Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Norton 360 Suggests to run Power Eraser due to Outbound Traffic [Solve

Started by DMCEE , Mar 27 2016 02:13 AM

  • This topic is locked This topic is locked

#1
DMCEE
Posted 27 March 2016 - 02:13 AM

DMCEE

    Member

  • Member
  • PipPip
  • 13 posts

Each time I login to Windows 10, I receive a message from Norton 360 suggesting that I run Power Eraser due to a large amount of outbound traffic (see screen image below).  I am reluctant to run this app for fear of damaging my system.  

 

Can anyone assist in determining the meaning of this message and a possible solution?  It would be greatly appreciated.

 

Capture.JPG

 

 


  • 0

Advertisements

#2
Essexboy
Posted 27 March 2016 - 05:16 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Hi I will need to look at the system first

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
  • Select additions at the bottom
  • Press Scan button.
    frst.JPG
  • It will produce a log called FRST.txt in the same directory the tool is run from.
  • Please attach both logs generated.

  • 0

#3
DMCEE
Posted 27 March 2016 - 05:40 PM

DMCEE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

Each time I login to Windows 10, I receive a message from Norton 360 suggesting that I run Power Eraser due to a large amount of outbound traffic (see screen image below).  I am reluctant to run this app for fear of damaging my system.  

 

Can anyone assist in determining the meaning of this message and a possible solution?  It would be greatly appreciated.

 

<script pagespeed_no_defer="" type="text/javascript">//=d.offsetWidth&&0>=d.offsetHeight)a=!1;else{c=d.getBoundingClientRect();var f=document.body;a=c.top+("pageYOffset"in window?window.pageYOffset:(document.documentElement||f.parentNode||f).scrollTop);c=c.left+("pageXOffset"in window?window.pageXOffset:(document.documentElement||f.parentNode||f).scrollLeft);f=a.toString()+","+c;b.b.hasOwnProperty(f)?a=!1:(b.b[f]=!0,a=a<=b.e.height&&c<=b.e.width)}a&&(b.a.push(e),b.d[e]=!0)};p.prototype.checkImageForCriticality=function(b){b.getBoundingClientRect&&q(this,b)};h("pagespeed.CriticalImages.checkImageForCriticality",function(b){n.checkImageForCriticality(b)});h("pagespeed.CriticalImages.checkCriticalImages",function(){r(n)});var r=function(b){b.b={};for(var d=["IMG","INPUT"],a=[],c=0;c=a.length+e.length&&(a+=e)}b.g&&(e="&rd="+encodeURIComponent(JSON.stringify(s())),131072>=a.length+e.length&&(a+=e),d=!0);t=a;if(d){c=b.f;b=b.h;var f;if(window.XMLHttpRequest)f=new XMLHttpRequest;else if(window.ActiveXObject)try{f=new ActiveXObject("Msxml2.XMLHTTP")}catch(k){try{f=new ActiveXObject("Microsoft.XMLHTTP")}catch(u){}}f&&(f.open("POST",c+(-1==c.indexOf("?")?"?":"&")+"url="+encodeURIComponent(b)),f.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),f.send(a))}}},s=function(){var b={},d=document.getElementsByTagName("IMG");if(0==d.length)return{};var a=d[0];if(!("naturalWidth"in a&&"naturalHeight"in a))return{};for(var c=0;a=d[c];++c){var e=a.getAttribute("pagespeed_url_hash");e&&(!(e in b)&&0=b[e].k&&a.height>=b[e].j)&&(b[e]={rw:a.width,rh:a.height,ow:a.naturalWidth,oh:a.naturalHeight})}return b},t="";h("pagespeed.CriticalImages.getBeaconData",function(){return t});h("pagespeed.CriticalImages.Run",function(b,d,a,c,e,f){var k=new p(b,d,a,e,f);n=k;c&&m(function(){window.setTimeout(function(){r(k)},0)})});})();pagespeed.CriticalImages.Run('/mod_pagespeed_beacon','http://www.geekstogo.com/forum/index.php?s=ca8b32ed2d1cb5aaf8c314ffb91ca7b0&app=forums&module=ajax§ion=topics&do=quote&t=360307&p=2556565&md5check=64efecf75f4a5049bbcfc211b15d0fd7&isRte=1,zBX8hFeDQI,true,true,A225qx-LzMk');//]]></script> Capture.JPG&&0

 

 

Okay, here are the two reports for your information:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Doug (administrator) on DESKTOP-EGUU4T7 (27-03-2016 18:59:39)
Running from C:\Users\dougc\AppData\Local\Temp\scoped_dir176_17343
Loaded Profiles: Doug (Available Profiles: Doug)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe
(AOMEI Tech Co., Ltd.) C:\Program Files (x86)\AOMEI Backupper\ABService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\MOM.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\CCC.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
() C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell) C:\Program Files\Dell\Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.17801.0_x64__8wekyb3d8bbwe\Video.UI.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
(Opera Software) C:\Program Files (x86)\Opera\36.0.2130.32\opera.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [IntelTBRunOnce] => wscript.exe //b //nologo "C:\Program Files\Intel\TurboBoost\RunTBGadgetOnce.vbs"
HKLM\...\Run: [WavesSvc] => c:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [714672 2015-09-25] (Waves Audio Ltd.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel Corporation)
HKLM\...\Run: [QuickSet] => C:\Program Files\Dell\QuickSet\QuickSet.exe [7823824 2015-09-21] (Dell Inc.)
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25577864 2016-03-12] (Dropbox, Inc.)
HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2000896 2014-04-04] (iSkySoft)
HKLM-x32\...\Run: [Adobe Acrobat Speed Launcher] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrobat_sl.exe [37232 2008-06-12] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [Acrobat Assistant 8.0] => C:\Program Files (x86)\Adobe\Acrobat 9.0\Acrobat\Acrotray.exe [640376 2008-06-11] (Adobe Systems Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\AMD\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-06] (Advanced Micro Devices, Inc.)
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2015-12-10] ()
HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [433256 2015-11-05] (CyberGhost S.R.L.)
HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\...\Run: [ares] => C:\Program Files (x86)\Ares\Ares.exe [1425408 2015-12-25] (Seekar Ltd)
HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7943072 2016-03-01] (SUPERAntiSpyware)
HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8686296 2016-03-12] (Piriform Ltd)
HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\...\RunOnce: [Uninstall C:\Users\dougc\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\dougc\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\amd64"
HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\...\Policies\Explorer: [NoInstrumentation] 1
ShellIconOverlayIdentifiers: [  OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-19] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-19] (Symantec Corporation)
ShellIconOverlayIdentifiers: [  OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\buShell.dll [2016-02-19] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.34.dll [2016-03-12] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-02-16]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.292\SSScheduler.exe (McAfee, Inc.)
Startup: C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EasusTodoDiscountCoupon.txt [2016-03-23] ()
Startup: C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Welcome.vbs [2016-03-22] ()
Startup: C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\EasusTodoDiscountCoupon.txt [2016-03-23] ()
Startup: C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Welcome.vbs [2016-03-22] ()
BootExecute: autocheck autochk * Partizan
GroupPolicyScripts-x32\User: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 0.0.0.1 mssplus.mcafee.com
Tcpip\Parameters: [DhcpNameServer] 61.9.195.193 61.9.194.49
Tcpip\..\Interfaces\{2688dff0-c8ce-4fe1-bb5b-36e375b68b67}: [NameServer] 8.8.8.8,8.8.4.4,4.2.2.1,4.2.2.2,208.67.222.222,208.67.220.220,8.26.56.26,8.20.247.20,156.154.70.1,156.154.71.1
Tcpip\..\Interfaces\{48237012-f702-4b65-897d-507f375bf6c7}: [DhcpNameServer] 61.9.195.193 61.9.194.49
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com.au/?gws_rd=ssl
HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKU\S-1-5-21-1093210795-3861125405-2594234469-1001 -> {1EF56ABA-D965-41A7-9161-2FB96FFAFD77} URL = 
SearchScopes: HKU\S-1-5-21-1093210795-3861125405-2594234469-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11913&l=dis&prt=NSBU&chn=1000&geo=AU&ver=22&locale=en_AU&gct=kwd&qsrc=2869
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-03-14] (Google Inc.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-14] (Google Inc.)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-03-14] (Google Inc.)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2008-06-11] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-03-14] (Google Inc.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1093210795-3861125405-2594234469-1001 -> Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-1093210795-3861125405-2594234469-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-03-14] (Google Inc.)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2015-11-13] (Belarc, Inc.)
 
FireFox:
========
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-14] (VideoLAN)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-19] (Adobe Systems Inc.)
FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.6.0.142\coFFAddon
FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.6.0.142\coFFAddon [2016-03-20]
FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.6.0.142\coFFAddon
 
Chrome: 
=======
CHR DefaultSearchURL: Default -> hxxps://nortonsafe.search.ask.com/web?q={searchTerms}&o=APN11908&prt=cr
CHR DefaultSearchKeyword: Default -> NortonSafe
CHR DefaultSuggestURL: Default -> hxxp://ss-sym.ask.com/query?q={searchTerms}&sstype=prefix&li=ff
CHR Profile: C:\Users\dougc\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Adblock Plus) - C:\Users\dougc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-20]
CHR Extension: (Norton Security Toolbar) - C:\Users\dougc\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-03-22]
CHR Extension: (Norton Identity Safe) - C:\Users\dougc\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2016-03-24]
CHR Extension: (Norton Safe) - C:\Users\dougc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-03-24]
CHR Extension: (Chrome Web Store Payments) - C:\Users\dougc\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-20]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-20]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx <not found>
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\Exts\Chrome.crx [2016-03-20]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
 
