Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Uknown bug! Opens new: FFox tabs, Open Off. docs, scrolls down in email replies


  • This topic is locked This topic is locked
9 replies to this topic

#1 Rachel Webb

Rachel Webb

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:San Antonio
  • Local time:01:37 PM

Posted 13 May 2016 - 09:58 PM

Hi!
 
Thank you so much for this valuable forum and thanks in advance for any help that you may provide!
 
I've tried several times to get rid of this pest.  My computer will then seemingly run normally for a day or so and then...  it's baaaack! :devil:
 
It usually starts off when I'm replying to someone in gmail.  I hit enter and it starts a never ending scroll towards the bottom of the reply. Naturally, I'm not able to get back up to the top to complete and send my reply.
 
Also, when I open up a new tab in Firefox it launches into a rapid barrage of never ending blank new tabs.  One after another, after another....
 
A similar thing happens when I open an Open Office document. It launches into a rapid barrage of never ending blank new documents.
 
PT 2  I'm lucky I got the above posted because it started again with a vengeance,  This post started the never ending scroll downward, so I jumped on the post button.  Notice the vast white space down below? I foolishly opened a file and a program and bam! Like overly caffeinated rabbits! More and more and more... Whee!  Like a roller coaster ride - only free of charge! :lol:
 
I've employed Rkill, Farbar Recovery Scan Tool(even though I don't know how to accurately interpret the results), Junkware Removal Tool, AdwCleaner, Roguekiller, Malwarebytes Anti-Malware, SUPERAntiSpyware, Emsisoft Emergency Kit in my futile attempts to get this sucker gone.  Thanks to this forum and website, I was successfully able to get rid of a nasty little bugger in June of last year. using most of the aforementioned programs.  This time, no cigar! 
 
A little bit about me:I've got Windows 10, a 64-bit version of Windows, I love backing up and long walks on the beach. You probably already know that I would be eternally grateful, if you would be so kind as to aid me in hurling this son (or daughter) of a biscuit eater into the raging, fiery depths of hell forever. :notanangel:
 
And of course, I promise to be a rock of patience and follow your directions to a "T".  Thank you, thank you, thank you! :clapping:
 
Drumroll please....
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-06-2015 01
Ran by Rachael (administrator) on RACHEL on 13-05-2016 13:08:35
Running from C:\Users\Rachael\Desktop\c
Loaded Profiles: Rachael & DefaultAppPool &  (Available Profiles: Rachael & DefaultAppPool)
Platform: Windows 10 Home (X64) OS Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Protexis Inc.) C:\Program Files (x86)\Common Files\Protexis\License Service\PsiService_2.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\System32\sihost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\taskhostw.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(InterVideo) C:\Program Files (x86)\Common Files\InterVideo\RegMgr\iviRegMgr.exe
(Bitdefender) C:\Program Files\Bitdefender\Antivirus Free Edition\gziface.exe
(Nero AG) C:\Program Files (x86)\Nero\Update\NASvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Microsoft Corporation) C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
() C:\Windows\WebCam\S6000\S6000Mnt.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
(Zemana Ltd.) C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Windows\System32\taskhostw.exe
(Microsoft Corporation) C:\Windows\System32\ApplicationFrameHost.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Windows\System32\fontdrvhost.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_242.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe


==================== Registry (Whitelisted) ==================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13774040 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3952800 2015-08-21] (Synaptics Incorporated)
HKLM-x32\...\Run: [S6000Mnt] => C:\WINDOWS\SysWOW64\Rundll32.exe S6000Rmv.dll,WinMainRmv /StartStillMnt
HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2623456 2016-04-15] (Malwarebytes Corporation)
HKLM-x32\...\Run: [ZALFree] => C:\Program Files (x86)\Zemana AntiLogger Free\AntiLogger Free.exe [8980016 2015-11-05] (Zemana Ltd.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
HKLM\...\Policies\Explorer: [MemCheckBoxInRunDlg] 1
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-21-1886087188-3012966341-3694774313-1000\...\Run: [CCleaner] => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
HKU\S-1-5-21-1886087188-3012966341-3694774313-1000\...\Run: [OneDrive] => C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\OneDrive.exe [554176 2016-04-25] (Microsoft Corporation)
HKU\S-1-5-21-1886087188-3012966341-3694774313-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-04-20] (SUPERAntiSpyware)
HKU\S-1-5-21-1886087188-3012966341-3694774313-1000\...\RunOnce: [Uninstall C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64"
HKU\S-1-5-21-1886087188-3012966341-3694774313-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [CCleaner] => "C:\Program Files\CCleaner\CCleaner64.exe" /AUTO
HKU\S-1-5-21-1886087188-3012966341-3694774313-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OneDrive] => C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\OneDrive.exe [554176 2016-04-25] (Microsoft Corporation)
HKU\S-1-5-21-1886087188-3012966341-3694774313-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-04-20] (SUPERAntiSpyware)
HKU\S-1-5-21-1886087188-3012966341-3694774313-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Uninstall C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\17.3.6302.0225_1\amd64"
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-10-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass FF RunOnce.lnk [2016-05-09]
ShortcutTarget: Install LastPass FF RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-05-09]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Malwarebytes Anti-Ransomware.lnk [2016-05-08]
ShortcutTarget: Malwarebytes Anti-Ransomware.lnk -> C:\Program Files\Malwarebytes\Anti-Ransomware\mbarw.exe (Malwarebytes)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-04-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-04-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-04-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-04-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\FileSyncShell64.dll [2016-04-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-25] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Rachael\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileSyncShell.dll [2016-04-25] (Microsoft Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1886087188-3012966341-3694774313-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1886087188-3012966341-3694774313-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-19-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-1886087188-3012966341-3694774313-1000\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-1886087188-3012966341-3694774313-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1886087188-3012966341-3694774313-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-1886087188-3012966341-3694774313-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1886087188-3012966341-3694774313-1000 -> {B6A20C77-C9B3-4440-A21D-625EFA3F865B} URL = https://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-1886087188-3012966341-3694774313-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {B6A20C77-C9B3-4440-A21D-625EFA3F865B} URL = https://www.google.com/search?q={searchTerms}
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-05-09] (LastPass)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-05-09] (LastPass)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2016-05-09] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2016-05-09] (LastPass)
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\System32\tbauth.dll [2016-03-29] (Microsoft Corporation)
Handler-x32: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll [2016-03-29] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 66.90.130.101 66.90.130.10 192.168.1.1
Tcpip\..\Interfaces\{00c2d75c-3c0a-4948-bc31-0d13c1c6649f}: [DhcpNameServer] 8.8.8.8 8.8.4.4
Tcpip\..\Interfaces\{058345c0-8bc0-4871-bcc5-f1c925efebe8}: [DhcpNameServer] 66.90.130.101 66.90.130.10 192.168.1.1
Tcpip\..\Interfaces\{ad7fd905-64af-4e4b-bd82-5e8c576d6da8}: [DhcpNameServer] 192.168.15.1

FireFox:
========
FF ProfilePath: C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\jsq1xtfh.default
FF DefaultSearchEngine: Yahoo!
FF SelectedSearchEngine: Yahoo!
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-12] ()
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-05-09] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-12] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1221171.dll [2015-10-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2016-05-09] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: @videolan.org/vlc,version=2.2.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-04-26] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2016-04-23] (Adobe Systems Inc.)
FF Extension: LastPass - C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\jsq1xtfh.default\Extensions\support@lastpass.com [2016-05-09]
FF Extension: uBlock Origin - C:\Users\Rachael\AppData\Roaming\Mozilla\Firefox\Profiles\jsq1xtfh.default\Extensions\uBlock0@raymondhill.net.xpi [2016-05-09]
FF Extension: Default - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}.xpi [2016-05-04]

