Author Topic: [In Progress] Unable to keep Windows Defender running  (Read 2837 times)

Offline Grumpy Old Man

  • Bronze Member
  • Posts: 18
[In Progress] Unable to keep Windows Defender running
« on: September 02, 2016, 02:48:24 PM »
I started WinDef a couple days ago and it has been stopped; the only way I have found to restart it is when I get the notification -activate anti-virus- but it goes away too quickly. When I open 'settings' Defender is grayed.

When I go to certain websited (ie. state unemployment weekly sign in) it is 'locked' at the last time I filed for a week and will not allow me to file for the current week.
DDS follows:
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.545
Run by Zaacharia at 13:31:03 on 2016-09-02
Microsoft Windows 10 Home  10.0.10586.0.1252.1.1033.18.7129.4667 [GMT -7:00]
.
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Spybot - Search and Destroy *Enabled/Updated* {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\SysWOW64\tbaseprovisioning.exe
C:\WINDOWS\system32\atiesrxx.exe
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\WINDOWS\system32\WLANExt.exe
C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
C:\WINDOWS\system32\EscSvc64.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
C:\WINDOWS\system32\BtwRSupportService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
C:\WINDOWS\System32\tcpsvcs.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\System32\snmp.exe
C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSMonitorServicePDVD15.exe
C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
C:\Program Files\CyberLink\Shared files\RichVideo64.exe
C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
C:\Program Files\TOSHIBA\Teco\TecoService.exe
C:\WINDOWS\System32\svchost.exe -k LocalServicePeerNet
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
C:\WINDOWS\System32\dwm.exe
C:\WINDOWS\system32\atieclxx.exe
C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\PROGRAM FILES\SYNAPTICS\SYNTP\SYNTPHELPER.EXE
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
C:\Program Files\TOSHIBA\Teco\TecoResident.exe
C:\Program Files (x86)\Mozilla Thunderbird\thunderbird.exe
C:\Program Files\BOINC\boinctray.exe
C:\Program Files\BOINC\boincmgr.exe
C:\Program Files (x86)\Steam\Steam.exe
C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
C:\Program Files\BOINC\boinc.exe
C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
C:\Program Files (x86)\Common Files\Steam\SteamService.exe
C:\ProgramData\BOINC\projects\climateprediction.net\wah2_8.12_windows_intelx86.exe
C:\ProgramData\BOINC\projects\universeathome.pl_universe\BHspin2_1_windows_x86_64.exe
C:\WINDOWS\System32\fontdrvhost.exe
C:\ProgramData\BOINC\projects\climateprediction.net\wah2am3m2_um_8.12_windows_intelx86.exe
C:\ProgramData\BOINC\projects\climateprediction.net\wah2rm3m2t_um_8.12_windows_intelx86.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe
C:\Windows\System32\SystemSettingsBroker.exe
C:\WINDOWS\System32\NetworkUXBroker.exe
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\Program Files (x86)\Mozilla Firefox\plugin-container.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerPlugin_22_0_0_209.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uWindow Title = Internet Explorer provided by TOSHIBA
mStart Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-616708a0
BHO: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
TB: E-Web Print: {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
EB: E-Web Print: {A60C1DC7-64B3-4AD9-8E67-035D11B8B2B0} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll
uRun: [BlazeServoTool] "C:\Program Files (x86)\BlazeVideo\BlazeHDAV 6.0\MediaDetector.exe"
uRun: [Steam] "C:\Program Files (x86)\Steam\steam.exe" -silent
uRun: [Power2GoExpress10] "C:\Program Files (x86)\CyberLink\Power2Go10\Power2GoExpress10.exe" /Startup
uRun: [Chromium] "c:\users\zaacharia\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session --restore-last-session
uRun: [EPLTarget\P0000000000000000] C:\WINDOWS\System32\spool\DRIVERS\x64\3\E_YATIMBE.EXE /EPT "EPLTarget\P0000000000000000" /M "WF-2650 Series"
uRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
mRun: [TSVU] "c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe"
mRun: [FUFAXRCV] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe"
mRun: [FUFAXSTM] "C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe"
mRun: [CLMLServer_For_P2G10] "C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe"
mRun: [PowerDVD15Agent] "C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe"
mRun: [EEventManager] "C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe"
mRun: [Fitbit Connect] "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
mRun: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
mPolicies-System: DSCAutomationHostEnabled = dword:2
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
.
INFO: HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{7932e7a1-016b-46fd-ae53-be925d34bdf0} : DHCPNameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{7932e7a1-016b-46fd-ae53-be925d34bdf0}\24A5E40214962707F6274702642756560275966496 : DHCPNameServer = 10.128.128.128
TCP: Interfaces\{7932e7a1-016b-46fd-ae53-be925d34bdf0}\258402D4F44554C4 : DHCPNameServer = 10.10.10.254 8.8.8.8
TCP: Interfaces\{7932e7a1-016b-46fd-ae53-be925d34bdf0}\75F6F646C616E64637F57457563747 : DHCPNameServer = 75.75.75.75 75.75.76.76
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Notify: SDWinLogon - SDWinLogon.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages =  ""
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-616708a0
x64-mWindow Title = Internet Explorer provided by TOSHIBA
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [TCrdMain] C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
x64-Run: [TecoResident] C:\Program Files\TOSHIBA\Teco\TecoResident.exe
x64-Run: [TSSSrv] C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe
x64-Run: [SynTPEnh] C:\Program Files (x86)\Synaptics\SynTP\SynTPEnh.exe
x64-Run: [boinctray] "C:\Program Files\BOINC\boinctray.exe"
x64-Run: [boincmgr] "C:\Program Files\BOINC\boincmgr.exe" /a /s
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
.
INFO: x64-HKLM has more than 50 listed domains.
   If you wish to scan all of them, select the 'Force scan all domains' option.
.
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
Hosts: 127.0.0.1   www.spywareinfo.com
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\
FF - prefs.js: browser.search.selectedEngine - Yahoo®
FF - prefs.js: browser.startup.homepage - about:home
FF - prefs.js: keyword.URL - hxxp://www.bing.com/search?FORM=SL5IDF&PC=SL5I&q=
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrlui.dll
FF - plugin: C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2.dll
FF - plugin: C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB}\plugins\npietab2_x64.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll
.
============= SERVICES / DRIVERS ===============
.
R0 amdkmpfd;AMD PCI Root Bus Lower Filter;C:\WINDOWS\System32\drivers\amdkmpfd.sys [2015-2-26 36608]
R0 amdpsp;AMD PSP Service;C:\WINDOWS\System32\drivers\amdpsp.sys [2015-6-23 277240]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-30 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-30 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-30 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-30 218624]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2016-5-13 87552]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-30 8192]
R1 VBoxNetLwf;VirtualBox NDIS6 Bridged Networking Service;C:\WINDOWS\System32\drivers\VBoxNetLwf.sys [2015-11-10 194976]
R2 {687703DE-DC6D-4649-892B-B8497854A6AB};Power Control [2016/05/29 02:33:17];C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [2016-5-29 29896]
R2 AdaptiveSleepService;AdaptiveSleepService;C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe [2014-4-22 140288]
R2 AMD External Events Utility;AMD External Events Utility;C:\WINDOWS\System32\atiesrxx.exe [2015-10-8 264224]
R2 BcmBtRSupport;Bluetooth Driver Management Service;C:\WINDOWS\System32\BtwRSupportService.exe [2015-3-27 2251992]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-30 43944]
R2 CyberLink PowerDVD 15 Media Server Monitor Service;CyberLink PowerDVD 15 Media Server Monitor Service;C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSMonitorServicePDVD15.exe [2015-12-31 77240]
R2 CyberLink PowerDVD 15 Media Server Service;CyberLink PowerDVD 15 Media Server Service;C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe [2015-12-31 323000]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-30 43944]
R2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R2 EPSON_PM_RPCV4_06;EPSON V3 Service4(06);C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [2016-3-25 152640]
R2 EpsonCustomerResearchParticipation;EpsonCustomerResearchParticipation;C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [2015-6-25 677376]
R2 EpsonScanSvc;Epson Scanner Service;C:\WINDOWS\System32\escsvc64.exe [2015-11-10 144560]
R2 Fitbit Connect;Fitbit Connect Service;C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [2015-10-28 5906088]
R2 RichVideo64;Cyberlink RichVideo64 Service(CRVS);C:\Program Files\CyberLink\Shared files\RichVideo64.exe [2014-11-20 390632]
R2 SDScannerService;Spybot-S&D 2 Scanner Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [2016-6-29 1738168]
R2 SDUpdateService;Spybot-S&D 2 Updating Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2016-6-29 2088408]
R2 SDWSCService;Spybot-S&D 2 Security Center Service;C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [2016-6-29 171928]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-30 78848]
R2 SynTPEnhService;SynTPEnh Caller Service;C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [2015-8-15 246472]
R2 tbaseprovisioning;tbaseprovisioning;C:\Windows\SysWOW64\tbaseprovisioning.exe [2015-6-23 60432]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R2 TOSHIBA eco Utility Service;TOSHIBA eco Utility Service;C:\Program Files\TOSHIBA\Teco\TecoService.exe [2014-4-11 350288]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 AmdAS4;AmdAS4 service;C:\WINDOWS\System32\drivers\AmdAS4.sys [2014-5-4 17640]
R3 AtiHDAudioService;AMD Function Driver for HD Audio Service;C:\WINDOWS\System32\drivers\AtihdWT6.sys [2015-5-28 102912]
R3 bcbtums;Bluetooth RAM Firmware Download USB Filter;C:\WINDOWS\System32\drivers\bcbtums.sys [2015-3-27 173312]
R3 BCMWL63A;BCMWL63A;C:\WINDOWS\System32\drivers\bcmwl63a.sys [2015-2-26 11669736]
R3 CLVirtualBus01;CyberLink Virtual CDROM Bus Enumerator;C:\WINDOWS\System32\drivers\CLVirtualBus01.sys [2015-12-29 103176]
R3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 EvoMouseDriverFilterHidUsb;Evoluent Mouse Driver Filter;C:\WINDOWS\System32\drivers\EvoMouseDriverFilterHidUsb.sys [2016-1-29 29936]
R3 FwLnk;FwLnk Driver;C:\WINDOWS\System32\drivers\FwLnk.sys [2015-2-26 9216]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
R3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-30 20480]
R3 RSP2STOR;Realtek PCIE CardReader Driver - P2;C:\WINDOWS\System32\drivers\RtsP2Stor.sys [2015-6-5 310528]
R3 RTL8168;Realtek 8168 NT Driver;C:\WINDOWS\System32\drivers\Rt630x64.sys [2015-2-26 839896]
R3 SmbDrv;SmbDrv;C:\WINDOWS\System32\drivers\Smb_driver_AMDASF.sys [2015-8-15 42184]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
R3 TMachInfo;TMachInfo;C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe [2015-12-8 53040]
R3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2016-4-13 694784]
S0 mfeelamk;McAfee Inc. mfeelamk;C:\WINDOWS\System32\drivers\mfeelamk.sys [2014-7-18 80920]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-30 43944]
S2 PremierOpinion;PremierOpinion;C:\Program Files (x86)\PremierOpinion\pmservice.exe /service --> C:\Program Files (x86)\PremierOpinion\pmservice.exe  [?]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-4-3 315008]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-30 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 amdkmcsp;AMD Kernel Mode CSP Service;C:\WINDOWS\System32\drivers\amdkmcsp.sys [2015-6-23 101104]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-30 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-30 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-30 9728]
S3 BthA2DP;Bluetooth Stereo;C:\WINDOWS\System32\drivers\BthA2DP.sys [2015-10-30 165376]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-30 43944]
S3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2016-4-13 245760]
S3 btwampfl;btwampfl;C:\WINDOWS\System32\drivers\btwampfl.sys [2015-3-27 188160]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-30 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-12-17 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-30 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 dg_ssudbus;SAMSUNG Mobile USB Composite Device Driver (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudbus.sys [2016-4-25 129152]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-30 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-30 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-30 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-30 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-30 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-30 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-30 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-30 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-30 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-30 117760]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-30 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-30 26624]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-30 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-30 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-30 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-30 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-30 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-30 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-30 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-30 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-30 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-30 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-30 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 ssudmdm;SAMSUNG  Mobile USB Modem Drivers (DEVGURU Ver.);C:\WINDOWS\System32\drivers\ssudmdm.sys [2016-4-25 221824]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-30 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-30 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-30 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2016-5-13 63488]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-30 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-30 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-30 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2016-6-14 258912]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-30 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2016-5-13 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-30 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-30 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-30 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-30 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-30 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-30 43944]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-30 118112]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-30 364464]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-30 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-30 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-30 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-30 43944]
S3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-30 216064]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2016-3-2 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-30 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2016-4-13 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-30 43944]
SUnknown sioitpkj;sioitpkj;

