLECTION_8WEKYB3D8BBWE\AC\INETCOOKIES\CKN34BKX.TXT ]
  tapad.com/.TapAd_TS [ C:\USERS\FLORETTA\APPDATA\LOCAL\PACKAGES\MICROSOFT.MICROSOFTSOLITAIRECOLLECTION_8WEKYB3D8BBWE\AC\INETCOOKIES\CKN34BKX.TXT ]
  adsrvr.org/.TDID [ C:\USERS\FLORETTA\APPDATA\LOCAL\PACKAGES\MICROSOFT.MICROSOFTSOLITAIRECOLLECTION_8WEKYB3D8BBWE\AC\INETCOOKIES\LZCZ1434.TXT ]
  adsrvr.org/.TDCPM [ C:\USERS\FLORETTA\APPDATA\LOCAL\PACKAGES\MICROSOFT.MICROSOFTSOLITAIRECOLLECTION_8WEKYB3D8BBWE\AC\INETCOOKIES\LZCZ1434.TXT ]
  adsrvr.org/.TDID [ C:\USERS\FLORETTA\APPDATA\LOCAL\PACKAGES\MICROSOFT.TAPTILES_8WEKYB3D8BBWE\AC\INETCOOKIES\3KB5UJ71.TXT ]
  222980912.log.optimizely.com/.end_user_id [ C:\USERS\FLORETTA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\QFHRFZOE.TXT ]
  222980912.log.optimizely.com/.bucket_map [ C:\USERS\FLORETTA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\QFHRFZOE.TXT ]
  2129670914.log.optimizely.com/.end_user_id [ C:\USERS\FLORETTA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\RQ3Q05ZQ.TXT ]

============
  End of Log
 ============

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 03/15/2016 at 10:41 AM

Application Version : 6.0.1216
 Database Version : 12504

Scan type       : Complete Scan
 Total Scan Time : 00:30:02

Operating System Information
 Windows 8.1 Home 64-bit (Build 6.03.9600)
 UAC On - Limited User

Memory items scanned      : 700
 Memory threats detected   : 0
 Registry items scanned    : 60804
 Registry threats detected : 0
 File items scanned        : 27132
 File threats detected     : 17

Adware.Tracking Cookie
  adobe.tt.omtrdc.net/m2/adobe.mboxSession [ C:\USERS\FLORETTA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\5CK72E6V.TXT ]
  adobe.tt.omtrdc.net/m2/adobe.mboxPC [ C:\USERS\FLORETTA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\5CK72E6V.TXT ]
  vidstest2.d1.sc.omtrdc.net/.s_vi [ C:\USERS\FLORETTA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\AGSUM29L.TXT ]
  262855726.log.optimizely.com/.end_user_id [ C:\USERS\FLORETTA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\NX2QVH0N.TXT ]
  vidstest1.d1.sc.omtrdc.net/.s_vi [ C:\USERS\FLORETTA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\PBB3CPEJ.TXT ]
  vidstest3.d1.sc.omtrdc.net/.s_vi [ C:\USERS\FLORETTA\APPDATA\LOCAL\MICROSOFT\WINDOWS\INETCOOKIES\LOW\XEVSEZK8.TXT ]
  smaato.net/.SomaCookieUserId [ C:\USERS\FLORETTA\APPDATA\LOCAL\PACKAGES\XIMADINC.MAGICPUZZLES_NP8FJ6AKX2CZY\AC\INETCOOKIES\4RH3QEX3.TXT]
  w55c.net/.wfivefivec [ C:\USERS\FLORETTA\APPDATA\LOCAL\PACKAGES\XIMADINC.MAGICPUZZLES_NP8FJ6AKX2CZY\AC\INETCOOKIES\ABQAO9MQ.TXT ]
  adk2x.com/.ih [ C:\USERS\FLORETTA\APPDATA\LOCAL\PACKAGES\XIMADINC.MAGICPUZZLES_NP8FJ6AKX2CZY\AC\INETCOOKIES\NPKJXK4O.TXT ]
  adk2x.com/.lcri5m [ C:\USERS\FLORETTA\APPDATA\LOCAL\PACKAGES\XIMADINC.MAGICPUZZLES_NP8FJ6AKX2CZY\AC\INETCOOKIES\NPKJXK4O.TXT ]
  adk2x.com/.lcai9h [ C:\USERS\FLORETTA\APPDATA\LOCAL\PACKAGES\XIMADINC.MAGICPUZZLES_NP8FJ6AKX2CZY\AC\INETCOOKIES\NPKJXK4O.TXT ]
  adnxs.com/.sess [ C:\USERS\FLORETTA\APPDATA\LOCAL\PACKAGES\XIMADINC.MAGICPUZZLES_NP8FJ6AKX2CZY\AC\INETCOOKIES\TF0F1ZMV.TXT ]
  velis.adk2x.com/.tuuid [ C:\USERS\FLORETTA\APPDATA\LOCAL\PACKAGES\XIMADINC.MAGICPUZZLES_NP8FJ6AKX2CZY\AC\INETCOOKIES\VLAY6Q8Q.TXT ]
  tracking.4v4jfe79erfxfu8z8.com/.enc_aff_session_23807 [ C:\USERS\FLORETTA\APPDATA\LOCAL\PACKAGES\XIMADINC.MAGICPUZZLES_NP8FJ6AKX2CZY\AC\INETCOOKIES\VUP0EFGR.TXT ]
  tracking.4v4jfe79erfxfu8z8.com/.ho_mob [ C:\USERS\FLORETTA\APPDATA\LOCAL\PACKAGES\XIMADINC.MAGICPUZZLES_NP8FJ6AKX2CZY\AC\INETCOOKIES\VUP0EFGR.TXT ]
  adsrvr.org/.TDID [ C:\USERS\FLORETTA\APPDATA\LOCAL\PACKAGES\XIMADINC.MAGICPUZZLES_NP8FJ6AKX2CZY\AC\INETCOOKIES\YTBOVWJJ.TXT ]
  adsrvr.org/.TDCPM [ C:\USERS\FLORETTA\APPDATA\LOCAL\PACKAGES\XIMADINC.MAGICPUZZLES_NP8FJ6AKX2CZY\AC\INETCOOKIES\YTBOVWJJ.TXT ]

============
  End of Log
 ============
 

       FRST 64 Log

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
 Ran by Floretta (administrator) on LA-LA-LOOPSY (03-04-2016 10:02:24)
 Running from C:\Users\Floretta\Desktop
 Loaded Profiles: Floretta (Available Profiles: Floretta)
 Platform: Windows 8.1 (X64) Language: English (United States)
 Internet Explorer Version 11 (Default browser: IE)
 Boot Mode: Normal
 Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
 (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
 (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
 (Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
 (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
 (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
 (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
 (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
 (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
 (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
 (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
 (Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
 (AMD) C:\Windows\System32\atieclxx.exe
 (CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
 (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
 (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
 (Sysinternals - www.sysinternals.com) C:\Users\Floretta\Downloads\SysinternalsSuite\procexp.exe
 (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
 (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
 (Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
 (Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
 (ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
 (Sysinternals - www.sysinternals.com) C:\Users\Floretta\AppData\Local\Temp\PROCEXP64.exe
 (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
 (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7198424 2013-08-29] (Realtek Semiconductor)
 HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
 HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2622432 2016-01-29] (Malwarebytes Corporation)
 HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\Policies\system: [DisableLockWorkstation] 0
 ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
 ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
 ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
 ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
 ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
 ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
 Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
 Tcpip\..\Interfaces\{96EAF80F-02C7-4E9A-8702-EF5FA9789DD5}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
 ==================
 HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
 HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
 HKU\S-1-5-21-2603647047-4195809022-826204347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
 SearchScopes: HKU\S-1-5-21-2603647047-4195809022-826204347-1001 -> {3CB12E97-BDDF-4488-8C61-217335DD319F} URL =
 BHO: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery64.dll [2015-10-30] (Ghostery, Inc.)
 BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
 BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
 BHO-x32: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery.dll [2015-10-30] (Ghostery, Inc.)
 BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company)
 BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
 Toolbar: HKU\S-1-5-21-2603647047-4195809022-826204347-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

