Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Windows 10 popup "need Flashplayer update" [Solved]


  • This topic is locked This topic is locked

#1
flowerchild552008

flowerchild552008

    Member

  • Member
  • PipPipPip
  • 123 posts

I'm normally careful to not click on ads but thought I was going to a news website when a popup locked up screen saying Flashplayer needed to be updated.  I was unable to close tab for the page that the popup came up on.  Tried to restart several times but when opening Edge the same page kept returning.  Finally, I totally powered down, left for a few minutes and when it came back up the page had changed to a website but I was able to close the tab.  I did that quickly (and before I thought to write down the website it was on) and now I am afraid that I have a virus. 

 

I have Windows Defender and scanned but it didn't find anything.  Do you have any suggestions to make sure that nothing has compromised my system?

 

(The instructions shown in the Malware Cleaning Guide did not include Windows Edge directions)

 

Thanks in advance.

 

Deb


Edited by flowerchild552008, 14 January 2016 - 07:49 PM.

  • 0

Advertisements


#2
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts

Please note that all instructions given are customised for this computer only, the tools used may cause damage if used on a computer with different infections.

If you think you have similar problems, please post the appropriate logs in the Malware Removal forum and wait for help.

Hi and welcome back to Geeks to Go. :)

I'm Dakeyras and I am going to try to assist you with your problem. Please take note of the below:
  • I will start working on your Malware issues, this may or may not, solve other issues you have with your machine.
  • The fixes are specific to your problem and should only be used for this issue on this machine!
  • The process is not instant. Please continue to review my answers until I tell you your machine is clear. Absence of symptoms does not mean that everything is clear.
  • If you don't know, stop and ask! Don't keep going on.
  • Please reply to this thread. Do not start a new topic.
  • Refrain from running self fixes as this will hinder the malware removal process.
  • It may prove beneficial if you print of the following instructions or save them to notepad as I post them.
  • Your security programs may give warnings for some of the tools I will ask you to use. Be assured, any links I give are safe.
Before we start:

Please be aware that removing Malware is a potentially hazardous undertaking. I will take care not to knowingly suggest courses of action that might damage your computer. However it is impossible for me to foresee all interactions that may happen between the software on your computer and those we'll use to clear you of infection, and I cannot guarantee the safety of your system. It is possible that we might encounter situations where the only recourse is to re-format and re-install your operating system, or to necessitate you taking your computer to a repair shop.

Because of this, I advise you to backup any personal files and folders before you start.

Backup the Registry:

Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.
  • Please download the installer for Registry Backup from here or here and save to your desktop.
  • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
  • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
  • Once the GUI(graphical user interface) has appeared/loaded:-
TCRB-1.jpg
  • Click on Backup Now >> once the process is complete, similar to the below will displayed in the GUI:-
TBRB-2.jpg
  • Close Tweaking.com - Registry Backup
Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

A tutorial for Registry Backup explaining the various features can be viewed here.

Scan with AdwCleaner:

Please download AdwCleaner from here or here and save to your desktop.
  • Right-click on adwcleaner.exe and select Run as Administrator to launch the application.
  • Now click on the Scan tab >> once the scan is complete click on the Cleaning tab and follow the prompts.
  • Allow the system to reboot. You will then be presented with the report. Copy & Paste this report into your next reply.
Note: The log can also be located at C: >> AdwCleaner >> AdwCleaner[S0].txt

Next:

When completed the above, please post back the following in the order asked for:
  • How is your computer performing now, any further symptoms and or problems encountered?
  • AdwCleaner Log.

  • 0

#3
flowerchild552008

flowerchild552008

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

Hi and thanks for the reply!

 

There was one more instance of this message coming up just prior to me following the instructions above.  I was able to close Edge by going to task manager and stopping it.  Otherwise the small box that pops up will not let me close any tabs and has everything "grayed out" on the screen except this box wanting to download.  Since running AdwCleaner I haven't done anything other than come here to send you the results.  Nothing has happened so far.

 

Here are the results:

 

# AdwCleaner v5.029 - Logfile created 17/01/2016 at 14:06:33

# Updated 11/01/2016 by Xplode

# Database : 2016-01-15.2 [Server]

# Operating system : Windows 10 Home  (x64)

# Username : Debra - MYBABY

# Running from : C:\Users\Debra\Downloads\AdwCleaner.exe

# Option : Cleaning

# Support : http://toolslib.net/forum

***** [ Services ] *****

 

***** [ Folders ] *****

 

***** [ Files ] *****

 

***** [ DLLs ] *****

 

***** [ Shortcuts ] *****

 

***** [ Scheduled tasks ] *****

 

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\dotomi.com

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\shopathome.com

[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\softonic.com

[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\adbabylon.com

[-] Key Deleted : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\cdn.adbabylon.com

[-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\adbabylon.com

[-] Key Deleted : HKCU\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\cdn.adbabylon.com

***** [ Web browsers ] *****

 

*************************

 

:: "Tracing" keys removed

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [1810 bytes] ##########


  • 0

#4
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)
 

Hi and thanks for the reply!

You're welcome and the rest of you reply is also acknowledged. Lets proceed as follows shall we...

Scan with aswMBR:

Please download aswMBR to your desktop.

Alternate downloads are here and here.
  • Right-click on aswMBR.exe and select Run as Administrator to launch the application.
  • If a prompt stating: The computer supports "Virtualization Technology" appears >> select Yes
  • When prompted with: The application can use the Avast! Free Antivirus for scanning >> select Yes
  • The Avast! virus definitions database will automatically be downloaded. Be patient this make take some time depending on the speed of your Internet Connection.
  • Once it has downloaded >> ensure the option next to AV scan: >> QuickScan is selected only. It should be by default.
  • Now click on the Scan button to start the scan.
  • On completion of the scan click Save Log, save it to your desktop and post the contents in your next reply
  • Click on Exit.
Note: There will also be a file on your desktop named MBR.dat(or similar) do not delete this for now it is a actual backup of the MBR(master boot record).

Scan with Farbar Recovery Scan Tool:

Please download and save Farbar Recovery Scan Tool 64-Bit to your desktop.
  • Right-click on FRST.exe and select Run as Administrator to start FRST.
  • Under Optional Scan ensure both Drivers MD5 and Addition.txt are selected.
  • Now click on the Scan button/radio tab >> at the Scan completed prompt click on OK
  • At the next prompt denoting Addition.txt is saved in the same location FRST tool is run >> click on OK
  • There will now be two logs on your desktop, Addition.txt and FRST.txt. Post the contents of both in your next reply.
Next:

When completed the above, please post back the following in the order asked for:
  • aswMBR Log.
  • Both FRST logs. <-- Post them individually please, IE: one Log per post/reply.

  • 0

#5
flowerchild552008

flowerchild552008

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

Hi Dakeyras,

 

Had some trouble while trying to copy and paste logs.  System had to reboot said to look up "Critical Structure Corruption". 

 

I'm going to try again.

 

Well, it's not working.  Will not let me paste here at all.  Any of them.  They are all saved to my desktop as text documents. 

 

What should I do now? 

 

Thanks,

 

Deb


  • 0

#6
flowerchild552008

flowerchild552008

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

It finally worked!  Here's the first.

 

aswMBR version 1.0.1.2290 Copyright© 2014 AVAST Software
Run date: 2016-01-17 17:44:32
-----------------------------
17:44:32.221    OS Version: Windows x64 6.2.9200
17:44:32.221    Number of processors: 2 586 0x3C03
17:44:32.236    ComputerName: MYBABY  UserName: Debra
17:44:35.407    Initialize success
17:44:35.461    VM: initialized successfully
17:44:35.461    VM: Intel CPU supported
17:44:39.341    VM: disk I/O iaStorA.sys
17:55:47.589    AVAST engine defs: 16011704
18:08:33.174    Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002d
18:08:33.175    Disk 0 Vendor: WDC_WD5000AAKX-75U6AA0 20.01H20 Size: 476940MB BusType: 11
18:08:33.299    Disk 0 MBR read successfully
18:08:33.305    Disk 0 MBR scan
18:08:33.329    Disk 0 unknown MBR code
18:08:33.333    Disk 0 Partition 1 00     EE            GPT           2097151 MB offset 1
18:08:33.452    Disk 0 scanning C:\WINDOWS\system32\drivers
18:08:48.561    Service scanning
18:09:18.453    Modules scanning
18:09:18.470    Disk 0 trace - called modules:
18:09:18.545   
18:09:19.848    AVAST engine scan C:\WINDOWS
18:09:22.317    AVAST engine scan C:\WINDOWS\system32
18:12:41.116    AVAST engine scan C:\WINDOWS\system32\drivers
18:12:57.387    AVAST engine scan C:\Users\Debra
18:16:12.876    Disk 0 MBR has been saved successfully to "C:\Users\Debra\Desktop\MBR.dat"
18:16:12.876    The log file has been saved successfully to "C:\Users\Debra\Desktop\aswMBR.txt"
 


  • 0

#7
flowerchild552008

flowerchild552008

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-01-2015
Ran by Debra (administrator) on MYBABY (17-01-2016 18:21:43)
Running from C:\Users\Debra\Downloads
Loaded Profiles: Debra (Available Profiles: Debra & Administrator)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
() C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(DELL Inc.) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Program Files\Windows NT\Accessories\wordpad.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\CSISYNCCLIENT.EXE
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(CyberLink) C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\WWAHost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(magicJack L.P.) C:\Users\Debra\AppData\Roaming\mjusbsp\magicJack.exe
(AVAST Software) C:\Users\Debra\Downloads\aswmbr.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-12-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-02] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-12-02] (Realtek Semiconductor)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-07] (Intel Corporation)
HKLM\...\Run: [IgfxTray] => C:\Windows\system32\igfxtray.exe [396688 2015-07-17] ()
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1282120 2013-05-02] (CANON INC.)
HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtvStack.exe
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\...\Run: [cdloader] => C:\Users\Debra\AppData\Roaming\mjusbsp\cdloader2.exe [51592 2014-07-04] (magicJack L.P.)
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\...\Policies\Explorer: [NoChangeStartMenu] 0
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\...\Policies\Explorer: [NoLogOff] 0
ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{91ecf1a7-5073-472e-82fc-8a53a65fd99b}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{bcdda8d0-fc0c-44ce-bbab-4b5937b95b28}: [DhcpNameServer] 192.168.1.254
 
Internet Explorer:
==================
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/?pc=U147&ocid=U147DHP
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.dell.com
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-15] (Microsoft Corporation)
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-15] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Toolbar: HKU\S-1-5-21-1298665756-2822785880-394653188-1001 -> Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2014-07-07] (CANON INC.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-09-18] (Microsoft Corporation)
 
FireFox:
========
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-09-18] (Microsoft Corporation)
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2574168 2015-09-11] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201560 2015-09-11] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-07] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [351120 2015-07-17] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [140456 2012-03-27] ()
R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2013-07-30] (CyberLink)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-12-02] (Realtek Semiconductor)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [21160 2015-09-30] (Dell Inc.)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
R2 WysePocketCloud; C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe [16176 2013-08-22] ()
R2 WyseRemoteAccess; C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe [1785344 2013-08-19] (DELL Inc.) [File not signed]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-12-02] (Qualcomm Atheros Communications, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91712 2013-03-05] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-02-26] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-01-14] (Malwarebytes)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
U3 aswMBR; C:\Users\Debra\AppData\Local\Temp\aswMBR.sys [62728 2016-01-17] () [File not signed]
U3 aswVmm; C:\Users\Debra\AppData\Local\Temp\aswVmm.sys [224896 2016-01-17] ()
 