Opera: 
=======
OPR Extension: (SurfEasy Proxy, an Opera Software Company) - C:\Users\dougc\AppData\Roaming\Opera Software\Opera Stable\Extensions\ebpielhlnnpkiddeeacoephkilopgblc [2016-03-22]
OPR Extension: (Adblock Plus) - C:\Users\dougc\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2016-03-22]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-23] (SUPERAntiSpyware.com)
R2 Backupper Service; C:\Program Files (x86)\AOMEI Backupper\ABService.exe [29912 2015-09-15] (AOMEI Tech Co., Ltd.)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [65640 2015-11-05] (CyberGhost S.R.L)
S3 cplspcon; C:\Windows\system32\IntelCpHDCPSvc.exe [605104 2015-11-10] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-27] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2015-12-27] (Dropbox, Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2016-01-15] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [36200 2016-01-11] ()
R2 Dell Product Registration; C:\Program Files\Dell\Product Registration\PRSvc.exe [32104 2016-01-25] (Dell)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2571352 2016-01-06] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [201816 2016-01-06] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [228216 2016-01-21] (Dell Inc.)
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [36904 2015-12-10] (CHENGDU YIWO Tech Development Co., Ltd)
S3 FLEXnet Licensing Service; C:\Program Files (x86)\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe [651720 2016-02-24] (Macrovision Europe Ltd.) [File not signed]
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19424 2015-11-17] (Intel Corporation)
R2 ibtsiva; C:\Program Files (x86)\Intel\Bluetooth\utilities\ibtsiva.exe [150256 2015-07-31] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [363440 2015-11-10] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-20] (Intel Corporation) [File not signed]
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-20] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2015-09-18] (Intel Corporation)
S2 KMService; C:\WINDOWS\SysWOW64\srvany.exe [8192 2015-12-28] () [File not signed]
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.292\McCHSvc.exe [293128 2016-02-06] (McAfee, Inc.)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268192 2015-12-02] ()
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\N360.exe [289080 2016-02-26] (Symantec Corporation)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-15] ()
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-01-20] (Enigma Software Group USA, LLC.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-03-14] (Dell Inc.)
R2 WavesSysSvc; c:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [578480 2015-09-25] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
S3 WsAppService; C:\Program Files (x86)\Wondershare\WAF\WsAppService.exe [252816 2015-04-30] (Wondershare)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3832224 2015-12-02] (Intel® Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R0 ambakdrv; C:\Windows\System32\ambakdrv.sys [30648 2015-02-26] () [File not signed]
R2 ammntdrv; C:\WINDOWS\system32\ammntdrv.sys [151480 2015-02-26] () [File not signed]
R2 amwrtdrv; C:\WINDOWS\system32\amwrtdrv.sys [17848 2015-02-26] () [File not signed]
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.6.0.142\Definitions\BASHDefs\20160316.006_902\BHDrvx64.sys [1766640 2016-03-16] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1606000.08E\ccSetx64.sys [173808 2016-02-24] (Symantec Corporation)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-13] (CyberLink)
R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-12] (Dell Computer Corporation)
R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-09-12] (Dell Computer Corporation)
R3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [19440 2015-05-09] (OSR Open Systems Resources, Inc.)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2016-02-04] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [157520 2016-03-22] (Symantec Corporation)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-12-27] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-27] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2015-12-10] ()
S3 FreshIO; C:\Program Files (x86)\FreshDevices\FreshDiagnose\FreshIO.sys [2410 2004-10-26] () [File not signed]
S3 gfiutil; C:\Windows\System32\drivers\gfiutil.sys [31264 2013-09-04] (ThreatTrack Security)
R3 HPMoA407; C:\Windows\System32\drivers\HPMoA407.sys [25088 2011-10-31] (Hewlett-Packard.)
R3 HPubA407; C:\Windows\System32\Drivers\HPubA407.sys [18944 2012-06-14] (Hewlett-Packard.)
R3 iaLPSS2_GPIO2; C:\Windows\System32\drivers\iaLPSS2_GPIO2.sys [84264 2015-06-17] (Intel Corporation)
R3 ibtusb; C:\Windows\system32\DRIVERS\ibtusb.sys [259312 2015-07-31] (Intel Corporation)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.6.0.142\Definitions\IPSDefs\20160324.001\IDSvia64.sys [767224 2016-03-21] (Symantec Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [185088 2015-08-31] (Intel Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.6.0.142\Definitions\VirusDefs\20160326.001\ENG64.SYS [138488 2016-03-22] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.6.0.142\Definitions\VirusDefs\20160326.001\EX64.SYS [2148080 2016-03-22] (Symantec Corporation)
R3 NETwNb64; C:\Windows\System32\drivers\Netwbw02.sys [3515152 2015-12-25] (Intel Corporation)
U0 Partizan; C:\Windows\SysWOW64\drivers\Partizan.sys [40304 2016-03-27] (Greatis Software)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-05-30] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-05-28] (Realsil Semiconductor Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-23] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-13] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R3 SRTSP; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSP64.SYS [928504 2016-02-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1606000.08E\SRTSPX64.SYS [50936 2016-02-24] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-24] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1606000.08E\SymELAM.sys [24192 2016-02-24] (Symantec Corporation)
R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-03-20] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1606000.08E\Ironx64.SYS [295664 2016-02-24] (Symantec Corporation)
R1 SymNetS; C:\Windows\system32\drivers\N360x64\1606000.08E\SYMNETS.SYS [577768 2016-02-24] (Symantec Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 MFE_RR; \??\C:\Users\dougc\AppData\Local\Temp\mfe_rr.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-27 18:59 - 2016-03-27 18:59 - 00000000 ____D C:\FRST
2016-03-27 18:58 - 2016-03-27 18:59 - 02374144 _____ (Farbar) C:\Users\dougc\Downloads\FRST64.exe
2016-03-27 17:31 - 2016-03-27 17:31 - 00001876 _____ C:\Users\dougc\Desktop\Play Star Trek 2013.lnk
2016-03-27 17:29 - 2016-03-27 17:31 - 00000000 ____D C:\StarTrek
2016-03-27 17:19 - 2016-03-27 18:20 - 00000000 ____D C:\Users\dougc\AppData\Roaming\StarTrekPC
2016-03-27 17:18 - 2016-03-27 17:18 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2016-03-27 15:37 - 2016-03-27 15:38 - 00040304 _____ (Greatis Software) C:\WINDOWS\SysWOW64\Drivers\Partizan.sys
2016-03-27 15:35 - 2016-03-27 15:35 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-27 15:33 - 2016-03-27 15:33 - 00001002 _____ C:\WINDOWS\SysWOW64\PARTIZAN.TXT
2016-03-27 15:16 - 2016-03-27 15:27 - 00000000 ____D C:\Users\dougc\Documents\RegRun2
2016-03-27 15:16 - 2016-03-27 15:21 - 00000000 ____D C:\Users\Public\Documents\regruninfo
2016-03-27 15:16 - 2016-03-27 15:16 - 00003418 _____ C:\WINDOWS\System32\Tasks\UnHackMe Task Scheduler
2016-03-27 15:16 - 2016-03-27 15:16 - 00001082 _____ C:\Users\dougc\Desktop\UnHackMe.lnk
2016-03-27 15:16 - 2016-03-27 15:16 - 00000002 RSHOT C:\WINDOWS\winstart.bat
2016-03-27 15:16 - 2016-03-27 15:16 - 00000002 RSHOT C:\WINDOWS\SysWOW64\CONFIG.NT
2016-03-27 15:16 - 2016-03-27 15:16 - 00000002 RSHOT C:\WINDOWS\SysWOW64\AUTOEXEC.NT
2016-03-27 15:16 - 2016-03-27 15:16 - 00000000 ____D C:\ProgramData\RegRun
2016-03-27 15:16 - 2016-03-27 15:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\UnHackMe
2016-03-27 15:16 - 2016-03-27 15:16 - 00000000 ____D C:\Program Files (x86)\UnHackMe
2016-03-27 15:16 - 2016-03-14 12:36 - 00012808 _____ (Greatis Software, LLC.) C:\WINDOWS\SysWOW64\Drivers\UnHackMeDrv.sys
2016-03-27 15:16 - 2015-12-28 11:32 - 00049968 _____ (Greatis Software) C:\WINDOWS\system32\partizan.exe
2016-03-27 15:15 - 2016-03-27 15:15 - 00000000 ____D C:\Users\dougc\Downloads\unhackme
2016-03-27 15:15 - 2016-03-27 15:15 - 00000000 ____D C:\unhackme
2016-03-27 15:12 - 2016-03-27 15:15 - 17453741 _____ C:\Users\dougc\Downloads\unhackme.zip
2016-03-27 14:27 - 2016-03-27 14:27 - 00002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-03-27 14:27 - 2016-03-27 14:27 - 00000867 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-27 14:27 - 2016-03-27 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-27 14:27 - 2016-03-27 14:27 - 00000000 ____D C:\Program Files\CCleaner
2016-03-27 14:20 - 2016-03-27 14:21 - 06869352 _____ (Piriform Ltd) C:\Users\dougc\Downloads\ccsetup516pro.exe
2016-03-27 14:12 - 2016-03-27 14:14 - 11441744 _____ (SurfRight B.V.) C:\Users\dougc\Downloads\HitmanPro_x64 (1).exe
2016-03-27 14:09 - 2016-03-27 14:11 - 10457272 _____ (SurfRight B.V.) C:\Users\dougc\Downloads\HitmanPro.exe
2016-03-26 18:29 - 2016-03-26 18:34 - 00000000 ____D C:\KimSubmissions
2016-03-26 18:29 - 2016-03-26 18:29 - 07011301 _____ C:\Users\dougc\Downloads\I'M FINISHED!!! D.zip
2016-03-26 18:16 - 2016-03-26 18:16 - 00228839 _____ C:\Users\dougc\Downloads\Outlook.com (1).zip
2016-03-25 09:49 - 2016-03-25 09:49 - 00001486 _____ C:\Users\dougc\Desktop\HD Video Converter Factory.lnk
2016-03-25 09:49 - 2016-03-25 09:49 - 00000000 ____D C:\Users\dougc\Documents\WonderFox Soft
2016-03-25 09:49 - 2016-03-25 09:49 - 00000000 ____D C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WonderFox Soft
2016-03-25 09:49 - 2016-03-25 09:49 - 00000000 ____D C:\Program Files (x86)\WonderFox Soft
2016-03-25 09:47 - 2016-03-25 09:49 - 34284288 _____ (WonderFox Soft, Inc.) C:\Users\dougc\Downloads\hd-video-converter.exe
2016-03-25 09:02 - 2016-03-25 09:20 - 00000000 ____D C:\Users\dougc\AppData\Roaming\FreeFixer
2016-03-25 09:02 - 2016-03-25 09:06 - 00000000 ____D C:\Users\dougc\AppData\Local\FreeFixer
2016-03-25 09:02 - 2016-03-25 09:02 - 00000000 ____D C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FreeFixer
2016-03-25 09:02 - 2016-03-25 09:02 - 00000000 ____D C:\Program Files\FreeFixer
2016-03-25 09:01 - 2016-03-25 09:02 - 02687418 _____ (Kephyr) C:\Users\dougc\Downloads\freefixersetup.exe
2016-03-25 08:21 - 2016-03-25 08:28 - 00176990 _____ C:\TDSSKiller.3.1.0.9_25.03.2016_08.21.03_log.txt
2016-03-25 08:20 - 2016-03-25 08:20 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\dougc\Downloads\tdsskiller.exe
2016-03-23 18:13 - 2015-12-10 13:44 - 57915392 _____ C:\Users\dougc\Desktop\Emergencydisk.iso
2016-03-23 18:11 - 2016-03-23 18:11 - 00004096 ___SH C:\{62,C98,49D-C,C87-4,02A-A89C-5F4E1A070995}.CBM
2016-03-23 17:06 - 2016-03-23 17:06 - 00470528 ___SH C:\EUMONBMP.SYS
2016-03-23 17:06 - 2016-03-23 17:06 - 00000000 ____D C:\WINDOWS\system32\config\regsave
2016-03-23 16:58 - 2016-03-23 16:58 - 00000000 ____D C:\easeus_tb_cloud
2016-03-23 16:54 - 2016-03-23 16:54 - 00001416 _____ C:\Users\Public\Desktop\EaseUS Todo Backup Free 9.1.lnk
2016-03-23 16:54 - 2016-03-23 16:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 9.1
2016-03-23 16:54 - 2015-12-10 06:10 - 00192552 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\EuFdDisk.sys
2016-03-23 16:54 - 2015-12-10 06:10 - 00060968 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\eubakup.sys
2016-03-23 16:54 - 2015-12-10 06:10 - 00048168 _____ C:\WINDOWS\system32\Drivers\EUBKMON.sys
2016-03-23 16:54 - 2015-12-10 06:10 - 00018472 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\Drivers\eudskacs.sys
2016-03-23 16:53 - 2016-03-23 16:53 - 00000000 ____D C:\Program Files (x86)\EaseUS
2016-03-23 16:53 - 2015-12-10 06:14 - 00024104 _____ (CHENGDU YIWO Tech Development Co., Ltd) C:\WINDOWS\system32\fbnative.exe
2016-03-23 16:48 - 2016-03-23 16:50 - 121505600 _____ (CHENGDU YIWO Tech Development Co., Ltd ) C:\Users\dougc\Downloads\tb_free.exe
2016-03-23 13:23 - 2016-03-23 13:23 - 00000000 ____D C:\WINDOWS\system\GroupPolicy
2016-03-23 13:23 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system\GroupPolicyUsers
2016-03-23 13:23 - 2001-08-23 13:00 - 00034871 _____ C:\WINDOWS\system32\gpedit.msc
2016-03-23 13:23 - 2001-08-23 13:00 - 00034871 _____ C:\WINDOWS\system\gpedit.msc
2016-03-23 13:20 - 2016-03-23 13:20 - 00707354 _____ C:\WINDOWS\unins000.exe
2016-03-23 13:20 - 2016-03-23 13:20 - 00001537 _____ C:\WINDOWS\unins000.dat
2016-03-23 13:20 - 2016-03-23 13:20 - 00000000 ____D C:\WINDOWS\SysWOW64\GPBAK
2016-03-23 13:20 - 2008-04-14 02:11 - 00295936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appmgr.dll
2016-03-23 13:20 - 2001-08-23 13:00 - 00034871 _____ C:\WINDOWS\SysWOW64\gpedit.msc
2016-03-23 13:19 - 2016-03-23 13:19 - 00875012 _____ C:\Users\dougc\Downloads\add_gpedit_msc_by_jwils876-d3kh6vm.zip
2016-03-23 09:05 - 2016-03-23 09:06 - 00046682 _____ C:\Users\dougc\Downloads\wushowhide.diagcab
2016-03-23 08:39 - 2016-03-23 08:39 - 00000000 ____D C:\Users\dougc\AppData\Roaming\Google
2016-03-23 08:26 - 2016-03-23 08:27 - 06468104 _____ ( ) C:\Users\dougc\Downloads\adblockplusie-1.5.exe
2016-03-23 08:01 - 2016-03-23 08:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox
2016-03-22 20:38 - 2016-03-22 20:38 - 00001024 ____H C:\SYSTAG.BIN
2016-03-22 20:25 - 2016-03-22 20:38 - 00000082 _____ C:\WINDOWS\SysWOW64\winsevr.dat
2016-03-22 20:25 - 2016-03-22 20:25 - 00001142 _____ C:\Users\Public\Desktop\AOMEI Backupper Standard.lnk
2016-03-22 20:25 - 2015-02-26 00:00 - 00151480 _____ C:\WINDOWS\system32\ammntdrv.sys
2016-03-22 20:25 - 2015-02-26 00:00 - 00030648 _____ C:\WINDOWS\system32\ambakdrv.sys
2016-03-22 20:25 - 2015-02-26 00:00 - 00017848 _____ C:\WINDOWS\system32\amwrtdrv.sys
2016-03-22 20:23 - 2016-03-22 20:24 - 38074856 _____ (AOMEI Technology Co., Ltd. ) C:\Users\dougc\Downloads\Backupper.exe
2016-03-22 19:43 - 2016-03-22 19:43 - 00003958 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1458636179
2016-03-22 19:43 - 2016-03-22 19:42 - 00001210 _____ C:\Users\Public\Desktop\Opera 36.lnk
2016-03-22 19:43 - 2016-03-22 19:42 - 00001210 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera 36.lnk
2016-03-22 19:42 - 2016-03-22 19:43 - 00000000 ____D C:\Program Files (x86)\Opera
2016-03-22 19:41 - 2016-03-22 19:41 - 00725120 _____ (Opera Software) C:\Users\dougc\Downloads\OperaSetup.exe
2016-03-22 17:15 - 2016-03-22 17:17 - 00000000 ____D C:\Users\dougc\Documents\Wondershare Video Converter Ultimate
