Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Unknown virus


  • Please log in to reply
6 replies to this topic

#1 delaroo

delaroo

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 20 October 2016 - 05:59 PM

Hey there,

 

I suspect I have a virus of some type on my laptop.  Things that I've noticed happening lately are:

 

- Lots of AdChoice ads on webpages

- Screen flashing

- Screen freezing

- Unable to close some webpages, having to go through Task manager

- Internet extremely slow

 

System I have:

 

Dell Inspiron15 5555

Windows 10 Home 64bit

 

Troubleshooting I've tried:

- Installed Adblock Plus (currently disabled)

- Advertising Google Opt-out add-on (currently disabled)

- Reset Internet Exporer

- Glarys Util scan (installed) - nothing found

- AdwCleaner - Found 4 threats in registry. deleted

- JRT - Found and deleted coupon files (I installed to print coupons)

- Rkill - Nothing found

- Malwarebytes Anti-malware (installed/running but nothing found)

- Farbar RST - Files attached.

 

 

Don't know what else to try and need expert help now.

 

Thanks so much!

 

 

 

 

 

Attached Files



BC AdBot (Login to Remove)

 


#2 delaroo

delaroo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 21 October 2016 - 08:02 AM

Reposting with FRST and Addition text rather than just attaching files:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 17-10-2016
Ran by SDelarosa (administrator) on DESKTOP-03F2B1D (20-10-2016 17:24:40)
Running from C:\Users\Sylvia Delarosa\Desktop
Loaded Profiles: SDelarosa (Available Profiles: SDelarosa)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8848640 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-02-05] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-124333529-1207821202-3831165340-1002\...\Run: [GUDelayStartup] => C:\Program Files (x86)\Glary Utilities 5\StartupManager.exe [43984 2016-10-09] (Glarysoft Ltd)
HKU\S-1-5-21-124333529-1207821202-3831165340-1002\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [149504 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-09-19] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-09-19] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-09-19] (Google)
BootExecute: autocheck autochk *  bootdelete

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{0d9693ed-1173-4144-a6dd-134a78c79e86}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKU\S-1-5-21-124333529-1207821202-3831165340-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
HKU\S-1-5-21-124333529-1207821202-3831165340-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-124333529-1207821202-3831165340-1002 -> DefaultScope {B63CDBC1-C895-4199-9F94-C7171BB82B28} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-124333529-1207821202-3831165340-1002 -> {B63CDBC1-C895-4199-9F94-C7171BB82B28} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files\Google\Advertising Cookie Opt-out\opt_out.dll [2013-01-10] (Google Inc)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-02-28] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Advertising Cookie Opt-out -> {8E425EB4-ADBD-4816-B1E8-49BB9DECF034} -> C:\Program Files (x86)\Google\Advertising Cookie Opt-out\opt_out.dll [2013-01-10] (Google Inc)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-28] (Microsoft Corporation)

FireFox:
========
FF Extension: (AT&T Extension) - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\mcciwbch@motive.com.xpi [2016-10-12] [not signed]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-28] (Microsoft Corporation)
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\npMotive.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

Chrome:
=======
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [138752 2015-07-15] () [File not signed]
S3 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-07-15] (Advanced Micro Devices, Inc.) [File not signed]
S3 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-28] (Microsoft Corporation)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [104160 2016-09-09] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [78672 2016-09-13] (Dell Inc.)
S3 Dell Product Registration; C:\Program Files\Dell\Product Registration\PRSvc.exe [32104 2016-01-25] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R3 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [150256 2015-06-09] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-08-13] ()
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [50688 2016-06-15] (HP Inc.) [File not signed]
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [66048 2016-06-15] (HP Inc.) [File not signed]
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
S3 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-05] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-03-14] (Dell Inc.)
R2 tbaseprovisioning; C:\WINDOWS\SysWOW64\tbaseprovisioning.exe [60432 2015-06-23] (Advanced Micro Devices, Inc.)
S3 vmicvss; C:\WINDOWS\System32\ICSvc.dll [511488 2016-09-06] (Microsoft Corporation)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364456 2016-09-07] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-09-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3831712 2015-08-13] (Intel® Corporation)
S4 Dell Customer Connect; "C:\Program Files (x86)\Dell Customer Connect\DCCService.exe" [X]