========================== Drivers MD5 =======================
 
C:\Windows\System32\drivers\1394ohci.sys DF1C3D7E6C7929AD83BE22852B5B08CB
C:\Windows\System32\drivers\3ware.sys 2C5B3035B86770ADD2FE9BFBAF5B35A4
C:\Windows\System32\drivers\ACPI.sys 6B6C39AB2CD7BEB6CFF624522E5449DE
C:\Windows\System32\Drivers\acpiex.sys 7EADED8087C392876521F7EBCE846EF4
C:\Windows\System32\drivers\acpipagr.sys C498887123327CDFD73A05E7A2780920
C:\Windows\System32\drivers\acpipmi.sys C8DBE6EFFCF014CAA010B9BDDAC833EC
C:\Windows\System32\drivers\acpitime.sys 17039DBEB3B7B9ADCDB4B4533AA9771F
C:\Windows\System32\drivers\ADP80XX.SYS F7D0CD345D2DA42E7042ABCD73662403
C:\Windows\system32\drivers\afd.sys 70148EFA9A562E7185B75BBE7D376BF7
C:\Windows\System32\drivers\agp440.sys 870F1A2C936F92B5D053DF7EC75B352F
C:\Windows\System32\DRIVERS\ahcache.sys 3DF7751D5DC6525E7DC6617FBB45054F
C:\Windows\System32\drivers\amdk8.sys B70F0F2F54B4A4DB6E9C830454752F5A
C:\Windows\System32\drivers\amdppm.sys 35E890482C9728DD5C552B85DA8A5AB2
C:\Windows\System32\drivers\amdsata.sys 5B30BCFE6E02E45D3EE268FF001BC5E0
C:\Windows\System32\drivers\amdsbs.sys F20B30F35A5C7888441B4DCA001ECF8E
C:\Windows\System32\drivers\amdxata.sys AFE838D7576C581D6483529621AB10CC
C:\Windows\System32\drivers\appid.sys 2BBD3A492B93C7E669D01EE88977D7DE
C:\Windows\System32\drivers\arcsas.sys E3FE8F610B1CC12BC3B2E6BC43DC97E2
C:\Windows\System32\drivers\asyncmac.sys 5E00748A1AD246CAECBBB7553BED36CC
C:\Windows\System32\drivers\atapi.sys 492B99D2E3D5D7BFD5F0AE1BE7BD37DD
C:\Windows\System32\drivers\athw10x.sys 35A831D8736ACC3D3BF38F5D4C4D03DF
C:\Windows\System32\drivers\bxvbda.sys 6447BA6FA709514B6C803D159B4C7D1E
C:\Windows\System32\drivers\BasicDisplay.sys B4AC08B1D04D0CE085435E5CD0E663C5
C:\Windows\System32\drivers\BasicRender.sys 25B5BB369DEE2BAE4BF459C978FF9035
C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810
C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393
C:\Windows\System32\Drivers\Beep.sys 5A88834AEE15D97695FAE0837B73B3E4
C:\Windows\System32\DRIVERS\bowser.sys DA2C6F7ACE392193C424FEA975C5BFFB
C:\Windows\System32\drivers\btath_bus.sys C6978F7EBA6F37D626482AC6B9390630
C:\Windows\system32\DRIVERS\btfilter.sys 239A81CC18170F3369D389DA65E74342
C:\Windows\System32\drivers\BthAvrcpTg.sys CAEC7BC11AF69A181AF7932E636E09E4
C:\Windows\System32\drivers\BthEnum.sys 7F2165B51C19A5F59BCA94E0A1B1E0D3
C:\Windows\System32\drivers\bthhfenum.sys 5F2B4B32E986C058525D3BA2A475A16C
C:\Windows\System32\drivers\BthHFHid.sys 5406289E8AE2CB52FC408154E0A64BA7
C:\Windows\System32\drivers\BthLEEnum.sys CC6C1393B423EBFF9F6696CB9CC4CBCB
C:\Windows\System32\drivers\bthmodem.sys A76F20CCCA31895A1DA78A875E50F946
C:\Windows\System32\drivers\bthpan.sys 09C3DB1B137B269A822F941D867A6BB6
C:\Windows\System32\drivers\BTHport.sys 40811857B266F02D75DE654AE92D98C9
C:\Windows\System32\drivers\BTHUSB.sys F001B81D47CEBF96E60CE971FFCC45C4
C:\Windows\System32\drivers\buttonconverter.sys BF89BDBA5D3A0B4256D3F6FC8D31880D
C:\Windows\System32\drivers\capimg.sys C24C27FDF93B85A4EFCF25F830253AA2
C:\Windows\System32\DRIVERS\cdfs.sys 7F9C7226D743B232907ED2537B8A574F
C:\Windows\System32\drivers\cdrom.sys 82D97776BF982AA143BDC7DFB5054EA8
C:\Windows\System32\drivers\circlass.sys 0505C1D991D0F9D47F3353BB98597C7E
C:\Windows\System32\drivers\CLFS.sys 8B4B39C507ABA09AAFE8E3932D1B392C
C:\Windows\system32\DRIVERS\CLVirtualDrive.sys 3E76A1547F2448BCEE3D2F4AE3931AB5
C:\Windows\System32\drivers\CmBatt.sys 95832B049E2833B9F5189823CDF946C7
C:\Windows\System32\Drivers\cng.sys 80977779A19947939D680A4899E829EC
C:\Windows\System32\DRIVERS\cnghwassist.sys 58D640BC2294C71BDE0953F12D4B432F
C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys 14F9883588398A1BDE49C75098C75DE6
C:\Windows\System32\drivers\condrv.sys 02B8E49148DE5E0A2F6FDF28CE94A6AC
C:\Windows\System32\drivers\dam.sys 2619DC483579DB9FE804044C1ADFFD1A
C:\Windows\system32\drivers\DDDriver64Dcsa.sys B56714DED87E29377F1EE930691DADA2
C:\Windows\system32\drivers\DellProf.sys DC3BD578642252FD9569B9CD75CEF81E
C:\Windows\System32\Drivers\dfsc.sys C9478D7DB7BE5D7ACE65CB1167F07320
C:\Windows\System32\drivers\disk.sys 4904B152E4942BF700F2D73228B4D477
C:\Windows\System32\drivers\dmvsc.sys 0197AE4B9790A4E73751CACFAA480126
C:\Windows\System32\drivers\drmkaud.sys 25FA06D3B49D6ADF8E874FFCDCD76B50
C:\Windows\System32\drivers\dxgkrnl.sys A2512BC5F2ABD84D8B3CB0D76ADB749A
C:\Windows\System32\drivers\evbda.sys 491275B864B704B54EC08168344E0F38
C:\Windows\System32\drivers\EhStorClass.sys CEF108FCE06892CFA5F1B49527D4BF49
C:\Windows\System32\drivers\EhStorTcgDrv.sys 5B1EAAE3001A7A320C106FC3859F4111
C:\Windows\System32\drivers\errdev.sys 7A2705148A4BB3CA255F81624338B461
C:\Windows\System32\Drivers\exfat.sys DFE8A33FBCF6F38182631A4D6097B92D
C:\Windows\System32\Drivers\fastfat.sys 03DE0EC072C5EBD5B018CAD83F1E522A
C:\Windows\System32\drivers\fdc.sys 9D299AE86D671488926126A84DF77BFD
C:\Windows\System32\drivers\filecrypt.sys 8F12AB59336143B680F71B217B495AD2
C:\Windows\System32\drivers\fileinfo.sys 92ECCFA58C8195B8EA33ED942469D4E6
C:\Windows\System32\drivers\filetrace.sys 87C51FDD50C17882BA93E28BBABB9847
C:\Windows\System32\drivers\flpydisk.sys E99261DD76D1C9E05AF575939CAE5AC5
C:\Windows\System32\drivers\fltmgr.sys 25D7A58625E1453E40D36825DE74E4F1
C:\Windows\System32\drivers\FsDepends.sys B4175E8BE60B099686FF55CA7D692316
C:\Windows\System32\Drivers\Fs_Rec.sys CC71372CEB811A72F1DC99089C5CBF53
C:\Windows\System32\DRIVERS\fvevol.sys 421497634C86EF4B8F86D0EBC076728F
C:\Windows\System32\drivers\gagp30kx.sys B9981A4CB9F728B3312A3885BFAA7204
C:\Windows\System32\drivers\vmgencounter.sys 77555B11B264991DDC26872FFCF1AB97
C:\Windows\System32\drivers\genericusbfn.sys F3AC9652D88BF87BA6596CBEA28CE10F
C:\Windows\System32\Drivers\msgpioclx.sys F802FBABF0C4DF1BAA733187B2E476F5
C:\Windows\System32\drivers\gpuenergydrv.sys D011B0ADB15F4815310CE1BF4780B33E
C:\Windows\System32\drivers\HDAudBus.sys 84BC034B6BB763733C1949B7B9BAF976
C:\Windows\System32\drivers\HidBatt.sys 6B8CB114B8E64C0636EB49F7B914D1FC
C:\Windows\System32\drivers\hidbth.sys D1AD197CCDAAC0CB4819DA1D6EB17BAE
C:\Windows\System32\drivers\hidi2c.sys 64909DECCFCC6FB5D9A5BAFDCCB31FEE
C:\Windows\System32\drivers\hidinterrupt.sys F510F7B7BF61DEAAC04E65C3B65E8D59
C:\Windows\System32\drivers\hidir.sys 90F3ED42D423C942BA5EA54E2FFE7AC7
C:\Windows\System32\drivers\hidusb.sys 128DEDDD61915DBA4D451D91D21F0513
C:\Windows\System32\drivers\HpSAMD.sys FF442DCDCE1F6E9FAA9C8AD0CD1D199B
C:\Windows\System32\drivers\HTTP.sys A403DAE4B083EB96BC6CEDB47639B4F8
C:\Windows\System32\drivers\hwpolicy.sys CBA5E88A0F0475B7F49653BB72150BEF
C:\Windows\System32\drivers\hyperkbd.sys D668FAB4B0397B426EE3D41683B9A1C0
C:\Windows\System32\drivers\i8042prt.sys 53FDD9E69189E546DE4740F8C4D8AB2F
C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD
C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 59A20F5AD9F4AE54098154359519408E
C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F
C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7
C:\Windows\System32\drivers\iaStorA.sys 57CD95DEB3529181BCC931DD2DFB2341
C:\Windows\System32\drivers\iaStorAV.sys 6B0029A0253098CCE28EACCFDB9E7208
C:\Windows\System32\drivers\iaStorV.sys 9652E1E35A92D8C75710C17A63B15796
C:\Windows\System32\drivers\ibbus.sys FFADF691F7BF727AF5C863454A372723
C:\Windows\system32\DRIVERS\igdkmd64.sys 6FFC445E0D38C3C880125F2C201C9BC6
C:\Windows\system32\drivers\intelaud.sys F0F581A2299CB2BAB1DF2597BCDDB80F
C:\Windows\system32\drivers\RTKVHD64.sys 48AC5F706780BCC34811EA89A0727189
C:\Windows\system32\DRIVERS\IntcDAud.sys 42777B7BE4946135578E5C3BC1D2E4AD
C:\Windows\System32\drivers\intelide.sys ECDB27420D3A98424666904525A8562A
C:\Windows\System32\drivers\intelpep.sys 8FF1978643EFD219C5BA49690191D701
C:\Windows\System32\drivers\intelppm.sys B61B60F36E1C8022FA8166ABF0F66B07
C:\Windows\System32\drivers\ioqos.sys CA0D42029AFFC4514D295E1EF823D02D
C:\Windows\System32\DRIVERS\ipfltdrv.sys 6E3F9D95235DFC9417384080A216F310
C:\Windows\System32\drivers\IPMIDrv.sys 4F527ECB5EAB47D8EAF34A469666C469
C:\Windows\System32\drivers\ipnat.sys 9E5E8F2A1996F23B7E9687846AA81B01
C:\Windows\System32\drivers\irenum.sys C317EB660138BC9CBFE37CCDE56351AE
C:\Windows\System32\drivers\isapnp.sys 531994A6D9399D9B74BE12B5BB58A81E
C:\Windows\System32\drivers\msiscsi.sys 68D5354A4A9692EEC24664C60F47D4A2
C:\Windows\System32\drivers\iwdbus.sys C2BC9AC9C6514230A481BDCA6A24BEFD
C:\Windows\System32\drivers\kbdclass.sys 701D7DB13B0815E7076EF4CB4CE981F8
C:\Windows\System32\drivers\kbdhid.sys 884EBBDDBF5968003B40185BD96FF0E6
C:\Windows\System32\drivers\kdnic.sys 6B3A0C7902811E6372643447E41F7048
C:\Windows\System32\Drivers\ksecdd.sys 982C795DE20CED7AEDD2E7899B5D9BC1
C:\Windows\System32\Drivers\ksecpkg.sys 7D8B9214692C4D0F1646215D9984E19A
C:\Windows\system32\drivers\ksthunk.sys E9BB0023D730701BB5D9839B44F5E6B5
C:\Windows\System32\drivers\lltdio.sys EC34EED89C34B27C292166B725AC7A7B
C:\Windows\System32\drivers\lsi_sas.sys 961F28D879D345BFA50AF51285C90F2E
C:\Windows\System32\drivers\lsi_sas2i.sys 6BFB8D1B3407518BE06B6F81F92FA0F5
C:\Windows\System32\drivers\lsi_sas3i.sys BE0E47988D78F731DEC2C0CB03E765CB
C:\Windows\System32\drivers\lsi_sss.sys F99BF02BE9219986817BF094981EEB18
C:\Windows\system32\drivers\luafv.sys 2FCF837196082864F66CFD9CAB256275
C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B
C:\Windows\System32\drivers\megasas.sys 2ED29B635F35E31A1C0D3DDB7DD2AD03
C:\Windows\System32\drivers\megasr.sys 22E3CB85870879CBAE13C5095A8B12E3
C:\Windows\system32\DRIVERS\TeeDriverx64.sys EB1D78140D6634C32A46AB1006105EDC
C:\Windows\System32\drivers\mlx4_bus.sys D41920FBFFF2BBCBBC69A5B383AD022E
C:\Windows\system32\drivers\mmcss.sys 64BD0C87064EA20C2D3DC4199F9C239C
C:\Windows\System32\drivers\modem.sys 8D4B46FA84A3A3702EDADD37FAC6EDBA
C:\Windows\System32\drivers\monitor.sys 78FEC1BDB168370F131BFBFEA0A04E9D
C:\Windows\System32\drivers\mouclass.sys D1CC0833CFBC4222A95CAA5D0C8C78FF
C:\Windows\System32\drivers\mouhid.sys C2E05EC6B80BCF5AE362DA873E1BCE64
C:\Windows\System32\drivers\mountmgr.sys D5B7668A8F6C67C51FA5C6C513396D6C
C:\Windows\System32\drivers\mpsdrv.sys 5FBCB85D127BE21E3A9DAF11A13C00EA
C:\Windows\system32\drivers\mrxdav.sys 37C9EC0398BFC22C616711E41AE157D5
C:\Windows\System32\DRIVERS\mrxsmb.sys 61F9F27A8C3D7BCD287FE98A440421CE
C:\Windows\System32\DRIVERS\mrxsmb10.sys CCAD845F4D21D0E0E0468205EE865473
C:\Windows\System32\DRIVERS\mrxsmb20.sys 0F47A6C09F0A7FB5513D322A2B9BE4EC
C:\Windows\System32\drivers\bridge.sys A934DF064C503A31683DD7EECDBD327A
C:\Windows\System32\Drivers\Msfs.sys D123343DDB02E372B02BF2C4293F835F
C:\Windows\System32\drivers\msgpiowin32.sys B3358F380BA3F29F56BE0F7734C24D5F
C:\Windows\System32\drivers\mshidkmdf.sys B2044D5D125F249680508EC0B2AAEFAC
C:\Windows\System32\drivers\mshidumdf.sys 36ABE7FC80BED4FE44754AE5CFB51432
C:\Windows\System32\drivers\msisadrv.sys 59307FEAFC9E72EEEC56B7FD7D294F4C
C:\Windows\system32\DRIVERS\MSKSSRV.sys E9457EDFEBC774199F907395C6D09CA2
C:\Windows\System32\drivers\mslldp.sys C85D79735641D27C5821C35ECDDC2334
C:\Windows\system32\DRIVERS\MSPCLOCK.sys EF75184B64356850D0F04D049C253526
C:\Windows\system32\DRIVERS\MSPQM.sys 543933D166C618E7588EA77707EC1683
C:\Windows\System32\Drivers\MsRPC.sys 182711E9DDF70121A20EBB61B2DFB9E8
C:\Windows\System32\drivers\mssmbios.sys E887FFDD6734C496407E9219225CB6FF
C:\Windows\system32\DRIVERS\MSTEE.sys 83A2AB75951000D681FABDB80C07AEFC
C:\Windows\System32\drivers\MTConfig.sys 4FA0483896FC16583851EFB733FCB083
C:\Windows\System32\Drivers\mup.sys 60F88248608315E13391C2F1C3B4473F
C:\Windows\System32\drivers\mvumis.sys 218705233D02776AE4D19CC37D985C1B
C:\Windows\System32\DRIVERS\nwifi.sys 536A0806CE2061A2157E65D4D8ABF30C
C:\Windows\System32\drivers\ndfltr.sys B57CE307DA101C739885B7CC0678077F
C:\Windows\System32\drivers\ndis.sys AFAECF904F1C343EBD50F91BC8D0DBE8
C:\Windows\System32\drivers\ndiscap.sys 202260E7CDD731A32AF62ABD1ABEE008
C:\Windows\System32\drivers\NdisImPlatform.sys A1D473D0CF10561F29B58EA7C5412A92
C:\Windows\System32\DRIVERS\ndistapi.sys 1A0AE283B8DE6BB76412A0F8213D45AC
C:\Windows\System32\drivers\ndisuio.sys A74EE2D2C0BFF5EC3A6185791868C4CA
C:\Windows\System32\drivers\NdisVirtualBus.sys 32A9BD1342640D48AD85C8B3E812B984
C:\Windows\System32\drivers\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057
C:\Windows\System32\DRIVERS\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057
C:\Windows\System32\DRIVERS\NDProxy.sys 50AEF8EF0064A91ABB08D858D039C9DE
C:\Windows\System32\drivers\Ndu.sys D358DF634F52247CB43F0781218F4D6E
C:\Windows\System32\drivers\netbios.sys 026618ECF6C4BEBDCB7885D42EC0DBE4
C:\Windows\System32\DRIVERS\netbt.sys F51C02D992A8D6BC5EC4D990F227D4C7
C:\Windows\System32\Drivers\Npfs.sys 465DC580170CD844206D7E3EF1DBF2A1
C:\Windows\System32\drivers\npsvctrig.sys 29395C214D2CD4C81F73166AB988A797
C:\Windows\System32\drivers\nsiproxy.sys 2871225495F832A8C8A7DD1A17EDB3DC
C:\Windows\System32\Drivers\NTFS.sys EFEFC245B884B1BE0401931398DCD707
C:\Windows\System32\Drivers\Null.sys 6DBD703320484C37CEA9E4E2D266A8CE
C:\Windows\System32\drivers\nvraid.sys 604D27CC38CC23493F218D0BB834B3FF
C:\Windows\System32\drivers\nvstor.sys 8B50D897657AB4A15FD9E251BBF7D107
C:\Windows\System32\drivers\nv_agp.sys 31F990B2B6B91E9D7A667405CE12FCB1
C:\Windows\System32\drivers\parport.sys 7D0FC96264C0F8F2C1321E33E8EB646C
C:\Windows\System32\drivers\partmgr.sys 24AC0FD10325FBC2303B29A5F237AEB0