2016-03-22 17:15 - 2016-03-22 17:15 - 00000000 ____D C:\Users\dougc\AppData\Roaming\Wondershare Video Converter Ultimate
2016-03-22 17:15 - 2016-03-22 17:15 - 00000000 ____D C:\Users\dougc\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2016-03-22 17:14 - 2016-03-23 14:18 - 00000000 ____D C:\Users\dougc\Documents\Wondershare MediaServer
2016-03-22 17:14 - 2016-03-22 17:14 - 00000000 ____D C:\Users\dougc\AppData\Local\Wondershare
2016-03-22 17:13 - 2016-03-23 14:18 - 00000000 ____D C:\ProgramData\Wondershare Video Converter Ultimate
2016-03-22 13:14 - 2016-03-22 13:15 - 00000000 ____D C:\Users\dougc\AppData\Local\Zoner
2016-03-22 13:14 - 2016-03-22 13:14 - 00000000 ____D C:\Users\dougc\AppData\Roaming\Zoner
2016-03-22 13:14 - 2016-03-22 13:14 - 00000000 ____D C:\ProgramData\Zoner
2016-03-22 13:14 - 2016-03-22 13:14 - 00000000 ____D C:\Program Files\Zoner
2016-03-22 13:13 - 2016-03-23 14:18 - 00000000 ____D C:\ZonePhotoStudioSetup
2016-03-22 13:12 - 2016-03-22 13:12 - 00000000 ____D C:\Users\dougc\Downloads\ZonerPhotoStudio17PRO-pd9o5r
2016-03-22 13:05 - 2016-03-22 13:12 - 85375787 _____ C:\Users\dougc\Downloads\ZonerPhotoStudio17PRO-pd9o5r.zip
2016-03-21 17:23 - 2016-03-21 17:23 - 00000000 ____D C:\Users\dougc\Documents\ProcAlyzer Dumps
2016-03-21 14:40 - 2016-03-21 15:07 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-03-21 14:39 - 2016-03-23 14:18 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-03-21 14:09 - 2016-03-27 14:11 - 00000000 ____D C:\Users\dougc\AppData\LocalLow\Adblock Plus for IE
2016-03-21 14:09 - 2016-03-23 08:24 - 00000000 ____D C:\Program Files\Adblock Plus for IE
2016-03-21 10:02 - 2016-03-23 14:18 - 00000000 ____D C:\ProgramData\AomeiBR
2016-03-21 10:02 - 2016-03-22 20:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AOMEI Backupper
2016-03-21 10:02 - 2016-03-22 20:25 - 00000000 ____D C:\Program Files (x86)\AOMEI Backupper
2016-03-20 20:33 - 2016-03-27 15:57 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360
2016-03-20 20:33 - 2016-03-22 19:31 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation
2016-03-20 20:31 - 2016-03-20 20:31 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS
2016-03-20 20:31 - 2016-03-20 20:31 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT
2016-03-20 20:31 - 2016-03-20 20:31 - 00003378 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2016-03-20 20:31 - 2016-03-20 20:31 - 00002405 _____ C:\Users\Public\Desktop\Norton 360.LNK
2016-03-20 20:30 - 2016-03-23 08:19 - 00000000 ____D C:\Program Files (x86)\NortonInstaller
2016-03-20 20:30 - 2016-03-20 20:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2016-03-20 20:30 - 2016-03-20 20:30 - 00000000 ____D C:\Program Files (x86)\Norton 360
2016-03-20 20:23 - 2016-03-20 20:23 - 01089416 _____ (Symantec Corporation) C:\Users\dougc\Downloads\NortonN360Downloader (1).exe
2016-03-20 20:08 - 2016-03-20 20:08 - 00894960 _____ C:\Users\dougc\Downloads\Norton_Removal_Tool.exe
2016-03-20 19:27 - 2016-03-20 20:30 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2016-03-20 19:27 - 2015-12-09 14:39 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-03-20 17:11 - 2016-03-20 20:05 - 00000000 ____D C:\Users\joanc.DESKTOP-EGUU4T7
2016-03-20 12:01 - 2016-03-20 12:01 - 00000000 ____D C:\Users\Doug
2016-03-20 12:00 - 2016-03-20 12:00 - 00000499 _____ C:\Users\dougc\Downloads\Appsdiagnostic10.diagcab
2016-03-20 09:51 - 2016-03-20 09:51 - 00145752 _____ C:\Users\dougc\Downloads\rootkitremover (2).exe.2gop0uh.partial
2016-03-19 16:53 - 2016-03-19 16:53 - 00000000 __RHD C:\Users\dougc\AppData\Roaming\SecuROM
2016-03-19 16:51 - 2016-03-19 16:51 - 00000000 ____D C:\Program Files (x86)\Sierra
2016-03-19 16:24 - 2016-03-27 07:40 - 00000000 ____D C:\Users\dougc\AppData\Local\CrashDumps
2016-03-19 12:23 - 2016-03-19 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acronis
2016-03-19 12:22 - 2016-03-19 12:22 - 00000000 ____D C:\Program Files (x86)\Acronis
2016-03-19 11:58 - 2016-03-20 10:17 - 00000000 ____D C:\Users\dougc\AppData\Local\NPE
2016-03-19 11:55 - 2016-03-19 11:55 - 00732334 _____ C:\native log.txt
2016-03-19 11:39 - 2016-03-19 11:39 - 00000025 _____ C:\Users\dougc\Downloads\retirementvillage.txt
2016-03-19 11:26 - 2016-03-20 16:09 - 00000000 ___HD C:\uYMKJhOGKNhHB9qb
2016-03-19 10:44 - 2016-03-19 10:44 - 00014195 _____ C:\Users\dougc\Downloads\[kat.cr]acronis.true.image.2015.18.0.build.6055.eng.torrent
2016-03-19 10:07 - 2016-03-19 10:07 - 00000000 ____D C:\extensions
2016-03-19 10:04 - 2016-03-19 10:07 - 00000000 ____D C:\Users\Public\Documents\dmp
2016-03-19 10:04 - 2016-03-19 10:04 - 00000000 ____D C:\ProgramData\35f5d33d-5851-1
2016-03-19 10:04 - 2016-03-19 10:04 - 00000000 ____D C:\ProgramData\35f5d33d-02a1-0
2016-03-18 15:56 - 2016-03-18 15:56 - 00482427 _____ C:\Users\dougc\Documents\CitizenshipApplication_PartFilled_2.pdf
2016-03-18 15:53 - 2016-03-18 15:53 - 00482496 _____ C:\Users\dougc\Documents\CitizenshipApplication_PartFilled.pdf
2016-03-18 15:17 - 2016-03-18 15:17 - 00473684 _____ C:\Users\dougc\Downloads\CitizenshipApplication.pdf
2016-03-17 19:04 - 2016-03-17 19:04 - 00000000 ____D C:\sh4ldr
2016-03-17 18:22 - 2016-03-17 18:22 - 00376665 _____ C:\Users\dougc\Downloads\executionguard.zip
2016-03-17 09:31 - 2016-03-17 09:31 - 00011324 _____ C:\Users\dougc\Downloads\Welcome to Centrelink letters online_K212126936 (1)
2016-03-17 09:03 - 2016-03-17 09:03 - 00000030 _____ C:\Users\dougc\Downloads\TMBDetails.txt
2016-03-16 10:12 - 2016-03-23 16:12 - 00002228 ____H C:\Users\dougc\Documents\Default.rdp
2016-03-16 09:24 - 2016-03-16 09:24 - 00000000 ____D C:\Program Files\Common Files\AV
2016-03-15 15:14 - 2016-03-15 15:14 - 02006725 _____ C:\Users\dougc\Downloads\Outlook.com.zip
2016-03-14 13:42 - 2016-03-14 14:09 - 1105133568 _____ C:\Users\dougc\Downloads\kubuntu-14.04.4-desktop-amd64.iso
2016-03-14 11:29 - 2016-03-14 11:29 - 00000000 ___HD C:\WINDOWS\msdownld.tmp
2016-03-14 11:29 - 2016-03-14 11:29 - 00000000 ____D C:\WINDOWS\SysWOW64\directx
2016-03-14 11:28 - 2016-03-14 11:28 - 00001173 _____ C:\Users\dougc\Desktop\MSI Afterburner.lnk
2016-03-14 11:28 - 2016-03-14 11:28 - 00000000 ____D C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\RivaTuner Statistics Server
2016-03-14 11:28 - 2016-03-14 11:28 - 00000000 ____D C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MSI Afterburner
2016-03-14 11:28 - 2016-03-14 11:28 - 00000000 ____D C:\Program Files (x86)\RivaTuner Statistics Server
2016-03-14 11:27 - 2016-03-14 11:29 - 00000000 ____D C:\Program Files (x86)\MSI Afterburner
2016-03-14 11:26 - 2016-03-14 11:27 - 37926424 _____ C:\Users\dougc\Downloads\MSIAfterburnerSetup420.exe
2016-03-14 11:19 - 2016-03-14 11:19 - 00000839 _____ C:\Users\Public\Desktop\Speccy.lnk
2016-03-14 11:19 - 2016-03-14 11:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Speccy
2016-03-14 11:19 - 2016-03-14 11:19 - 00000000 ____D C:\ProgramData\Google
2016-03-14 11:19 - 2016-03-14 11:19 - 00000000 ____D C:\Program Files\Speccy
2016-03-14 11:19 - 2016-03-14 11:19 - 00000000 ____D C:\Program Files\Google
2016-03-14 11:18 - 2016-03-14 11:18 - 05111240 _____ (Piriform Ltd) C:\Users\dougc\Downloads\spsetup129.exe
2016-03-14 11:18 - 2016-03-14 11:18 - 05111240 _____ (Piriform Ltd) C:\Users\dougc\Downloads\spsetup129 (1).exe
2016-03-14 11:09 - 2016-03-14 11:09 - 00104620 _____ C:\Users\dougc\Desktop\Test Event Logs - WDC WD10JPVX-75JC3T0.html
2016-03-14 10:04 - 2016-03-14 10:04 - 00002416 _____ C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-13 11:42 - 2016-03-13 11:43 - 55796432 _____ (Dell Inc.) C:\Users\dougc\Downloads\Application_NT9W7_WN32_10.17.9_A02 (1).EXE
2016-03-13 11:06 - 2016-03-13 11:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-03-13 10:56 - 2016-03-13 10:56 - 00000728 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk
2016-03-13 10:56 - 2016-03-13 10:56 - 00000716 _____ C:\Users\Public\Desktop\Intel® HD Graphics Control Panel.lnk
2016-03-13 10:56 - 2016-03-13 10:56 - 00000200 _____ C:\WINDOWS\system32\{EC94D02F-D200-4428-9531-05AF7F9799CB}.bat
2016-03-13 10:29 - 2016-03-13 11:03 - 403074920 _____ (Dell Inc.) C:\Users\dougc\Downloads\Video_Driver_RG79X_WN32_15.201.1101_A01.EXE
2016-03-13 10:22 - 2016-03-13 10:54 - 192947264 _____ (Dell Inc.) C:\Users\dougc\Downloads\Video_Driver_W6GW8_WN32_20.19.15.4300_A02.EXE
2016-03-11 14:38 - 2016-03-11 14:38 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-03-11 11:51 - 2016-03-08 18:12 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-11 11:51 - 2016-03-08 18:12 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-10 20:14 - 2016-03-10 20:14 - 00429769 _____ C:\Users\dougc\Downloads\image1 (3).jpeg
2016-03-10 14:46 - 2016-03-10 14:46 - 00001867 _____ C:\Users\Public\Desktop\SUPERAntiSpyware Free Edition.lnk
2016-03-10 14:46 - 2016-03-10 14:46 - 00000000 ____D C:\Users\dougc\AppData\Roaming\SUPERAntiSpyware.com
2016-03-10 14:46 - 2016-03-10 14:46 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-03-10 14:46 - 2016-03-10 14:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-03-10 14:46 - 2016-03-10 14:46 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-03-10 14:42 - 2016-03-10 14:43 - 24950928 _____ (SUPERAntiSpyware) C:\Users\dougc\Downloads\SUPERAntiSpyware.exe
2016-03-10 09:17 - 2016-03-10 09:17 - 00011324 _____ C:\Users\dougc\Downloads\Welcome to Centrelink letters online_K212126936
2016-03-10 09:03 - 2016-03-10 09:03 - 00017638 _____ C:\Users\dougc\Documents\Carer Payment_K212967445.pdf
2016-03-10 08:55 - 2016-03-10 08:55 - 00017638 _____ C:\Users\dougc\Downloads\Carer Payment_K212967445
2016-03-09 09:38 - 2016-03-01 16:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-09 09:38 - 2016-02-24 20:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-09 09:38 - 2016-02-24 20:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase(16973).dll
2016-03-09 09:38 - 2016-02-24 20:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-09 09:38 - 2016-02-24 20:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-09 09:38 - 2016-02-24 20:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-09 09:38 - 2016-02-24 20:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-09 09:38 - 2016-02-24 20:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase(17292).dll
2016-03-09 09:38 - 2016-02-24 19:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-09 09:38 - 2016-02-24 19:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage(17207).dll
2016-03-09 09:38 - 2016-02-24 19:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-09 09:38 - 2016-02-24 19:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-09 09:38 - 2016-02-24 19:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage(17319).dll
2016-03-09 09:38 - 2016-02-24 17:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-09 09:38 - 2016-02-24 17:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess(16883).dll
2016-03-09 09:38 - 2016-02-24 17:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-09 09:38 - 2016-02-24 17:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-09 09:38 - 2016-02-24 17:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase(17200).sys
2016-03-09 09:38 - 2016-02-24 17:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-09 09:38 - 2016-02-24 17:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull(17201).sys
2016-03-09 09:38 - 2016-02-24 17:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-09 09:38 - 2016-02-24 17:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-09 09:38 - 2016-02-24 17:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-09 09:38 - 2016-02-24 17:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-09 09:38 - 2016-02-24 17:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-09 09:38 - 2016-02-24 17:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-09 09:38 - 2016-02-24 16:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-09 09:38 - 2016-02-24 16:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-09 09:38 - 2016-02-24 16:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-09 09:38 - 2016-02-24 16:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-09 09:38 - 2016-02-24 16:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-09 09:38 - 2016-02-24 16:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-09 09:38 - 2016-02-24 16:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-09 09:38 - 2016-02-24 16:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-09 09:38 - 2016-02-24 16:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-09 09:38 - 2016-02-24 16:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-09 09:38 - 2016-02-24 15:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-09 09:38 - 2016-02-24 15:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-09 09:37 - 2016-03-01 16:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-09 09:37 - 2016-02-24 20:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-09 09:37 - 2016-02-24 20:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-09 09:37 - 2016-02-24 20:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-09 09:37 - 2016-02-24 19:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-09 09:37 - 2016-02-24 19:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-09 09:37 - 2016-02-24 19:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-09 09:37 - 2016-02-24 19:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32(17056).dll
2016-03-09 09:37 - 2016-02-24 19:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-09 09:37 - 2016-02-24 19:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-09 09:37 - 2016-02-24 19:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-09 09:37 - 2016-02-24 19:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0(17012).dll
2016-03-09 09:37 - 2016-02-24 19:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-09 09:37 - 2016-02-24 19:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-09 09:37 - 2016-02-24 19:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-09 09:37 - 2016-02-24 19:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-09 09:37 - 2016-02-24 19:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32(17304).dll
2016-03-09 09:37 - 2016-02-24 19:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-09 09:37 - 2016-02-24 19:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-09 09:37 - 2016-02-24 19:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi(16911).dll
2016-03-09 09:37 - 2016-02-24 19:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-09 09:37 - 2016-02-24 19:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-09 09:37 - 2016-02-24 19:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi(17127).dll
2016-03-09 09:37 - 2016-02-24 19:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-09 09:37 - 2016-02-24 19:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-09 09:37 - 2016-02-24 19:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-09 09:37 - 2016-02-24 19:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer(17195).dll