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\WINDOWS\System32\drivers\AmdAS4.sys [18968 2015-05-12] (Advanced Micro Devices, INC.)
S0 amdkmafd; C:\WINDOWS\System32\drivers\amdkmafd.sys [40720 2016-01-16] (Advanced Micro Devices, Inc.)
S3 amdkmcsp; C:\WINDOWS\system32\DRIVERS\amdkmcsp.sys [101104 2015-06-23] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\WINDOWS\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\WINDOWS\System32\DRIVERS\amdpsp.sys [277240 2015-06-23] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\WINDOWS\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R1 CLVirtualDrive; C:\WINDOWS\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-05] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation)
R3 DellRbtn; C:\WINDOWS\System32\drivers\DellRbtn.sys [19440 2015-05-08] (OSR Open Systems Resources, Inc.)
S3 dg_ssudbus; C:\WINDOWS\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 dot4; C:\WINDOWS\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\WINDOWS\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)
R1 GUBootStartup; C:\WINDOWS\System32\drivers\GUBootStartup.sys [20160 2016-03-10] (Glarysoft Ltd)
S4 hitmanpro37; C:\WINDOWS\system32\drivers\hitmanpro37.sys [49584 2016-04-28] ()
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [263952 2016-02-25] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-10-20] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
S3 MiraDispKmd; C:\WINDOWS\System32\drivers\MiraDispKmd.sys [23552 2015-10-30] (Microsoft Corporation)
R3 NETwNb64; C:\WINDOWS\System32\drivers\Netwbw02.sys [4112656 2015-09-23] (Intel Corporation)
R3 rt640x64; C:\WINDOWS\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek                                            )
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [411712 2015-05-19] (Realsil Semiconductor Corporation)
S3 ssudmdm; C:\WINDOWS\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S0 WdBoot; C:\WINDOWS\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\WINDOWS\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-20 17:24 - 2016-10-20 17:25 - 00015089 _____ C:\Users\Sylvia Delarosa\Desktop\FRST.txt
2016-10-20 17:23 - 2016-10-20 17:24 - 00000000 ____D C:\FRST
2016-10-20 17:23 - 2016-10-20 17:23 - 02407424 _____ (Farbar) C:\Users\Sylvia Delarosa\Desktop\FRST64.exe
2016-10-20 16:22 - 2016-10-20 16:23 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-10-20 16:21 - 2016-10-20 16:21 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-10-20 16:21 - 2016-10-20 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-10-20 16:21 - 2016-10-20 16:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-10-20 16:21 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-10-20 16:21 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-10-20 16:21 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-10-20 16:20 - 2016-10-20 16:20 - 22851472 _____ (Malwarebytes ) C:\Users\Sylvia Delarosa\Downloads\mbam-setup-2.2.1.1043.exe
2016-10-19 21:05 - 2016-10-19 21:24 - 00000000 ____D C:\Users\Sylvia Delarosa\AppData\Local\CrashDumps
2016-10-17 23:03 - 2016-10-17 23:03 - 00000000 ____D C:\Users\Sylvia Delarosa\AppData\LocalLow\Adblock Plus for IE
2016-10-17 23:03 - 2016-10-17 23:03 - 00000000 ____D C:\Program Files\Adblock Plus for IE
2016-10-17 22:01 - 2016-10-17 22:01 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-10-17 22:00 - 2016-10-17 22:00 - 00000901 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-10-17 21:59 - 2016-10-17 22:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-10-17 21:59 - 2016-10-17 22:00 - 00000000 ____D C:\Program Files\RogueKiller
2016-10-17 21:58 - 2016-10-17 23:05 - 00000000 ____D C:\ProgramData\RogueKiller
2016-10-17 21:56 - 2016-10-17 21:58 - 05710464 _____ C:\Users\Sylvia Delarosa\Desktop\DESKTOP-03F2B1D.arn
2016-10-17 21:55 - 2016-10-17 21:57 - 33551160 _____ (Adlice Software ) C:\Users\Sylvia Delarosa\Downloads\setup.exe
2016-10-17 20:47 - 2016-10-17 20:47 - 00000000 ____D C:\ProgramData\Motive
2016-10-17 17:38 - 2016-10-17 17:38 - 03798512 _____ (Coupons.com Incorporated) C:\Users\Sylvia Delarosa\Downloads\couponprinter (1).exe
2016-10-17 14:16 - 2016-10-17 14:16 - 00001998 _____ C:\Users\Sylvia Delarosa\Desktop\Rkill.txt
2016-10-17 14:15 - 2016-10-17 14:16 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Sylvia Delarosa\Downloads\rkill.exe
2016-10-16 21:47 - 2016-10-16 21:47 - 00000000 ____D C:\Program Files\Google
2016-10-16 19:28 - 2016-10-20 16:15 - 00000619 _____ C:\Users\Sylvia Delarosa\Desktop\JRT.txt
2016-10-16 19:26 - 2016-10-16 19:26 - 01631928 _____ (Malwarebytes) C:\Users\Sylvia Delarosa\Downloads\JRT.exe
2016-10-13 21:31 - 2016-10-13 21:31 - 00000000 ____D C:\Users\Sylvia Delarosa\Documents\CyberLink
2016-10-13 21:30 - 2016-10-13 21:30 - 00000000 ____D C:\Users\Sylvia Delarosa\AppData\Local\MediaShow
2016-10-13 21:30 - 2016-10-13 21:30 - 00000000 ____D C:\Users\Sylvia Delarosa\AppData\Local\CyberLink
2016-10-13 18:20 - 2016-10-13 18:20 - 00000000 ____D C:\Users\Sylvia Delarosa\AppData\Roaming\Motive
2016-10-12 20:16 - 2016-10-12 20:16 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-10-11 20:38 - 2016-10-05 02:56 - 01644736 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-10-11 20:38 - 2016-10-05 02:56 - 01242304 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-10-11 20:38 - 2016-10-05 02:56 - 00602304 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-10-11 20:38 - 2016-10-05 02:56 - 00591040 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-10-11 20:38 - 2016-10-05 02:56 - 00329920 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-10-11 20:38 - 2016-10-05 02:56 - 00290496 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-10-11 20:38 - 2016-10-05 02:56 - 00144576 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-10-11 20:38 - 2016-10-05 02:56 - 00085696 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-10-11 20:38 - 2016-10-05 02:20 - 01030408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-10-11 20:38 - 2016-10-05 02:20 - 00875480 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-10-11 20:38 - 2016-10-05 02:19 - 00129376 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tm.sys
2016-10-11 20:38 - 2016-10-05 02:18 - 07468384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-10-11 20:38 - 2016-10-05 02:18 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-10-11 20:38 - 2016-10-05 02:18 - 01142560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-10-11 20:38 - 2016-10-05 02:01 - 01637216 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-10-11 20:38 - 2016-10-05 02:01 - 01337184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2016-10-11 20:38 - 2016-10-05 01:54 - 01297760 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-10-11 20:38 - 2016-10-05 01:17 - 03693064 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-10-11 20:38 - 2016-10-05 01:15 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-10-11 20:38 - 2016-10-05 01:14 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-10-11 20:38 - 2016-10-05 01:09 - 00604920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-10-11 20:38 - 2016-10-05 00:45 - 00987488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-10-11 20:38 - 2016-10-05 00:39 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-10-11 20:38 - 2016-10-05 00:39 - 00576856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-10-11 20:38 - 2016-10-05 00:38 - 00636296 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-10-11 20:38 - 2016-10-05 00:38 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-10-11 20:38 - 2016-10-05 00:37 - 00640976 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-10-11 20:38 - 2016-10-05 00:31 - 00422240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-10-11 20:38 - 2016-10-05 00:25 - 00871776 _____ (Microsoft Corporation) C:\WINDOWS\system32\drvstore.dll
2016-10-11 20:38 - 2016-10-05 00:23 - 00305808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-10-11 20:38 - 2016-10-05 00:08 - 02937896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-10-11 20:38 - 2016-10-05 00:05 - 00256704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-10-11 20:38 - 2016-10-05 00:01 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-10-11 20:38 - 2016-10-05 00:00 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-10-11 20:38 - 2016-10-04 23:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-10-11 20:38 - 2016-10-04 23:50 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll
2016-10-11 20:38 - 2016-10-04 23:49 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpclean.dll
2016-10-11 20:38 - 2016-10-04 23:49 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-10-11 20:38 - 2016-10-04 23:47 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevDispItemProvider.dll