C:\Windows\System32\drivers\pci.sys 1D4E995955BDAE781C46CB97AE1CFB58
C:\Windows\System32\drivers\pciide.sys 2B4D98DF0CA57FB9536DBC80D2449D1F
C:\Windows\System32\drivers\pcmcia.sys F4D5793BF2E58AF15C6CF2FEEF9E73EB
C:\Windows\System32\drivers\pcw.sys 22A53744CEEADFFFD33BA010FAD95229
C:\Windows\System32\drivers\pdc.sys 48F3A3222CF340FE31535CB6D49C6D6F
C:\Windows\System32\drivers\peauth.sys E2F8376F9731D12A009C522036C6073A
C:\Windows\System32\drivers\percsas2i.sys 1398A85E59698067CBBE1D66A9C13ADF
C:\Windows\System32\drivers\percsas3i.sys 35F7C7AD709D909D618D9EDF987FC3ED
C:\Windows\System32\drivers\raspptp.sys 5BA6B9AD03B81546BA64E488C4EF9D17
C:\Windows\System32\drivers\processr.sys 21AECFF3EB5748CBE12538A2500EFDE5
C:\Windows\System32\drivers\pacer.sys 596FB6C5A72F34B7566930985E543806
C:\Windows\system32\drivers\qwavedrv.sys CFBA9C976CBF6796E5DC39EF59984021
C:\Windows\System32\DRIVERS\rasacd.sys 7B2AD8C55217B514C14281AB97B4E21D
C:\Windows\System32\drivers\AgileVpn.sys E15A9CE1E2E7D1C8DF97A4FC1FFE6289
C:\Windows\System32\drivers\rasl2tp.sys 381B8F2311A0375676B635EA5E7C8AB0
C:\Windows\System32\DRIVERS\raspppoe.sys 3369023EB5790A75BA7DABA14B75D922
C:\Windows\System32\drivers\rassstp.sys 1E32A8CD65C4AD0A827CFEB13034DA29
C:\Windows\System32\DRIVERS\rdbss.sys 2B648363E4C5E34B469C58596F377DD9
C:\Windows\System32\drivers\rdpbus.sys D0221C13960E274CC539D72D5A842ED0
C:\Windows\System32\drivers\rdpdr.sys 1DC2CC74B51E4DC4CD5A20C1021E4010
C:\Windows\System32\drivers\rdpvideominiport.sys 177DF954D0DEC0465A380C75F6E7F65F
C:\Windows\System32\drivers\rdyboost.sys 5D1680871054D2B0B8A971BC8AB3B837
C:\Windows\System32\Drivers\ReFSv1.sys 341E6830DA70F65730300DAB4CB0B490
C:\Windows\System32\drivers\rfcomm.sys 60BFD9EE962C87747A0EB648634281ED
C:\Windows\System32\drivers\rspndr.sys 0AC5FCDC29ED97ECDEF1276425EE2059
C:\Windows\System32\Drivers\RtsUStor.sys 9CF8593B62102545CB1652A1D8748FDD
C:\Windows\System32\drivers\rt640x64.sys FBEFF38DE03450E03E6CD9E8E37A8C74
C:\Windows\System32\drivers\vms3cap.sys 044890BB0D6CF1E23C1087234D320509
C:\Windows\System32\drivers\sbp2port.sys 530F797129776AA7E81994783A97E2AD
C:\Windows\System32\DRIVERS\scfilter.sys 9B6B1D4DB35A3D9BEAF023BC95E1F49D
C:\Windows\System32\drivers\sdbus.sys E1137E39C3BB3EF9AF2243745D901D60
C:\Windows\System32\drivers\sdstor.sys DE6D7DC78D956928F59F7415A0F41E13
C:\Windows\System32\drivers\SerCx.sys 67585C295FF2D221679E376B68893B35
C:\Windows\System32\drivers\SerCx2.sys B8C4852CBCAAC1374C08EC7445443824
C:\Windows\System32\drivers\serenum.sys D3A103944A8FCD78FD48B2B19092790C
C:\Windows\System32\drivers\serial.sys 88D58E1DAA6C5062DD3A26273106961F
C:\Windows\System32\drivers\sermouse.sys 0F5B43074AE731D2C6F061241C9D84A6
C:\Windows\System32\drivers\sfloppy.sys D9FE59276BD56A9643C32D5FACE2F251
C:\Windows\System32\drivers\SiSRaid2.sys ABBE803FE0BDAE0E5BE74DDEFBE62F23
C:\Windows\System32\drivers\sisraid4.sys 6043DF55CFE3C7ACF477645FA64DEA98
C:\Windows\System32\drivers\spaceport.sys 1A6CB30F0EFC1632E6F1B852CA892583
C:\Windows\System32\drivers\SpbCx.sys E1C158F6C00359278727A2CEE5D2ED71
C:\Windows\System32\DRIVERS\srv.sys ACC1709EC7FE6EB8999DBC91C50C2B34
C:\Windows\System32\DRIVERS\srv2.sys AFBCFC946FAE7483E27BD316D03F94A5
C:\Windows\System32\DRIVERS\srvnet.sys 107C1EBE79710E4A759449BD6604245A
C:\Windows\System32\drivers\stexstor.sys CCDA497C880AD16D87EDFAEFCFB2EDF5
C:\Windows\System32\drivers\storahci.sys BF8EA6FC3358C2F69678E3E94F764F84
C:\Windows\System32\drivers\vmstorfl.sys 32FF460DA8C1F370F5C08B7654899B73
C:\Windows\System32\drivers\stornvme.sys CC21DB3EF619B9480FE31A4EFE92CBEB
C:\Windows\System32\drivers\storqosflt.sys 390B8A75768E2689586539C224520895
C:\Windows\System32\drivers\storufs.sys 770A92D9D3A0BF61C97C3AFCB36847D9
C:\Windows\System32\drivers\storvsc.sys 736A2418E3E7F3DB3CF6EB0A55D1D581
C:\Windows\System32\drivers\swenum.sys BD98B0225BCD49E8A62F4F8EE1D1F613
C:\Windows\System32\drivers\Synth3dVsc.sys CAE4B27B469C583131EA5AAE622F5D76
C:\Windows\System32\drivers\tcpip.sys 892F30506DCCF230C5A57019C1D8D31B
C:\Windows\System32\drivers\tcpip.sys 892F30506DCCF230C5A57019C1D8D31B
C:\Windows\System32\drivers\tcpipreg.sys 17F37EC9042D84561C550620643D9A85
C:\Windows\system32\DRIVERS\tdx.sys 91D3F2A6253EF83EFBD7903028F58C4D
C:\Windows\System32\drivers\terminpt.sys E730D0EB1B84EBC98423FC8D285EDBC0
C:\Windows\System32\drivers\tpm.sys 169B0A246067457FEF8A18EED7EED9D5
C:\Windows\System32\drivers\TsUsbFlt.sys 48E828C66AB016E48F2CB4DD585315FD
C:\Windows\System32\drivers\TsUsbGD.sys 267C76EE60736EA5A1811A53FA02AABE
C:\Windows\System32\drivers\tunnel.sys 8CE72F094B822AD5EE9C3A3AFC0C16B6
C:\Windows\System32\drivers\uagp35.sys 42C546414F80BD6C0137FC3A106F8A69
C:\Windows\System32\drivers\uaspstor.sys 1686DBC81748B096232B15F16C302985
C:\Windows\System32\Drivers\UcmCx.sys 3995CC3DEDED258768B8EBC2F4C0DC73
C:\Windows\System32\drivers\UcmUcsi.sys 1C95F7CE37D9EFB90EBE987A9712356C
C:\Windows\System32\drivers\ucx01000.sys AED081772091C98173905E2DF28C223B
C:\Windows\System32\drivers\udecx.sys DCA34A111C29E4578DF2B8CEA3C7CDBD
C:\Windows\System32\DRIVERS\udfs.sys 718A956AE00CE086F381044AB66CC29C
C:\Windows\System32\drivers\UEFI.sys BA760F8E66428BA9FF1E8BFBC6248136
C:\Windows\System32\drivers\ufx01000.sys 5F0D997E6FC5A418D7673148CEF72887
C:\Windows\System32\drivers\UfxChipidea.sys 2B1DABA97DDF5365FC66EE7DEDD86A13
C:\Windows\System32\drivers\ufxsynopsys.sys DB630FC660443D63EBAB2C830C298EFE
C:\Windows\System32\drivers\uliagpkx.sys 6DE78C04BF32ECA7AF3064F53687C9A5
C:\Windows\System32\drivers\umbus.sys 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4
C:\Windows\System32\drivers\umpass.sys 11680607944A719EF20E0E740785712A
C:\Windows\System32\drivers\urschipidea.sys 2410A0C20D21A25E6C01979FA886BE90
C:\Windows\System32\drivers\urscx01000.sys 6E59CE43B6BA5AA1ADCF36A4DBBB92BB
C:\Windows\System32\drivers\urssynopsys.sys E8A59FA109A22FC07E44BDFCC9727DBD
C:\Windows\system32\drivers\usbaudio.sys 9F9D5E2086BB9AEEA96E9BF73B7B2D32
C:\Windows\System32\drivers\usbccgp.sys D8A44550ECE102B6443F5D54DCE7DAB3
C:\Windows\System32\drivers\usbcir.sys 66B3D22DAB5312FF238ABF5C6D9F8FAB
C:\Windows\System32\drivers\usbehci.sys 3E4F20DB902D2E2914F3FF3DB9772200
C:\Windows\System32\drivers\usbhub.sys 41F7F00D76904416EF1F9EFA1A4C37A2
C:\Windows\System32\drivers\UsbHub3.sys 12A0B486EA13DF46C27B90CC2CE92FE5
C:\Windows\System32\drivers\usbohci.sys DAB35CCA86F5FBE77D870A40089BC4A1
C:\Windows\System32\drivers\usbprint.sys 21162F65C7756AAECAEBED9E67D0A5FE
C:\Windows\system32\DRIVERS\usbscan.sys D67B6A4A6FB99D29444C2DBA2B636799
C:\Windows\System32\drivers\usbser.sys CA6369870F91F3D367D26278E0AD0DDF
C:\Windows\System32\drivers\USBSTOR.SYS 37C2CD8587BF7F785381EB7B26916B52
C:\Windows\System32\drivers\usbuhci.sys 8B3E458A8851F9A3B2109B1680EE1159
C:\Windows\System32\drivers\USBXHCI.SYS 325727F01F03C504CF788618A13DC266
C:\Windows\System32\drivers\vdrvroot.sys E1BE37312785A71862516F66B3FD24CE
C:\Windows\System32\drivers\VerifierExt.sys E42C0F2850735FF9D908B9DB581E6314
C:\Windows\System32\drivers\vhdmp.sys EC15FD6A28757793E2DA394CD94ABD52
C:\Windows\System32\drivers\vhf.sys D0C9632C350F46786643A069251BC249
C:\Windows\System32\drivers\vmbus.sys E886CB75DA2B6EB35469EF10135624C7
C:\Windows\System32\drivers\VMBusHID.sys 46D2EC27820EC0F798F85821E53C2942
C:\Windows\System32\drivers\volmgr.sys B9265F47E7A354BAAA0AF5CBA3F8F7CE
C:\Windows\System32\drivers\volmgrx.sys BEE9C8B72AB752B794F69C2B9B3678AA
C:\Windows\System32\drivers\volsnap.sys E1F91A727A04C9F8199D04FF3BBBF63C
C:\Windows\System32\drivers\vpci.sys F7B1B1101271E31F43CC76E890704F51
C:\Windows\System32\drivers\vsmraid.sys D48ED0A08BD2FD25A833E6AC99623091
C:\Windows\System32\drivers\vstxraid.sys 6990D4AFDF545669D4E6C232F26DE1FB
C:\Windows\System32\drivers\vwifibus.sys 1EE11F0508C58EF081F4176E66D6970B
C:\Windows\System32\drivers\vwififlt.sys 938E4EF58E42D252B742B0E243011B90
C:\Windows\System32\drivers\vwifimp.sys 3BE5AAC930447FD18D4A8255A2FEC95C
C:\Windows\System32\drivers\wacompen.sys 00C27B64C758C111E5D78A70DE6CA2B6
C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491
C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491
C:\Windows\System32\drivers\WdBoot.sys 069D3D6E20AD753B34FCE856F0436869
C:\Windows\System32\drivers\Wdf01000.sys 6CC727E94CD84E9720FDCDA8089CABCC
C:\Windows\System32\drivers\WdFilter.sys E3E97151A1D1E87BB2D5371F66C5F169
C:\Windows\System32\DRIVERS\wdiwifi.sys E70DDD8E2245CC67547B0861983912D8
C:\Windows\System32\Drivers\WdNisDrv.sys 07B043160399AF4009054E2EA3464BF4
C:\Windows\System32\drivers\wfplwfs.sys C11272713719922DE5711094333BD166
C:\Windows\System32\drivers\wimmount.sys EF536C54AB9281FDC4E83B07279FCFC4
C:\Windows\System32\drivers\WindowsTrustedRT.sys D8966A76408107224C6013993135DD78
C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 8B102A7B6CE326FD4208CC7C2D183343
C:\Windows\System32\drivers\winmad.sys 4A53441C1C4D2878BEF27E381138BB2D
C:\Windows\System32\drivers\WinUSB.SYS 260907CE034FE327AC99BDA4153AB22F
C:\Windows\System32\drivers\winverbs.sys 40A3E8D729F458B2C9A8BD9380FF83D5
C:\Windows\System32\drivers\wmiacpi.sys 8F010BF65238F3F822D22BA12831796E
C:\Windows\System32\Drivers\Wof.sys 2A9650FCC696DB28E45EA8B33B99B8E6
C:\Windows\System32\DRIVERS\wpcfltr.sys 22C52D7EE7C7D0E02C8EFD8CAE8E3A71
C:\Windows\System32\drivers\WpdUpFltr.sys 1C08E424CBDD5065BB7266F8C048C1B1
C:\Windows\system32\drivers\ws2ifsl.sys 638B43D39A3D0B47024555CF1095E6F1
C:\Windows\System32\drivers\WudfPf.sys A928F25CB62232F413EE655352856E10
C:\Windows\System32\drivers\WudfRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
C:\Windows\system32\DRIVERS\WUDFRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD
C:\Windows\System32\drivers\xboxgip.sys 80BC02A73A3949A7AEF34791206C7D7F
C:\Windows\System32\drivers\xinputhid.sys 1F1EF8E701859581251B52035C1C1CEF
C:\Users\Debra\AppData\Local\Temp\aswMBR.sys AE358AA704ED7BD4A592053426237065
C:\Users\Debra\AppData\Local\Temp\aswVmm.sys A6542A6E95461458FD386D4A40417F31
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-17 18:21 - 2016-01-17 18:21 - 00036670 _____ C:\Users\Debra\Downloads\FRST.txt
2016-01-17 18:17 - 2016-01-17 18:19 - 02370560 _____ (Farbar) C:\Users\Debra\Downloads\FRST64.exe
2016-01-17 18:16 - 2016-01-17 18:16 - 00001467 _____ C:\Users\Debra\Desktop\aswMBR.txt
2016-01-17 18:16 - 2016-01-17 18:16 - 00000512 _____ C:\Users\Debra\Desktop\MBR.dat
2016-01-17 17:43 - 2016-01-17 17:44 - 05200384 _____ (AVAST Software) C:\Users\Debra\Downloads\aswmbr.exe
2016-01-17 14:12 - 2016-01-17 14:13 - 01754112 _____ C:\Users\Debra\Downloads\AdwCleaner (1).exe
2016-01-17 14:04 - 2016-01-17 14:06 - 00000000 ____D C:\AdwCleaner
2016-01-17 14:03 - 2016-01-17 14:04 - 01754112 _____ C:\Users\Debra\Downloads\AdwCleaner.exe
2016-01-17 13:59 - 2016-01-17 13:59 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-MYBABY-Windows-10-Home-(64-bit).dat
2016-01-17 13:59 - 2016-01-17 13:59 - 00000000 ____D C:\RegBackup
2016-01-17 13:58 - 2016-01-17 13:58 - 01388544 _____ (Indigo Rose Corporation) C:\Users\Debra\Desktop\uninstall.exe
2016-01-17 13:58 - 2016-01-17 13:58 - 00329944 _____ (Lua.org) C:\Users\Debra\Desktop\lua5.1.dll
2016-01-17 13:58 - 2016-01-17 13:58 - 00001547 _____ C:\Users\Debra\Desktop\Tweaking.com - Registry Backup.lnk
2016-01-17 13:58 - 2016-01-17 13:58 - 00000000 ____D C:\Users\Debra\Desktop\Uninstall
2016-01-17 13:58 - 2016-01-17 13:58 - 00000000 ____D C:\Users\Debra\Desktop\files
2016-01-17 13:58 - 2016-01-17 13:58 - 00000000 ____D C:\Users\Debra\Desktop\color_presets
2016-01-17 13:58 - 2016-01-17 13:58 - 00000000 ____D C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-01-17 13:40 - 2016-01-17 13:59 - 00013768 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2016-01-17 13:40 - 2016-01-17 13:40 - 04777232 _____ (Tweaking.com) C:\Users\Debra\Downloads\tweaking.com_registry_backup_setup (1).exe
2016-01-17 13:38 - 2016-01-17 13:38 - 04777232 _____ (Tweaking.com) C:\Users\Debra\Downloads\tweaking.com_registry_backup_setup.exe
2016-01-16 19:23 - 2016-01-16 19:23 - 00044715 _____ C:\Users\Debra\Downloads\msg0018 (1).WAV
2016-01-15 10:29 - 2016-01-15 10:29 - 00021835 _____ C:\Users\Debra\Downloads\msg0011.WAV
2016-01-14 18:13 - 2016-01-14 18:14 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-01-14 18:09 - 2016-01-14 18:10 - 22908888 _____ (Malwarebytes ) C:\Users\Debra\Downloads\mbam-setup-2.2.0.1024.exe
2016-01-14 09:45 - 2016-01-14 09:46 - 00407758 _____ C:\Users\Debra\Downloads\babbling brook 1 14 16.pdf
2016-01-14 08:56 - 2016-01-14 08:56 - 00006820 _____ C:\Users\Debra\Downloads\msg0015.WAV
2016-01-14 08:55 - 2016-01-14 08:55 - 00032430 _____ C:\Users\Debra\Downloads\msg0016 (1).WAV
2016-01-13 11:39 - 2016-01-13 11:39 - 00039385 _____ C:\Users\Debra\Downloads\msg0014.WAV
2016-01-12 17:15 - 2016-01-12 17:15 - 00023655 _____ C:\Users\Debra\Downloads\msg0012 (1).WAV
2016-01-12 17:12 - 2016-01-12 17:12 - 00023655 _____ C:\Users\Debra\Downloads\msg0012.WAV