.
=============== Created Last 30 ================
.
2016-09-02 02:56:46   192216   ----a-w-   C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2016-09-02 02:56:19   65408   ----a-w-   C:\WINDOWS\System32\drivers\mwac.sys
2016-09-02 02:56:19   27008   ----a-w-   C:\WINDOWS\System32\drivers\mbam.sys
2016-09-02 02:56:19   140672   ----a-w-   C:\WINDOWS\System32\drivers\mbamchameleon.sys
2016-09-02 02:56:19   --------   d-----w-   C:\ProgramData\Malwarebytes
2016-09-02 02:56:19   --------   d-----w-   C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-08-31 00:15:53   1167568   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{06CB1C88-F318-470C-8551-99DECF5FCC36}\gapaengine.dll
2016-08-31 00:14:41   11847048   ----a-w-   C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{48E335FD-E454-4953-BC0F-6257E996FD7C}\mpengine.dll
2016-08-27 06:09:48   72529432   ----a-w-   C:\WINDOWS\System32\RCoRes64.dat
2016-08-27 06:09:44   7181616   ----a-w-   C:\WINDOWS\System32\R4EEP64A.dll
2016-08-27 06:09:44   3208440   ----a-w-   C:\WINDOWS\System32\RtPgEx64.dll
2016-08-27 06:09:44   2903800   ----a-w-   C:\WINDOWS\System32\RTSnMg64.cpl
2016-08-27 06:09:44   267560   ----a-w-   C:\WINDOWS\System32\slprp64.dll
2016-08-27 06:09:44   2119288   ----a-w-   C:\WINDOWS\System32\WavesGUILib64.dll
2016-08-27 06:09:44   2081792   ----a-w-   C:\WINDOWS\System32\RCoInstII64.dll
2016-08-27 06:09:44   2058872   ----a-w-   C:\WINDOWS\System32\MaxxAudioEQ64.dll
2016-08-27 06:09:42   7104888   ----a-w-   C:\WINDOWS\System32\DDPP64A.dll
2016-08-27 06:09:42   131016   ----a-w-   C:\WINDOWS\System32\CONEQMSAPOGUILibrary.dll
2016-08-27 06:09:42   127288   ----a-w-   C:\WINDOWS\System32\AcpiServiceVnA64.dll
2016-08-27 06:09:42   114008   ----a-w-   C:\WINDOWS\System32\audioLibVc.dll
2016-08-25 04:55:01   14792   ----a-w-   C:\Program Files (x86)\Mozilla Firefox\qipcap.dll
2016-08-22 11:20:13   --------   d-----w-   C:\Users\Zaacharia\AppData\Local\Spoon
2016-08-13 16:41:21   --------   d-----w-   C:\Users\Zaacharia\VirtualBox VMs
.
==================== Find3M  ====================
.
2016-08-31 04:58:04   65536   ----a-w-   C:\WINDOWS\System32\spu_storage.bin
2016-08-27 06:09:44   5217792   ----a-w-   C:\WINDOWS\System32\drivers\RTKVHD64.sys
2016-08-27 06:09:44   32392   ----a-w-   C:\WINDOWS\System32\RtkCoLDR64.dll
2016-08-03 11:14:47   92352   ----a-w-   C:\WINDOWS\System32\acmigration.dll
2016-08-03 11:14:47   50368   ----a-w-   C:\WINDOWS\System32\CompatTelRunner.exe
2016-08-03 11:14:47   1505984   ----a-w-   C:\WINDOWS\System32\appraiser.dll
2016-08-03 10:36:39   7469408   ----a-w-   C:\WINDOWS\System32\ntoskrnl.exe
2016-08-03 10:36:37   99680   ----a-w-   C:\WINDOWS\System32\drivers\pdc.sys
2016-08-03 10:36:30   37744   ----a-w-   C:\WINDOWS\System32\wldp.dll
2016-08-03 10:23:43   115040   ----a-w-   C:\WINDOWS\System32\NetSetupApi.dll
2016-08-03 10:23:42   693600   ----a-w-   C:\WINDOWS\System32\NetSetupEngine.dll
2016-08-03 10:22:59   58408   ----a-w-   C:\WINDOWS\System32\SensorsNativeApi.dll
2016-08-03 10:22:53   465248   ----a-w-   C:\WINDOWS\System32\drivers\storport.sys
2016-08-03 10:22:39   331616   ----a-w-   C:\WINDOWS\System32\drivers\pci.sys
2016-08-03 10:22:10   808288   ----a-w-   C:\WINDOWS\System32\WWAHost.exe
2016-08-03 10:22:08   1322760   ----a-w-   C:\WINDOWS\System32\ole32.dll
2016-08-03 10:21:07   303216   ----a-w-   C:\WINDOWS\System32\LockAppHost.exe
2016-08-03 10:21:01   566112   ----a-w-   C:\WINDOWS\System32\SettingSyncHost.exe
2016-08-03 10:20:08   1540224   ----a-w-   C:\WINDOWS\System32\sppobjs.dll
2016-08-03 10:20:04   692136   ----a-w-   C:\WINDOWS\System32\sppwinob.dll
2016-08-03 10:19:37   604928   ----a-w-   C:\WINDOWS\System32\drivers\cng.sys
2016-08-03 10:19:36   161632   ----a-w-   C:\WINDOWS\System32\drivers\ksecpkg.sys
2016-08-03 10:13:17   1988448   ----a-w-   C:\WINDOWS\System32\drivers\dxgkrnl.sys
2016-08-03 10:13:11   576864   ----a-w-   C:\WINDOWS\System32\drivers\dxgmms2.sys
2016-08-03 10:13:10   393056   ----a-w-   C:\WINDOWS\System32\drivers\dxgmms1.sys
2016-08-03 10:11:09   422744   ----a-w-   C:\WINDOWS\System32\drivers\rdbss.sys
2016-08-03 09:51:14   84480   ----a-w-   C:\WINDOWS\System32\rdpudd.dll
2016-08-03 09:51:00   123392   ----a-w-   C:\WINDOWS\System32\tdlrecover.exe
2016-08-03 09:46:24   22384128   ----a-w-   C:\WINDOWS\System32\edgehtml.dll
2016-08-03 09:44:39   63488   ----a-w-   C:\WINDOWS\System32\wshbth.dll
2016-08-03 09:44:23   44544   ----a-w-   C:\WINDOWS\System32\musdialoghandlers.dll
2016-08-03 09:44:03   189952   ----a-w-   C:\WINDOWS\System32\MusNotification.exe
2016-08-03 09:43:07   16985088   ----a-w-   C:\WINDOWS\System32\Windows.UI.Xaml.dll
2016-08-03 09:41:32   112640   ----a-w-   C:\WINDOWS\System32\drivers\bthenum.sys
2016-08-03 09:41:28   128512   ----a-w-   C:\WINDOWS\System32\drivers\bthpan.sys
2016-08-03 09:41:27   64000   ----a-w-   C:\WINDOWS\System32\Windows.StateRepositoryClient.dll
2016-08-03 09:41:25   59904   ----a-w-   C:\WINDOWS\System32\Windows.StateRepositoryBroker.dll
2016-08-03 09:40:54   58880   ----a-w-   C:\WINDOWS\System32\MusNotificationUx.exe
2016-08-03 09:40:48   47616   ----a-w-   C:\WINDOWS\System32\TpmTasks.dll
2016-08-03 09:40:38   181248   ----a-w-   C:\WINDOWS\System32\drivers\rfcomm.sys
2016-08-03 09:40:16   127488   ----a-w-   C:\WINDOWS\System32\VEDataLayerHelpers.dll
2016-08-03 09:40:09   91136   ----a-w-   C:\WINDOWS\System32\bthserv.dll
2016-08-03 09:39:55   218624   ----a-w-   C:\WINDOWS\System32\cdd.dll
2016-08-03 09:39:43   104448   ----a-w-   C:\WINDOWS\System32\BluetoothApis.dll
2016-08-03 09:38:23   379392   ----a-w-   C:\WINDOWS\System32\usocore.dll
2016-08-03 09:38:22   412160   ----a-w-   C:\WINDOWS\System32\MusUpdateHandlers.dll
2016-08-03 09:37:22   110080   ----a-w-   C:\WINDOWS\System32\IdCtrls.dll
2016-08-03 09:36:49   211456   ----a-w-   C:\WINDOWS\System32\NetSetupSvc.dll
2016-08-03 09:36:28   198144   ----a-w-   C:\WINDOWS\System32\winsrv.dll
2016-08-03 09:35:56   200192   ----a-w-   C:\WINDOWS\System32\WUDFPlatform.dll
2016-08-03 09:35:15   764928   ----a-w-   C:\WINDOWS\System32\Chakradiag.dll
2016-08-03 09:33:57   339968   ----a-w-   C:\WINDOWS\System32\SensorService.dll
2016-08-03 09:33:37   285184   ----a-w-   C:\WINDOWS\System32\VEEventDispatcher.dll
2016-08-03 09:31:59   359936   ----a-w-   C:\WINDOWS\System32\SensorsApi.dll
2016-08-03 09:31:54   247296   ----a-w-   C:\WINDOWS\System32\wevtutil.exe
2016-08-03 09:31:38   506880   ----a-w-   C:\WINDOWS\System32\tileobjserver.dll
2016-08-03 09:30:28   515072   ----a-w-   C:\WINDOWS\System32\OneDriveSettingSyncProvider.dll
2016-08-03 09:30:09   970752   ----a-w-   C:\WINDOWS\System32\kerberos.dll
2016-08-03 09:29:44   954368   ----a-w-   C:\WINDOWS\System32\drivers\bthport.sys
2016-08-03 09:29:36   2127360   ----a-w-   C:\WINDOWS\System32\inetcpl.cpl
2016-08-03 09:29:29   84992   ----a-w-   C:\WINDOWS\System32\drivers\BTHUSB.SYS
2016-08-03 09:29:15   1500160   ----a-w-   C:\WINDOWS\System32\RecoveryDrive.exe
2016-08-03 09:29:09   1387520   ----a-w-   C:\WINDOWS\System32\win32kbase.sys
2016-08-03 09:28:40   529920   ----a-w-   C:\WINDOWS\System32\LogonController.dll
2016-08-03 09:28:22   1213440   ----a-w-   C:\WINDOWS\System32\wwansvc.dll
2016-08-03 09:27:58   1717760   ----a-w-   C:\WINDOWS\System32\GdiPlus.dll
2016-08-03 09:27:45   7536640   ----a-w-   C:\WINDOWS\System32\mstscax.dll
2016-08-03 09:27:29   381952   ----a-w-   C:\WINDOWS\System32\wuuhext.dll
2016-08-03 09:18:57   6974464   ----a-w-   C:\WINDOWS\System32\Windows.Data.Pdf.dll
2016-08-03 09:18:20   1388032   ----a-w-   C:\WINDOWS\System32\lsasrv.dll
2016-08-03 09:18:16   2067968   ----a-w-   C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2016-08-03 09:17:10   2175488   ----a-w-   C:\WINDOWS\System32\AppXDeploymentServer.dll
2016-08-03 09:16:43   2635776   ----a-w-   C:\WINDOWS\System32\Windows.UI.Logon.dll
2016-08-03 09:16:30   3589120   ----a-w-   C:\WINDOWS\System32\win32kfull.sys
2016-08-03 09:16:25   5123072   ----a-w-   C:\WINDOWS\System32\dbgeng.dll
2016-08-03 09:15:20   7833088   ----a-w-   C:\WINDOWS\System32\Chakra.dll
2016-08-03 09:14:04   1997824   ----a-w-   C:\WINDOWS\System32\ActiveSyncProvider.dll
2016-08-03 09:14:02   4895232   ----a-w-   C:\WINDOWS\System32\jscript9.dll
2016-08-03 09:13:59   3025920   ----a-w-   C:\WINDOWS\System32\wininet.dll
2016-08-03 09:12:25   2746368   ----a-w-   C:\WINDOWS\System32\Windows.StateRepository.dll
2016-08-03 09:11:25   4171264   ----a-w-   C:\WINDOWS\System32\rdpcorets.dll
2016-08-03 05:52:28   34088   ----a-w-   C:\WINDOWS\SysWow64\wldp.dll
2016-08-03 05:34:16   501592   ----a-w-   C:\WINDOWS\SysWow64\NetSetupEngine.dll
2016-08-03 05:34:13   84832   ----a-w-   C:\WINDOWS\SysWow64\NetSetupApi.dll
2016-08-03 05:33:08   51128   ----a-w-   C:\WINDOWS\SysWow64\SensorsNativeApi.dll
2016-08-03 05:31:51   957608   ----a-w-   C:\WINDOWS\SysWow64\ole32.dll
2016-08-03 05:31:38   703840   ----a-w-   C:\WINDOWS\SysWow64\WWAHost.exe
2016-08-03 05:30:12   255168   ----a-w-   C:\WINDOWS\SysWow64\LockAppHost.exe
2016-08-03 05:30:07   465760   ----a-w-   C:\WINDOWS\SysWow64\SettingSyncHost.exe
2016-08-03 04:57:44   91648   ----a-w-   C:\WINDOWS\SysWow64\tdlrecover.exe
2016-08-03 04:48:25   51712   ----a-w-   C:\WINDOWS\SysWow64\wshbth.dll
2016-08-03 04:47:48   13018112   ----a-w-   C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2016-08-03 04:44:46   48128   ----a-w-   C:\WINDOWS\SysWow64\Windows.StateRepositoryBroker.dll
2016-08-03 04:44:45   48640   ----a-w-   C:\WINDOWS\SysWow64\Windows.StateRepositoryClient.dll
2016-08-03 04:42:54   80896   ----a-w-   C:\WINDOWS\SysWow64\BluetoothApis.dll
2016-08-03 04:40:45   92160   ----a-w-   C:\WINDOWS\SysWow64\IdCtrls.dll
2016-08-03 04:37:22   219136   ----a-w-   C:\WINDOWS\SysWow64\VEEventDispatcher.dll
2016-08-03 04:35:37   178688   ----a-w-   C:\WINDOWS\SysWow64\wevtutil.exe
2016-08-03 04:35:21   286208   ----a-w-   C:\WINDOWS\SysWow64\SensorsApi.dll
2016-08-03 04:34:23   400896   ----a-w-   C:\WINDOWS\SysWow64\OneDriveSettingSyncProvider.dll
.
============= FINISH: 13:32:44.72 ===============