2016-10-11 20:38 - 2016-10-04 23:47 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\system32\offreg.dll
2016-10-11 20:38 - 2016-10-04 23:38 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-10-11 20:38 - 2016-10-04 23:35 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-10-11 20:38 - 2016-10-04 23:34 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2016-10-11 20:38 - 2016-10-04 23:33 - 00546456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-10-11 20:38 - 2016-10-04 23:32 - 00538744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-10-11 20:38 - 2016-10-04 23:30 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-10-11 20:38 - 2016-10-04 23:30 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DafPrintProvider.dll
2016-10-11 20:38 - 2016-10-04 23:30 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\system32\adsmsext.dll
2016-10-11 20:38 - 2016-10-04 23:29 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll
2016-10-11 20:38 - 2016-10-04 23:27 - 00370688 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack_win.dll
2016-10-11 20:38 - 2016-10-04 23:23 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-10-11 20:38 - 2016-10-04 23:19 - 00717152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\drvstore.dll
2016-10-11 20:38 - 2016-10-04 23:18 - 00253080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-10-11 20:38 - 2016-10-04 23:17 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\das.dll
2016-10-11 20:38 - 2016-10-04 23:17 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll
2016-10-11 20:38 - 2016-10-04 23:15 - 00458240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Enumeration.dll
2016-10-11 20:38 - 2016-10-04 23:10 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-10-11 20:38 - 2016-10-04 23:10 - 00602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-10-11 20:38 - 2016-10-04 23:07 - 01159168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ApplicationFrame.dll
2016-10-11 20:38 - 2016-10-04 23:05 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll
2016-10-11 20:38 - 2016-10-04 23:04 - 01718272 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-10-11 20:38 - 2016-10-04 23:02 - 01040896 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll
2016-10-11 20:38 - 2016-10-04 23:00 - 01661952 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2016-10-11 20:38 - 2016-10-04 23:00 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys
2016-10-11 20:38 - 2016-10-04 23:00 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-10-11 20:38 - 2016-10-04 22:57 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2016-10-11 20:38 - 2016-10-04 22:55 - 03549696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-10-11 20:38 - 2016-10-04 22:48 - 02437120 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2016-10-11 20:38 - 2016-10-04 22:40 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-10-11 20:38 - 2016-10-04 22:40 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll
2016-10-11 20:38 - 2016-10-04 22:37 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevDispItemProvider.dll
2016-10-11 20:38 - 2016-10-04 22:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offreg.dll
2016-10-11 20:38 - 2016-10-04 22:30 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-10-11 20:38 - 2016-10-04 22:29 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-10-11 20:38 - 2016-10-04 22:29 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-10-11 20:38 - 2016-10-04 22:28 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-10-11 20:38 - 2016-10-04 22:24 - 00217600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DafPrintProvider.dll
2016-10-11 20:38 - 2016-10-04 22:24 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\adsmsext.dll
2016-10-11 20:38 - 2016-10-04 22:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll
2016-10-11 20:38 - 2016-10-04 22:15 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll
2016-10-11 20:38 - 2016-10-04 22:14 - 03585536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-10-11 20:38 - 2016-10-04 22:13 - 00368128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Enumeration.dll
2016-10-11 20:38 - 2016-10-04 22:10 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-10-11 20:38 - 2016-10-04 22:09 - 00501760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-10-11 20:38 - 2016-10-04 22:05 - 01467904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-10-11 20:38 - 2016-10-04 22:04 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-10-11 20:38 - 2016-10-04 22:04 - 00885248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll
2016-10-11 20:38 - 2016-10-04 21:59 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSVidCtl.dll
2016-10-11 20:38 - 2016-10-04 21:55 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-10-11 20:38 - 2016-10-04 21:54 - 01987584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2016-10-11 20:38 - 2016-10-04 21:50 - 22379520 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-10-11 20:38 - 2016-10-04 21:50 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-10-11 20:38 - 2016-10-04 21:40 - 01626112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-10-11 20:38 - 2016-10-04 21:39 - 24611328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-10-11 20:38 - 2016-10-04 21:39 - 13392384 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-10-11 20:38 - 2016-10-04 21:39 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-10-11 20:38 - 2016-10-04 21:33 - 14255104 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-10-11 20:38 - 2016-10-04 21:27 - 09920512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-10-11 20:38 - 2016-10-04 21:26 - 07836672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-10-11 20:38 - 2016-10-04 21:22 - 03664384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-10-11 20:38 - 2016-10-04 21:13 - 19349504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-10-11 20:38 - 2016-10-04 21:13 - 18675200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-10-11 20:38 - 2016-10-04 21:13 - 12134400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-10-11 20:38 - 2016-10-04 21:06 - 12587008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-10-11 20:38 - 2016-10-04 21:01 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-10-11 20:38 - 2016-09-30 21:16 - 00446124 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-10-11 20:38 - 2016-09-26 21:39 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-10-11 20:38 - 2016-09-17 03:08 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-10-11 20:38 - 2016-09-17 02:45 - 02610176 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-10-11 20:38 - 2016-09-17 02:28 - 03077120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-10-11 20:38 - 2016-09-17 02:12 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-10-11 20:38 - 2016-09-17 01:45 - 06312448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-10-11 20:38 - 2016-09-17 01:43 - 02552832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-10-11 20:38 - 2016-09-17 01:22 - 04405248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-10-11 20:38 - 2016-06-17 23:55 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiapi.dll
2016-10-11 20:38 - 2016-06-17 23:51 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll
2016-10-11 20:38 - 2016-06-17 23:49 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiapi.dll
2016-10-11 20:38 - 2016-06-17 23:45 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll
2016-10-06 21:54 - 2016-08-26 09:42 - 00484776 _____ (HP Inc.) C:\WINDOWS\system32\hpcpn190.dll
2016-10-06 21:54 - 2016-08-26 09:42 - 00453544 _____ (HP Inc.) C:\WINDOWS\SysWOW64\hpcc3190.dll
2016-10-06 21:54 - 2016-08-26 09:42 - 00310512 _____ (HP Inc.) C:\WINDOWS\system32\hpmlm190.dll
2016-10-06 21:54 - 2016-08-26 09:42 - 00264944 _____ (HP Inc.) C:\WINDOWS\system32\hpmml190.dll
2016-10-06 21:54 - 2016-08-26 09:42 - 00241904 _____ (HP Inc.) C:\WINDOWS\system32\hpmja190.dll
2016-10-06 21:54 - 2016-08-26 09:42 - 00229800 _____ (HP Inc.) C:\WINDOWS\system32\hpmpm081.dll
2016-10-06 21:54 - 2016-08-26 09:42 - 00204200 _____ (HP Inc.) C:\WINDOWS\system32\hpmtp190.dll
2016-10-06 21:54 - 2016-08-26 09:42 - 00178088 _____ (HP Inc.) C:\WINDOWS\system32\hpcjpm.dll
2016-10-06 21:54 - 2016-08-26 09:42 - 00127912 _____ (HP Inc.) C:\WINDOWS\system32\hpmpw081.dll
2016-09-27 08:34 - 2016-09-27 08:34 - 03798512 _____ (Coupons.com Incorporated) C:\Users\Sylvia Delarosa\Downloads\couponprinter.exe
2016-09-26 23:09 - 2016-09-26 23:09 - 00000000 ____D C:\ProgramData\Sun
2016-09-22 20:58 - 2016-09-22 20:58 - 00678504 ____N (Coupons, Inc.) C:\WINDOWS\cpnprt2x64.cid