2016-01-12 15:37 - 2016-01-04 21:51 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-01-12 15:37 - 2016-01-04 21:50 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-01-12 15:37 - 2016-01-04 21:49 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-01-12 15:37 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-01-12 15:37 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-01-12 15:37 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-01-12 15:37 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-01-12 15:37 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-01-12 15:37 - 2016-01-04 21:37 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-01-12 15:37 - 2016-01-04 21:37 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-01-12 15:37 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-01-12 15:37 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-01-12 15:37 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-01-12 15:37 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-01-12 15:37 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-01-12 15:37 - 2016-01-04 21:33 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-01-12 15:37 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-01-12 15:37 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-01-12 15:37 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-01-12 15:37 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-01-12 15:37 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-01-12 15:37 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-01-12 15:37 - 2016-01-04 20:59 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-01-12 15:37 - 2016-01-04 20:57 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-01-12 15:37 - 2016-01-04 20:50 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-01-12 15:37 - 2016-01-04 20:49 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-01-12 15:37 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-01-12 15:37 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-01-12 15:37 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-01-12 15:37 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-01-12 15:37 - 2016-01-04 20:41 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-01-12 15:37 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-01-12 15:37 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-01-12 15:37 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-01-12 15:37 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-01-12 15:37 - 2016-01-04 20:33 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-01-12 15:37 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-01-12 15:37 - 2016-01-04 20:30 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-01-12 15:37 - 2016-01-04 20:29 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-01-12 15:37 - 2016-01-04 20:28 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-01-12 15:37 - 2016-01-04 20:28 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-01-12 15:37 - 2016-01-04 20:25 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-01-12 15:36 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-01-12 15:36 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-01-12 15:36 - 2016-01-04 21:50 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-01-12 15:36 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-01-12 15:36 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-01-12 15:36 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-01-12 15:36 - 2016-01-04 21:33 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-01-12 15:36 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-01-12 15:36 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-01-12 15:36 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-01-12 15:36 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-01-12 15:36 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-01-12 15:36 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-01-12 15:36 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-01-12 15:36 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-01-12 15:36 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-01-12 15:36 - 2016-01-04 20:54 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-01-12 15:36 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-01-12 15:36 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-01-12 15:36 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-01-12 15:36 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-01-12 15:36 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-01-12 15:36 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-01-12 15:36 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-01-12 15:36 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-01-12 15:36 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-01-12 15:36 - 2016-01-04 20:49 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-01-12 15:36 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-01-12 15:36 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-01-12 15:36 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-01-12 15:36 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-01-12 15:36 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-01-12 15:36 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-01-12 15:36 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-01-12 15:36 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-01-12 15:36 - 2016-01-04 20:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-01-12 15:36 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-01-12 15:36 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-01-12 15:36 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-01-12 15:36 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-01-12 15:36 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-01-12 15:36 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-01-12 15:36 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-01-12 15:36 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-01-12 15:36 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-01-12 15:36 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-01-12 15:36 - 2016-01-04 20:28 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-01-08 11:42 - 2016-01-08 11:42 - 00029765 _____ C:\Users\Debra\Downloads\msg0003.WAV
2016-01-08 11:35 - 2016-01-08 11:35 - 00077150 _____ C:\Users\Debra\Downloads\msg0027.WAV
2016-01-08 11:01 - 2016-01-08 11:01 - 00006943 _____ C:\Users\Debra\Downloads\retrievedocument (2).pdf
2016-01-07 12:37 - 2016-01-07 12:37 - 00026970 _____ C:\Users\Debra\Downloads\msg0026.WAV
2016-01-06 05:46 - 2016-01-06 05:46 - 00026905 _____ C:\Users\Debra\Downloads\msg0022 (2).WAV
2016-01-05 23:00 - 2016-01-05 23:00 - 00927824 _____ (Google Inc.) C:\Users\Debra\Downloads\GoogleVoiceAndVideoSetup.exe
2016-01-05 14:43 - 2016-01-05 14:43 - 00026905 _____ C:\Users\Debra\Downloads\msg0022 (1).WAV
2016-01-05 14:42 - 2016-01-05 14:42 - 00026905 _____ C:\Users\Debra\Downloads\msg0022.WAV
2016-01-05 07:58 - 2016-01-05 07:59 - 13990363 _____ C:\Users\Debra\Downloads\MEDITAM-CHRISTINE-GUESS-NEW-102315.pdf
2016-01-04 18:18 - 2016-01-04 18:19 - 01018694 _____ C:\Users\Debra\Downloads\orca_share_media1451948151338.AMR
2016-01-03 19:25 - 2016-01-03 19:25 - 00665802 _____ C:\Users\Debra\Documents\IMG_20160103_0004.pdf
2016-01-03 19:25 - 2016-01-03 19:25 - 00193682 _____ C:\Users\Debra\Documents\IMG_20160103_0005.pdf
2016-01-03 19:24 - 2016-01-03 19:24 - 00526014 _____ C:\Users\Debra\Documents\IMG_20160103_0003.pdf
2016-01-03 19:23 - 2016-01-03 19:23 - 00731528 _____ C:\Users\Debra\Documents\IMG_20160103_0002.pdf
2016-01-03 19:21 - 2016-01-03 19:21 - 00495862 _____ C:\Users\Debra\Documents\IMG_20160103_0001.pdf
2016-01-02 20:03 - 2016-01-02 20:03 - 00064020 _____ C:\Users\Debra\Downloads\msg0016.WAV
2016-01-01 12:32 - 2016-01-01 12:32 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-31 10:31 - 2015-12-06 23:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-31 10:31 - 2015-12-06 23:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-31 10:31 - 2015-12-06 23:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-31 10:31 - 2015-12-06 23:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-31 10:31 - 2015-12-06 23:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-31 10:31 - 2015-12-06 23:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-31 10:31 - 2015-12-06 23:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-31 10:31 - 2015-12-06 23:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-31 10:31 - 2015-12-06 23:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-31 10:31 - 2015-12-06 23:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-31 10:31 - 2015-12-06 23:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-31 10:31 - 2015-12-06 23:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-31 10:31 - 2015-12-06 23:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-31 10:31 - 2015-12-06 23:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-31 10:31 - 2015-12-06 23:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-31 10:31 - 2015-12-06 23:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-31 10:31 - 2015-12-06 23:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-31 10:31 - 2015-12-06 23:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-31 10:31 - 2015-12-06 23:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-31 10:31 - 2015-12-06 23:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-31 10:31 - 2015-12-06 23:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-31 10:31 - 2015-12-06 23:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-31 10:31 - 2015-12-06 23:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-31 10:31 - 2015-12-06 23:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-31 10:31 - 2015-12-06 23:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-31 10:31 - 2015-12-06 23:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-31 10:31 - 2015-12-06 23:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-31 10:31 - 2015-12-06 23:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-31 10:31 - 2015-12-06 23:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-31 10:31 - 2015-12-06 22:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-31 10:31 - 2015-12-06 22:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-31 10:31 - 2015-12-06 22:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-31 10:31 - 2015-12-06 22:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-31 10:31 - 2015-12-06 22:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-31 10:31 - 2015-12-06 22:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-31 10:31 - 2015-12-06 22:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-31 10:31 - 2015-12-06 22:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-31 10:31 - 2015-12-06 22:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-31 10:31 - 2015-12-06 22:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-31 10:31 - 2015-12-06 22:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-31 10:31 - 2015-12-06 22:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-31 10:31 - 2015-12-06 22:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-31 10:31 - 2015-12-06 22:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-31 10:31 - 2015-12-06 22:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-31 10:31 - 2015-12-06 22:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-31 10:31 - 2015-12-06 22:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-31 10:31 - 2015-12-06 22:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-31 10:31 - 2015-12-06 22:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-31 10:31 - 2015-12-06 22:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-31 10:31 - 2015-12-06 22:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-31 10:31 - 2015-12-06 22:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-31 10:31 - 2015-12-06 22:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-31 10:31 - 2015-12-06 22:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-31 10:31 - 2015-12-06 22:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-31 10:31 - 2015-12-06 22:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-31 10:31 - 2015-12-06 22:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-31 10:31 - 2015-12-06 22:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-31 10:31 - 2015-12-06 22:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-31 10:31 - 2015-12-06 22:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-31 10:31 - 2015-12-06 22:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-31 10:31 - 2015-12-06 22:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-31 10:31 - 2015-12-06 22:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-31 10:31 - 2015-12-01 02:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-31 10:31 - 2015-11-24 07:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-31 10:31 - 2015-11-24 06:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-31 10:31 - 2015-11-24 05:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-31 10:31 - 2015-11-24 04:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-31 10:31 - 2015-11-24 04:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-31 10:31 - 2015-11-24 04:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-31 10:31 - 2015-11-24 04:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-31 10:31 - 2015-11-24 04:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-31 10:31 - 2015-11-24 04:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-31 10:31 - 2015-11-24 03:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-31 10:31 - 2015-11-24 03:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-31 10:31 - 2015-11-24 03:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-31 10:31 - 2015-11-24 03:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-31 10:31 - 2015-11-24 02:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-31 10:31 - 2015-11-24 02:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-31 10:31 - 2015-11-24 02:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-31 10:31 - 2015-11-24 02:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-31 10:31 - 2015-11-24 02:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-31 10:31 - 2015-11-24 02:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-31 10:31 - 2015-11-22 05:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-31 10:31 - 2015-11-22 05:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-31 10:31 - 2015-11-22 05:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-31 10:31 - 2015-11-22 05:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-31 10:31 - 2015-11-22 05:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-31 10:31 - 2015-11-22 05:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-31 10:31 - 2015-11-22 05:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-31 10:31 - 2015-11-22 05:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-31 10:31 - 2015-11-22 05:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-31 10:31 - 2015-11-22 05:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-31 10:31 - 2015-11-22 05:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-31 10:31 - 2015-11-22 05:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-31 10:31 - 2015-11-22 05:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-31 10:31 - 2015-11-22 05:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-31 10:31 - 2015-11-22 05:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-31 10:31 - 2015-11-22 04:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-31 10:31 - 2015-11-22 04:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-31 10:31 - 2015-11-22 04:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-31 10:31 - 2015-11-22 04:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-31 10:31 - 2015-11-22 04:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-31 10:31 - 2015-11-22 04:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-31 10:31 - 2015-11-22 04:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-31 10:31 - 2015-11-22 04:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-31 10:31 - 2015-11-22 04:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-31 10:31 - 2015-11-22 04:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-31 10:31 - 2015-11-22 04:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-31 10:31 - 2015-11-22 04:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-31 10:31 - 2015-11-22 04:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-31 10:31 - 2015-11-22 04:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-31 10:31 - 2015-11-22 04:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-31 10:31 - 2015-11-22 04:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-31 10:31 - 2015-11-22 04:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-31 10:31 - 2015-11-22 04:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-31 10:31 - 2015-11-22 04:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-31 10:31 - 2015-11-22 04:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-31 10:31 - 2015-11-22 04:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-31 10:31 - 2015-11-22 04:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-31 10:31 - 2015-11-22 04:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-31 10:31 - 2015-11-22 04:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-31 10:31 - 2015-11-22 04:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-31 10:31 - 2015-11-22 04:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-31 10:31 - 2015-11-22 04:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-31 10:31 - 2015-11-22 04:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-31 10:31 - 2015-11-22 04:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-31 10:31 - 2015-11-22 04:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-31 10:31 - 2015-11-22 04:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-31 10:31 - 2015-11-22 04:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-31 10:31 - 2015-11-22 04:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-31 10:31 - 2015-11-22 04:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-31 10:31 - 2015-11-22 04:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-31 10:31 - 2015-11-22 04:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-31 10:31 - 2015-11-22 04:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-31 10:31 - 2015-11-22 04:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-31 10:31 - 2015-11-22 04:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-31 10:31 - 2015-11-22 04:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-31 10:31 - 2015-11-22 04:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-31 10:31 - 2015-11-22 04:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-31 10:31 - 2015-11-22 04:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-31 10:31 - 2015-11-22 04:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-31 10:31 - 2015-11-22 04:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-31 10:31 - 2015-11-22 04:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-31 10:31 - 2015-11-22 04:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-31 10:31 - 2015-11-22 04:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-31 10:31 - 2015-11-22 04:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-31 10:31 - 2015-11-22 04:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-31 10:31 - 2015-11-22 04:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-31 10:31 - 2015-11-22 04:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-31 10:31 - 2015-11-22 04:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-31 10:31 - 2015-11-22 04:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-31 10:31 - 2015-11-22 04:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-31 10:31 - 2015-11-22 04:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-31 10:31 - 2015-11-22 04:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-31 10:31 - 2015-11-22 04:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-31 10:31 - 2015-11-22 04:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-31 10:31 - 2015-11-22 04:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-31 10:31 - 2015-11-22 04:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-31 10:31 - 2015-11-22 04:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-31 10:30 - 2015-12-06 23:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-31 10:30 - 2015-12-06 23:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-31 10:30 - 2015-12-06 23:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-31 10:30 - 2015-12-06 23:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-31 10:30 - 2015-12-06 23:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-31 10:30 - 2015-11-24 05:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-31 10:30 - 2015-11-24 04:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-31 10:30 - 2015-11-24 03:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-31 10:30 - 2015-11-22 05:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-31 10:30 - 2015-11-22 05:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-31 10:30 - 2015-11-22 04:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-31 10:30 - 2015-11-22 04:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-31 10:30 - 2015-11-22 04:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-31 10:30 - 2015-11-22 04:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-31 10:30 - 2015-11-22 04:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-31 10:30 - 2015-11-22 04:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-31 10:30 - 2015-11-22 04:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-31 10:30 - 2015-11-22 04:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-31 10:30 - 2015-11-22 04:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-31 10:30 - 2015-11-22 04:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-31 10:30 - 2015-11-22 04:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-31 10:30 - 2015-11-22 04:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-31 10:30 - 2015-11-22 04:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-31 10:30 - 2015-11-22 04:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-31 10:30 - 2015-11-22 04:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-31 10:30 - 2015-11-22 04:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-31 10:30 - 2015-11-22 04:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-31 10:30 - 2015-11-22 04:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-31 10:30 - 2015-11-22 04:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-31 10:30 - 2015-11-22 04:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-31 10:30 - 2015-11-22 04:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-31 10:30 - 2015-11-22 04:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-31 10:30 - 2015-11-22 04:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-31 10:30 - 2015-11-22 04:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-31 10:30 - 2015-11-22 04:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-31 10:30 - 2015-11-22 04:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-31 10:30 - 2015-11-22 04:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-31 10:30 - 2015-11-22 04:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-31 10:30 - 2015-11-22 04:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-31 10:30 - 2015-11-22 04:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-31 10:30 - 2015-11-22 04:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-31 10:30 - 2015-11-22 04:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-31 10:30 - 2015-11-22 04:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-31 10:30 - 2015-11-22 04:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-31 10:30 - 2015-11-22 04:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-31 10:30 - 2015-11-22 04:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-31 10:30 - 2015-11-22 04:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-31 10:30 - 2015-11-22 04:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-31 10:30 - 2015-11-22 04:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-31 10:30 - 2015-11-22 04:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-31 10:30 - 2015-11-22 04:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-31 10:30 - 2015-11-22 04:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-31 10:30 - 2015-11-22 04:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-31 10:30 - 2015-11-22 04:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-31 10:30 - 2015-11-22 04:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-31 10:30 - 2015-11-22 04:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-31 10:30 - 2015-11-22 04:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-31 10:30 - 2015-11-22 04:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-31 10:30 - 2015-11-22 04:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-31 10:30 - 2015-11-22 04:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-31 10:30 - 2015-11-22 04:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-31 10:30 - 2015-11-22 04:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-31 10:30 - 2015-11-22 04:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-31 10:30 - 2015-11-22 04:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-31 10:30 - 2015-11-22 04:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-31 10:30 - 2015-11-22 04:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-31 10:30 - 2015-11-22 04:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-31 10:30 - 2015-11-22 04:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-31 09:00 - 2015-12-31 09:00 - 00016180 _____ C:\Users\Debra\Downloads\msg0009.WAV
2015-12-31 09:00 - 2015-12-31 09:00 - 00016180 _____ C:\Users\Debra\Downloads\msg0009 (1).WAV
2015-12-31 08:24 - 2015-12-31 08:24 - 00000000 ____D C:\Users\Debra\AppData\Local\ActiveSync
2015-12-31 08:22 - 2015-12-31 08:22 - 00000020 ___SH C:\Users\Debra\ntuser.ini
2015-12-31 07:22 - 2015-12-31 08:24 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-31 07:20 - 2015-12-31 07:20 - 00000000 ____D C:\Windows.old