Attach:
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Home
Boot Device: \Device\HarddiskVolume2
Install Date: 12/17/2015 7:26:37 AM
System Uptime: 8/30/2016 9:58:16 PM (64 hours ago)
.
Motherboard: TOSHIBA |  | Portable PC
Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics     | Socket FT3b | 1800/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 686 GiB total, 578.55 GiB free.
D: is CDROM (UDF)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP41: 8/11/2016 9:55:59 PM - Windows Update
RP42: 8/20/2016 12:55:09 PM - Scheduled Checkpoint
RP43: 8/27/2016 2:08:18 AM - Windows Update
RP44: 9/1/2016 2:21:01 AM - Windows Update
.
==== Installed Programs ======================
.
7-Zip 15.14 (x64)
Adobe Acrobat Reader DC
Adobe Flash Player 22 NPAPI
Adobe Refresh Manager
Amazon 1Button App
AMD Accelerated Video Transcoding
AMD Catalyst Control Center
AMD Catalyst Install Manager
AMD Start Now
BlazeHDAV 6.0
BOINC
Broadcom 802.11 Network Adapter
Catalyst Control Center - Branding
Catalyst Control Center Graphics Previews Common
Catalyst Control Center InstallProxy
Catalyst Control Center Localization All
ccc-utility64
CCC Help Chinese Standard
CCC Help Chinese Traditional
CCC Help Czech
CCC Help Danish
CCC Help Dutch
CCC Help English
CCC Help Finnish
CCC Help French
CCC Help German
CCC Help Greek
CCC Help Hungarian
CCC Help Italian
CCC Help Japanese
CCC Help Korean
CCC Help Norwegian
CCC Help Polish
CCC Help Portuguese
CCC Help Russian
CCC Help Spanish
CCC Help Swedish
CCC Help Thai
CCC Help Turkish
CyberLink LabelPrint 2.5
CyberLink PhotoDirector 6
CyberLink Power2Go 10
CyberLink Power2Go 10 Content Pack
CyberLink PowerDirector 10
CyberLink PowerDVD 15
CyberLink WaveEditor 2
Deus Ex: Human Revolution
E.Y.E: Divine Cybermancy
Epson Customer Research Participation
Epson E-Web Print
Epson Event Manager
Epson FAX Utility
Epson PC-FAX Driver
EPSON Scan
EPSON Scan OCR Component
EPSON Scan PDF Extensions
EPSON WF-2650 Series Printer Uninstall
Epson WF-2650 User’s Guide version 1.0
EpsonNet Print
EULAlyzer 2.2
Fallout 3
Fallout: New Vegas
Fitbit Connect
Google Update Helper
Half-Life 2: Update
Itibiti RTC
Malwarebytes Anti-Malware version 2.2.1.1043
Microsoft Games for Windows - LIVE Redistributable
Microsoft Silverlight
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030
Microsoft Visual C++ 2012 x64 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x64 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Additional Runtime - 11.0.61030
Microsoft Visual C++ 2012 x86 Minimum Runtime - 11.0.61030
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501
Microsoft Visual C++ 2013 x64 Additional Runtime - 12.0.21005
Microsoft Visual C++ 2013 x64 Minimum Runtime - 12.0.21005
Microsoft XNA Framework Redistributable 4.0 Refresh
Mozilla Firefox 48.0.2 (x86 en-US)
Mozilla Maintenance Service
Mozilla Thunderbird 45.3.0 (x86 en-US)
Notepad++
Olympia PBEM MapViewer
Oracle VM VirtualBox 5.0.10
Project: Snowblind
PSP Application
Realtek Card Reader
Realtek Ethernet Controller Driver
Realtek High Definition Audio Driver
S.T.A.L.K.E.R. - Shadow of Chernobyl
SiN Episodes: Emergence
Skype™ 6.18
SMI Grabber Device
Software Updater
Spybot - Search & Destroy
SpywareBlaster 5.5
Steam
Synaptics Pointing Device Driver
TOSHIBA Application Installer
TOSHIBA Audio Enhancement
TOSHIBA Battery Check Utility
TOSHIBA Display Utility
TOSHIBA eco Utility
TOSHIBA Function Key
TOSHIBA Password Utility
Toshiba Quality Application
TOSHIBA Recovery Media Creator
TOSHIBA Service Station
TOSHIBA System Driver
TOSHIBA System Settings
TOSHIBA User's Guide
TOSHIBARegistration
UFO Aftershock
Underrail
WinZip 15.5
ZUUS Music Video Player
.
==== Event Viewer Messages From Past Week ========
.
9/2/2016 4:00:36 AM, Error: Service Control Manager [7034]  - The CyberLink PowerDVD 15 Media Server Service service terminated unexpectedly.  It has done this 2 time(s).
9/2/2016 4:00:28 AM, Error: Service Control Manager [7032]  - The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_e65b6e service, but this action failed with the following error:  An instance of the service is already running.
9/2/2016 4:00:28 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_e65b6e service to connect.
9/2/2016 4:00:28 AM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the Sync Host_e65b6e service to connect.
9/2/2016 4:00:18 AM, Error: Service Control Manager [7031]  - The User Data Storage_e65b6e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
9/2/2016 4:00:18 AM, Error: Service Control Manager [7031]  - The User Data Access_e65b6e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
9/2/2016 4:00:18 AM, Error: Service Control Manager [7031]  - The Sync Host_e65b6e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
9/2/2016 4:00:18 AM, Error: Service Control Manager [7031]  - The Contact Data_e65b6e service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/31/2016 5:13:44 AM, Error: Service Control Manager [7034]  - The CyberLink PowerDVD 15 Media Server Service service terminated unexpectedly.  It has done this 1 time(s).
8/31/2016 5:13:35 AM, Error: Service Control Manager [7031]  - The User Data Storage_50191 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/31/2016 5:13:35 AM, Error: Service Control Manager [7031]  - The User Data Access_50191 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/31/2016 5:13:35 AM, Error: Service Control Manager [7031]  - The Sync Host_50191 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/31/2016 5:13:35 AM, Error: Service Control Manager [7031]  - The Contact Data_50191 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/30/2016 9:58:43 PM, Error: SNMP [1500]  - The SNMP Service encountered an error while accessing the registry key SYSTEM\CurrentControlSet\Services\SNMP\Parameters\TrapConfiguration.
8/30/2016 9:57:47 PM, Error: Service Control Manager [7031]  - The User Data Storage_395fb service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/30/2016 9:57:47 PM, Error: Service Control Manager [7031]  - The User Data Access_395fb service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/30/2016 9:57:47 PM, Error: Service Control Manager [7031]  - The Sync Host_395fb service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/30/2016 9:57:47 PM, Error: Service Control Manager [7031]  - The Contact Data_395fb service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
8/30/2016 5:08:56 PM, Error: Service Control Manager [7009]  - A timeout was reached (30000 milliseconds) while waiting for the SDScannerService service to connect.
8/30/2016 5:08:56 PM, Error: Service Control Manager [7000]  - The SDScannerService service failed to start due to the following error:  The service did not respond to the start or control request in a timely fashion.
8/29/2016 4:23:00 PM, Error: Service Control Manager [7034]  - The CyberLink PowerDVD 15 Media Server Service service terminated unexpectedly.  It has done this 4 time(s).
8/29/2016 4:15:34 PM, Error: Service Control Manager [7034]  - The CyberLink PowerDVD 15 Media Server Service service terminated unexpectedly.  It has done this 3 time(s).
8/27/2016 1:48:41 AM, Error: Service Control Manager [7034]  - The CyberLink PowerDVD 15 Media Server Service service terminated unexpectedly.  It has done this 12 time(s).
8/26/2016 3:00:47 AM, Error: Service Control Manager [7034]  - The CyberLink PowerDVD 15 Media Server Service service terminated unexpectedly.  It has done this 11 time(s).
.
==== End Of File ===========================
« Last Edit: September 02, 2016, 03:05:14 PM by Hoov »



Offline Hoov

  • Malware Removal Mentors
  • Administrator
  • Diamond Member
  • Posts: 27117
  • Unwilling part owner of Gov't. Motors and Chrysler
    • Hoov's Personal Site
Re: [In Progress] Unable to keep Windows Defender running
« Reply #1 on: September 02, 2016, 03:05:49 PM »
Platypuss will be helping you with your problem, please wait for his first post.

Former Consumer Security MVP
2011-2014

If I am helping you and you don't hear from me for 24Hrs, send me a PM Please!

Offline Grumpy Old Man

  • Bronze Member
  • Posts: 18
Re: [In Progress] Unable to keep Windows Defender running
« Reply #2 on: September 02, 2016, 03:33:16 PM »
Thanks for the quick reply - I am heading out to COSTCO - back in a couple hours.

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] Unable to keep Windows Defender running
« Reply #3 on: September 03, 2016, 05:20:40 AM »

Hello Grumpy Old Man,

Just to let you know that I am looking through your Log & will have some advice for you soon.

Platypuss

Offline Grumpy Old Man

  • Bronze Member
  • Posts: 18
Re: [In Progress] Unable to keep Windows Defender running
« Reply #4 on: September 04, 2016, 03:04:16 AM »
Thanks - I am starting to think that there might not be anything wrong - just my not understanding how things are supposed to work -- except, Defender getting shut down implies something serious.

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] Unable to keep Windows Defender running
« Reply #5 on: September 04, 2016, 09:26:20 AM »
  Hello Grumpy Old Man,

Apologies delay, my post did not lock in.


  I am Platypuss, I will be helping you with your problem.
   
Before we begin, please follow my simple rules:-
  • If you do not understand any instructions, Stop & Ask do not risk creating
          further problems.
  • Please do not run any tools unless instructed to do so because it may well
          cause unforseen damage to your machine.
  • It may help you to print out my instructions, so that mistakes are not made.
  • I am a trainee here but my instructions are checked by my mentor, there may be some delay but you will get a high quality of service.
  • Malware removal is frequently complex, it takes time to analyse logs, please be patient.   
  • I will advise you as soon as your computer is clean, until then it may still be infected !
>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>>

Change Downloads  to Desktop

 http://www.thewindowsclub.com/change-download-location-ie-chrome
This will simplify the use of tools that we will be using.

How to change your download location to Desktop HERE


Google Chrome -
  • Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.
  • Choose Settings. at the bottom of the screen click the "Show advanced settings..." link.
  • Scroll down to find the Downloads section and click the Change... button.
  • Select your desktop and click OK.
Mozilla Firefox -
  • Click the "Open Menu" button in the upper right-corner of the browser.
  • Choose Options. In the downloads section, click the Browse button,
  • click on the Desktop folder and the click the "Select Folder" button.
  • Click OK to get out of the Options menu.
Internet Explorer -
  • Click the Tools menu in the upper right-corner of the browser. Select View downloads.
  • Select the Options link in the lower left of the window. Click Browse and select the Desktop.
  • Then choose the Select Folder button. Click OK to get out of the download options screen .
  • Now click Close to get out of the View Downloads screen.

Change default download folder location in Edge -Boot to a user account with admin status, select start > file explorer > right click on "Downloads" folder and select "Properties"

In the new window select "Location" tab > clear the text field box and type in or copy/paste %userprofile%\Desktop > select "Apply" then "OK"

Be aware you are not changing the Browser download folder location, you are changing the user’s download directory location.....
>>>>>>>>>>>>>>>>>


NEXT
Please open your copy of Malwarebytes Anti-Malware.(MBAM) with following settings:-
  • If updates are necessary click the Fix Now button

  • On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits".

  • Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware

  • Click on the Scan tab, then click on Scan Now .
  • With some infections, you may or may not see this message box.
'Could not load DDA driver'
  • Click 'Yes' to this message, to allow the driver to load after a restart.
  • Allow the computer to restart. Continue with the rest of these instructions.
  • When the scan is complete, click Apply Actions.
  • Wait for the prompt to restart the computer to appear, then click on Yes.

  • After the restart once you are back at your desktop, open MBAM once more.
To get the log from Malwarebytes do the following:

  • Click on the History tab > Application Logs.

  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click Export  > From export you have three options:
[1] Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply
[2] Text file (*.txt)        - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply
[3]  XML file (*.xml)      - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply


• Recommend you use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply…
>>>>>>>>>>>>


  Download & run Farbar Recovery Scan Tool (FRST) & save to your Desktop.
 

Note: you need to run the version compatible with your system (32 bit or 64 bit). If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

If your security alerts to FRST either accept the alert or disable your security and allow FRST to run...

(Windows 8/10 users will be prompted about Windows SmartScreen protection - click More information and Run.)
 
  • Double-click to run it. When the tool opens click Yes to disclaimer.
       
  • Press Scan button.
       
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
       
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.
If you lose sight of them, they will be saved in the same location as FRST64.exe.

I need MBAM,FRST.txt & Addition.txt logs please.

platypuss

« Last Edit: September 04, 2016, 09:32:41 AM by PLATYPUSS »

Offline Grumpy Old Man

  • Bronze Member
  • Posts: 18
Re: [In Progress] Unable to keep Windows Defender running
« Reply #6 on: September 05, 2016, 12:55:37 PM »
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/5/2016
Scan Time: 2:21 AM
Logfile:
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.05.02
Rootkit Database: v2016.08.15.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Zaacharia

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 341428
Time Elapsed: 43 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Zaacharia (administrator) on GGSREST (05-09-2016 11:32:30)
Running from C:\Users\Zaacharia\Downloads
Loaded Profiles: Zaacharia (Available Profiles: Zaacharia)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
() C:\Program Files\ATI Technologies\ATI.ACE\a4\AdaptiveSleepService.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Windows\System32\TCPSVCS.EXE
(Microsoft Corporation) C:\Windows\System32\snmp.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSMonitorServicePDVD15.exe
(SEIKO EPSON CORPORATION) C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinctray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boincmgr.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
(SEIKO EPSON CORPORATION) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Space Sciences Laboratory) C:\Program Files\BOINC\boinc.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\ProgramData\BOINC\projects\climateprediction.net\wah2_8.12_windows_intelx86.exe
() C:\ProgramData\BOINC\projects\universeathome.pl_universe\BHspin2_1_windows_x86_64.exe
(CyberLink) C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
() C:\ProgramData\BOINC\projects\climateprediction.net\wah2am3m2_um_8.12_windows_intelx86.exe
() C:\ProgramData\BOINC\projects\climateprediction.net\wah2rm3m2t_um_8.12_windows_intelx86.exe
(Farbar) C:\Users\Zaacharia\Downloads\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16690424 2016-08-26] (Realtek Semiconductor)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-04-17] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-08-15] (Synaptics Incorporated)
HKLM\...\Run: [boinctray] => C:\Program Files\BOINC\boinctray.exe [69416 2015-12-17] (Space Sciences Laboratory)
HKLM\...\Run: [boincmgr] => C:\Program Files\BOINC\boincmgr.exe [8746792 2015-12-17] (Space Sciences Laboratory)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [FUFAXRCV] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXRCV.exe [650784 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [FUFAXSTM] => C:\Program Files (x86)\Epson Software\FAX Utility\FUFAXSTM.exe [863776 2015-12-22] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [CLMLServer_For_P2G10] => C:\Program Files (x86)\CyberLink\Power2Go10\CLMLSvc_P2G10.exe [110008 2015-10-26] (CyberLink)
HKLM-x32\...\Run: [PowerDVD15Agent] => C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe [949960 2016-04-01] (CyberLink Corp.)
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1087184 2016-01-20] (SEIKO EPSON CORPORATION)
HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\Run: [BlazeServoTool] => C:\Program Files (x86)\BlazeVideo\BlazeHDAV 6.0\MediaDetector.exe [286720 2011-11-11] (BlazeVideo Company)
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [2857248 2016-08-23] (Valve Corporation)
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\Run: [Power2GoExpress10] => C:\Program Files (x86)\CyberLink\Power2Go10\Power2GoExpress10.exe [3063224 2015-10-26] (CyberLink Corp.)
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\Run: [Chromium] => "c:\users\zaacharia\appdata\local\chromium\application\chrome.exe" --auto-launch-at-startup --profile-directory="Default" --restore-last-session --restore-last-session
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATIMBE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4567720 2015-10-28] (Fitbit, Inc.)
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
AppInit_DLLs: C:\PROGRA~2\Amazon\AMAZON~1\AMAZON~2.DLL => C:\Program Files (x86)\Amazon\Amazon1ButtonApp\AmazonExtIE64.dll [119616 2014-05-23] (Amazon Inc.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{7932e7a1-016b-46fd-ae53-be925d34bdf0}: [DhcpNameServer] 192.168.0.1 205.171.2.25

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-616708a0
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.bing.com/search?FORM=INCOH1&PC=IC05&PTAG=ICO-616708a0
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=131170930603270583&GUID=70BD6B91-5E44-45BA-B1F2-1F774618D950
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://g.msn.com/1ewenusDefaultPack/SL5M_FRPage
SearchScopes: HKLM -> DefaultScope {0162FF6C-4B9C-4876-A400-CD510E6A97A8} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-616708a0&q={searchTerms}
SearchScopes: HKLM -> {0162FF6C-4B9C-4876-A400-CD510E6A97A8} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-616708a0&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3849050912-3804681739-765561596-1001 -> DefaultScope {0162FF6C-4B9C-4876-A400-CD510E6A97A8} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-616708a0&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3849050912-3804681739-765561596-1001 -> {0162FF6C-4B9C-4876-A400-CD510E6A97A8} URL = hxxp://www.bing.com/search?FORM=INCOH2&PC=IC05&PTAG=ICO-616708a0&q={searchTerms}
SearchScopes: HKU\S-1-5-21-3849050912-3804681739-765561596-1001 -> {2f23ab71-4ac6-41f2-a955-ea576e553146} URL =
BHO-x32: E-Web Print -> {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} -> C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
Toolbar: HKLM-x32 - E-Web Print - {201CF130-E29C-4E5C-A73F-CD197DEFA6AE} - C:\Program Files (x86)\Epson Software\E-Web Print\ewps_tb.dll [2014-11-27] (SEIKO EPSON CORPORATION)
IE Session Restore: HKU\S-1-5-21-3849050912-3804681739-765561596-1001 -> is enabled.
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default
FF NewTab: /www.google.com/
FF DefaultSearchEngine: Yahoo®
FF DefaultSearchEngine.US: DuckDuckGo
FF SearchEngineOrder.3: Bing
FF SelectedSearchEngine: Yahoo®
FF Homepage: about:home
FF Session Restore: -> is enabled.
FF Keyword.URL: hxxp://www.bing.com/search?FORM=SL5IDF&PC=SL5I&q=
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_209.dll [2016-08-18] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_209.dll [2016-08-18] ()
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-05] ( Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-06-30] (Adobe Systems Inc.)
FF Extension: (IE Tab 2 (FF 3.6+)) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\extensions\{1BC9BA34-1EED-42ca-A505-6D2F1A935BBB} [2016-02-27]
FF Extension: (LastPass) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\extensions\support@lastpass.com [2016-03-09]
FF Extension: (Adblock Plus Pop-up Addon) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\extensions\adblockpopups@jessehakanen.net.xpi [2016-04-29]
FF Extension: (Google Privacy) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\extensions\{ea61041c-1e22-4400-99a0-aea461e69d04}.xpi [2016-04-29]
FF Extension: (Toggle Private Browsing) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\extensions\toggleprivatebrowsing@supernova00.biz.xpi [2016-04-29]
FF Extension: (Switch Private Browsing) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\extensions\manolo.estevez@gmail.com.xpi [2016-04-29]
FF Extension: (IMDB  Search) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\extensions\{c4080853-c699-4120-b8e0-618bff8a4474}.xpi [2016-04-29]
FF Extension: (Tab Mix Plus) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\extensions\{dc572301-7619-498c-a57d-39143191b318}.xpi [2016-06-05]
FF Extension: (FoxReplace) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\extensions\fox@replace.fx.xpi [2016-06-15]
FF Extension: (NoScript) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2016-08-11]
FF Extension: (killfile) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\Extensions\dtm-killlfile@martin.snowplow.org.xpi [2016-05-11]
FF Extension: (IMDb Plus) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\Extensions\imdbplus@eros.man.xpi [2016-06-17]
FF Extension: (Private Browsing Proxy) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\Extensions\jid0-YKD0pDHAi6iJdBHruo8SEIJuFv8@jetpack.xpi [2015-11-09]
FF Extension: (Open in Private Browsing Mode) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\Extensions\jid1-0FHdJAAQ7Nb73Q@jetpack.xpi [2016-04-27]
FF Extension: (DuckDuckGo Plus) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\Extensions\jid1-ZAdIEUB7XOzOJw@jetpack.xpi [2016-09-01]
FF Extension: (Search by Image for Google) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\Extensions\{ab4b5718-3998-4a2c-91ae-18a7c2db513e}.xpi [2016-04-27]
FF Extension: (Easy Youtube Video Downloader Express) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\Extensions\{b9acf540-acba-11e1-8ccb-001fd0e08bd4}.xpi [2016-09-04]
FF Extension: (Adblock Plus) - C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28]
FF HKLM-x32\...\Firefox\Extensions: [e-webprint@epson.com] - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on
FF Extension: (E-Web Print) - C:\Program Files (x86)\Epson Software\E-Web Print\Firefox Add-on [2016-04-30] [not signed]