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-10-20 16:51 - 2016-03-11 18:16 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-10-20 16:51 - 2016-03-11 18:16 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-10-20 16:17 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-10-20 16:17 - 2015-10-12 21:49 - 00883044 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-10-20 16:10 - 2016-03-10 03:28 - 00000000 ____D C:\Program Files (x86)\Glary Utilities 5
2016-10-20 16:10 - 2015-10-12 21:54 - 03254918 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2016-10-20 16:09 - 2016-04-06 20:13 - 00000380 _____ C:\WINDOWS\Tasks\HPCeeScheduleForSDelarosa.job
2016-10-20 16:09 - 2016-02-25 14:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-10-20 16:08 - 2016-03-22 02:53 - 00000000 ____D C:\AdwCleaner
2016-10-20 16:08 - 2016-02-25 14:24 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-10-20 16:08 - 2015-10-30 01:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-10-19 23:13 - 2016-04-06 20:13 - 00003288 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForSDelarosa
2016-10-19 22:25 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-10-19 21:37 - 2016-06-01 23:47 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2016-10-19 21:37 - 2016-04-01 01:19 - 00000000 ____D C:\ProgramData\GlarySoft
2016-10-19 20:43 - 2016-01-30 23:09 - 143495576 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-10-19 20:21 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-10-19 20:09 - 2016-02-25 01:27 - 00000000 ____D C:\Users\Sylvia Delarosa\Documents\Outlook Files
2016-10-17 23:23 - 2016-08-24 19:21 - 00002686 _____ C:\WINDOWS\System32\Tasks\SoftwareUpdate Pro
2016-10-17 23:17 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-10-17 22:40 - 2015-07-10 06:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-10-17 20:52 - 2016-03-22 01:45 - 00000000 ____D C:\Users\Sylvia Delarosa\AppData\Local\ElevatedDiagnostics
2016-10-16 21:47 - 2016-03-11 18:16 - 00000000 ____D C:\Program Files (x86)\Google
2016-10-16 19:36 - 2016-03-22 01:42 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-10-13 21:31 - 2016-01-30 23:52 - 00000000 ____D C:\Users\Sylvia Delarosa\AppData\Roaming\CyberLink
2016-10-13 21:30 - 2015-10-12 21:44 - 00000000 ____D C:\ProgramData\CyberLink
2016-10-13 18:31 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-10-13 18:31 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-10-13 18:19 - 2016-03-10 03:29 - 00000000 ____D C:\Users\Sylvia Delarosa\AppData\Roaming\GlarySoft
2016-10-12 19:40 - 2015-10-12 21:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-10-12 19:40 - 2015-10-12 21:49 - 00000000 ____D C:\Program Files\Dell
2016-10-12 19:28 - 2016-02-25 01:29 - 00000337 _____ C:\WINDOWS\SysWOW64\DLC_Debug_log.txt
2016-10-12 19:28 - 2015-10-12 21:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-10-12 06:50 - 2016-06-01 23:44 - 00004012 _____ C:\GUDownLoaddebug.txt
2016-10-11 22:54 - 2016-07-27 20:45 - 00001151 _____ C:\Users\Public\Desktop\Glary Utilities 5.lnk
2016-10-11 22:54 - 2016-03-10 03:29 - 00003404 _____ C:\WINDOWS\System32\Tasks\GlaryInitialize 5
2016-10-11 22:54 - 2016-03-10 03:29 - 00003050 _____ C:\WINDOWS\System32\Tasks\GU5SkipUAC
2016-10-11 22:54 - 2016-03-10 03:29 - 00001163 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glary Utilities 5.lnk
2016-10-11 22:46 - 2015-10-12 23:02 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-10-11 22:34 - 2016-02-25 14:21 - 00420992 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-10-11 22:31 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-10-11 22:31 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-10-11 20:56 - 2016-01-30 23:09 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-10-11 20:28 - 2016-04-28 21:58 - 00004562 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2016-10-11 20:27 - 2016-04-28 21:57 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-10-10 23:41 - 2016-01-16 02:23 - 00000000 ____D C:\Users\Sylvia Delarosa\AppData\Local\Packages
2016-10-09 22:35 - 2016-03-11 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-10-04 14:07 - 2016-03-11 18:19 - 00000000 ___RD C:\Users\Sylvia Delarosa\Google Drive
2016-10-02 23:09 - 2016-02-25 14:28 - 00000000 ____D C:\Users\Sylvia Delarosa
2016-10-01 22:53 - 2016-04-24 15:12 - 00000258 _____ C:\Users\Sylvia Delarosa\Desktop\Nextdoor.url
2016-09-30 19:23 - 2015-10-30 02:26 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-09-30 19:23 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-09-26 23:09 - 2016-03-19 17:26 - 00000000 ____D C:\ProgramData\Oracle