2015-12-31 07:19 - 2015-12-31 07:19 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-31 07:19 - 2015-12-31 07:19 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-31 07:19 - 2015-12-31 07:19 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-31 07:19 - 2015-12-31 07:19 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-31 07:19 - 2015-12-31 07:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-31 07:19 - 2015-12-31 07:19 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-31 07:19 - 2015-12-31 07:19 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-31 07:19 - 2015-12-31 07:19 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-31 07:19 - 2015-12-31 07:19 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-31 07:19 - 2015-12-31 07:19 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-31 07:19 - 2015-12-31 07:19 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-31 07:19 - 2015-12-31 07:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-31 07:19 - 2015-12-31 07:19 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-31 07:19 - 2015-12-31 07:19 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-31 07:19 - 2015-12-31 07:19 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-31 07:19 - 2015-12-31 07:19 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-31 07:19 - 2015-12-31 07:19 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-31 07:19 - 2015-12-31 07:19 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-31 07:18 - 2015-12-31 07:18 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-31 07:16 - 2015-12-31 07:16 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-31 07:16 - 2015-12-31 07:16 - 00000000 ____D C:\Program Files\MSBuild
2015-12-31 07:16 - 2015-12-31 07:16 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-31 07:16 - 2015-12-31 07:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-31 07:16 - 2015-10-23 20:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-31 07:16 - 2015-10-23 20:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-31 07:16 - 2015-10-23 20:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-31 07:16 - 2015-10-23 20:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-31 07:16 - 2015-10-23 20:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-31 07:16 - 2015-10-23 20:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-31 04:53 - 2015-12-31 04:53 - 00000000 _SHDL C:\Users\Default\My Documents
2015-12-31 04:53 - 2015-12-31 04:53 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-12-31 04:53 - 2015-12-31 04:53 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-12-31 04:53 - 2015-12-31 04:53 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-12-31 04:53 - 2015-12-31 04:53 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-12-31 04:53 - 2015-12-31 04:53 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-12-31 04:53 - 2015-12-31 04:53 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-12-31 04:47 - 2016-01-17 14:08 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-31 04:35 - 2015-12-31 04:35 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-31 04:31 - 2015-12-31 04:36 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-12-31 04:29 - 2016-01-14 17:26 - 00000000 ____D C:\Users\Debra
2015-12-31 04:29 - 2015-12-31 04:40 - 00000000 ____D C:\Users\Administrator
2015-12-31 04:29 - 2015-12-31 04:29 - 00000000 _SHDL C:\Users\Debra\My Documents
2015-12-31 04:29 - 2015-12-31 04:29 - 00000000 _SHDL C:\Users\Debra\Documents\My Videos
2015-12-31 04:29 - 2015-12-31 04:29 - 00000000 _SHDL C:\Users\Debra\Documents\My Pictures
2015-12-31 04:29 - 2015-12-31 04:29 - 00000000 _SHDL C:\Users\Debra\Documents\My Music
2015-12-31 04:29 - 2015-12-31 04:29 - 00000000 _SHDL C:\Users\Administrator\My Documents
2015-12-31 04:29 - 2015-12-31 04:29 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2015-12-31 04:29 - 2015-12-31 04:29 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2015-12-31 04:29 - 2015-12-31 04:29 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2015-12-31 04:27 - 2016-01-17 14:09 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-31 04:27 - 2015-12-31 04:27 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2015-12-31 04:27 - 2015-07-17 22:58 - 00086528 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-12-31 04:27 - 2015-07-17 22:58 - 00082432 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-12-31 04:26 - 2015-12-31 04:31 - 00000000 ____D C:\Program Files\Intel
2015-12-31 04:26 - 2015-12-31 04:26 - 00849474 _____ C:\WINDOWS\system32\Drivers\rtwavesskdy.dat
2015-12-31 04:26 - 2015-12-31 04:26 - 00192907 _____ C:\WINDOWS\system32\Drivers\RTWAVES40.dat
2015-12-31 04:26 - 2015-12-31 04:26 - 00031095 _____ C:\WINDOWS\system32\Drivers\rtwavesEFX.dat
2015-12-31 04:26 - 2015-12-31 04:26 - 00010945 _____ C:\WINDOWS\system32\Drivers\rtwavesMFX.dat
2015-12-31 04:26 - 2015-12-31 04:26 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-12-31 04:26 - 2015-12-31 04:26 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-12-31 04:26 - 2015-12-31 04:26 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-12-31 04:26 - 2015-12-31 04:26 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-12-31 04:26 - 2015-12-31 04:26 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2015-12-31 04:26 - 2015-12-31 04:26 - 00000000 ____D C:\Program Files\Realtek
2015-12-31 04:26 - 2015-12-31 04:26 - 00000000 ____D C:\Program Files\Common Files\Atheros
2015-12-31 04:26 - 2015-10-30 02:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-31 04:23 - 2016-01-02 03:32 - 00369432 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-30 16:42 - 2015-12-30 16:42 - 00005272 _____ C:\Users\Debra\Documents\fema1.pdf
2015-12-23 09:45 - 2015-12-23 09:45 - 00001157 _____ C:\Users\Debra\Downloads\adServerESI (2).js
2015-12-23 09:43 - 2015-12-23 09:43 - 00001157 _____ C:\Users\Debra\Downloads\adServerESI (1).js
2015-12-22 15:50 - 2015-12-22 15:50 - 00000385 _____ C:\Users\Debra\Downloads\msg0020 (1).WAV
2015-12-22 15:49 - 2015-12-22 15:49 - 00000385 _____ C:\Users\Debra\Downloads\msg0020.WAV
2015-12-22 09:08 - 2015-12-22 09:08 - 00031910 _____ C:\Users\Debra\Downloads\msg0018.WAV
2015-12-19 19:16 - 2015-12-19 19:16 - 00001157 _____ C:\Users\Debra\Downloads\adServerESI.js
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-01-17 18:21 - 2015-04-17 20:20 - 00000000 ____D C:\FRST
2016-01-17 16:46 - 2015-04-18 20:57 - 00001038 _____ C:\Users\Debra\Desktop\magicJack.lnk
2016-01-17 16:46 - 2015-04-18 20:57 - 00001024 _____ C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\magicJack.lnk
2016-01-17 16:46 - 2015-04-18 20:56 - 00000000 ____D C:\Users\Debra\AppData\Roaming\mjusbsp
2016-01-17 14:13 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-01-17 14:13 - 2015-08-08 13:40 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-01-17 14:09 - 2015-08-08 13:47 - 00000000 __SHD C:\Users\Debra\IntelGraphicsProfiles
2016-01-17 14:09 - 2014-09-11 18:17 - 00000000 __RDO C:\Users\Debra\OneDrive
2016-01-17 14:07 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-01-17 14:00 - 2012-05-17 22:51 - 00000797 _____ C:\Users\Debra\Desktop\Settings.ini
2016-01-17 13:59 - 2015-10-30 01:28 - 00000000 ____D C:\Windows
2016-01-17 13:39 - 2015-04-18 21:40 - 00000000 ____D C:\ProgramData\CanonIJPLM
2016-01-17 12:15 - 2015-08-08 14:45 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{75636260-DEBE-40AC-BABA-9EE9E28B6453}
2016-01-14 17:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-01-14 17:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-01-13 16:29 - 2015-04-19 04:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-01-13 16:26 - 2015-04-19 04:19 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-01-13 14:58 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-01-13 11:10 - 2015-12-09 12:37 - 00000000 ____D C:\Users\Debra\AppData\Local\ElevatedDiagnostics
2016-01-12 18:57 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-01-03 06:39 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-01-02 20:40 - 2015-10-30 02:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-01-02 20:40 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-01-02 03:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-01-02 03:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-01-02 03:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-01-02 03:30 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-01-01 03:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-12-31 12:08 - 2015-11-12 14:52 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2015-12-31 08:43 - 2014-09-11 18:15 - 00000000 ____D C:\Users\Debra\AppData\Local\Packages
2015-12-31 08:40 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-31 08:27 - 2015-08-08 13:51 - 00002365 _____ C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-31 08:23 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-31 08:23 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-31 08:23 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-12-31 08:22 - 2014-09-11 18:12 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-31 07:22 - 2015-10-30 02:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-31 07:20 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-31 07:20 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-31 04:53 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-31 04:53 - 2015-04-18 19:59 - 00051438 _____ C:\WINDOWS\diagwrn.xml
2015-12-31 04:53 - 2015-04-18 19:59 - 00051438 _____ C:\WINDOWS\diagerr.xml
2015-12-31 04:50 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Registration
2015-12-31 04:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-31 04:47 - 2015-11-12 14:52 - 00003812 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2015-12-31 04:47 - 2015-11-12 14:52 - 00002982 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2015-12-31 04:47 - 2015-10-30 02:24 - 00000000 __RSD C:\WINDOWS\Media
2015-12-31 04:47 - 2015-10-30 02:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-31 04:47 - 2015-08-08 13:41 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-12-31 04:47 - 2015-04-20 13:52 - 00003280 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
2015-12-31 04:47 - 2015-04-18 20:27 - 00002938 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1298665756-2822785880-394653188-1001
2015-12-31 04:47 - 2014-09-11 20:28 - 00002534 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2015-12-31 04:47 - 2014-09-11 20:28 - 00002534 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2015-12-31 04:47 - 2014-09-11 20:20 - 00002552 _____ C:\WINDOWS\System32\Tasks\PocketCloudUpdater
2015-12-31 04:47 - 2014-09-11 20:20 - 00002428 _____ C:\WINDOWS\System32\Tasks\PocketCloudVirtualChannel
2015-12-31 04:47 - 2014-09-11 20:20 - 00002326 _____ C:\WINDOWS\System32\Tasks\PocketCloud
2015-12-31 04:42 - 2014-09-11 20:21 - 00879220 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-12-31 04:36 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-31 04:36 - 2015-09-18 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-31 04:36 - 2015-04-20 12:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Respondus
2015-12-31 04:36 - 2015-04-18 21:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3500 series User Registration
2015-12-31 04:36 - 2015-04-18 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MG3500 series Manual
2015-12-31 04:36 - 2015-04-18 20:48 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice 4.1.1
2015-12-31 04:36 - 2014-09-11 20:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2015-12-31 04:36 - 2014-09-11 20:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
2015-12-31 04:36 - 2014-09-11 20:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-12-31 04:36 - 2014-09-11 20:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
2015-12-31 04:36 - 2014-09-11 20:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wyse
2015-12-31 04:35 - 2015-07-10 04:05 - 00000000 ____D C:\Users\Default.migrated
2015-12-31 04:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-12-31 04:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-12-31 04:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-12-31 04:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-12-31 04:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-31 04:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-31 04:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-12-31 04:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-12-31 04:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-12-31 04:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-12-31 04:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-12-31 04:33 - 2014-09-11 20:22 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-12-31 04:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-12-31 04:33 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-12-31 04:32 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-31 04:31 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-31 04:31 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\InputMethod
2015-12-31 04:31 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-31 04:31 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-31 04:31 - 2015-08-07 07:56 - 00000000 ___RD C:\Users\Debra\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-12-31 04:31 - 2015-04-18 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-12-31 04:31 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-12-31 04:30 - 2014-09-11 20:38 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2015-12-31 04:30 - 2014-09-11 20:23 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
2015-12-31 04:29 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-31 04:23 - 2015-10-30 04:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-31 04:05 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
 