Chrome:
=======
CHR Profile: C:\Users\Zaacharia\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Zaacharia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-06-01]
CHR Extension: (Google Docs) - C:\Users\Zaacharia\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-06-01]
CHR Extension: (Google Drive) - C:\Users\Zaacharia\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-06-01]
CHR Extension: (YouTube) - C:\Users\Zaacharia\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-06-01]
CHR Extension: (Google Sheets) - C:\Users\Zaacharia\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-06-01]
CHR Extension: (Google Docs Offline) - C:\Users\Zaacharia\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-01]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Zaacharia\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-01]
CHR Extension: (Gmail) - C:\Users\Zaacharia\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-06-01]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AdaptiveSleepService; C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe [140288 2014-04-22] () [File not signed]
R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2251992 2015-03-27] (Broadcom Corporation.)
R2 CyberLink PowerDVD 15 Media Server Monitor Service; C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSMonitorServicePDVD15.exe [77240 2016-04-01] (CyberLink)
R2 CyberLink PowerDVD 15 Media Server Service; C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe [323000 2016-04-01] (CyberLink)
R2 EpsonCustomerResearchParticipation; C:\Program Files\EPSON\EpsonCustomerResearchParticipation\EPCP.exe [677376 2016-06-11] (SEIKO EPSON CORPORATION)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 EPSON_PM_RPCV4_06; C:\Program Files\Common Files\EPSON\EPW!3 SSRP\E_S60RPB.EXE [152640 2013-04-15] (SEIKO EPSON CORPORATION)
R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5906088 2015-10-28] (Fitbit, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SNMP; C:\Windows\System32\snmp.exe [51712 2016-05-30] (Microsoft Corporation)
R2 SNMP; C:\WINDOWS\SysWOW64\snmp.exe [46080 2016-05-30] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-15] (Synaptics Incorporated)
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [60432 2015-06-23] (Advanced Micro Devices, Inc.)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-06-30] (Microsoft Corporation)
S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AmdAS4; C:\Windows\System32\drivers\AmdAS4.sys [17640 2013-10-23] (Advanced Micro Devices, INC.)
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101104 2015-06-23] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [36608 2013-12-13] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [277240 2015-06-23] (Advanced Micro Devices, Inc. )
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [173312 2015-03-27] (Broadcom Corporation.)
S3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [11669736 2016-07-27] (Broadcom Corp)
R3 BCMWL63A; C:\Windows\system32\DRIVERS\bcmwl63a.sys [11669736 2016-07-27] (Broadcom Corp)
R3 CLVirtualBus01; C:\Windows\System32\drivers\CLVirtualBus01.sys [103176 2014-11-05] (CyberLink)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 EvoMouseDriverFilterHidUsb; C:\Windows\System32\drivers\EvoMouseDriverFilterHidUsb.sys [29936 2016-01-29] (Evoluent)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [80920 2015-07-02] (McAfee, Inc.)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 SmbDrv; C:\Windows\system32\DRIVERS\Smb_driver_AMDASF.sys [42184 2015-08-15] (Synaptics Incorporated)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [221824 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
R1 VBoxNetAdp; C:\Windows\system32\DRIVERS\VBoxNetAdp6.sys [117768 2015-11-10] (Oracle Corporation)
R1 VBoxNetLwf; C:\Windows\system32\DRIVERS\VBoxNetLwf.sys [194976 2015-11-10] (Oracle Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R2 {687703DE-DC6D-4649-892B-B8497854A6AB}; C:\Program Files (x86)\CyberLink\PowerDVD15\Common\NavFilter\000.fcl [29896 2016-04-01] (CyberLink Corp.)
S3 VBoxNetFlt; \SystemRoot\system32\DRIVERS\VBoxNetFlt.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 11:32 - 2016-09-05 11:33 - 00022085 _____ C:\Users\Zaacharia\Downloads\FRST.txt
2016-09-05 11:31 - 2016-09-05 11:32 - 00000000 ____D C:\FRST
2016-09-05 11:30 - 2016-09-05 11:30 - 02397696 _____ (Farbar) C:\Users\Zaacharia\Downloads\FRST64.exe
2016-09-05 11:30 - 2016-09-05 11:30 - 02397696 _____ (Farbar) C:\Users\Zaacharia\Downloads\FRST64(1).exe
2016-09-02 13:32 - 2016-09-02 13:32 - 00035385 _____ C:\Users\Zaacharia\Desktop\dds.txt
2016-09-02 13:32 - 2016-09-02 13:32 - 00009733 _____ C:\Users\Zaacharia\Desktop\attach.txt
2016-09-02 13:30 - 2016-09-02 13:30 - 00688992 ____R (Swearware) C:\Users\Zaacharia\Downloads\dds.com
2016-09-01 19:56 - 2016-09-05 02:19 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-01 19:56 - 2016-09-01 19:56 - 00001142 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-09-01 19:56 - 2016-09-01 19:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-09-01 19:56 - 2016-09-01 19:56 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-09-01 19:56 - 2016-09-01 19:56 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-09-01 19:56 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-09-01 19:56 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-09-01 19:56 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-09-01 19:34 - 2016-09-01 19:53 - 22851472 _____ (Malwarebytes ) C:\Users\Zaacharia\Downloads\mbam-setup-2.2.1.1043.exe
2016-08-31 18:36 - 2016-09-01 15:55 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-08-30 22:50 - 2016-08-30 22:50 - 00016384 ___SH C:\Users\Zaacharia\Downloads\Thumbs.db
2016-08-30 22:03 - 2016-08-21 02:40 - 00453264 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160830-220328.backup
2016-08-26 23:12 - 2016-08-26 23:12 - 05651240 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 03320664 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 03319968 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 02739248 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 02231696 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01991776 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01804936 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01613720 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01530872 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01403096 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01381120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01358064 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaeapo64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01354800 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01233072 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01185184 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01059680 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 01017432 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00982248 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00979280 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tosasfapo64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00940640 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00889888 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00759200 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00742536 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00723232 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00704688 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00693024 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00692512 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00632352 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00615160 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\tossaemaxapo64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00588632 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00545816 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00527824 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00517464 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00513712 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00460440 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00459832 _____ (Toshiba Client Solutions Co., Ltd.) C:\WINDOWS\system32\toseaeapo64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00458016 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00453848 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00440736 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00399456 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00355496 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00342272 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00339128 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00333288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00333280 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00283920 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00264968 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00264896 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00263944 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00242768 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00232704 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00225496 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00220136 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00203440 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00176480 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00168936 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00161952 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00144184 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00128504 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00120720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00100544 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00097976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00097912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00094168 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00093144 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2016-08-26 23:12 - 2016-08-26 23:12 - 00085096 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 72529432 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2016-08-26 23:09 - 2016-08-26 23:09 - 07181616 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 07104888 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 03208440 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 02903800 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-08-26 23:09 - 2016-08-26 23:09 - 02119288 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 02081792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 02058872 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 00267560 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 00131016 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 00127288 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2016-08-26 23:09 - 2016-08-26 23:09 - 00114008 _____ C:\WINDOWS\system32\audioLibVc.dll
2016-08-24 21:54 - 2016-08-27 23:46 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-08-23 06:04 - 2016-08-23 06:04 - 00000665 _____ C:\Users\Zaacharia\Downloads\Top35Yrs.txt
2016-08-23 05:01 - 2016-08-23 05:01 - 00185326 _____ C:\Users\Zaacharia\Downloads\Your_Social_Security_Statement.pdf
2016-08-22 04:20 - 2016-08-22 04:20 - 00000000 ____D C:\Users\Zaacharia\AppData\Local\Spoon
2016-08-21 02:40 - 2016-08-11 18:46 - 00453264 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160821-024007.backup
2016-08-13 09:41 - 2016-08-13 09:41 - 00000000 ____D C:\Users\Zaacharia\VirtualBox VMs
2016-08-11 18:46 - 2016-08-03 21:23 - 00453216 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20160811-184632.backup
2016-08-11 18:23 - 2016-08-11 18:24 - 01154468 _____ C:\Users\Zaacharia\Downloads\RTVDepositStatementsAPI(1).pdf
2016-08-11 17:55 - 2016-08-11 17:55 - 01554331 _____ C:\Users\Zaacharia\Downloads\RTVDepositStatementsAPI-5.pdf
2016-08-11 17:52 - 2016-08-11 17:52 - 01342414 _____ C:\Users\Zaacharia\Downloads\RTVDepositStatementsAPI-4.pdf
2016-08-11 17:51 - 2016-08-11 17:51 - 01554331 _____ C:\Users\Zaacharia\Downloads\RTVDepositStatementsAPI.pdf
2016-08-11 17:51 - 2016-08-11 17:51 - 01554327 _____ C:\Users\Zaacharia\Downloads\RTVDepositStatementsAPI-2.pdf
2016-08-11 17:51 - 2016-08-11 17:51 - 01485719 _____ C:\Users\Zaacharia\Downloads\RTVDepositStatementsAPI-3.pdf
2016-08-11 17:45 - 2016-08-03 04:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-11 17:45 - 2016-08-03 04:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-11 17:45 - 2016-08-03 04:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-11 17:45 - 2016-08-03 03:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-11 17:45 - 2016-08-03 03:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-11 17:45 - 2016-08-03 03:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-11 17:45 - 2016-08-03 03:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-11 17:45 - 2016-08-03 03:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-11 17:45 - 2016-08-03 03:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-11 17:45 - 2016-08-03 03:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-11 17:45 - 2016-08-03 03:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-11 17:45 - 2016-08-03 03:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-11 17:45 - 2016-08-03 03:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-11 17:45 - 2016-08-03 03:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-11 17:45 - 2016-08-03 03:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-11 17:45 - 2016-08-03 03:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-11 17:45 - 2016-08-03 03:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-11 17:45 - 2016-08-03 03:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-11 17:45 - 2016-08-03 03:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-11 17:45 - 2016-08-03 03:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-11 17:45 - 2016-08-03 03:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-11 17:45 - 2016-08-03 03:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-11 17:45 - 2016-08-03 03:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-11 17:45 - 2016-08-03 03:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-11 17:45 - 2016-08-03 03:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-11 17:45 - 2016-08-03 03:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-11 17:45 - 2016-08-03 02:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-11 17:45 - 2016-08-03 02:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-11 17:45 - 2016-08-03 02:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-11 17:45 - 2016-08-03 02:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-11 17:45 - 2016-08-03 02:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-11 17:45 - 2016-08-03 02:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-11 17:45 - 2016-08-03 02:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-11 17:45 - 2016-08-03 02:41 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthpan.sys
2016-08-11 17:45 - 2016-08-03 02:41 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-08-11 17:45 - 2016-08-03 02:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-11 17:45 - 2016-08-03 02:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-11 17:45 - 2016-08-03 02:40 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-08-11 17:45 - 2016-08-03 02:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-11 17:45 - 2016-08-03 02:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-11 17:45 - 2016-08-03 02:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-11 17:45 - 2016-08-03 02:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-11 17:45 - 2016-08-03 02:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-11 17:45 - 2016-08-03 02:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-11 17:45 - 2016-08-03 02:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-11 17:45 - 2016-08-03 02:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-11 17:45 - 2016-08-03 02:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-11 17:45 - 2016-08-03 02:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-11 17:45 - 2016-08-03 02:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-11 17:45 - 2016-08-03 02:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-11 17:45 - 2016-08-03 02:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-11 17:45 - 2016-08-03 02:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-11 17:45 - 2016-08-03 02:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-11 17:45 - 2016-08-03 02:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-11 17:45 - 2016-08-03 02:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-11 17:45 - 2016-08-03 02:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-11 17:45 - 2016-08-03 02:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-11 17:45 - 2016-08-03 02:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-11 17:45 - 2016-08-03 02:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-11 17:45 - 2016-08-03 02:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-11 17:45 - 2016-08-03 02:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-11 17:45 - 2016-08-03 02:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-11 17:45 - 2016-08-03 02:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-11 17:45 - 2016-08-03 02:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-11 17:45 - 2016-08-03 02:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-11 17:45 - 2016-08-03 02:29 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-08-11 17:45 - 2016-08-03 02:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-11 17:45 - 2016-08-03 02:29 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-08-11 17:45 - 2016-08-03 02:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-11 17:45 - 2016-08-03 02:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-11 17:45 - 2016-08-03 02:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-11 17:45 - 2016-08-03 02:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-11 17:45 - 2016-08-03 02:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-11 17:45 - 2016-08-03 02:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-11 17:45 - 2016-08-03 02:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-11 17:45 - 2016-08-03 02:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-11 17:45 - 2016-08-03 02:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-11 17:45 - 2016-08-03 02:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-11 17:45 - 2016-08-03 02:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-11 17:45 - 2016-08-03 02:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-11 17:45 - 2016-08-03 02:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-11 17:45 - 2016-08-03 02:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-11 17:45 - 2016-08-03 02:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-11 17:45 - 2016-08-03 02:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-11 17:45 - 2016-08-03 02:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-11 17:45 - 2016-08-03 02:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-11 17:45 - 2016-08-03 02:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-11 17:45 - 2016-08-03 02:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-11 17:45 - 2016-08-03 02:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-11 17:45 - 2016-08-03 02:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-11 17:45 - 2016-08-03 02:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-11 17:45 - 2016-08-02 22:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-11 17:45 - 2016-08-02 22:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-11 17:45 - 2016-08-02 22:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-11 17:45 - 2016-08-02 22:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-11 17:45 - 2016-08-02 22:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-11 17:45 - 2016-08-02 22:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-11 17:45 - 2016-08-02 22:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-11 17:45 - 2016-08-02 22:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-11 17:45 - 2016-08-02 22:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-11 17:45 - 2016-08-02 22:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-11 17:45 - 2016-08-02 21:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-11 17:45 - 2016-08-02 21:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-11 17:45 - 2016-08-02 21:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-11 17:45 - 2016-08-02 21:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-11 17:45 - 2016-08-02 21:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-11 17:45 - 2016-08-02 21:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-11 17:45 - 2016-08-02 21:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-11 17:45 - 2016-08-02 21:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-11 17:45 - 2016-08-02 21:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-11 17:45 - 2016-08-02 21:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-11 17:45 - 2016-08-02 21:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-11 17:45 - 2016-08-02 21:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-11 17:45 - 2016-08-02 21:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-11 17:45 - 2016-08-02 21:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-11 17:45 - 2016-08-02 21:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-11 17:45 - 2016-08-02 21:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-11 17:45 - 2016-08-02 21:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-11 17:45 - 2016-08-02 21:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-11 17:45 - 2016-08-02 21:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-11 17:45 - 2016-08-02 21:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-11 17:45 - 2016-08-02 21:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-11 17:45 - 2016-08-02 21:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-11 17:45 - 2016-08-02 21:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-11 17:45 - 2016-08-02 21:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-11 17:45 - 2016-08-02 21:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-11 17:45 - 2016-08-02 21:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-11 17:45 - 2016-08-02 21:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-11 17:45 - 2016-08-02 21:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-11 17:45 - 2016-08-02 21:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-11 17:45 - 2016-08-02 21:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-11 17:45 - 2016-08-02 21:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-11 17:45 - 2016-08-02 21:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-11 17:45 - 2016-08-02 21:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-05 11:31 - 2015-08-15 17:40 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{ACC3A2DE-0D2E-4FED-AAFE-6F75B66ECA32}
2016-09-05 11:23 - 2015-08-23 20:17 - 00000000 ____D C:\ProgramData\BOINC
2016-09-05 02:07 - 2015-08-16 18:25 - 00000000 ____D C:\Users\Zaacharia\AppData\LocalLow\LastPass
2016-09-04 22:08 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-04 22:04 - 2015-10-25 22:32 - 00000000 ____D C:\Program Files (x86)\Steam
2016-09-04 20:17 - 2015-08-18 21:02 - 00000000 ____D C:\Users\Zaacharia\Desktop\Olympia-G4
2016-09-03 19:45 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-02 23:39 - 2015-12-31 18:56 - 02822656 ___SH C:\Users\Zaacharia\Desktop\Thumbs.db
2016-09-01 21:07 - 2016-05-26 23:10 - 00000000 ____D C:\Users\Zaacharia\AppData\Local\lcca
2016-09-01 19:55 - 2014-11-20 03:28 - 00000000 ____D C:\ProgramData\Temp
2016-09-01 17:41 - 2015-11-10 15:54 - 00000000 ____D C:\ProgramData\EPSON
2016-09-01 17:40 - 2015-11-10 16:00 - 00000000 ____D C:\Users\Zaacharia\AppData\Roaming\Epson
2016-09-01 17:35 - 2016-06-29 23:04 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2016-09-01 17:34 - 2015-11-18 07:56 - 00000000 ____D C:\Users\Zaacharia\Desktop\images
2016-09-01 15:55 - 2015-08-15 22:24 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-09-01 02:22 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-09-01 02:21 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-31 19:13 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-08-31 19:13 - 2015-08-15 21:41 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-30 21:58 - 2015-12-17 08:17 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-30 21:58 - 2015-12-17 07:52 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-08-30 21:58 - 2015-10-29 23:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-08-30 21:57 - 2016-05-29 00:04 - 00000000 ____D C:\Users\Zaacharia\AppData\Local\{CAD1FC8D-EE79-9035-83E1-B5DDA7894945}
2016-08-30 21:57 - 2015-12-17 07:57 - 00000000 ____D C:\Users\Zaacharia
2016-08-30 21:57 - 2015-02-26 20:49 - 02166824 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2016-08-27 23:46 - 2015-12-17 07:52 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-08-26 23:12 - 2015-06-24 22:59 - 03126240 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2016-08-26 23:09 - 2015-06-24 22:57 - 05217792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-08-26 23:09 - 2015-06-24 22:57 - 00032392 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-08-18 15:03 - 2015-09-21 00:36 - 00000000 ____D C:\Users\Zaacharia\AppData\Local\Adobe
2016-08-14 16:15 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-13 16:28 - 2015-09-09 21:41 - 00000000 ____D C:\Users\Zaacharia\.VirtualBox
2016-08-12 23:35 - 2015-12-17 07:46 - 00000000 ___DC C:\WINDOWS\Panther
2016-08-12 13:19 - 2015-08-15 17:07 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-12 04:32 - 2015-10-30 02:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-12 04:32 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-11 22:06 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-11 22:06 - 2015-08-16 00:27 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-11 22:01 - 2015-08-16 00:27 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-11 18:43 - 2014-11-20 03:06 - 00000000 ____D C:\Program Files\TOSHIBA

==================== Files in the root of some directories =======

2016-03-19 19:52 - 2016-05-30 00:08 - 0000224 _____ () C:\Users\Zaacharia\AppData\Roaming\WB.CFG
2015-10-14 19:46 - 2015-10-14 19:46 - 0000017 _____ () C:\Users\Zaacharia\AppData\Local\resmon.resmoncfg
2015-12-17 07:53 - 2015-12-17 07:53 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-11-20 03:28 - 2014-11-20 03:28 - 0000123 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.64.bc