==================== Files in the root of some directories =======

2016-04-05 23:58 - 2016-04-05 23:58 - 0000017 _____ () C:\Users\Sylvia Delarosa\AppData\Local\resmon.resmoncfg
2016-02-25 14:25 - 2016-02-25 14:25 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2016-03-29 16:05 - 2016-04-10 22:32 - 0001839 _____ () C:\ProgramData\hpzinstall.log
2015-10-12 21:49 - 2015-10-12 21:49 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-10-12 21:44 - 2015-10-12 21:45 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-10-12 21:47 - 2015-10-12 21:49 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-10-12 21:45 - 2015-10-12 21:47 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log

Some files in TEMP:
====================
C:\Users\Sylvia Delarosa\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Sylvia Delarosa\AppData\Local\Temp\IHU6EE4.tmp.exe
C:\Users\Sylvia Delarosa\AppData\Local\Temp\IHU9067.tmp.exe
C:\Users\Sylvia Delarosa\AppData\Local\Temp\libeay32.dll
C:\Users\Sylvia Delarosa\AppData\Local\Temp\msvcr120.dll
C:\Users\Sylvia Delarosa\AppData\Local\Temp\sqlite3.dll

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-10-13 14:13

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by SDelarosa (20-10-2016 17:26:18)
Running from C:\Users\Sylvia Delarosa\Desktop
Windows 10 Home Version 1511 (X64) (2016-02-25 20:02:58)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-124333529-1207821202-3831165340-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-124333529-1207821202-3831165340-503 - Limited - Disabled)
Guest (S-1-5-21-124333529-1207821202-3831165340-501 - Limited - Disabled)
SDelarosa (S-1-5-21-124333529-1207821202-3831165340-1002 - Administrator - Enabled) => C:\Users\Sylvia Delarosa

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 21.2.1 - HP Inc.) Hidden
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20039 - Adobe Systems Incorporated)
AIO_CDA_ProductContext (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
AIO_CDA_Software (x32 Version: 140.0.428.000 - Hewlett-Packard) Hidden
AIO_Scan (x32 Version: 130.0.421.000 - Hewlett-Packard) Hidden
AMD Catalyst Install Manager (HKLM\...\{BB0F1FB3-6352-BDEE-32D3-B3F463E3B95C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
C3100 (x32 Version: 140.0.425.000 - Hewlett-Packard) Hidden
c3100_Help (x32 Version: 82.0.256.000 - Hewlett-Packard) Hidden
Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F0DB834}) (Version: 3.4.13900.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.)
Dell Help & Support (Version: 2.3.22.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{B57A8AFE-6735-4497-BD52-BD2F838F5CF0}) (Version: 1.2.1.31 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
Glary Utilities 5.61 (HKLM-x32\...\Glary Utilities 5) (Version: 5.61.0.82 - Glarysoft Ltd)
Google Advertising Cookie Opt-out (HKLM\...\{A2E00B38-848D-4898-9109-BFA37C074DDC}) (Version: 1.0.1.0 - Google Inc)
Google Drive (HKLM-x32\...\{FDEDE86B-3597-40D7-8568-4649F651EDBD}) (Version: 1.32.3363.5836 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP Photosmart All-In-One Driver Software (HKLM\...\{4F6C1178-3FC0-44BB-8F9A-28D8516DFEE2}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.3.34.7 - HP)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.32.37 - HP)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{DC5673D2-228D-45BC-B9BB-9610CE67DFC0}) (Version: 17.1.1524.1353 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{4c8b7360-62a2-4339-b745-41323055d0bb}) (Version: 18.20.0 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
MarketResearch (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Maxx Audio Installer (x64) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6568.2036 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
OEM Application Profile (HKLM-x32\...\{B4B7FD8F-06FC-E277-4F29-8F75F8281D8F}) (Version: 1.00.0000 - Advanced Micro Devices, Inc.)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6528.1017 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1017 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6528.1017 - Microsoft Corporation) Hidden
Product Registration (HKLM-x32\...\InstallShield_{C1600AC7-74E3-4BB5-8B42-B13653792252}) (Version: 2.2.38.0 - Dell Inc.)
Product Registration (Version: 2.2.38.0 - Dell Inc.) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.006 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.31213 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7737 - Realtek Semiconductor Corp.)
RogueKiller version 12.7.3.0 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12.7.3.0 - Adlice Software)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-124333529-1207821202-3831165340-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Sylvia Delarosa\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06B2B22E-1876-45D0-BA96-59CBF1B553B2} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.)
Task: {0D4CB942-366A-4D48-9271-571B3A4A9D3D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-08-18] (HP Inc.)
Task: {120CEB51-BDF2-447F-9DD1-3A7040812D92} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {3DFE4A85-E349-4CA8-91B3-792441B5BBAE} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-11] (Google Inc.)
Task: {55BA444F-4175-42D9-8F67-161355E9965E} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-03-02] (Microsoft Corporation)
Task: {5BAF78B8-EB00-412F-BF43-A8712C70EDBE} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {5E0AE28C-AF18-4D49-8740-B4E3F3666A97} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-03-14] (Dell Inc.)
Task: {60687931-5732-42C7-9C14-7EC93A5B6A8E} - System32\Tasks\SoftwareUpdate Pro => C:\Program Files (x86)\Glarysoft\Software Update Pro\SoftwareUpdatePro.exe
Task: {6642A2BF-489C-4267-A64A-A0A0DA71C886} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation)
Task: {69618FED-338F-4924-B52B-032989BEA71C} - System32\Tasks\GU5SkipUAC => C:\Program Files (x86)\Glary Utilities 5\Integrator.exe [2016-10-09] (Glarysoft Ltd)
Task: {7109CAC4-3BA9-468C-B9C7-5082910D9E9B} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {758B6C19-5BF7-45B1-AB24-B93E46ED2DCE} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {7BDE21A6-1F23-4FA8-AF34-5205B8EA22F1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-28] (Microsoft Corporation)
Task: {7E849C76-863E-4E50-A121-0D4FC73FE9C9} - System32\Tasks\GlaryInitialize 5 => C:\Program Files (x86)\Glary Utilities 5\Initialize.exe [2016-10-09] (Glarysoft Ltd)
Task: {83D7FB74-2BEC-4F0E-B709-E50AD60DCD4F} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-09-16] (Adobe Systems Incorporated)
Task: {849FAD84-E206-45C9-95C6-2086ECB106CD} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {8BCD6832-267B-4155-B8C4-5A2CE39F37B0} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-08-23] (HP Inc.)
Task: {8C5CBC6C-0079-4FFC-A0E2-BDE9147AC37A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater - Resources => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {A7BBB5A7-BBB6-4D50-AB8C-AC64DF7D1EBA} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-11] (Google Inc.)
Task: {B99DBCA6-ECC5-4B64-95A7-1AE23454EACE} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-08-18] (CyberLink)
Task: {CAB6637D-A242-4A00-8B09-CF90976376F8} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-05] (Realtek Semiconductor)
Task: {DA5E1720-EF08-4118-82F2-B5D13B63BE05} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {DD877B2F-4CDA-4210-8FEB-336AB03D660B} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {ED42677D-F846-4634-893E-DBF758671AD8} - System32\Tasks\HPCeeScheduleForSDelarosa => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2016-01-22] (Hewlett-Packard)
Task: {F2F2D5C4-E958-4EE5-9598-D36E2419B23A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_CN65OC60BH => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-10-12] (HP Inc.)
Task: {F9FEFE32-A619-463B-BC7A-FB9C7AF26738} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-10-19] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForSDelarosa.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-10-12 21:47 - 2014-04-14 20:59 - 00253776 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-09-14 22:30 - 2016-09-07 00:39 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-09-14 22:30 - 2016-09-07 00:39 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-03-15 20:31 - 2016-02-28 05:22 - 08914120 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-07-15 23:39 - 2015-07-15 23:39 - 00138752 _____ () c:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2016-02-25 16:15 - 2016-02-25 16:15 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 01:36 - 2016-06-30 22:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-09-14 22:27 - 2016-09-06 23:15 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-09-14 22:27 - 2016-09-06 23:10 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-14 22:27 - 2016-09-06 23:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-09-14 22:27 - 2016-09-06 23:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-23 18:26 - 2015-06-23 18:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-124333529-1207821202-3831165340-1002\...\txtag.org -> hxxps://txtag.org