FireFox:
 ========
 FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
 R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-27] (CyberLink)
 R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-27] (CyberLink)
 R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
 R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-01-29] (Malwarebytes Corporation)
 S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
 R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-29] (Realtek Semiconductor)
 R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-02-21] (Microsoft Corporation)
 R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-02-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.)
 R0 C9294A81; C:\Windows\System32\drivers\C9294A81.sys [478392 2016-02-23] (Kaspersky Lab ZAO)
 R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
 S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
 R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-01-29] ()
 R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
 S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
 R1 MpKslbe97aaf5; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FAFA3844-B886-495E-98F2-F408B5D74B40}\MpKslbe97aaf5.sys [44928 2016-04-03] (Microsoft Corporation)
 R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-08] (Realtek Semiconductor Corp.)
 R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
 S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2016-02-21] (Microsoft Corporation)
 R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2016-02-21] (Microsoft Corporation)
 R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2016-02-21] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-02 12:45 - 2016-03-24 14:19 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
 2016-04-02 12:45 - 2016-03-24 09:20 - 01385472 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
 2016-04-02 12:45 - 2016-03-24 09:20 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
 2016-04-02 12:45 - 2016-03-24 09:20 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
 2016-04-02 12:45 - 2016-03-24 09:20 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
 2016-04-02 12:45 - 2016-03-24 09:20 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
 2016-04-02 12:45 - 2016-03-24 09:20 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
 2016-04-02 12:45 - 2016-03-24 09:20 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
 2016-04-01 18:29 - 2016-04-01 18:29 - 00659968 _____ C:\Users\Floretta\Desktop\MicrosoftFixit50195.msi
 2016-03-25 14:37 - 2016-02-08 21:31 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
 2016-03-25 14:37 - 2016-02-08 21:31 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
 2016-03-25 14:37 - 2016-02-08 21:31 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
 2016-03-25 14:37 - 2016-02-08 21:31 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
 2016-03-25 14:37 - 2016-02-08 21:31 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
 2016-03-25 14:37 - 2016-02-08 16:55 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
 2016-03-25 14:37 - 2016-02-08 16:15 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
 2016-03-25 14:37 - 2016-02-08 16:02 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
 2016-03-25 14:37 - 2016-02-08 15:48 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
 2016-03-25 14:37 - 2016-02-08 15:43 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
 2016-03-25 14:37 - 2016-02-08 15:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
 2016-03-25 14:37 - 2016-02-08 15:39 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
 2016-03-25 14:37 - 2016-02-08 15:37 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
 2016-03-25 14:37 - 2016-02-08 15:35 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
 2016-03-25 14:37 - 2016-02-08 15:34 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
 2016-03-25 14:37 - 2016-02-08 15:33 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
 2016-03-25 14:37 - 2016-02-08 14:50 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
 2016-03-25 14:37 - 2016-02-08 13:55 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
 2016-03-25 14:37 - 2016-02-08 13:33 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
 2016-03-25 14:37 - 2016-02-08 13:12 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
 2016-03-25 14:37 - 2016-02-08 13:02 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
 2016-03-25 14:37 - 2016-02-08 13:00 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
 2016-03-25 14:37 - 2016-02-08 12:58 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
 2016-03-25 14:37 - 2016-02-08 12:55 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
 2016-03-25 14:37 - 2016-02-08 12:53 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
 2016-03-25 14:37 - 2016-02-08 12:53 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
 2016-03-25 14:37 - 2016-02-08 12:50 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
 2016-03-25 14:37 - 2016-02-08 12:50 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
 2016-03-25 14:37 - 2016-02-08 12:48 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
 2016-03-25 14:37 - 2016-02-08 12:47 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
 2016-03-25 14:37 - 2016-02-08 12:44 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
 2016-03-25 14:37 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
 2016-03-25 14:37 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
 2016-03-25 14:37 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
 2016-03-25 14:37 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
 2016-03-25 14:37 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
 2016-03-25 14:37 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
 2016-03-25 14:37 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
 2016-03-25 14:37 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
 2016-03-25 14:37 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
 2016-03-25 14:37 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
 2016-03-25 14:37 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
 2016-03-25 14:37 - 2016-01-31 15:17 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
 2016-03-25 14:37 - 2016-01-31 14:07 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
 2016-03-25 14:37 - 2016-01-31 13:42 - 03320832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
 2016-03-25 14:37 - 2016-01-31 13:14 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
 2016-03-25 14:37 - 2016-01-31 12:24 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
 2016-03-25 14:37 - 2016-01-31 12:20 - 02464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
 2016-03-25 14:37 - 2016-01-27 11:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
 2016-03-25 14:37 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
 2016-03-25 14:37 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
 2016-03-25 14:36 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
 2016-03-25 14:36 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
 2016-03-25 14:36 - 2016-01-26 15:15 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
 2016-03-25 14:36 - 2016-01-20 18:40 - 00099672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
 2016-03-25 14:35 - 2016-02-11 16:17 - 07452504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
 2016-03-25 14:35 - 2016-02-11 16:17 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
 2016-03-25 14:35 - 2016-02-11 16:17 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
 2016-03-25 14:35 - 2016-02-11 16:17 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
 2016-03-25 14:35 - 2016-02-11 16:17 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
 2016-03-25 14:35 - 2016-02-11 16:17 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
 2016-03-25 14:35 - 2016-02-11 16:16 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
 2016-03-25 14:35 - 2016-02-09 14:07 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
 2016-03-25 14:35 - 2016-02-05 15:07 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
 2016-03-25 14:35 - 2016-02-05 11:11 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
 2016-03-25 14:35 - 2016-02-05 11:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
 2016-03-25 14:35 - 2016-02-05 11:07 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
 2016-03-25 14:35 - 2016-02-05 11:02 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
 2016-03-25 14:35 - 2016-02-04 14:07 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
 2016-03-25 14:35 - 2016-02-04 13:35 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
 2016-03-25 14:35 - 2016-02-04 12:23 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
 2016-03-25 14:35 - 2016-02-04 12:22 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
 2016-03-25 14:35 - 2016-02-02 13:18 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
 2016-03-25 14:35 - 2016-01-31 13:17 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
 2016-03-25 14:35 - 2016-01-22 01:22 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
 2016-03-25 14:35 - 2016-01-22 01:11 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
 2016-03-25 14:34 - 2016-02-06 19:05 - 00551256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
 2016-03-25 14:34 - 2016-02-06 18:41 - 00316760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
 2016-03-24 11:46 - 2016-04-02 20:52 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BDADF9B0-88BA-41BD-8204-565C50CF7FD6}
 2016-03-21 23:24 - 2016-03-21 23:40 - 00003045 _____ C:\Users\Floretta\Desktop\BroniReply3.txt
 2016-03-21 23:23 - 2016-03-21 23:23 - 00788992 _____ C:\Users\Floretta\Desktop\delfix_1.012.exe
 2016-03-20 01:22 - 2016-03-20 01:22 - 00000000 ____D C:\ProgramData\Sophos
 2016-03-20 01:20 - 2016-03-20 01:20 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
 2016-03-20 01:20 - 2016-03-20 01:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
 2016-03-20 01:20 - 2016-03-20 01:20 - 00000000 ____D C:\Program Files (x86)\Sophos
 2016-03-20 01:15 - 2016-03-20 01:15 - 00000818 _____ C:\Users\Floretta\Desktop\JRT.txt
 2016-03-20 01:01 - 2016-03-20 01:01 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
 2016-03-20 00:44 - 2016-03-20 00:45 - 145314856 _____ (Sophos Limited) C:\Users\Floretta\Desktop\Sophos Virus Removal Tool.exe
 2016-03-20 00:43 - 2016-03-20 00:43 - 01610352 _____ (Malwarebytes) C:\Users\Floretta\Desktop\JRT.exe
 2016-03-20 00:42 - 2016-03-20 00:42 - 01527296 _____ C:\Users\Floretta\Desktop\adwcleaner_5.102.exe
 2016-03-20 00:40 - 2016-03-20 00:40 - 00001981 _____ C:\Users\Floretta\Desktop\BroniReply2.txt
 2016-03-20 00:38 - 2016-03-20 00:38 - 00448512 _____ (OldTimer Tools) C:\Users\Floretta\Desktop\TFC.exe
 2016-03-19 12:49 - 2016-03-19 12:49 - 00003356 _____ C:\Users\Floretta\Desktop\Rkill.txt
 2016-03-19 12:16 - 2016-03-19 12:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
 2016-03-19 12:10 - 2016-03-19 12:46 - 00000000 ____D C:\Users\Floretta\Desktop\mbar
 2016-03-19 11:07 - 2016-03-19 11:07 - 00001050 _____ C:\Users\Floretta\Desktop\BMBS3-19-16.txt
 2016-03-19 10:07 - 2016-03-19 10:08 - 00030721 _____ C:\Users\Floretta\Desktop\MTB.txt
 2016-03-19 10:00 - 2016-03-19 10:00 - 00002688 _____ C:\Users\Floretta\Desktop\FSS.txt
 2016-03-18 21:44 - 2016-03-18 21:44 - 00006426 _____ C:\Users\Floretta\Desktop\BroniReply1.txt
 2016-03-18 21:26 - 2016-03-18 21:26 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Floretta\Desktop\iExplore.exe
 2016-03-18 21:13 - 2016-03-18 21:13 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Floretta\Desktop\mbar-1.09.3.1001.exe
 2016-03-18 00:05 - 2016-03-18 00:05 - 00891392 _____ (Farbar) C:\Users\Floretta\Desktop\MiniToolBox.exe
 2016-03-17 23:39 - 2016-03-17 23:39 - 00899584 _____ (Farbar) C:\Users\Floretta\Desktop\FSS.exe
 2016-03-17 23:24 - 2016-03-17 23:24 - 00852798 _____ C:\Users\Floretta\Desktop\SecurityCheck.exe
 2016-03-15 12:44 - 2016-03-16 22:42 - 00001702 _____ C:\Users\Floretta\Desktop\123.txt
 2016-03-15 10:56 - 2016-03-15 10:59 - 00002826 _____ C:\Users\Floretta\Desktop\SUPERAntiSpyware Scan Log - 03-15-2016 - 10-41-26.log2.txt
 2016-03-15 00:36 - 2016-03-15 00:36 - 00001118 _____ C:\Users\Floretta\Desktop\SysinternalsSuite - Shortcut.lnk
 2016-03-14 21:54 - 2016-04-01 00:05 - 00000245 _____ C:\Users\Floretta\Desktop\Search.txt
 2016-03-12 11:10 - 2016-03-19 12:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
 2016-03-12 11:09 - 2016-03-19 12:13 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
 2016-03-12 11:09 - 2016-03-12 11:09 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
 2016-03-12 11:09 - 2016-03-12 11:09 - 00000000 ____D C:\ProgramData\Malwarebytes
 2016-03-12 11:09 - 2016-03-12 11:09 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
 2016-03-12 11:09 - 2015-10-05 10:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
 2016-03-12 11:09 - 2015-10-05 10:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
 2016-03-12 11:08 - 2016-03-12 11:08 - 22908888 _____ (Malwarebytes ) C:\Users\Floretta\Desktop\mbam-setup-2.2.0.1024.exe
 2016-03-11 22:20 - 2016-03-11 22:20 - 00000000 ____D C:\Users\Floretta\AppData\Roaming\SUPERAntiSpyware.com
 2016-03-11 22:19 - 2016-03-11 22:19 - 00001827 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
 2016-03-11 22:19 - 2016-03-11 22:19 - 00000000 ____D C:\ProgramData\SUPERSetup
 2016-03-11 22:19 - 2016-03-11 22:19 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
 2016-03-11 22:19 - 2016-03-11 22:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
 2016-03-11 22:19 - 2016-03-11 22:19 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
 2016-03-11 22:18 - 2016-03-11 22:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UVK - Ultra Virus Killer
 2016-03-10 01:31 - 2016-04-02 12:46 - 00000000 ____D C:\WINDOWS\system32\appraiser
 2016-03-09 11:59 - 2016-02-08 17:05 - 20352512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
 2016-03-09 11:59 - 2016-02-08 16:39 - 00496640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
 2016-03-09 11:59 - 2016-02-08 16:34 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
 2016-03-09 11:59 - 2016-02-08 16:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
 2016-03-09 11:59 - 2016-02-08 16:28 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
 2016-03-09 11:59 - 2016-02-08 16:10 - 04611072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
 2016-03-09 11:59 - 2016-02-08 16:07 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
 2016-03-09 11:59 - 2016-02-08 16:05 - 25816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
 2016-03-09 11:59 - 2016-02-08 16:03 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll
 2016-03-09 11:59 - 2016-02-08 16:02 - 13012480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
 2016-03-09 11:59 - 2016-02-08 16:02 - 00687104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
 2016-03-09 11:59 - 2016-02-08 16:01 - 02050560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
 2016-03-09 11:59 - 2016-02-08 15:43 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
 2016-03-09 11:59 - 2016-02-08 15:39 - 01311744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
 2016-03-09 11:59 - 2016-02-08 15:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
 2016-03-09 11:59 - 2016-02-08 14:27 - 02887680 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
 2016-03-09 11:59 - 2016-02-08 14:26 - 00571904 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
 2016-03-09 11:59 - 2016-02-08 14:16 - 06052352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
 2016-03-09 11:59 - 2016-02-08 14:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
 2016-03-09 11:59 - 2016-02-08 14:13 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
 2016-03-09 11:59 - 2016-02-08 13:51 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll
 2016-03-09 11:59 - 2016-02-08 13:42 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
 2016-03-09 11:59 - 2016-02-08 13:37 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll
 2016-03-09 11:59 - 2016-02-08 13:34 - 00798720 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
 2016-03-09 11:59 - 2016-02-08 13:33 - 14613504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
 2016-03-09 11:59 - 2016-02-08 13:33 - 02123264 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
 2016-03-09 11:59 - 2016-02-08 13:19 - 02597376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
 2016-03-09 11:59 - 2016-02-08 13:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
 2016-03-09 11:59 - 2016-02-08 13:07 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
 2016-03-09 11:59 - 2016-02-08 12:55 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
 2016-03-09 11:59 - 2015-11-09 19:36 - 00325632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
 2016-03-09 11:59 - 2015-11-08 17:16 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
 2016-03-09 11:59 - 2015-11-08 17:15 - 00718336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
 2016-03-09 11:58 - 2016-02-12 11:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
 2016-03-09 11:58 - 2016-02-12 10:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
 2016-03-09 11:58 - 2016-02-11 10:21 - 00869576 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcr120_clr0400.dll
 2016-03-09 11:58 - 2016-02-11 10:21 - 00678600 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvcp120_clr0400.dll
 2016-03-09 11:58 - 2016-02-11 10:20 - 00875720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr120_clr0400.dll
 2016-03-09 11:58 - 2016-02-11 10:20 - 00536776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp120_clr0400.dll
 2016-03-09 11:58 - 2016-02-06 12:58 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
 2016-03-09 11:58 - 2016-02-06 12:32 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
 2016-03-09 11:58 - 2016-02-05 10:59 - 07784960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
 2016-03-09 11:58 - 2016-02-05 10:55 - 05264384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
 2016-03-09 11:58 - 2016-02-05 10:48 - 07075840 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll
 2016-03-09 11:58 - 2016-02-05 10:47 - 05268480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll
 2016-03-09 11:57 - 2016-02-12 15:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
 2016-03-09 11:57 - 2016-02-12 10:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll
 2016-03-09 11:57 - 2016-02-12 10:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll
 2016-03-09 11:57 - 2016-02-12 10:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll
 2016-03-09 11:57 - 2016-02-12 10:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe
 2016-03-09 11:57 - 2016-02-12 10:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll
 2016-03-09 11:57 - 2016-02-12 10:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll
 2016-03-09 11:57 - 2016-02-12 10:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe
 2016-03-09 11:57 - 2016-02-12 10:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll
 2016-03-09 11:57 - 2016-02-12 10:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
 2016-03-09 11:57 - 2016-02-06 14:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
 2016-03-09 11:57 - 2016-02-05 15:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL
 2016-03-09 11:57 - 2016-02-05 15:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL
 2016-03-09 11:57 - 2016-02-05 11:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
 2016-03-09 11:57 - 2016-02-05 11:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
 2016-03-09 11:57 - 2016-02-04 14:18 - 04174336 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
 2016-03-09 11:57 - 2016-02-04 14:18 - 00358912 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
 2016-03-09 11:57 - 2016-02-04 14:12 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
 2016-03-09 11:57 - 2016-02-04 13:44 - 00301568 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
 2016-03-09 11:57 - 2016-02-04 13:39 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
 2016-03-09 11:57 - 2016-02-04 13:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
 2016-03-09 11:57 - 2016-02-04 13:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
 2016-03-09 11:57 - 2016-02-03 16:37 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
 2016-03-09 11:57 - 2016-02-03 16:36 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
 2016-03-09 11:57 - 2016-02-03 11:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
 2016-03-09 11:57 - 2016-02-03 11:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
 2016-03-09 11:57 - 2016-02-03 11:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
 2016-03-09 11:57 - 2016-01-31 15:16 - 00148832 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-03 10:02 - 2016-02-24 18:02 - 00009643 _____ C:\Users\Floretta\Desktop\FRST.txt
 2016-04-03 10:02 - 2016-02-24 18:00 - 00000000 ____D C:\FRST
 2016-04-03 09:43 - 2016-02-21 19:51 - 00000000 ____D C:\Users\Floretta\AppData\LocalLow\Adblock Plus for IE
 2016-04-03 09:33 - 2016-02-22 20:43 - 00000000 ____D C:\Users\Floretta\OneDrive
 2016-04-03 03:28 - 2016-02-20 21:43 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
 2016-04-02 17:56 - 2014-11-21 04:44 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
 2016-04-02 17:56 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
 2016-04-02 17:52 - 2016-02-20 12:18 - 00000370 _____ C:\WINDOWS\Tasks\HPCeeScheduleForFloretta.job
 2016-04-02 17:52 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
 2016-04-02 17:51 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
 2016-04-02 16:48 - 2016-02-21 16:47 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
 2016-04-02 14:40 - 2016-02-20 12:18 - 00003190 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForFloretta
 2016-04-02 12:45 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
 2016-04-02 12:43 - 2016-02-19 13:00 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2603647047-4195809022-826204347-1001
 2016-04-01 23:20 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
 2016-04-01 23:20 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
 2016-03-30 11:04 - 2016-02-26 15:31 - 00000000 ____D C:\Users\Floretta\AppData\Local\ElevatedDiagnostics
 2016-03-26 17:43 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
 2016-03-25 14:42 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
 2016-03-21 00:01 - 2016-02-18 20:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
 2016-03-15 23:00 - 2016-02-19 02:17 - 00000000 ____D C:\Users\Floretta\AppData\Local\Packages
 2016-03-15 11:55 - 2016-02-24 18:01 - 00005886 _____ C:\Users\Floretta\Desktop\AdBlock.txt
 2016-03-15 00:37 - 2016-02-22 22:08 - 00000000 ____D C:\Users\Floretta\Downloads\SysinternalsSuite
 2016-03-12 23:33 - 2016-02-23 11:36 - 00000000 ____D C:\Users\Floretta\AppData\LocalLow\Ghostery
 2016-03-11 22:30 - 2016-02-21 20:41 - 00000000 ____D C:\Program Files\UVK - Ultra Virus Killer
 2016-03-11 22:23 - 2016-02-21 20:41 - 00000000 ____D C:\ProgramData\UVK
 2016-03-11 22:18 - 2016-02-23 11:29 - 00001825 _____ C:\Users\Public\Desktop\UVK - Ultra Virus Killer.lnk
 2016-03-11 22:18 - 2016-02-23 11:28 - 06330656 _____ (Carifred) C:\Users\Floretta\Downloads\UVKSetup.exe
 2016-03-10 12:56 - 2013-08-22 10:44 - 00351024 _____ C:\WINDOWS\system32\FNTCACHE.DAT
 2016-03-10 01:31 - 2014-11-21 11:56 - 00000000 ___SD C:\WINDOWS\system32\CompatTel
 2016-03-09 13:00 - 2016-02-19 17:27 - 00000000 ____D C:\WINDOWS\system32\MRT
 2016-03-09 12:55 - 2016-02-19 17:27 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 2016-03-08 12:45 - 2016-02-18 20:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Communication and Chat
 2016-03-08 03:00 - 2014-11-21 12:03 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
 2016-03-08 03:00 - 2014-11-21 12:03 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 2016-03-06 00:36 - 2016-02-20 16:03 - 00000000 ____D C:\WINDOWS\Hewlett-Packard
 2016-03-06 00:36 - 2013-04-10 15:20 - 00000000 ____D C:\SWSETUP