Some files in TEMP:
====================
C:\Users\Zaacharia\AppData\Local\Temp\BingSvc.exe
C:\Users\Zaacharia\AppData\Local\Temp\BSvcProcessor.exe
C:\Users\Zaacharia\AppData\Local\Temp\BSvcUpdater.exe
C:\Users\Zaacharia\AppData\Local\Temp\COMAP.EXE
C:\Users\Zaacharia\AppData\Local\Temp\DefaultPack.EXE
C:\Users\Zaacharia\AppData\Local\Temp\Fitbit-Connect.exe
C:\Users\Zaacharia\AppData\Local\Temp\npp.6.8.8.Installer.exe
C:\Users\Zaacharia\AppData\Local\Temp\npp.6.9.1.Installer.exe
C:\Users\Zaacharia\AppData\Local\Temp\npp.6.9.2.Installer.exe
C:\Users\Zaacharia\AppData\Local\Temp\npp.6.9.Installer.exe
C:\Users\Zaacharia\AppData\Local\Temp\xmlUpdater.exe
C:\Users\Zaacharia\AppData\Local\Temp\_isB7F3.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-08-31 13:44

==================== End of FRST.txt ============================

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] Unable to keep Windows Defender running
« Reply #7 on: September 05, 2016, 02:16:44 PM »

Hello Grumpy Old Man ,

Thank you for the MBAM log.
Quote
The first time the tool is run, it makes also another log (Addition.txt)
You gave me a DDS log.Could I have the Addition.txt log which should be on your Desktop.?
Please copy/paste it into your reply here.
Thank you,
platypuss

Offline Grumpy Old Man

  • Bronze Member
  • Posts: 18
Re: [In Progress] Unable to keep Windows Defender running
« Reply #8 on: September 05, 2016, 04:58:27 PM »
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Zaacharia (05-09-2016 11:33:49)
Running from C:\Users\Zaacharia\Downloads
Windows 10 Home Version 1511 (X64) (2015-12-17 15:26:37)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3849050912-3804681739-765561596-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3849050912-3804681739-765561596-503 - Limited - Disabled)
Guest (S-1-5-21-3849050912-3804681739-765561596-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-3849050912-3804681739-765561596-1003 - Limited - Enabled)
Zaacharia (S-1-5-21-3849050912-3804681739-765561596-1001 - Administrator - Enabled) => C:\Users\Zaacharia

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.017.20053 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.209 - Adobe Systems Incorporated)
Amazon 1Button App (HKLM-x32\...\{4D875057-4353-4B8F-93E5-8C3DC7F34EA9}) (Version: 1.0.8 - Amazon) <==== ATTENTION
AMD Catalyst Install Manager (HKLM\...\{99213849-249E-7726-EBA7-ADFCA48E2246}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
BlazeHDAV 6.0 (HKLM-x32\...\BlazeHDAV 6.0_is1) (Version:  - )
BOINC (HKLM\...\{CC077611-13E6-4B91-AF81-AAB4525F70CE}) (Version: 7.6.22 - Space Sciences Laboratory, U.C. Berkeley)
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 7.35.308.0 - Broadcom Corporation)
CyberLink LabelPrint 2.5 (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.0.6603 - CyberLink Corp.)
CyberLink PhotoDirector 6 (HKLM-x32\...\{6B684CDB-7255-4e46-9AB1-1D2F2D5540B3}) (Version: 6.0.6225.0 - CyberLink Corp.)
CyberLink Power2Go 10 (HKLM-x32\...\{7E2D87F3-F3BC-4fa5-9F72-BF021ED66CB3}) (Version: 10.0.2219.0 - CyberLink Corp.)
CyberLink Power2Go 10 Content Pack (HKLM-x32\...\InstallShield_{2BC3A01D-06C3-410B-9B0E-110F0E75C0A3}) (Version: 10.0.1104.0 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDirector 10 (Version: 10.0.0.4220 - CyberLink Corp.) Hidden
CyberLink PowerDVD 15 (HKLM-x32\...\{DE85B8F3-D088-4D6E-A970-EE0BC7883A66}) (Version: 15.0.2718.58 - CyberLink Corp.)
CyberLink WaveEditor 2 (HKLM-x32\...\{324F76CC-D8DD-4D87-B77D-D4AF5E1AA7B3}) (Version: 2.0.5816.0 - CyberLink Corp.)
Deus Ex: Human Revolution (HKLM-x32\...\Steam App 28050) (Version:  - Eidos Montreal)
E.Y.E: Divine Cybermancy (HKLM-x32\...\Steam App 91700) (Version:  - Streum On Studio)
Epson Customer Research Participation (HKLM\...\{B26449A6-6007-4460-B4FE-C4776115BCEA}) (Version: 1.80.0000 - Seiko Epson Corporation)
Epson Event Manager (HKLM-x32\...\{9F205E94-9E42-4486-A92A-DF3F6CB85444}) (Version: 3.10.0061 - Seiko Epson Corporation)
Epson E-Web Print (HKLM-x32\...\{6BF9F374-EC67-4808-A90C-F127DE6D989D}) (Version: 1.23.0000 - SEIKO EPSON CORPORATION)
Epson FAX Utility (HKLM-x32\...\{0CBE6C93-CB2E-4378-91EE-12BE6D4E2E4A}) (Version: 1.62.00 - SEIKO EPSON CORPORATION)
Epson PC-FAX Driver (HKLM-x32\...\EPSON PC-FAX Driver 2) (Version:  - )
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON Scan OCR Component (HKLM-x32\...\{563B99D8-8895-4E3E-AE8D-15BE8C05F1C1}) (Version: 2.30.00 - SEIKO EPSON Corp.)
EPSON Scan PDF Extensions (HKLM-x32\...\{F9956472-6E16-4F83-BF9A-F887EF4A45B7}) (Version: 1.03.0001 - SEIKO EPSON Corp.)
EPSON WF-2650 Series Printer Uninstall (HKLM\...\EPSON WF-2650 Series) (Version:  - SEIKO EPSON Corporation)
Epson WF-2650 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson WF-2650 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
EULAlyzer 2.2 (HKLM-x32\...\EULAlyzer_is1) (Version: 2.2.0 - BrightFort LLC)
Fallout 3 (HKLM-x32\...\Steam App 22300) (Version:  - Bethesda Game Studios)
Fallout: New Vegas (HKLM-x32\...\Steam App 22380) (Version:  - Obsidian Entertainment)
Fitbit Connect (HKLM-x32\...\{6EB73D9D-645E-415B-8008-83C3CB865968}) (Version: 2.0.1.6742 - Fitbit Inc.)
Google Update Helper (x32 Version: 1.2.183.23 - Google Inc.) Hidden
Half-Life 2: Update (HKLM\...\Steam App 290930) (Version:  - Filip Victor)
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden <==== ATTENTION
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Games for Windows - LIVE Redistributable (HKLM-x32\...\{59E4543A-D49D-4489-B445-473D763C79AF}) (Version: 2.0.672.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{402ED4A1-8F5B-387A-8688-997ABF58B8F2}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 Refresh (HKLM-x32\...\{D69C8EDE-BBC5-436B-8E0E-C5A6D311CF4F}) (Version: 4.0.30901.0 - Microsoft Corporation)
Mozilla Firefox 48.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 48.0.2 (x86 en-US)) (Version: 48.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 48.0.2.6079 - Mozilla)
Mozilla Thunderbird 45.3.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 45.3.0 (x86 en-US)) (Version: 45.3.0 - Mozilla)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.9.2 - Notepad++ Team)
Olympia PBEM MapViewer (HKLM-x32\...\{8C9DCFF1-B62D-4D00-9F2E-41FECB1A27FF}) (Version: 2.08.0012 - Olympia)
Oracle VM VirtualBox 5.0.10 (HKLM\...\{F6E922CF-068D-4AFC-8DBF-4636B84AF0A5}) (Version: 5.0.10 - Oracle Corporation)
Project: Snowblind (HKLM\...\Steam App 7010) (Version:  - Crystal Dynamics)
PSP Application (Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7885 - Realtek Semiconductor Corp.)
S.T.A.L.K.E.R. - Shadow of Chernobyl (HKLM-x32\...\S.T.A.L.K.E.R. - Shadow of Chernobyl_is1) (Version: 1.0000 - THQ)
SiN Episodes: Emergence (HKLM-x32\...\Steam App 1300) (Version:  - Ritual Entertainment)
Skype™ 6.18 (HKLM-x32\...\{7A3C7E05-EE37-47D6-99E1-2EB05A3DA3F7}) (Version: 6.18.105 - Skype Technologies S.A.)
SMI Grabber Device (HKLM-x32\...\{B03B98E3-2795-48F6-BA33-793BBF5DF685}) (Version: 1.0.0.29 - Somagic)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SpywareBlaster 5.5 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.5.0 - BrightFort LLC)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.6 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Battery Check Utility (HKLM-x32\...\{5468E297-7EF8-4CB3-A091-F8714147793F}) (Version: 1.00.01.01 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{484A4296-6F3D-4182-8CFA-D664F7DA34AA}) (Version: 1.1.17.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.3.6405 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{2DB90351-FBAA-472B-9F12-6E1EBBB354DE}) (Version: v2.1.0.22 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{B1F241E1-90BF-4201-8977-A0DF85A38EBB}) (Version: 2.6.16.0 - Toshiba Corporation)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
UFO Aftershock (HKLM-x32\...\{639555DF-952A-4161-97F6-AB9807E421D7}) (Version: 1.0 - )
Underrail (HKLM-x32\...\Steam App 250520) (Version:  - Stygian Software)
WinZip 15.5 (HKLM-x32\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240C3}) (Version: 15.5.9579 - WinZip Computing, S.L. )
ZUUS Music Video Player (HKLM-x32\...\{870B7B26-BBBE-4A0A-A030-B09F6CC9867D}) (Version: 1.0.0 - ZUUS Media, Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3849050912-3804681739-765561596-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Zaacharia\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01B41C83-1D5E-4543-8827-7D57E02DC73A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0458528B-1B2C-4D74-808F-E775F112D124} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {17F41195-F3B4-4D5E-B787-F5F09BCC3F92} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-11] (Microsoft Corporation)
Task: {3960C73F-3FFA-4E4A-B988-18FB749C43E6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {484FFD19-EA0B-4907-8D43-7339DFF7A3F1} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-15] (Synaptics Incorporated)
Task: {54BEB270-7BC3-40E0-8BAE-9EF6ACA477A8} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2014-04-03] (TOSHIBA Corporation)
Task: {563C3F5F-745D-4DCD-9963-2008D2C81326} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {8A3C21A3-B1D7-41C3-A0F7-DBAF2E46FA53} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B24E7417-558C-4503-9F73-91289ECC0C6A} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-06-25] (Adobe Systems Incorporated)
Task: {C3C6739A-1356-447A-A970-78563CDCC13D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E6FF09A6-DB03-4BA4-B00A-C461E6B7FE6E} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2016-03-21] (Safer-Networking Ltd.)
Task: {EA25DC19-626A-42C3-BBDD-E820513F1D91} - System32\Tasks\Pokki => C:\Users\Zaacharia\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe
Task: {F054BCE3-CE55-4A6E-851E-0CF68A9F5EC7} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2016-03-21] (Safer-Networking Ltd.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)


==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2014-04-22 23:48 - 2014-04-22 23:48 - 00140288 _____ () C:\Program Files\ATI Technologies\ATI.ACE\A4\AdaptiveSleepService.exe
2014-11-20 03:33 - 2012-04-24 19:43 - 00390632 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-12 19:45 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-12 19:45 - 2016-06-30 21:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-17 21:51 - 2015-12-06 21:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-12 19:47 - 2016-06-30 20:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-12 19:45 - 2016-06-30 20:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-12 19:45 - 2016-06-30 20:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-12 19:45 - 2016-06-30 20:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-12 19:45 - 2016-06-30 20:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2013-10-15 13:31 - 2013-10-15 13:31 - 00106496 _____ () C:\Program Files\BOINC\zlib1.dll
2016-08-15 20:53 - 2016-08-15 20:54 - 00017408 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-08-15 20:53 - 2016-08-15 20:54 - 13475840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-02 17:55 - 2016-06-02 17:56 - 00680448 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-03-03 16:00 - 2016-03-03 16:01 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.722.10060.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-06-06 13:23 - 2016-06-06 13:23 - 00849408 _____ () C:\ProgramData\BOINC\projects\climateprediction.net\wah2_8.12_windows_intelx86.exe
2016-08-27 09:18 - 2016-08-27 09:18 - 01641984 _____ () C:\ProgramData\BOINC\projects\universeathome.pl_universe\BHspin2_1_windows_x86_64.exe
2016-06-06 13:28 - 2016-03-03 07:01 - 04332544 _____ () C:\ProgramData\BOINC\projects\climateprediction.net\wah2am3m2_um_8.12_windows_intelx86.exe
2016-06-06 13:28 - 2016-03-03 07:05 - 04142080 _____ () C:\ProgramData\BOINC\projects\climateprediction.net\wah2rm3m2t_um_8.12_windows_intelx86.exe
2016-06-29 23:19 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-06-29 23:19 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-06-29 23:19 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-06-29 23:19 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-06-29 23:19 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2015-10-25 22:36 - 2016-08-08 16:27 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-10-25 22:35 - 2015-07-01 15:06 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-10-25 22:35 - 2016-08-23 12:33 - 02321184 _____ () C:\Program Files (x86)\Steam\video.dll
2015-10-25 22:35 - 2016-01-27 00:49 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-10-25 22:35 - 2016-01-27 00:49 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-10-25 22:35 - 2016-01-27 00:49 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-10-25 22:35 - 2016-01-27 00:49 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-10-25 22:35 - 2016-01-27 00:49 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-10-25 22:35 - 2015-07-01 15:06 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-10-25 22:35 - 2015-07-01 15:06 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-10-25 22:35 - 2016-08-23 12:33 - 00835360 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-03-08 22:44 - 2016-07-04 15:17 - 00266560 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2015-12-31 21:25 - 2015-10-11 08:17 - 00873912 ____N () C:\Program Files (x86)\CyberLink\PowerDVD15\common\UNO\UNO.dll
2015-12-31 21:24 - 2013-12-10 04:31 - 00074240 ____N () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_ctypes.pyd
2015-12-31 21:24 - 2013-12-10 04:31 - 00285184 ____N () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_hashlib.pyd
2015-12-31 21:24 - 2013-12-10 04:31 - 00040960 ____N () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_socket.pyd
2015-12-31 21:24 - 2013-12-10 04:31 - 00721920 ____N () C:\Program Files (x86)\CyberLink\PowerDVD15\Common\Koan\_ssl.pyd
2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
2015-10-25 22:35 - 2016-08-04 13:56 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-03-08 22:31 - 2016-03-08 22:31 - 01114136 _____ () C:\Users\Zaacharia\AppData\Roaming\Mozilla\Firefox\Profiles\x2iwwjpu.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-12-31 21:27 - 2015-09-03 01:52 - 00541683 _____ () C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\sqlite3.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\Temp:84098FD3 [133]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com

There are 7914 more sites.

IE trusted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\1-2005-search.com -> www.1-2005-search.com

There are 12731 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2016-08-30 22:03 - 00453264 ____R C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1   www.007guard.com
127.0.0.1   007guard.com
127.0.0.1   008i.com
127.0.0.1   www.008k.com
127.0.0.1   008k.com
127.0.0.1   www.00hq.com
127.0.0.1   00hq.com
127.0.0.1   010402.com
127.0.0.1   www.032439.com
127.0.0.1   032439.com
127.0.0.1   www.0scan.com
127.0.0.1   0scan.com
127.0.0.1   1000gratisproben.com
127.0.0.1   www.1000gratisproben.com
127.0.0.1   1001namen.com
127.0.0.1   www.1001namen.com
127.0.0.1   100888290cs.com
127.0.0.1   www.100888290cs.com
127.0.0.1   www.100sexlinks.com
127.0.0.1   100sexlinks.com
127.0.0.1   10sek.com
127.0.0.1   www.10sek.com
127.0.0.1   www.1-2005-search.com
127.0.0.1   1-2005-search.com
127.0.0.1   123fporn.info
127.0.0.1   www.123fporn.info
127.0.0.1   www.123haustiereundmehr.com
127.0.0.1   123haustiereundmehr.com
127.0.0.1   123moviedownload.com
127.0.0.1   www.123moviedownload.com

There are 15553 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3849050912-3804681739-765561596-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\Innovation\String Lake - Grand Tetons.jpg
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "TCrdMain"
HKLM\...\StartupApproved\Run32: => "mcpltui_exe"
HKLM\...\StartupApproved\Run32: => "FUFAXRCV"
HKLM\...\StartupApproved\Run32: => "FUFAXSTM"
HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G10"
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\StartupApproved\Run: => "BlazeServoTool"
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\StartupApproved\Run: => "BingSvc"
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\StartupApproved\Run: => "Power2GoExpress10"
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\StartupApproved\Run: => "Chromium"
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-3849050912-3804681739-765561596-1001\...\StartupApproved\Run: => "Fitbit Connect"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{C80C516E-B818-4486-9325-6E974B73CC58}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{EF4B2128-9B67-44C4-9952-B1A382C3D42B}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{127681BC-E1E4-4E4F-B1AD-3C18E2ED0CE5}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6B84C66E-4582-4CEE-B2CD-99A76F96AEBF}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{67A68DFB-357F-43E3-BBB5-CAA8D531E689}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EYE\EYE.exe
FirewallRules: [{7E2931DB-9ABF-4623-9AF0-7564C6C76642}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\EYE\EYE.exe
FirewallRules: [{CE66EAB5-67E7-42FA-8612-9C1F9149CE5C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{BC5EC2BE-E6D1-42CD-B1D2-6BDF069AE2F4}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1D4C1BEA-A986-495E-9442-6814026DD37A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{0BA62B42-9F85-4EC5-B96C-607B5D803087}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{E4385162-582C-4876-A4C1-5597100C9F85}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{1C6D4FDC-817F-4550-8FEA-0A0415E049CC}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\dedicated\XR_3DA.exe
FirewallRules: [{6798A014-0A9A-4C60-9EE4-F576B3C36182}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{82EF31FC-722B-4430-A950-861C60C967E8}] => (Allow) C:\Program Files (x86)\THQ\S.T.A.L.K.E.R. - Shadow of Chernobyl\bin\XR_3DA.exe
FirewallRules: [{E38B1E2F-A27B-4AB6-91CF-61EE7DB2BB20}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4C6C903C-5F75-4A15-8F99-81BA58A7F201}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{FCB5BD9C-AECA-417C-BE6A-5D9DA9311192}] => (Allow) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{BB1D9634-B81B-42A7-B4B9-0AA65BEC11DC}] => (Block) C:\Program Files (x86)\Spotify\spotify.exe
FirewallRules: [{39E39787-4117-44C1-8722-7402596C180D}] => (Allow) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{C2DDD62E-C17B-4C3C-87BA-95C4C3BD1950}] => (Block) C:\Program Files (x86)\Spotify\Data\SpotifyWebHelper.exe
FirewallRules: [{50EBD938-7BB4-4A9D-ACC2-8BA2C646193A}] => (Allow) C:\Program Files\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{A76A426E-D9A0-4C38-96E5-5928B3BC7376}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{0DECD353-F321-44C4-B5FE-54DD0B669DDB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [{1F3DCA62-6377-449A-AD92-8620C78D1520}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Deus Ex - Human Revolution\dxhr.exe
FirewallRules: [{9CDB46F5-6210-43D2-917F-3E259475FF19}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Underrail\underrail.exe
FirewallRules: [{CDF70871-F6FE-4B28-B2AA-FB4EAA86D927}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Underrail\underrail.exe
FirewallRules: [{2F00197A-0353-4C2E-B5A3-BA9C82F1D9E2}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{B10C6408-F61A-4C1C-A42D-987BD5A1FB15}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout 3\FalloutLauncher.exe
FirewallRules: [{46D5E856-2511-411A-BAFB-7083033AD273}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{51D3B88F-D86C-4F59-A0DD-E53B6B7B3D37}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Fallout New Vegas\FalloutNVLauncher.exe
FirewallRules: [{72C52266-E73E-4E74-A265-B098115F2F24}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SiN Episodes Emergence\SinEpisodes.exe
FirewallRules: [{144C743E-9A3F-4BE2-ABE7-81A1E4104AA4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\SiN Episodes Emergence\SinEpisodes.exe
FirewallRules: [{E74BADFF-B254-4E71-93D1-A1DFACA2A9B0}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{A2283096-124C-4396-994B-53DC6641BB89}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{74E9EF90-8C2C-42E4-AC1D-B64BB34D4F90}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{BBA85DBB-6DBA-4A7B-94D8-52DC010C781C}] => (Allow) D:\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{54776242-A7FB-4B8A-B000-C0932ACDD688}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{CCD0E927-CC7B-4BE0-9B4D-835E8F47C4F9}] => (Allow) C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe
FirewallRules: [{0611C196-A328-4630-B488-4A077351DF89}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Snowblind\Snowblind.exe
FirewallRules: [{4E2A7984-C013-4AC9-93E7-708F98AEEDEA}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Project Snowblind\Snowblind.exe
FirewallRules: [{C9C30E6C-34D2-4FF3-AE73-80B74FAD7874}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{F2BC2B8A-B24C-4DC0-8076-ECC59019437C}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Half-Life 2 Update\hl2.exe
FirewallRules: [{610AD817-BB23-4229-A330-F67130E83E84}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD.exe
FirewallRules: [{73A94A6C-A4F6-457F-BE89-B4E8E62EDFEB}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Kernel\DMS\CLMSServerPDVD15.exe
FirewallRules: [{28A74211-DDDA-4A90-81A6-44C3E060B3BC}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\PowerDVD15Agent.exe
FirewallRules: [{75DB324D-9567-4597-96A1-F6DD2330E0AE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVDMovie.exe
FirewallRules: [{5D49EEAB-71F7-4E54-872A-8B1F4D8A7F8C}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD15\Movie\PowerDVD Cinema\PowerDVDCinema.exe
FirewallRules: [SNMP-In-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-In-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
FirewallRules: [SNMP-Out-UDP-NoScope] => (Allow) %SystemRoot%\system32\snmp.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Restore Points =========================

20-08-2016 12:55:09 Scheduled Checkpoint
27-08-2016 02:08:18 Windows Update
01-09-2016 02:21:01 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/01/2016 09:10:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector6\kernel\ces\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/01/2016 09:10:19 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector6\kernel\ces\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/01/2016 07:58:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector6\kernel\ces\CES_CacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/01/2016 07:58:27 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "c:\program files\cyberlink\photodirector6\kernel\ces\CES_AudioCacheAgent.exe.Manifest".
Dependent Assembly PDR.X,type="win32",version="1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (09/01/2016 04:50:56 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program SDTools.exe version 2.4.40.157 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 788

Start Time: 01d204aa79b7d613

Termination Time: 17

Application Path: C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTools.exe

Report Id: e76b4fbc-709e-11e6-829b-008cfa8bbba5

Faulting package full name:

Faulting package-relative application ID:

Error: (09/01/2016 02:21:22 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/01/2016 02:05:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: EYE.exe, version: 0.0.0.0, time stamp: 0x4fe48069
Faulting module name: client.dll, version: 0.0.0.0, time stamp: 0x51f67295
Exception code: 0xc0000005
Fault offset: 0x0019d586
Faulting process id: 0xf8
Faulting application start time: 0x01d203f64fda4629
Faulting application path: C:\Program Files (x86)\Steam\steamapps\common\EYE\EYE.exe
Faulting module path: c:\program files (x86)\steam\steamapps\common\eye\eye\bin\client.dll
Report Id: 8a0b0a18-77e7-4a85-8cf1-68b2299b13ca
Faulting package full name:
Faulting package-relative application ID:

Error: (08/30/2016 09:59:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1542) (User: NT AUTHORITY)
Description: Windows cannot load classes registry file.
 DETAIL - The process cannot access the file because it is being used by another process.

Error: (08/30/2016 09:59:25 PM) (Source: Microsoft-Windows-User Profiles Service) (EventID: 1508) (User: NT AUTHORITY)
Description: Windows was unable to load the registry. This problem is often caused by insufficient memory or insufficient security rights.

 DETAIL - The process cannot access the file because it is being used by another process.
 for C:\Users\Zaacharia\AppData\Local\Microsoft\Windows\\UsrClass.dat

Error: (08/30/2016 12:58:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10586.494, time stamp: 0x5775e69a
Faulting module name: twinapi.appcore.dll, version: 10.0.10586.494, time stamp: 0x5775e2d9
Exception code: 0xc000027b
Fault offset: 0x000000000004b1c9
Faulting process id: 0x1340
Faulting application start time: 0x01d200f8b468e348
Faulting application path: C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
Faulting module path: C:\Windows\System32\twinapi.appcore.dll
Report Id: c0b76c24-59ab-49c6-815b-a442dd3b4db3
Faulting package full name: Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewy
Faulting package-relative application ID: CortanaUI


System errors:
=============
Error: (09/05/2016 11:23:00 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 15 Media Server Service service terminated unexpectedly.  It has done this 6 time(s).

Error: (09/05/2016 01:55:35 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (09/05/2016 12:52:40 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (09/04/2016 06:09:14 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (09/04/2016 02:37:40 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 15 Media Server Service service terminated unexpectedly.  It has done this 5 time(s).

Error: (09/04/2016 01:53:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {F3B4E234-7A68-4E43-B813-E4BA55A065F6} did not register with DCOM within the required timeout.

Error: (09/04/2016 04:57:02 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The CyberLink PowerDVD 15 Media Server Service service terminated unexpectedly.  It has done this 4 time(s).

Error: (09/04/2016 04:56:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_515fe23 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/04/2016 04:56:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_515fe23 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/04/2016 04:56:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_515fe23 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
  Date: 2016-09-01 04:54:40.387
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-08-30 21:57:37.411
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-30 21:57:37.371
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-30 21:57:37.329
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-30 21:57:37.281
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-30 21:57:37.242
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-30 21:57:37.187
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-30 21:57:37.138
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-30 21:57:37.100
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-08-30 21:57:37.042
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: AMD A6-6310 APU with AMD Radeon R4 Graphics
Percentage of memory in use: 34%
Total physical RAM: 7129.23 MB
Available physical RAM: 4669.82 MB
Total Virtual: 11196.6 MB
Available Virtual: 7689.3 MB

==================== Drives ================================

Drive c: (TI10708100A) (Fixed) (Total:686.26 GB) (Free:581.07 GB) NTFS
Drive d: (ORPHAN_BLACK_S4_D2) (CDROM) (Total:7.36 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] Unable to keep Windows Defender running
« Reply #9 on: September 06, 2016, 10:22:43 AM »
 
Hello Grumpy Old Man,

      Unhide hidden files
Please go HERE & follow instructions to reveal hidden files.

 Uninstall a Program in Programs & Features

  • Click inside the "ask me anything" box and start typing "programs and features".
     
  • Once you see it in the search results, open it and you will see your list of programs that you can uninstall.
  • Highlight Itibiti RTC & uninstall it.
>>>>>>>>>>>>>>>>>>>>>>

    Carry out a Fix in FRST

  • Open notepad and copy/paste the text present inside the code box below.
  • To do this highlight the contents of the box and right click on it.
  • Paste this into the open notepad.
NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to the operating system


Code: [Select]
Start
CloseProcesses:
S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X]
S2 PremierOpinion;PremierOpinion;C:\Program Files (x86)\PremierOpinion\pmservice.exe /service --> C:\Program Files (x86)\PremierOpinion\pmservice.exe  [?]
SUnknown sioitpkj;sioitpkj;
Task: {01B41C83-1D5E-4543-8827-7D57E02DC73A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0458528B-1B2C-4D74-808F-E775F112D124} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3960C73F-3FFA
Task: {8A3C21A3-B1D7-41C3-A0F7-DBAF2E46FA53} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C3C6739A-1356-447A-A970-78563CDCC13D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\Temp:84098FD3 [133]
Cmd: ipconfig /flushdns
Empty temp:
Hosts:
reboot
end




  • .Now save notepad as fixlist.txt to your Desktop.
    NOTE: => It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.


  • . Run FRST and press the Fix button just once and wait.
    If the tool needed a restart please make sure you let the system to restart normally and let the tool completes its run after restart.

  • The tool will make a log on the Desktop (Fixlog.txt). Please attach it to your reply.
    Note:

    >>>>>>>>>>>>>>>>>>>

    Please download AdwCleaner]  onto your Desktop.

    Take care NOT to click on any ad, such as PC Optimizer Pro. The correct link is the button labeled "Download from Bleeping Computer".
    NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.

    • Close your browser and double click the AdwCleaner icon on your desktop.
    • Click on the Scan in the Actions box
    • Please wait for the scan to finish..
    • When "Waiting for action.Please uncheck elements you want to keep" shows in top line..
         
    • DO NOT CLEAN ANYTHING! Removal will be done after analysis of the log.
         
    • Next click OK on the "Closing Programs" pop up box.
    • Click OK on the Information box & again OK to allow the necessary reboot

        After restart the AdwCleaner(C*)-Notepad log will appear, please copy/paste it in your next reply....
       
  • If you lose track of the log, it is saved in this folder C:\AdwCleaner\

NOTE: If using Internet Explorer and you get an alert that stops the program downloading, click on Tools > Smartscreen Filter > Turn off Smartscreen Filter then click on OK in the box that opens. Then click on the link again.
Close your browser and double click the AdwCleaner icon on your desktop.

>>>>>>>>>>>>>>>>>>>>>>>>>>

Please download Junkware Removal Tool to your Desktop.

Please close your security software to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.
>>>>>>>>>>>>>>>>>

I need Fixlog.txt,
           AdwCleaner log
          JRT.txt please.

Platypuss



Offline Grumpy Old Man

  • Bronze Member
  • Posts: 18
Re: [In Progress] Unable to keep Windows Defender running
« Reply #10 on: September 06, 2016, 06:42:34 PM »
Er, where do I find "ask me anything"?

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] Unable to keep Windows Defender running
« Reply #11 on: September 07, 2016, 03:20:51 AM »



 
Quote
Er, where do I find "ask me anything"?

Try this method..it`s quicker:-
  • Rightt Click on the Start icon located in the left hand corner of the task bar.
  • This opens a pop up box with "Programs & Features" shown at the top.
  • Click on it & scroll down until you find Itibiti RTC & uninstall it
The "Ask me anything" box is the grey "Search the Web & Windows" box on the left of the taskbar.

Platypuss

Offline Grumpy Old Man

  • Bronze Member
  • Posts: 18
Re: [In Progress] Unable to keep Windows Defender running
« Reply #12 on: September 07, 2016, 04:33:03 AM »
I can not find Itibiti in my "Programs & Features" - should I perform the other steps just in case it was removed by one of my earlier attempts? -- Meaning I ran SpyWareBlaster and Spybot, could they have removed?

Thank you for your time - this is crazy (to me) - That Itibiti rings a vague bell but...

Offline Foxfire

  • Malware Removal Staff
  • Bronze Member
  • Posts: 443
Re: [In Progress] Unable to keep Windows Defender running
« Reply #13 on: September 07, 2016, 09:21:05 AM »

 
Quote
I can not find Itibiti in my "Programs & Features" - should I perform the other steps just in case it was removed by one of my earlier attempts? -- Meaning I ran SpyWareBlaster and Spybot, could they have removed?

Yes, go ahead please. It could have been disabled previously & later scans will pick up remnants.

Description Here for your interest.

When you have finished the scans could you advise how the computer is running please ?
Platypuss

« Last Edit: September 07, 2016, 09:35:15 AM by PLATYPUSS »

Offline Grumpy Old Man

  • Bronze Member
  • Posts: 18
Re: [In Progress] Unable to keep Windows Defender running
« Reply #14 on: September 07, 2016, 07:22:23 PM »
I did not get the shutdown notice for adwcleaner so i did it myself
I ran each of the apps - logs:
Fix result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Zaacharia (07-09-2016 17:42:32) Run:1
Running from C:\Users\Zaacharia\Desktop
Loaded Profiles: Zaacharia (Available Profiles: Zaacharia)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CloseProcesses:
S2 PremierOpinion; C:\Program Files (x86)\PremierOpinion\pmservice.exe /service [X]
S2 PremierOpinion;PremierOpinion;C:\Program Files (x86)\PremierOpinion\pmservice.exe /service --> C:\Program Files (x86)\PremierOpinion\pmservice.exe  [?]
SUnknown sioitpkj;sioitpkj;
Task: {01B41C83-1D5E-4543-8827-7D57E02DC73A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {0458528B-1B2C-4D74-808F-E775F112D124} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {3960C73F-3FFA
Task: {8A3C21A3-B1D7-41C3-A0F7-DBAF2E46FA53} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {C3C6739A-1356-447A-A970-78563CDCC13D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
AlternateDataStreams: C:\ProgramData\Temp:5C321E34 [125]
AlternateDataStreams: C:\ProgramData\Temp:84098FD3 [133]
Cmd: ipconfig /flushdns
Empty temp:
Hosts:
reboot
end
*****************

Processes closed successfully.
PremierOpinion => service removed successfully
PremierOpinion => service not found.
SUnknown sioitpkj;sioitpkj; => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{01B41C83-1D5E-4543-8827-7D57E02DC73A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{01B41C83-1D5E-4543-8827-7D57E02DC73A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0458528B-1B2C-4D74-808F-E775F112D124}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0458528B-1B2C-4D74-808F-E775F112D124}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\Task: {3960C73F-3FFA => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A3C21A3-B1D7-41C3-A0F7-DBAF2E46FA53}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A3C21A3-B1D7-41C3-A0F7-DBAF2E46FA53}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{C3C6739A-1356-447A-A970-78563CDCC13D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C3C6739A-1356-447A-A970-78563CDCC13D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
C:\ProgramData\Temp => ":5C321E34" ADS removed successfully.
C:\ProgramData\Temp => ":84098FD3" ADS removed successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
reboot => Error: No automatic fix found for this entry.

=========== EmptyTemp: ==========

BITS transfer queue => 1086456 B
DOMStore, IE Recovery, AppCache, Feeds Cache, Thumbcache, IconCache => 15163125 B
Java, Flash, Steam htmlcache => 358830615 B
Windows/system/drivers => 7831 B
Edge => 1115830 B
Chrome => 8177137 B
Firefox => 395466186 B
Opera => 0 B

Temp, IE cache, history, cookies, recent:
Default => 0 B
ProgramData => 0 B
Public => 0 B
systemprofile => 0 B
systemprofile32 => 0 B
LocalService => 28278614 B
NetworkService => 1088750 B
Zaacharia => 1291179123 B

RecycleBin => 6755566 B
EmptyTemp: => 2 GB temporary data Removed.

================================


The system needed a reboot.

==== End of Fixlog 17:44:52 ====
# AdwCleaner v6.010 - Logfile created 07/09/2016 at 17:57:36
# Updated on 12/08/2016 by ToolsLib
# Database : 2016-09-07.2 [Server]
# Operating System : Windows 10 Home  (X64)
# Username : Zaacharia - GGSREST
# Running from : C:\Users\Zaacharia\Desktop\AdwCleaner.exe
# Mode: Scan
# Support : https://toolslib.net/forum



***** [ Services ] *****

No malicious services found.


***** [ Folders ] *****

Folder Found:  C:\WINDOWS\SysNative\Tasks\PCW
Folder Found:  C:\ProgramData\pokki
Folder Found:  C:\ProgramData\Pokki
Folder Found:  C:\ProgramData\Application Data\pokki
Folder Found:  C:\ProgramData\Application Data\Pokki
Folder Found:  C:\Program Files (x86)\Amazon\Amazon1ButtonApp
Folder Found:  C:\Users\Default User\AppData\Local\Pokki
Folder Found:  C:\Users\Default\AppData\Local\Pokki


***** [ Files ] *****

File Found:  C:\Users\Zaacharia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Goodgame Empire.lnk
File Found:  C:\Users\Zaacharia\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
File Found:  C:\WINDOWS\SysNative\LavasoftTcpService64.dll
File Found:  C:\WINDOWS\SysNative\LavasoftTcpServiceOff.ini
File Found:  C:\Users\Public\Desktop\eBay.lnk
File Found:  C:\WINDOWS\SysWOW64\lavasofttcpservice.dll
File Found:  C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini


***** [ DLL ] *****

No malicious DLLs found.


***** [ WMI ] *****

No malicious keys found.


***** [ Shortcuts ] *****

No infected shortcut found.


***** [ Scheduled Tasks ] *****

Task Found:  Pokki


***** [ Registry ] *****

Key Found:  HKLM\SOFTWARE\Classes\AmazonAppIE.AppGateway
Key Found:  HKLM\SOFTWARE\Classes\AmazonAppIE.GadgetGateway
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataContainer.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataController.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTable.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableFields.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.DataTableHolder.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.LSPLogic.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.ReadOnlyManager.1
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController
Key Found:  HKLM\SOFTWARE\Classes\LavasoftTcpServiceLib.WFPController.1
Key Found:  [x64] HKLM\SOFTWARE\Classes\CLSID\{26B19FA4-E8A1-4A1B-A163-1A1E46F830DD}
Key Found:  [x64] HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{0015CAC9-FC30-4CD0-BFAA-7412CC2C4DD9}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{26C7AFDB-3690-449E-B979-B0AF5CC56DD4}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{3A5A5381-DAAF-4C0D-B032-2C66B3EE4A8D}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{472EF1D2-4AAE-470D-AE85-6AF8177916FD}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{8F010D54-C023-457F-AF03-497EACB6D519}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{9A754403-27B1-4ED7-96D7-588F07888EBF}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{CB31FF8F-BF80-4D2B-ADBE-12C6F5347890}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{FCAA532B-E807-4027-940C-BA16B9D50105}
Key Found:  HKLM\SOFTWARE\Classes\CLSID\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Key Found:  HKLM\SOFTWARE\Classes\TypeLib\{ED62BC6E-64F1-46BE-866F-4C8DC0DF7057}
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{BD6ECB00-7C4A-4F97-B425-44117F2A7AAE}
Key Found:  HKU\S-1-5-21-3849050912-3804681739-765561596-1001\Software\APN PIP
Key Found:  HKU\S-1-5-21-3849050912-3804681739-765561596-1001\Software\SweetLabs App Platform
Key Found:  HKCU\Software\APN PIP
Key Found:  HKCU\Software\SweetLabs App Platform
Key Found:  HKLM\SOFTWARE\Lavasoft\Web Companion
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Key Found:  HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D}
Key Found:  [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  [x64] HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Key Found:  HKLM\SOFTWARE\Classes\Installer\Features\4E30E037E0535E84D9E3349209D354D4
Key Found:  HKLM\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4
Data Found:  [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
Data Found:  HKU\S-1-5-21-3849050912-3804681739-765561596-1001\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
Data Found:  HKCU\Software\Microsoft\Internet Explorer\Main [Default_Secondary_Page_URL] - hxxp://mystart.toshiba.com
Key Found:  HKCU\Software\Microsoft\Internet Explorer\DOMStorage\itibitiphone.com
Value Found:  HKU\S-1-5-21-3849050912-3804681739-765561596-1001\Software\Microsoft\Windows\CurrentVersion\Explorer\StartupApproved\Run [Itibiti.exe]
Key Found:  HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com


***** [ Web browsers ] *****

No malicious Firefox based browser items found.
No malicious Chromium based browser items found.

*************************

C:\AdwCleaner\AdwCleaner[S0].txt - [5775 Bytes] - [07/09/2016 17:57:36]

########## EOF - C:\AdwCleaner\AdwCleaner[S0].txt - [5848 Bytes] ##########
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.7 (07.03.2016)
Operating System: Windows 10 Home x64
Ran by Zaacharia (Administrator) on Wed 09/07/2016 at 18:11:03.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 5

Successfully deleted: C:\ProgramData\pokki (Folder)
Successfully deleted: C:\Users\Public\Desktop\ebay.lnk (Shortcut)
Successfully deleted: C:\Users\Zaacharia\AppData\Local\nico mak computing (Folder)
Successfully deleted: C:\Users\Zaacharia\Start Menu\Programs\goodgame empire.lnk (Shortcut)
Successfully deleted: C:\Users\Zaacharia\Start Menu\Programs\pokki start menu.lnk (Shortcut)



Registry: 1

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{2f23ab71-4ac6-41f2-a955-ea576e553146} (Registry Key)




~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Wed 09/07/2016 at 18:14:52.11
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~