Chrome:
=======
CHR Profile: C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-29]
CHR Extension: (Google Docs) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-29]
CHR Extension: (Google Drive) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-29]
CHR Extension: (YouTube) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-29]
CHR Extension: (Google Search) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-29]
CHR Extension: (Google Sheets) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-29]
CHR Extension: (Completed Listings on Ebay) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\fhlahfacjhfmadcmbkcdjdjacbpmkhpp [2015-08-07]
CHR Extension: (Google Docs Offline) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-10-13]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2015-04-29]
CHR Extension: (Disconnect Search) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmobfennjmjnkdbklhcnnfbhfibedgkk [2015-07-03]
CHR Extension: (Disconnect) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2015-07-03]
CHR Extension: (Cisco WebEx Extension) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\jlhmfgmfgeifomenelglieieghnjghma [2015-04-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-29]
CHR Extension: (Gmail) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-29]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hmobfennjmjnkdbklhcnnfbhfibedgkk] - https://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [jeoacafpbcihiomhlakheieifhpjdfeo] - https://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) =================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AJRouter; C:\Windows\System32\AJRouter.dll [23040 2015-10-30] (Microsoft Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [282112 2012-10-26] (Brother Industries, Ltd.) [File not signed]
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-10-30] (Microsoft Corporation)
R3 CDPSvc; C:\Windows\System32\CDPSvc.dll [287744 2015-10-30] (Microsoft Corporation)
S3 ClipSVC; C:\Windows\System32\ClipSVC.dll [625000 2016-03-17] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [754664 2016-04-23] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [461824 2016-04-22] (Microsoft Corporation)
S3 DcpSvc; C:\Windows\system32\dcpsvc.dll [186880 2015-10-30] (Microsoft Corporation)
S3 DevQueryBroker; C:\Windows\system32\DevQueryBroker.dll [34304 2015-10-30] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [31744 2015-10-30] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [278016 2015-10-30] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [200192 2015-10-30] (Microsoft Corporation)
S2 dmwappushservice; C:\Windows\system32\dmwappushsvc.dll [57856 2015-10-30] (Microsoft Corporation)
S2 DoSvc; C:\Windows\system32\svchost.exe [43944 2015-10-30] (Microsoft Corporation)
S2 DoSvc; C:\Windows\SysWOW64\svchost.exe [37256 2015-10-30] (Microsoft Corporation)
R3 DsSvc; C:\Windows\System32\DsSvc.dll [145408 2016-03-17] (Microsoft Corporation)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [111616 2015-10-30] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [313856 2015-10-30] (Microsoft Corporation)
R2 gzserv; C:\Program Files\Bitdefender\Antivirus Free Edition\gzserv.exe [79552 2016-05-09] (Bitdefender)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-05-12] (SurfRight B.V.)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [162304 2016-02-13] (Microsoft Corporation)
R3 lfsvc; C:\Windows\System32\lfsvc.dll [27136 2015-10-30] (Microsoft Corporation)
R3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [22528 2015-10-30] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [22528 2015-10-30] (Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [72704 2016-04-22] (Microsoft Corporation)
R2 MB3Service; C:\Program Files\Malwarebytes\Anti-Ransomware\MBAMService.exe [3141088 2016-03-23] (Malwarebytes)
R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [742368 2016-04-15] (Malwarebytes Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26624 2016-03-17] (Microsoft Corporation)
S3 NetSetupSvc; C:\Windows\System32\NetSetupSvc.dll [207360 2016-04-22] (Microsoft Corporation)
S3 NgcCtnrSvc; C:\Windows\System32\NgcCtnrSvc.dll [289792 2016-05-05] (Microsoft Corporation)
S3 NgcSvc; C:\Windows\system32\ngcsvc.dll [649216 2016-05-05] (Microsoft Corporation)
S3 PhoneSvc; C:\Windows\System32\PhoneService.dll [749056 2016-02-13] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [1073152 2016-04-22] (Microsoft Corporation)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1297408 2015-10-30] (Microsoft Corporation)
S3 SensorService; C:\Windows\system32\SensorService.dll [339968 2016-03-29] (Microsoft Corporation)
R3 SmsRouter; C:\Windows\system32\SmsRouterSvc.dll [591872 2016-03-17] (Microsoft Corporation)
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2745856 2015-10-30] (Microsoft Corporation)
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2179584 2015-10-30] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247968 2015-08-21] (Synaptics Incorporated)
S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [290304 2015-10-30] (Microsoft Corporation)
R2 tiledatamodelsvc; C:\Windows\system32\tileobjserver.dll [497152 2016-04-22] (Microsoft Corporation)
S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [87040 2016-03-29] (Microsoft Corporation)
R2 UserManager; C:\Windows\System32\usermgr.dll [912384 2016-02-13] (Microsoft Corporation)
S3 UsoSvc; C:\Windows\system32\usocore.dll [360960 2015-10-30] (Microsoft Corporation)
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2016-03-17] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [579072 2016-03-17] (Microsoft Corporation)
S3 WalletService; C:\Windows\system32\WalletService.dll [497664 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S3 WpnService; C:\Windows\system32\WpnService.dll [49152 2015-10-30] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [948736 2016-03-29] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1139712 2016-03-17] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1035776 2016-02-13] (Microsoft Corporation)

