Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Error Messages and Music files not coping correctly


  • This topic is locked This topic is locked
9 replies to this topic

#1 Badguy22

Badguy22

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 06 July 2016 - 04:53 AM

Ok I have an Hp Envy i7  with windows 10. I went on vacation and my computer has not been same. I scanned with eset but did not pick any thing up! I am worried cuz each time I get on it is something different going wrong. The message is saying I have some accelerator file missing and is displayed after start up! It is also sluggish, and I use webroot security! I am not sure and when I went to copy music files it reported them unusable and I just was listen TO THEM on my phone same files and would not copy 80 Gb of music to new usb drive!



BC AdBot (Login to Remove)

 


#2 Badguy22

Badguy22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 06 July 2016 - 11:53 PM

OK HERE ARE REQUESTED FILES FOR VIRUS REMOVAL

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Chris (2016-07-06 21:46:07)
Running from C:\Users\Chris\Desktop
Windows 10 Home Version 1511 (X64) (2015-12-20 10:22:50)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2325216809-2621160187-3092218828-500 - Administrator - Disabled)
Chris (S-1-5-21-2325216809-2621160187-3092218828-1001 - Administrator - Enabled) => C:\Users\Chris
DefaultAccount (S-1-5-21-2325216809-2621160187-3092218828-503 - Limited - Disabled)
Guest (S-1-5-21-2325216809-2621160187-3092218828-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Webroot SecureAnywhere (Enabled - Up to date) {4646A877-74EB-CD3B-8FDB-210DB94FA61A}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Webroot SecureAnywhere (Enabled - Up to date) {FD274993-52D1-C2B5-B56B-1A7FC2C8ECA7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20045 - Adobe Systems Incorporated)
Adobe Photoshop Elements 12 (HKLM-x32\...\Adobe Photoshop Elements 12) (Version: 12.0 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.6.156 - Adobe Systems, Inc.)
Airport Mania (x32 Version: 2.2.0.95 - WildTangent) Hidden
Amazon MP3 Downloader 1.0.17 (HKLM-x32\...\Amazon MP3 Downloader) (Version: 1.0.17 - Amazon Services LLC)
Amazon Music (HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Amazon Amazon Music) (Version: 3.8.1.754 - Amazon Services LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Azteca (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bing Desktop (HKLM-x32\...\{7D095455-D971-4D4C-9EFD-9AF6A6584F3A}) (Version: 1.3.475.0 - Microsoft Corporation)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Bounce Symphony (x32 Version: 2.2.0.97 - WildTangent) Hidden
Brother MFL-Pro Suite MFC-7460DN (HKLM-x32\...\{3ACCCFB3-7B17-4E9F-ACB0-46868FCD4487}) (Version: 1.1.3.0 - Brother Industries, Ltd.)
Build-a-lot (x32 Version: 2.2.0.98 - WildTangent) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
Cradle Of Egypt Collector's Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Cradle of Rome 2 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Curse at Twilight (x32 Version: 3.0.2.32 - WildTangent) Hidden
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.3.2606 - CyberLink Corp.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Death Under Tuscan Skies: A Dana Knightstone Novel (x32 Version: 3.0.2.126 - WildTangent) Hidden
Delicious: Emily's Childhood Memories Premium Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
Elements 12 Organizer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
House of 1000 Doors: Family Secrets (x32 Version: 2.2.0.98 - WildTangent) Hidden
HP 3D DriveGuard (HKLM-x32\...\{E8D0E2B8-B64B-44BC-8E01-00DDACBDF78A}) (Version: 6.0.28.1 - Hewlett-Packard Company)
HP Connected Music (Meridian - installer) (HKLM-x32\...\StartHPConnectedMusic) (Version: 1.0 - Meridian Audio Ltd)
HP Connected Music (Meridian - player) (HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\HPConnectedMusic) (Version: 1.1 (build 126) hp - Meridian Audio Ltd)
HP CoolSense (HKLM-x32\...\{59F8C5AA-91BD-423D-BF05-09A80F39898F}) (Version: 2.10.62 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{0FEE0C28-850D-4AC0-92E7-57D214134102}) (Version: 1.2.0.0 - Hewlett-Packard)
HP MyRoom (HKLM-x32\...\{9C35EDE5-4B0F-45E7-A438-314BA889948E}) (Version: 9.0.0.0 - Hewlett-Packard Company)
HP Quick Start (HKLM-x32\...\{574F0207-8E98-46CD-8F79-318348C98C46}) (Version: 1.0.4660.30220 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.6317.4309 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{79C54A05-F146-4EA0-8A70-D4EFE6181E52}) (Version: 8.2.8.25 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.4.18.7 - Hewlett-Packard Company)
HP System Event Utility (HKLM-x32\...\{D17A3B70-B75E-4C49-83D6-C17DDF65B35F}) (Version: 1.3.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{73237EBB-B26F-4628-8754-4EFE563D72E9}) (Version: 2.1.5 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6491.0 - IDT)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.2.1000 - Intel Corporation)
Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 3.0.0.63463 - Intel Corporation)
Intel® Smart Connect Technology 4.0 x64 (HKLM\...\{5D1D65C3-E6D3-4751-AEFD-CAB4E3EB85F2}) (Version: 4.0.41.2072 - Intel)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 31 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418031F0}) (Version: 8.0.310 - Oracle Corporation)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Kodi (HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Kodi) (Version:  - XBMC-Foundation)
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Mah Jong Medley (x32 Version: 2.2.0.95 - WildTangent) Hidden
Mahjongg Dimensions Deluxe: Tiles in Time (x32 Version: 2.2.0.98 - WildTangent) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6965.2058 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.51106 (HKLM-x32\...\{6e8f74e0-43bd-4dce-8477-6ff6828acc07}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.51106 (HKLM-x32\...\{8e70e4e1-06d7-470b-9f74-a51bef21088e}) (Version: 11.0.51106.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Windows 8 ESU (HKLM-x32\...\{6C502082-A653-4D9E-9287-A252D7835F4C}) (Version: 2.1.1 - Hewlett-Packard)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6925.1018 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
Polar Bowler (x32 Version: 2.2.0.97 - WildTangent) Hidden
PSE12 STI Installer (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.21239 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.19.726.2013 - Realtek)
REALTEK Wireless LAN Driver (HKLM-x32\...\{A5107464-AA9B-4177-8129-5FF2F42DD322}) (Version: 1.00.13.1216 - REALTEK Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Royal Envoy 2 Collector's Edition (x32 Version: 3.0.2.32 - WildTangent) Hidden
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics ClickPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.2.4.0 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Validity WBF DDK (HKLM\...\{B80C52A3-7666-4068-A371-7867F51E68EB}) (Version: 4.5.122.0 - Validity Sensors, Inc.)
Webroot SecureAnywhere (HKLM-x32\...\WRUNINST) (Version: 9.0.10.17 - Webroot)
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (HP Games) (x32 Version: 4.0.10.5 - WildTangent) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
Youda Jewel Shop (x32 Version: 3.0.2.32 - WildTangent) Hidden
Zuma's Revenge (x32 Version: 2.2.0.98 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2325216809-2621160187-3092218828-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {067CEBDF-415B-43F8-998F-B4DE3A793413} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {0EEC168F-AA75-4AE1-BF60-616DA31A87B8} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {11A20244-C4C2-434A-B105-4AFBB4AB3B65} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2012-11-05] (Hewlett-Packard Development Company, L.P.)
Task: {1A3A694A-616B-4705-81C6-CB67A8B0C851} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2325216809-2621160187-3092218828-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {246A9BFB-E8EC-4566-B15F-4EA3647C1D65} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {31E51671-02E3-4C5C-A59F-56684F88B86E} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
Task: {321532ED-7382-4C97-98C8-EC25AA31CCB8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {3896D7A5-7DB3-4E8A-82F0-8D5A95CFF1A6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {3E11C10E-C4E3-488F-A855-4C83964C8A7F} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {432D1A9A-558C-466B-B3CF-0B6ADBE45373} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-12-09] (Synaptics Incorporated)
Task: {433A5964-86B6-408D-87CB-33752533455E} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {466407B8-672F-448C-8001-C72198CEE0EC} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {4CA67ED8-91DD-4D13-A3B1-22D0F548830E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {53A84247-66B1-426F-9DF5-39074013B75A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {59FE9EC7-00DB-4B5C-ABDA-BF4B48043C20} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5CBB8EDB-5E25-4220-86CD-6E1BBF1BB983} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {6BA4E2E0-A662-48AD-A4A9-B4B3C06091E5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {6C983F69-EA1F-461E-AFFF-922B81B14F8F} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-07-04] (Microsoft Corporation)
Task: {6CEFC585-318C-4F7E-BA6E-CDAD35F651AE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
Task: {79C32287-26B4-495C-AE0E-2DA92CC5016E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {871979EB-AFB1-487B-82FB-764C5EE08DA1} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-05-04] (Hewlett-Packard)
Task: {9373E40D-05F8-4582-BFE8-93FEA004A0BD} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-07-04] (Microsoft Corporation)
Task: {9CC74834-4438-42D9-914C-6BAEB1422D1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BAAD64B9-DA96-4B03-954C-55413F4ACD2B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {C45BD337-2652-41EC-BCE4-B92EEE7A8117} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-06-10] (Microsoft Corporation)
Task: {C5054E11-3FB9-40A0-93CE-833C36B74878} - System32\Tasks\HPCeeScheduleForChris => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {C93077DA-C8D4-4AE3-9F48-887F0CD4F03F} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {CC1B2A9A-7A8F-42FF-B5BB-CCA9C1AC4CE3} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2325216809-2621160187-3092218828-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\realupgrade.exe
Task: {D605A2B4-F381-470E-A2D7-77E943DFE556} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {E4960BB1-72AC-402F-B243-4DE42466A903} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-06-15] (HP Inc.)
Task: {E88C62EB-BADA-4A93-9B41-70B50303BCFF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForChris.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 00:17 - 2015-10-30 00:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2014-03-28 13:31 - 2014-03-28 13:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 13:27 - 2014-03-28 13:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 13:48 - 2014-03-28 13:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-27 23:38 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-27 23:38 - 2016-03-29 03:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-23 13:41 - 2016-05-23 13:41 - 00959168 _____ () C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-03-14 22:17 - 2016-07-04 16:01 - 08919752 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-07-18 00:35 - 2015-12-19 01:08 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-12-20 16:35 - 2015-12-06 21:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-23 14:12 - 2016-04-22 21:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-04 16:05 - 2016-05-27 20:59 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-04 16:05 - 2016-05-27 20:53 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-04 16:05 - 2016-05-27 20:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-04 16:05 - 2016-05-27 20:56 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-03-28 13:36 - 2014-03-28 13:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-06-20 08:26 - 2015-03-02 15:44 - 05886272 _____ () C:\Users\Chris\AppData\Local\Amazon Music\Amazon Music Helper.exe
2016-04-28 19:54 - 2016-04-28 19:54 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2014-12-06 18:09 - 2014-12-06 18:09 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-05-23 13:41 - 2016-05-23 13:41 - 00679624 _____ () C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2014-05-29 05:24 - 2009-02-27 16:38 - 00139264 ____R () C:\Program Files (x86)\Brother\BrUtilities\BrLogAPI.dll
2015-10-20 17:22 - 2014-09-05 11:55 - 00132808 _____ () C:\Users\Chris\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\1.4.82\wallpaper.dll
2016-04-28 19:54 - 2016-04-28 19:54 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-04-28 19:54 - 2016-04-28 19:54 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