2016-03-09 09:37 - 2016-02-24 19:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-09 09:37 - 2016-02-24 18:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-09 09:37 - 2016-02-24 18:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-09 09:37 - 2016-02-24 18:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-09 09:37 - 2016-02-24 18:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-09 09:37 - 2016-02-24 18:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-09 09:37 - 2016-02-24 18:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-09 09:37 - 2016-02-24 18:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-09 09:37 - 2016-02-24 18:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-09 09:37 - 2016-02-24 18:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-09 09:37 - 2016-02-24 18:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-09 09:37 - 2016-02-24 18:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-09 09:37 - 2016-02-24 18:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-09 09:37 - 2016-02-24 18:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-09 09:37 - 2016-02-24 18:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-09 09:37 - 2016-02-24 18:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-09 09:37 - 2016-02-24 18:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp(17197).dll
2016-03-09 09:37 - 2016-02-24 18:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-09 09:37 - 2016-02-24 18:23 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-03-09 09:37 - 2016-02-24 18:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-09 09:37 - 2016-02-24 18:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-09 09:37 - 2016-02-24 18:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-09 09:37 - 2016-02-24 18:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr(16943).dll
2016-03-09 09:37 - 2016-02-24 18:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-09 09:37 - 2016-02-24 18:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-09 09:37 - 2016-02-24 18:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-09 09:37 - 2016-02-24 18:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-09 09:37 - 2016-02-24 18:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-09 09:37 - 2016-02-24 18:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-09 09:37 - 2016-02-24 18:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-09 09:37 - 2016-02-24 18:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-09 09:37 - 2016-02-24 18:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-09 09:37 - 2016-02-24 18:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-09 09:37 - 2016-02-24 18:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-09 09:37 - 2016-02-24 18:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-09 09:37 - 2016-02-24 18:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-09 09:37 - 2016-02-24 18:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-09 09:37 - 2016-02-24 18:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-09 09:37 - 2016-02-24 18:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-09 09:37 - 2016-02-24 18:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-09 09:37 - 2016-02-24 18:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-09 09:37 - 2016-02-24 18:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-09 09:37 - 2016-02-24 18:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-09 09:37 - 2016-02-24 18:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-09 09:37 - 2016-02-24 17:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-09 09:37 - 2016-02-24 17:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-09 09:37 - 2016-02-24 17:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-09 09:37 - 2016-02-24 17:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-09 09:37 - 2016-02-24 17:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-09 09:37 - 2016-02-24 17:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-09 09:37 - 2016-02-24 17:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-09 09:37 - 2016-02-24 17:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-09 09:37 - 2016-02-24 17:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI(16938).dll
2016-03-09 09:37 - 2016-02-24 17:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-09 09:37 - 2016-02-24 17:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-09 09:37 - 2016-02-24 17:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-09 09:37 - 2016-02-24 17:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-09 09:37 - 2016-02-24 17:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-09 09:37 - 2016-02-24 17:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-09 09:37 - 2016-02-24 17:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-09 09:37 - 2016-02-24 17:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-09 09:37 - 2016-02-24 17:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-09 09:37 - 2016-02-24 17:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-09 09:37 - 2016-02-24 17:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-09 09:37 - 2016-02-24 17:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-09 09:37 - 2016-02-24 17:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-09 09:37 - 2016-02-24 17:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-09 09:37 - 2016-02-24 17:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-09 09:37 - 2016-02-24 17:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-09 09:37 - 2016-02-24 17:42 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-09 09:37 - 2016-02-24 17:42 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-03-09 09:37 - 2016-02-24 17:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-09 09:37 - 2016-02-24 17:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-09 09:37 - 2016-02-24 17:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-09 09:37 - 2016-02-24 17:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-09 09:37 - 2016-02-24 17:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-09 09:37 - 2016-02-24 17:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-09 09:37 - 2016-02-24 17:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-09 09:37 - 2016-02-24 17:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-09 09:37 - 2016-02-24 17:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-09 09:37 - 2016-02-24 17:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-09 09:37 - 2016-02-24 17:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-09 09:37 - 2016-02-24 17:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-09 09:37 - 2016-02-24 17:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-09 09:37 - 2016-02-24 17:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-09 09:37 - 2016-02-24 17:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC(17003).dll
2016-03-09 09:37 - 2016-02-24 17:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-09 09:37 - 2016-02-24 17:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-09 09:37 - 2016-02-24 17:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-09 09:37 - 2016-02-24 17:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-09 09:37 - 2016-02-24 17:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-09 09:37 - 2016-02-24 17:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-09 09:37 - 2016-02-24 17:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-09 09:37 - 2016-02-24 17:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-09 09:37 - 2016-02-24 17:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-09 09:37 - 2016-02-24 17:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-09 09:37 - 2016-02-24 17:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-09 09:37 - 2016-02-24 17:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI(17285).dll
2016-03-09 09:37 - 2016-02-24 17:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-09 09:37 - 2016-02-24 17:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-09 09:37 - 2016-02-24 17:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-09 09:37 - 2016-02-24 17:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-09 09:37 - 2016-02-24 17:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-09 09:37 - 2016-02-24 17:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-09 09:37 - 2016-02-24 17:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-09 09:37 - 2016-02-24 17:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-09 09:37 - 2016-02-24 16:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-09 09:37 - 2016-02-24 16:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-09 09:37 - 2016-02-24 16:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase(16942).dll
2016-03-09 09:37 - 2016-02-24 16:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-08 09:51 - 2016-03-14 18:44 - 00208896 ___SH C:\Users\dougc\Downloads\Thumbs.db
2016-03-07 18:11 - 2016-03-07 18:11 - 00000000 ____D C:\Users\dougc\AppData\Local\SKIDROW
2016-03-07 18:09 - 2016-03-26 17:13 - 00001710 _____ C:\Users\dougc\Desktop\Play Tomb Raider 2013.lnk
2016-03-07 18:00 - 2016-03-07 18:09 - 00000000 ____D C:\Games
2016-03-07 13:48 - 2016-03-07 13:48 - 04830233 _____ C:\Users\dougc\Downloads\tombraider2013.exe
2016-03-07 12:51 - 2016-03-07 13:05 - 00000000 ____D C:\TR_Underworld_Full_Setup
2016-03-07 12:30 - 2016-03-07 12:35 - 138412032 _____ C:\Users\dougc\Downloads\Full Game TR UW.rar
2016-03-07 11:06 - 2016-03-07 11:08 - 00000124 _____ C:\Users\dougc\Documents\HotmailAccount.txt
2016-03-06 18:23 - 2016-03-06 18:23 - 00001823 _____ C:\Users\dougc\Desktop\tru - Shortcut.lnk
2016-03-06 13:49 - 2016-03-06 13:49 - 00473684 _____ C:\Users\dougc\Documents\AustralianCitizenshipApplication Form 1290.pdf
2016-03-06 12:40 - 2016-03-23 06:58 - 00000000 ___HD C:\OneDriveTemp
2016-03-06 12:30 - 2016-03-06 12:31 - 00000642 _____ C:\Users\dougc\Downloads\Display_users_on_Sign_in_screen.reg
2016-03-06 12:24 - 2016-03-06 12:24 - 00000668 _____ C:\Users\dougc\Downloads\Do_not_display_users_on_Sign_in_screen.reg
2016-03-06 09:29 - 2016-03-20 20:23 - 00009728 ___SH C:\Users\dougc\Desktop\Thumbs.db
2016-03-05 13:16 - 2013-09-04 13:57 - 00031264 _____ (ThreatTrack Security) C:\WINDOWS\system32\Drivers\gfiutil.sys
2016-03-05 13:08 - 2016-03-05 13:08 - 04459928 _____ (© PC Cleaners Inc) C:\Users\dougc\Downloads\English-install.exe
2016-03-05 12:44 - 2016-02-23 22:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-05 12:44 - 2016-02-23 22:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-05 12:44 - 2016-02-23 22:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-05 12:44 - 2016-02-23 22:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-05 12:44 - 2016-02-23 22:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-05 12:44 - 2016-02-23 22:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-05 12:44 - 2016-02-23 22:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-05 12:44 - 2016-02-23 22:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-05 12:44 - 2016-02-23 22:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd(17145).dll
2016-03-05 12:44 - 2016-02-23 21:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-05 12:44 - 2016-02-23 21:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-05 12:44 - 2016-02-23 21:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-05 12:44 - 2016-02-23 21:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-05 12:44 - 2016-02-23 21:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-05 12:44 - 2016-02-23 21:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore(16995).dll
2016-03-05 12:44 - 2016-02-23 21:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-05 12:44 - 2016-02-23 21:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-05 12:44 - 2016-02-23 21:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-05 12:44 - 2016-02-23 21:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-05 12:44 - 2016-02-23 21:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-05 12:44 - 2016-02-23 21:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-05 12:44 - 2016-02-23 21:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-05 12:44 - 2016-02-23 21:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes(16812).dll
2016-03-05 12:44 - 2016-02-23 21:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-05 12:44 - 2016-02-23 21:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-05 12:44 - 2016-02-23 21:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-05 12:44 - 2016-02-23 21:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil(16960).dll
2016-03-05 12:44 - 2016-02-23 21:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-05 12:44 - 2016-02-23 21:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-05 12:44 - 2016-02-23 21:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32(17116).dll
2016-03-05 12:44 - 2016-02-23 20:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-05 12:44 - 2016-02-23 20:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11(16873).dll
2016-03-05 12:44 - 2016-02-23 20:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-05 12:44 - 2016-02-23 20:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-05 12:44 - 2016-02-23 20:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-05 12:44 - 2016-02-23 20:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-05 12:44 - 2016-02-23 20:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-05 12:44 - 2016-02-23 20:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-05 12:44 - 2016-02-23 20:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-05 12:44 - 2016-02-23 20:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-05 12:44 - 2016-02-23 20:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-05 12:44 - 2016-02-23 20:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-05 12:44 - 2016-02-23 20:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-05 12:44 - 2016-02-23 20:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-05 12:44 - 2016-02-23 20:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-05 12:44 - 2016-02-23 20:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32(17314).dll
2016-03-05 12:44 - 2016-02-23 20:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-05 12:44 - 2016-02-23 20:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-05 12:44 - 2016-02-23 20:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-05 12:44 - 2016-02-23 20:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-05 12:44 - 2016-02-23 20:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-05 12:44 - 2016-02-23 19:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-05 12:44 - 2016-02-23 19:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-05 12:44 - 2016-02-23 19:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-05 12:44 - 2016-02-23 19:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-05 12:44 - 2016-02-23 19:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-05 12:44 - 2016-02-23 19:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-05 12:44 - 2016-02-23 19:51 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-03-05 12:44 - 2016-02-23 19:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-05 12:44 - 2016-02-23 19:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-05 12:44 - 2016-02-23 19:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-05 12:44 - 2016-02-23 19:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-05 12:44 - 2016-02-23 19:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-05 12:44 - 2016-02-23 19:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-05 12:44 - 2016-02-23 19:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-05 12:44 - 2016-02-23 19:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-05 12:44 - 2016-02-23 19:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-05 12:44 - 2016-02-23 19:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-05 12:44 - 2016-02-23 19:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-05 12:44 - 2016-02-23 19:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-05 12:44 - 2016-02-23 19:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder(16811).dll
2016-03-05 12:44 - 2016-02-23 19:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-05 12:44 - 2016-02-23 19:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon(17166).dll
2016-03-05 12:44 - 2016-02-23 19:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-05 12:44 - 2016-02-23 19:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-05 12:44 - 2016-02-23 19:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-05 12:44 - 2016-02-23 19:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon(17035).dll
2016-03-05 12:44 - 2016-02-23 19:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-05 12:44 - 2016-02-23 19:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-05 12:44 - 2016-02-23 19:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-05 12:44 - 2016-02-23 19:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-05 12:44 - 2016-02-23 19:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool(17226).drv
2016-03-05 12:44 - 2016-02-23 19:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-05 12:44 - 2016-02-23 19:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-05 12:44 - 2016-02-23 19:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-05 12:44 - 2016-02-23 19:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv(16825).dll
2016-03-05 12:44 - 2016-02-23 19:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-05 12:44 - 2016-02-23 19:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-05 12:44 - 2016-02-23 19:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim(17041).dll
2016-03-05 12:44 - 2016-02-23 19:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-05 12:44 - 2016-02-23 19:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv(16813).dll
2016-03-05 12:44 - 2016-02-23 19:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-05 12:44 - 2016-02-23 19:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-05 12:44 - 2016-02-23 19:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-05 12:44 - 2016-02-23 19:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-05 12:44 - 2016-02-23 19:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-05 12:44 - 2016-02-23 19:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-05 12:44 - 2016-02-23 19:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-05 12:44 - 2016-02-23 19:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-05 12:44 - 2016-02-23 19:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI(17208).dll
2016-03-05 12:44 - 2016-02-23 19:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-05 12:44 - 2016-02-23 19:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-05 12:44 - 2016-02-23 19:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-05 12:44 - 2016-02-23 19:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv(17124).exe
2016-03-05 12:44 - 2016-02-23 19:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-05 12:44 - 2016-02-23 18:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-05 12:44 - 2016-02-23 18:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-05 12:44 - 2016-02-23 18:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-05 12:44 - 2016-02-23 18:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer(17152).dll
2016-03-05 12:44 - 2016-02-23 18:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-05 12:44 - 2016-02-23 18:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-05 12:44 - 2016-02-23 18:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-05 12:44 - 2016-02-23 18:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-05 12:44 - 2016-02-23 18:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM(17158).dll
2016-03-05 12:44 - 2016-02-23 18:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-05 12:44 - 2016-02-23 18:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl(16982).dll
2016-03-05 12:44 - 2016-02-23 18:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-05 12:44 - 2016-02-23 18:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-05 12:44 - 2016-02-23 18:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-05 12:44 - 2016-02-23 18:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-05 12:44 - 2016-02-23 18:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-05 12:44 - 2016-02-23 18:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-05 12:44 - 2016-02-23 18:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon(17165).dll
2016-03-05 12:44 - 2016-02-23 18:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-05 12:44 - 2016-02-23 18:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-05 12:44 - 2016-02-23 18:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-05 12:44 - 2016-02-23 18:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-05 12:44 - 2016-02-23 18:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet(17215).dll
2016-03-05 12:44 - 2016-02-23 18:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-05 12:44 - 2016-02-23 18:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-05 12:44 - 2016-02-23 18:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-05 12:44 - 2016-02-23 18:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-05 12:44 - 2016-02-23 18:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-05 12:44 - 2016-02-23 18:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-05 12:44 - 2016-02-23 18:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon(17210).dll
2016-03-05 12:44 - 2016-02-23 18:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-05 12:44 - 2016-02-23 18:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-05 12:44 - 2016-02-23 18:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-05 12:44 - 2016-02-23 18:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-05 12:44 - 2016-02-23 17:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-05 12:44 - 2016-02-23 17:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-05 12:44 - 2016-02-23 17:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-05 12:44 - 2016-02-23 17:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-05 12:44 - 2016-02-23 17:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-05 12:44 - 2016-02-23 17:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-05 12:44 - 2016-02-23 17:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-05 12:44 - 2016-02-23 17:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-05 12:44 - 2016-02-23 17:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-05 12:44 - 2016-02-23 17:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-05 12:44 - 2016-02-23 17:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-05 12:44 - 2016-02-23 17:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-05 12:44 - 2016-02-23 17:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-05 12:44 - 2016-02-23 17:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-05 12:44 - 2016-02-23 17:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-05 12:44 - 2016-02-23 17:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-05 12:44 - 2016-02-23 17:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-05 12:44 - 2016-02-23 17:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-05 12:44 - 2016-02-23 17:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-05 12:44 - 2016-02-09 15:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-05 12:44 - 2016-02-09 15:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-05 12:44 - 2016-02-09 14:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-05 12:44 - 2016-02-09 14:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-05 12:44 - 2016-02-09 14:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-05 12:44 - 2016-02-09 14:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-05 12:44 - 2016-02-09 14:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-05 12:44 - 2016-02-09 14:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-05 12:44 - 2016-02-09 14:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore(16906).dll
2016-03-05 12:43 - 2016-02-23 22:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-05 12:43 - 2016-02-23 22:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-05 12:43 - 2016-02-23 21:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-05 12:43 - 2016-02-23 21:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi(17233).dll
2016-03-05 12:43 - 2016-02-23 21:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-05 12:43 - 2016-02-23 20:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-05 12:43 - 2016-02-23 20:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-05 12:43 - 2016-02-23 20:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-05 12:43 - 2016-02-23 20:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-05 12:43 - 2016-02-23 20:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-05 12:43 - 2016-02-23 20:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-05 12:43 - 2016-02-23 20:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-05 12:43 - 2016-02-23 20:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-05 12:43 - 2016-02-23 20:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-05 12:43 - 2016-02-23 19:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-05 12:43 - 2016-02-23 19:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-05 12:43 - 2016-02-23 19:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-05 12:43 - 2016-02-23 19:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-05 12:43 - 2016-02-23 19:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-05 12:43 - 2016-02-23 19:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient(17151).dll
2016-03-05 12:43 - 2016-02-23 19:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-05 12:43 - 2016-02-23 19:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv(17083).dll
2016-03-05 12:43 - 2016-02-23 19:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-05 12:43 - 2016-02-23 19:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-05 12:43 - 2016-02-23 19:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-05 12:43 - 2016-02-23 19:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-05 12:43 - 2016-02-23 19:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-05 12:43 - 2016-02-23 19:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-05 12:43 - 2016-02-23 19:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost(17082).dll
2016-03-05 12:43 - 2016-02-23 19:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-05 12:43 - 2016-02-23 19:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-05 12:43 - 2016-02-23 18:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-05 12:43 - 2016-02-23 18:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-05 12:43 - 2016-02-23 18:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-05 12:43 - 2016-02-23 18:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-05 12:43 - 2016-02-23 18:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-05 12:43 - 2016-02-23 18:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-05 12:43 - 2016-02-23 18:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-05 12:43 - 2016-02-23 18:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-05 12:43 - 2016-02-23 17:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-01 15:19 - 2016-03-05 12:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Ares
2016-03-01 15:19 - 2016-03-05 12:12 - 00000000 ____D C:\Program Files (x86)\Ares
2016-03-01 15:19 - 2016-03-01 15:19 - 00001026 _____ C:\Users\Public\Desktop\Ares.lnk
2016-03-01 15:19 - 2016-03-01 15:19 - 00000000 ____D C:\Users\dougc\AppData\Local\Ares
2016-02-29 21:16 - 2016-02-29 21:17 - 04455958 _____ C:\Users\dougc\Downloads\aresregular240_installer.exe
2016-02-29 11:20 - 2016-02-29 11:22 - 187034852 _____ C:\Users\dougc\Downloads\win64_154014.4352.zip
2016-02-27 09:20 - 2016-02-27 09:20 - 00000042 _____ C:\Users\dougc\Documents\MarkCalderwood.txt
2016-02-26 08:44 - 2016-02-26 08:44 - 00000066 _____ C:\Users\dougc\Documents\RiversRevesby.txt
2016-02-26 07:24 - 2016-02-26 07:24 - 00002215 _____ C:\Users\Public\Desktop\Dell Help & Support.lnk
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-27 18:55 - 2015-12-27 19:50 - 00000938 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-03-27 18:48 - 2016-01-26 12:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2016-03-27 18:16 - 2016-01-26 12:56 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-27 18:00 - 2016-02-17 10:30 - 00000426 _____ C:\WINDOWS\Tasks\SpyHunter4.job
2016-03-27 17:31 - 2015-12-27 23:27 - 00000000 ____D C:\Users\dougc
2016-03-27 17:16 - 2016-01-26 12:56 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-27 17:13 - 2015-10-30 18:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-27 17:13 - 2015-09-10 08:54 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-27 15:54 - 2016-02-15 19:29 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-03-27 15:54 - 2016-01-04 14:30 - 00000000 ____D C:\Program Files\CyberGhost 5
2016-03-27 15:54 - 2015-09-10 08:58 - 00000000 ____D C:\Program Files (x86)\Dell Digital Delivery
2016-03-27 15:34 - 2015-12-27 19:50 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-03-27 15:33 - 2015-12-27 23:37 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-27 15:33 - 2015-10-30 17:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-03-27 10:09 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-27 08:58 - 2016-01-26 12:55 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2016-03-27 07:44 - 2015-10-30 18:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-26 12:59 - 2016-02-10 16:55 - 00000000 ____D C:\Users\dougc\Documents\Outlook Files
2016-03-25 12:06 - 2016-01-05 12:43 - 00000000 ____D C:\Users\dougc\Documents\ConvertXToDVD
2016-03-25 10:53 - 2015-12-28 00:12 - 00000000 ____D C:\Users\dougc\AppData\Roaming\vlc
2016-03-25 10:50 - 2016-01-04 14:55 - 00001165 _____ C:\Users\dougc\AppData\Roaming\vso_ts_preview.xml
2016-03-25 10:50 - 2016-01-04 14:54 - 00000000 ____D C:\Users\dougc\AppData\Roaming\Vso
2016-03-25 07:49 - 2016-01-26 12:55 - 00004020 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2016-03-24 17:48 - 2015-12-27 18:29 - 00000000 ____D C:\Users\dougc\AppData\Local\Packages
2016-03-24 09:06 - 2016-01-17 12:05 - 00000000 ____D C:\ProgramData\SupportAssistAgent
2016-03-23 21:00 - 2016-01-04 18:17 - 00000688 _____ C:\Users\dougc\Desktop\Arcade Tribe.lnk
2016-03-23 20:57 - 2016-02-19 07:02 - 00001876 _____ C:\Users\dougc\Desktop\Play Call of Duty Ghosts.lnk
2016-03-23 19:23 - 2015-12-27 19:52 - 00000000 ___RD C:\Users\dougc\Dropbox
2016-03-23 19:22 - 2015-12-27 19:50 - 00000000 ____D C:\Users\dougc\AppData\Local\Dropbox
2016-03-23 16:10 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-03-23 15:59 - 2015-12-31 13:32 - 00000000 ____D C:\Users\dougc\AppData\Local\ElevatedDiagnostics
2016-03-23 15:59 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-23 14:19 - 2016-02-16 11:27 - 00000000 ____D C:\Users\Public\Documents\Wondershare
2016-03-23 14:19 - 2015-12-29 18:02 - 00000000 ____D C:\Users\dougc\AppData\Roaming\dvdcss
2016-03-23 14:19 - 2015-10-30 18:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-03-23 14:19 - 2015-09-10 08:57 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2016-03-23 14:18 - 2016-02-16 12:20 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-03-23 14:18 - 2016-01-05 10:55 - 00000000 ____D C:\AresDownloads
2016-03-23 14:18 - 2016-01-05 08:08 - 00000000 ____D C:\ProgramData\Norton
2016-03-23 14:09 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\registration
2016-03-23 14:08 - 2015-12-28 10:45 - 00000000 ____D C:\Users\dougc\AppData\Roaming\Opera Software
2016-03-23 14:03 - 2015-12-28 09:53 - 00000000 __RHD C:\MSOCache
2016-03-23 14:03 - 2015-09-10 08:39 - 00000000 ____D C:\ProgramData\CyberLink
2016-03-23 13:26 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-03-23 13:24 - 2015-07-10 22:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-03-23 13:23 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\System
2016-03-23 13:19 - 2015-12-28 09:55 - 00000000 ____D C:\Temp
2016-03-23 13:06 - 2015-10-30 17:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-23 09:19 - 2015-12-27 18:32 - 00000000 ___RD C:\Users\dougc\OneDrive
2016-03-23 09:02 - 2015-10-30 18:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-23 08:39 - 2016-01-04 14:35 - 00000000 ____D C:\Users\dougc\AppData\Local\Google
2016-03-23 08:02 - 2015-09-10 08:58 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-03-23 07:06 - 2015-09-10 08:43 - 00000000 ____D C:\ProgramData\Package Cache
2016-03-22 17:33 - 2016-02-16 11:29 - 00000000 ____D C:\ProgramData\wondershare
2016-03-22 10:24 - 2015-12-28 10:45 - 00000000 ____D C:\Users\dougc\AppData\Local\Opera Software
2016-03-20 20:31 - 2016-01-05 08:16 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared
2016-03-20 20:23 - 2016-01-05 08:08 - 00001403 _____ C:\Users\dougc\Desktop\Norton Installation Files.lnk
2016-03-20 20:23 - 2016-01-05 08:08 - 00000000 ____D C:\Users\Public\Downloads\Norton
2016-03-20 19:55 - 2016-01-26 12:56 - 00002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-20 19:55 - 2016-01-26 12:56 - 00002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-20 19:20 - 2016-01-05 08:11 - 00000000 ____D C:\ProgramData\NortonInstaller
2016-03-20 18:54 - 2015-12-27 19:45 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{AD38DF4F-5C83-42B4-97D2-A4919F03745B}
2016-03-20 18:42 - 2015-10-30 18:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-20 18:42 - 2015-10-30 18:24 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-03-20 18:42 - 2015-10-30 18:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-20 18:42 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-03-20 18:42 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-20 18:42 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-20 18:42 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\setup
2016-03-20 18:42 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-03-20 18:42 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-03-20 18:42 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-20 18:42 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-03-20 18:42 - 2015-10-30 17:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-20 18:42 - 2015-10-30 17:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-20 18:41 - 2015-10-30 18:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-20 18:41 - 2015-10-30 18:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2016-03-20 18:41 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2016-03-20 18:41 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2016-03-20 18:41 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-03-20 18:41 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-03-20 18:41 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2016-03-20 18:41 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2016-03-20 18:41 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2016-03-20 18:41 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\es-MX
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\ras
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\ias
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\Com
2016-03-20 18:40 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2016-03-20 18:40 - 2015-10-30 17:31 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2016-03-20 18:40 - 2015-10-30 17:31 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-03-20 18:40 - 2015-10-30 17:28 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2016-03-20 18:40 - 2015-10-30 17:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-03-20 18:40 - 2015-10-30 17:28 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-03-20 18:39 - 2015-10-30 18:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-03-20 18:29 - 2015-12-28 09:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-03-20 18:29 - 2015-12-27 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-03-20 18:29 - 2015-12-27 23:23 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-03-20 18:29 - 2015-12-27 23:23 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-03-20 18:29 - 2015-10-30 20:02 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-03-20 18:29 - 2015-10-30 20:02 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-03-20 18:29 - 2015-10-30 20:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-03-20 18:29 - 2015-10-30 20:02 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-03-20 18:29 - 2015-10-30 20:02 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-03-20 18:29 - 2015-10-30 20:02 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-03-20 18:29 - 2015-10-30 18:24 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2016-03-20 18:29 - 2015-10-30 18:24 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-03-20 18:29 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-03-20 18:29 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2016-03-20 18:29 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2016-03-20 18:29 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-03-20 18:29 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\SystemApps
2016-03-20 18:29 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-03-20 18:29 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2016-03-20 18:29 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-03-20 18:29 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-03-20 18:29 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-03-20 18:29 - 2015-10-30 17:28 - 00000000 ____D C:\WINDOWS\system32\SMI
2016-03-20 18:28 - 2015-10-30 20:03 - 00000000 ____D C:\WINDOWS\OCR
2016-03-20 18:27 - 2015-10-30 18:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-03-20 18:27 - 2015-09-10 09:35 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-20 18:27 - 2015-09-10 08:43 - 00000000 ____D C:\Users\Public\CyberLink
2016-03-20 18:26 - 2016-02-14 17:48 - 00000000 ____D C:\Users\dougc\Desktop\Games
2016-03-20 18:26 - 2015-12-27 21:05 - 00000000 ____D C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\SpyHunter
2016-03-20 18:26 - 2015-12-27 21:05 - 00000000 ____D C:\Users\dougc\AppData\Roaming\Enigma Software Group
2016-03-20 18:25 - 2016-02-24 10:51 - 00000000 ____D C:\ProgramData\FLEXnet
2016-03-20 18:25 - 2016-02-08 17:26 - 00000000 ____D C:\ProgramData\InstallShield
2016-03-20 17:34 - 2015-12-27 18:29 - 00000000 ____D C:\Users\dougc\AppData\Local\VirtualStore
2016-03-20 17:29 - 2016-01-09 14:38 - 00000000 ____D C:\Program Files (x86)\AMD
2016-03-20 17:29 - 2015-12-27 21:03 - 00000000 ____D C:\Program Files\Enigma Software Group
2016-03-19 14:52 - 2016-01-05 18:37 - 00000000 ____D C:\ProgramData\Acronis
2016-03-16 12:18 - 2016-01-07 00:12 - 00007606 _____ C:\Users\dougc\AppData\Local\resmon.resmoncfg
2016-03-14 14:24 - 2015-10-30 17:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI(16861)
2016-03-14 11:19 - 2016-01-04 14:35 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-14 10:59 - 2015-09-10 08:58 - 00000000 ____D C:\ProgramData\PCDr
2016-03-13 10:59 - 2015-09-10 08:48 - 00016852 _____ C:\WINDOWS\system32\results.xml
2016-03-13 09:13 - 2016-01-04 14:31 - 00000000 ____D C:\Users\dougc\AppData\Local\CyberGhost
2016-03-10 17:03 - 2016-01-04 14:30 - 00001956 _____ C:\Users\dougc\Desktop\CyberGhost 5.lnk
2016-03-09 13:03 - 2015-12-27 23:19 - 00353312 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-09 13:00 - 2015-10-30 18:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-09 13:00 - 2015-10-30 18:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-09 13:00 - 2015-10-30 18:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-09 13:00 - 2015-10-30 18:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-09 12:58 - 2015-12-27 19:01 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-09 12:55 - 2015-12-27 19:01 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-08 15:10 - 2015-09-10 08:39 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-03-07 10:52 - 2015-09-10 08:45 - 00000000 ____D C:\Intel
2016-03-07 10:33 - 2015-12-27 18:29 - 00000000 __SHD C:\Users\dougc\IntelGraphicsProfiles
2016-03-06 10:32 - 2015-07-10 22:04 - 00000167 _____ C:\WINDOWS\win.ini
2016-03-06 08:25 - 2015-10-30 18:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-05 16:22 - 2016-02-10 07:49 - 00000111 _____ C:\Users\dougc\Documents\MygovUsername.txt
2016-03-05 13:51 - 2015-12-27 18:31 - 00000000 ____D C:\Users\dougc\AppData\Local\Comms
2016-03-05 13:18 - 2015-10-30 20:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-05 13:14 - 2016-02-24 09:39 - 00000000 ____D C:\ProgramData\IntelDLM
2016-03-05 13:14 - 2016-02-08 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Trivial Pursuit - Bring on the 90`s Edition
2016-03-05 13:14 - 2016-02-08 18:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-03-05 13:14 - 2016-01-04 14:54 - 00000000 ____D C:\Users\dougc\Documents\PcSetup
2016-03-05 13:14 - 2015-12-29 17:21 - 00000000 ____D C:\Users\dougc\AppData\Roaming\FreshDiagnose
2016-03-05 13:14 - 2015-12-28 12:41 - 00000000 ____D C:\Users\dougc\Downloads\ActivityIndicator_1.1.5.32
2016-03-05 13:14 - 2015-09-10 08:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
2016-03-05 13:14 - 2015-09-10 08:39 - 00000000 ____D C:\ProgramData\install_clap
2016-03-05 12:15 - 2016-02-21 13:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-05 12:13 - 2016-02-24 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility
2016-03-05 12:13 - 2016-02-24 09:35 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2016-03-05 12:13 - 2016-02-21 13:21 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-03-05 12:13 - 2016-02-21 13:21 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-05 12:13 - 2016-02-16 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-03-05 12:13 - 2016-02-15 16:07 - 00000000 ____D C:\ProgramData\Ashampoo
2016-03-05 12:13 - 2016-02-14 16:33 - 00000000 ____D C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Call of Duty Single Player Demo
2016-03-05 12:13 - 2016-02-04 08:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoGet
2016-03-05 12:13 - 2016-01-30 07:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BACK TO THE FUTURE EPISODE 1
2016-03-05 12:13 - 2016-01-10 14:53 - 00000000 ____D C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2016-03-05 12:13 - 2016-01-08 21:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Power Media Player 12
2016-03-05 12:13 - 2016-01-07 10:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-03-05 12:13 - 2016-01-07 10:25 - 00000000 ____D C:\Program Files\HitmanPro
2016-03-05 12:13 - 2016-01-06 17:36 - 00000000 ____D C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Should I Remove It
2016-03-05 12:13 - 2016-01-04 18:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Arcade Tribe
2016-03-05 12:13 - 2016-01-04 14:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2016-03-05 12:13 - 2015-12-29 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Jasc Software
2016-03-05 12:13 - 2015-12-29 13:41 - 00000000 ____D C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-05 12:13 - 2015-12-29 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-05 12:13 - 2015-12-29 13:40 - 00000000 ____D C:\Program Files\WinRAR
2016-03-05 12:13 - 2015-12-28 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NovaBench
2016-03-05 12:13 - 2015-12-28 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2016-03-05 12:13 - 2015-12-28 09:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-03-05 12:13 - 2015-12-28 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-03-05 12:13 - 2015-12-27 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2016-03-05 12:13 - 2015-10-30 17:28 - 00000000 ____D C:\WINDOWS\servicing
2016-03-05 12:13 - 2015-09-10 08:54 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2016-03-05 12:13 - 2015-09-10 08:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-03-05 12:12 - 2016-02-14 16:33 - 00000000 ____D C:\Program Files (x86)\Call of Duty Single Player Demo
2016-03-05 12:12 - 2016-01-30 07:00 - 00000000 ____D C:\Program Files (x86)\BACK TO THE FUTURE EPISODE 1
2016-03-05 12:12 - 2016-01-04 18:17 - 00000000 ____D C:\Arcade Tribe
2016-02-29 21:25 - 2016-02-21 13:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-26 07:24 - 2015-12-28 13:45 - 00000169 _____ C:\WINDOWS\SysWOW64\DLC_Debug_log.txt
2016-02-26 07:24 - 2015-09-10 08:54 - 00000000 ____D C:\Program Files\Dell
2016-02-26 07:23 - 2015-12-28 10:45 - 00003970 _____ C:\WINDOWS\System32\Tasks\Opera scheduled Autoupdate 1451259897
 