==================== Drivers (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)
S3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [593144 2013-04-17] (BitDefender)
S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [9728 2015-10-30] (Windows ® Win 7 DDK provider)
S1 bdfwfpf; C:\Program Files\Bitdefender\Antivirus Free Edition\bdfwfpf.sys [121928 2013-07-02] (Bitdefender SRL)
S3 buttonconverter; C:\Windows\System32\drivers\buttonconverter.sys [37376 2015-10-30] (Microsoft Corporation)
S3 CapImg; C:\Windows\System32\drivers\capimg.sys [117248 2016-02-13] (Microsoft Corporation)
S4 cnghwassist; C:\Windows\System32\DRIVERS\cnghwassist.sys [39264 2015-10-30] (Microsoft Corporation)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys [40448 2015-10-30] (Microsoft Corporation)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3436896 2015-10-30] (QLogic Corporation)
R1 epp64; C:\Windows\System32\DRIVERS\epp64.sys [138504 2016-05-08] (Emsisoft GmbH)
R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-04-15] ()
R3 farflt; C:\WINDOWS\system32\drivers\farflt.sys [59776 2016-05-12] (Malwarebytes)
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [87552 2016-04-22] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [20992 2015-10-30] (Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-10-30] (Microsoft Corporation)
R1 gzflt; C:\Windows\System32\DRIVERS\gzflt.sys [148696 2013-04-22] (BitDefender LLC)
S3 hidinterrupt; C:\Windows\System32\drivers\hidinterrupt.sys [50016 2015-10-30] (Microsoft Corporation)
S3 iai2c; C:\Windows\System32\drivers\iai2c.sys [81408 2015-10-30] (Intel® Corporation)
S3 iaLPSS2i_I2C; C:\Windows\System32\drivers\iaLPSS2i_I2C.sys [165888 2015-10-30] (Intel Corporation)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424800 2015-10-30] (Mellanox)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [26624 2015-10-30] (Microsoft Corporation)
S3 k57nd; C:\Windows\System32\DRIVERS\k57amd64.sys [333864 2009-12-11] (Broadcom Corporation)
R3 keycrypt; C:\Windows\System32\DRIVERS\KeyCrypt64.sys [143904 2015-11-05] (Zemana Ltd.)
S0 LSI_SAS2i; C:\Windows\System32\drivers\lsi_sas2i.sys [104800 2015-10-30] (LSI Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99168 2015-10-30] (Avago Technologies)
R0 MBAMSwissArmy; C:\Windows\System32\drivers\MBAMSwissArmy.sys [217328 2016-05-12] (Malwarebytes)
S0 megasas; C:\Windows\System32\drivers\megasas.sys [59744 2015-10-30] (Avago Technologies)
S3 MessagingService; No ImagePath
U3 MessagingService_10651d; No ImagePath
U3 MessagingService_10d9b6; No ImagePath
U3 MessagingService_10f678; No ImagePath
U3 MessagingService_124e95; No ImagePath
U3 MessagingService_127b7f; No ImagePath
U3 MessagingService_12e9d8; No ImagePath
U3 MessagingService_13abf4; No ImagePath
U3 MessagingService_14c229; No ImagePath
U3 MessagingService_158896; No ImagePath
U3 MessagingService_15ffb2; No ImagePath
U3 MessagingService_16d8ec; No ImagePath
U3 MessagingService_17b17d; No ImagePath
U3 MessagingService_189718; No ImagePath
U3 MessagingService_1ef64e; No ImagePath
U3 MessagingService_2064e; No ImagePath
U3 MessagingService_3667e1e; No ImagePath
S3 MessagingService_8a9f2; No ImagePath
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705376 2015-10-30] (Mellanox)
R2 MMCSS; C:\Windows\system32\drivers\mmcss.sys [47616 2015-10-30] (Microsoft Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175616 2016-03-17] (Microsoft Corporation)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76128 2015-10-30] (Mellanox)
S3 netvsc; C:\Windows\System32\drivers\netvsc.sys [108032 2015-10-30] (Microsoft Corporation)
S2 OneSyncSvc; No ImagePath
U2 OneSyncSvc_10651d; No ImagePath
U2 OneSyncSvc_10d9b6; No ImagePath
U2 OneSyncSvc_10f678; No ImagePath
U2 OneSyncSvc_124e95; No ImagePath
U2 OneSyncSvc_127b7f; No ImagePath
U2 OneSyncSvc_12e9d8; No ImagePath
U2 OneSyncSvc_13abf4; No ImagePath
U2 OneSyncSvc_14c229; No ImagePath
U2 OneSyncSvc_158896; No ImagePath
U2 OneSyncSvc_15ffb2; No ImagePath
U2 OneSyncSvc_16d8ec; No ImagePath
U2 OneSyncSvc_17b17d; No ImagePath
U2 OneSyncSvc_189718; No ImagePath
U2 OneSyncSvc_1ef64e; No ImagePath
U2 OneSyncSvc_2064e; No ImagePath
U2 OneSyncSvc_3667e1e; No ImagePath
U2 OneSyncSvc_450e2; No ImagePath
R2 OneSyncSvc_8a9f2; No ImagePath
S0 percsas2i; C:\Windows\System32\drivers\percsas2i.sys [58208 2015-10-30] (LSI Corporation)
S0 percsas3i; C:\Windows\System32\drivers\percsas3i.sys [58720 2015-10-30] (Avago Technologies)
S3 PimIndexMaintenanceSvc; No ImagePath
U3 PimIndexMaintenanceSvc_10651d; No ImagePath
U3 PimIndexMaintenanceSvc_10d9b6; No ImagePath
U3 PimIndexMaintenanceSvc_10f678; No ImagePath
U3 PimIndexMaintenanceSvc_124e95; No ImagePath
U3 PimIndexMaintenanceSvc_127b7f; No ImagePath
U3 PimIndexMaintenanceSvc_12e9d8; No ImagePath
U3 PimIndexMaintenanceSvc_13abf4; No ImagePath
U3 PimIndexMaintenanceSvc_14c229; No ImagePath
U3 PimIndexMaintenanceSvc_158896; No ImagePath
U3 PimIndexMaintenanceSvc_15ffb2; No ImagePath
U3 PimIndexMaintenanceSvc_16d8ec; No ImagePath
U3 PimIndexMaintenanceSvc_17b17d; No ImagePath
U3 PimIndexMaintenanceSvc_189718; No ImagePath
U3 PimIndexMaintenanceSvc_1ef64e; No ImagePath
U3 PimIndexMaintenanceSvc_2064e; No ImagePath
U3 PimIndexMaintenanceSvc_3667e1e; No ImagePath
R3 PimIndexMaintenanceSvc_8a9f2; No ImagePath
S3 ReFSv1; C:\Windows\System32\Drivers\ReFSv1.sys [930656 2015-10-30] (Microsoft Corporation)
R3 S6000KNT; C:\Windows\System32\Drivers\S6000KNT.sys [183040 2009-12-15] (Windows ® Win 7 DDK provider)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44192 2015-08-21] (Synaptics Incorporated)
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [78848 2015-10-30] (Microsoft Corporation)
S0 storufs; C:\Windows\System32\drivers\storufs.sys [34144 2015-10-30] (Microsoft Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-05-08] ()
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [63488 2016-04-22] (Microsoft Corporation)
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [46592 2015-10-30] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45056 2015-10-30] (Microsoft Corporation)
S3 Ufx01000; C:\Windows\System32\drivers\ufx01000.sys [258912 2016-03-29] (Microsoft Corporation)
S3 UfxChipidea; C:\Windows\System32\drivers\UfxChipidea.sys [94048 2015-10-30] (Microsoft Corporation)
S3 ufxsynopsys; C:\Windows\System32\drivers\ufxsynopsys.sys [131424 2016-04-23] (Microsoft Corporation)
S3 UnistoreSvc; No ImagePath
U3 UnistoreSvc_10651d; No ImagePath
U3 UnistoreSvc_10d9b6; No ImagePath
U3 UnistoreSvc_10f678; No ImagePath
U3 UnistoreSvc_124e95; No ImagePath
U3 UnistoreSvc_127b7f; No ImagePath
U3 UnistoreSvc_12e9d8; No ImagePath
U3 UnistoreSvc_13abf4; No ImagePath
U3 UnistoreSvc_14c229; No ImagePath
U3 UnistoreSvc_158896; No ImagePath
U3 UnistoreSvc_15ffb2; No ImagePath
U3 UnistoreSvc_16d8ec; No ImagePath
U3 UnistoreSvc_17b17d; No ImagePath
U3 UnistoreSvc_189718; No ImagePath
U3 UnistoreSvc_1ef64e; No ImagePath
U3 UnistoreSvc_2064e; No ImagePath
U3 UnistoreSvc_3667e1e; No ImagePath
R3 UnistoreSvc_8a9f2; No ImagePath
S3 UrsChipidea; C:\Windows\System32\drivers\urschipidea.sys [28512 2015-10-30] (Microsoft Corporation)
S3 UrsCx01000; C:\Windows\System32\drivers\urscx01000.sys [57696 2015-10-30] (Microsoft Corporation)
S3 UrsSynopsys; C:\Windows\System32\drivers\urssynopsys.sys [27488 2015-10-30] (Microsoft Corporation)
S3 UserDataSvc; No ImagePath
U3 UserDataSvc_10651d; No ImagePath
U3 UserDataSvc_10d9b6; No ImagePath
U3 UserDataSvc_10f678; No ImagePath
U3 UserDataSvc_124e95; No ImagePath
U3 UserDataSvc_127b7f; No ImagePath
U3 UserDataSvc_12e9d8; No ImagePath
U3 UserDataSvc_13abf4; No ImagePath
U3 UserDataSvc_14c229; No ImagePath
U3 UserDataSvc_158896; No ImagePath
U3 UserDataSvc_15ffb2; No ImagePath
U3 UserDataSvc_16d8ec; No ImagePath
U3 UserDataSvc_17b17d; No ImagePath
U3 UserDataSvc_189718; No ImagePath
U3 UserDataSvc_1ef64e; No ImagePath
U3 UserDataSvc_2064e; No ImagePath
U3 UserDataSvc_3667e1e; No ImagePath
R3 UserDataSvc_8a9f2; No ImagePath
S3 vhf; C:\Windows\System32\drivers\vhf.sys [31744 2015-10-30] (Microsoft Corporation)
S3 wdiwifi; C:\Windows\System32\DRIVERS\wdiwifi.sys [694784 2016-03-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [106520 2015-10-30] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [17944 2015-10-30] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [26976 2015-10-30] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59232 2015-10-30] (Mellanox)
R3 WirelessKeyboardFilter; C:\Windows\System32\drivers\WirelessKeyboardFilter.sys [49384 2016-03-29] (Microsoft Corporation)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [238592 2016-03-17] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [26112 2016-03-29] (Microsoft Corporation)
R1 ZAM; C:\Windows\System32\drivers\zam64.sys [108920 2015-07-01] (Zemana Ltd.)
R1 ZAM_Guard; C:\Windows\System32\drivers\zamguard64.sys [108920 2015-07-01] (Zemana Ltd.)
U3 idsvc; No ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: dosvc -> No ServiceDLL Path.
NETSVC: DcpSvc -> C:\Windows\system32\dcpsvc.dll (Microsoft Corporation)
NETSVC: NetSetupSvc -> C:\Windows\System32\NetSetupSvc.dll (Microsoft Corporation)
NETSVC: RetailDemo -> C:\Windows\system32\RDXService.dll (Microsoft Corporation)
NETSVC: dmwappushservice -> C:\Windows\system32\dmwappushsvc.dll (Microsoft Corporation)
NETSVC: XboxNetApiSvc -> C:\Windows\system32\XboxNetApiSvc.dll (Microsoft Corporation)
NETSVC: UsoSvc -> C:\Windows\system32\usocore.dll (Microsoft Corporation)
NETSVC: XblGameSave -> C:\Windows\System32\XblGameSave.dll (Microsoft Corporation)
NETSVC: DmEnrollmentSvc -> C:\Windows\system32\Windows.Internal.Management.dll (Microsoft Corporation)
NETSVC: UserManager -> C:\Windows\System32\usermgr.dll (Microsoft Corporation)
NETSVC: XblAuthManager -> C:\Windows\System32\XblAuthManager.dll (Microsoft Corporation)
NETSVCx32: NetSetupSvc -> C:\Windows\SysWOW64\NetSetupSvc.dll ==> No File