Some files in TEMP:
 ====================
 C:\Users\Floretta\AppData\Local\Temp\PROCEXP64.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
 C:\WINDOWS\system32\wininit.exe => File is digitally signed
 C:\WINDOWS\explorer.exe => File is digitally signed
 C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
 C:\WINDOWS\system32\svchost.exe => File is digitally signed
 C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
 C:\WINDOWS\system32\services.exe => File is digitally signed
 C:\WINDOWS\system32\User32.dll => File is digitally signed
 C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
 C:\WINDOWS\system32\userinit.exe => File is digitally signed
 C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
 C:\WINDOWS\system32\rpcss.dll => File is digitally signed
 C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
 C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
 C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-30 11:03

==================== End of FRST.txt ============================

 

 

      ADDITION Log

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-02-2016
 Ran by Floretta (2016-04-03 10:03:52)
 Running from C:\Users\Floretta\Desktop
 Windows 8.1 (X64) (2016-02-21 02:19:22)
 Boot Mode: Normal
 ==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2603647047-4195809022-826204347-500 - Administrator - Disabled)
 Floretta (S-1-5-21-2603647047-4195809022-826204347-1001 - Administrator - Enabled) => C:\Users\Floretta
 Guest (S-1-5-21-2603647047-4195809022-826204347-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
 Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
 AMD Catalyst Install Manager (HKLM\...\{EE691BD9-2B2C-6BFB-6389-ABAF5AD2A4A1}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
 Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
 CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
 CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
 Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
 CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
 CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.)
 CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3324 - CyberLink Corp.)
 CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
 D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
 Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
 Ghostery (HKLM-x32\...\Ghostery) (Version:  - Ghostery Inc)
 Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
 HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
 HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
 HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.2.8.25 - HP)
 HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
 HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.2.8.17 - HP)
 Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
 Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
 Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
 Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
 Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
 Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
 Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
 Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
 Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
 Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
 Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
 Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
 Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
 Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
 Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
 Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)
 Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
 Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
 Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
 Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
 SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
 UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 7.7.1.0 - Carifred)
 Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18806627-8CE6-499B-9CF5-F5D5A16906CB} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
 Task: {32C784FC-5AD7-4526-BBC2-A6A9B7548996} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)
 Task: {3CA45824-207F-42F8-BE97-099660955587} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
 Task: {3DF80964-35F7-4697-84CC-0244DEEB244E} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
 Task: {5E307BD3-BC4B-4CC2-8B6E-7467FE641670} - System32\Tasks\Process Explorer-LA-LA-LOOPSY-Floretta => C:\USERS\FLORETTA\DOWNLOADS\SYSINTERNALSSUITE\PROCEXP.EXE [2016-02-22] (Sysinternals - www.sysinternals.com)
 Task: {5FE69A11-0080-47A5-BED8-24EDD227F5E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
 Task: {6B1E51D7-C65A-41F0-9FAB-07176299F073} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-03-11] (Hewlett-Packard)
 Task: {72074DEE-82DD-4F20-ADF2-5B9961605ADA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
 Task: {75BBA35F-DBF2-443C-8F13-8188579837B0} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
 Task: {989D6825-22E6-4BA2-B4E6-07815CE10D6E} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
 Task: {B91CCE10-A5CE-48EF-90A8-37865ABCC3C4} - System32\Tasks\HPCeeScheduleForFloretta => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
 Task: {C6BA010A-5359-45E1-A803-5471AA02995F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
 Task: {E4603991-7CE7-4146-9253-0E1C1541AB4B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
 Task: {F02361E8-71AA-4664-AD33-E28922CC6953} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\WSCStub.exe
 Task: {F135F9A2-D4A9-40F5-88B9-06FA0A2D6001} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)
 Task: {F2DB8692-FC88-48E8-87D5-AEBE9D32B59E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForFloretta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-02-18 20:07 - 2013-03-12 10:51 - 00626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
 2013-03-13 02:53 - 2013-03-13 02:53 - 00015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\C9294A81.sys => ""="Driver"
 HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\C9294A81.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\microsoft.com -> hxxps://support.microsoft.com
 IE restricted site: HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\ppjol.net -> hxxp://s.ppjol.net

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-03-15 12:47 - 00508413 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
 0.0.0.0 m.fr.a2dfp.net
 0.0.0.0 mfr.a2dfp.net
 0.0.0.0 ad.a8.net
 0.0.0.0 asy.a8ww.net
 0.0.0.0 static.a-ads.com
 0.0.0.0 atlas.aamedia.ro
 0.0.0.0 abcstats.com
 0.0.0.0 ad4.abradio.cz
 0.0.0.0 a.abv.bg
 0.0.0.0 adserver.abv.bg
 0.0.0.0 adv.abv.bg
 0.0.0.0 bimg.abv.bg
 0.0.0.0 ca.abv.bg
 0.0.0.0 track.acclaimnetwork.com
 0.0.0.0 accuserveadsystem.com
 0.0.0.0 www.accuserveadsystem.com
 0.0.0.0 achmedia.com
 0.0.0.0 csh.actiondesk.com
 0.0.0.0 ads.activepower.net
 0.0.0.0 app.activetrail.com
 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
 0.0.0.0 traffic.acwebconnecting.com
 0.0.0.0 office.ad1.ru
 0.0.0.0 cms.ad2click.nl
 0.0.0.0 ad2games.com
 0.0.0.0 ads.ad2games.com
 0.0.0.0 content.ad20.net
 0.0.0.0 core.ad20.net
 0.0.0.0 banner.ad.nu

There are 12091 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2603647047-4195809022-826204347-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\HP\HP_No_Smoke_Without_Fire.jpg
 DNS Servers: 75.114.81.1 - 75.114.81.2
 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
 Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
 FirewallRules: [{137E5125-6324-4735-B4C4-999E98C6A78F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
 FirewallRules: [{2AAB140D-AA0B-4FF2-8792-6BDBAC0935C7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
 FirewallRules: [{F2CF8C92-75F1-4D65-B9AD-B63EEC4873C2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
 FirewallRules: [{8DA219C1-ABDB-4A54-B313-CA52D3A75680}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
 FirewallRules: [{57D3D61A-3E2A-4C3B-9D86-7402DC023803}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
 FirewallRules: [{BBE25CA3-364A-4585-B20E-7292E1569157}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
 FirewallRules: [{B227A311-0C2C-4155-B489-AB4893B75870}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
 FirewallRules: [{72366FDF-12B9-46CF-AD28-25F93ECA2CB8}] => (Allow) C:\Users\Floretta\AppData\Local\Temp\7zS730.tmp\SymNRT.exe
 FirewallRules: [{87AD3D94-A2B6-4067-A0B3-13ECD117F326}] => (Allow) C:\Users\Floretta\AppData\Local\Temp\7zS730.tmp\SymNRT.exe
 FirewallRules: [{2A38D071-503C-43DF-9092-7C8C21BA97BA}] => (Allow) C:\Users\Floretta\AppData\Local\Temp\7zS613E.tmp\SymNRT.exe
 FirewallRules: [{66AE5B05-4E48-419E-809A-2A427D35D894}] => (Allow) C:\Users\Floretta\AppData\Local\Temp\7zS613E.tmp\SymNRT.exe
 FirewallRules: [{A053C77E-D4B5-43E9-81CC-49561CF33627}] => (Allow) LPort=1900
 FirewallRules: [{0A9AE4FD-76E2-4F26-AA5F-6CFA69C65FA9}] => (Allow) LPort=2869
 FirewallRules: [{B438FC32-FD19-4479-8C1F-D6237F020252}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
 FirewallRules: [{A2B4AFAB-321F-414F-9C1A-AA3B9EF75521}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
 FirewallRules: [{04EFC315-78DC-4AB7-9FB5-A1877779EC32}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
 FirewallRules: [{CDE4800B-3056-4E36-8C15-AD77B001E07F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
 FirewallRules: [{79F5ADC9-C5E5-4135-AEF8-DB5AF68FA187}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
 FirewallRules: [{0CDE195F-6BA6-4B5C-BCD2-6F3E134FAD00}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
 FirewallRules: [{B3802CAC-3E49-4899-BDB0-51EE17A54BAD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
 FirewallRules: [{527D1A1F-9F05-41B1-9BED-070C640C3143}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
 FirewallRules: [{69358BAF-CA5A-4F21-A462-854DF705E503}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
 FirewallRules: [{2B2A76CE-B6CA-4071-A983-A14A5B46B6B5}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe

==================== Restore Points =========================

11-03-2016 22:27:17 Ultra Adware Killer adware removal
 20-03-2016 00:20:41 Scheduled Checkpoint
 20-03-2016 01:14:11 JRT Pre-Junkware Removal
 25-03-2016 12:19:18 Windows Update
 02-04-2016 12:45:15 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
 ==================
 Error: (04/03/2016 09:38:33 AM) (Source: Perflib) (EventID: 1008) (User: )
 Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/02/2016 04:39:34 PM) (Source: Application Hang) (EventID: 1002) (User: )
 Description: The program Solitaire.exe version 1.0.0.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1af4

Start Time: 01d18d0db0acdf3e

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.MicrosoftSolitaireCollection_2.7.1508.1402_x86__8wekyb3d8bbwe\Solitaire.exe

Report Id: dca07eb5-f912-11e5-be9d-54bef7330c70

Faulting package full name: Microsoft.MicrosoftSolitaireCollection_2.7.1508.1402_x86__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (04/02/2016 04:38:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LA-LA-LOOPSY)
 Description: Package Microsoft.MicrosoftSolitaireCollection_2.7.1508.1402_x86__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (04/01/2016 06:31:23 PM) (Source: MsiInstaller) (EventID: 10005) (User: LA-LA-LOOPSY)
 Description: Product: Microsoft Fix it 50195 -- This Microsoft Fix it does not apply to your operating system or application version.