==================== Files in the root of some directories =======
 
2015-12-31 04:26 - 2015-12-31 04:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2014-09-11 20:30 - 2014-09-11 20:30 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2014-09-11 20:27 - 2014-09-11 20:28 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2014-09-11 20:28 - 2014-09-11 20:29 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
2014-09-11 20:29 - 2014-09-11 20:30 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2014-09-11 20:27 - 2014-09-11 20:27 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
 
Some files in TEMP:
====================
C:\Users\Debra\AppData\Local\Temp\sqlite3.dll
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2016-01-10 15:40
 
==================== End of FRST.txt ============================

  • 0

#8
flowerchild552008

flowerchild552008

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-01-2015
Ran by Debra (2016-01-17 18:22:51)
Running from C:\Users\Debra\Downloads
Windows 10 Home (X64) (2015-12-31 09:54:04)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-1298665756-2822785880-394653188-500 - Administrator - Disabled) => C:\Users\Administrator
Debra (S-1-5-21-1298665756-2822785880-394653188-1001 - Administrator - Enabled) => C:\Users\Debra
DefaultAccount (S-1-5-21-1298665756-2822785880-394653188-503 - Limited - Disabled)
Guest (S-1-5-21-1298665756-2822785880-394653188-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1298665756-2822785880-394653188-1003 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.5.0.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version:  - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.0.0 - Canon Inc.)
Canon MG3500 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG3500_series) (Version:  - Canon Inc.)
Canon MG3500 series On-screen Manual (HKLM-x32\...\Canon MG3500 series On-screen Manual) (Version: 7.6.1 - Canon Inc.)
Canon MG3500 series User Registration (HKLM-x32\...\Canon MG3500 series User Registration) (Version:  - ‭Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 2.0.1 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 2.0.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.1.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.2.1 - Canon Inc.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.7.1.2 - Dell Inc.)
Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.7.1.2 - Dell Inc.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.5.1 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.93 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{287348C8-8B47-4C36-AF28-441A3B7D8722}) (Version: 1.1.1.14 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
magicJack (HKU\S-1-5-21-1298665756-2822785880-394653188-1001\...\magicJack) (Version: 4.1.7574.5297 - magicJack L.P.)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
OpenOffice 4.1.1 (HKLM-x32\...\{9395F41D-0F80-432E-9A59-B8E477E7E163}) (Version: 4.11.9775 - Apache Software Foundation)
PocketCloud (HKLM-x32\...\{D9752C7D-A595-4687-A0D5-362E9C311C55}) (Version: 2.7.14 - Wyse Technology)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.304 - Qualcomm Atheros Communications)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
Respondus LockDown Browser (HKLM-x32\...\{C0E5147E-C9F3-4360-9ED0-2E875F11766C}) (Version: 1.02.0001 - Respondus, Inc.)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1298665756-2822785880-394653188-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Debra\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {19C2437A-8A2F-4F4A-9C21-1F12925D3DFC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {280D1E49-8B56-4FFA-8AEC-63F771137F44} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2880ED1A-15A0-4555-844C-E9F35174FDDA} - System32\Tasks\PocketCloudVirtualChannel => C:\Program Files (x86)\Wyse\PocketCloud\WPCRDPVirtualChannelServer.exe [2013-08-22] ()
Task: {400B6FD6-5A4D-4719-9021-F278E92BD268} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4F87FBFF-80E6-4BB9-98B7-33DA97702C24} - System32\Tasks\PocketCloudUpdater => C:\Program
Task: {51276EDC-3ECC-4CBD-B701-A566698603BB} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2015-09-30] (Dell Inc.)
Task: {5377634F-D342-445C-A3E4-0693DADF806C} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [2013-03-04] (CyberLink)
Task: {57D95491-86BF-408E-A86C-ACAE7E621CB4} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\Power2Go8\CLVDLauncher.exe [2013-03-22] (CyberLink Corp.)
Task: {5868E34C-CFED-4EC4-BC6D-E060A42AE072} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5EEB1992-21CD-4C58-B963-8BFE5F9E0277} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {64FCBDE6-B279-4A17-9ACF-8F8C75ABE4DB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {654B8C1D-6BE7-47CA-80AC-CC97990F1690} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {6CD022BC-7FE4-435B-9C64-C2B06B51842B} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {79C905F8-00E8-42E2-9EC5-EB54A01E34CA} - System32\Tasks\PocketCloud => C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe [2013-08-22] ()
Task: {7AE7A4DF-B67F-481C-A5CB-EDAA5CACF047} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {84D6B51C-8D35-4E63-8772-43C2DCA5531B} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-10-29] (PC-Doctor, Inc.)
Task: {A3F2BEAF-1CC8-4683-8F1F-7A4C53AF6BC3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {A4229445-0F38-4ADF-A10E-93D77CA66CCA} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-15] (Microsoft Corporation)
Task: {B12BC0A3-66B1-45F6-AF44-41B3DDFA69E4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {C1AC573B-5901-4D09-8F81-A44E33CFF56C} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {D14632FA-4B4E-4C54-8E76-6EB6BF2EB60D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-01-13] (Microsoft Corporation)
Task: {DA6FEB95-3F61-4611-B15A-007C59D9E4D8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DF2ECCA0-2D4A-44FA-BBA7-0F67E5D56EC2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E3C01232-EBF2-4051-B111-3D3EE6BBBEC5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 

==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2013-08-22 13:40 - 2013-08-22 13:40 - 00016176 _____ () C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudService.exe
2015-09-18 09:31 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-04-18 21:49 - 2012-03-27 22:49 - 00140456 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-12-31 10:31 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-31 10:31 - 2015-11-22 05:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-28 22:49 - 2015-09-01 11:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-01-12 15:37 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-31 10:30 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-31 10:30 - 2015-12-06 23:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-31 10:30 - 2015-12-06 23:00 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-01-12 15:37 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 15:37 - 2016-01-04 20:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-12 15:37 - 2016-01-04 20:24 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-12 15:37 - 2016-01-04 20:26 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-17 23:35 - 2015-07-17 23:35 - 00396688 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-12-31 09:00 - 2015-12-31 09:01 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-09 16:03 - 2015-12-09 16:04 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-09 16:03 - 2015-12-09 16:04 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-20 00:38 - 2015-11-20 00:40 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-12-31 10:31 - 2015-12-06 23:59 - 03081568 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2016-01-08 00:48 - 2016-01-08 00:49 - 00048128 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.25.15.0_x64__8wekyb3d8bbwe\WinStoreTasksWrapper.dll
2016-01-08 12:30 - 2016-01-08 12:30 - 00069120 _____ () C:\Users\Debra\AppData\Local\Packages\26194krmigerg.scheduleplanner_8ec0x26xtr58c\AC\Microsoft\CLR_v4.0\NativeImages\SchedulePla12986bd4#\77cbea2eefee9e7ecb79a33c330811ce\SchedulePlanner.BackgroundTasks.ni.dll
2016-01-08 12:30 - 2016-01-08 12:30 - 04276736 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\39e564537c5352e2b8188b12b36ef6c7\Windows.ApplicationModel.ni.dll
2016-01-08 12:30 - 2016-01-08 12:30 - 00497664 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\b7bbc850bf34d27ecc703aa924911357\Windows.Foundation.ni.dll
2016-01-08 12:30 - 2016-01-08 12:30 - 01188864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\d9121c63905867093398f368e8eecd4d\Windows.Storage.ni.dll
2014-09-11 20:28 - 2013-03-04 22:40 - 00626240 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
2013-03-05 13:41 - 2013-03-05 13:41 - 00015424 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
2015-09-18 09:52 - 2015-09-18 09:52 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2015-12-31 09:00 - 2015-12-31 09:01 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-31 09:00 - 2015-12-31 09:01 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2014-09-11 20:20 - 2013-12-09 17:27 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 

==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 

==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 

==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 08:25 - 2013-08-22 08:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1298665756-2822785880-394653188-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Debra\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\img13.jpg
HKU\S-1-5-21-1298665756-2822785880-394653188-500\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 

==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{15361B8F-1B96-475D-859E-3768A91A9151}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{94CE34B2-A412-4F82-91C1-8D23E8DBE9DB}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\PocketCloudDesktopApp.exe
FirewallRules: [{DEAD2B4C-1E99-47D6-9A81-93769C50DCD7}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\AetherWindowsService.exe
FirewallRules: [{5027AECB-1B8B-4745-AEA3-2CFF0DFA8546}] => (Allow) C:\Program Files (x86)\Wyse\PocketCloud\WyseRemoteAccess.exe
FirewallRules: [{1E58CC9E-B734-44C1-A449-2C71A28D546B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
FirewallRules: [{2473F690-1076-4D7A-A9B1-E79EA055A33B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [TCP Query User{28029D9B-9940-4B73-AC93-00B20BA075DD}C:\users\debra\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\debra\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{1BA69691-2CB6-48A2-B340-2EBCC2BEDC29}C:\users\debra\appdata\roaming\mjusbsp\magicjack.exe] => (Allow) C:\users\debra\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [TCP Query User{3A5816B0-9E14-419D-92EA-4AA4B2C3BEEB}C:\users\debra\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\debra\appdata\roaming\mjusbsp\magicjack.exe
FirewallRules: [UDP Query User{DD610031-5645-4261-80F4-F9666DAC9004}C:\users\debra\appdata\roaming\mjusbsp\magicjack.exe] => (Block) C:\users\debra\appdata\roaming\mjusbsp\magicjack.exe
 
==================== Restore Points =========================
 
01-01-2016 09:01:28 Windows Update
06-01-2016 11:25:05 Windows Update
10-01-2016 04:53:44 Windows Modules Installer
13-01-2016 16:26:19 Windows Update
 
==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/17/2016 02:08:28 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_stisvc, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x844
Faulting application start time: 0xsvchost.exe_stisvc0
Faulting application path: svchost.exe_stisvc1
Faulting module path: svchost.exe_stisvc2
Report Id: svchost.exe_stisvc3
Faulting package full name: svchost.exe_stisvc4
Faulting package-relative application ID: svchost.exe_stisvc5
 
Error: (01/17/2016 02:06:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.10586.63, time stamp: 0x568b202a
Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x565185e4
Exception code: 0xc0000005
Fault offset: 0x00000000000780cd
Faulting process id: 0x1168
Faulting application start time: 0xMicrosoftEdge.exe0
Faulting application path: MicrosoftEdge.exe1
Faulting module path: MicrosoftEdge.exe2
Report Id: MicrosoftEdge.exe3
Faulting package full name: MicrosoftEdge.exe4
Faulting package-relative application ID: MicrosoftEdge.exe5
 
Error: (01/17/2016 11:38:22 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302
 
Error: (01/16/2016 11:38:21 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302
 
Error: (01/15/2016 12:44:19 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: ntdll.dll, version: 10.0.10586.20, time stamp: 0x56540c3b
Exception code: 0xc0000409
Fault offset: 0x000000000002114b
Faulting process id: 0x26c0
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
Error: (01/15/2016 11:38:32 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302
 
Error: (01/14/2016 05:26:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.10586.11, time stamp: 0x56457b23
Faulting module name: AUDIODG.EXE, version: 10.0.10586.11, time stamp: 0x56457b23
Exception code: 0xc0000005
Fault offset: 0x000000000000d67c
Faulting process id: 0xe6c
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5
 
Error: (01/14/2016 05:01:53 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.10586.20, time stamp: 0x56540c35
Faulting module name: chakra.dll, version: 11.0.10586.0, time stamp: 0x5632d2a7
Exception code: 0xc0000005
Fault offset: 0x00000000000ac873
Faulting process id: 0x2040
Faulting application start time: 0xmicrosoftedgecp.exe0
Faulting application path: microsoftedgecp.exe1
Faulting module path: microsoftedgecp.exe2
Report Id: microsoftedgecp.exe3
Faulting package full name: microsoftedgecp.exe4
Faulting package-relative application ID: microsoftedgecp.exe5
 
Error: (01/14/2016 11:39:13 AM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073422302
 
Error: (01/13/2016 04:26:32 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 

System errors:
=============
Error: (01/17/2016 02:11:54 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
 
Error: (01/17/2016 02:08:43 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Windows Image Acquisition (WIA) service terminated unexpectedly.  It has done this 1 time(s).
 
Error: (01/17/2016 02:07:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Wyse PocketCloud service failed to start due to the following error:
%%109
 
Error: (01/17/2016 02:07:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_4100db service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/17/2016 02:07:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_4100db service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/17/2016 02:07:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_4100db service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/17/2016 02:07:19 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_4100db service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (01/17/2016 02:07:19 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (01/17/2016 02:06:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The WMI Performance Adapter service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (01/17/2016 02:06:34 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).
 

CodeIntegrity:
===================================
  Date: 2016-01-14 17:35:04.682
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-14 17:27:06.409
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-11 04:29:28.220
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-10 11:38:36.890
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-06 11:26:49.721
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-02 03:33:40.802
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-01 11:38:44.606
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-31 04:47:35.554
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-31 04:40:57.571
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-31 04:24:28.615
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 

==================== Memory info ===========================
 
Processor: Intel® Pentium® CPU G3220 @ 3.00GHz
Percentage of memory in use: 59%
Total physical RAM: 4012.95 MB
Available physical RAM: 1644.95 MB
Total Virtual: 5164.95 MB
Available Virtual: 2283.67 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:457.56 GB) (Free:404.7 GB) NTFS
Drive d: (SYSRECOVERY) (Removable) (Total:14.89 GB) (Free:10.54 GB) FAT32
Drive g: () (Fixed) (Total:3.73 GB) (Free:3.5 GB) FAT32
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: B87D9F38)
 
Partition: GPT.
 
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: A9573C8B)
Partition 1: (Not Active) - (Size=3.7 GB) - (Type=0B)
 
========================================================
Disk: 2 (MBR Code: Windows 7 or 8) (Size: 14.9 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

  • 0

#9
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)
 

Critical Structure Corruption

This can be quite a issue with some machines running W10, has this ever occurred before? There are a fair few system errors denoted in the addition.txt but I do not think any of them are the root cause and doubt it is malware related either but certainly feasible. Plus may just be your machine does not like the awsMBR driver to name one other example.