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-13 12:52 - 2016-05-13 12:55 - 00002280 _____ C:\Users\Rachael\Desktop\Rkill.txt
2016-05-12 21:43 - 2016-05-12 21:43 - 00000000 ____D C:\Users\Public\Documents\sun
2016-05-12 11:34 - 2016-05-12 11:34 - 00224056 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-05-12 11:34 - 2016-05-12 11:34 - 00018704 _____ C:\WINDOWS\PFRO.log
2016-05-12 11:34 - 2016-05-12 11:34 - 00000124 _____ C:\WINDOWS\DtcInstall.log
2016-05-11 22:34 - 2016-05-11 22:53 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\Wise Disk Cleaner
2016-05-11 22:34 - 2016-05-11 22:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wise Disk Cleaner
2016-05-11 22:34 - 2016-05-11 22:34 - 00000000 ____D C:\Program Files (x86)\Wise
2016-05-11 13:47 - 2016-05-11 13:47 - 00025975 _____ C:\Users\Rachael\Desktop\CopyofAnswerstemplate.odt
2016-05-11 12:47 - 2016-04-22 23:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-11 12:47 - 2016-04-22 23:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-11 12:47 - 2016-04-22 23:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-11 12:47 - 2016-04-22 23:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-11 12:47 - 2016-04-22 23:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-11 12:47 - 2016-04-22 23:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-11 12:47 - 2016-04-22 23:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-11 12:47 - 2016-04-22 23:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-11 12:47 - 2016-04-22 23:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-11 12:47 - 2016-04-22 23:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-11 12:47 - 2016-04-22 23:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-11 12:47 - 2016-04-22 23:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-11 12:47 - 2016-04-22 23:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-11 12:47 - 2016-04-22 23:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-11 12:47 - 2016-04-22 23:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-11 12:47 - 2016-04-22 23:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-11 12:47 - 2016-04-22 23:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-11 12:47 - 2016-04-22 23:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-11 12:47 - 2016-04-22 23:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-11 12:47 - 2016-04-22 23:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-11 12:47 - 2016-04-22 23:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-11 12:47 - 2016-04-22 23:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-11 12:47 - 2016-04-22 23:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-11 12:47 - 2016-04-22 23:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-11 12:46 - 2016-04-30 01:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-11 12:46 - 2016-04-30 01:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-11 12:46 - 2016-04-23 01:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-11 12:46 - 2016-04-23 01:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-11 12:46 - 2016-04-23 01:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-11 12:46 - 2016-04-23 01:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-11 12:46 - 2016-04-23 01:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-11 12:46 - 2016-04-23 01:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-11 12:46 - 2016-04-23 01:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-11 12:46 - 2016-04-23 00:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-11 12:46 - 2016-04-23 00:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-11 12:46 - 2016-04-23 00:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-11 12:46 - 2016-04-23 00:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-11 12:46 - 2016-04-23 00:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-11 12:46 - 2016-04-23 00:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-11 12:46 - 2016-04-23 00:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-11 12:46 - 2016-04-23 00:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-11 12:46 - 2016-04-23 00:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-11 12:46 - 2016-04-23 00:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-11 12:46 - 2016-04-23 00:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-11 12:46 - 2016-04-23 00:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-11 12:46 - 2016-04-23 00:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-11 12:46 - 2016-04-23 00:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-11 12:46 - 2016-04-23 00:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-11 12:46 - 2016-04-23 00:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-11 12:46 - 2016-04-23 00:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-11 12:46 - 2016-04-23 00:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-11 12:46 - 2016-04-23 00:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-11 12:46 - 2016-04-23 00:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-11 12:46 - 2016-04-23 00:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-11 12:46 - 2016-04-23 00:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-11 12:46 - 2016-04-23 00:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-11 12:46 - 2016-04-23 00:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-11 12:46 - 2016-04-22 23:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-11 12:46 - 2016-04-22 23:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-11 12:46 - 2016-04-22 23:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-11 12:46 - 2016-04-22 23:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-11 12:46 - 2016-04-22 23:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-11 12:46 - 2016-04-22 23:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-11 12:46 - 2016-04-22 23:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-11 12:46 - 2016-04-22 23:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-11 12:46 - 2016-04-22 23:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-11 12:46 - 2016-04-22 23:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-11 12:46 - 2016-04-22 23:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-11 12:46 - 2016-04-22 23:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-11 12:46 - 2016-04-22 23:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-11 12:46 - 2016-04-22 23:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-11 12:46 - 2016-04-22 23:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-11 12:46 - 2016-04-22 23:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-11 12:46 - 2016-04-22 23:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-11 12:46 - 2016-04-22 23:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-11 12:46 - 2016-04-22 23:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-11 12:46 - 2016-04-22 23:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-11 12:46 - 2016-04-22 23:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-11 12:46 - 2016-04-22 23:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-11 12:46 - 2016-04-22 23:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-11 12:46 - 2016-04-22 23:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-11 12:46 - 2016-04-22 23:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-11 12:46 - 2016-04-22 23:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-11 12:46 - 2016-04-22 23:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-11 12:46 - 2016-04-22 23:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-11 12:46 - 2016-04-22 23:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-11 12:46 - 2016-04-22 23:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-11 12:46 - 2016-04-22 23:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-11 12:46 - 2016-04-22 23:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-11 12:46 - 2016-04-22 23:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-11 12:46 - 2016-04-22 23:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-11 12:46 - 2016-04-22 23:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-11 12:46 - 2016-04-22 23:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-11 12:46 - 2016-04-22 23:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-11 12:46 - 2016-04-22 23:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-11 12:46 - 2016-04-22 23:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-11 12:46 - 2016-04-22 23:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-11 12:46 - 2016-04-22 23:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-11 12:46 - 2016-04-22 23:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-11 12:46 - 2016-04-22 23:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-11 12:46 - 2016-04-22 23:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-11 12:46 - 2016-04-22 23:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-11 12:46 - 2016-04-22 23:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-11 12:46 - 2016-04-22 23:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-11 12:46 - 2016-04-22 23:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-11 12:45 - 2016-05-05 23:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-11 12:45 - 2016-05-05 23:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-11 12:45 - 2016-05-05 23:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-11 12:45 - 2016-05-05 22:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-11 12:45 - 2016-05-05 22:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-11 12:45 - 2016-05-05 22:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-11 12:45 - 2016-05-05 22:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-11 12:45 - 2016-05-05 22:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-11 12:45 - 2016-04-23 01:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-11 12:45 - 2016-04-23 00:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-11 12:45 - 2016-04-23 00:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-11 