Error: (04/01/2016 06:27:29 PM) (Source: Perflib) (EventID: 1008) (User: )
 Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/31/2016 08:17:27 PM) (Source: Application Hang) (EventID: 1002) (User: )
 Description: The program IEXPLORE.EXE version 11.0.9600.18124 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 22f4

Start Time: 01d18bab5f232ac0

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE

Report Id: 1953c6cd-f79f-11e5-be9b-54bef7330c70

Faulting package full name:

Faulting package-relative application ID:

Error: (03/30/2016 10:47:50 AM) (Source: Application Error) (EventID: 1000) (User: )
 Description: Faulting application name: IEXPLORE.EXE, version: 11.0.9600.18124, time stamp: 0x5641278d
 Faulting module name: AdblockPlus32.dll, version: 1.5.0.0, time stamp: 0x56017e35
 Exception code: 0xc0000005
 Fault offset: 0x00013b86
 Faulting process id: 0x1244
 Faulting application start time: 0xIEXPLORE.EXE0
 Faulting application path: IEXPLORE.EXE1
 Faulting module path: IEXPLORE.EXE2
 Report Id: IEXPLORE.EXE3
 Faulting package full name: IEXPLORE.EXE4
 Faulting package-relative application ID: IEXPLORE.EXE5

Error: (03/30/2016 08:32:40 AM) (Source: Application Hang) (EventID: 1002) (User: )
 Description: The program iexplore.exe version 11.0.9600.18123 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: afc

Start Time: 01d18a7fe3b5efab

Termination Time: 147

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 7d356ae9-f673-11e5-be9b-54bef7330c70

Faulting package full name:

Faulting package-relative application ID:

Error: (03/30/2016 08:30:03 AM) (Source: Application Hang) (EventID: 1002) (User: )
 Description: The program iexplore.exe version 11.0.9600.18123 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 830

Start Time: 01d18a7f795770d2

Termination Time: 71

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 1ecf7ec0-f673-11e5-be9b-54bef7330c70

Faulting package full name:

Faulting package-relative application ID:

Error: (03/29/2016 10:35:59 PM) (Source: Perflib) (EventID: 1008) (User: )
 Description: BITSC:\Windows\System32\bitsperf.dll8

System errors:
 =============
 Error: (04/03/2016 03:27:54 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
 Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (04/02/2016 10:31:30 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
 Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 2 time(s).

Error: (04/02/2016 06:30:32 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
 Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/02/2016 04:25:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
 Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 2 time(s).

Error: (04/02/2016 01:19:20 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
 Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/02/2016 12:46:39 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
 Description: The Windows Update service did not shut down properly after receiving a preshutdown control.

Error: (04/02/2016 12:09:46 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
 Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (04/01/2016 10:33:41 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
 Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 2 time(s).

Error: (04/01/2016 07:14:04 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
 Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (04/01/2016 05:40:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
 Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 17 time(s).

CodeIntegrity:
 ===================================
   Date: 2016-03-20 01:02:22.209
   Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-20 01:02:21.318
   Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-20 00:39:53.112
   Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-20 00:39:52.394
   Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-18 21:27:45.817
   Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-18 21:27:45.114
   Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-18 00:05:51.568
   Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-18 00:05:50.881
   Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-17 23:40:26.511
   Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-17 23:40:25.839
   Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD E1-2500 APU with Radeon™ HD Graphics
 Percentage of memory in use: 27%
 Total physical RAM: 3541.63 MB
 Available physical RAM: 2571.8 MB
 Total Virtual: 4005.63 MB
 Available Virtual: 2706.09 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:452.23 GB) (Free:405.84 GB) NTFS ==>[system with boot components (obtained from drive)]
 Drive d: (Recovery Image) (Fixed) (Total:11.61 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
 Disk: 0 (Size: 465.8 GB) (Disk ID: 2068C105)

Partition: GPT.

==================== End of Addition.txt ============================

          

 



BC AdBot (Login to Remove)

 


#2 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:20 AM

Posted 06 April 2016 - 10:04 AM

I'm sorry about the mess I made yesterday when I posted 6 threads of the same topic, I only meant to post one. What happened is, when I clicked the post button it took a long time to load or transfer me back to the virus, trojan, spyware, and malware removal logs page and show I posted successfully. Instead I was redirected to an error page, so I tried it again, again, with and without attachments. When I gave up and went back to the  virus, trojan, spyware, and malware removal logs page, that's when I saw all my attempts did go through. I've been getting a lot of redirects to error pages, sql errors, and denied access of select Microsoft pages that are about malware and viruses. Below this I'm attaching screen shots of the error page I was redirected to, along with the fake 'fix window's errors' banner ads I'm seeing in my game app and found their location in appdata, I'm not attaching the actual image file it's the screen shot I took of inside the app. I've also noticed something odd when I open the properties of some of the apps in appdata, I swear I see the display change when I click on the security tab. It's like there's a red mark of some kind next to a group user name but then it's gone, it' happens so fast all I see is a flash of red and I get the same thing when I open system32 folder. I see a glimpse of a view yellow folders and below them 2 files @OpenWithToastLogo.png and @TileEmpty1x1Image.png that have a floral image on the icons and then some DLLs but in a flash the display changes to a long line of folders and the floral icons are moved further down the page. I hope I explained that right, it's the type of thing that makes you feel like your crazy because it happens so fast. I can't see any words or shapes, only colors that are there and in a flash they're gone. Another thing that's odd and messing with me is my recent look at the files in system32\drivers, I don't remember seeing so many blue font files. And am I correct that blue font means packed or compressed?

 

 Attached File  error1.PNG   8.29KB   0 downloads                                                                              Attached File  error2.PNG   5.47KB   0 downloads 

 

 

Attached File  TopPg1.PNG   133.79KB   0 downloads

 

Attached File  Bottom.PNG   32.03KB   0 downloads



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,665 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:02:20 AM

Posted 11 April 2016 - 12:00 AM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> http://www.bleepingcomputer.com/logreply/610328 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:20 AM

Posted 12 April 2016 - 07:45 AM

Caramello222:
 
:welcome: to the Bleeping Computer Virus, Trojans, Spyware, and Malware Removal Logs Forum.  My name is Phil and I am a trainee in the Bleeping Computer Malware Removal Study Hall.  If you would permit me to address you by your first name, I would prefer to do that since we will be working together.
 
I will be assisting you with your computer issues.  All of my proposed fixes and suggestions must be approved by a fully-qualified Malware Removal Team member or instructor.  This will delay response times somewhat, but I will endeavor to respond within a reasonable time, normally 48 hours after your last post.
 
I apologize for the delay that you have experienced.  This Forum is very, very busy, but I am here now! :)  We will do what we can to get your computer restored to good health.
 
Because your FRST logs are dated, and changes could have occurred to your computer since you first posted your FRST logs, I would appreciate it if you post new FRST logs.  Please ensure that "Addition.txt" is also checked.  It only defaults to being checked the first time FRST is run.  As before, please copy and paste both logs into your reply.
 
I will need some time to review your FRST logs and consult with a Malware Response Instructor.   That could take a few days.  Once I have done so, I will post back with initial instructions.
 
Thank you again for your patience and understand, and have a great day.
 
Regards,
-Phil

Member of the Unified Network of Instructors and Trusted Eliminators


#5 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:20 AM

Posted 12 April 2016 - 01:35 PM

Thank you for your time. I rescanned with Farbar yesterday when I got the bot reply. I have some updated issues, I now have display, update, and download issues with the Magic Puzzle app. I did contact them, they said there will be an update coming out to fix the problems with the app. They have been reliable in the past when it comes to updates and fixes, I found out that they have released the update but I can't get it through the windows app store like in the past. I ran the AppsDiagnostic.diagcab it detected some apps might not have access to required resources, security settings that are missing or have been changed, and the windows store cache may be damaged. It claimed it fixed these issues by resetting the windows store but when I open the app diagnostic utility again to try a different fix because the problem still existed it gave me the same detection and fix, along with a new detection that my display device adapter driver is out of date and when I tried to update it, I got a message saying that the driver is already up to date. So I'm assuming the problem still exists and the utility can't fix it. I don't know if 'favicon.ico' has anything to do with messing with cache and display but when I looked in the INETCache folder for IE the icon images stored for my list of favorite are distorted and kind of blurry. I noticed the icon for rundll32 in system32 folder also looks a little out of place. Also, when using a favorite link for Microsoft website or using a link while on a Microsoft website I get a lot of redirects to the sign-in page, even though I'm already signed-in. The new Farbar scans are below.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:24-02-2016
Ran by Floretta (administrator) on LA-LA-LOOPSY (11-04-2016 12:48:42)
Running from C:\Users\Floretta\Desktop
Loaded Profiles: Floretta (Available Profiles: Floretta)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Andrea Electronics Corporation) C:\Program Files\Realtek\Audio\HDA\AERTSr64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(AMD) C:\Windows\System32\atieclxx.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Sysinternals - www.sysinternals.com) C:\Users\Floretta\Downloads\SysinternalsSuite\procexp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(ATI Technologies Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Sysinternals - www.sysinternals.com) C:\Users\Floretta\AppData\Local\Temp\PROCEXP64.exe
(Microsoft) C:\Program Files\WindowsApps\Microsoft.Taptiles_2.4.1412.201_x86__8wekyb3d8bbwe\Taptiles.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7198424 2013-08-29] (Realtek Semiconductor)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [766208 2013-09-11] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2622432 2016-01-29] (Malwarebytes Corporation)
HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\Policies\system: [DisableLockWorkstation] 0
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.114.81.1 75.114.81.2
Tcpip\..\Interfaces\{96EAF80F-02C7-4E9A-8702-EF5FA9789DD5}: [DhcpNameServer] 75.114.81.1 75.114.81.2

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPDSK13/1
HKU\S-1-5-21-2603647047-4195809022-826204347-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPDSK13/1
SearchScopes: HKU\S-1-5-21-2603647047-4195809022-826204347-1001 -> {3CB12E97-BDDF-4488-8C61-217335DD319F} URL =
BHO: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery64.dll [2015-10-30] (Ghostery, Inc.)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Ghostery Plugin -> {6BF739DD-3323-4C6A-975B-C7E00A50B154} -> C:\Program Files (x86)\Ghostery\bin\ghostery.dll [2015-10-30] (Ghostery, Inc.)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-12-20] (Hewlett-Packard Company)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKU\S-1-5-21-2603647047-4195809022-826204347-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File