==================== Files in the root of some directories =======
 
2016-01-04 14:54 - 2016-01-04 14:54 - 0099384 _____ () C:\Users\dougc\AppData\Roaming\inst.exe
2016-01-04 14:54 - 2016-01-04 14:54 - 0007859 _____ () C:\Users\dougc\AppData\Roaming\pcouffin.cat
2016-01-04 14:54 - 2016-01-04 14:54 - 0001167 _____ () C:\Users\dougc\AppData\Roaming\pcouffin.inf
2016-01-04 14:54 - 2016-01-04 14:54 - 0082816 _____ (VSO Software) C:\Users\dougc\AppData\Roaming\pcouffin.sys
2016-01-04 14:55 - 2016-03-25 10:50 - 0001165 _____ () C:\Users\dougc\AppData\Roaming\vso_ts_preview.xml
2016-02-19 07:05 - 2016-02-19 07:05 - 0000000 ___SH () C:\Users\dougc\AppData\Local\LumaEmu
2016-01-07 00:12 - 2016-03-16 12:18 - 0007606 _____ () C:\Users\dougc\AppData\Local\resmon.resmoncfg
2015-12-27 23:23 - 2015-12-27 23:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-20 20:28
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Doug (2016-03-27 19:00:53)
Running from C:\Users\dougc\AppData\Local\Temp\scoped_dir176_17343
Windows 10 Home Version 1511 (X64) (2015-12-27 12:42:48)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1093210795-3861125405-2594234469-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1093210795-3861125405-2594234469-503 - Limited - Disabled)
Doug (S-1-5-21-1093210795-3861125405-2594234469-1001 - Administrator - Enabled) => C:\Users\dougc
Guest (S-1-5-21-1093210795-3861125405-2594234469-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1093210795-3861125405-2594234469-1004 - Limited - Enabled)
markc (S-1-5-21-1093210795-3861125405-2594234469-1007 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Norton 360 (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Norton 360 (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 (Enabled) {6BFC5632-188D-B806-D13E-C607121B42A0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Adobe Acrobat 9 Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000004}{AC76BA86-1033-F400-7760-000000000004}) (Version: 9.0.0 - Adobe Systems)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
Adobe Flash Player 21 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 21.0.0.197 - Adobe Systems Incorporated)
AMD Catalyst Install Manager (HKLM\...\{6B0A300A-30C1-092E-069E-B366E34BE5F3}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Catalyst Install Manager (HKLM\...\{6D0ADF03-B505-F836-3317-521C40DDB44C}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AOMEI Backupper Standard (HKLM-x32\...\{A83692F5-3E9B-4E95-9E7E-B5DF5536CE9D}_is1) (Version:  - AOMEI Technology Co., Ltd.)
Arcade Tribe v2.1 (HKLM-x32\...\Arcade Tribe_is1) (Version:  - Etiumsoft, Inc.)
Ares (HKLM-x32\...\Ares) (Version: 2.3.8-Build#3062 - Seekar Ltd)
Ashampoo Photo Commander 10 v.10.2.1 (HKLM-x32\...\{C92AB6F1-4B66-808A-D77C-25EF81C0176A}_is1) (Version: 10.2.1 - Ashampoo GmbH & Co. KG)
BACK TO THE FUTURE EPISODE 1 (HKLM-x32\...\BACK TO THE FUTURE EPISODE 1) (Version:  - )
Belarc Advisor 8.5b (HKLM-x32\...\Belarc Advisor) (Version: 8.5.2.0 - Belarc Inc.)
Call of Duty Single Player Demo (HKLM-x32\...\Call of Duty Single Player Demo) (Version:  - )
CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform)
Code of Honor The French Foreign Legion Demo (HKLM-x32\...\FFLDEMO_is1) (Version:  - )
ConvertXtoDVD 4.0.6.316 (HKLM-x32\...\{DB6AB705-C9BD-40E3-8929-2EA57F36A4FF}_is1) (Version: 4.0.6.316 - )
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version:  - CyberGhost S.R.L.)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
CyberLink Power Media Player 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.5521.55 - CyberLink Corp.)
Dell Customer Connect (HKLM-x32\...\{99E581C6-471C-46CA-989E-3B17EB7E3F27}) (Version: 1.3.2.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.7.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{AE5E3C86-2633-4DAF-A7F4-C43D1E738BAE}) (Version: 3.1.3300.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{7B3E057E-F356-4DB0-A664-4FF813C73F20}) (Version: 2.1.59.0 - Dell Inc.)
Dell Help & Support (Version: 2.1.59.0 - Dell Inc.) Hidden
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{B57A8AFE-6735-4497-BD52-BD2F838F5CF0}) (Version: 1.2.1.31 - Dell)
Dell Update (HKLM-x32\...\{2BE9948C-FD9C-40B0-AC04-EE2AAB4C19D4}) (Version: 1.8.1114.0 - Dell Inc.)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.16.1 - Dropbox, Inc.)
Dropbox 20 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.77 - Dropbox, Inc.) Hidden
DSC/AA Factory Installer (Version: 1.1.6664.10 - PC-Doctor, Inc.) Hidden
EaseUS Todo Backup Free 9.1  (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 9.1 - CHENGDU YIWO Tech Development Co., Ltd)
FreeFixer (HKLM-x32\...\FreeFixer1.13) (Version: 1.13 - Kephyr)
FreshDiagnose (HKLM-x32\...\FreshDevices - FreshDiagnose_is1) (Version:  - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7210.1528 - Google Inc.)
Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version:  - Richard)
HD Video Converter Factory 8.3 (HKLM-x32\...\HD Video Converter Factory) (Version: 8.3 - WonderFox Soft, Inc.)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Driver Update Utility 2.4 (x32 Version: 2.4.0.7 - Intel) Hidden
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1169 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4300 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 30.100.1519.7 - Intel Corporation)
Intel® Turbo Boost Technology Monitor 2.6 (HKLM\...\{6C9365EB-1F9E-4893-9196-3EC77C88D0C5}) (Version: 2.6.2.0 - Intel)
Intel® Wireless Bluetooth® (HKLM-x32\...\{A501AF33-9AEA-4703-BC2F-D4B86458899D}) (Version: 17.1.1531.1764 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{561b5fb5-1d4d-40e8-b3e4-ad52858b217c}) (Version: 2.4.0.7 - Intel)
Intel® PROSet/Wireless Software (HKLM-x32\...\{03635e3e-3e57-4d80-9c7d-80c9f62bfc80}) (Version: 18.32.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.6.6570.1 - Waves Audio Ltd.) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.292.3 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
MSI Afterburner 4.2.0 (HKLM-x32\...\Afterburner) (Version: 4.2.0 - MSI Co., LTD)
Norton 360 (HKLM-x32\...\N360) (Version: 22.6.0.142 - Symantec Corporation)
NovaBench 3.0.4 (HKLM-x32\...\{88603FC0-6B3C-442D-981E-E3D49F083548}_is1) (Version:  - Novawave Inc.)
Nuclear Coffee - VideoGet (HKLM-x32\...\VideoGet_is1) (Version: 2014 - Nuclear Coffee)
NVIDIA PhysX (HKLM-x32\...\{64467D47-FFE4-4FBC-ABBA-A0DB829A17EB}) (Version: 9.12.0613 - NVIDIA Corporation)
OEM Application Profile (x32 Version: 1.00.0000 - Advanced Micro Devices, Inc.) Hidden
Opera Stable 36.0.2130.32 (HKLM-x32\...\Opera 36.0.2130.32) (Version: 36.0.2130.32 - Opera Software)
Paint Shop Pro 7 (HKLM-x32\...\{D6DE02C7-1F47-11D4-9515-00105AE4B89A}) (Version: 7.0.4.0000 - Jasc Software Inc)
Product Registration (HKLM-x32\...\InstallShield_{C1600AC7-74E3-4BB5-8B42-B13653792252}) (Version: 2.2.38.0 - Dell Inc.)
Product Registration (Version: 2.2.38.0 - Dell Inc.) Hidden
PX Profile Update (x32 Version: 1.00.1. - AMD) Hidden
Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 10.17.009 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7628 - Realtek Semiconductor Corp.)
RivaTuner Statistics Server 6.4.1 (HKLM-x32\...\RTSS) (Version: 6.4.1 - Unwinder)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version:  - Microsoft)
Should I Remove It (HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\...\Should I Remove It 1.0.4) (Version: 1.0.4 - Reason Software Company Inc.)
Should I Remove It (x32 Version: 1.0.4 - Reason Software Company Inc.) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.29 - Piriform)
SpyHunter 4 (HKLM-x32\...\SpyHunter) (Version: 4.21.18.4608 - Enigma Software Group, LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1216 - SUPERAntiSpyware.com)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
Tomb Raider: Underworld Demo 1.0 (HKLM-x32\...\Tomb Raider: Underworld Demo) (Version:  - )
UnHackMe 7.97 (HKLM-x32\...\UnHackMe_is1) (Version:  - Greatis Software, LLC.)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
Wondershare PDFelement(Build 5.7.4) (HKLM-x32\...\{5CA0183F-6D90-4615-91A5-F1A8A2014E83}_is1) (Version: 5.7.4.4 - Wondershare Software Co.,Ltd.)
Your Software Deals 1.0.0 (HKLM-x32\...\Your Software Deals_is1) (Version: 1.0.0 - Ashampoo GmbH & Co. KG) <==== ATTENTION
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1093210795-3861125405-2594234469-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\dougc\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {0A3D52B1-419A-4A64-92E0-FC63FFCBDA29} - System32\Tasks\ShouldIRemoveIt => C:\Users\dougc\AppData\Roaming\Reason\Should I Remove It\ShouldIRemoveIt.exe [2013-02-04] (Reason Software Company Inc.)
Task: {0E28F06C-59CE-461E-A574-7EF4D76F45E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-26] (Google Inc.)
Task: {1F0D5DE5-E3F4-40B3-B514-30981050FB0C} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {31243EEF-A363-4A70-98DE-3EC24C4A7746} - System32\Tasks\Opera scheduled Autoupdate 1458636179 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-14] (Opera Software)
Task: {314DCA9D-E5C5-4B0B-869C-3F0E9C8D6787} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2016-01-20] (Enigma Software Group USA, LLC.)
Task: {32709F07-7F70-467A-8EB1-83BA3F1A07B6} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {45759B4B-AF0F-42EC-A38B-FB3BC85AB182} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation)
Task: {47269045-33A6-40F2-BD6C-F3526FCFE71A} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-30] ()
Task: {4A9CCB15-963F-4DCA-8DE5-CA866C8FBFBC} - System32\Tasks\Norton 360\Norton Error Processor => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-11] (Symantec Corporation)
Task: {51B2B5B7-8065-45B1-9238-26EBA5413B7E} - System32\Tasks\Norton 360\Norton Error Analyzer => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-11] (Symantec Corporation)
Task: {5C839C3C-2ACE-4AB4-87A6-8D61504A2AB5} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-29] (CyberLink Corp.)
Task: {5D36EDA6-AA65-4205-9201-9F1B7B2D624E} - System32\Tasks\Norton 360\Norton Autofix => C:\Program Files (x86)\Norton 360\Engine\22.6.0.142\SymErr.exe [2016-02-11] (Symantec Corporation)
Task: {5EB4682B-FA6E-44EA-AB0F-4A3445504817} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton 360\Upgrade.exe [2016-02-26] (Symantec Corporation)
Task: {6191BFAE-5B06-450C-BEE6-4FC4F36C2125} - System32\Tasks\Opera scheduled Autoupdate 1451259897 => C:\Program Files (x86)\Opera\launcher.exe [2016-03-14] (Opera Software)
Task: {6504B071-5832-4D43-931D-3C10B8A15237} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-27] (Dropbox, Inc.)
Task: {6FFE9BFF-8CF4-4FBB-84E1-8195B42029E6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-26] (Google Inc.)
Task: {8A3DA440-06E9-4067-AFEE-48DBCC13EBCF} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
Task: {8FC36C0B-AEB9-4B05-997D-B1363938DA35} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\WINDOWS\TEMP\DeleteFolderTask.exe
Task: {9E50A41E-CC4D-4D0E-ABAA-F3E20FBE05FE} - System32\Tasks\Adobe Flash Player Updater => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-25] (Adobe Systems Incorporated)
Task: {9EA54C7E-9E99-421A-8B99-91418B08A56E} - System32\Tasks\UnHackMe Task Scheduler => C:\Program Files (x86)\UnHackMe\hackmon.exe [2016-03-14] (Greatis Software)
Task: {A44412D7-BE16-4AC5-8DC6-015574A276B6} - \PC Cleaner Pro Update Job -> No File <==== ATTENTION
Task: {AA48FA09-ECB8-481F-8965-7CBEC41FA09D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-09] (Microsoft Corporation)
Task: {B280A4F6-C7D1-403C-9401-F9D5F9971FC2} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_197_pepper.exe [2016-03-25] (Adobe Systems Incorporated)
Task: {C102BE60-69DA-49FE-930C-082002B10097} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2016-01-20] (Enigma Software Group USA, LLC.)
Task: {CAC9E637-624F-4A8F-96A4-DD64EF91CBB2} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-03-14] (Dell Inc.)
Task: {D2BCD1B3-0D02-4571-9922-8D443E8C2557} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-05-07] (CyberLink)
Task: {DC8FDCCD-0588-45A3-BB78-E49FFA2720DF} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-27] (Dropbox, Inc.)
Task: {E5059017-3A17-412F-880D-D170D60A583E} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-20] (PC-Doctor, Inc.)
Task: {F0B94EF7-B2CD-4C59-91BE-390BC4DC9962} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-12] (Piriform Ltd)
Task: {F74EE66B-BCF3-47EC-80E9-4BBB84442714} - \{09090C47-0B0D-787E-0D11-7F7D0B7D117A} -> No File <==== ATTENTION
Task: {F7E57D65-4BB0-41B8-A550-F89B30C5D3D6} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-20] (PC-Doctor, Inc.)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_21_0_0_197_pepper.exe
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\RunDLC.job => GH cmd c sc start Dell Help Support WORKGROUP DESKTOP EGUU4T7
Task: C:\WINDOWS\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Your Software Deals.lnk -> C:\ProgramData\Ashampoo\YourDeals.exe () -> hxxp://linktarget.ashampoo.com/linktarget/?target=marketplace&edition=eid=13695&utm_medium=desktop&x-pos=Metro
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 18:18 - 2015-10-30 18:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-09-10 08:42 - 2014-04-15 12:59 - 00253776 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-03-23 16:53 - 2015-12-10 06:14 - 00249384 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2016-03-05 12:44 - 2016-02-23 22:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-05 12:44 - 2016-02-23 22:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2013-09-05 00:17 - 2013-09-05 00:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2016-01-22 07:27 - 2016-01-22 07:28 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-28 18:14 - 2015-12-28 18:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-05 12:44 - 2016-02-23 19:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-13 08:38 - 2016-01-05 12:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-13 08:38 - 2016-01-05 12:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 14:49 - 2016-01-16 16:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 14:49 - 2016-01-16 16:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-09-10 09:11 - 2015-11-10 11:40 - 00404904 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-01-11 11:25 - 2016-01-11 11:25 - 00036200 _____ () C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
2016-01-07 03:41 - 2016-01-07 03:41 - 00062168 _____ () C:\Program Files\CCleaner\branding.dll
2016-03-10 06:59 - 2016-03-10 07:00 - 10244608 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.29.13.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2016-03-05 15:45 - 2016-03-05 15:46 - 00016384 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-03-05 15:45 - 2016-03-05 15:46 - 16062976 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-03-05 15:45 - 2016-03-05 15:46 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-01-21 07:07 - 2016-01-21 07:07 - 03746816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe
2015-12-27 19:05 - 2015-12-27 19:05 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00080936 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2016-03-23 16:53 - 2016-02-24 17:59 - 00027408 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CmcTbProxy.dll
2016-03-23 16:53 - 2016-02-24 17:59 - 00191248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCPipeCenter.dll
2016-03-23 16:53 - 2016-02-24 17:59 - 00177424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCAdapt.dll
2016-03-23 16:53 - 2016-02-24 17:59 - 00058640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBInfo.dll
2016-03-23 16:53 - 2016-02-24 17:59 - 00020752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CMCNetTokenProxy.dll
2016-03-23 16:53 - 2016-02-24 17:59 - 00131856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00030760 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2016-03-23 16:53 - 2016-02-24 17:59 - 00042256 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00769064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00443944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00111656 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileStorage.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00169512 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudInterface.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00501800 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\StorageMgr.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00025128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00059944 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00201768 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2016-03-23 16:53 - 2016-02-24 17:59 - 00023824 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00136232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00138792 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00306904 _____ () C:\Program Files (x86)\AOMEI Backupper\UiLogic.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00241368 _____ () C:\Program Files (x86)\AOMEI Backupper\diskmgr.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00290520 _____ () C:\Program Files (x86)\AOMEI Backupper\Comn.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00122584 _____ () C:\Program Files (x86)\AOMEI Backupper\FuncLogic.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00347864 _____ () C:\Program Files (x86)\AOMEI Backupper\ImgFile.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00028376 _____ () C:\Program Files (x86)\AOMEI Backupper\Encrypt.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00483032 _____ () C:\Program Files (x86)\AOMEI Backupper\EnumFolder.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00069336 _____ () C:\Program Files (x86)\AOMEI Backupper\Compress.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrLog.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00691928 _____ () C:\Program Files (x86)\AOMEI Backupper\Sync.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00077528 _____ () C:\Program Files (x86)\AOMEI Backupper\Ldm.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00061144 _____ () C:\Program Files (x86)\AOMEI Backupper\Device.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\BrFat.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00962264 _____ () C:\Program Files (x86)\AOMEI Backupper\BrNtfs.dll
2016-03-22 20:25 - 2015-02-26 00:00 - 02403504 _____ () C:\Program Files (x86)\AOMEI Backupper\QtCore4.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00282328 _____ () C:\Program Files (x86)\AOMEI Backupper\Clone.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00118488 _____ () C:\Program Files (x86)\AOMEI Backupper\Backup.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00155352 _____ () C:\Program Files (x86)\AOMEI Backupper\FlBackup.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00102104 _____ () C:\Program Files (x86)\AOMEI Backupper\BrVol.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00253656 _____ () C:\Program Files (x86)\AOMEI Backupper\GptBcd.dll
2016-03-22 20:25 - 2015-09-15 17:56 - 00175832 _____ () C:\Program Files (x86)\AOMEI Backupper\DeviceMgr.dll
2016-03-23 16:53 - 2015-12-10 06:04 - 00224808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2016-01-22 07:27 - 2016-01-22 07:28 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-22 07:27 - 2016-01-22 07:28 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-09-10 08:40 - 2014-12-08 18:28 - 00627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-09 09:28 - 2014-12-09 09:28 - 00016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2015-06-24 10:26 - 2015-06-24 10:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-09-18 23:34 - 2015-09-18 23:34 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-03-22 19:42 - 2016-03-14 19:14 - 63828520 _____ () C:\Program Files (x86)\Opera\36.0.2130.32\opera.dll
2016-03-22 19:42 - 2016-03-14 19:14 - 00080424 _____ () C:\Program Files (x86)\Opera\36.0.2130.32\win10_utils.DLL
2016-03-22 19:42 - 2016-03-14 19:14 - 02134568 _____ () C:\Program Files (x86)\Opera\36.0.2130.32\libglesv2.dll
2016-03-22 19:42 - 2016-03-14 19:14 - 00082472 _____ () C:\Program Files (x86)\Opera\36.0.2130.32\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\...\ssfs.com.au -> hxxps://secure.ssfs.com.au
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 22:04 - 2016-02-16 12:51 - 00000854 ____N C:\WINDOWS\system32\Drivers\etc\hosts
 