12:45 - 2016-04-23 00:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-11 12:45 - 2016-04-23 00:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-11 12:45 - 2016-04-23 00:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-11 12:45 - 2016-04-23 00:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-11 12:45 - 2016-04-23 00:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-11 12:45 - 2016-04-23 00:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-11 12:45 - 2016-04-23 00:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-11 12:45 - 2016-04-23 00:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-11 12:45 - 2016-04-23 00:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-11 12:45 - 2016-04-23 00:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-11 12:45 - 2016-04-23 00:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-11 12:45 - 2016-04-23 00:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-11 12:45 - 2016-04-23 00:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-11 12:45 - 2016-04-23 00:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-11 12:45 - 2016-04-23 00:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-11 12:45 - 2016-04-23 00:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-11 12:45 - 2016-04-23 00:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-11 12:45 - 2016-04-23 00:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-11 12:45 - 2016-04-23 00:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-11 12:45 - 2016-04-23 00:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-11 12:45 - 2016-04-23 00:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-11 12:45 - 2016-04-23 00:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-11 12:45 - 2016-04-23 00:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-11 12:45 - 2016-04-23 00:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-11 12:45 - 2016-04-23 00:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-11 12:45 - 2016-04-23 00:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-11 12:45 - 2016-04-23 00:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-11 12:45 - 2016-04-23 00:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-11 12:45 - 2016-04-23 00:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-11 12:45 - 2016-04-23 00:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-11 12:45 - 2016-04-23 00:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-11 12:45 - 2016-04-23 00:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-11 12:45 - 2016-04-23 00:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-11 12:45 - 2016-04-23 00:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-11 12:45 - 2016-04-23 00:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-11 12:45 - 2016-04-23 00:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-11 12:45 - 2016-04-22 23:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-11 12:45 - 2016-04-22 23:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-11 12:45 - 2016-04-22 23:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-11 12:45 - 2016-04-22 23:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-11 12:45 - 2016-04-22 23:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-11 12:45 - 2016-04-22 23:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-11 12:45 - 2016-04-22 23:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-11 12:45 - 2016-04-22 23:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-11 12:45 - 2016-04-22 23:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-11 12:45 - 2016-04-22 23:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-11 12:45 - 2016-04-22 23:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-11 12:45 - 2016-04-22 23:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-11 12:45 - 2016-04-22 23:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-11 12:45 - 2016-04-22 23:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-11 12:45 - 2016-04-22 23:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-11 12:45 - 2016-04-22 23:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-11 12:45 - 2016-04-22 23:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-11 12:45 - 2016-04-22 23:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-11 12:45 - 2016-04-22 23:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-11 12:45 - 2016-04-22 23:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-11 12:45 - 2016-04-22 23:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-11 12:45 - 2016-04-22 23:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-11 12:45 - 2016-04-22 23:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-11 12:45 - 2016-04-22 23:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-11 12:45 - 2016-04-22 23:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-11 12:45 - 2016-04-22 23:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-11 12:45 - 2016-04-22 23:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-11 12:45 - 2016-04-22 23:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-11 12:45 - 2016-04-22 23:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-11 12:45 - 2016-04-22 23:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-11 12:45 - 2016-04-22 23:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-11 12:45 - 2016-04-22 23:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-11 12:45 - 2016-04-22 23:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-11 12:45 - 2016-04-22 23:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-11 12:45 - 2016-04-22 23:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-11 12:45 - 2016-04-22 23:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-11 12:45 - 2016-04-22 23:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-11 12:45 - 2016-04-22 23:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-11 12:45 - 2016-04-22 23:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-11 12:45 - 2016-04-22 23:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-11 12:45 - 2016-04-22 23:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-11 12:45 - 2016-04-22 23:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-11 12:45 - 2016-04-22 23:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-11 12:45 - 2016-04-22 23:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-11 12:45 - 2016-04-22 23:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-11 12:45 - 2016-04-22 23:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-11 12:45 - 2016-04-22 23:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-11 12:45 - 2016-04-22 23:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-11 12:45 - 2016-04-22 23:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-11 12:45 - 2016-04-22 23:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-11 12:45 - 2016-04-22 23:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-11 12:45 - 2016-04-22 23:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-11 12:45 - 2016-04-22 23:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-11 12:45 - 2016-04-22 23:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-11 12:45 - 2016-04-22 23:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-11 12:45 - 2016-04-22 23:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-11 12:45 - 2016-04-22 23:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-11 12:45 - 2016-04-22 23:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-11 12:45 - 2016-04-22 23:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-11 12:45 - 2016-04-22 23:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-11 12:45 - 2016-04-22 23:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-11 12:45 - 2016-04-22 23:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-11 12:45 - 2016-04-22 23:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-11 12:45 - 2016-04-22 23:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-11 12:45 - 2016-04-22 23:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-11 12:45 - 2016-04-22 23:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-11 12:45 - 2016-04-22 23:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-11 12:45 - 2016-04-22 23:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-11 12:45 - 2016-04-22 23:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-11 12:45 - 2016-04-22 23:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-11 12:45 - 2016-04-22 23:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-11 12:45 - 2016-04-22 23:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-11 12:45 - 2016-04-22 23:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-11 12:45 - 2016-04-22 23:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-11 12:45 - 2016-04-22 23:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-11 12:45 - 2016-04-22 23:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-11 12:45 - 2016-04-22 22:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-11 12:45 - 2016-04-22 21:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-11 12:45 - 2016-04-22 21:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-11 12:45 - 2016-04-18 17:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-11 12:21 - 2016-05-11 12:21 - 00000000 ____D C:\Users\Rachael\Tracing
2016-05-09 22:51 - 2016-05-09 22:51 - 00000000 ____D C:\Users\Rachael\AppData\Local\Plantronics
2016-05-09 22:49 - 2016-05-09 22:49 - 00001164 _____ C:\Users\Public\Desktop\RingCentral for Windows.lnk
2016-05-09 22:49 - 2016-05-09 22:49 - 00000000 ____D C:\Users\Rachael\AppData\Local\RingCentral
2016-05-09 22:49 - 2016-05-09 22:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RingCentral
2016-05-09 22:49 - 2016-05-09 22:49 - 00000000 ____D C:\Program Files (x86)\RingCentral for Windows
2016-05-09 22:49 - 2016-01-11 14:45 - 00023552 _____ (Copyright© RingCentral, inc.) C:\WINDOWS\system32\v_localmon_rc.dll
2016-05-09 22:49 - 2016-01-11 14:45 - 00016896 _____ (Copyright© RingCentral, inc.) C:\WINDOWS\system32\v_localui_rc.dll