FireFox:
========
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
R2 CyberLink PowerDVD 12 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSMonitorServicePDVD12.exe [77576 2013-09-27] (CyberLink)
R2 CyberLink PowerDVD 12 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe [298760 2013-09-27] (CyberLink)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-01-29] (Malwarebytes Corporation)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [289496 2013-08-29] (Realtek Semiconductor)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2016-02-21] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2016-02-21] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2014-12-22] (Qualcomm Atheros Communications, Inc.)
R0 C9294A81; C:\Windows\System32\drivers\C9294A81.sys [478392 2016-02-23] (Kaspersky Lab ZAO)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-15] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-01-29] ()
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [290008 2013-07-08] (Realtek Semiconductor Corp.)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2016-02-21] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2016-02-21] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2016-02-21] (Microsoft Corporation)
R1 MpKsl808c1099; \??\C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{1AFADC00-6DDC-470E-9B27-1256E4A9EB40}\MpKsl808c1099.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-09 21:30 - 2016-04-10 12:55 - 00000000 ____D C:\Users\Floretta\AppData\Local\CrashDumps
2016-04-09 14:12 - 2016-04-09 14:39 - 00000370 _____ C:\WINDOWS\Tasks\HPCeeScheduleForFloretta.job
2016-04-09 14:12 - 2016-04-09 14:12 - 00003190 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForFloretta
2016-04-09 13:23 - 2016-04-09 13:23 - 00423962 _____ C:\Users\Floretta\Desktop\AppsDiagnostic.diagcab
2016-04-09 12:56 - 2016-04-04 02:35 - 00046768 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-04-09 12:56 - 2016-04-02 09:26 - 01386496 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-04-09 12:56 - 2016-04-02 09:26 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-04-08 19:10 - 2016-04-08 19:10 - 00000000 ____D C:\Users\Floretta\Desktop\Updated April-01-2016
2016-04-08 19:09 - 2016-04-08 19:09 - 00133979 _____ C:\Users\Floretta\Desktop\Updated April-01-2016.zip
2016-04-08 19:01 - 2016-04-08 19:10 - 00000000 ____D C:\ProgramData\RogueKiller
2016-04-08 19:01 - 2016-04-08 19:01 - 19765320 _____ C:\Users\Floretta\Desktop\RogueKiller.exe
2016-04-08 13:15 - 2016-04-08 13:15 - 00001341 _____ C:\Users\Floretta\Desktop\GrantPerms64.exe - Shortcut.lnk
2016-04-08 13:15 - 2016-04-08 13:15 - 00000000 ____D C:\Users\Floretta\Desktop\GrantPerms64
2016-04-08 13:14 - 2016-04-08 13:14 - 00628779 _____ C:\Users\Floretta\Desktop\GrantPerms64.zip
2016-04-06 01:29 - 2016-04-06 01:29 - 00077668 _____ C:\Users\Floretta\Desktop\789.txt
2016-04-03 18:53 - 2016-04-03 18:53 - 00003095 _____ C:\Users\Floretta\Desktop\Edit.txt
2016-04-03 18:22 - 2016-04-06 00:16 - 00012082 _____ C:\Users\Floretta\Desktop\malware outline.txt
2016-04-03 10:08 - 2016-04-03 10:08 - 00028475 _____ C:\Users\Floretta\Desktop\Addition2.txt
2016-04-03 10:07 - 2016-04-03 10:07 - 00037321 _____ C:\Users\Floretta\Desktop\FRST2.txt
2016-04-03 10:07 - 2016-04-03 10:07 - 00028475 _____ C:\Users\Floretta\Desktop\Addition3.txt
2016-04-02 12:45 - 2016-03-24 09:20 - 00698368 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-04-02 12:45 - 2016-03-24 09:20 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-04-02 12:45 - 2016-03-24 09:20 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-04-02 12:45 - 2016-03-24 09:20 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-04-02 12:45 - 2016-03-24 09:20 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-04-01 18:29 - 2016-04-01 18:29 - 00659968 _____ C:\Users\Floretta\Desktop\MicrosoftFixit50195.msi
2016-03-25 14:37 - 2016-02-08 21:31 - 22365472 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-25 14:37 - 2016-02-08 21:31 - 19794896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-25 14:37 - 2016-02-08 21:31 - 02757616 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-03-25 14:37 - 2016-02-08 21:31 - 02412576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-03-25 14:37 - 2016-02-08 21:31 - 00273264 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-03-25 14:37 - 2016-02-08 16:55 - 02712576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-25 14:37 - 2016-02-08 16:15 - 02551808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\themecpl.dll
2016-03-25 14:37 - 2016-02-08 16:02 - 01197056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-03-25 14:37 - 2016-02-08 15:48 - 12879360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-25 14:37 - 2016-02-08 15:43 - 00524288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-03-25 14:37 - 2016-02-08 15:40 - 00539648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hgcpl.dll
2016-03-25 14:37 - 2016-02-08 15:39 - 00305152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-03-25 14:37 - 2016-02-08 15:37 - 00141312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingMonitor.dll
2016-03-25 14:37 - 2016-02-08 15:35 - 00954880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-03-25 14:37 - 2016-02-08 15:34 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-25 14:37 - 2016-02-08 15:33 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-25 14:37 - 2016-02-08 14:50 - 03120640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-25 14:37 - 2016-02-08 13:55 - 02592256 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-03-25 14:37 - 2016-02-08 13:33 - 01278464 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-03-25 14:37 - 2016-02-08 13:12 - 14466560 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-25 14:37 - 2016-02-08 13:02 - 00653824 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-03-25 14:37 - 2016-02-08 13:00 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-03-25 14:37 - 2016-02-08 12:58 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-03-25 14:37 - 2016-02-08 12:55 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingMonitor.dll
2016-03-25 14:37 - 2016-02-08 12:53 - 02171904 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlowUI.dll
2016-03-25 14:37 - 2016-02-08 12:53 - 01348096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-25 14:37 - 2016-02-08 12:50 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-03-25 14:37 - 2016-02-08 12:50 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-25 14:37 - 2016-02-08 12:48 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-25 14:37 - 2016-02-08 12:47 - 02819584 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers.dll
2016-03-25 14:37 - 2016-02-08 12:44 - 00955392 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-25 14:37 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSSVC.exe
2016-03-25 14:37 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\IPMIDrv.sys
2016-03-25 14:37 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-25 14:37 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAuto.dll
2016-03-25 14:37 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAuto.dll
2016-03-25 14:37 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2016-03-25 14:37 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-03-25 14:37 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmWmiPl.dll
2016-03-25 14:37 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmAgent.dll
2016-03-25 14:37 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-03-25 14:37 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmWmiPl.dll
2016-03-25 14:37 - 2016-01-31 15:17 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\consent.exe
2016-03-25 14:37 - 2016-01-31 14:07 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\appinfo.dll
2016-03-25 14:37 - 2016-01-31 13:42 - 03320832 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-03-25 14:37 - 2016-01-31 13:14 - 03607040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-03-25 14:37 - 2016-01-31 12:24 - 02778624 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-03-25 14:37 - 2016-01-31 12:20 - 02464256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-03-25 14:37 - 2016-01-27 11:18 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcss.dll
2016-03-25 14:37 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-25 14:37 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-25 14:36 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2016-03-25 14:36 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\WorkfoldersControl.dll
2016-03-25 14:36 - 2016-01-26 15:15 - 00072024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vpci.sys
2016-03-25 14:36 - 2016-01-20 18:40 - 00099672 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\disk.sys
2016-03-25 14:35 - 2016-02-11 16:17 - 07452504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-25 14:35 - 2016-02-11 16:17 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-25 14:35 - 2016-02-11 16:17 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-25 14:35 - 2016-02-11 16:17 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-25 14:35 - 2016-02-11 16:17 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-25 14:35 - 2016-02-11 16:17 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-25 14:35 - 2016-02-11 16:16 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-25 14:35 - 2016-02-09 14:07 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-03-25 14:35 - 2016-02-05 15:07 - 00378712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-03-25 14:35 - 2016-02-05 11:11 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL
2016-03-25 14:35 - 2016-02-05 11:11 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL
2016-03-25 14:35 - 2016-02-05 11:07 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL
2016-03-25 14:35 - 2016-02-05 11:02 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL
2016-03-25 14:35 - 2016-02-04 14:07 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpsapi.dll
2016-03-25 14:35 - 2016-02-04 13:35 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpsapi.dll
2016-03-25 14:35 - 2016-02-04 12:23 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll
2016-03-25 14:35 - 2016-02-04 12:22 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll
2016-03-25 14:35 - 2016-02-02 13:18 - 01574912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbengine.exe
2016-03-25 14:35 - 2016-01-31 13:17 - 00779264 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsAnytimeUpgradeui.exe
2016-03-25 14:35 - 2016-01-22 01:22 - 02487296 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi.dll
2016-03-25 14:35 - 2016-01-22 01:11 - 01482240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\storagewmi.dll
2016-03-25 14:34 - 2016-02-06 19:05 - 00551256 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-03-25 14:34 - 2016-02-06 18:41 - 00316760 ____C (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volsnap.sys
2016-03-24 11:46 - 2016-04-10 12:56 - 00003954 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BDADF9B0-88BA-41BD-8204-565C50CF7FD6}
2016-03-21 23:24 - 2016-03-21 23:40 - 00003045 _____ C:\Users\Floretta\Desktop\BroniReply3.txt
2016-03-21 23:23 - 2016-03-21 23:23 - 00788992 _____ C:\Users\Floretta\Desktop\delfix_1.012.exe
2016-03-20 01:22 - 2016-03-20 01:22 - 00000000 ____D C:\ProgramData\Sophos
2016-03-20 01:20 - 2016-03-20 01:20 - 00002775 _____ C:\Users\Public\Desktop\Sophos Virus Removal Tool.lnk
2016-03-20 01:20 - 2016-03-20 01:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sophos
2016-03-20 01:20 - 2016-03-20 01:20 - 00000000 ____D C:\Program Files (x86)\Sophos
2016-03-20 01:15 - 2016-03-20 01:15 - 00000818 _____ C:\Users\Floretta\Desktop\JRT.txt
2016-03-20 01:01 - 2016-03-20 01:01 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-20 00:44 - 2016-03-20 00:45 - 145314856 _____ (Sophos Limited) C:\Users\Floretta\Desktop\Sophos Virus Removal Tool.exe
2016-03-20 00:43 - 2016-03-20 00:43 - 01610352 _____ (Malwarebytes) C:\Users\Floretta\Desktop\JRT.exe
2016-03-20 00:42 - 2016-03-20 00:42 - 01527296 _____ C:\Users\Floretta\Desktop\adwcleaner_5.102.exe
2016-03-20 00:40 - 2016-03-20 00:40 - 00001981 _____ C:\Users\Floretta\Desktop\BroniReply2.txt
2016-03-20 00:38 - 2016-03-20 00:38 - 00448512 _____ (OldTimer Tools) C:\Users\Floretta\Desktop\TFC.exe
2016-03-19 12:49 - 2016-03-19 12:49 - 00003356 _____ C:\Users\Floretta\Desktop\Rkill.txt
2016-03-19 12:16 - 2016-03-19 12:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-19 12:10 - 2016-03-19 12:46 - 00000000 ____D C:\Users\Floretta\Desktop\mbar
2016-03-19 11:07 - 2016-03-19 11:07 - 00001050 _____ C:\Users\Floretta\Desktop\BMBS3-19-16.txt
2016-03-19 10:07 - 2016-03-19 10:08 - 00030721 _____ C:\Users\Floretta\Desktop\MTB.txt
2016-03-19 10:00 - 2016-03-19 10:00 - 00002688 _____ C:\Users\Floretta\Desktop\FSS.txt
2016-03-18 21:44 - 2016-03-18 21:44 - 00006426 _____ C:\Users\Floretta\Desktop\BroniReply1.txt
2016-03-18 21:26 - 2016-03-18 21:26 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Floretta\Desktop\iExplore.exe
2016-03-18 21:13 - 2016-03-18 21:13 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Floretta\Desktop\mbar-1.09.3.1001.exe
2016-03-18 00:05 - 2016-03-18 00:05 - 00891392 _____ (Farbar) C:\Users\Floretta\Desktop\MiniToolBox.exe
2016-03-17 23:39 - 2016-03-17 23:39 - 00899584 _____ (Farbar) C:\Users\Floretta\Desktop\FSS.exe
2016-03-17 23:24 - 2016-03-17 23:24 - 00852798 _____ C:\Users\Floretta\Desktop\SecurityCheck.exe
2016-03-15 12:44 - 2016-03-16 22:42 - 00001702 _____ C:\Users\Floretta\Desktop\123.txt
2016-03-15 10:56 - 2016-03-15 10:59 - 00002826 _____ C:\Users\Floretta\Desktop\SUPERAntiSpyware Scan Log - 03-15-2016 - 10-41-26.log2.txt
2016-03-15 00:36 - 2016-03-15 00:36 - 00001118 _____ C:\Users\Floretta\Desktop\SysinternalsSuite - Shortcut.lnk
2016-03-14 21:54 - 2016-04-01 00:05 - 00000245 _____ C:\Users\Floretta\Desktop\Search.txt
2016-03-12 11:10 - 2016-04-08 15:08 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-12 11:09 - 2016-04-08 15:07 - 00001121 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-12 11:09 - 2016-04-08 15:07 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-12 11:09 - 2016-03-12 11:09 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-12 11:09 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-12 11:09 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-12 11:09 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-12 11:08 - 2016-03-12 11:08 - 22908888 _____ (Malwarebytes ) C:\Users\Floretta\Desktop\mbam-setup-2.2.0.1024.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-04-11 12:49 - 2016-02-24 18:02 - 00009397 _____ C:\Users\Floretta\Desktop\FRST.txt
2016-04-11 12:48 - 2016-02-24 18:00 - 00000000 ____D C:\FRST
2016-04-11 12:24 - 2016-02-22 20:43 - 00000000 ____D C:\Users\Floretta\OneDrive
2016-04-10 23:10 - 2016-02-20 21:43 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-04-10 21:06 - 2016-02-21 19:51 - 00000000 ____D C:\Users\Floretta\AppData\LocalLow\Adblock Plus for IE
2016-04-10 12:22 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-04-09 22:00 - 2016-02-19 13:00 - 00003598 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2603647047-4195809022-826204347-1001
2016-04-09 21:08 - 2016-02-21 21:53 - 00000000 ____D C:\Users\Floretta\AppData\Local\PackageStaging
2016-04-09 21:08 - 2016-02-19 02:17 - 00000000 ____D C:\Users\Floretta\AppData\Local\Packages
2016-04-09 21:07 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-04-09 14:44 - 2014-11-21 04:44 - 00956476 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-04-09 14:44 - 2013-08-22 09:36 - 00000000 ____D C:\WINDOWS\Inf
2016-04-09 14:39 - 2013-08-22 10:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-04-09 14:38 - 2013-08-22 09:25 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-04-09 14:37 - 2016-02-18 20:32 - 00003236 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-04-09 14:36 - 2016-02-18 20:27 - 00003150 _____ C:\WINDOWS\System32\Tasks\MirageAgent
2016-04-09 14:11 - 2016-02-27 15:37 - 00000000 ____D C:\WINDOWS\HP
2016-04-09 14:10 - 2013-04-10 15:20 - 00000000 ____D C:\SWSETUP
2016-04-09 13:44 - 2016-02-21 16:47 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-04-09 13:27 - 2016-02-26 15:31 - 00000000 ____D C:\Users\Floretta\AppData\Local\ElevatedDiagnostics
2016-04-09 12:58 - 2012-07-26 03:59 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-04-09 12:57 - 2016-03-10 01:31 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-04-03 10:04 - 2016-02-24 18:04 - 00028475 _____ C:\Users\Floretta\Desktop\Addition.txt
2016-03-26 17:43 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\rescache
2016-03-25 14:42 - 2013-08-22 11:36 - 00000000 ___RD C:\WINDOWS\ToastData
2016-03-21 00:01 - 2016-02-18 20:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Music, Photos and Videos
2016-03-15 12:47 - 2013-08-22 09:25 - 00508413 _____ C:\WINDOWS\system32\Drivers\etc\HOSTS.MVP
2016-03-15 11:55 - 2016-02-24 18:01 - 00005886 _____ C:\Users\Floretta\Desktop\AdBlock.txt
2016-03-15 00:37 - 2016-02-22 22:08 - 00000000 ____D C:\Users\Floretta\Downloads\SysinternalsSuite
2016-03-12 23:33 - 2016-02-23 11:36 - 00000000 ____D C:\Users\Floretta\AppData\LocalLow\Ghostery