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 06:04 - 2015-07-10 06:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-124333529-1207821202-3831165340-1002\Control Panel\Desktop\\Wallpaper -> C:\Users\Sylvia Delarosa\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

HKLM\...\StartupApproved\Run: => "RTHDVCPL"
HKLM\...\StartupApproved\Run: => "RtHDVBg_MAXX6"
HKLM\...\StartupApproved\Run: => "WavesSvc"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "Http Listener"
HKLM\...\StartupApproved\Run32: => "MalTray"
HKU\S-1-5-21-124333529-1207821202-3831165340-1002\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-124333529-1207821202-3831165340-1002\...\StartupApproved\Run: => "Skype"
HKU\S-1-5-21-124333529-1207821202-3831165340-1002\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-124333529-1207821202-3831165340-1002\...\StartupApproved\Run: => "GoogleDriveSync"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{2FBBF316-84E3-4BEA-94B9-AB73FC2317C9}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{2CDA8F51-4057-4CEB-A8FD-3F8F3E23342A}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{DC626857-79AC-4C07-B076-D48DBFE8AF10}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{3130BE3A-41A5-4B52-9259-0CFDBF83C89B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{35FA2DE1-642B-4FED-B280-C4CC1B83CC78}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{FB58729E-DE51-4939-B30A-F155A39D03D0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{84F4CD3B-3BD4-4385-A3F9-262CD2D7F846}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{BD2B7D50-BD2E-42CC-87FC-196BF66B43F9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{EF737818-EFE5-4759-AF5D-C602868D7523}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{AB090356-443A-4D70-9A93-9AF6C457715C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
FirewallRules: [{D6690608-CF45-4707-8900-C901E001B5A4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{D9FD0263-4B37-4AE6-A70E-465DA777BD6F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{78EB06B3-EE48-4A2F-AAF1-BCF7681AC82F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{CB5946D9-E44E-4CD9-847D-110AA6193DB6}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqnrs08.exe
FirewallRules: [{AAACD9A2-0985-44F9-9270-3D0E1ABA0EE9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{2C7E7444-4BA0-442F-9E76-3516F752B3C2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{C911D749-1989-4661-B79B-1D3018170FBD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{59AC819C-8653-40A7-A0C5-B02BEB6DFFD9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{082F32B9-B702-4CAA-8A2E-E4173D1E3919}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{0D771310-CD73-4614-BD56-176AE4EF036C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{36298D51-C435-4217-AA7A-B847E1C519E4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{28F7000D-F584-4F93-887A-B3C5C7ED2AD5}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{CDCC0AFD-3AC0-46C3-BFF1-02E78540F1B7}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{C6B0C5AF-AD79-467F-873C-D116EE406F21}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [UDP Query User{9397C365-847E-48F8-8D0C-2BBD401E5989}C:\windows\explorer.exe] => (Block) C:\windows\explorer.exe
FirewallRules: [TCP Query User{67E782D4-B2B1-4B33-AE9C-240965CE5CBC}C:\program files (x86)\glarysoft\software update pro\softwareupdatepro.exe] => (Block) C:\program files (x86)\glarysoft\software update pro\softwareupdatepro.exe
FirewallRules: [UDP Query User{56F34E22-7BBE-480F-A71B-2FBF0FE2F64D}C:\program files (x86)\glarysoft\software update pro\softwareupdatepro.exe] => (Block) C:\program files (x86)\glarysoft\software update pro\softwareupdatepro.exe
FirewallRules: [TCP Query User{0A27F793-492D-421F-91B8-F4E3F412521B}C:\program files (x86)\glarysoft\software update pro\softwareupdatepro.exe] => (Block) C:\program files (x86)\glarysoft\software update pro\softwareupdatepro.exe
FirewallRules: [UDP Query User{546A5E61-15E6-4270-BC72-44EC21FF247E}C:\program files (x86)\glarysoft\software update pro\softwareupdatepro.exe] => (Block) C:\program files (x86)\glarysoft\software update pro\softwareupdatepro.exe