2016-05-09 22:18 - 2016-05-09 22:48 - 129904640 _____ C:\Users\Rachael\Downloads\RingCentralForWindows-8.0.6.msi
2016-05-09 17:08 - 2016-05-09 17:08 - 00001152 _____ C:\Users\Public\Desktop\My LastPass Vault.lnk
2016-05-09 17:06 - 2016-05-09 17:07 - 21572120 _____ (LastPass) C:\Users\Rachael\Downloads\lastpass_x64(1).exe
2016-05-09 15:26 - 2016-05-09 15:26 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-RACHEL-Windows-10-Home-(64-bit).dat
2016-05-09 14:25 - 2016-05-09 15:43 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-05-09 13:49 - 2016-05-11 22:38 - 00000000 ____D C:\Program Files (x86)\IObit
2016-05-09 13:49 - 2016-05-09 13:49 - 00000000 ____D C:\ProgramData\ProductData
2016-05-09 13:49 - 2016-05-09 13:49 - 00000000 ____D C:\ProgramData\IObit
2016-05-09 13:49 - 2016-03-25 14:33 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2016-05-09 13:49 - 2016-03-22 11:02 - 00036824 _____ (IObit) C:\WINDOWS\system32\SmartDefragBootTime.exe
2016-05-09 13:48 - 2016-05-11 22:38 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\IObit
2016-05-09 12:36 - 2016-05-09 12:36 - 00000000 ____D C:\Users\Rachael\Desktop\Old Firefox Data
2016-05-08 19:21 - 2016-05-08 19:21 - 00001128 _____ C:\Users\Public\Desktop\OpenOffice 4.1.2.lnk
2016-05-08 19:21 - 2016-05-08 19:21 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.2
2016-05-08 17:39 - 2016-05-08 17:39 - 00001067 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-05-08 17:32 - 2016-05-11 22:39 - 00000000 ____D C:\Users\Rachael\AppData\Local\CrashDumps
2016-05-08 17:11 - 2016-05-08 17:11 - 00000000 ____D C:\Program Files (x86)\Secunia
2016-05-08 16:51 - 2016-05-08 16:51 - 00002750 _____ C:\WINDOWS\system32\.crusader
2016-05-08 16:43 - 2016-05-08 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-05-08 16:43 - 2016-05-08 16:43 - 00000000 ____D C:\Program Files\HitmanPro
2016-05-08 16:42 - 2016-05-08 16:52 - 00000000 ____D C:\ProgramData\HitmanPro
2016-05-08 16:41 - 2016-05-08 16:41 - 00000000 ____D C:\ProgramData\Emsisoft
2016-05-08 16:09 - 2016-05-12 11:35 - 00059776 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-05-08 16:07 - 2016-05-08 17:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-05-08 16:06 - 2016-05-08 16:06 - 00000000 ____D C:\Program Files\Malwarebytes
2016-05-08 16:03 - 2016-05-13 08:03 - 00000528 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 15c818d3-f6e0-430f-9c04-c8f3eb20a6bd.job
2016-05-08 16:03 - 2016-05-13 02:00 - 00000528 _____ C:\WINDOWS\Tasks\SUPERAntiSpyware Scheduled Task 3d9bb572-88be-4134-a665-beaf79478b5f.job
2016-05-08 16:03 - 2016-05-08 16:03 - 00003754 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 3d9bb572-88be-4134-a665-beaf79478b5f
2016-05-08 16:03 - 2016-05-08 16:03 - 00003672 _____ C:\WINDOWS\System32\Tasks\SUPERAntiSpyware Scheduled Task 15c818d3-f6e0-430f-9c04-c8f3eb20a6bd
2016-05-08 16:02 - 2016-05-08 16:02 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\SUPERAntiSpyware.com
2016-05-08 16:02 - 2016-05-08 16:02 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-05-08 16:02 - 2016-05-08 16:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-05-08 16:02 - 2016-05-08 16:02 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-05-06 01:27 - 2016-05-06 01:27 - 00000220 _____ C:\Users\Rachael\Desktop\PrivacyRoot Software.url
2016-05-04 03:21 - 2016-05-11 22:39 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-04-29 12:10 - 2016-04-29 12:10 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-04-22 19:42 - 2016-04-22 19:42 - 00000000 ____D C:\ProgramData\bdch
2016-04-17 17:01 - 2016-04-17 17:01 - 00022509 _____ C:\Users\Rachael\Documents\plants.odt
2016-04-15 00:15 - 2016-04-15 01:09 - 00022280 _____ C:\Users\Rachael\Desktop\swivel plant stand decor shelves.odt
2016-04-14 20:22 - 2016-04-14 20:22 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-04-14 20:22 - 2016-04-14 20:22 - 00000000 ____D C:\Users\DefaultAppPool
2016-04-14 20:22 - 2016-04-13 03:32 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-04-14 20:22 - 2016-03-17 05:55 - 00000000 __RSD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-04-14 20:22 - 2016-03-17 05:55 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-04-14 20:22 - 2016-03-17 05:55 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-04-14 20:22 - 2016-03-17 05:55 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\TuneUp Software
2016-04-14 20:22 - 2015-10-30 02:24 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-13 13:09 - 2015-06-18 09:27 - 00000000 ____D C:\Users\Rachael\Desktop\c
2016-05-13 13:08 - 2015-06-29 11:40 - 00000000 ____D C:\FRST
2016-05-13 13:00 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\sru
2016-05-13 12:34 - 2015-04-21 14:30 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\Skype
2016-05-13 12:32 - 2013-12-12 10:23 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-13 12:12 - 2015-04-29 14:10 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-13 11:56 - 2016-03-12 14:18 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2016-05-13 08:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-13 08:49 - 2015-10-28 22:12 - 00000000 ____D C:\Users\Rachael\AppData\Local\Packages
2016-05-13 07:17 - 2016-04-06 17:06 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{35E462FC-C7CE-4AC7-B2B6-439F21C48DAD}
2016-05-13 03:51 - 2015-04-29 16:21 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit
2016-05-12 23:20 - 2015-04-29 14:11 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-12 16:12 - 2015-04-29 14:10 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-12 11:39 - 2016-03-17 05:47 - 00879202 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-05-12 11:37 - 2016-03-17 05:48 - 00000000 ____D C:\Users\Rachael
2016-05-12 11:35 - 2015-04-29 14:43 - 00217328 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-12 11:34 - 2016-02-13 08:14 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-12 01:13 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-12 01:11 - 2016-02-13 08:03 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-12 01:11 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-12 01:11 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-12 01:11 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-12 01:11 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-11 22:49 - 2013-12-12 08:20 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\vlc
2016-05-11 22:39 - 2016-03-17 08:41 - 00000000 ___DC C:\WINDOWS\Panther
2016-05-11 22:37 - 2016-03-17 05:48 - 00000000 ___RD C:\Users\Rachael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-05-11 22:37 - 2015-10-30 02:24 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-05-11 15:50 - 2015-08-05 15:06 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2016-05-11 13:47 - 2015-10-30 02:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-11 13:47 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-11 13:44 - 2013-11-19 12:38 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-11 13:34 - 2013-11-19 12:38 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-10 16:07 - 2015-04-29 14:10 - 00003978 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 16:07 - 2015-04-29 14:10 - 00003746 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 08:26 - 2015-08-05 18:52 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-05-09 17:08 - 2014-04-01 02:46 - 00000000 ____D C:\Users\Rachael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2016-05-09 17:08 - 2014-04-01 02:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2016-05-09 17:08 - 2014-04-01 02:46 - 00000000 ____D C:\Program Files (x86)\LastPass
2016-05-09 15:36 - 2016-03-17 05:47 - 01009692 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-05-09 14:19 - 2015-06-27 08:07 - 00000000 ____D C:\Program Files (x86)\Wondershare
2016-05-09 13:34 - 2015-07-01 22:34 - 00003768 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-05-09 12:26 - 2014-03-20 05:51 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-05-08 19:20 - 2013-12-07 18:16 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2016-05-08 18:35 - 2015-06-14 22:20 - 00000000 ____D C:\Users\Rachael\Desktop\ebay ama etsy arb
2016-05-08 17:35 - 2015-06-18 11:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3
2016-05-08 17:29 - 2015-06-29 20:27 - 00000000 ____D C:\EEK
2016-05-08 16:52 - 2015-04-29 14:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-08 16:52 - 2015-04-29 14:42 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-08 16:09 - 2015-04-29 14:42 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-08 15:38 - 2015-06-29 19:56 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-05-08 15:32 - 2015-06-18 10:00 - 00000000 ____D C:\AdwCleaner
2016-05-08 15:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\restore
2016-05-08 15:06 - 2015-06-29 20:27 - 00138504 _____ (Emsisoft GmbH) C:\WINDOWS\system32\Drivers\epp64.sys
2016-05-06 01:24 - 2015-07-03 02:21 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-05-05 17:19 - 2015-04-29 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit
2016-05-05 17:19 - 2015-04-29 16:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit
2016-05-02 20:24 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-02 20:24 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-04-25 14:23 - 2015-10-28 22:17 - 00002409 _____ C:\Users\Rachael\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-04-25 14:23 - 2015-10-28 22:17 - 00000000 ___RD C:\Users\Rachael\OneDrive
2016-04-22 18:49 - 2015-01-30 16:31 - 00000000 ____D C:\Users\Rachael\Desktop\BL_MOON_docs
2016-04-14 14:53 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-04-13 03:32 - 2015-10-30 02:24 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-04-13 03:32 - 2015-10-30 02:24 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-04-13 03:32 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-04-13 03:32 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

==================== Files in the root of some directories =======

2014-04-01 02:47 - 2016-05-09 17:08 - 21572120 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
2014-06-17 05:28 - 2015-08-05 11:31 - 0024173 _____ () C:\Users\Rachael\AppData\Local\HWVendorDetection.log
2015-06-20 18:27 - 2015-06-20 18:27 - 0005442 _____ () C:\Users\Rachael\AppData\Local\recently-used.xbel
2015-03-04 06:58 - 2015-03-04 07:01 - 0007608 _____ () C:\Users\Rachael\AppData\Local\resmon.resmoncfg
2016-03-17 05:44 - 2016-03-17 05:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some zero byte size files/folders:
==========================
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-05-11 12:30

==================== End of log ============================
 
  
And let's not forget: Attached File  Addition.txt   62.6KB   2 downloads
 
Please let me know what I can do to help.
 
Rachel

Edited by nasdaq, 14 May 2016 - 08:41 AM.


BC AdBot (Login to Remove)

 


#2 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:37 PM

Posted 14 May 2016 - 08:58 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

No malware was found on your logs.

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start


CreateRestorePoint:
EmptyTemp:
CloseProcesses:

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} =>  No File
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\.DEFAULT\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1886087188-3012966341-3694774313-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
HKU\S-1-5-21-1886087188-3012966341-3694774313-1000-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer: Policy restriction <======= ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-29]
CHR HKLM\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [hdokiejnpimakedhajhdlcegeplioahd] - http://clients2.google.com/service/update2/crx
C:\Users\Rachael\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
S3 MessagingService; No ImagePath
U3 MessagingService_10651d; No ImagePath
U3 MessagingService_10d9b6; No ImagePath
U3 MessagingService_10f678; No ImagePath
U3 MessagingService_124e95; No ImagePath
U3 MessagingService_127b7f; No ImagePath
U3 MessagingService_12e9d8; No ImagePath
U3 MessagingService_13abf4; No ImagePath
U3 MessagingService_14c229; No ImagePath
U3 MessagingService_158896; No ImagePath
U3 MessagingService_15ffb2; No ImagePath
U3 MessagingService_16d8ec; No ImagePath
U3 MessagingService_17b17d; No ImagePath
U3 MessagingService_189718; No ImagePath
U3 MessagingService_1ef64e; No ImagePath
U3 MessagingService_2064e; No ImagePath
U3 MessagingService_3667e1e; No ImagePath
S3 MessagingService_8a9f2; No ImagePath
S2 OneSyncSvc; No ImagePath
U2 OneSyncSvc_10651d; No ImagePath
U2 OneSyncSvc_10d9b6; No ImagePath
U2 OneSyncSvc_10f678; No ImagePath
U2 OneSyncSvc_124e95; No ImagePath
U2 OneSyncSvc_127b7f; No ImagePath
U2 OneSyncSvc_12e9d8; No ImagePath
U2 OneSyncSvc_13abf4; No ImagePath
U2 OneSyncSvc_14c229; No ImagePath
U2 OneSyncSvc_158896; No ImagePath
U2 OneSyncSvc_15ffb2; No ImagePath
U2 OneSyncSvc_16d8ec; No ImagePath
U2 OneSyncSvc_17b17d; No ImagePath
U2 OneSyncSvc_189718; No ImagePath
U2 OneSyncSvc_1ef64e; No ImagePath
U2 OneSyncSvc_2064e; No ImagePath
U2 OneSyncSvc_3667e1e; No ImagePath
U2 OneSyncSvc_450e2; No ImagePath
R2 OneSyncSvc_8a9f2; No ImagePath
S3 PimIndexMaintenanceSvc; No ImagePath
U3 PimIndexMaintenanceSvc_10651d; No ImagePath
U3 PimIndexMaintenanceSvc_10d9b6; No ImagePath
U3 PimIndexMaintenanceSvc_10f678; No ImagePath
U3 PimIndexMaintenanceSvc_124e95; No ImagePath
U3 PimIndexMaintenanceSvc_127b7f; No ImagePath
U3 PimIndexMaintenanceSvc_12e9d8; No ImagePath
U3 PimIndexMaintenanceSvc_13abf4; No ImagePath
U3 PimIndexMaintenanceSvc_14c229; No ImagePath
U3 PimIndexMaintenanceSvc_158896; No ImagePath
U3 PimIndexMaintenanceSvc_15ffb2; No ImagePath
U3 PimIndexMaintenanceSvc_16d8ec; No ImagePath
U3 PimIndexMaintenanceSvc_17b17d; No ImagePath
U3 PimIndexMaintenanceSvc_189718; No ImagePath
U3 PimIndexMaintenanceSvc_1ef64e; No ImagePath
U3 PimIndexMaintenanceSvc_2064e; No ImagePath
U3 PimIndexMaintenanceSvc_3667e1e; No ImagePath
R3 PimIndexMaintenanceSvc_8a9f2; No ImagePath
S3 UnistoreSvc; No ImagePath
U3 UnistoreSvc_10651d; No ImagePath
U3 UnistoreSvc_10d9b6; No ImagePath
U3 UnistoreSvc_10f678; No ImagePath
U3 UnistoreSvc_124e95; No ImagePath
U3 UnistoreSvc_127b7f; No ImagePath
U3 UnistoreSvc_12e9d8; No ImagePath
U3 UnistoreSvc_13abf4; No ImagePath
U3 UnistoreSvc_14c229; No ImagePath
U3 UnistoreSvc_158896; No ImagePath
U3 UnistoreSvc_15ffb2; No ImagePath
U3 UnistoreSvc_16d8ec; No ImagePath
U3 UnistoreSvc_17b17d; No ImagePath
U3 UnistoreSvc_189718; No ImagePath
U3 UnistoreSvc_1ef64e; No ImagePath
U3 UnistoreSvc_2064e; No ImagePath
U3 UnistoreSvc_3667e1e; No ImagePath
R3 UnistoreSvc_8a9f2; No ImagePath
S3 UserDataSvc; No ImagePath
U3 UserDataSvc_10651d; No ImagePath
U3 UserDataSvc_10d9b6; No ImagePath
U3 UserDataSvc_10f678; No ImagePath
U3 UserDataSvc_124e95; No ImagePath
U3 UserDataSvc_127b7f; No ImagePath
U3 UserDataSvc_12e9d8; No ImagePath
U3 UserDataSvc_13abf4; No ImagePath
U3 UserDataSvc_14c229; No ImagePath
U3 UserDataSvc_158896; No ImagePath
U3 UserDataSvc_15ffb2; No ImagePath
U3 UserDataSvc_16d8ec; No ImagePath
U3 UserDataSvc_17b17d; No ImagePath
U3 UserDataSvc_189718; No ImagePath
U3 UserDataSvc_1ef64e; No ImagePath
U3 UserDataSvc_2064e; No ImagePath
U3 UserDataSvc_3667e1e; No ImagePath
R3 UserDataSvc_8a9f2; No ImagePath
U3 idsvc; No ImagePath
NETSVC: dosvc -> No ServiceDLL Path.
NETSVCx32: NetSetupSvc -> C:\Windows\SysWOW64\NetSetupSvc.dll ==> No File
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File
Task: {161501F3-C2B2-4641-8F31-D0AB719F360A} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d No Task File <==== ATTENTION
Task: {2B8B6F3E-5F4D-424F-A554-038F05A994E7} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d No Task File <==== ATTENTION
Task: {63028D8C-0501-4B81-97F6-DA0E0E0C27DE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d No Task File <==== ATTENTION
Task: {859EC587-BE8E-44F1-8E6E-0B4B3FB4DB93} - \Safer-Networking\Spybot - Search and Destroy\Scan the system No Task File <==== ATTENTION