Some files in TEMP:
====================
C:\Users\Floretta\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Floretta\AppData\Local\Temp\PROCEXP64.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-09 12:53

==================== End of FRST.txt ============================

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-02-2016
Ran by Floretta (2016-04-11 12:50:21)
Running from C:\Users\Floretta\Desktop
Windows 8.1 (X64) (2016-02-21 02:19:22)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2603647047-4195809022-826204347-500 - Administrator - Disabled)
Floretta (S-1-5-21-2603647047-4195809022-826204347-1001 - Administrator - Enabled) => C:\Users\Floretta
Guest (S-1-5-21-2603647047-4195809022-826204347-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
AMD Catalyst Install Manager (HKLM\...\{EE691BD9-2B2C-6BFB-6389-ABAF5AD2A4A1}) (Version: 8.0.915.0 - Advanced Micro Devices, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.4.6522 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.4.3003 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.3.4608 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.4.2921 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.5.3414 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.2.3324 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.6.6119 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Ghostery (HKLM-x32\...\Ghostery) (Version:  - Ghostery Inc)
Hewlett-Packard ACLM.NET v1.2.2.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6668.4491 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{E959FD01-BD01-4CC4-9BB8-4EBE8309BF37}) (Version: 8.2.8.25 - HP)
HP Support Information (HKLM-x32\...\{B2B7B1C8-7C8B-476C-BE2C-049731C55992}) (Version: 12.00.0000 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.2.8.17 - HP)
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Qualcomm Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.29068 - Realtek Semiconductor Corp.)
Realtek Card Reader (HKLM-x32\...\{F0A8BF4A-972F-41E0-9800-1EFE3BF28266}) (Version: 6.2.9200.29064 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.20.815.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7027 - Realtek Semiconductor Corp.)
Recovery Manager (x32 Version: 5.5.0.6208 - CyberLink Corp.) Hidden
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.5 - Sophos Limited)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
UVK - Ultra Virus Killer (HKLM\...\UVK - Ultra virus killer) (Version: 7.7.1.0 - Carifred)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {18806627-8CE6-499B-9CF5-F5D5A16906CB} - System32\Tasks\CLVDLauncher => c:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-12] (CyberLink Corp.)
Task: {2B0FAC72-A594-4D2D-8C40-EAD82510EA0F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {32C784FC-5AD7-4526-BBC2-A6A9B7548996} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {3CA45824-207F-42F8-BE97-099660955587} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
Task: {5E307BD3-BC4B-4CC2-8B6E-7467FE641670} - System32\Tasks\Process Explorer-LA-LA-LOOPSY-Floretta => C:\USERS\FLORETTA\DOWNLOADS\SYSINTERNALSSUITE\PROCEXP.EXE [2016-02-22] (Sysinternals - www.sysinternals.com)
Task: {6B1E51D7-C65A-41F0-9FAB-07176299F073} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-03-11] (Hewlett-Packard)
Task: {72074DEE-82DD-4F20-ADF2-5B9961605ADA} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {75BBA35F-DBF2-443C-8F13-8188579837B0} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
Task: {86CB0496-D6B7-4FE6-9570-17E54DDACBF2} - System32\Tasks\HPCeeScheduleForFloretta => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {989D6825-22E6-4BA2-B4E6-07815CE10D6E} - System32\Tasks\CLMLSvc_P2G8 => c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-12] (CyberLink)
Task: {A5A26A20-3B80-49D2-9F44-5AF74498DFA1} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-03-02] (Hewlett-Packard)
Task: {C6BA010A-5359-45E1-A803-5471AA02995F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
Task: {E4603991-7CE7-4146-9253-0E1C1541AB4B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\windows\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {F02361E8-71AA-4664-AD33-E28922CC6953} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\WSCStub.exe
Task: {F135F9A2-D4A9-40F5-88B9-06FA0A2D6001} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)
Task: {F2DB8692-FC88-48E8-87D5-AEBE9D32B59E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\HPCeeScheduleForFloretta.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-02-18 20:07 - 2013-03-12 10:51 - 00626240 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-13 02:53 - 2013-03-13 02:53 - 00015424 _____ () c:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-02-25 21:40 - 2016-02-25 21:40 - 03215872 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\4645d55571ab83958a416758023c2299\Windows.UI.Xaml.ni.dll
2016-03-07 19:11 - 2016-03-07 19:11 - 00292352 _____ () C:\Users\Floretta\AppData\Local\Packages\microsoft.taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.CdnModule\d51c20a446ef84d9c92269562e27b4ae\Arkadium.CdnModule.ni.dll
2016-02-25 21:41 - 2016-02-25 21:41 - 00875520 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\1bd0185558579d26820bb265756612c4\Windows.UI.ni.dll
2016-03-07 19:11 - 2016-03-07 19:11 - 00038400 _____ () C:\Users\Floretta\AppData\Local\Packages\microsoft.taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi82189356#\4aa353829fb3706942bf246603f1543c\Arkadium.Win8.MediaPlayer.ni.dll
2016-03-07 19:11 - 2016-03-07 19:11 - 00123392 _____ () C:\Users\Floretta\AppData\Local\Packages\microsoft.taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ap4e5cc921#\6309b41157ffd8203db7208412c8d8d8\Arkadium.ApplicationFramework.ni.dll
2016-03-07 19:11 - 2016-03-07 19:11 - 00172544 _____ () C:\Users\Floretta\AppData\Local\Packages\microsoft.taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Acc213f109#\62a4311441489edd6c782e4f56ce158c\Arkadium.AchievementsModule.ni.dll
2016-03-07 19:11 - 2016-03-07 19:11 - 00264192 _____ () C:\Users\Floretta\AppData\Local\Packages\microsoft.taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Awd4f12c8f#\a9b7b55c3a49207bfb6efedf15b5e3e4\Arkadium.AwardsModule.ni.dll
2016-03-07 19:11 - 2016-03-07 19:11 - 00362496 _____ () C:\Users\Floretta\AppData\Local\Packages\microsoft.taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Le816657bc#\3bc616906d6c8c0eb5d7038aa3309e4c\Arkadium.LeaderboardModule.ni.dll
2016-03-07 19:11 - 2016-03-07 19:11 - 02011648 _____ () C:\Users\Floretta\AppData\Local\Packages\microsoft.taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Dae4911807#\d917b71bc4b307f2e75885ed83b289ec\Arkadium.DailyChallengeModule.ni.dll
2016-03-07 19:11 - 2016-03-07 19:11 - 00655360 _____ () C:\Users\Floretta\AppData\Local\Packages\microsoft.taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Ad1735b4ba#\3a8cb0b05b2b8641d41e74a83f90ebf9\Arkadium.Advertisement.ni.dll
2016-03-07 19:11 - 2016-03-07 19:11 - 00276480 _____ () C:\Users\Floretta\AppData\Local\Packages\microsoft.taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Wi4bbc307d#\4f2a1a5819dfcfa35387129ad9631b43\Arkadium.WindowsStoreModule.ni.dll
2016-02-25 21:42 - 2016-02-25 21:42 - 00307712 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\ff30d7e824cf635fa28242667d8d7022\Windows.Data.ni.dll
2016-02-25 21:41 - 2016-02-25 21:41 - 01043456 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\332d23befba30cc234a4440e6a888ef5\Windows.ApplicationModel.ni.dll
2016-02-25 21:41 - 2016-02-25 21:41 - 00761856 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\970747cea16108245f49745036c0e5b0\Windows.Storage.ni.dll
2016-02-25 21:41 - 2016-02-25 21:41 - 00195072 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\616264e27c19104acef6671d0fe9454c\Windows.Foundation.ni.dll
2016-03-07 19:11 - 2016-03-07 19:11 - 00123904 _____ () C:\Users\Floretta\AppData\Local\Packages\microsoft.taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Xaba8eb3bf#\b95fe0d4fad9c2db7851e599b2034637\Arkadium.Xaml.Toolkit.ni.dll
2016-03-07 19:11 - 2016-03-07 19:11 - 00150528 _____ () C:\Users\Floretta\AppData\Local\Packages\microsoft.taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.NewsModule\b79131ff2fc3d827ee8c13e38f87b4ed\Arkadium.NewsModule.ni.dll
2016-03-07 19:11 - 2016-03-07 19:11 - 00403456 _____ () C:\Users\Floretta\AppData\Local\Packages\microsoft.taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Arkadium.Fae5110155#\065b42d577f5d26d0a879b995533e179\Arkadium.FacebookModule.ni.dll
2016-03-07 19:11 - 2016-03-07 19:11 - 00226304 _____ () C:\Users\Floretta\AppData\Local\Packages\microsoft.taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\CustomProgr3d91ab4c#\91ab84731f7bd1e3206023f0d202ab30\CustomProgressControl.ni.dll
2016-03-07 19:12 - 2016-03-07 19:12 - 00445440 _____ () C:\Users\Floretta\AppData\Local\Packages\microsoft.taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.Xbox\d892dcbc1f562419844ac8b4200482e0\Microsoft.Xbox.ni.dll
2016-03-07 19:10 - 2016-03-07 19:10 - 00681984 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Media\11dfbdcb894e188d01951ed06736fb73\Windows.Media.ni.dll
2016-03-07 19:12 - 2016-03-07 19:12 - 00192000 _____ () C:\Users\Floretta\AppData\Local\Packages\microsoft.taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\MicroStudioe45cbf8f#\2a6dd5767e3e33318e07f1f3a37d29c7\MicroStudios.HouseAdController.ni.dll
2016-02-25 21:41 - 2016-02-25 21:41 - 00116224 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\7206ef945e54af582916ca4b50816a35\Windows.System.ni.dll
2016-03-07 19:12 - 2016-03-07 19:12 - 00210432 _____ () C:\Users\Floretta\AppData\Local\Packages\microsoft.taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\CEServices\fbbde448f98b96fb9b95706908438631\CEServices.ni.dll
2016-02-25 21:41 - 2016-02-25 21:41 - 00349696 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Security\dad10f08bd4c7297cb21dbc88121c982\Windows.Security.ni.dll
2016-02-25 21:42 - 2016-02-25 21:42 - 00214016 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\ca4008cb8c3c9cc38023563daf285d1f\Windows.Globalization.ni.dll
2016-02-25 21:41 - 2016-02-25 21:41 - 00712192 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\adf7c39fc5797a8ae6557b5fcab539a8\Windows.Networking.ni.dll
2016-02-25 21:41 - 2016-02-25 21:41 - 00277504 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\75ec7ef316dd5a3fe52cc098e9c185c5\Windows.Graphics.ni.dll
2016-03-07 19:13 - 2016-03-07 19:13 - 00036864 _____ () C:\Users\Floretta\AppData\Local\Packages\microsoft.taptiles_8wekyb3d8bbwe\AC\Microsoft\CLR_v4.0_32\NativeImages\Microsoft.G42d2c636#\97139b4dc5948902a3e1c7bfc83c6590\Microsoft.Games.Sentient.ni.dll
2016-02-25 21:42 - 2016-02-25 21:42 - 01142272 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\16045567a72fa5a44c989e4319fbc36a\Windows.Devices.ni.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\C9294A81.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\C9294A81.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\microsoft.com -> hxxps://support.microsoft.com
IE restricted site: HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\ppjol.net -> hxxp://s.ppjol.net

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-04-08 19:10 - 00506641 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 atlas.aamedia.ro
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu

There are 12009 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2603647047-4195809022-826204347-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\Web\Wallpaper\HP\HP_No_Smoke_Without_Fire.jpg
DNS Servers: 75.114.81.1 - 75.114.81.2
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{137E5125-6324-4735-B4C4-999E98C6A78F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{2AAB140D-AA0B-4FF2-8792-6BDBAC0935C7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{F2CF8C92-75F1-4D65-B9AD-B63EEC4873C2}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{8DA219C1-ABDB-4A54-B313-CA52D3A75680}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{57D3D61A-3E2A-4C3B-9D86-7402DC023803}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{BBE25CA3-364A-4585-B20E-7292E1569157}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{B227A311-0C2C-4155-B489-AB4893B75870}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{72366FDF-12B9-46CF-AD28-25F93ECA2CB8}] => (Allow) C:\Users\Floretta\AppData\Local\Temp\7zS730.tmp\SymNRT.exe
FirewallRules: [{87AD3D94-A2B6-4067-A0B3-13ECD117F326}] => (Allow) C:\Users\Floretta\AppData\Local\Temp\7zS730.tmp\SymNRT.exe
FirewallRules: [{2A38D071-503C-43DF-9092-7C8C21BA97BA}] => (Allow) C:\Users\Floretta\AppData\Local\Temp\7zS613E.tmp\SymNRT.exe
FirewallRules: [{66AE5B05-4E48-419E-809A-2A427D35D894}] => (Allow) C:\Users\Floretta\AppData\Local\Temp\7zS613E.tmp\SymNRT.exe
FirewallRules: [{A053C77E-D4B5-43E9-81CC-49561CF33627}] => (Allow) LPort=1900
FirewallRules: [{0A9AE4FD-76E2-4F26-AA5F-6CFA69C65FA9}] => (Allow) LPort=2869
FirewallRules: [{B438FC32-FD19-4479-8C1F-D6237F020252}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{A2B4AFAB-321F-414F-9C1A-AA3B9EF75521}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{04EFC315-78DC-4AB7-9FB5-A1877779EC32}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{CDE4800B-3056-4E36-8C15-AD77B001E07F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{79F5ADC9-C5E5-4135-AEF8-DB5AF68FA187}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{0CDE195F-6BA6-4B5C-BCD2-6F3E134FAD00}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B3802CAC-3E49-4899-BDB0-51EE17A54BAD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{527D1A1F-9F05-41B1-9BED-070C640C3143}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
FirewallRules: [{69358BAF-CA5A-4F21-A462-854DF705E503}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe
FirewallRules: [{2B2A76CE-B6CA-4071-A983-A14A5B46B6B5}] => (Allow) C:\Program Files\UVK - Ultra Virus Killer\UVK_en.exe

==================== Restore Points =========================

20-03-2016 01:14:11 JRT Pre-Junkware Removal
25-03-2016 12:19:18 Windows Update
02-04-2016 12:45:15 Windows Update
09-04-2016 12:56:34 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (04/10/2016 12:54:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Taptiles.exe, version: 1.0.0.0, time stamp: 0x547df36b
Faulting module name: combase.dll, version: 6.3.9600.18202, time stamp: 0x569e6792
Exception code: 0xc000027b
Fault offset: 0x00121311
Faulting process id: 0x5320
Faulting application start time: 0xTaptiles.exe0
Faulting application path: Taptiles.exe1
Faulting module path: Taptiles.exe2
Report Id: Taptiles.exe3
Faulting package full name: Taptiles.exe4
Faulting package-relative application ID: Taptiles.exe5

Error: (04/09/2016 09:29:49 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MagicPuzzles.exe, version: 0.0.0.1, time stamp: 0x56fbc740
Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17904, time stamp: 0x557b0ffa
Exception code: 0xc000027b
Fault offset: 0x00000000009829ea
Faulting process id: 0x5974
Faulting application start time: 0xMagicPuzzles.exe0
Faulting application path: MagicPuzzles.exe1
Faulting module path: MagicPuzzles.exe2
Report Id: MagicPuzzles.exe3
Faulting package full name: MagicPuzzles.exe4
Faulting package-relative application ID: MagicPuzzles.exe5

Error: (04/09/2016 09:12:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LA-LA-LOOPSY)
Description: Package XIMADINC.MagicPuzzles_2.3.0.10_x64__np8fj6akx2czy+App was terminated because it took too long to suspend.

Error: (04/08/2016 07:52:02 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (04/08/2016 05:25:10 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MagicPuzzles.exe, version: 0.0.0.1, time stamp: 0x56fbc740
Faulting module name: Windows.UI.Xaml.dll, version: 6.3.9600.17904, time stamp: 0x557b0ffa
Exception code: 0xc000027b
Fault offset: 0x00000000009829ea
Faulting process id: 0x8450
Faulting application start time: 0xMagicPuzzles.exe0
Faulting application path: MagicPuzzles.exe1
Faulting module path: MagicPuzzles.exe2
Report Id: MagicPuzzles.exe3
Faulting package full name: MagicPuzzles.exe4
Faulting package-relative application ID: MagicPuzzles.exe5

Error: (04/08/2016 02:16:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LA-LA-LOOPSY)
Description: Package XIMADINC.MagicPuzzles_2.3.0.10_x64__np8fj6akx2czy+App was terminated because it took too long to suspend.

Error: (04/08/2016 09:44:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1703

Error: (04/08/2016 09:44:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1703

Error: (04/08/2016 09:44:01 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (04/07/2016 02:58:02 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15375

System errors:
=============
Error: (04/10/2016 11:10:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 10 time(s).

Error: (04/10/2016 05:58:56 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 9 time(s).

Error: (04/10/2016 05:09:42 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 8 time(s).

Error: (04/10/2016 03:09:44 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 7 time(s).

Error: (04/10/2016 01:34:05 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 6 time(s).

Error: (04/09/2016 10:40:49 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 5 time(s).

Error: (04/09/2016 10:05:26 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 12 Media Server Service service terminated unexpectedly.  It has done this 4 time(s).

Error: (04/09/2016 09:11:40 PM) (Source: DCOM) (EventID: 10016) (User: LA-LA-LOOPSY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}La-La-LoopsyFlorettaS-1-5-21-2603647047-4195809022-826204347-1001LocalHost (Using LRPC)XIMADINC.MagicPuzzles_2.3.0.10_x64__np8fj6akx2czyS-1-15-2-166147703-3434557569-430813684-24347586-762040324-4165616823-3486463592

Error: (04/09/2016 09:11:40 PM) (Source: DCOM) (EventID: 10016) (User: LA-LA-LOOPSY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}La-La-LoopsyFlorettaS-1-5-21-2603647047-4195809022-826204347-1001LocalHost (Using LRPC)XIMADINC.MagicPuzzles_2.3.0.10_x64__np8fj6akx2czyS-1-15-2-166147703-3434557569-430813684-24347586-762040324-4165616823-3486463592

Error: (04/09/2016 09:11:36 PM) (Source: DCOM) (EventID: 10016) (User: LA-LA-LOOPSY)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}La-La-LoopsyFlorettaS-1-5-21-2603647047-4195809022-826204347-1001LocalHost (Using LRPC)XIMADINC.MagicPuzzles_2.3.0.10_x64__np8fj6akx2czyS-1-15-2-166147703-3434557569-430813684-24347586-762040324-4165616823-3486463592

CodeIntegrity:
===================================
  Date: 2016-04-08 19:03:18.970
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-08 19:03:18.095
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-06 15:44:55.161
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-04-06 15:44:54.255
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-20 01:02:22.209
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-20 01:02:21.318
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-20 00:39:53.112
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-20 00:39:52.394
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-18 21:27:45.817
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-03-18 21:27:45.114
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: AMD E1-2500 APU with Radeon™ HD Graphics
Percentage of memory in use: 29%
Total physical RAM: 3541.63 MB
Available physical RAM: 2490.51 MB
Total Virtual: 4277.63 MB
Available Virtual: 2676.79 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:452.23 GB) (Free:407.34 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Recovery Image) (Fixed) (Total:11.61 GB) (Free:1.42 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 2068C105)

Partition: GPT.

==================== End of Addition.txt ============================



#6 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:20 AM

Posted 14 April 2016 - 05:26 AM

Caramello222:

Thank you for the fresh FRST logs and description of the current issues you are experiencing with your computer. I also thank you for your patience. My responses are delayed because I am required, wisely, by Bleeping Computer Study Hall rules, to have all of my proposed posts approved before I can post in this Forum. That is for YOUR protection because I am still in training, and this is a critical part of my training.

Yes, in answer to your question, blue file names indicate that the files are compressed. Please see this link for further information on NTFS file name colors.

The good news is that I am not seeing any evidence of active malware on your computer. From what I can see, your computer issues are unrelated to malware, but let's clean up some extraneous entries on your computer



:step1: Please copy and paste the contents of the code box below into Notepad and save the file to your desktop as fixlist.txt.

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
The tool will need a restart, so please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please copy and paste it into your reply.
 

CreateRestorePoint:
Close Processes:

HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\Policies\system: [DisableLockWorkstation] 0
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Toolbar: HKU\S-1-5-21-2603647047-4195809022-826204347-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Task: {5E307BD3-BC4B-4CC2-8B6E-7467FE641670} - System32\Tasks\Process Explorer-LA-LA-LOOPSY-Floretta => C:\USERS\FLORETTA\DOWNLOADS\SYSINTERNALSSUITE\PROCEXP.EXE [2016-02-22] (Sysinternals - www.sysinternals.com)
Task: {75BBA35F-DBF2-443C-8F13-8188579837B0} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
Task: {C6BA010A-5359-45E1-A803-5471AA02995F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
Task: {F02361E8-71AA-4664-AD33-E28922CC6953} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\WSCStub.exe
FirewallRules: [{72366FDF-12B9-46CF-AD28-25F93ECA2CB8}] => (Allow) C:\Users\Floretta\AppData\Local\Temp\7zS730.tmp\SymNRT.exe
FirewallRules: [{87AD3D94-A2B6-4067-A0B3-13ECD117F326}] => (Allow) C:\Users\Floretta\AppData\Local\Temp\7zS730.tmp\SymNRT.exe
FirewallRules: [{2A38D071-503C-43DF-9092-7C8C21BA97BA}] => (Allow) C:\Users\Floretta\AppData\Local\Temp\7zS613E.tmp\SymNRT.exe
FirewallRules: [{66AE5B05-4E48-419E-809A-2A427D35D894}] => (Allow) C:\Users\Floretta\AppData\Local\Temp\7zS613E.tmp\SymNRT.exe
C:\Users\Floretta\AppData\Local\Temp\7zS613E.tmp\SymNRT.exe
C:\Program Files (x86)\Norton Internet Security
EmptyTemp:

:step2: Please reset your Internet Explorer browser settings to default and then reboot your computer.



:step3: Do you recognize Bright House Networks ISP? That is your assigned DNS server, according to the FRST scan log. More information can be found here.



:step4: Please describe, in detail, any issues that your computer is exhibiting now, after rebooting.



Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#7 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:20 AM

Posted 15 April 2016 - 04:57 PM

I think that did the trick my computer is back to showing image displays in Internet Explorer, apps, and it looks like the Windows Store App is back in sync with my apps and automatically updated, and thank you for the information about the NTFS filing. I knew the blue meant compressed but since I was having problems with my computer I thought it was packed malware, it's good to know it's just a cool storage feature. Yes I use Bright House for my internet service. How do I find what server my computer is using? I'm asking because I've come across info for Microsoft SQL Server 2005 Compact Edition and the 2012 edition and support for the 2005 version has ended.  



#8 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:20 AM

Posted 16 April 2016 - 12:27 PM

Caramello222:

 

Thank you for your post.  I didn't see the fixlog.txt file, but if your computer is running fine now, that is great!  :thumbup2:  It is not really needed.

 

I didn't see any active malware on your computer, so I think that your computer is in good shape from that perspective.

 

I am not sure that I understand your question.  I suggest that you get in contact with Bright House Networks concerning what server software they use, and/or contact Microsoft about matters concerning SQL Server 2005.
 
https://brighthouse.com/support/contact.html
https://support.microsoft.com/en-gb/contactus
 

Do you have any other issues?  If so, please describe them in detail.

 

Thank you and have a great day.

 

Regards,

-Phil

 

Member of the Unified Network of Instructors and Trusted Eliminators


#9 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:20 AM

Posted 16 April 2016 - 08:58 PM

Sorry that's my fault about the fixlog, it completely slipped my mind, here it is. I got so happy to have my computer behaving properly I forgot. As far as I can tell I don't see anything out of the norm, but since I had those issues going on with the caches and deleting browser history didn't clean out those files. Do you recommend I follow the instructions in this article from Microsoft Community on checking for corruption and repair by using sfc and dism "http://answers.microsoft.com/en-us/windows/wiki/windows_10-update/system-file-check-sfc-scan-and-repair-system-files/bc609315-da1f-4775-812c-695b60477a93"? Thank you for the links about the server I also found more info at TechNet.microsoft com and msdn.Microsoft com. It looks like I'm malware free there are no more funky ads, errors, or redirects. Also other than your advice on the sfc and dism, should I follow the instructions from Broni in the 10th reply here http://www.bleepingcomputer.com/forums/t/608178/possible-rogue-malware/ or do you have your own instructions? I didn't carry out the instructions of that reply because I was still having problems so I only downloaded the delfix for future use.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:24-02-2016
Ran by Floretta (2016-04-15 16:33:47) Run:1
Running from C:\Users\Floretta\Desktop
Loaded Profiles: Floretta (Available Profiles: Floretta)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
Close Processes:

HKU\S-1-5-21-2603647047-4195809022-826204347-1001\...\Policies\system: [DisableLockWorkstation] 0
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
Toolbar: HKU\S-1-5-21-2603647047-4195809022-826204347-1001 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Task: {5E307BD3-BC4B-4CC2-8B6E-7467FE641670} - System32\Tasks\Process Explorer-LA-LA-LOOPSY-Floretta => C:\USERS\FLORETTA\DOWNLOADS\SYSINTERNALSSUITE\PROCEXP.EXE [2016-02-22] (Sysinternals - www.sysinternals.com)
Task: {75BBA35F-DBF2-443C-8F13-8188579837B0} - System32\Tasks\Norton Internet Security\Norton Error Analyzer => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
Task: {C6BA010A-5359-45E1-A803-5471AA02995F} - System32\Tasks\Norton Internet Security\Norton Error Processor => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\SymErr.exe
Task: {F02361E8-71AA-4664-AD33-E28922CC6953} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton Internet Security\Engine\20.3.0.36\WSCStub.exe
FirewallRules: [{72366FDF-12B9-46CF-AD28-25F93ECA2CB8}] => (Allow) C:\Users\Floretta\AppData\Local\Temp\7zS730.tmp\SymNRT.exe
FirewallRules: [{87AD3D94-A2B6-4067-A0B3-13ECD117F326}] => (Allow) C:\Users\Floretta\AppData\Local\Temp\7zS730.tmp\SymNRT.exe
FirewallRules: [{2A38D071-503C-43DF-9092-7C8C21BA97BA}] => (Allow) C:\Users\Floretta\AppData\Local\Temp\7zS613E.tmp\SymNRT.exe
FirewallRules: [{66AE5B05-4E48-419E-809A-2A427D35D894}] => (Allow) C:\Users\Floretta\AppData\Local\Temp\7zS613E.tmp\SymNRT.exe
C:\Users\Floretta\AppData\Local\Temp\7zS613E.tmp\SymNRT.exe
C:\Program Files (x86)\Norton Internet Security
EmptyTemp:
*****************

Restore point was successfully created.
Processes closed successfully.
HKU\S-1-5-21-2603647047-4195809022-826204347-1001\Software\Microsoft\Windows\CurrentVersion\Policies\system\\DisableLockWorkstation => value removed successfully
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive1" => key removed successfully
HKCR\Wow6432Node\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive2" => key removed successfully
HKCR\Wow6432Node\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => key not found.
"HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ SkyDrive3" => key removed successfully
HKCR\Wow6432Node\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524} => key not found.
HKU\S-1-5-21-2603647047-4195809022-826204347-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E307BD3-BC4B-4CC2-8B6E-7467FE641670}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E307BD3-BC4B-4CC2-8B6E-7467FE641670}" => key removed successfully
C:\WINDOWS\System32\Tasks\Process Explorer-LA-LA-LOOPSY-Floretta => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Process Explorer-LA-LA-LOOPSY-Floretta" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{75BBA35F-DBF2-443C-8F13-8188579837B0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{75BBA35F-DBF2-443C-8F13-8188579837B0}" => key removed successfully
C:\WINDOWS\System32\Tasks\Norton Internet Security\Norton Error Analyzer => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Analyzer" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C6BA010A-5359-45E1-A803-5471AA02995F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6BA010A-5359-45E1-A803-5471AA02995F}" => key removed successfully
C:\WINDOWS\System32\Tasks\Norton Internet Security\Norton Error Processor => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton Internet Security\Norton Error Processor" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F02361E8-71AA-4664-AD33-E28922CC6953}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F02361E8-71AA-4664-AD33-E28922CC6953}" => key removed successfully
C:\WINDOWS\System32\Tasks\Norton WSC Integration => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Norton WSC Integration" => key removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{72366FDF-12B9-46CF-AD28-25F93ECA2CB8} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{87AD3D94-A2B6-4067-A0B3-13ECD117F326} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{2A38D071-503C-43DF-9092-7C8C21BA97BA} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{66AE5B05-4E48-419E-809A-2A427D35D894} => value removed successfully
"C:\Users\Floretta\AppData\Local\Temp\7zS613E.tmp\SymNRT.exe" => not found.
"C:\Program Files (x86)\Norton Internet Security" => not found.
EmptyTemp: => 275.7 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 16:34:58 ====



#10 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:20 AM

Posted 17 April 2016 - 03:10 PM

Caramello222:

Thank you for your post and the fixlog.txt file. All looks good.
 

Also other than your advice on the sfc and dism, should I follow the instructions from Broni in the 10th reply here http://www.bleepingcomputer.com/forums/t/608178/possible-rogue-malware/ or do you have your own instructions? I didn't carry out the instructions of that reply because I was still having problems so I only downloaded the delfix for future use.

 
If it was my computer, and I had any reason to believe that there might be some system file corruption, then I would run sfc /scannow to see if it reports any "system resource integrity" errors. It only takes 20 to 30 minutes to run.  By all means run a dism  /online /cleanup-image /restorehealth likewise, if you are concerned about corruptions within the Component Store (WinSxS).

If errors are found by sfc and dism can't fix them, then I would recommend that you post in the Bleeping Computer Windows 8 and Windows 8.1 Forum. There are very knowledgeable staff, who are very familiar with Windows 8/8.1, assisting users in that Forum.

Delfix will remove the tools that Broni used with you over in the A.I.I. Forum, as well as FRST, automatically. Generally it is recommended to run the Delfix to remove anti-malware utilities once a computer has been declared "clean." Most of the utilities are frequently updated, so there is little point in cluttering up your computer with soon-to-be obsolete malware scanning utilities.

It is, of course, your decision, because it is your computer. You can used the Control Panel, Add/Remove Programs if there are some utilities that you want to keep, and just remove the ones that you don't want. Most of these utilities don't "install", so won't be listed in "Installed" programs. You can simply delete those utilities and the folders they created. If it was my computer, I would run Delfix because it takes care of that for you and does a thorough job. In the future, if you were to need an anti-malware scanning utility, you could just download a fresh version.

Do you require any further anti-malware assistance here in this Forum? If so, please describe, in details, what issues you are having that you think might be attributable to malware. I am not seeing any evidence in your last FRST logs of active malware on your computer.

Thank you and have a great day.

Regards,
-Phil


Member of the Unified Network of Instructors and Trusted Eliminators


#11 Caramello222

Caramello222
  • Topic Starter

  • Members
  • 137 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:02:20 AM

Posted 18 April 2016 - 06:59 PM

There is no more malware or issues of malware concern. I thank you very much for removing, fixing, and educating me. I wish you the best of luck in your studies.



#12 garioch7

garioch7

    RCMP Veteran


  • Malware Response Instructor
  • 3,693 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Port Hood, Nova Scotia, Canada
  • Local time:03:20 AM

Posted 19 April 2016 - 10:28 AM

Caramello222:
 
Thank you for your your post.  I am really pleased that all is well with your computer!   :thumbsup:



Some Final Advice ...

The most common cause of an infected machine is the Trojan Horse, or programs which appear to be legitimate but which contain malicious payloads, or which are simply malicious in and of themselves. No antivirus, firewall, host-based intrusion prevention system (HIPS), or other security software can fully protect you against this kind of attack. The best way to project yourself is not to run email attachments from untrusted sources, and avoid software downloaded from the internet wherever possible. Remember, when you run an application, you are giving that application permission to do to your machine anything you can do to the machine, including create, modify, or destroy files or other data. In the Windows (and most other systems' such as Unix) security model, applications don't have privileges, users do.

The second most common cause of infection is out of date software. Leaving your system unpatched leaves holes through which attackers can execute code on your behalf without your consent. This goes for far more than common targets such as Windows and Internet Explorer. Most recent threats target other third party software, such as Adobe's Adobe Reader, Shockwave Player, or Flash Player, or Oracle's Java browser plugins. You can check your system for out of date software manually, or by using automated tools such as Secunia's Personal Software Inspector. This goes doubly for security applications such as antivirus and other antimalware products based on definition lists, where out-of-date lists mean no detection of newer malware.

Finally, occasionally you will be forced to run some potentially infected binary, or attackers will use a hole which is unpatched by software vendors, so a last line of defense is needed. That means turning on a firewall (Windows Firewall included with Windows Vista or later is fine) and leaving it on, and using and keeping up-to-date an antivirus solution such as Bitdefender. Antiviral solutions don't even have to cost money; for instance Microsoft Secuity Essentials provides perfectly acceptable protection for free. If for some reason you don't like MSE, there are other free products available as well:

  • Avast (home use only)
  • Avira (shows nag screen to purchase full product when updating, home use only)
  • Bitdefender Free (home use only)

That should be fine for the majority of users. However, if you absolutely want additional protection, consider one or more of the following products:

If you want more information on methods malware uses to infect your computer, consider browsing our How did I get infected? topic.



It has been a pleasure assisting you and I hope that you will avoid any further infections in the future. Your most important protection step is to ALWAYS HAVE MORE THAN ONE RECENT BACKUP OF YOUR ENTIRE SYSTEM on an external drive that is only connected to your computer long enough to backup or restore. I do system images weekly. With the free backup software out there (Easeus ToDo Backup Home, Macrium Reflect, etc.), and the very reasonable prices for external USB hard drives, there is no reason to not have a backup.

On behalf of the Bleeping Computer Community, stay safe out there in cyberspace and have a great day.

Regards,
-Phil
 
PS: Thank you for your best wishes as I continue my malware removal studies, and thank you for being a part of my education.  Your patience and understanding were much appreciated.


Member of the Unified Network of Instructors and Trusted Eliminators


#13 LiquidTension

LiquidTension

  • Malware Response Team
  • 1,278 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:06:20 AM

Posted 20 April 2016 - 11:09 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users