HKU\.DEFAULT\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\.DEFAULT\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\Classes\exefile: "%1" %* <===== ATTENTION
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\Classes\.exe: exefile => "%1" %* <===== ATTENTION

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Chris\AppData\Local\Microsoft\BingDesktop\en-US\Apps\Wallpaper_5386c77076d04cf9a8b5d619b4cba48e\VersionIndependent\images\24000.jpg
DNS Servers: 10.0.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: ) (ConsentPromptBehaviorUser: ) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B9101BBD-AFD2-48AB-90EC-A3461BE47CFC}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{DF29A692-8E6D-4574-86BD-FD9584D7908A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{8BA581CF-9906-4FBC-9113-3AB641D38ED8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{91D24E20-1148-4C4F-BB8E-51F14F49CE60}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D58F7BA-AFFE-47D0-9007-4A003B2C748F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{603C7F69-92A8-4D5A-BE14-FE905EA9E9E8}] => (Allow) C:\Users\Chris\AppData\Local\Temp\7zS58D2\hppiw.exe
FirewallRules: [{AAD101EA-8691-4B9E-A7FC-2ED102B52531}] => (Allow) C:\Users\Chris\AppData\Local\Temp\7zS58D2\hppiw.exe
FirewallRules: [{980FB3EC-41E1-4F17-8E11-6298CA12C842}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{0F70ADA1-B764-482E-8151-D2522E6DF8C8}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{4DD71B6F-8F68-4BD9-B2E5-A422C0914326}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\spotify_helper.exe
FirewallRules: [{D3C7C5E0-0786-492D-9267-58E984BAB479}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{2049265E-91D2-42F4-8692-235333C60FAF}] => (Allow) %LocalAppData%\HPConnectedMusic\Application\HPConnectedMusic.exe
FirewallRules: [{46A50AF9-CFAA-4428-AAE2-FC1F1A6B4D6F}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{8B2E6695-44B7-4066-9B98-FB1A1C96050A}] => (Allow) C:\Program Files (x86)\HPConnectedMusic\HPConnectedMusic.exe
FirewallRules: [{20A93750-7D7D-4AC0-92F2-618865F2226A}] => (Allow) LPort=1900
FirewallRules: [{915A8124-01DC-4956-90B7-A0BD2EE43677}] => (Allow) LPort=2869
FirewallRules: [{ADD62C95-3EF1-435C-AD4E-5E563F288CA8}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{37CCBA32-65DC-4615-816D-93250B766E97}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{881A6BCC-22C2-4409-9FB0-40CF8C406238}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{E5A8D41F-3399-41A9-B762-ADF9118AC29C}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{654A46EF-7DBF-4C1D-B2D6-48A98862B037}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPSOCKSVC.exe
FirewallRules: [{5666DA88-A854-4D8F-92B8-2862ADFA0608}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [{4C34DFE2-6477-445B-AABC-61310675F821}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe
FirewallRules: [TCP Query User{2E314ACC-83AF-4AAD-86FE-C65144057EB4}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [UDP Query User{A93A9B56-01FA-40FF-B193-1E4FAC25DFAA}C:\program files (x86)\kodi\kodi.exe] => (Allow) C:\program files (x86)\kodi\kodi.exe
FirewallRules: [{D78BEBF0-50C2-4FBE-8DEF-267B4067DF3F}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{036878E5-720C-44CA-8EF4-F1F67E2E6353}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{7F1F58C5-070C-4B1B-8131-D349A74FCBB2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

04-06-2016 14:38:16 Scheduled Checkpoint
04-07-2016 16:11:17 Windows Update
06-07-2016 03:42:50 HPSF Applying updates

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (07/06/2016 09:43:05 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (07/06/2016 03:43:06 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (07/06/2016 03:39:16 AM) (Source: HP Active Health) (EventID: 401) (User: )
Description: SmartDrive executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]

Error: (07/06/2016 03:39:16 AM) (Source: HP Active Health) (EventID: 1100) (User: )
Description: Agent DiskPhysical threw an exception: System.NullReferenceException: Object reference not set to an instance of an object.
   at HP.ActiveHealth.Agents.DiskPhysical.DiskPhysicalAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
   at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)

Error: (07/06/2016 03:39:08 AM) (Source: HP Active Health) (EventID: 1101) (User: )
Description: DiskPhysical executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]

Error: (07/06/2016 12:41:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Windows.Media.BackgroundPlayback.exe, version: 10.0.10586.0, time stamp: 0x5632d879
Faulting module name: twinapi.appcore.dll, version: 10.0.10586.0, time stamp: 0x5632d2f5
Exception code: 0xc000027b
Fault offset: 0x000000000004b199
Faulting process id: 0x264c
Faulting application start time: 0xWindows.Media.BackgroundPlayback.exe0
Faulting application path: Windows.Media.BackgroundPlayback.exe1
Faulting module path: Windows.Media.BackgroundPlayback.exe2
Report Id: Windows.Media.BackgroundPlayback.exe3
Faulting package full name: Windows.Media.BackgroundPlayback.exe4
Faulting package-relative application ID: Windows.Media.BackgroundPlayback.exe5

Error: (07/05/2016 08:50:52 PM) (Source: HP Active Health) (EventID: 401) (User: )
Description: SmartDrive executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]

Error: (07/05/2016 08:50:52 PM) (Source: HP Active Health) (EventID: 1100) (User: )
Description: Agent DiskPhysical threw an exception: System.NullReferenceException: Object reference not set to an instance of an object.
   at HP.ActiveHealth.Agents.DiskPhysical.DiskPhysicalAgent.CollectNewDataClasses(FileInfo agentStateFile, IDataClassCollector dataClassColector)
   at HP.ActiveHealth.API.DataGeneration.AgentRunner.QueryAgentDelegate(Object agentObj)

Error: (07/05/2016 08:50:51 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (07/05/2016 08:50:49 PM) (Source: HP Active Health) (EventID: 1101) (User: )
Description: DiskPhysical executable didn't pass digital signature validation. Execution aborted: [C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\Executable Agent Data\_Shared\DiskCheck\ETD_GetSMART.exe]

System errors:
=============
Error: (07/06/2016 09:37:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_81371 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/06/2016 09:37:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_81371 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/06/2016 09:37:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_81371 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/06/2016 09:37:27 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_81371 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/06/2016 09:37:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/06/2016 05:48:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/06/2016 05:35:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/06/2016 12:36:39 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/06/2016 07:47:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/06/2016 03:53:19 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the BingDesktopUpdate service to connect.

CodeIntegrity:
===================================
  Date: 2016-07-05 20:48:56.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-05 12:45:05.237
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-05 12:43:26.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: Intel® Core™ i7-4700MQ CPU @ 2.40GHz
Percentage of memory in use: 25%
Total physical RAM: 8124.02 MB
Available physical RAM: 6055.14 MB
Total Virtual: 8636.02 MB
Available Virtual: 6739.69 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:671.85 GB) (Free:499.61 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.71 GB) (Free:2.5 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (STORAGE) (Removable) (Total:7.46 GB) (Free:7.44 GB) FAT32
Drive z: () (Fixed) (Total:0.25 GB) (Free:0.14 GB) FAT32

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 6F653B2B)

Partition: GPT.

========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 7.5 GB) (Disk ID: C3072E18)
Partition 1: (Active) - (Size=7.5 GB) - (Type=0B)

==================== End of Addition.txt ============================

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Chris (administrator) on CSPERSONALPUTER (06-07-2016 21:45:19)
Running from C:\Users\Chris\Desktop
Loaded Profiles: Chris (Available Profiles: Chris)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Webroot) C:\Program Files\Webroot\WRSA.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Synaptics Incorporated) C:\Windows\System32\valWBFPolicyService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Webroot) C:\Program Files\Webroot\WRSA.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Users\Chris\AppData\Local\Amazon Music\Amazon Music Helper.exe
(© 2015 Microsoft Corporation) C:\Users\Chris\AppData\Local\Microsoft\BingSvc\BingSvc.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCtrlCntr.exe
(Brother Industries, Ltd.) C:\Program Files (x86)\ControlCenter4\BrCcUxSys.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDExtHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDAppHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDRuntimeHost.exe
(Microsoft Corp.) C:\Program Files (x86)\Microsoft\BingDesktop\BDSurrogateHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [402344 2015-12-19] ()
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [472984 2013-06-03] (Adobe Systems Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1703424 2014-12-07] (IDT, Inc.)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM-x32\...\Run: [BrStsMon00] => C:\Program Files (x86)\Browny02\Brother\BrStMonW.exe [3076096 2012-06-06] (Brother Industries, Ltd.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-10-02] (Apple Inc.)
HKLM-x32\...\Run: [WRSVC] => C:\Program Files\Webroot\WRSA.exe [896984 2016-07-04] (Webroot)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [127528 2015-07-08] (Hewlett-Packard Company)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [654088 2015-02-17] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [BingDesktop] => C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktop.exe [2369248 2015-07-21] (Microsoft Corp.)
HKLM-x32\...\Run: [ControlCenter4] => C:\Program Files (x86)\ControlCenter4\BrCcBoot.exe [143360 2012-09-06] (Brother Industries, Ltd.)
HKLM\...\Policies\Explorer: [NoViewOnDrive] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKLM\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKLM\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKLM\...\Policies\Explorer: [NoViewContextMenu] 0
HKLM\...\Policies\Explorer: [NoShellSearchButton] 0
HKLM\...\Policies\Explorer: [NoFind] 0
HKLM\...\Policies\Explorer: [NoFile] 0
HKLM\...\Policies\Explorer: [HideClock] 0
HKLM\...\Policies\Explorer: [NoTrayContextMenu] 0
HKLM\...\Policies\Explorer: [NoTrayItemsDisplay] 0
HKLM\...\Policies\Explorer: [NoSetFolders] 0
HKLM\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKLM\...\Policies\Explorer: [NoSetTaskbar] 0
HKLM\...\Policies\Explorer: [NoDeletePrinter] 0
HKLM\...\Policies\Explorer: [NoDFSTab] 0
HKLM\...\Policies\Explorer: [NoChangeStartMenu] 0
HKLM\...\Policies\Explorer: [NoLogoff] 0
HKLM\...\Policies\Explorer: [NoWindowsUpdate] 0
HKLM\...\Policies\Explorer: [NoEncryptOnMove] 0
HKLM\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKLM\...\Policies\Explorer: [NoResolveSearch] 0
HKLM\...\Policies\Explorer: [NoSaveSettings] 0
HKLM\...\Policies\Explorer: [NoHardwareTab] 0
HKLM\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKLM\...\Policies\Explorer: [NoDesktop] 0
HKU\S-1-5-19\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-19\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-19\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-19\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-19\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-19\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-20\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-20\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-20\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-20\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-20\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-20\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Run: [Amazon Music] => C:\Users\Chris\AppData\Local\Amazon Music\Amazon Music Helper.exe [5886272 2015-03-02] ()
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Run: [BingSvc] => C:\Users\Chris\AppData\Local\Microsoft\BingSvc\BingSvc.exe [144008 2015-11-12] (© 2015 Microsoft Corporation)
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Run: [GoogleChromeAutoLaunch_4E6299B33FA0592A57BB7C6E94F010D2] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [941720 2016-06-15] (Google Inc.)
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\RunOnce: [Uninstall C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\...\Policies\Explorer: [NoStartMenuSubFolders] 0
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Mystify.scr [150528 2015-10-30] (Microsoft Corporation)
HKU\S-1-5-18\...\Policies\system: [DisableCMD] 0
HKU\S-1-5-18\...\Policies\system: [NoDispAppearancePage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispBackgroundPage] 0
HKU\S-1-5-18\...\Policies\system: [NoDispSettingsPage] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewOnDrive] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableLocalMachineRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRun] 0
HKU\S-1-5-18\...\Policies\Explorer: [DisableCurrentUserRunOnce] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoViewContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoFile] 0
HKU\S-1-5-18\...\Policies\Explorer: [HideClock] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoTrayContextMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetFolders] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDevMgrUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSetTaskbar] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDeletePrinter] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoDFSTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoLogoff] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoWindowsUpdate] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoEncryptOnMove] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoRunasInstallPrompt] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoResolveSearch] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoSaveSettings] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoHardwareTab] 0
HKU\S-1-5-18\...\Policies\Explorer: [NoStartMenuSubFolders] 0
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\FileSyncShell64.dll [2016-05-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-23] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Chris\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileSyncShell.dll [2016-05-23] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-12-18]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{7722a4ae-c8ca-4981-b576-7ca2837bd99a}: [DhcpNameServer] 10.0.0.1
Tcpip\..\Interfaces\{f4a72dbc-e252-454e-9fa9-fabfa77fadce}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://g.msn.com/HPNOT13/1
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT13/1
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NIS&pvid=21.7.0.11
HKU\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://msn.com/
SearchScopes: HKLM -> {79433B0E-8330-47BA-916C-4490CCF42796} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKLM-x32 -> {79433B0E-8330-47BA-916C-4490CCF42796} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
SearchScopes: HKU\S-1-5-21-2325216809-2621160187-3092218828-1001 -> {79433B0E-8330-47BA-916C-4490CCF42796} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2325216809-2621160187-3092218828-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/711-154371-11896-2/4 ?mpre=http%3A%2F%2Fwww.ebay.com%2Fsch%2F%3F_nkw%3D{searchTerms}&keyword={searchTerms}
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-07-04] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-18] (Webroot)
BHO: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files\Common Files\Webroot\WebFiltering\wrflt.dll [2016-07-04] (Webroot)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-07-04] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-18] (Webroot)
BHO-x32: Webroot Filtering Extension -> {C9C42510-9B41-42c1-9DCD-7282A2D07C61} -> C:\Program Files (x86)\Common Files\Webroot\WebFiltering\wrflt.dll [2016-07-04] (Webroot)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-24] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2015-10-19] (Hewlett-Packard Company)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll [2015-12-18] (Webroot)
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll [2015-12-18] (Webroot)
DPF: HKLM-x32 {233C1507-6A77-46A4-9443-F871F945D258} hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-07-04] (Microsoft Corporation)

FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1216156.dll [2015-01-09] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2014-12-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2014-12-06] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-24] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-07-04] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-23] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-23] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\2\NP_wtapp.dll [2015-02-22] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-27] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-2325216809-2621160187-3092218828-1001: amazon.com/AmazonMP3DownloaderPlugin -> C:\Program Files (x86)\Amazon\MP3 Downloader\npAmazonMP3DownloaderPlugin101799.dll [2013-03-07] (Amazon.com, Inc.)

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.msn.com/?pc=UP93&ocid=UP93DHP&dt=032913"
CHR Profile: C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-04]
CHR Extension: (Google Docs) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
CHR Extension: (Google Drive) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
CHR Extension: (YouTube) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Google Sheets) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-04]
CHR Extension: (Google Docs Offline) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Auto Refresh) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifooldnmmcmlbdennkpdnlnbgbmfalko [2016-01-11]
CHR Extension: (Webroot Filtering Extension) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\kjeghcllfecehndceplomkocgfbklffd [2016-07-06]
CHR Extension: (Webroot Password Manager) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2015-12-10]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-05]
CHR Extension: (Webroot Password Manager) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\okfhiodnpcnnnpgbjbhfebjnbagmfhab [2015-07-21]
CHR Extension: (Gmail) - C:\Users\Chris\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [kjeghcllfecehndceplomkocgfbklffd] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [okfhiodnpcnnnpgbjbhfebjnbagmfhab] - C:\ProgramData\WRData\pkg\lpchrome.crx [2015-07-20]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeActiveFileMonitor12.0; C:\Program Files (x86)\Adobe\Elements 12 Organizer\PhotoshopElementsFileAgent.exe [181152 2013-09-03] (Adobe Systems Incorporated)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
S2 BingDesktopUpdate; C:\Program Files (x86)\Microsoft\BingDesktop\BingDesktopUpdater.exe [173792 2015-07-21] (Microsoft Corp.)
S3 BrYNSvc; C:\Program Files (x86)\Browny02\BrYNSvc.exe [266240 2012-06-05] (Brother Industries, Ltd.) [File not signed]
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2944768 2016-06-10] (Microsoft Corporation)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [347200 2015-02-22] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [28552 2016-04-26] (Hewlett-Packard Company)
R2 HPWMISVC; c:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [608520 2015-02-17] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-30] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2014-12-06] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2014-12-06] (Intel Corporation)
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
S2 STacSV; C:\Program Files\IDT\WDM\STacSV64.exe [339456 2014-12-07] (IDT, Inc.) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [260216 2015-12-09] (Synaptics Incorporated)
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [91664 2016-01-06] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WRSVC; C:\Program Files\Webroot\WRSA.exe [896984 2016-07-04] (Webroot)
S2 ZAMSvc; C:\App\ZAM.exe [13381512 2016-04-25] (Zemana Ltd.)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21048 2013-02-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21048 2013-02-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [47008 2013-07-30] ()
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2014-12-06] (Intel Corporation)
R0 PxHlpa64; C:\Windows\System32\drivers\PxHlpa64.sys [56336 2013-07-19] (Corel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [751632 2015-05-14] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [4629744 2015-09-17] (Realtek Semiconductor Corporation                           )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [29424 2013-04-24] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [71288 2015-12-09] (Synaptics Incorporated)
S3 trufos; C:\Windows\System32\drivers\trufos.sys [350160 2015-06-21] (BitDefender S.R.L.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2012-08-31] (Hewlett-Packard Development Company, L.P.)
S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2015-12-15] ()
R0 WRkrn; C:\Windows\System32\drivers\WRkrn.sys [117728 2016-07-06] (Webroot)
R3 wrUrlFlt; C:\WINDOWS\system32\DRIVERS\wrUrlFlt.sys [54512 2016-07-04] (Webroot)
S1 ZAM; C:\WINDOWS\System32\drivers\zam64.sys [202656 2016-07-06] (Zemana Ltd.)
R1 ZAM_Guard; C:\WINDOWS\System32\drivers\zamguard64.sys [203680 2016-07-06] (Zemana Ltd.)
S3 MBAMSwissArmy; \??\C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [X]
U0 SR; no ImagePath
U2 srservice; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-06 21:45 - 2016-07-06 21:45 - 00033987 _____ C:\Users\Chris\Desktop\FRST.txt
2016-07-06 21:45 - 2016-07-06 21:45 - 00000000 ____D C:\FRST
2016-07-06 21:44 - 2016-07-06 21:45 - 02390016 _____ (Farbar) C:\Users\Chris\Desktop\FRST64.exe
2016-07-06 21:44 - 2016-07-06 21:44 - 03712064 _____ C:\Users\Chris\Documents\AdwCleaner.exe
2016-07-06 21:44 - 2016-07-06 21:44 - 03712064 _____ C:\Users\Chris\Desktop\AdwCleaner.exe
2016-07-06 05:23 - 2016-07-06 21:45 - 00087404 _____ C:\WINDOWS\ZAM_Guard.krnl.trace
2016-07-06 05:23 - 2016-07-06 21:37 - 00005632 _____ C:\WINDOWS\ZAM.krnl.trace
2016-07-06 05:23 - 2016-07-06 05:24 - 00000000 ____D C:\App
2016-07-06 05:23 - 2016-07-06 05:23 - 00202656 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zam64.sys
2016-07-04 16:05 - 2016-05-27 23:13 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-07-04 16:05 - 2016-05-27 23:13 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-07-04 16:05 - 2016-05-27 23:13 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-07-04 16:05 - 2016-05-27 23:13 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-07-04 16:05 - 2016-05-27 23:13 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-07-04 16:05 - 2016-05-27 23:13 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-07-04 16:05 - 2016-05-27 22:25 - 04268880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupapi.dll
2016-07-04 16:05 - 2016-05-27 22:23 - 00388384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll
2016-07-04 16:05 - 2016-05-27 22:23 - 00312160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll
2016-07-04 16:05 - 2016-05-27 22:22 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-07-04 16:05 - 2016-05-27 22:22 - 04387680 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupapi.dll
2016-07-04 16:05 - 2016-05-27 22:22 - 00428896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2016-07-04 16:05 - 2016-05-27 22:22 - 00211296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-07-04 16:05 - 2016-05-27 22:22 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-07-04 16:05 - 2016-05-27 22:20 - 00430312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll
2016-07-04 16:05 - 2016-05-27 22:18 - 00357216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll
2016-07-04 16:05 - 2016-05-27 22:16 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-07-04 16:05 - 2016-05-27 22:09 - 00501600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-07-04 16:05 - 2016-05-27 22:09 - 00170848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.exe
2016-07-04 16:05 - 2016-05-27 22:09 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-07-04 16:05 - 2016-05-27 22:08 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-07-04 16:05 - 2016-05-27 22:08 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys
2016-07-04 16:05 - 2016-05-27 22:08 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-07-04 16:05 - 2016-05-27 22:07 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-07-04 16:05 - 2016-05-27 22:07 - 02921880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-07-04 16:05 - 2016-05-27 22:07 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-07-04 16:05 - 2016-05-27 22:07 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-07-04 16:05 - 2016-05-27 22:07 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-07-04 16:05 - 2016-05-27 22:07 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-07-04 16:05 - 2016-05-27 22:07 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-07-04 16:05 - 2016-05-27 22:06 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-07-04 16:05 - 2016-05-27 22:06 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-07-04 16:05 - 2016-05-27 22:06 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2016-07-04 16:05 - 2016-05-27 22:06 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-07-04 16:05 - 2016-05-27 22:06 - 00254656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-07-04 16:05 - 2016-05-27 22:05 - 04515264 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-07-04 16:05 - 2016-05-27 22:04 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-07-04 16:05 - 2016-05-27 22:04 - 00431296 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll
2016-07-04 16:05 - 2016-05-27 22:04 - 00360480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll
2016-07-04 16:05 - 2016-05-27 22:04 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-07-04 16:05 - 2016-05-27 22:04 - 00111064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll
2016-07-04 16:05 - 2016-05-27 22:04 - 00097096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll
2016-07-04 16:05 - 2016-05-27 22:03 - 00131248 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll
2016-07-04 16:05 - 2016-05-27 21:58 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-07-04 16:05 - 2016-05-27 21:58 - 00379232 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-07-04 16:05 - 2016-05-27 21:57 - 02548944 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-07-04 16:05 - 2016-05-27 21:57 - 02195632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-07-04 16:05 - 2016-05-27 21:57 - 01594416 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-07-04 16:05 - 2016-05-27 21:57 - 01372312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-07-04 16:05 - 2016-05-27 21:57 - 00649792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-07-04 16:05 - 2016-05-27 21:57 - 00636304 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-07-04 16:05 - 2016-05-27 21:57 - 00577376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-07-04 16:05 - 2016-05-27 21:57 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-07-04 16:05 - 2016-05-27 21:57 - 00521664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-07-04 16:05 - 2016-05-27 21:57 - 00316256 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-07-04 16:05 - 2016-05-27 21:35 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-07-04 16:05 - 2016-05-27 21:35 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-07-04 16:05 - 2016-05-27 21:35 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsdport.sys
2016-07-04 16:05 - 2016-05-27 21:31 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-07-04 16:05 - 2016-05-27 21:31 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-07-04 16:05 - 2016-05-27 21:31 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-07-04 16:05 - 2016-05-27 21:29 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-07-04 16:05 - 2016-05-27 21:29 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhsvc.dll
2016-07-04 16:05 - 2016-05-27 21:29 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-07-04 16:05 - 2016-05-27 21:29 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2016-07-04 16:05 - 2016-05-27 21:28 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-07-04 16:05 - 2016-05-27 21:28 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-07-04 16:05 - 2016-05-27 21:28 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll
2016-07-04 16:05 - 2016-05-27 21:27 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-07-04 16:05 - 2016-05-27 21:27 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-07-04 16:05 - 2016-05-27 21:26 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-07-04 16:05 - 2016-05-27 21:26 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-07-04 16:05 - 2016-05-27 21:26 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-07-04 16:05 - 2016-05-27 21:26 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-07-04 16:05 - 2016-05-27 21:26 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-07-04 16:05 - 2016-05-27 21:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-07-04 16:05 - 2016-05-27 21:24 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-07-04 16:05 - 2016-05-27 21:24 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Ndu.sys
2016-07-04 16:05 - 2016-05-27 21:24 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-07-04 16:05 - 2016-05-27 21:24 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-07-04 16:05 - 2016-05-27 21:24 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-07-04 16:05 - 2016-05-27 21:24 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-07-04 16:05 - 2016-05-27 21:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc6.dll
2016-07-04 16:05 - 2016-05-27 21:24 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll
2016-07-04 16:05 - 2016-05-27 21:23 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-07-04 16:05 - 2016-05-27 21:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcsvc.dll
2016-07-04 16:05 - 2016-05-27 21:22 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-07-04 16:05 - 2016-05-27 21:22 - 00368640 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-07-04 16:05 - 2016-05-27 21:22 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys
2016-07-04 16:05 - 2016-05-27 21:22 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-07-04 16:05 - 2016-05-27 21:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-07-04 16:05 - 2016-05-27 21:22 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-07-04 16:05 - 2016-05-27 21:22 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-07-04 16:05 - 2016-05-27 21:22 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptsvc.dll
2016-07-04 16:05 - 2016-05-27 21:22 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-07-04 16:05 - 2016-05-27 21:21 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-07-04 16:05 - 2016-05-27 21:21 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrokerLib.dll
2016-07-04 16:05 - 2016-05-27 21:21 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-07-04 16:05 - 2016-05-27 21:21 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-07-04 16:05 - 2016-05-27 21:20 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-07-04 16:05 - 2016-05-27 21:20 - 00511488 _____ (Microsoft Corporation) C:\WINDOWS\system32\newdev.dll
2016-07-04 16:05 - 2016-05-27 21:20 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll
2016-07-04 16:05 - 2016-05-27 21:20 - 00267264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore6.dll
2016-07-04 16:05 - 2016-05-27 21:20 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\GnssAdapter.dll
2016-07-04 16:05 - 2016-05-27 21:20 - 00174080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2016-07-04 16:05 - 2016-05-27 21:20 - 00057344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc6.dll
2016-07-04 16:05 - 2016-05-27 21:19 - 24605696 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-07-04 16:05 - 2016-05-27 21:19 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-07-04 16:05 - 2016-05-27 21:19 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-07-04 16:05 - 2016-05-27 21:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-07-04 16:05 - 2016-05-27 21:19 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcore.dll
2016-07-04 16:05 - 2016-05-27 21:19 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcsvc.dll
2016-07-04 16:05 - 2016-05-27 21:18 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-07-04 16:05 - 2016-05-27 21:18 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-07-04 16:05 - 2016-05-27 21:18 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-07-04 16:05 - 2016-05-27 21:18 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-07-04 16:05 - 2016-05-27 21:18 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-07-04 16:05 - 2016-05-27 21:18 - 00392192 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL
2016-07-04 16:05 - 2016-05-27 21:18 - 00380416 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2016-07-04 16:05 - 2016-05-27 21:18 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-07-04 16:05 - 2016-05-27 21:17 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-07-04 16:05 - 2016-05-27 21:17 - 00963072 _____ (Microsoft Corporation) C:\WINDOWS\system32\iphlpsvc.dll
2016-07-04 16:05 - 2016-05-27 21:17 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-07-04 16:05 - 2016-05-27 21:17 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\newdev.dll
2016-07-04 16:05 - 2016-05-27 21:17 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-07-04 16:05 - 2016-05-27 21:17 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-07-04 16:05 - 2016-05-27 21:17 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-07-04 16:05 - 2016-05-27 21:17 - 00173056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-07-04 16:05 - 2016-05-27 21:16 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-07-04 16:05 - 2016-05-27 21:16 - 00690176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-07-04 16:05 - 2016-05-27 21:16 - 00684544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll
2016-07-04 16:05 - 2016-05-27 21:16 - 00592896 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2016-07-04 16:05 - 2016-05-27 21:16 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-07-04 16:05 - 2016-05-27 21:16 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-07-04 16:05 - 2016-05-27 21:16 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll
2016-07-04 16:05 - 2016-05-27 21:16 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore6.dll
2016-07-04 16:05 - 2016-05-27 21:15 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-07-04 16:05 - 2016-05-27 21:15 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-07-04 16:05 - 2016-05-27 21:15 - 00794624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-07-04 16:05 - 2016-05-27 21:15 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-07-04 16:05 - 2016-05-27 21:15 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-07-04 16:05 - 2016-05-27 21:15 - 00293888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dhcpcore.dll
2016-07-04 16:05 - 2016-05-27 21:15 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys
2016-07-04 16:05 - 2016-05-27 21:14 - 18674176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-07-04 16:05 - 2016-05-27 21:14 - 01716736 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-07-04 16:05 - 2016-05-27 21:14 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-07-04 16:05 - 2016-05-27 21:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-07-04 16:05 - 2016-05-27 21:14 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-07-04 16:05 - 2016-05-27 21:14 - 00606208 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-07-04 16:05 - 2016-05-27 21:14 - 00499712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-07-04 16:05 - 2016-05-27 21:14 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-07-04 16:05 - 2016-05-27 21:14 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-07-04 16:05 - 2016-05-27 21:13 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-07-04 16:05 - 2016-05-27 21:13 - 00990208 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-07-04 16:05 - 2016-05-27 21:13 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-07-04 16:05 - 2016-05-27 21:13 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-07-04 16:05 - 2016-05-27 21:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-07-04 16:05 - 2016-05-27 21:13 - 00467456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2016-07-04 16:05 - 2016-05-27 21:12 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-07-04 16:05 - 2016-05-27 21:12 - 00614400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-07-04 16:05 - 2016-05-27 21:12 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll
2016-07-04 16:05 - 2016-05-27 21:11 - 01445888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-07-04 16:05 - 2016-05-27 21:11 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-07-04 16:05 - 2016-05-27 21:11 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-07-04 16:05 - 2016-05-27 21:11 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-07-04 16:05 - 2016-05-27 21:11 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-07-04 16:05 - 2016-05-27 21:11 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-07-04 16:05 - 2016-05-27 21:11 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-07-04 16:05 - 2016-05-27 21:11 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxm.dll
2016-07-04 16:05 - 2016-05-27 21:09 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-07-04 16:05 - 2016-05-27 21:08 - 13385728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-07-04 16:05 - 2016-05-27 21:08 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-07-04 16:05 - 2016-05-27 21:06 - 12128256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-07-04 16:05 - 2016-05-27 21:06 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-07-04 16:05 - 2016-05-27 21:06 - 01339904 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll
2016-07-04 16:05 - 2016-05-27 21:05 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-07-04 16:05 - 2016-05-27 21:05 - 03664896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-07-04 16:05 - 2016-05-27 21:05 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-07-04 16:05 - 2016-05-27 21:05 - 01797120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-07-04 16:05 - 2016-05-27 21:04 - 06973952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-07-04 16:05 - 2016-05-27 21:04 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-07-04 16:05 - 2016-05-27 21:04 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-07-04 16:05 - 2016-05-27 21:03 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-07-04 16:05 - 2016-05-27 21:03 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-07-04 16:05 - 2016-05-27 21:03 - 02609664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-07-04 16:05 - 2016-05-27 21:03 - 01185280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LocationFramework.dll
2016-07-04 16:05 - 2016-05-27 21:03 - 00693760 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
2016-07-04 16:05 - 2016-05-27 21:03 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-07-04 16:05 - 2016-05-27 21:02 - 03590144 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-07-04 16:05 - 2016-05-27 21:02 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-07-04 16:05 - 2016-05-27 21:02 - 01534464 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2016-07-04 16:05 - 2016-05-27 21:02 - 00103424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-07-04 16:05 - 2016-05-27 21:01 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-07-04 16:05 - 2016-05-27 21:01 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-07-04 16:05 - 2016-05-27 21:01 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-07-04 16:05 - 2016-05-27 21:01 - 00111104 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-07-04 16:05 - 2016-05-27 21:00 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-07-04 16:05 - 2016-05-27 21:00 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-07-04 16:05 - 2016-05-27 21:00 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-07-04 16:05 - 2016-05-27 21:00 - 02230272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-07-04 16:05 - 2016-05-27 21:00 - 02168320 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-07-04 16:05 - 2016-05-27 21:00 - 01730560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-07-04 16:05 - 2016-05-27 21:00 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-07-04 16:05 - 2016-05-27 21:00 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-07-04 16:05 - 2016-05-27 21:00 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-07-04 16:05 - 2016-05-27 21:00 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-07-04 16:05 - 2016-05-27 20:59 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-07-04 16:05 - 2016-05-27 20:58 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-07-04 16:05 - 2016-05-27 20:58 - 04896256 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-07-04 16:05 - 2016-05-27 20:58 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-07-04 16:05 - 2016-05-27 20:58 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-07-04 16:05 - 2016-05-27 20:58 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-07-04 16:05 - 2016-05-27 20:57 - 02281472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-07-04 16:05 - 2016-05-27 20:55 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-07-04 16:05 - 2016-05-27 20:53 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-06 21:38 - 2015-12-20 02:45 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-07-06 21:38 - 2014-11-12 21:32 - 00000000 __SHD C:\Users\Chris\IntelGraphicsProfiles
2016-07-06 21:38 - 2014-09-15 15:53 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-07-06 21:34 - 2014-09-15 15:53 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-06 21:04 - 2014-11-12 21:34 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{5EE6EF7F-8D94-4EED-808B-5C030293FA2F}
2016-07-06 17:28 - 2015-08-19 20:37 - 00001613 _____ C:\Users\Chris\Desktop\Explorer.lnk
2016-07-06 17:19 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-07-06 12:04 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-07-06 12:01 - 2015-12-20 02:50 - 00973984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-06 12:01 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-07-06 05:24 - 2015-06-21 22:38 - 00203680 _____ (Zemana Ltd.) C:\WINDOWS\system32\Drivers\zamguard64.sys
2016-07-06 05:22 - 2015-07-20 17:19 - 00000000 ____D C:\ProgramData\WRData
2016-07-06 04:27 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-07-06 03:53 - 2015-12-20 03:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-07-06 03:53 - 2015-12-20 03:06 - 00000795 _____ C:\Users\Public\Desktop\Webroot SecureAnywhere.lnk
2016-07-06 03:53 - 2015-07-20 17:19 - 00117728 _____ (Webroot) C:\WINDOWS\system32\Drivers\WRkrn.sys
2016-07-06 03:53 - 2014-05-29 01:59 - 00000000 ____D C:\ProgramData\Synaptics
2016-07-06 03:44 - 2015-10-29 23:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-07-06 03:43 - 2012-08-03 17:02 - 00000000 ____D C:\SWSetup
2016-07-06 03:40 - 2016-03-17 23:38 - 00000000 ____D C:\Program Files (x86)\Yahoo!
2016-07-06 03:40 - 2015-02-19 18:35 - 00000000 ____D C:\ProgramData\Yahoo!
2016-07-06 03:31 - 2016-03-17 23:39 - 00000000 ____D C:\Users\Chris\AppData\LocalLow\Yahoo!
2016-07-06 03:31 - 2015-12-20 02:51 - 00000000 ____D C:\Users\Chris
2016-07-06 03:29 - 2016-03-03 13:35 - 00000000 ____D C:\AdwCleaner
2016-07-05 23:41 - 2016-01-30 22:36 - 00000000 ____D C:\Users\Chris\AppData\Roaming\Kodi
2016-07-05 12:52 - 2014-05-29 03:23 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-07-05 12:41 - 2015-12-20 02:41 - 00438944 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-07-05 00:10 - 2015-10-30 00:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-07-05 00:10 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-07-05 00:10 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-07-04 19:05 - 2016-03-06 12:39 - 00003256 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForChris
2016-07-04 19:05 - 2016-03-06 12:39 - 00000364 _____ C:\WINDOWS\Tasks\HPCeeScheduleForChris.job
2016-07-04 16:26 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-04 16:24 - 2014-05-29 06:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-07-04 16:17 - 2014-05-29 06:53 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-07-04 16:11 - 2014-05-29 07:36 - 00000000 ____D C:\Users\Chris\AppData\Local\ElevatedDiagnostics
2016-07-04 16:08 - 2015-10-30 00:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-07-04 16:06 - 2013-06-04 17:09 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-07-04 15:45 - 2014-09-15 15:53 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-07-04 15:45 - 2014-09-15 15:53 - 00002267 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-07-04 15:43 - 2015-07-20 17:19 - 00181176 _____ (Webroot) C:\WINDOWS\SysWOW64\WRusr.dll
2016-07-04 15:43 - 2015-07-20 17:19 - 00115768 _____ (Webroot) C:\WINDOWS\system32\WRusr.dll
2016-07-04 15:38 - 2015-07-20 17:19 - 00054512 ____T (Webroot) C:\WINDOWS\system32\Drivers\wrUrlFlt.sys
2016-06-14 11:33 - 2015-10-30 00:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-06-14 11:33 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-12-10 10:49 - 2015-12-18 12:13 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2014-11-10 08:25 - 2014-12-08 16:55 - 0002763 _____ () C:\Users\Chris\AppData\Roaming\QBFileDrTool.log

Some files in TEMP:
====================
C:\Users\Chris\AppData\Local\Temp\libeay32.dll
C:\Users\Chris\AppData\Local\Temp\msvcr120.dll
C:\Users\Chris\AppData\Local\Temp\sqlite3.dll
C:\Users\Chris\AppData\Local\Temp\WRupdate400593.exe

Some zero byte size files/folders:
==========================
C:\Windows\logo1_.exe
C:\Windows\logo_1.exe
C:\Windows\RUNDL132.EXE
C:\Windows\rundll16.exe
C:\Windows\VDLL.DLL
C:\Windows\SysWOW64\runouce.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-07-04 16:10

==================== End of FRST.txt ============================



#3 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 09 July 2016 - 01:42 AM

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post a log in the Malware Removal forum and wait for help.

Failure to post replies within 4 days will result in this thread being closed.


Hello Badguy22,

My name is mAL_rEm018, but feel free to call me mAL.  I will be helping you with your malware related problems. :)

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.


Because of this, I advise you to backup any personal files and folders before you start.


Cobian Backup
DriveImage XML


To make sure everything goes smoothly, I would like you to observe the following rules:

  • You must have Administrator rights, permissions for this computer.
  • Please reply to this thread.  Do not start another topic.
  • Perform all actions in the order given.
  • If you don't know, stop and ask!
  • DO NOT run any other fix or removal tools unless instructed to do so!
  • Don't attempt to install any new software (other than those I ask you to) until your computer is clean.
  • DO NOT post for help at any other forum.  Applying fixes from multiple help sites can cause problems.
  • I advise you to print the instructions if possible, since your internet connection might not be available during some of the fixes.
  • Absence of symptoms does not mean that everything is clear, therefore stick with this topic until I give you the "all clear".

I am currently reviewing you logs and will return as soon as possible, with additional instructions.


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#4 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 09 July 2016 - 01:22 PM

Hello Badguy22,

Backup your registry using TCRB

  • Please download TCRB to your Desktop.
  • Open Tweaking.com Registry Backup.
  • Click on the Backup Registry tab and ensure that all options are checked.
  • Press on Backup Now.
  • Wait until the backup is complete and exit the program.

Next..

I see you downloaded AdwCleaner.


2016-07-06 21:44 - 2016-07-06 21:44 - 03712064 _____ C:\Users\Chris\Documents\AdwCleaner.exe
2016-07-06 21:44 - 2016-07-06 21:44 - 03712064 _____ C:\Users\Chris\Desktop\AdwCleaner.exe

  • Close all your programs and right-click AdwCleaner.exe and select Run as administrator.
  • Click on Scan.
  • After the scan is over, select Logfile.
  • A notepad window will open.  Please copy/paste the contents in your next reply.
    Note: do not select Cleaning at this point


I need you to run a search using FRST..


  • Double click Frst.exe to launch it.
  • FRST will start to run.
  • When the tool opens click Yes to the disclaimer.
  • Copy/Paste or Type the following line into the Search: box.

babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer

  • Press the Search Registry button.
  • When finished searching a log will open on your Desktop ... Search.txt
  • Please post it in your next reply.


-----------------------------------------
In your next reply, I would like to see..

  • Did you have trouble performing any of the steps?
  • AdwCleaner Report
  • Search.txt

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#5 Badguy22

Badguy22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 09 July 2016 - 07:28 PM

# AdwCleaner v5.201 - Logfile created 09/07/2016 at 17:17:43
# Updated 30/06/2016 by ToolsLib
# Database : 2016-07-09.2 [Server]
# Operating system : Windows 10 Home  (X64)
# Username : Chris - CSPERSONALPUTER
# Running from : C:\Users\Chris\Desktop\AdwCleaner.exe
# Option : Scan
# Support : https://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

***** [ Web browsers ] *****

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [13886 bytes] - [03/03/2016 13:40:44]
C:\AdwCleaner\AdwCleaner[S1].txt - [13091 bytes] - [03/03/2016 13:36:02]
C:\AdwCleaner\AdwCleaner[S2].txt - [1828 bytes] - [05/03/2016 19:17:11]
C:\AdwCleaner\AdwCleaner[S3].txt - [848 bytes] - [09/07/2016 17:17:43]

########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [920 bytes] ##########

Farbar Recovery Scan Tool (x64) Version: 09-07-2016
Ran by Chris (2016-07-09 17:27:19)
Running from C:\Users\Chris\Downloads
Boot Mode: Normal

================== Search Registry: "babylon;Bandoo;CleverSearch;conduit;datamngr;Fun4IM;iLivid;Istartsurf;kelkoopartners;Luckysearches;QuickSurf;Searchnu;Searchqu;SharkManCoupon;sushileads;SweetIM;SweetPacks;TidyNetwork;trolltech;whitesmoke;Wordinator;WordSurfer" ===========

===================== Search result for "babylon" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{2EECD738-5844-4A99-B4B6-146BF802613B}]
"DllName"="BabylonToolbar.dll"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\Internet Explorer\Extension Compatibility\{98889811-442D-49DD-99D7-DC866BE87DBC}]
"DllName"="BabylonToolbarTlbr.dll"

[HKEY_USERS\S-1-5-21-2325216809-2621160187-3092218828-1001\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\ShopAtHome\Toolbar\Injection\inclusions]
".*isearch\.babylon\.com/.*"="0"

[HKEY_USERS\S-1-5-21-2325216809-2621160187-3092218828-1001\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\ShopAtHome\Toolbar\Injection\inclusions]
".*search\.babylon\.com/.*"="0"

===================== Search result for "conduit" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Components\063A857434EDED11A893800002C0A966]
"6A2FA4E2AE050624B94AE585D21178A9"="C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\iSyncConduit.dll"