Task: {896906B0-70DB-47B3-9388-68F9F2FB5E9B} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION
Task: {90A82086-FFAF-4461-A22B-72685200FC36} - \Microsoft\Windows\Setup\gwx\launchtrayprocess No Task File <==== ATTENTION
Task: {9556D8D2-1CAF-4963-84FF-AAC2415B8C69} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent No Task File <==== ATTENTION
Task: {B347E14F-C54E-4994-B8DD-F0F1C42DBD1D} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization No Task File <==== ATTENTION
Task: {CC1B877A-0C6C-4E24-95DB-DA0591CFE0FA} - \CCleanerSkipUAC No Task File <==== ATTENTION
Task: {CE4CF94A-517C-4A8C-B843-52579CB06E2B} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B No Task File <==== ATTENTION
Task: {D029FEAA-3EE5-446A-9A4C-8DECE82E1BC4} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd No Task File <==== ATTENTION
Task: {E045CFAB-E1E9-40AF-AB53-61C2908DAC12} - \Safer-Networking\Spybot - Search and Destroy\Check for updates No Task File <==== ATTENTION
Task: {E2C9A294-4502-4897-9F01-E6FB53276E5F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent No Task File <==== ATTENTION
Task: {E8391E7A-AACC-4293-852B-0D3C96879EA5} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d No Task File <==== ATTENTION
Task: {F9C59AD8-5A63-4265-A91A-2E4B55D7C693} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig No Task File <==== ATTENTION
Task: {039139FA-8F54-4633-87DF-51FAA2443BF2} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {716CFBEE-BEF1-477C-90F1-4B471CFBE4D4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {7963A278-9E2E-409E-937A-2FCF05FB6A93} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {947D7335-43E6-47D3-BAEA-A4930B8D17CA} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {ECB9F133-0B76-492E-BE6E-CAE112081FF3} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
AlternateDataStreams: C:\Program Files\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files\Broadcom:Win32App_1
AlternateDataStreams: C:\Program Files\GIMP 2:Win32App_1
AlternateDataStreams: C:\Program Files\HitmanPro:Win32App_1
AlternateDataStreams: C:\Program Files\Image Resizer for Windows:Win32App_1
AlternateDataStreams: C:\Program Files\iTunes:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Mouse and Keyboard Center:Win32App_1
AlternateDataStreams: C:\Program Files\Microsoft Silverlight:Win32App_1
AlternateDataStreams: C:\Program Files\SUPERAntiSpyware:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\AM-DeadLink:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Apple Software Update:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Atheros:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Audacity:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Bonjour:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Image Resizer for Windows:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Intel Driver Update Utility:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\LastPass:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Malwarebytes Anti-Exploit:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Malwarebytes Anti-Malware:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Mozilla Firefox:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\MSXML 4.0:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Nero:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\OpenOffice 4:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\RingCentral for Windows:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\System Ninja:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Traffic Travis v3:Win32App_1
AlternateDataStreams: C:\Program Files (x86)\Zemana AntiLogger Free:Win32App_1
AlternateDataStreams: C:\WINDOWS\SysWOW64:Win32App_1
AlternateDataStreams: C:\WINDOWS\SysWOW64\Adobe:Win32App_1

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

If the problem continues it may just be that your mouse is going bad.
Reinstall it and if the problem persist try an other mouse.

#3 Rachel Webb

Rachel Webb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:San Antonio
  • Local time:01:37 PM

Posted 15 May 2016 - 08:30 AM

Hi nasdaq,,

 

Thank you so much for your response and assistance!

I followed your instructions and and the Fixlog.txt file is attached.

Please let me know what I need to do.

Thanks again, nasdaq!

 

All the best,

 

Rachel

Attached Files



#4 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:37 PM

Posted 15 May 2016 - 08:45 AM

Looking good.

Is the problem solved?

#5 Rachel Webb

Rachel Webb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:San Antonio
  • Local time:01:37 PM

Posted 15 May 2016 - 09:03 AM

It usually takes a day or two before it starts acting up again.  So, the jury is still out.

 

If it does happen, should I let you know?

 

Or just go with a new mouse?

 

Thanks again, nasdaq.

 

Rachel



#6 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:37 PM

Posted 15 May 2016 - 01:10 PM

Let me know in 2 or 3 days.

You may have to change the mouse just wait.

#7 Rachel Webb

Rachel Webb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:San Antonio
  • Local time:01:37 PM

Posted 15 May 2016 - 05:14 PM

Will do.  Thank you!!!



#8 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:37 PM

Posted 21 May 2016 - 09:15 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/

#9 Rachel Webb

Rachel Webb
  • Topic Starter

  • Members
  • 15 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:San Antonio
  • Local time:01:37 PM

Posted 21 May 2016 - 02:09 PM

Thanks nasdaq.  I changed mice and I was OK for a few days.  Then it started up again on 5/19.  I think maybe the enter key on my bluetooth keyboard gets stuck every now and then.  Could this possibly be causing the problem?

 

Thank you!


Edited by Rachel Webb, 21 May 2016 - 02:09 PM.


#10 nasdaq

nasdaq

  • Malware Response Team
  • 40,169 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:02:37 PM

Posted 22 May 2016 - 07:27 AM

If this is an external keyboard can you re-install it?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users