2 X TROJANS. Cannot remove. Please help.

[Nicole]

Hi. Hoping you can help. My laptop has been playing up, slow, freezing a lot and I was sure I had been hijacked somehow. It seemed other users were active or something. I have MalwareBytes Home Premium but it was finding nothing ever. I opened up Windows Defender and noticed it was set to only do quick scans. I did a full scan and it found 2 X Trojans it said were serious. One was in the D drive. Something to do with a HP Game Crazy Chicken Soccer. The other was here: 
C:\Users\Nicole\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\LocalState\LiveComm\3e1a4e13e166e874\120712-0049\Att\20064a23

The names of the Trojans identified are:

Trojan: O97M/Madeba.A!det
Trojan: Win32/Dynamer!ac

I pressed FIX but the removal process froze about 2/3 through. It froze completely for over an hour. I could not even exit. I used task manager to stop the process and now Defender doesn't even have a record of it. Lucky I took notes and opened folder while waiting. Please help. Regards Nicole

Here is my Far Bar Recovery Tool Scans:
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 31-08-2016
Ran by Nicole (administrator) on HP (07-09-2016 21:41:02)
Running from C:\Users\Nicole\Desktop
Loaded Profiles: Nicole &  (Available Profiles: Nicole)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Seiko Epson Corporation) C:\Windows\System32\escsvc64.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPWMISVC.exe
(SEIKO EPSON CORPORATION) C:\Program Files\EPSON\EpsonCustomerParticipation\EPCP.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(TomTom) C:\Program Files (x86)\TomTom HOME 2\TomTomHOMEService.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(HP Inc.) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\Shared\hpqwmiex.exe
(Realsil Microelectronics Inc.) C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe
(Hewlett-Packard Development Company, L.P.) C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe
(CyberLink) C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(CyberLink Corp.) C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1664000 2012-08-20] (IDT, Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-07-26] (Apple Inc.)
HKLM-x32\...\Run: [HP Quick Launch] => C:\Program Files (x86)\Hewlett-Packard\HP Quick Launch\HPMSGSVC.exe [581024 2012-09-08] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [HP CoolSense] => C:\Program Files (x86)\Hewlett-Packard\HP CoolSense\CoolSense.exe [1342008 2012-09-15] (Hewlett-Packard Development Company, L.P.)
HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491632 2012-09-10] (CyberLink Corp.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [93296 2012-07-14] (CyberLink Corp.)
HKLM-x32\...\Run: [SunJavaUpdateSched] => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM-x32\...\Run: [EEventManager] => C:\Program Files (x86)\Epson Software\Event Manager\EEventManager.exe [1064512 2013-11-08] (SEIKO EPSON CORPORATION)
Winlogon\Notify\igfxcui: igfxdev.dll [X]
HKU\S-1-5-18-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINOE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1051638766-449466645-1111838877-1001\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-1051638766-449466645-1111838877-1001\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINOE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-21-1051638766-449466645-1111838877-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [TomTomHOME.exe] => C:\Program Files (x86)\TomTom HOME 2\TomTomHOMERunner.exe [248176 2015-07-13] (TomTom)
HKU\S-1-5-21-1051638766-449466645-1111838877-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINOE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
HKU\S-1-5-18\...\Run: [EPLTarget\P0000000000000000] => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YATINOE.EXE [298560 2013-12-16] (SEIKO EPSON CORPORATION)
ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} =>  No File
ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} =>  No File

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{006dd5f9-5bb8-4034-a555-96d8e9b5b2f8}: [DhcpNameServer] 10.1.1.1
Tcpip\..\Interfaces\{cdf74a75-3fa7-46f3-b6a5-cd689b46acee}: [DhcpNameServer] 10.1.1.1

Internet Explorer:
==================
HKU\S-1-5-21-1051638766-449466645-1111838877-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/?gws_rd=ssl
HKU\S-1-5-21-1051638766-449466645-1111838877-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.ninemsn.com.au/?ocid=iehp
HKU\S-1-5-21-1051638766-449466645-1111838877-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/?gws_rd=ssl
HKU\S-1-5-21-1051638766-449466645-1111838877-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.ninemsn.com.au/?ocid=iehp
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-07-13] (Microsoft Corporation)
BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre7\bin\ssv.dll [2014-07-07] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-07-05] (Microsoft Corporation)
BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre7\bin\jp2ssv.dll [2014-07-07] (Oracle Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll => No File
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-07-07] (Oracle Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-07-07] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll => No File
DPF: HKLM-x32 {1ABA5FAC-1417-422B-BA82-45C35E2C908B} hxxp://kitchenplanner.ikea.com/au/Core/Player/2020PlayerAX_IKEA_Win32.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-04-20] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Nicole\AppData\Roaming\Mozilla\Firefox\Profiles\jipgzdvg.default
FF Plugin: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-07] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files\Java\jre7\bin\plugin2\npjp2.dll [2014-07-07] (Oracle Corporation)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-07] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-07-07] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.60.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-07-07] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.50428.0\npctrl.dll [2016-04-27] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-23] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-29] (Google Inc.)
FF Plugin HKU\S-1-5-21-1051638766-449466645-1111838877-1001: hp.com/HPDetect -> C:\Users\Nicole\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)
FF Plugin HKU\S-1-5-21-1051638766-449466645-1111838877-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0: hp.com/HPDetect -> C:\Users\Nicole\AppData\Roaming\HewlettPackard\HPDetect\1.0.0.0\npHPDetect.dll [2012-08-30] (HP)

Chrome: 
=======
CHR Profile: C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Drive) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-28]
CHR Extension: (YouTube) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-01]
CHR Extension: (Google Search) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-28]
CHR Extension: (Tampermonkey) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\dhdgffkkebhmkfjojejmpbldmpobfkfo [2016-09-02]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-05]
CHR Extension: (Gmail) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-07-27]
CHR Extension: (Chrome Media Router) - C:\Users\Nicole\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-09-02]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3189488 2016-07-05] (Microsoft Corporation)
R2 EpsonScanSvc; C:\WINDOWS\system32\EscSvc64.exe [144560 2012-05-17] (Seiko Epson Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29728 2016-08-15] (HP Inc.)
R2 IconMan_R; C:\Program Files (x86)\Realtek\Realtek PCIE Card Reader\RIconMan.exe [2451456 2012-07-15] (Realsil Microelectronics Inc.) [File not signed]
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [128896 2012-07-18] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165760 2012-07-18] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 vmicvss; C:\Windows\System32\ICSvc.dll [511488 2015-10-30] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2016-07-01] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-26] (CyberLink)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [129152 2016-04-25] (Samsung Electronics Co., Ltd.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-09-07] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
S3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-05] (Realtek Semiconductor Corp.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S3 SmbDrv; C:\Windows\System32\drivers\Smb_driver_AMDASF.sys [41272 2012-08-25] (Synaptics Incorporated)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [52904 2016-04-28] (Synaptics Incorporated)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
R3 WirelessButtonDriver; C:\Windows\System32\drivers\WirelessButtonDriver64.sys [20800 2013-07-22] (Hewlett-Packard Development Company, L.P.)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-07 21:41 - 2016-09-07 21:41 - 00018478 _____ C:\Users\Nicole\Desktop\FRST.txt
2016-09-07 21:40 - 2016-09-07 21:41 - 00000000 ____D C:\FRST
2016-09-07 21:39 - 2016-09-07 21:40 - 02397696 _____ (Farbar) C:\Users\Nicole\Desktop\FRST64.exe
2016-09-07 21:12 - 2016-09-07 21:18 - 00001996 _____ C:\Users\Nicole\Desktop\Rkill.txt
2016-09-07 18:00 - 2016-09-07 18:08 - 138647312 _____ (Microsoft Corporation) C:\Users\Nicole\Downloads\msert.exe
2016-09-03 18:02 - 2016-09-03 18:02 - 00093444 _____ C:\Users\Nicole\Downloads\jetstarTaxInvoice.pdf
2016-09-01 17:12 - 2016-09-01 17:12 - 00000000 ____D C:\Users\Nicole\Downloads\Lisa_house_sitter
2016-09-01 17:11 - 2016-09-01 17:12 - 00127198 _____ C:\Users\Nicole\Downloads\Lisa_house_sitter.zip
2016-08-31 19:29 - 2016-08-31 19:29 - 00085550 _____ C:\Users\Nicole\Downloads\Amendment to bos1.pdf
2016-08-29 12:39 - 2016-08-29 12:39 - 00359548 _____ C:\Users\Nicole\Downloads\Shower and Bath Filters - General and Technical Information - SFHH.pdf
2016-08-24 20:19 - 2016-08-24 20:19 - 00260636 _____ C:\Users\Nicole\Downloads\16108__20162408201920.pdf
2016-08-24 20:18 - 2016-08-24 20:18 - 00263754 _____ C:\Users\Nicole\Downloads\16107__20162408201851.pdf
2016-08-24 18:42 - 2016-08-24 18:42 - 00122977 _____ C:\Users\Nicole\Downloads\RECHARGE_2008000179980642.pdf
2016-08-18 18:41 - 2016-08-18 18:41 - 00377486 _____ C:\Users\Nicole\Downloads\report.pdf
2016-08-12 21:41 - 2016-08-12 21:41 - 00192887 _____ C:\Users\Nicole\Downloads\Kalisch 1991.pdf
2016-08-11 15:33 - 2016-08-11 15:33 - 01129176 _____ C:\Users\Nicole\Downloads\qhi_1209_Menu.pdf
2016-08-10 11:31 - 2016-08-03 21:14 - 01505984 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-08-10 11:31 - 2016-08-03 21:14 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-10 11:31 - 2016-08-03 21:14 - 00050368 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2016-08-10 11:31 - 2016-08-03 20:36 - 07469408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-08-10 11:31 - 2016-08-03 20:36 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2016-08-10 11:31 - 2016-08-03 20:36 - 00037744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wldp.dll
2016-08-10 11:31 - 2016-08-03 20:30 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-08-10 11:31 - 2016-08-03 20:23 - 00693600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-08-10 11:31 - 2016-08-03 20:23 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-08-10 11:31 - 2016-08-03 20:22 - 01322760 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-08-10 11:31 - 2016-08-03 20:22 - 00808288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-08-10 11:31 - 2016-08-03 20:22 - 00465248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2016-08-10 11:31 - 2016-08-03 20:22 - 00331616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-08-10 11:31 - 2016-08-03 20:22 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-08-10 11:31 - 2016-08-03 20:21 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-10 11:31 - 2016-08-03 20:21 - 03675512 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-10 11:31 - 2016-08-03 20:21 - 00566112 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2016-08-10 11:31 - 2016-08-03 20:21 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2016-08-10 11:31 - 2016-08-03 20:20 - 01540224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-08-10 11:31 - 2016-08-03 20:20 - 00692136 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-08-10 11:31 - 2016-08-03 20:19 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-10 11:31 - 2016-08-03 20:19 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-10 11:31 - 2016-08-03 20:13 - 01988448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-10 11:31 - 2016-08-03 20:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-10 11:31 - 2016-08-03 20:13 - 00393056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-10 11:31 - 2016-08-03 20:11 - 00422744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-08-10 11:31 - 2016-08-03 19:51 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdlrecover.exe
2016-08-10 11:31 - 2016-08-03 19:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-08-10 11:31 - 2016-08-03 19:46 - 22384128 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-10 11:31 - 2016-08-03 19:44 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-08-10 11:31 - 2016-08-03 19:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll
2016-08-10 11:31 - 2016-08-03 19:44 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\musdialoghandlers.dll
2016-08-10 11:31 - 2016-08-03 19:43 - 16985088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-08-10 11:31 - 2016-08-03 19:41 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-08-10 11:31 - 2016-08-03 19:41 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-08-10 11:31 - 2016-08-03 19:40 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2016-08-10 11:31 - 2016-08-03 19:40 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthserv.dll
2016-08-10 11:31 - 2016-08-03 19:40 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-08-10 11:31 - 2016-08-03 19:40 - 00047616 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmTasks.dll
2016-08-10 11:31 - 2016-08-03 19:39 - 00218624 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-10 11:31 - 2016-08-03 19:39 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll
2016-08-10 11:31 - 2016-08-03 19:38 - 00412160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-08-10 11:31 - 2016-08-03 19:38 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2016-08-10 11:31 - 2016-08-03 19:37 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-08-10 11:31 - 2016-08-03 19:36 - 00211456 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-08-10 11:31 - 2016-08-03 19:36 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\winsrv.dll
2016-08-10 11:31 - 2016-08-03 19:35 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-10 11:31 - 2016-08-03 19:35 - 00200192 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFPlatform.dll
2016-08-10 11:31 - 2016-08-03 19:33 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2016-08-10 11:31 - 2016-08-03 19:31 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2016-08-10 11:31 - 2016-08-03 19:31 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-08-10 11:31 - 2016-08-03 19:31 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtutil.exe
2016-08-10 11:31 - 2016-08-03 19:30 - 24613888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-10 11:31 - 2016-08-03 19:30 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-08-10 11:31 - 2016-08-03 19:30 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2016-08-10 11:31 - 2016-08-03 19:29 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-08-10 11:31 - 2016-08-03 19:29 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-08-10 11:31 - 2016-08-03 19:29 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-08-10 11:31 - 2016-08-03 19:29 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-10 11:31 - 2016-08-03 19:29 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-08-10 11:31 - 2016-08-03 19:28 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-08-10 11:31 - 2016-08-03 19:28 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2016-08-10 11:31 - 2016-08-03 19:28 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-08-10 11:31 - 2016-08-03 19:27 - 07536640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-08-10 11:31 - 2016-08-03 19:27 - 01752576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-08-10 11:31 - 2016-08-03 19:27 - 01717760 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-10 11:31 - 2016-08-03 19:27 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-08-10 11:31 - 2016-08-03 19:20 - 13390336 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-08-10 11:31 - 2016-08-03 19:18 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-08-10 11:31 - 2016-08-03 19:18 - 02067968 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-08-10 11:31 - 2016-08-03 19:18 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-10 11:31 - 2016-08-03 19:17 - 02175488 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-08-10 11:31 - 2016-08-03 19:16 - 05123072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dbgeng.dll
2016-08-10 11:31 - 2016-08-03 19:16 - 03589120 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-10 11:31 - 2016-08-03 19:16 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-08-10 11:31 - 2016-08-03 19:16 - 01732096 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-10 11:31 - 2016-08-03 19:15 - 07833088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-10 11:31 - 2016-08-03 19:14 - 04895232 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-08-10 11:31 - 2016-08-03 19:14 - 01997824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-08-10 11:31 - 2016-08-03 19:13 - 03025920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-08-10 11:31 - 2016-08-03 19:13 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-08-10 11:31 - 2016-08-03 19:12 - 02746368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-08-10 11:31 - 2016-08-03 19:11 - 04171264 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-08-10 11:31 - 2016-08-03 15:52 - 00034088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wldp.dll
2016-08-10 11:31 - 2016-08-03 15:34 - 00501592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-08-10 11:31 - 2016-08-03 15:34 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-08-10 11:31 - 2016-08-03 15:33 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll
2016-08-10 11:31 - 2016-08-03 15:31 - 02921368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-10 11:31 - 2016-08-03 15:31 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-08-10 11:31 - 2016-08-03 15:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-08-10 11:31 - 2016-08-03 15:30 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-10 11:31 - 2016-08-03 15:30 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2016-08-10 11:31 - 2016-08-03 15:30 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2016-08-10 11:31 - 2016-08-03 14:57 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdlrecover.exe
2016-08-10 11:31 - 2016-08-03 14:48 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll
2016-08-10 11:31 - 2016-08-03 14:47 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-08-10 11:31 - 2016-08-03 14:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-08-10 11:31 - 2016-08-03 14:44 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryBroker.dll
2016-08-10 11:31 - 2016-08-03 14:42 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll
2016-08-10 11:31 - 2016-08-03 14:40 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\IdCtrls.dll
2016-08-10 11:31 - 2016-08-03 14:39 - 19351040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-10 11:31 - 2016-08-03 14:37 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-08-10 11:31 - 2016-08-03 14:37 - 00219136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2016-08-10 11:31 - 2016-08-03 14:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-08-10 11:31 - 2016-08-03 14:35 - 00178688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtutil.exe
2016-08-10 11:31 - 2016-08-03 14:34 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-08-10 11:31 - 2016-08-03 14:34 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2016-08-10 11:31 - 2016-08-03 14:33 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-10 11:31 - 2016-08-03 14:33 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-08-10 11:31 - 2016-08-03 14:33 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-08-10 11:31 - 2016-08-03 14:32 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-08-10 11:31 - 2016-08-03 14:32 - 01526272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll
2016-08-10 11:31 - 2016-08-03 14:32 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-10 11:31 - 2016-08-03 14:32 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-08-10 11:31 - 2016-08-03 14:31 - 06743040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-08-10 11:31 - 2016-08-03 14:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2016-08-10 11:31 - 2016-08-03 14:29 - 12133376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-08-10 11:31 - 2016-08-03 14:28 - 03663360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-08-10 11:31 - 2016-08-03 14:25 - 05323776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-08-10 11:31 - 2016-08-03 14:25 - 04078080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dbgeng.dll
2016-08-10 11:31 - 2016-08-03 14:23 - 05660672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-10 11:31 - 2016-08-03 14:23 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-08-10 11:31 - 2016-08-03 14:22 - 02501120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-08-10 11:31 - 2016-08-03 14:22 - 01502208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-10 11:31 - 2016-08-03 14:21 - 01708032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-08-10 11:31 - 2016-08-03 14:19 - 02180096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-08-10 11:30 - 2016-08-03 19:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-08-10 11:30 - 2016-08-03 19:34 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-08-10 11:30 - 2016-08-03 19:33 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-08-08 11:12 - 2016-08-08 11:12 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-08-08 11:12 - 2016-08-08 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-08-08 11:12 - 2016-08-08 11:12 - 00000000 ____D C:\Program Files\iTunes
2016-08-08 11:12 - 2016-08-08 11:12 - 00000000 ____D C:\Program Files\iPod
2016-08-08 11:12 - 2016-08-08 11:12 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-08-08 10:34 - 2016-08-08 10:36 - 49627504 _____ C:\Users\Nicole\Downloads\torbrowser-install-6.0.3_en-US.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-09-07 21:39 - 2015-10-14 09:39 - 00000925 _____ C:\WINDOWS\Tasks\EPSON XP-620 Series Update {37EDBAFD-5211-4C5F-B7F7-F0FD976AC132}.job
2016-09-07 21:26 - 2015-10-04 20:55 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-09-07 21:09 - 2015-03-12 23:07 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-09-07 21:06 - 2015-03-12 23:07 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-09-07 21:06 - 2014-07-07 18:29 - 00000000 __SHD C:\Users\Nicole\IntelGraphicsProfiles
2016-09-07 20:54 - 2014-08-22 17:10 - 00007666 _____ C:\Users\Nicole\AppData\Local\resmon.resmoncfg
2016-09-07 20:52 - 2016-03-22 00:52 - 00000925 _____ C:\WINDOWS\Tasks\EPSON XP-620 Series Update {C4BB17BD-F21E-4B70-8845-10696B8CB6AD}.job
2016-09-07 13:52 - 2016-03-21 23:50 - 00973984 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-09-07 13:52 - 2015-10-30 17:21 - 00000000 ____D C:\WINDOWS\INF
2016-09-07 13:48 - 2016-03-22 00:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-09-07 13:47 - 2015-10-30 16:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-09-07 09:14 - 2015-10-30 17:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-09-07 09:14 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-09-06 08:38 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-09-02 23:08 - 2016-03-21 23:51 - 00000000 ____D C:\Users\Nicole
2016-09-02 23:08 - 2014-06-26 05:32 - 00000000 ____D C:\Users\Nicole\AppData\Local\Packages
2016-09-01 12:49 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-09-01 12:49 - 2015-10-30 17:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-26 22:27 - 2014-07-07 12:18 - 00000000 ____D C:\Users\Nicole\AppData\Local\ElevatedDiagnostics
2016-08-21 10:50 - 2015-10-30 17:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-21 10:47 - 2014-08-23 18:23 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-08-16 18:53 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\rescache
2016-08-14 11:29 - 2014-06-26 05:30 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-14 04:17 - 2015-10-30 19:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-08-14 04:17 - 2015-10-30 17:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-11 19:36 - 2015-01-02 09:27 - 00002354 _____ C:\Users\Nicole\Desktop\reminder.txt
2016-08-10 13:26 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-08-10 13:26 - 2014-07-07 13:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-10 13:19 - 2014-07-07 13:01 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-09 10:13 - 2015-03-12 23:09 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-09 10:13 - 2015-03-12 23:09 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-08-08 11:12 - 2015-12-26 20:26 - 00000000 ____D C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2014-08-22 17:10 - 2016-09-07 20:54 - 0007666 _____ () C:\Users\Nicole\AppData\Local\resmon.resmoncfg
2014-06-26 05:10 - 2014-06-26 05:10 - 0000595 _____ () C:\ProgramData\CyberlinkOutput.txt

Some files in TEMP:
====================
C:\Users\Nicole\AppData\Local\Temp\jre-8u91-windows-au.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-08-29 18:03

==================== End of FRST.txt ============================


 

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 31-08-2016
Ran by Nicole (07-09-2016 21:43:24)
Running from C:\Users\Nicole\Desktop
Windows 10 Home Version 1511 (X64) (2016-03-21 14:26:37)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1051638766-449466645-1111838877-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1051638766-449466645-1111838877-503 - Limited - Disabled)
Guest (S-1-5-21-1051638766-449466645-1111838877-501 - Limited - Disabled)
Nicole (S-1-5-21-1051638766-449466645-1111838877-1001 - Administrator - Enabled) => C:\Users\Nicole

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (32-bit) (HKLM-x32\...\{D4B07658-F443-4445-A261-E643996E139D}) (Version: 4.3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{A6B0442B-E159-444B-B49D-6B9AC531EAE3}) (Version: 4.3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
CyberLink LabelPrint (HKLM-x32\...\InstallShield_{C59C179C-668D-49A9-B6EA-0121CCFC1243}) (Version: 2.5.2.5712 - CyberLink Corp.)
CyberLink Media Suite 10 (HKLM-x32\...\InstallShield_{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}) (Version: 10.0.2.2114 - CyberLink Corp.)
CyberLink PhotoDirector (HKLM-x32\...\InstallShield_{4862344A-A39C-4897-ACD4-A1BED5163C5A}) (Version: 2.0.2.3317 - CyberLink Corp.)
CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.2.2110 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.2.2126 - CyberLink Corp.)
CyberLink PowerDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.7.4528 - CyberLink Corp.)
CyberLink YouCam (HKLM-x32\...\InstallShield_{01FB4998-33C4-4431-85ED-079E3EEFE75D}) (Version: 3.5.5.5811 - CyberLink Corp.)
eJuice Me Up (HKLM-x32\...\{7C162270-CA72-441F-8349-B0773B97586C}) (Version: 14.1 - Breaktru Software)
Energy Star (HKLM-x32\...\{FC0ADA4D-8FA5-4452-8AFF-F0A0BAC97EF7}) (Version: 1.0.9 - Hewlett-Packard Company)
Epson Connect Printer Setup (HKLM-x32\...\{D9B1D51B-EB56-410D-AEB5-1CCFAC4B6C8C}) (Version: 1.3.0 - SEIKO EPSON CORPORATION)
Epson Customer Participation (HKLM\...\{814FA673-A085-403C-9545-747FC1495069}) (Version: 1.7.0.0 - SEIKO EPSON CORPORATION)
Epson Event Manager (HKLM-x32\...\{86B4A6B9-07FD-48EC-8730-1EC82E80C3D7}) (Version: 3.10.0030 - Seiko Epson Corporation)
Epson Print CD (HKLM-x32\...\{D16A31F9-276D-4968-A753-FFEAC56995D0}) (Version: 2.31.00 - SEIKO EPSON CORPORATION)
Epson Printer Connection Checker (HKLM-x32\...\{7BE20D33-EAE9-4E85-870F-204F65E04F89}) (Version: 1.0.1.0 - SEIKO EPSON CORPORATION)
EPSON Scan (HKLM-x32\...\EPSON Scanner) (Version:  - Seiko Epson Corporation)
EPSON XP-620 Series Printer Uninstall (HKLM\...\EPSON XP-620 Series) (Version:  - SEIKO EPSON Corporation)
Epson XP-620 User’s Guide version 1.0 (HKLM-x32\...\UsersGuideEpson XP-620 User’s Guide_is1) (Version: 1.0 - )
EpsonNet Print (HKLM\...\{F983229B-587E-4322-BCB9-D7A49734E5CD}) (Version: 3.0.0.0 - SEIKO EPSON CORPORATION)
Foxtel GO (HKU\S-1-5-21-1051638766-449466645-1111838877-1001\...\Foxtel GO 1.84) (Version: 1.84 - Foxtel)
Foxtel GO (HKU\S-1-5-21-1051638766-449466645-1111838877-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\Foxtel GO 1.84) (Version: 1.84 - Foxtel)
Foxtel GO (x32 Version: 1.84 - Foxtel) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
Hewlett-Packard ACLM.NET v1.2.1.1 (x32 Version: 1.00.0000 - Hewlett-Packard Company) Hidden
HP 3D DriveGuard (HKLM\...\{6821D775-9303-46DD-977A-2D97CA18B054}) (Version: 4.2.8.1 - Hewlett-Packard Company)
HP CoolSense (HKLM-x32\...\{8704FEEF-A6A8-4E7E-B124-BD6122C66E2C}) (Version: 2.10.42 - Hewlett-Packard Company)
HP Quick Launch (HKLM-x32\...\{E5823036-6F09-4D0A-B05C-E2BAA129288A}) (Version: 3.0.6 - Hewlett-Packard Company)
HP Registration Service (HKLM\...\{C2E428EB-116E-41C0-9E84-B22DE9CCA42F}) (Version: 1.1.6232.4245 - Hewlett-Packard)
HP Support Solutions Framework (HKLM-x32\...\{E2CB09C1-3C76-4395-BB47-50C066535CF8}) (Version: 12.5.32.37 - HP)
HP Utility Center (HKLM-x32\...\{0C57987A-A03A-4B95-A309-D23F78F406CA}) (Version: 1.0.8 - Hewlett-Packard)
HP Wireless Button Driver (HKLM-x32\...\{30B2D1D8-0A07-4B71-9553-0710C5D31E35}) (Version: 1.1.2.1 - Hewlett-Packard Company)
HPDetect (HKLM-x32\...\{CCCDD476-98F9-4B06-91DB-23F27CEC3BE1}) (Version: 1.0.0.0 - HP)
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6425.0 - IDT)
Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.9.1002 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
iTunes (HKLM\...\{955524E7-79EB-4CA9-BA4D-FD2DF587651B}) (Version: 12.4.3.1 - Apple Inc.)
Java 7 Update 60 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F06417060FF}) (Version: 7.0.600 - Oracle)
Java 7 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F03217060FF}) (Version: 7.0.600 - Oracle)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4849.1003 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1051638766-449466645-1111838877-1001\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1051638766-449466645-1111838877-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\OneDriveSetup.exe) (Version: 17.3.5907.0716 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.50428.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 47.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 47.0.1 (x86 en-US)) (Version: 47.0.1 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 47.0.1 - Mozilla)
MyHarmony (HKU\S-1-5-21-1051638766-449466645-1111838877-1001\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
MyHarmony (HKU\S-1-5-21-1051638766-449466645-1111838877-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\036a0e4fc6a247ec) (Version: 1.0.1.257 - Logitech)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4849.1003 - Microsoft Corporation) Hidden
Ralink RT5390R 802.11bgn Wi-Fi Adapter (HKLM-x32\...\{8FC4F1DD-F7FD-4766-804D-3C8FF1D309AF}) (Version: 5.0.5.0 - Ralink)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.3.730.2012 - Realtek)
Realtek PCIE Card Reader (HKLM-x32\...\{C1594429-8296-4652-BF54-9DBE4932A44C}) (Version: 6.2.8400.29029 - Realtek Semiconductor Corp.)
Smartflix (HKU\S-1-5-21-1051638766-449466645-1111838877-1001\...\smartflix) (Version: 1.3.1 - Smartflix)
Smartflix (HKU\S-1-5-21-1051638766-449466645-1111838877-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\smartflix) (Version: 1.3.1 - Smartflix)
Software Updater (HKLM-x32\...\{8DBC5A0A-31C4-46C7-B252-6B593EA11A87}) (Version: 4.3.7 - SEIKO EPSON CORPORATION)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
TomTom HOME (HKLM-x32\...\{5DCB2EB3-87AD-426E-8D74-8B92C9D731C4}) (Version: 2.9.8 - TomTom)
TomTom HOME Visual Studio Merge Modules (HKLM-x32\...\{8F3C31C5-9C3A-4AA8-8EFA-71290A7AD533}) (Version: 1.0.2 - TomTom International B.V.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1051638766-449466645-1111838877-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1051638766-449466645-1111838877-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {09C8C79B-7D6D-423F-93D4-D0F380F024A1} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {0B545118-B563-42FC-8D07-B78F602FCF34} - System32\Tasks\Microsoft\Windows\WS\WSRefreshBannedAppsListTask => Rundll32.exe WSClient.dll,RefreshBannedAppsList
Task: {1B423680-963E-47EA-811F-D4338C76886B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {26A6EE87-39A5-4CB1-B0DA-69D12086C9E3} - System32\Tasks\EPSON XP-620 Series Update {C4BB17BD-F21E-4B70-8845-10696B8CB6AD} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNOE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {37A2A994-ED9B-43AD-B4C7-B2210833A7F4} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {40A5AED5-FB3C-4944-91E4-3B1865C3CE8C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {4EAEC84C-E593-46EF-ABE1-B11A18FF3A1D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {56D9A56E-9115-46E1-B8C8-DF23887148B8} - System32\Tasks\MirageAgent => C:\Program Files (x86)\CyberLink\YouCam\YCMMirage.exe [2012-10-13] (CyberLink)
Task: {570A47B9-50F1-412E-BB55-A385F2F278B7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {584DD139-8D9D-4C4E-8AE4-E5323B5ECD4C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5FBDA354-A6E2-48C7-AABD-0F8BC37D5F01} - System32\Tasks\EPSON XP-620 Series Update {37EDBAFD-5211-4C5F-B7F7-F0FD976AC132} => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNOE.EXE [2013-11-22] (SEIKO EPSON CORPORATION)
Task: {778F0FC5-736D-4135-972B-53DA73983812} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-08-10] (Microsoft Corporation)
Task: {917FC603-7BEA-4B84-98C2-D7CE4888DEE0} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-07-05] (Microsoft Corporation)
Task: {A1E485F5-4D40-4066-A213-614D98274DA6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A31266B8-6FF3-45A6-B1A5-736D7B4E93C7} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)
Task: {A553F45F-BC1E-484B-8859-1E05A440B6E9} - \Microsoft\Windows\Setup\GWXTriggers\OnIdle-5d -> No File <==== ATTENTION
Task: {A92E6263-20D4-48B7-B322-65265D335CD5} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {B57B97CB-2A93-4098-8390-EF0AA8B2E02D} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2016-04-28] (Synaptics Incorporated)
Task: {BBD0BD30-D35D-42C0-B8C5-9A6AC1CA352D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {C6E89604-A17B-4368-820B-A80CFD0C511E} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {CC7DFC88-36E4-4B85-8F35-7B791200A9E6} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {CFEEA272-5F38-4B7B-A8CE-1B509FA48ADF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {D143CEF8-3E66-4B43-84D3-206F4EBB40E3} - System32\Tasks\Microsoft OneDrive Auto Update Task-S-1-5-21-1051638766-449466645-1111838877-1001 => C:\Users\Nicole\AppData\Local\Microsoft\OneDrive\OneDrive.exe [2015-08-20] (Microsoft Corporation)
Task: {EC51C04B-4807-4343-8B22-1FFF2BE57AA1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-07-05] (Microsoft Corporation)
Task: {EFE79CFC-BBFA-4411-8AE9-AADB3EAB032F} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {F1220E45-F698-45D4-AE12-19281E98E1B3} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {F90CA1B6-0953-4775-863E-7090291F0559} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {FC17AD70-69C8-427C-8C03-0E4974739268} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2012-06-08] (CyberLink)
Task: {FEAB58A6-BDAF-4224-8F4B-C1A592FD9568} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-03-12] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\EPSON XP-620 Series Update {37EDBAFD-5211-4C5F-B7F7-F0FD976AC132}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNOE.EXE:/EXE:{37EDBAFD-5211-4C5F-B7F7-F0FD976AC132} /F:Update WORKGROUP\HP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\EPSON XP-620 Series Update {C4BB17BD-F21E-4B70-8845-10696B8CB6AD}.job => C:\WINDOWS\system32\spool\DRIVERS\x64\3\E_YTSNOE.EXE:/EXE:{C4BB17BD-F21E-4B70-8845-10696B8CB6AD} /F:Update WORKGROUP\HP$ĊSearches for EPSON software updates, and notifies you when updates are available.If this task is disabled or stopped, your EPSON software will not be automatically kept up to date.Thi
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Nicole\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\69639df789022856\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 1"

==================== Loaded Modules (Whitelisted) ==============

2014-08-23 18:23 - 2016-05-24 09:51 - 00116416 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-07-05 15:23 - 2016-07-05 15:23 - 01354040 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-10-30 17:18 - 2015-10-30 17:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-13 20:33 - 2016-07-01 14:48 - 02656408 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-13 20:33 - 2016-07-01 14:48 - 02656408 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-26 08:00 - 2016-05-25 02:43 - 08909504 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-03-22 17:33 - 2016-03-22 17:33 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-07-13 20:35 - 2016-07-01 13:48 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-07-13 20:33 - 2016-07-01 13:27 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-07-13 20:33 - 2016-07-01 13:21 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-07-13 20:33 - 2016-07-01 13:22 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-07-13 20:33 - 2016-07-01 13:24 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-07-14 17:39 - 2016-07-14 17:39 - 00016384 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\PSIClient\d5f746d89521dfd1903e46834116738f\PSIClient.ni.dll
2014-06-26 04:57 - 2012-06-26 04:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
2014-06-26 05:09 - 2012-06-08 13:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2012-06-09 04:34 - 2012-06-09 04:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2016-08-09 10:12 - 2016-08-03 10:24 - 01771336 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-09 10:12 - 2016-08-03 10:23 - 00094024 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 23:25 - 2013-08-22 23:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1051638766-449466645-1111838877-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Nicole\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
HKU\S-1-5-21-1051638766-449466645-1111838877-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Control Panel\Desktop\\Wallpaper -> C:\Users\Nicole\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\windows photo viewer wallpaper.jpg
DNS Servers: 10.1.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "EEventManager"
HKU\S-1-5-21-1051638766-449466645-1111838877-1001\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1051638766-449466645-1111838877-1001\...\StartupApproved\Run: => "TomTomHOME.exe"
HKU\S-1-5-21-1051638766-449466645-1111838877-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "EPLTarget\P0000000000000000"
HKU\S-1-5-21-1051638766-449466645-1111838877-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\...\StartupApproved\Run: => "TomTomHOME.exe"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B03315A5-877E-4FEF-888D-33A6F1118313}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{355576FB-4D6D-43E7-8074-BC84CE58FA6F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{33063554-BDB0-4E95-8D6A-7C4F233F9453}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{6D301C63-662F-4647-B220-6D52811486DD}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{5CAE381C-65E2-407F-87FC-59C1D8A1DF4F}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [TCP Query User{34345368-027D-42F1-B8DC-B33788A09876}C:\windows\system32\settingsynchost.exe] => (Block) C:\windows\system32\settingsynchost.exe
FirewallRules: [UDP Query User{38809869-ABFD-4D68-BEC6-21AE99454A69}C:\users\nicole\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicole\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{5384AED1-7D0A-4681-ACB9-AAE260457C98}C:\users\nicole\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\nicole\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{D224CCEE-5154-4D24-B54F-83EAF67E475D}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [TCP Query User{BD3CA084-2133-4735-98E7-54B950A09861}C:\program files (x86)\epson software\event manager\eeventmanager.exe] => (Block) C:\program files (x86)\epson software\event manager\eeventmanager.exe
FirewallRules: [{AE3DC04D-DCC6-43F4-920E-ACEBE313237D}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{D98C38B5-22BE-4F13-AB5E-FEA96F49CFA3}] => (Allow) C:\Program Files (x86)\EPSON Software\ECPrinterSetup\ENPApp.exe
FirewallRules: [{10010530-07B9-4CE2-B4D3-64BB89F4DBB8}] => (Allow) C:\Users\Nicole\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{16CC15DF-1AD9-409D-93B8-18D8B44665F8}] => (Allow) C:\Users\Nicole\AppData\Local\Temp\WZSE0.TMP\Common\EpsonNet Setup\ENEasyApp.exe
FirewallRules: [{4C78EEC0-D391-43F3-BB21-FADC9E7048DA}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [{F28ABF00-BA50-4064-8C0D-EE6440E9642B}] => (Allow) C:\Program Files (x86)\EPSON Software\Event Manager\EEventManager.exe
FirewallRules: [UDP Query User{998CD849-6E48-4C06-A784-C8DFECA83E11}C:\users\nicole\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\nicole\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{ADA2702E-52DB-49C1-99E8-A88910CE07F1}C:\users\nicole\appdata\roaming\spotify\spotify.exe] => (Block) C:\users\nicole\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{B7CB1423-F097-4D23-BED0-525C3D48D049}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [TCP Query User{6015FF3C-274D-4050-AC15-EEAB59258ED5}C:\program files\java\jre7\bin\javaw.exe] => (Allow) C:\program files\java\jre7\bin\javaw.exe
FirewallRules: [{CEB1E957-8AFA-4F0D-A31F-D41B18C067B7}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{B18BE7D1-5FEF-4FDA-B53A-AF1573356CD6}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{ECFC6F22-169B-49FB-895C-502397B3C2F4}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{51E1635D-C6BD-4E79-9D9B-418D826D451E}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{C16D4395-2CFE-4B0A-9326-2FFED92D66E2}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

18-08-2016 18:11:46 Scheduled Checkpoint
27-08-2016 18:08:08 Scheduled Checkpoint
01-09-2016 12:48:49 Windows Update

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (09/07/2016 06:11:33 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program MSASCui.exe version 4.9.10586.494 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1ce4

Start Time: 01d208be3541271b

Termination Time: 4294967295

Application Path: C:\Program Files\Windows Defender\MSASCui.exe

Report Id: aef2d87c-74d2-11e6-bef0-7446a086b98e

Faulting package full name: 

Faulting package-relative application ID:

Error: (09/06/2016 08:27:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: HP)
Description: Package windows.immersivecontrolpanel_6.2.0.0_neutral_neutral_cw5n1h2txyewy+microsoft.windows.immersivecontrolpanel was terminated because it took too long to suspend.

Error: (09/06/2016 08:16:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 23177594

Error: (09/06/2016 08:16:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 23177594

Error: (09/06/2016 08:16:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/06/2016 01:52:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 139625

Error: (09/06/2016 01:52:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 139625

Error: (09/06/2016 01:52:14 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (09/06/2016 01:51:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 124532

Error: (09/06/2016 01:51:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 124532

System errors:
=============
Error: (09/07/2016 09:09:10 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (09/07/2016 08:55:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_5526d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/07/2016 08:55:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_5526d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/07/2016 08:55:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_5526d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/07/2016 08:55:58 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_5526d service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/07/2016 01:53:39 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: The server {784E29F4-5EBE-4279-9948-1E8FE941646D} did not register with DCOM within the required timeout.

Error: (09/07/2016 01:47:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_48504 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/07/2016 01:47:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_48504 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/07/2016 01:47:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_48504 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (09/07/2016 01:47:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_48504 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

CodeIntegrity:
===================================
  Date: 2016-09-07 19:46:09.080
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-07 19:46:09.051
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-07 19:46:08.977
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-07 19:46:08.959
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-07 19:46:08.896
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-07 19:46:08.876
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-07 19:46:08.820
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-07 19:46:08.803
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-07 19:46:08.783
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-09-07 19:46:08.768
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 66%
Total physical RAM: 3988.27 MB
Available physical RAM: 1349.36 MB
Total Virtual: 7188.27 MB
Available Virtual: 4215.44 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:440.1 GB) (Free:364.64 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (RECOVERY) (Fixed) (Total:24.07 GB) (Free:2.87 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: FE2E8ADC)

Partition: GPT.

==================== End of Addition.txt ============================

[kevinf80]

Hello Nicole and welcome to Malwarebytes, My screen name is kevinf80, i`m here to help clean up your system. Make sure to run all scans from accounts with Administrator status, continue as follows please: Anyone other than the original starter of this thread please DO NOT follow the instructions and advice posted as replies here, my help and advice is NOT related to your system and will probably cause more harm than good... Download RKill from here: http://www.bleepingcomputer.com/download/rkill/ There are three buttons to choose from with different names on, select the first one and save it to your desktop.   Double-click on the Rkill desktop icon to run the tool. If using Vista or Windows 7/8/10, right-click on it and Run As Administrator. A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. A log pops up at the end of the run. This log file is located at C:\rkill.log. Please post this in your next reply. If you do not see the black box flash on the screen delete the icon from the desktop and go back to the link for the download, select the next button and try to run the tool again, continue to repeat this process using the remaining buttons until the tool runs. You will find further links if you scroll down the page with other names, try them one at a time. If the tool does not run from any of the links provided, please let me know. Next, Please open Malwarebytes Anti-Malware.   On the Settings tab > Detection and Protection sub tab, Detection Options, tick the box "Scan for rootkits". Under Non-Malware Protection sub tab Change PUP and PUM entries to Treat detections as Malware Click on the Scan tab, then click on Scan Now >> . If an update is available, click the Update Now button. A Threat Scan will begin. When the Scan is complete Apply Actions to any found entries. Wait for the prompt to restart the computer to appear (if applicable), then click on Yes. After the restart once you are back at your desktop, open MBAM once more. To get the log from Malwarebytes do the following:   Click on the History tab > Application Logs. Double click on the Scan log which shows the Date and time of the scan just performed. Click Export > From export you have three options: Copy to Clipboard - if seleted right click to your reply and select "Paste" log will be pasted to your reply Text file (*.txt) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply XML file (*.xml) - if selected you will have to name the file and save to a place of choice, recommend "Desktop" then attach to reply   Please use "Copy to Clipboard, then Right click to your reply > select "Paste" that will copy the log to your reply… Next, Download Sophos Free Virus Removal Tool and save it to your desktop.   Double click the icon and select Run Click Next Select I accept the terms in this license agreement, then click Next twice Click Install Click Finish to launch the program Once the virus database has been updated click Start Scanning If any threats are found click Details, then View log file... (bottom left hand corner) Copy and paste the results in your reply Close the Notepad document, close the Threat Details screen, then click Start cleanup Click Exit to close the program If no threats were found please confirm that result.... Let me see those logs in your reply... Thank you, Kevin....

[Nicole]

Hi Kevin,

Thanks for your quick response. Here is the RKill log.

 

Rkill 2.8.4 by Lawrence Abrams (Grinler)
http://www.bleepingcomputer.com/
Copyright 2008-2016 BleepingComputer.com
More Information about Rkill can be found at this link:
http://www.bleepingcomputer.com/forums/topic308364.html

Program started at: 09/08/2016 12:35:30 PM in x64 mode.
Windows Version: Windows 10 Home 

Checking for Windows services to stop:

 * No malware services found to stop.

Checking for processes to terminate:

 * No malware processes found to kill.

Checking Registry for malware related settings:

 * No issues found in the Registry.

Resetting .EXE, .COM, & .BAT associations in the Windows Registry.

Performing miscellaneous checks:

 * No issues found.

Checking Windows Service Integrity: 

 * No issues found.

Searching for Missing Digital Signatures: 

 * No issues found.

Checking HOSTS File: 

 * No issues found.

Program finished at: 09/08/2016 12:38:43 PM
Execution time: 0 hours(s), 3 minute(s), and 13 seconds(s)


---------------------------------------------------------------------

I did a Malwarebytes threat scan after following your instructions. Here is the scan log.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 8/09/2016
Scan Time: 12:43 PM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.08.01
Rootkit Database: v2016.08.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Nicole

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 364699
Time Elapsed: 42 min, 29 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)
------------------------------------------

The Sophos is taking forever to scan so I will post it later when finished. It's been going for well over an hour but the progress bar shows only a few millimeters. Thanks Kevin.

[kevinf80]

Yes Sophos scan is very thorough and can take several hours to complete, it is a very worthwhile scan and may find malicious entries your AV program may miss....

Post sophos log whenever you`re ready, also tell me if you have any remaining issues or concerns with your laptop...

Thank you,

Kevin...

[Nicole]

Hi Kevin. I just checked. It is finished but found nothing. The file that Windows defender said was a trojan in C: I made a change to yesterday before asking for help. I opened the properties of the file and saw it had an unknown user that had full access to my computer. I edited permissions  to deny it access. I just went back and oddly it has disappeared. I just checked another folder next to it and checked properties of a file in it and it shows the same unknown user who has full access again. I will show you a screen shot of advanced permissions. Do you think this is odd? 

[kevinf80]

Go here: http://www.tenforums.com/tutorials/5464-user-account-delete-windows-10-a.html

Use the instructions in option two, see if you can remove that account. If that fails use option 5.

Thank you,

Kevin..

[Nicole]

Kevin, I tried all five and no luck at all. Only my account showed. Even using suggestion 5, the only account that came up was me. I did end up changing my microsoft account to a local account though, changed my password and checked the option that ctrl, alt and delete must be pressed when signing in, in case that helps. 

Have you anything else I might try?

[kevinf80]

Go back to the folder option you posted the screen shot of in reply ID 5, highlite the unknown entry with one single left click. From the three tabs under the account box select "Remove"

What happens?

[Nicole]

Kevin, 

I tried first the remove option and got an error message. I have taken a prt scrn 

Then I noticed a button when it was highlighted saying Disable inheritance. I have a prt scrn of that too. 

I had a look at some of the objects in these folders and realised they were from my emails and yet I only use 'Outlook Mail Online'. Because the Windows 8.1 upgrade (since upgraded to Windows 10) asked for my microsoft log in during set up, it was mirroring my live email account until I changed my email password back in March. The last folder is from March. It seems pretty stupid that it allows files from my emails to inherit full control of my computer. The Trojan seems to have disappeared from this area now. I tried going to the MAIL APP to clean out the cache of email related material, but it says 'First things first. Let's add your accounts'. I don't want them linked so I exited. 

I have upgraded my Microsoft Account Security now as according to https://haveibeenpwned.com/ I had been PWNED on two occasions. I shall attach a prt scrn. I think this may be related but I am unsure. I am letting you know anyway in case it is helpful. Thanks.

[Nicole]

I looked again and followed the trail to the parent folder giving out inheritances. It was the 'LocalState' folder. I went into properties -> Security -> Advanced
I highlighted unknown user, checked the box 'Replace all child object permission entries with inheritable permission entries from this object' then disabled inheritance.
It seemed not to work. Then I tried highlighting unknown user again and clicked REMOVE and it is gone. 

I checked Child folders and found one (in that same C: path to trojan given in first post) with same unknown user and tried removing them. It worked no drama this time. I kept checking and cannot see them anywhere down the tree from there. 

[kevinf80]

Run one more scan with Malwarebytes, post that log. Also tell me if you have any remaining issues or concerns....

Thank you,

Kevin

[Nicole]

OK. I will do that now. My sister has suggested I might want to download 

[Nicole]

Here is my MBAM scan log. I don't really know yet whether things will be ok or not. I think I will need 24 hours and a restart to find that out. I will also run a full windows defender scan as malwarebytes hasn't been finding anything.  I just noticed my Malwarebytes log says self-protection is disabled and yet the dashboard never said so.

 

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/09/2016
Scan Time: 3:32 PM
Logfile: 
Administrator: Yes

Version: 2.2.1.1043
Malware Database: v2016.09.09.02
Rootkit Database: v2016.08.15.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Nicole

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 368017
Time Elapsed: 50 min, 22 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)

(end)

 

[kevinf80]

The default setting for Self-protection is disabled, have a readat the following link:

https://support.malwarebytes.com/customer/portal/articles/1834890-what-is-the-self-protection-module-and-why-should-i-enable-it-?b_id=6438

AS you state it best to run your system for 24 hours and see how it responds... Please let me know the outcome..

Thank you,

Kevin...

[Nicole]

Hi Kevin,

I just did a full scan on Windows Defender and checked event viewer for details. It does confirm the Trojan that was on C: is gone. Only the one on D: still exists.
I thought you might be interested in seeing the details. I don't think it can remove it because it is on D:? Would that be correct? Can it do harm from there? Computer is still acting up. Yesterday I discovered my wireless adapter had been disabled. Downloads from you almost freezing. I also had a couple of times where the touchpad stopped working and I needed to insert a USB mouse to work around it. Hopefully that will stop happening now. I sure hope so. So far so good. 
Thanks for your time.


Log Name:      Microsoft-Windows-Windows Defender/Operational
Source:        Microsoft-Windows-Windows Defender
Date:          9/09/2016 8:11:05 PM
Event ID:      1116
Task Category: None
Level:         Warning
Keywords:      
User:          SYSTEM
Computer:      HP
Description:
Windows Defender has detected malware or other potentially unwanted software.
 For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Trojan:Win32/Dynamer!ac&threatid=2147684005&enterprise=0
     Name: Trojan:Win32/Dynamer!ac
     ID: 2147684005
     Severity: Severe
     Category: Trojan
     Path: containerfile:_D:\preload\install.wim;file:_D:\preload\install.wim->(Image74527)\Program Files (x86)\HP Games\Crazy Chicken Soccer\Moorhuhn-Soccer-WT.exe->(EXEEmb)->(EXEEmb)
     Detection Origin: Local machine
     Detection Type: Concrete
     Detection Source: User
     User: HP\Nicole
     Process Name: Unknown
     Signature Version: AV: 1.227.1885.0, AS: 1.227.1885.0, NIS: 116.24.0.0
     Engine Version: AM: 1.1.13000.0, NIS: 2.1.12706.0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" />
    <EventID>1116</EventID>
    <Version>0</Version>
    <Level>3</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2016-09-09T10:11:05.626531100Z" />
    <EventRecordID>1890</EventRecordID>
    <Correlation ActivityID="{7D93699D-9F92-4F47-97DC-2A3B18A293B9}" />
    <Execution ProcessID="1996" ThreadID="7864" />
    <Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
    <Computer>HP</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Product Name">%%827</Data>
    <Data Name="Product Version">4.9.10586.494</Data>
    <Data Name="Detection ID">{7E68201D-9F61-40E4-A827-C411A616619C}</Data>
    <Data Name="Detection Time">2016-09-09T10:11:03.383Z</Data>
    <Data Name="Unused">
    </Data>
    <Data Name="Unused2">
    </Data>
    <Data Name="Threat ID">2147684005</Data>
    <Data Name="Threat Name">Trojan:Win32/Dynamer!ac</Data>
    <Data Name="Severity ID">5</Data>
    <Data Name="Severity Name">Severe</Data>
    <Data Name="Category ID">8</Data>
    <Data Name="Category Name">Trojan</Data>
    <Data Name="FWLink">http://go.microsoft.com/fwlink/?linkid=37020&amp;name=Trojan:Win32/Dynamer!ac&amp;threatid=2147684005&amp;enterprise=0</Data>
    <Data Name="Status Code">1</Data>
    <Data Name="Status Description">
    </Data>
    <Data Name="State">1</Data>
    <Data Name="Source ID">1</Data>
    <Data Name="Source Name">%%815</Data>
    <Data Name="Process Name">Unknown</Data>
    <Data Name="Detection User">HP\Nicole</Data>
    <Data Name="Unused3">
    </Data>
    <Data Name="Path">containerfile:_D:\preload\install.wim;file:_D:\preload\install.wim-&gt;(Image74527)\Program Files (x86)\HP Games\Crazy Chicken Soccer\Moorhuhn-Soccer-WT.exe-&gt;(EXEEmb)-&gt;(EXEEmb)</Data>
    <Data Name="Origin ID">1</Data>
    <Data Name="Origin Name">%%845</Data>
    <Data Name="Execution ID">0</Data>
    <Data Name="Execution Name">%%812</Data>
    <Data Name="Type ID">0</Data>
    <Data Name="Type Name">%%822</Data>
    <Data Name="Pre Execution Status">0</Data>
    <Data Name="Action ID">9</Data>
    <Data Name="Action Name">%%887</Data>
    <Data Name="Unused4">
    </Data>
    <Data Name="Error Code">0x00000000</Data>
    <Data Name="Error Description">The operation completed successfully. </Data>
    <Data Name="Unused5">
    </Data>
    <Data Name="Post Clean Status">0</Data>
    <Data Name="Additional Actions ID">0</Data>
    <Data Name="Additional Actions String">No additional actions required</Data>
    <Data Name="Remediation User">
    </Data>
    <Data Name="Unused6">
    </Data>
    <Data Name="Signature Version">AV: 1.227.1885.0, AS: 1.227.1885.0, NIS: 116.24.0.0</Data>
    <Data Name="Engine Version">AM: 1.1.13000.0, NIS: 2.1.12706.0</Data>
  </EventData>
</Event>

[Nicole]

I scrolled down the event viewer for WIndows Defender and found a whole heap of warnings and errors. I also found that I had a worm was deleted from quarantine on 17th July. The events show also that day after day after day scans were stopped prematurely. I organised the events by way of event ID so I could see how many there were of each time of error easily. Then I thought I would see if I could export the list somehow. I saved it as a text file but it saved still organised by event type. I deleted a whole heap of routine entries so you can see the odd ones altogether. I will attach the file so you can see what I am. It seems my anti-virus was hijacked. I wonder if you agree, It should not have been doing short scans for starters. I got no notices of any of these events either. I think I might need to get a better anti-virus. Sorry this is taking so long.

See event details:

 Log Name:      Microsoft-Windows-Windows Defender/Operational
Source:        Microsoft-Windows-Windows Defender
Date:          16/07/2016 9:44:53 PM
Event ID:      1011
Task Category: None
Level:         Information
Keywords:      
User:          SYSTEM
Computer:      HP
Description:
Windows Defender has deleted an item from quarantine.
 For more information please see the following:
http://go.microsoft.com/fwlink/?linkid=37020&name=Worm:Win32/Autorun!inf&threatid=2147597307&enterprise=0
     Name: Worm:Win32/Autorun!inf
     ID: 2147597307
     Severity: Severe
     Category: Worm
     User: NT AUTHORITY\SYSTEM
     Signature Version: AV: 1.225.1590.0, AS: 1.225.1590.0
     Engine Version: 1.1.12902.0
Event Xml:
<Event xmlns="http://schemas.microsoft.com/win/2004/08/events/event">
  <System>
    <Provider Name="Microsoft-Windows-Windows Defender" Guid="{11CD958A-C507-4EF3-B3F2-5FD9DFBD2C78}" />
    <EventID>1011</EventID>
    <Version>0</Version>
    <Level>4</Level>
    <Task>0</Task>
    <Opcode>0</Opcode>
    <Keywords>0x8000000000000000</Keywords>
    <TimeCreated SystemTime="2016-07-16T11:44:53.394866000Z" />
    <EventRecordID>1042</EventRecordID>
    <Correlation />
    <Execution ProcessID="1468" ThreadID="7644" />
    <Channel>Microsoft-Windows-Windows Defender/Operational</Channel>
    <Computer>HP</Computer>
    <Security UserID="S-1-5-18" />
  </System>
  <EventData>
    <Data Name="Product Name">%%827</Data>
    <Data Name="Product Version">4.9.10586.494</Data>
    <Data Name="Unused">
    </Data>
    <Data Name="Unused2">
    </Data>
    <Data Name="Unused3">
    </Data>
    <Data Name="Unused4">
    </Data>
    <Data Name="Unused5">
    </Data>
    <Data Name="Domain">NT AUTHORITY</Data>
    <Data Name="User">SYSTEM</Data>
    <Data Name="SID">S-1-5-18</Data>
    <Data Name="Threat Name">Worm:Win32/Autorun!inf</Data>
    <Data Name="Threat ID">2147597307</Data>
    <Data Name="Severity ID">5</Data>
    <Data Name="Category ID">5</Data>
    <Data Name="FWLink">http://go.microsoft.com/fwlink/?linkid=37020&amp;name=Worm:Win32/Autorun!inf&amp;threatid=2147597307&amp;enterprise=0</Data>
    <Data Name="Path">file:_E:\AutoRun.inf</Data>
    <Data Name="Unused6">
    </Data>
    <Data Name="Unused7">
    </Data>
    <Data Name="Unused8">
    </Data>
    <Data Name="Unused9">
    </Data>
    <Data Name="Unused10">
    </Data>
    <Data Name="Unused11">
    </Data>
    <Data Name="Unused12">
    </Data>
    <Data Name="Unused13">
    </Data>
    <Data Name="Severity Name">Severe</Data>
    <Data Name="Category Name">Worm</Data>
    <Data Name="Signature Version">AV: 1.225.1590.0, AS: 1.225.1590.0</Data>
    <Data Name="Engine Version">1.1.12902.0</Data>
  </EventData>
</Event>
 

windowsdefenderevents.txt

[kevinf80]

I want you to run an offline scan with Defender: Select the start button > settings > update and security > select "Windows Defender" from lefthand pane > now select "Scan Offline" A message that You're about to be signed out to restart your PC in less than a minute should show.... When your PC restarts, you will see Windows Defender Offline loading. Defender will now automatically perform a quick scan of your PC in the recovery environment. When the offline scan has finished, your PC will automatically restart to Windows 10. Next, Re-open Defender and carry out a full scan... When complete you can find logs by typing or copy paste the following into the search box... %windir%\System32\winevt\Logs\Microsoft-Windows-Windows Defender%4Operational.evtx

[Nicole]

Thanks so much Kevin. I will do that now.

[kevinf80]

Thanks for the update, I have to go out will be back in about 90 minutes...

[Nicole]

Kevin, I just had a thought regarding this trojan in the Recovery (D:) Hard Drive. Can I just delete the whole thing? Would that work? It has previous versions of windows I think.

I just checked disk management and it shows 2 listings for D: drives. One is NTFS and the other is not. Defender keeps saying the file is too large for it to remove when it tries to remove that trojan.

[kevinf80]

Yes you should be able to delete it, it maybe worthwhile uploading the file to VirusTotal for a check, make sure it is infected..

[Nicole]

Can I do that when it is in the recovery (D:) disk? I would love to get it checked out first but it seems inaccessible.
P.S. That scan is taking forever. It will be an overnighter and it's well past my bedtime.

[kevinf80]

Apologies I did not realize D: is a recovery Disk... Just found out the entry being flagged by Defender is a false positive. Have a read at the following link:

http://answers.microsoft.com/en-us/protect/forum/protect_defender-protect_scanning/how-to-remove-trojan-virus-on-the-recovery-disk/74057209-00e1-467b-906f-a4a8eabd3279

[Nicole]

I have been reading there too and read that one earlier. I was there on MS reading when you responded in fact. Reports of a false positive appear to be unconfirmed however and there are conflicting reports.  The problem is it seems that defender keeps trying to remove it and cannot which hogs the system. It get's caught in a loop. I wish they would address the issue. I have heard reports too of people deleting the D: drive, creating new recovery disks and their laptop improving greatly. I am considering doing this as there is no way I am ever going to reboot back to windows 7 when I am using Windows 10. Then again, a fresh 7 sounds pretty good about now. My computer is so slow and full of errors, I have even considered getting a new laptop. Maybe I should take it back. At least Windows won't force me to upgrade now (free) and I might get access to my DVD-R back which was lost during an upgrade and more compatible drivers. Do you know whether a recovery disk keeps all the original drivers? Sorry again for such a long rant. This is doing my head in somewhat. 

[Nicole]

I will check back tomorrow. Scan still not finished (just over half way) and my eyes can barely stay open. Nite. Honestly, I am seriously thinking a reboot might be the go and Windows Seven sounds like a dream come true.