[HKEY_USERS\S-1-5-21-2325216809-2621160187-3092218828-1001\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\ShopAtHome\Toolbar\Injection\inclusions]
".*search\.conduit\.com/.*"="0"

===================== Search result for "Searchqu" ==========

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{1B217815-E578-4C96-8A2D-1B30392F0F91}]
""="ISearchQueryHelperPriv"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{46A1205B-69C9-4745-B72F-A8A4FC8F24AE}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\WOW6432Node\Interface\{AB310581-AC80-11D1-8DF3-00C04FB6EF63}]
""="ISearchQueryHelper"

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\ActivatableClassId\Windows.ApplicationModel.Search.SearchQueryLinguisticDetails]

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\WindowsRuntime\CLSID\{a7544317-65bb-3802-9376-3d59fa0a45b3}]
"ActivatableClassId"="Windows.ApplicationModel.Search.SearchQueryLinguisticDetails"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{1B217815-E578-4C96-8A2D-1B30392F0F91}]
""="ISearchQueryHelperPriv"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{69563521-C154-4B45-B884-035872E3F96A}]
""="ISearchQueryCondition"

[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Classes\Interface\{CAC6C3B8-3C64-4DFD-AD9F-479E4D4065A4}]
""="__x_Windows_CApplicationModel_CSearch_CISearchQueryLinguisticDetailsFactory"

[HKEY_USERS\S-1-5-21-2325216809-2621160187-3092218828-1001\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\ShopAtHome\Toolbar\Injection\inclusions]
".*www\.searchqu\.com/.*"="0"

===================== Search result for "SweetIM" ==========

[HKEY_USERS\S-1-5-21-2325216809-2621160187-3092218828-1001\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\ShopAtHome\Toolbar\Injection\inclusions]
".*search\.sweetim\.com/.*"="0"

===================== Search result for "SweetPacks" ==========

[HKEY_USERS\S-1-5-21-2325216809-2621160187-3092218828-1001\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\ShopAtHome\Toolbar\Injection\inclusions]
".*mysearch\.sweetpacks\.com/.*"="0"

[HKEY_USERS\S-1-5-21-2325216809-2621160187-3092218828-1001\SOFTWARE\Microsoft\Internet Explorer\InternetRegistry\REGISTRY\USER\S-1-5-21-2325216809-2621160187-3092218828-1001\Software\ShopAtHome\Toolbar\Injection\inclusions]
".*start\.sweetpacks\.com/.*"="0"

===================== Search result for "trolltech" ==========

[HKEY_USERS\S-1-5-21-2325216809-2621160187-3092218828-1001\SOFTWARE\Trolltech]

[HKEY_USERS\S-1-5-21-2325216809-2621160187-3092218828-1001\SOFTWARE\Trolltech\OrganizationDefaults\Qt Factory Cache 4.8\com.trolltech.Qt.QImageIOHandlerFactoryInterface:]
====== End of Search ======

Had no problems running specified programs



#6 Badguy22

Badguy22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 10 July 2016 - 03:18 PM

The Two error messages I am getting are! Accelerometerst.exe, And Shutdown.exe not found So my computer will not shut down now as of today



#7 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 10 July 2016 - 03:58 PM

Hello Badguy22,

Thank you for letting me know about this new development.  While I look into this, I would like you to do the following..
 

  • Please download MiniToolBox from Here
  • Save it to your desktop.
  • Right-Click on MiniToolBox.exe and select Run as Administrator.
  • Ensure that the following options are checked:

     

    • List last 10 Event Viewers Errors
    • List Minidump Files

     

  • Click on Go and the scan will now start.
  • Once the scan is over, a window entitled MTB.txt will open.
  • Please copy/paste the contents of MTB.txt in your next reply.

-----------------------------------------
In your next reply, I would like to see..

  • MTB.txt

 

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#8 Badguy22

Badguy22
  • Topic Starter

  • Members
  • 8 posts
  • OFFLINE
  •  

Posted 11 July 2016 - 02:20 AM

MiniToolBox by Farbar  Version: 17-06-2016
Ran by Chris (administrator) on 11-07-2016 at 00:19:17
Running from "C:\Users\Chris\Desktop"
Microsoft Windows 10 Home  (X64)
Model: HP ENVY 15 Notebook PC Manufacturer: Hewlett-Packard
Boot Mode: Normal
***************************************************************************

========================= Event log errors: ===============================

Application errors:
==================
Error: (07/10/2016 01:35:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (07/10/2016 01:35:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (07/10/2016 01:35:10 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/10/2016 01:31:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1359

Error: (07/10/2016 01:31:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1359

Error: (07/10/2016 01:31:21 PM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/10/2016 10:59:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1157

Error: (07/10/2016 10:59:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1157

Error: (07/10/2016 10:59:15 AM) (Source: Bonjour Service) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/10/2016 10:32:31 AM) (Source: Application Error) (User: )
Description: Faulting application name: BSvcProcessor.exe, version: 1.0.6.0, time stamp: 0x563b2359
Faulting module name: BSvcProcessor.exe, version: 1.0.6.0, time stamp: 0x563b2359
Exception code: 0xc0000005
Fault offset: 0x00007b80
Faulting process id: 0x50e4
Faulting application start time: 0xBSvcProcessor.exe0
Faulting application path: BSvcProcessor.exe1
Faulting module path: BSvcProcessor.exe2
Report Id: BSvcProcessor.exe3
Faulting package full name: BSvcProcessor.exe4
Faulting package-relative application ID: BSvcProcessor.exe5

System errors:
=============
Error: (07/10/2016 09:24:37 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/10/2016 04:58:44 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/10/2016 01:31:19 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/10/2016 10:59:14 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/10/2016 10:40:26 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/09/2016 10:48:59 PM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (07/09/2016 02:40:12 AM) (Source: Service Control Manager) (User: )
Description: The User Data Access_41b54 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/09/2016 02:40:12 AM) (Source: Service Control Manager) (User: )
Description: The User Data Storage_41b54 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/09/2016 02:40:12 AM) (Source: Service Control Manager) (User: )
Description: The Contact Data_41b54 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/09/2016 02:40:12 AM) (Source: Service Control Manager) (User: )
Description: The Sync Host_41b54 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Microsoft Office Sessions:
=========================
Error: (07/10/2016 01:35:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1125

Error: (07/10/2016 01:35:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1125

Error: (07/10/2016 01:35:10 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/10/2016 01:31:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1359

Error: (07/10/2016 01:31:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1359

Error: (07/10/2016 01:31:21 PM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/10/2016 10:59:15 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 1157

Error: (07/10/2016 10:59:15 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: m->NextScheduledEvent 1157

Error: (07/10/2016 10:59:15 AM) (Source: Bonjour Service)(User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/10/2016 10:32:31 AM) (Source: Application Error)(User: )
Description: BSvcProcessor.exe1.0.6.0563b2359BSvcProcessor.exe1.0.6.0563b2359c000000500007b8050e401d1dad1058a3d4dC:\Users\Chris\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exeC:\Users\Chris\AppData\Local\Microsoft\BingSvc\BSvcProcessor.exe0c764f93-27d7-4bce-8dfa-966eb1d74b28

CodeIntegrity Errors:
===================================
  Date: 2016-07-05 20:48:56.757
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-05 12:45:05.237
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-07-05 12:43:26.088
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

========================= Minidump Files ==================================

C:\WINDOWS\Minidump\030316-26343-01.dmp

**** End of log ****

ok here they are now it is shutting down....??????



#9 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 11 July 2016 - 03:14 PM

Hello Badguy22,
 

ok here they are now it is shutting down....??????

Just to clarify, are you saying that you can properly shutdown your computer now?

 


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed


#10 mAL_rEm018

mAL_rEm018

  • Malware Response Team
  • 311 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:12:15 AM

Posted 15 July 2016 - 02:12 PM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.


Teacher at the Malware Removal University.

Member of UNITE

 

Failure to post replies within 4 days will result in this thread being closed





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users