Please check for myself if any problems are denoted in the Device Manager, how to so:-

Depress both the Windows key and X >> Device Manager

Will not let me paste here at all

This actually sounds like the LockDown Browser is active but no evidence of such denoted in the logs posted. Do please inform myself if this occurs again.

Custom FRST Script:

Please download the attached fixlist.txt(see below) and save to your Downloads folder.

  • Now right-click on FRST.exe and select Run as Administrator to start FRST.
  • Then click on the Fix button/radio tab >> at the Fix completed prompt click on OK
  • Your machine should now automatically reboot itself.
  • Post the contents of the newly created Fixlog in your next reply.
Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.

Scan with JRT:

Please download Junkware Removal Tool to your desktop.

Alternate download is here.

Note: Temp' disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.
  • Right-click on JRT.exe and select Run as Administrator to launch the application >> follow the on-screen prompt.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
Note: Reboot your machine and ensure all disabled security software is now enabled etc.

Next:

When completed the above, please post back the following in the order asked for:
  • How is your computer performing now, any further symptoms and or problems encountered?
  • Any issue's flagged in the Device Manager?
  • Custom FRST Script Log.
  • Junkware Removal Tool Log.

  • 0

#10
flowerchild552008

flowerchild552008

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

Hi Dakeyras,

 

Things not going as smoothly as hoped but that's the way things work! 

 

You may be correct in thinking that my system doesn't like the awsMBR as that is the first time that I've encountered the Critical Structure Corruption error.  Although I've never had the other problem either. 

 

You are right, there is a lockdown browser on my computer.  My daughter had to download it to be able to use some programs for school last spring.  I've not noticed it was even there before.

 

I was able to run FRST fix however the JRT would not download.  Error message saying signature is corrupt or invalid.  Let me know what to do about the JRT.  (I did disable Windows Defender but I have turned it back on)

 

Here is the Fixlog.

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-01-2015
Ran by Debra (2016-01-18 11:15:07) Run:3
Running from C:\Users\Debra\Downloads
Loaded Profiles: Debra (Available Profiles: Debra & Administrator)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CreateRestorePoint:
CloseProcesses:
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-12-23 09:45 - 2015-12-23 09:45 - 00001157 _____ C:\Users\Debra\Downloads\adServerESI (2).js
2015-12-23 09:43 - 2015-12-23 09:43 - 00001157 _____ C:\Users\Debra\Downloads\adServerESI (1).js
2015-12-19 19:16 - 2015-12-19 19:16 - 00001157 _____ C:\Users\Debra\Downloads\adServerESI.js
Task: {19C2437A-8A2F-4F4A-9C21-1F12925D3DFC} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {280D1E49-8B56-4FFA-8AEC-63F771137F44} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {400B6FD6-5A4D-4719-9021-F278E92BD268} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {5868E34C-CFED-4EC4-BC6D-E060A42AE072} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {5EEB1992-21CD-4C58-B963-8BFE5F9E0277} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {64FCBDE6-B279-4A17-9ACF-8F8C75ABE4DB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7AE7A4DF-B67F-481C-A5CB-EDAA5CACF047} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {A3F2BEAF-1CC8-4683-8F1F-7A4C53AF6BC3} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {DA6FEB95-3F61-4611-B15A-007C59D9E4D8} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {DF2ECCA0-2D4A-44FA-BBA7-0F67E5D56EC2} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {E3C01232-EBF2-4051-B111-3D3EE6BBBEC5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
cmd: bitsadmin /reset /allusers
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Hosts:
Emptytemp:
*****************
 
Restore point was successfully created.
Processes closed successfully.
HKU\.DEFAULT\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
C:\Users\Debra\Downloads\adServerESI (2).js => moved successfully
C:\Users\Debra\Downloads\adServerESI (1).js => moved successfully
C:\Users\Debra\Downloads\adServerESI.js => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{19C2437A-8A2F-4F4A-9C21-1F12925D3DFC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19C2437A-8A2F-4F4A-9C21-1F12925D3DFC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{280D1E49-8B56-4FFA-8AEC-63F771137F44}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{280D1E49-8B56-4FFA-8AEC-63F771137F44}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{400B6FD6-5A4D-4719-9021-F278E92BD268}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{400B6FD6-5A4D-4719-9021-F278E92BD268}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5868E34C-CFED-4EC4-BC6D-E060A42AE072}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5868E34C-CFED-4EC4-BC6D-E060A42AE072}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5EEB1992-21CD-4C58-B963-8BFE5F9E0277}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5EEB1992-21CD-4C58-B963-8BFE5F9E0277}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{64FCBDE6-B279-4A17-9ACF-8F8C75ABE4DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{64FCBDE6-B279-4A17-9ACF-8F8C75ABE4DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7AE7A4DF-B67F-481C-A5CB-EDAA5CACF047}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7AE7A4DF-B67F-481C-A5CB-EDAA5CACF047}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A3F2BEAF-1CC8-4683-8F1F-7A4C53AF6BC3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A3F2BEAF-1CC8-4683-8F1F-7A4C53AF6BC3}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA6FEB95-3F61-4611-B15A-007C59D9E4D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA6FEB95-3F61-4611-B15A-007C59D9E4D8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DF2ECCA0-2D4A-44FA-BBA7-0F67E5D56EC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DF2ECCA0-2D4A-44FA-BBA7-0F67E5D56EC2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E3C01232-EBF2-4051-B111-3D3EE6BBBEC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E3C01232-EBF2-4051-B111-3D3EE6BBBEC5}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
 
=========  bitsadmin /reset /allusers =========
 

BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
{27A362C2-5EE0-4635-868F-F2403E28F54F} canceled.
1 out of 1 jobs canceled.
 
========= End of CMD: =========
 

=========  ipconfig /flushdns =========
 

Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 

=========  netsh advfirewall reset =========
 
Ok.
 

========= End of CMD: =========
 

=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 

========= End of CMD: =========
 
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 569.6 MB temporary data Removed.
 

The system needed a reboot.
 
==== End of Fixlog 11:18:40 ====

 

 

 

 

 


  • 0

Advertisements


#11
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)

All acknolwedged you posted prior, now with regard to the below you mentioned:

JRT would not download. Error message saying signature is corrupt or invalid. Let me know what to do about the JRT.

Not a problem and we will merely try something else as follows...

Scan with Zoek:

Please download Zoek and save to to the desktop.

You will need to temp' disable your current installed Anti-Virus/Security software, how to do so can be read here.
  • Right-click on zoek.exe and select Run as Administrator(please be paitent as the actual Zoek grapical user interface may take some time to appear/load). .
  • Once the GUI(graphical user interface) has loaded >> click on the More Options tab >> select Auto Clean only.
  • Ensure the option Scan All Users is selected >> now click on the Run Script tab.
  • Zoek will momentary close and a new GUI will appear and the scan will commence.
  • Please be patient as the scan may take some time depending on the specifications of your computer.
  • Once the scan is completed a log file named zoek-results.log will open via notepad, post the contents in your next reply.
  • If the sytem requires a reboot after the aforementioned scan, click on OK at the prompt(the log will appear after the reboot).
  • The zoek-results.log can also be found on your system drive.
Note: Do not forget to re-enable your Security software after running the above scan!
  • 0

#12
flowerchild552008

flowerchild552008

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

Hello again, 

 

Here is the zoek log.  This was a pretty easy one.  Now let's see if it will let me past without a problem.

 

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Debra on Tue 01/19/2016 at 18:01:08.83.
Microsoft Windows 10 Home 10.0.10586  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Debra\Downloads\zoek.exe [Scan all users]  [Checkboxes used]
 
==== System Restore Info ======================
 
1/19/2016 6:05:23 PM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~3\Comms deleted successfully
C:\Users\Debra\AppData\Local\ActiveSync deleted successfully
C:\Users\Debra\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\Debra\AppData\Local\EmieSiteList deleted successfully
C:\Users\Debra\AppData\Local\EmieUserList deleted successfully
C:\Users\Debra\AppData\Local\NetworkTiles deleted successfully
C:\Users\Debra\AppData\Local\PackageStaging deleted successfully
C:\Users\Debra\AppData\Local\VirtualStore deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 

==== Deleting CLSID Registry Values ======================
 

==== Deleting Services ======================
 

==== Deleting Files \ Folders ======================
 
C:\PROGRA~3\{AA6BF06E-316C-487A-9BC2-5F06A43C56B1} deleted
C:\PROGRA~3\Package Cache deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/?...7&ocid=U147DHP"
"Default_Page_URL"="http://www.dell.com"
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Default_Page_URL"="http://go.microsoft..../?LinkId=69157"
"Start Page"="http://www.msn.com/?...7&ocid=U147DHP"
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...ms}&FORM=IE8SRC
HKCU\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.co...q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/...Box&FORM=IESR02
 
==== Empty IE Cache ======================
 
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Debra\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Debra\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Debra\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Debra\AppData\Local\Microsoft\Windows\INetCache\IE\N1S2NRWX will be deleted at reboot
C:\Users\Debra\AppData\Local\Microsoft\Windows\INetCache\IE\ZHRWX1AE will be deleted at reboot
 
==== Empty FireFox Cache ======================
 
No FireFox Profiles found
 
==== Empty Chrome Cache ======================
 
No Chrome User Data found
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
 
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=15 folders=9 15870255 bytes)
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\WINDOWS\Temp successfully emptied
C:\Users\Debra\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== Deleting Files / Folders ======================
 
"C:\Users\Debra\AppData\Local\Microsoft\Windows\INetCache\IE\N1S2NRWX" not found
"C:\Users\Debra\AppData\Local\Microsoft\Windows\INetCache\IE\ZHRWX1AE" not found
 
==== EOF on Tue 01/19/2016 at 18:19:23.04 ======================
 
H​a!   It worked!

  • 0

#13
Dakeyras

Dakeyras

    Anti-Malware Mammoth

  • Expert
  • 9,684 posts
Hi. :)
 

It worked!

Good, just two more scans as a final check/err on the side of caution etc. Afterwards inform myself if any further issues are remaining and post the scan results, thank you.

Malwarebytes Anti-Malware:

Please download the installer to your desktop(or use the installer you do have in your downloads folder if still present).
  • Right-click on mbam-setup-2.2.0.1024.exe and select Run as Administrator, then follow the prompts to install the program.
  • If the GUI(graphical user interface) for Malwarebytes Anti-Malware does not automatically appear, launch the application manually.
  • Click on Update Now >>, then click on the Settings tab >> Detection and Protection.
  • Under the Detection Options, ensure the following are selected:-
Use Advanced Heuristics Engine (Shuriken)
Scan for rootkits
Scan within archives
  • Now click on the Scan tab, ensure Threat Scan is selected >> click on Start Scan.
Note: If the following message is denoted, 'Could not load DDA driver'. Click on Yes, then allow your computer to reboot and continue afterwards etc.
  • If threats are detected, select Remove Selected or Quarantine >> click on the Apply Actions button >> click on Yes at the prompt to reboot.
  • Upon completion of the scan(or after the reboot), click on the History tab.
  • Click on Application Logs >> double-click on Scan Log.
  • Now click on the Export tab >> Copy to Clipboard, paste the log into your next reply for my review.
Note: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts, click OK to either and let MBAM proceed with the disinfection process, if asked to restart the computer, please do so immediately. Failure to reboot will prevent MBAM from removing all the malware.

Scan with Panda Cloud Cleaner:

Please download Panda Cloud Cleaner and save to your desktop.

Alternate downloads are here and here.
  • Right-click on PandaCloudCleaner.exe and select Run as Administrator >> Next > >> >> Next >
  • Ensure Launch Panda Cloud Cleaner is selected >> Finish >> once the GUI(graphical user interface) appears >> click on Accept and Scan
  • Please be patient as the scan may take some time to complete depending on your system's specifications.
  • Once the scan has completed, if Scan finished with detections is denoted in the GUI do not take any action and or have Panda Cloud Cleaner clean absolutely anything!
  • Now within the GUI click on the > tab >> then on View Report >> a notepad file should now open called PCloudCleaner.txt
  • Save this to your desktop and post the contents in your next reply.
  • Then click on Back >> Exit
Note: When I give the all clear feel free to uninstall Panda Cloud Cleaner if you so wish.
  • 0

#14
flowerchild552008

flowerchild552008

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

Hi,

Having problems with Panda Cloud Cleaner.  Everything went according to directions until I came to scan finished with detections. The arrows did not lead to a Tab or anything else in your description.  Is it possible to insert a screenshot?  If so, how do I include it here?

 

 

Here is the Scan Log:

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 1/20/2016
Scan Time: 9:26 AM
Logfile:
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.01.20.03
Rootkit Database: v2016.01.09.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Debra
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382414
Time Elapsed: 11 min, 43 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 1
PUP.Optional.InstallCore, C:\Users\Debra\Downloads\zipinstall.exe, Quarantined, [f2f1ec4fa9f03df99b619bb5b15055ab],
 
Physical Sectors: 0
(No malicious items detected)
 

(end)

  • 0

#15
flowerchild552008

flowerchild552008

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 123 posts

Finally!

Attached Thumbnails

  • 2016-01-20 - Copy.png

  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP