LandzDown Forum

So a few months ago I downloaded the free upgrade to windows 10. Since then it has been so sluggish. I haven't noticed any popups or malware that I can see personally, but I don't know what else could be causing the problem. Here's my logs.


Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016
Ran by Tara (administrator) on TARA-PC (04-07-2016 15:44:16)
Running from C:\Users\Tara\Desktop
Loaded Profiles: Tara & DefaultAppPool (Available Profiles: Tara & DefaultAppPool)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftvsa.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Application Virtualization Client\sftlist.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Virtualization Handler\CVHSVC.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(Microsoft Corporation) C:\Windows\System32\CompatTelRunner.exe
(Microsoft Corporation) C:\Windows\Temp\BA165556-2B9A-4838-BB63-6588689906FA\DismHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TPHM\TPCHWMsg.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\ReelTime\TosReelTimeMonitor.exe
(Intel Corporation) C:\Windows\System32\igfxext.exe
(TOSHIBA Corporation) C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
() C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
() C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2679592 2011-02-03] (Synaptics Incorporated)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [566696 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [HSON] => C:\Program Files\TOSHIBA\TBS\HSON.exe [296824 2010-09-25] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [973176 2010-12-15] (TOSHIBA Corporation)
HKLM\...\Run: [SmartAudio] => C:\Program Files\CONEXANT\SAII\SAIICpl.exe [316032 2010-12-14] (Conexant systems, Inc.)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1520552 2011-03-02] (TOSHIBA Corporation)
HKLM\...\Run: [TosWaitSrv] => C:\Program Files\TOSHIBA\TPHM\TosWaitSrv.exe [711576 2010-12-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [710040 2010-12-08] (TOSHIBA Corporation)
HKLM\...\Run: [TosNC] => C:\Program Files\Toshiba\BulletinBoard\TosNcCore.exe [595816 2010-04-23] (TOSHIBA Corporation)
HKLM\...\Run: [TosReelTimeMonitor] => C:\Program Files\TOSHIBA\ReelTime\TosReelTimeMonitor.exe [38304 2010-12-14] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [NortonOnlineBackupReminder] => C:\Program Files (x86)\Toshiba\Toshiba Online Backup\Activation\TOBuActivation.exe [3218792 2010-08-17] (Toshiba)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-01-28] (Apple Inc.)
HKLM-x32\...\Run: [VMM Mode Selection] => C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe [43520 2011-02-14] ()
HKLM-x32\...\Run: [Microsoft Default Manager] => C:\Program Files (x86)\Microsoft\Search Enhancement Pack\Default Manager\DefMgr.exe [288088 2009-11-11] (Microsoft Corporation)
HKLM-x32\...\Run: [DivXMediaServer] => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe [448856 2014-08-18] (DivX, LLC)
HKLM-x32\...\Run: [DivXUpdate] => C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe [1861968 2014-01-09] ()
HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe [1686528 2012-03-27] (Wondershare)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

ProxyEnable: [S-1-5-21-1541615685-2464090894-2300236971-1000] => Proxy is enabled.
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{a43ebdd3-48b5-40bd-823a-33d12887df5b}: [DhcpNameServer] 68.116.46.115 24.205.192.61 24.205.224.36
Tcpip\..\Interfaces\{d1415600-d1c6-4200-a49e-1ae36876e9e1}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
BHO: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\x64\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
BHO-x32: TOSHIBA Media Controller Plug-in -> {F3C88694-EFFA-4d78-B409-54B7B2535B14} -> C:\Program Files (x86)\TOSHIBA\TOSHIBA Media Controller Plug-in\TOSHIBAMediaControllerIE.dll [2012-08-24] (TOSHIBA Corporation)
DPF: HKLM {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {6A060448-60F9-11D5-A6CD-0002B31F7455}

FireFox:
========
FF ProfilePath: C:\Users\Tara\AppData\Roaming\Mozilla\Firefox\Profiles\a5sfeepy.default
FF SearchEngineOrder.3: Bing
FF Homepage: hxxp://www.google.com/
FF Keyword.URL: hxxp://www.bing.com/search?FORM=U011DF&PC=U011&q=
FF NetworkProxy: "user_pref("network.proxy.type", 5)
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_22_0_0_192.dll [2016-07-04] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_22_0_0_192.dll [2016-07-04] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-08-12] (DivX, LLC)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~3\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2010-11-10] (Microsoft Corporation)
FF Plugin HKU\S-1-5-21-1541615685-2464090894-2300236971-1000: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Tara\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2015-04-27] (Unity Technologies ApS)

Chrome:
=======
CHR Profile: C:\Users\Tara\AppData\Local\Google\Chrome\User Data\Default

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 IDriverT; C:\Program Files (x86)\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe [69632 2005-11-14] (Macrovision Corporation) [File not signed]
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
S2 Net Driver HPZ12; C:\Windows\system32\HPZinw12.dll [71680 2009-05-14] (Hewlett-Packard) [File not signed]
S2 Pml Driver HPZ12; C:\Windows\system32\HPZipm12.dll [89600 2009-05-14] (Hewlett-Packard) [File not signed]
S3 SophosVirusRemovalTool; C:\Program Files (x86)\Sophos\Sophos Virus Removal Tool\SVRTservice.exe [153384 2014-11-26] (Sophos Limited)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 MBAMProtector; C:\windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R3 rtwlane_13; C:\Windows\System32\drivers\rtwlane_13.sys [3749888 2015-10-30] (Realtek Semiconductor Corporation                           )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45728 2015-08-07] (Toshiba Corporation)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 idsvc; no ImagePath
U4 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-04 15:44 - 2016-07-04 15:46 - 00013167 _____ C:\Users\Tara\Desktop\FRST.txt
2016-07-04 15:44 - 2016-07-04 15:44 - 00898560 _____ C:\Users\Tara\Downloads\RGSA.exe
2016-07-04 15:44 - 2016-07-04 15:44 - 00898560 _____ C:\Users\Tara\Desktop\RGSA (1).exe
2016-07-04 15:43 - 2016-07-04 15:44 - 02390016 _____ (Farbar) C:\Users\Tara\Desktop\FRST64.exe
2016-07-04 15:38 - 2016-07-04 15:38 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
2016-07-04 15:38 - 2016-07-04 15:38 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
2016-07-04 15:38 - 2016-07-04 15:38 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
2016-07-04 15:38 - 2016-07-04 15:38 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
2016-07-04 15:38 - 2016-07-04 15:38 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
2016-07-04 15:38 - 2016-07-04 15:38 - 00000000 ____D C:\Users\DefaultAppPool
2016-07-04 15:38 - 2016-01-16 14:14 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Mozilla
2016-07-04 15:38 - 2016-01-16 14:14 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
2016-07-04 15:38 - 2016-01-16 14:14 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
2016-07-04 13:00 - 2016-07-04 13:27 - 00000000 ____D C:\Users\Tara\AppData\Local\Smilebox
2016-07-04 13:00 - 2016-07-04 13:00 - 00000000 ____D C:\Users\Tara\Documents\My Smilebox Creations
2016-07-04 12:59 - 2016-07-04 12:59 - 20019904 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerInstaller.exe
2016-07-04 12:58 - 2016-07-04 13:00 - 00000000 ____D C:\Users\Tara\AppData\Roaming\Smilebox
2016-07-04 12:58 - 2016-07-04 12:58 - 00001955 _____ C:\Users\Tara\Desktop\Smilebox.lnk
2016-07-04 12:58 - 2016-07-04 12:58 - 00001941 _____ C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Smilebox.lnk
2016-07-04 12:58 - 2016-07-04 12:58 - 00000416 _____ C:\Users\Tara\Downloads\tmp.htm
2016-07-04 12:57 - 2016-07-04 12:58 - 00890248 _____ (Smilebox, Inc.) C:\Users\Tara\Downloads\SmileboxInstaller.exe
2016-07-04 12:51 - 2016-07-04 12:51 - 00000000 ____D C:\Users\Tara\AppData\Local\{D9BA48FD-3AAF-4E12-B74E-02FCBDDB15B3}

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-07-04 15:44 - 2015-12-13 20:37 - 00000000 ____D C:\FRST
2016-07-04 13:57 - 2012-03-31 11:54 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-07-04 13:03 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-07-04 13:03 - 2014-05-26 13:38 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-07-04 12:59 - 2011-08-25 17:26 - 00000000 ____D C:\Users\Tara\AppData\Local\Google
2016-07-04 12:56 - 2015-04-05 16:02 - 00000000 ____D C:\Users\Tara\Desktop\Updated Pictures
2016-07-04 12:40 - 2016-01-16 14:05 - 01010622 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-07-04 12:40 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-07-04 12:39 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-06-28 15:30 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-06-26 13:44 - 2016-01-16 15:42 - 00002413 _____ C:\Users\Tara\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-06-26 13:44 - 2016-01-16 15:42 - 00000000 ___RD C:\Users\Tara\OneDrive

==================== Files in the root of some directories =======

2015-04-12 11:37 - 2015-04-12 11:37 - 0009662 _____ () C:\Users\Tara\AppData\Roaming\em_64x64.ico

Some files in TEMP:
====================
C:\Users\Tara\AppData\Local\Temp\s8omgbdl.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-20 11:25

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016
Ran by Tara (2016-07-04 15:47:06)
Running from C:\Users\Tara\Desktop
Windows 10 Home Version 1511 (X64) (2016-01-16 21:57:19)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1541615685-2464090894-2300236971-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1541615685-2464090894-2300236971-503 - Limited - Disabled)
Guest (S-1-5-21-1541615685-2464090894-2300236971-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1541615685-2464090894-2300236971-1002 - Limited - Enabled)
Tara (S-1-5-21-1541615685-2464090894-2300236971-1000 - Administrator - Enabled) => C:\Users\Tara

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

64 Bit HP CIO Components Installer (Version: 6.2.2 - Hewlett-Packard) Hidden
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 3.4.0.2710 - Adobe Systems Incorporated)
Adobe Download Assistant (HKLM-x32\...\com.adobe.downloadassistant.AdobeDownloadAssistant) (Version: 1.2.3 - Adobe Systems Incorporated)
Adobe Flash Player 22 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 22.0.0.192 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Apple Application Support (HKLM-x32\...\{45C56AA7-ED1B-4800-A97F-EDDF3F3520B1}) (Version: 2.3.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2F72F540-1F60-4266-9506-952B21D6640D}) (Version: 6.1.0.13 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 1.0.0.36 - Atheros Communications Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.51.1.0 - Conexant)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.88 - DivX, LLC)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
House, M.D. (HKLM-x32\...\am-housemd) (Version:  - )
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 7.0.0.1144 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2353 - Intel Corporation)
Junk Mail filter update (x32 Version: 15.4.3502.0922 - Microsoft Corporation) Hidden
Label@Once 1.0 (HKLM-x32\...\{0D795777-9D60-4692-8386-F2B3F2B5E5BF}) (Version: 1.0 - Corel)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mesh Runtime (x32 Version: 15.4.5722.2 - Microsoft Corporation) Hidden
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2010 (HKLM-x32\...\{95140000-0070-0000-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Click-to-Run 2010 (HKLM-x32\...\Office14.Click2Run) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Office Starter 2010 - English (HKLM-x32\...\{90140011-0066-0409-0000-0000000FF1CE}) (Version: 14.0.4763.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x64 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 Redistributable - x86 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft WSE 3.0 Runtime (HKLM-x32\...\{E3E71D07-CD27-46CB-8448-16D4FB29AA13}) (Version: 3.0.5305.0 - Microsoft Corp.)
MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation)
MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
PlayReady PC Runtime x86 (HKLM-x32\...\{CCA5EAAD-92F4-4B7A-B5EE-14294C66AB61}) (Version: 1.3.0 - Microsoft Corporation)
Realtek USB 2.0 Reader Driver (HKLM-x32\...\{62BBB2F0-E220-4821-A564-730807D2C34D}) (Version: 1.0.0.12 - Realtek Semiconductor Corp.)
Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0013 - REALTEK Semiconductor Corp.)
Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
Smilebox (HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\Smilebox) (Version: 1.0.0.30758 - Smilebox, Inc.)
Sophos Virus Removal Tool (HKLM-x32\...\{B829E117-D072-41EA-9606-9826A38D34C1}) (Version: 2.5.4 - Sophos Limited)
SumatraPDF (HKLM-x32\...\SumatraPDF) (Version: 2.5.2 - Krzysztof Kowalczyk)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 15.2.11.1 - Synaptics Incorporated)
System Requirements Lab for Intel (HKLM-x32\...\{C5DA59CF-2BB8-48D5-8E5B-17F2E0F0FEE4}) (Version: 4.5.5.0 - Husdawg, LLC)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.1 - TOSHIBA)
TOSHIBA Assist (HKLM-x32\...\{C2A276E3-154E-44DC-AAF1-FFDD7FD30E35}) (Version: 4.02.02 - TOSHIBA CORPORATION)
Toshiba Book Place (HKLM-x32\...\{92C7DC44-DAD3-49FE-B89B-F92C6BA9A331}) (Version: 2.2.6775 - K-NFB Reading Technology, Inc.)
TOSHIBA Bulletin Board (HKLM-x32\...\InstallShield_{C14518AF-1A0F-4D39-8011-69BAA01CD380}) (Version: 1.6.08.64 - TOSHIBA Corporation)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.6 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{B3FF1CD9-B2F0-4D71-BB55-5F580401C48E}) (Version: 1.2.25.64 - TOSHIBA Corporation)
TOSHIBA Face Recognition (HKLM-x32\...\InstallShield_{F67FA545-D8E5-4209-86B1-AEE045D1003F}) (Version: 3.1.8.64 - TOSHIBA Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\InstallShield_{C4FFA951-9678-4D51-84B4-AFD15D3C45AD}) (Version: 4.08.06.00 - )
TOSHIBA HDD/SSD Alert (HKLM-x32\...\InstallShield_{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.7 - TOSHIBA Corporation)
Toshiba Laptop Checkup (HKLM-x32\...\NortonPCCheckup) (Version: 2.0.10.26 - Symantec Corporation)
TOSHIBA Media Controller (HKLM-x32\...\{C7A4F26F-F9B0-41B2-8659-99181108CDE3}) (Version: 1.0.86.2 - TOSHIBA CORPORATION)
TOSHIBA Media Controller Plug-in (HKLM-x32\...\{F26FDF57-483E-42C8-A9C9-EEE1EDB256E0}) (Version: 1.0.8.0 - TOSHIBA CORPORATION)
Toshiba Online Backup (HKLM-x32\...\{C57BCDE1-7CB9-467D-B3BA-7E119916CDC1}) (Version: 2.0.0.25 - Toshiba)
TOSHIBA PC Health Monitor (HKLM\...\{9DECD0F9-D3E8-48B0-A390-1CF09F54E3A4}) (Version: 1.7.4.64 - TOSHIBA Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.3.5109 - TOSHIBA CORPORATION)
TOSHIBA ReelTime (HKLM-x32\...\InstallShield_{24811C12-F4A9-4D0F-8494-A7B8FE46123C}) (Version: 1.7.17.64 - TOSHIBA Corporation)
TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.1.0 - TOSHIBA Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.14 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{654F7484-88C5-46DC-AB32-C66BCB0E2102}) (Version: 1.4.2.7 - TOSHIBA Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\InstallShield_{CBD6B23D-41D5-4A46-8019-6208516C9712}) (Version: 4.08.06.00 - )
TOSHIBA Value Added Package (HKLM-x32\...\InstallShield_{066CFFF8-12BF-4390-A673-75F95EFF188E}) (Version: 1.5.4.64 - TOSHIBA Corporation)
TOSHIBA Web Camera Application (HKLM-x32\...\InstallShield_{6F3C8901-EBD3-470D-87F8-AC210F6E5E02}) (Version: 2.0.0.19 - TOSHIBA Corporation)
TOSHIBA Wireless LAN Indicator (HKLM-x32\...\{CDADE9BC-612C-42B8-B929-5C6A823E7FF9}) (Version: 1.0.3 - TOSHIBA CORPORATION)
ToshibaRegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.0.4 - Toshiba)
Unity Web Player (HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\UnityWebPlayer) (Version: 4.6.5f1 - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 15.4.3508.1109 - Microsoft Corporation)
Windows Live Mesh ActiveX Control for Remote Connections (HKLM-x32\...\{2902F983-B4C1-44BA-B85D-5C6D52E2C441}) (Version: 15.4.5722.2 - Microsoft Corporation)
WinRAR 4.20 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
WinZip 19.0 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E7}) (Version: 19.0.11294 - WinZip Computing, S.L. )
WModem Driver Installer (HKLM-x32\...\HTC_WModemDriver) (Version: 2.0.6.9 - HTC)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Tara\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03462EA5-4DD5-4287-9A8E-1D0815E39A81} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {068DE1DC-86C5-4780-A29A-9BBE8415DEFF} - System32\Tasks\{556E9EE9-89F3-4FA7-8533-50F43C218C6C} => pcalua.exe -a "C:\Users\Tara\Downloads\dotnetfx35setup (1).exe" -d C:\Users\Tara\Desktop
Task: {069BBB0B-BDBB-4156-92B7-4DB4D0D3DC76} - System32\Tasks\{38C09E89-1029-428C-8C2B-4E0A8274A4D3} => pcalua.exe -a "C:\Program Files (x86)\RealArcade\Installer\bin\gameinstaller.exe" -c "C:\Program Files (x86)\RealArcade\Installer\installerMain.clf" "C:\Program Files (x86)\RealArcade\Installer\uninstall\am-housemd.rguninst" "AddRemove"
Task: {0FA766DD-932B-4084-A9FF-79AE4A44089D} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {0FDB430C-356B-4295-806E-C7BC135F0316} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {221DE1C1-46D7-4C8B-A009-40A3B2A682DF} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {2AE4EB63-00B4-4E93-8F91-D5F8ACF45EF8} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2B2234B1-38C4-45C1-89AF-F7830EF4C868} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {2F70EC75-51D6-438E-A0BE-EAE9C04234BE} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {2F9EEE9D-35EC-49C7-A66A-6052F65BEB60} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {3089006A-9FDB-4777-A1F5-4DE44CA32C13} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {3DC7AD2C-5C3A-4B28-A174-782039D3EA85} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {596FB1C5-A41F-4CBC-B7D5-864B7A722449} - System32\Tasks\{78DEF3B1-9584-4F77-8549-758BDE5102BE} => pcalua.exe -a C:\Users\Tara\Downloads\PWI_EN_v676_Installer(1).exe -d C:\Users\Tara\Downloads
Task: {5D3A2D67-F2A8-427A-9D44-5B398C093D59} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5E15C04F-8ACE-499C-80BB-3A915B0F2DAB} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {64B020B9-485A-4621-AC41-81978B527E7B} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {654B0B50-030E-478D-8CBF-A854332258BD} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {6885E303-EFC1-40B2-A204-B13E2FD573E3} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {69C0BF28-8EA4-4F65-89A5-CCFB2FECCF26} - System32\Tasks\Adobe Flash Player Updater => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-07-04] (Adobe Systems Incorporated)
Task: {73AB4184-3C6D-4C17-92BA-1113612C7831} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
Task: {76B828F6-57E2-4BE9-97FA-986A645112B2} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {78DC1F46-38AD-496D-830A-0A35D382C696} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {79141DBE-2F34-4135-90F9-BF74F8165030} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {79987010-2C7A-4575-98A4-5D5CC12756F4} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {8602EA65-3194-4492-AA3C-B891DE69B2BF} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8BD618B7-AAB0-4899-9B7E-68FD851C4EED} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8C18F494-17CA-4950-A9A0-9DDFB9186EBC} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {8C71E3B5-F23A-4F19-A471-8BCBD42A02B6} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {8E4B9752-B0F7-4D7B-9BCC-AAF6B642264E} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION
Task: {906454C7-40A1-496A-9967-A22BB51BB481} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {95F2110C-E8E8-46E1-AA81-77F928310560} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {A4245948-368E-43F4-BFD8-D89E21085B4B} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {A4DAFE3D-2E85-4F1A-B354-9A793DB63613} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {A95D8B73-219B-41C7-9033-511BF0F1C498} - System32\Tasks\Symantec\Norton Error Processor 18.5.0.125 => C:\Program Files (x86)\Norton Internet Security\Engine\18.5.0.125\SymErr.exe
Task: {AC94CBDB-F606-443A-B5A2-0B0543EB5F07} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-20] (Microsoft Corporation)
Task: {AE17005F-9E60-4C41-A422-1F1D2539F1F9} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {B2F37559-8B00-4290-AA56-5DD5656D0DF2} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {B4237289-A3B3-4385-A03B-D6468A4DB785} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {B6E9ACE5-23A8-49D8-B05C-B33EC202B111} - System32\Tasks\{BB2BC68E-B701-42B5-B281-DC113B8B5BB1} => pcalua.exe -a "C:\Users\Tara\Desktop\www.ComputerZone96.Blogspot.com The Typing of the Dead Full Version.exe" -d C:\Users\Tara\Desktop
Task: {B9A314DE-2E21-45CE-9751-43A4AB33FDC8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {C342D234-454E-4AC5-B3A0-D8144EA6F3BC} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {C3DAC4A5-6C14-4EB6-B392-BD959BF646DE} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {CD5E3BFD-6C44-4E50-AD92-34CAF3CEC5DC} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {E4110DB0-3C67-4209-805E-A8A0EBA913B2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {E8E0BCA3-751B-4E1B-9A63-1EEB9D00C8A9} - System32\Tasks\{E111D6D1-9D60-4A1B-8165-73B058D20596} => pcalua.exe -a "C:\Program Files (x86)\Free Ride Games\Uninstall.exe"
Task: {EB120552-B820-4A1C-9731-18748B9C6C88} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION
Task: {ECB2ABE4-8C7B-4014-96F1-FD0F211D04E7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {F4098BC1-256E-4683-B776-F935A8F26876} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {F4CF0ED4-22BD-495F-A4F2-3CCD682FC664} - System32\Tasks\{292F5C95-28F2-42AB-8AF7-693BBFD00B56} => pcalua.exe -a "C:\Users\Tara\Desktop\The Sims 3 - Island Paradise\Sims3EP10Setup.exe" -d "C:\Users\Tara\Desktop\The Sims 3 - Island Paradise"
Task: {F6CE4187-A856-4189-822B-9EA4F41D9569} - System32\Tasks\Microsoft_Hardware_Launch_devicecenter_exe => c:\Program Files\Microsoft Device Center\devicecenter.exe
Task: {F8EDBB48-45B4-4591-9DDA-86EFC1D8932F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {FEAEFFB5-5AEC-48F1-B97F-9103B21675A7} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-20 08:33 - 2016-02-23 04:27 - 02654872 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-03-20 08:33 - 2016-02-23 04:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-20 08:33 - 2016-02-23 04:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-06-26 13:43 - 2016-06-26 13:43 - 00959168 _____ () C:\Users\Tara\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll
2016-01-16 13:49 - 2016-01-16 13:49 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-20 08:32 - 2016-02-23 01:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-16 13:49 - 2016-01-16 13:49 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-16 13:49 - 2016-01-16 13:49 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-29 17:54 - 2016-01-15 22:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-29 17:54 - 2016-01-15 22:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-01 22:00 - 2015-06-01 22:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2010-11-18 17:18 - 2010-11-18 17:18 - 11190784 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2010-12-15 15:19 - 2010-12-15 15:19 - 00124320 _____ () C:\Program Files\Toshiba\TECO\MUIHelp.dll
2010-12-08 15:42 - 2010-12-08 15:42 - 00079264 _____ () C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosIPCWraper.dll
2012-12-21 18:52 - 2011-02-14 06:55 - 00043520 ____R () C:\Program Files\HTC\ModeSelection\VMMModeSelection.exe
2014-01-09 22:26 - 2014-01-09 22:26 - 01861968 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe
2016-01-26 20:20 - 2016-01-26 20:20 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-06-26 13:43 - 2016-06-26 13:43 - 00679624 _____ () C:\Users\Tara\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll
2014-01-09 22:28 - 2014-01-09 22:28 - 00100688 _____ () C:\Program Files (x86)\DivX\DivX Update\DivXUpdateCheck.dll
2016-01-26 20:20 - 2016-01-26 20:20 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-26 20:20 - 2016-01-26 20:20 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\rhapsody.com -> hxxps://rhap-app-4-0.rhapsody.com
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\...\123simsen.com -> www.123simsen.com

There are 7788 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2015-09-26 13:58 - 00000035 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1541615685-2464090894-2300236971-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Tara\Desktop\8788.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupfolder: C:^Users^Tara^AppData^Roaming^Microsoft^Windows^Start Menu^Programs^Startup^IMVU.lnk => C:\windows\pss\IMVU.lnk.Startup
MSCONFIG\startupreg: Exetender => "C:\Program Files (x86)\Free Ride Games\GPlayer.exe" /runonstartup

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{3E27F22D-ED9C-4E61-9CE8-3CE2C8F09F09}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{542D048E-D381-43E1-80E3-171375D74E32}] => (Allow) C:\Program Files (x86)\HP\digital imaging\smart web printing\smartwebprintexe.exe
FirewallRules: [{088B92F4-4EEE-47BE-8C9F-9673D50E2901}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{F9185EA1-A105-4CD4-8920-5E4290CA2489}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{F2F52AB9-5793-4E3E-82EA-47435A6CE0AC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{21455DC7-E0CF-4D4C-9089-94E8D6C3D50F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{32A9294A-969C-4B40-8930-0740E7A76E99}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{3D0A8CE8-FA16-4125-9EAE-87390059CED0}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{E58E6BC2-298C-4EFE-9A27-37B53C3C3EA9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{AF192591-BA22-4AC1-964A-A67043BB971D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{E7FDC2DB-E648-4279-917F-CBCB4BD3B571}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{8493D0A6-550A-4BCA-B64E-CEF8CC9259B4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{3F79B16D-63AB-452D-A492-6935B14756BE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{99015141-589F-40C6-AFFF-4370B9DE5B7D}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{66AA9B05-7D33-4023-BD0E-B509C08ED3EC}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{E86391E8-47DF-409F-AFAD-606ECE62DE4F}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{6C864E7C-D2FC-46A2-B6D3-C335F0F86493}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{842A21DC-0036-4328-BA6E-55E42C4CDAA4}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{3EA83EAE-C2F7-4BBD-90DD-69737D2AB4A7}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{9F3BD001-4B78-495D-B3F0-C43637222D06}] => (Allow) C:\Users\Tara\AppData\Local\Temp\7zS019F\OJ6500vE709_Full_14\setup\hpznui40.exe
FirewallRules: [UDP Query User{853FD6D2-D89F-41E6-9A98-3CBE29D1A931}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [TCP Query User{CD7E36D2-A38D-42C0-B029-AB60297FBB59}C:\program files (x86)\electronic arts\eadm\core.exe] => (Allow) C:\program files (x86)\electronic arts\eadm\core.exe
FirewallRules: [{A210DC05-D99A-4E8B-98E1-291DEB2D8F50}] => (Allow) C:\Users\Tara\AppData\Local\Temp\7zS35EE.tmp\SymNRT.exe
FirewallRules: [{12E33132-033A-4696-BBDE-702C01F8C5E4}] => (Allow) C:\Users\Tara\AppData\Local\Temp\7zS35EE.tmp\SymNRT.exe
FirewallRules: [{0EAE87C3-16ED-444B-9E2E-90B40D85E06A}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{8F811FE1-ECDA-4000-8626-3FD3E506FF2C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1363\Agent.exe
FirewallRules: [{2288003E-06AE-4F44-B1A6-B5D6DB9E7DAD}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{744AD6FC-526C-44AA-A620-9D81BD5563E3}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.1040\Agent.exe
FirewallRules: [{F3DCD8A7-07F7-4C77-9154-4D7203A434BB}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
FirewallRules: [{97F5C260-D31F-4D9A-B6DC-1EFA5C4A4871}] => (Allow) C:\Program Files (x86)\Rhapsody\rhapsody.exe
FirewallRules: [{19F46610-43D0-46FA-90F9-746B74A4514A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C89D94C8-7B9E-48E3-874A-A5BC6343CD8A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{742CCE9D-5F1F-4BD4-880F-964119E9F72B}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{4A9008D0-84C7-4DD2-88A4-1921501E6886}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{53CA709D-1DFA-4539-911B-1843A4EE5656}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{06905B5D-B58B-4D4E-AAF7-87AA239EC97A}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{78274121-28A5-4ACD-B26C-1377E2307A13}] => (Allow) C:\Program Files\Common Files\McAfee\McSvcHost\McSvHost.exe
FirewallRules: [{5ED5DD6E-4F49-4442-93C2-9FDB9AE71E8B}] => (Allow) C:\Program Files (x86)\Windows Live\Mesh\MOE.exe
FirewallRules: [{A8EC1910-CF30-4EE4-A9A4-22F93B4903E3}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{778199AE-F46F-4BE0-97E3-EB208E775586}] => (Allow) LPort=1900
FirewallRules: [{B52BD2BA-E574-4945-B387-47D4491A84CD}] => (Allow) LPort=2869
FirewallRules: [{F0971B9B-6C0D-48DC-9395-6A433215CD4E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

==================== Restore Points =========================

16-01-2016 17:42:12 Windows Update
26-01-2016 20:09:34 Windows Modules Installer
04-02-2016 20:05:10 Windows Update
20-02-2016 09:11:17 Windows Update
20-03-2016 08:39:18 Windows Update
20-03-2016 08:41:15 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/04/2016 04:10:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: TARA-PC)
Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (07/04/2016 04:10:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2069812

Error: (07/04/2016 04:10:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2069812

Error: (07/04/2016 04:10:09 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/04/2016 04:10:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2066515

Error: (07/04/2016 04:10:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2066515

Error: (07/04/2016 04:10:05 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

Error: (07/04/2016 04:09:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 2060734

Error: (07/04/2016 04:09:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 2060734

Error: (07/04/2016 04:09:59 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second


System errors:
=============
Error: (07/04/2016 02:31:58 PM) (Source: DCOM) (EventID: 10010) (User: TARA-PC)
Description: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider

Error: (07/04/2016 01:28:24 PM) (Source: DCOM) (EventID: 10010) (User: TARA-PC)
Description: {0002DF02-0000-0000-C000-000000000046}

Error: (07/04/2016 01:28:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_1087f6c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/04/2016 01:28:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_1087f6c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/04/2016 01:28:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_1087f6c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/04/2016 01:28:24 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_1087f6c service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (07/04/2016 01:25:04 PM) (Source: DCOM) (EventID: 10010) (User: TARA-PC)
Description: Windows.Networking.BackgroundTransfer.Internal.BackgroundTransferTask.ClassId.1

Error: (07/04/2016 12:49:25 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (07/04/2016 12:48:55 PM) (Source: Service Control Manager) (EventID: 7011) (User: )
Description: A timeout (30000 milliseconds) was reached while waiting for a transaction response from the ShellHWDetection service.

Error: (07/04/2016 12:48:34 PM) (Source: disk) (EventID: 11) (User: )
Description: The driver detected a controller error on \Device\Harddisk1\DR2.


CodeIntegrity:
===================================
  Date: 2016-07-04 16:11:14.882
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-04 16:11:14.844
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-04 15:35:43.186
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-04 15:35:43.158
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-04 15:35:43.068
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-04 13:55:50.171
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-04 13:55:50.152
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-04 13:55:50.105
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-04 13:55:50.018
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2016-07-04 13:55:49.981
  Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU B940 @ 2.00GHz
Percentage of memory in use: 73%
Total physical RAM: 4043.86 MB
Available physical RAM: 1087.77 MB
Total Virtual: 8139.86 MB
Available Virtual: 4381.79 MB

==================== Drives ================================

Drive c: (TI106139W0E) (Fixed) (Total:450.13 GB) (Free:305.83 GB) NTFS ==>[system with boot components (obtained from drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 465.8 GB) (Disk ID: 4E59E2AF)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=450.1 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=450 MB) - (Type=27)
Partition 4: (Not Active) - (Size=13.7 GB) - (Type=17)

==================== End of Addition.txt ===================

Please do a combination threat/rootkit scan.  Note that the scan may take some time to complete.

• Right-click Malwarebytes and choose "Run as administrator" and from the Dashboard please "Check for Updates" by clicking the Update Now... link
  
• On the Settings tab > Detection and Protection subtab, Detection Options, tick the box 'Scan for rootkits' and Under Non Malware Protection set both PUP and PUM to Treat detections as malware.
  
• Click on the Scan tab, then click on Scan Now >>.
  
• A Threat Scan will begin.
  
• With some infections, you may see this message box.
     
  • 'Could not load DDA driver'
• Click 'Yes' to this message, to allow the driver to load after a restart.
  
• Allow the computer to restart. Continue with the rest of these instructions.
  
• When the scan is complete, click Apply Actions.
  
• Wait for the prompt to restart the computer to appear, then click on Yes.
  
• Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply.
  

Is this the correct one, Corrine?

<?xml version="1.0" encoding="UTF-16"?>

-<mbam-log>


-<header>

<date>2016/07/05 18:08:12 -0700</date>

<logfile>mbam-log-2016-07-05 (18-08-08).xml</logfile>

<isadmin>yes</isadmin>

</header>


-<engine>

<version>2.2.1.1043</version>

<malware-database>v2016.07.05.14</malware-database>

<rootkit-database>v2016.05.27.01</rootkit-database>

<license>trial</license>

<file-protection>enabled</file-protection>

<web-protection>enabled</web-protection>

<self-protection>disabled</self-protection>

</engine>


-<system>

<hostname>TARA-PC</hostname>

<ip>192.168.1.5</ip>

<osversion>Windows 10</osversion>

<arch>x64</arch>

<username>Tara</username>

<filesys>NTFS</filesys>

</system>


-<summary>

<type>threat</type>

<result>completed</result>

<objects>366236</objects>

<time>4517</time>

<processes>0</processes>

<modules>0</modules>

<keys>0</keys>

<values>0</values>

<datas>0</datas>

<folders>0</folders>

<files>2</files>

<sectors>0</sectors>

</summary>


-<options>

<memory>enabled</memory>

<startup>enabled</startup>

<filesystem>enabled</filesystem>

<archives>enabled</archives>

<rootkits>enabled</rootkits>

<deeprootkit>disabled</deeprootkit>

<heuristics>enabled</heuristics>

<pup>enabled</pup>

<pum>enabled</pum>

</options>


-<items>


-<file>

<path>C:\Program Files (x86)\Audio Service\AudioService.exe</path>

<vendor>PUP.Optional.TechSnab</vendor>

<action>success</action>

<hash>8be75ac627735fd77162615ca061946c</hash>

</file>


-<file>

<path>C:\Users\Tara\Downloads\Goat Simulator-Download.exe</path>

<vendor>PUP.Optional.DownWare</vendor>

<action>success</action>

<hash>0d658a96ddbd0a2c108bb6fe12efde22</hash>

</file>

</items>

</mbam-log>

Not quite what I wanted as that is an HTML file.  However, please do the following:

Please download AdwCleaner (http://general-changelog-team.fr/fr/downloads/finish/20-outils-de-xplode/2-adwcleaner/) by Xplode and save to your Desktop.

• Right-click on AdwCleaner.exe and select Run As Administrator
  
• The tool will start to update the database, please wait a bit.
  
• Click on the Scan button.
  
• AdwCleaner will begin.  Please be patient as the scan may take some time to complete.
  
• After the scan has finished, click on the Clean button.
  
• Press OK when asked to close all programs and follow the onscreen prompts.
  
• Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
  
• After rebooting, a logfile report (AdwCleaner[S#].txt) will open automatically (where the largest value of # represents the most recent report).
  
• Copy and paste the contents of that logfile in your next reply.
  
• A copy of that logfile will also be saved in the C:\AdwCleaner folder.
  

Please download Junkware Removal Tool (http://www.bleepingcomputer.com/download/junkware-removal-tool/dl/131/) to your desktop.

• Disable your protection software now to avoid potential conflicts.
  
• Run the tool by double-clicking it.  If you are using Windows Vista or Seven, right-mouse click it and select "Run as Administrator".
  
• The tool will open and start scanning your system.
  
• Please be patient as this can take a while to complete depending on your system's specifications.
  
• On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  
• Post the contents of JRT.txt into your next message.
  

Also, please see Application Pool Identities : The Official Microsoft IIS Site (http://www.iis.net/learn/manage/configuring-security/application-pool-identities) and let me know if you are running a cloud server, etc. since DefaultAppPool is showing up as a user on your computer and wasn't on logs you've posted previously.

I'm not home yet but as far as I know I don't do the cloud thing. I have no idea how to. My phone has pictures on a cloud I think and I use Google photos on my comp.

If you did not add DefaultAppPool as a user/Administrator on your computer, you may want to remove it.  Note, however, that if some software you intentionally installed requires that function, it will no longer work.  Illustrated instructions for removing the account are at How to Remove Windows 10 User Accounts (https://windowsinstructed.com/remove-windows-user-accounts/).

However, if you wish to first change it to a local account, without Administrator privileges (which is reversible), do the following:

-- Launch an elevated Command Prompt (Right-click the Windows Icon and select "Command Prompt (Admin)"
-- Type the following command to add to the localgroup: net localgroup users "DefaultAppPool" /add
-- Press Enter.
-- Type the following command to remove from the Admin group:  net localgroup administrators "DefaultAppPool" /delete
-- Press Enter.