==================== Restore Points =========================

08-10-2016 20:32:27 Installed Google Drive
09-10-2016 22:33:44 Installed Google Drive
12-10-2016 18:53:44 Dell Update: Dell Help & Support
16-10-2016 19:26:45 JRT Pre-Junkware Removal
17-10-2016 13:40:14 JRT Pre-Junkware Removal
20-10-2016 16:12:50 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============

Name: HP OfficeJet Pro 8730
Description: HP OfficeJet Pro 8730
Class Guid: {4d36e971-e325-11ce-bfc1-08002be10318}
Manufacturer: HP
Service:
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (10/20/2016 04:13:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (10/20/2016 11:29:16 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-03F2B1D)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/19/2016 11:16:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-03F2B1D)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/19/2016 11:10:54 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Event-ID 0

Error: (10/19/2016 09:24:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.10586.596, time stamp: 0x57dcf0fb
Faulting module name: KERNELBASE.dll, version: 10.0.10586.589, time stamp: 0x57cf9bf1
Exception code: 0xc06d007e
Fault offset: 0x000bdb18
Faulting process id: 0x1a74
Faulting application start time: 0x01d22a76fd85b87a
Faulting application path: C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
Faulting module path: C:\WINDOWS\SYSTEM32\KERNELBASE.dll
Report Id: 797d9565-2b50-48bd-a31b-2e49824c91b1
Faulting package full name:
Faulting package-relative application ID:

Error: (10/19/2016 09:05:25 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: taskhostw.exe, version: 10.0.10586.0, time stamp: 0x5632d756
Faulting module name: ntdll.dll, version: 10.0.10586.306, time stamp: 0x571af2eb
Exception code: 0xc0000374
Fault offset: 0x00000000000ee6fc
Faulting process id: 0x14cc
Faulting application start time: 0x01d22a766be2b69b
Faulting application path: C:\WINDOWS\system32\taskhostw.exe
Faulting module path: C:\WINDOWS\SYSTEM32\ntdll.dll
Report Id: daacebbe-7937-41e4-9980-5d8498b50374
Faulting package full name:
Faulting package-relative application ID:

Error: (10/19/2016 05:35:40 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-03F2B1D)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/19/2016 05:13:54 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-03F2B1D)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/19/2016 10:59:18 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-03F2B1D)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (10/18/2016 11:28:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-03F2B1D)
Description: Activation of app Microsoft.LockApp_cw5n1h2txyewy!WindowsDefaultLockScreen failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

System errors:
=============
Error: (10/20/2016 04:08:42 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Search service failed to start due to the following error:
The service did not start due to a logon failure.

Error: (10/20/2016 04:08:42 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The WSearch service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error:
The request is not supported.

To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).

Error: (10/20/2016 04:08:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (10/20/2016 04:08:40 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (10/20/2016 04:08:39 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\WINDOWS\System32\IWMSSvc.dll

Error: (10/20/2016 04:08:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_634ca service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/20/2016 04:08:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_634ca service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/20/2016 04:08:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_634ca service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/20/2016 04:08:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_634ca service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/20/2016 04:08:14 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

CodeIntegrity:
===================================
  Date: 2016-10-14 09:17:48.066
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-13 21:33:25.169
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-11 22:35:41.417
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-10-01 13:53:57.918
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-30 20:46:57.448
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-22 09:54:46.083
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-18 08:25:55.276
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-18 08:23:16.504
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-15 08:25:27.698
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-09-12 23:06:02.233
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

==================== Memory info ===========================

Processor: AMD A8-7410 APU with AMD Radeon R5 Graphics
Percentage of memory in use: 25%
Total physical RAM: 11200.25 MB
Available physical RAM: 8387.78 MB
Total Virtual: 12928.25 MB
Available Virtual: 9983.55 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:1849.69 GB) (Free:1755.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 1863 GB) (Disk ID: D3590270)

Partition: GPT.

==================== End of Addition.txt ============================



#3 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:48 PM

Posted 22 October 2016 - 09:57 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.

Please copy the entire contents of the code box below to a new file.
 
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\npMotive.dll [No File]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]


End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry.

The tool will create a log (Fixlog.txt) please post it to your reply.

Please let me know what problem persists with this computer.


===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141
===

If the problem persists run this cleaning tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#4 delaroo

delaroo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 25 October 2016 - 05:03 PM

Sorry for late response. Yes, I will do now.



#5 delaroo

delaroo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 25 October 2016 - 06:52 PM

Nasdaq,

 

Attached are the logs from the FarBar and Zoek scans.  There seems to be improvement on IE after "surfing" for a few minutes. No freezing, crashing and ads are less, although not all gone. Not even sure removing all is possible.  However, still noticing pages taking awhile to open/load.

 

Fix result of Farbar Recovery Scan Tool (x64) Version: 17-10-2016
Ran by SDelarosa (25-10-2016 17:15:20) Run:1
Running from C:\Users\Sylvia Delarosa\Desktop
Loaded Profiles: SDelarosa (Available Profiles: SDelarosa)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

HKLM-x32\...\Run: [] => [X]
FF Plugin-x32: @Motive.com/NpMotive,version=1.1 -> C:\Program Files (x86)\ATT\8.5.1.16\ma\bin\npMotive.dll [No File]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
S3 MREMP50; \??\C:\PROGRA~2\COMMON~1\Motive\MREMP50.SYS [X]
S3 MREMP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MREMP50a64.SYS [X]
S3 MREMPR5; \??\C:\PROGRA~1\COMMON~1\Motive\MREMPR5.SYS [X]
S3 MRENDIS5; \??\C:\PROGRA~1\COMMON~1\Motive\MRENDIS5.SYS [X]
S3 MRESP50; \??\C:\PROGRA~2\COMMON~1\Motive\MRESP50.SYS [X]
S3 MRESP50a64; \??\C:\PROGRA~1\COMMON~1\Motive\MRESP50a64.SYS [X]

End
*****************

Restore point was successfully created.
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@Motive.com/NpMotive,version=1.1" => key removed successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\fheoggkfdfchfphceeifdbepaooicaho" => key removed successfully
MREMP50 => service removed successfully
MREMP50a64 => service removed successfully
MREMPR5 => service removed successfully
MRENDIS5 => service removed successfully
MRESP50 => service removed successfully
MRESP50a64 => service removed successfully

=========== EmptyTemp: ==========

BITS transfer queue => 32768 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15263886 B
Java, Flash, Steam htmlcache => 7946 B
Windows/system/drivers => 22725410 B
Edge => 413690 B
Chrome => 0 B
Firefox => 0 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 6656 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 22090 B
NetworkService => 678202 B
Sylvia Delarosa => 3874802 B

RecycleBin => 0 B
EmptyTemp: => 41 MB temporary data Removed.

================================

The system needed a reboot.

==== End of Fixlog 17:17:45 ====

 

__________________________

 

Zoek.exe v5.0.0.1 Updated 19-September-2016
Tool run by SDelarosa on Tue 10/25/2016 at 17:58:20.63.
Microsoft Windows 10 Home 10.0.10586  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Sylvia Delarosa\Desktop\zoek.exe [Scan all users] [Script inserted]

==== System Restore Info ======================

10/25/2016 5:59:46 PM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Glarysoft deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\Users\Sylvia Delarosa\AppData\Local\ActiveSync deleted successfully
C:\Users\Sylvia Delarosa\AppData\Local\MediaShow deleted successfully
C:\Users\Sylvia Delarosa\AppData\Local\NetworkTiles deleted successfully
C:\Users\Sylvia Delarosa\AppData\Local\VirtualStore deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\Maps deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================

==== Deleting CLSID Registry Values ======================

==== Deleting Services ======================

==== Batch Command(s) Run By Tool======================

==== Deleting Files \ Folders ======================

C:\PROGRA~2\Glarysoft not found
C:\Users\Sylvia Delarosa\.android deleted
C:\PROGRA~3\{05EE3202-A879-4F9D-895C-AC535855E0A9} deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\WINDOWS\Syswow64\InstallUtil.InstallLog deleted

==== Chromium Look ======================

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="https://www.google.com/"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{A76EB836-1091-4839-BB3C-2A8720EF7E36}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\SearchScopes\{A76EB836-1091-4839-BB3C-2A8720EF7E36} - http://www.bing.com/search?q={searchTerms}&form=PRDLC1&src=IE11TR&pc=DCTE
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{A76EB836-1091-4839-BB3C-2A8720EF7E36}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{A76EB836-1091-4839-BB3C-2A8720EF7E36} - http://www.bing.com/search?q={searchTerms}&form=PRDLC1&src=IE11TR&pc=DCTE
HKCU\SearchScopes "DefaultScope"="{B63CDBC1-C895-4199-9F94-C7171BB82B28}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
HKCU\SearchScopes\{B63CDBC1-C895-4199-9F94-C7171BB82B28} - https://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

==== Reset Google Chrome ======================

Nothing found to reset

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Sylvia Delarosa\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Sylvia Delarosa\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Sylvia Delarosa\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Sylvia Delarosa\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

No Chrome User Data found

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

Java Cache cleared successfully

==== C:\zoek_backup content ======================

C:\zoek_backup (files=32 folders=26 94920267 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\SYLVIA~1\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Tue 10/25/2016 at 18:27:15.20 ======================

 

Can you also tell me in layman's terms what issues the scans found and how to avoid in the future?  I don't really understand the logs. lol.  Not sure if my settings are incorrect or if I had insufficient anti-virus/malware protection (Now using Malwarebytes Anti-malware, Windows Defender, Firewall).

 

I really appreciate your help with this as it's driving me crazy!



#6 delaroo

delaroo
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:10:48 AM

Posted 25 October 2016 - 09:11 PM

Well after being on the internet for a couple of hours I see that loading pages is still taking a long time.  Also, I forgot to mention on my original post that I'm also getting error message "Internet Explorer has stopped working...A problem caused the program to stop working correctly....."  Can you also advise on this?

 

Thank you again



#7 nasdaq

nasdaq

  • Malware Response Team
  • 40,182 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:12:48 PM

Posted 26 October 2016 - 09:24 AM



Nothing suspicious was removed with my fix or the Zoek cleaning tool.

Other than removing and cleaning your caches all should be well.

===

Boot the System if Safe mode with Networking.
How to:
https://support.microsoft.com/en-us/help/12376/windows-10-start-your-pc-in-safe-mode

Run Internet explorer. Is the problem persisting?

If YES try this.

Verify the integrity of the Operating files. Let me know if Internet Explorer is still an issue.

ATTENTION: System Restore is disabled
Turn System Restore On for Drives in Windows 10
http://www.tenforums.com/tutorials/4533-system-protection-turn-off-drives-windows-10-a.html
===

Keep me posted.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users