0.0.0.1 mssplus.mcafee.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\dougc\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\dell-wallpapers-12.jpg
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: wlidsvc => 3
HKLM\...\StartupApproved\StartupFolder: => "McAfee Security Scan Plus.lnk"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "Acrobat Assistant 8.0"
HKLM\...\StartupApproved\Run32: => "Adobe Acrobat Speed Launcher"
HKLM\...\StartupApproved\Run32: => "iSkysoft Helper Compact.exe"
HKLM\...\StartupApproved\Run32: => "EaseUS TB Tray Agent"
HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\...\StartupApproved\StartupFolder: => "Intel® Turbo Boost Technology Monitor 2.6.lnk"
HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\...\StartupApproved\StartupFolder: => "EasusTodoDiscountCoupon.txt"
HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\...\StartupApproved\Run: => "ares"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{29CD037D-5EB3-4E96-AF04-B5D10B82E43B}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{99AC3BAF-00F6-4B25-A87B-2AAEEEB417D0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{A63AAFB4-F0CD-4244-B5C4-3318736A7A0F}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{C06A8941-623C-4E0E-9B49-EC205BA7D0AE}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{476AABE3-B816-46D2-B123-B29D8121FCAF}] => (Allow) C:\Users\dougc\AppData\Local\Temp\7zS867E.tmp\SymNRT.exe
FirewallRules: [{5D671388-B4A8-49C5-92F7-3CF738891B14}] => (Allow) C:\Users\dougc\AppData\Local\Temp\7zS867E.tmp\SymNRT.exe
FirewallRules: [TCP Query User{F7807580-C256-4EBA-989D-4B914EB91ECB}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [UDP Query User{D471B1F9-B232-45D9-B6EA-A0ED58056468}C:\program files (x86)\ares\ares.exe] => (Allow) C:\program files (x86)\ares\ares.exe
FirewallRules: [{883D2E20-B19D-4702-8669-12406DDA9E52}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{DF702712-AD4A-4A16-A9B7-29C3CE1F1A82}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{6B11CB27-DFC6-4863-AF1E-4223BF26DF37}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbService.exe
FirewallRules: [{2240F7B9-0F5D-4BEB-AE6F-DF1FB3D5A0DF}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{D525722E-A7DD-480A-A0E9-9962BD9BD815}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBConsoleUI.exe
FirewallRules: [{5F5CC964-56AD-4E20-BF42-0477693E6FF7}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{A013C8C7-C88B-4D10-AF5A-C1C7D1A888AE}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
 
==================== Restore Points =========================
 
23-03-2016 07:05:38 Adblock Plus for IE
27-03-2016 15:26:30 Prior to running Unhackme
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/27/2016 06:48:51 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (8412) Database recovery/restore failed with unexpected error -543.
 
Error: (03/27/2016 06:48:51 PM) (Source: ESENT) (EventID: 452) (User: )
Description: svchost (8412) Database C:\Users\dougc\AppData\Local\Comms\UnistoreDB\store.vol requires logfiles 42-45 in order to recover successfully. Recovery could only locate logfiles starting at 45.
 
Error: (03/27/2016 06:33:50 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (8412) Database recovery/restore failed with unexpected error -543.
 
Error: (03/27/2016 06:33:50 PM) (Source: ESENT) (EventID: 452) (User: )
Description: svchost (8412) Database C:\Users\dougc\AppData\Local\Comms\UnistoreDB\store.vol requires logfiles 42-45 in order to recover successfully. Recovery could only locate logfiles starting at 45.
 
Error: (03/27/2016 06:18:51 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (8412) Database recovery/restore failed with unexpected error -543.
 
Error: (03/27/2016 06:18:51 PM) (Source: ESENT) (EventID: 452) (User: )
Description: svchost (8412) Database C:\Users\dougc\AppData\Local\Comms\UnistoreDB\store.vol requires logfiles 42-45 in order to recover successfully. Recovery could only locate logfiles starting at 45.
 
Error: (03/27/2016 06:03:50 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (8412) Database recovery/restore failed with unexpected error -543.
 
Error: (03/27/2016 06:03:50 PM) (Source: ESENT) (EventID: 452) (User: )
Description: svchost (8412) Database C:\Users\dougc\AppData\Local\Comms\UnistoreDB\store.vol requires logfiles 42-45 in order to recover successfully. Recovery could only locate logfiles starting at 45.
 
Error: (03/27/2016 05:48:48 PM) (Source: ESENT) (EventID: 454) (User: )
Description: svchost (8412) Database recovery/restore failed with unexpected error -543.
 
Error: (03/27/2016 05:48:48 PM) (Source: ESENT) (EventID: 452) (User: )
Description: svchost (8412) Database C:\Users\dougc\AppData\Local\Comms\UnistoreDB\store.vol requires logfiles 42-45 in order to recover successfully. Recovery could only locate logfiles starting at 45.
 
 
System errors:
=============
Error: (03/27/2016 06:48:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_5a498 service terminated with the following error: 
%%1358
 
Error: (03/27/2016 06:37:11 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-EGUU4T7)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-EGUU4T7DougS-1-5-21-1093210795-3861125405-2594234469-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (03/27/2016 06:37:11 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-EGUU4T7)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-EGUU4T7DougS-1-5-21-1093210795-3861125405-2594234469-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742
 
Error: (03/27/2016 06:34:00 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-EGUU4T7)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-EGUU4T7DougS-1-5-21-1093210795-3861125405-2594234469-1001LocalHost (Using LRPC)Farlex.581429F59E1D8_2.1.0.18_x64__wyegy4e46y996S-1-15-2-1267739591-1137297291-83386112-1979864472-959024908-3354412519-3889419757
 
Error: (03/27/2016 06:33:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_5a498 service terminated with the following error: 
%%1358
 
Error: (03/27/2016 06:18:51 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_5a498 service terminated with the following error: 
%%1358
 
Error: (03/27/2016 06:03:50 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_5a498 service terminated with the following error: 
%%1358
 
Error: (03/27/2016 05:48:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_5a498 service terminated with the following error: 
%%1358
 
Error: (03/27/2016 05:33:52 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_5a498 service terminated with the following error: 
%%1358
 
Error: (03/27/2016 05:18:48 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The User Data Access_5a498 service terminated with the following error: 
%%1358
 
 
CodeIntegrity:
===================================
  Date: 2016-03-23 09:06:41.662
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-22 15:23:13.673
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\drivers\sfhlp02.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2016-03-20 14:57:54.825
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-04-20 12:29:40.849
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-14 18:16:26.712
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-11 14:33:12.809
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-11 12:24:52.279
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-11 12:24:51.771
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-11 12:24:46.707
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-03-11 12:24:46.573
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\SysWOW64\usermgrcli.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 43%
Total physical RAM: 8083.83 MB
Available physical RAM: 4550.75 MB
Total Virtual: 9363.83 MB
Available Virtual: 5507.3 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:917.7 GB) (Free:771.98 GB) NTFS
Drive e: (My Book) (Fixed) (Total:1396.61 GB) (Free:686.88 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: D80DC52D)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 1396.6 GB) (Disk ID: 000389F4)
Partition 1: (Not Active) - (Size=1396.6 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================
 
Many thanks

 


  • 0

#4
Essexboy
Posted 28 March 2016 - 03:57 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
Did you write this visual basic script ?
Startup: C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Welcome.vbs [2016-03-22] ()



CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-01-20] (Enigma Software Group USA, LLC.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-12-27] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-27] ()
2016-03-22 17:15 - 2016-03-22 17:15 - 00000000 ____D C:\Users\dougc\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2016-03-19 10:04 - 2016-03-19 10:04 - 00000000 ____D C:\ProgramData\35f5d33d-5851-1
2016-03-19 10:04 - 2016-03-19 10:04 - 00000000 ____D C:\ProgramData\35f5d33d-02a1-0
2016-03-27 18:00 - 2016-02-17 10:30 - 00000426 _____ C:\WINDOWS\Tasks\SpyHunter4.job
Task: {314DCA9D-E5C5-4B0B-869C-3F0E9C8D6787} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2016-01-20] (Enigma Software Group USA, LLC.)
Task: {A44412D7-BE16-4AC5-8DC6-015574A276B6} - \PC Cleaner Pro Update Job -> No File <==== ATTENTION
Task: {C102BE60-69DA-49FE-930C-082002B10097} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2016-01-20] (Enigma Software Group USA, LLC.)
Task: {F74EE66B-BCF3-47EC-80E9-4BBB84442714} - \{09090C47-0B0D-787E-0D11-7F7D0B7D117A} -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

  • 0

#5
DMCEE
Posted 28 March 2016 - 05:46 PM

DMCEE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Essexboy, on 28 Mar 2016 - 8:57 PM, said:

Did you write this visual basic script ?
Startup: C:\Users\dougc\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Welcome.vbs [2016-03-22] ()



CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 


Quote

CreateRestorePoint:
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-01-20] (Enigma Software Group USA, LLC.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-12-27] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-27] ()
2016-03-22 17:15 - 2016-03-22 17:15 - 00000000 ____D C:\Users\dougc\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2016-03-19 10:04 - 2016-03-19 10:04 - 00000000 ____D C:\ProgramData\35f5d33d-5851-1
2016-03-19 10:04 - 2016-03-19 10:04 - 00000000 ____D C:\ProgramData\35f5d33d-02a1-0
2016-03-27 18:00 - 2016-02-17 10:30 - 00000426 _____ C:\WINDOWS\Tasks\SpyHunter4.job
Task: {314DCA9D-E5C5-4B0B-869C-3F0E9C8D6787} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2016-01-20] (Enigma Software Group USA, LLC.)
Task: {A44412D7-BE16-4AC5-8DC6-015574A276B6} - \PC Cleaner Pro Update Job -> No File <==== ATTENTION
Task: {C102BE60-69DA-49FE-930C-082002B10097} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2016-01-20] (Enigma Software Group USA, LLC.)
Task: {F74EE66B-BCF3-47EC-80E9-4BBB84442714} - \{09090C47-0B0D-787E-0D11-7F7D0B7D117A} -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers


Save this as fixlist.txt, in the same location as FRST.exe
<script pagespeed_no_defer="" type="text/javascript">//=d.offsetWidth&&0>=d.offsetHeight)a=!1;else{c=d.getBoundingClientRect();var f=document.body;a=c.top+("pageYOffset"in window?window.pageYOffset:(document.documentElement||f.parentNode||f).scrollTop);c=c.left+("pageXOffset"in window?window.pageXOffset:(document.documentElement||f.parentNode||f).scrollLeft);f=a.toString()+","+c;b.b.hasOwnProperty(f)?a=!1:(b.b[f]=!0,a=a<=b.e.height&&c<=b.e.width)}a&&(b.a.push(e),b.d[e]=!0)};p.prototype.checkImageForCriticality=function(b){b.getBoundingClientRect&&q(this,b)};h("pagespeed.CriticalImages.checkImageForCriticality",function(b){n.checkImageForCriticality(b)});h("pagespeed.CriticalImages.checkCriticalImages",function(){r(n)});var r=function(b){b.b={};for(var d=["IMG","INPUT"],a=[],c=0;c=a.length+e.length&&(a+=e)}b.g&&(e="&rd="+encodeURIComponent(JSON.stringify(s())),131072>=a.length+e.length&&(a+=e),d=!0);t=a;if(d){c=b.f;b=b.h;var f;if(window.XMLHttpRequest)f=new XMLHttpRequest;else if(window.ActiveXObject)try{f=new ActiveXObject("Msxml2.XMLHTTP")}catch(k){try{f=new ActiveXObject("Microsoft.XMLHTTP")}catch(u){}}f&&(f.open("POST",c+(-1==c.indexOf("?")?"?":"&")+"url="+encodeURIComponent(b)),f.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),f.send(a))}}},s=function(){var b={},d=document.getElementsByTagName("IMG");if(0==d.length)return{};var a=d[0];if(!("naturalWidth"in a&&"naturalHeight"in a))return{};for(var c=0;a=d[c];++c){var e=a.getAttribute("pagespeed_url_hash");e&&(!(e in b)&&0=b[e].k&&a.height>=b[e].j)&&(b[e]={rw:a.width,rh:a.height,ow:a.naturalWidth,oh:a.naturalHeight})}return b},t="";h("pagespeed.CriticalImages.getBeaconData",function(){return t});h("pagespeed.CriticalImages.Run",function(b,d,a,c,e,f){var k=new p(b,d,a,e,f);n=k;c&&m(function(){window.setTimeout(function(){r(k)},0)})});})();pagespeed.CriticalImages.Run('/mod_pagespeed_beacon','http://www.geekstogo.com/forum/index.php?s=b7dc0e017b777a266589f6b308e9132e&app=forums&module=ajax§ion=topics&do=quote&t=360307&p=2556672&md5check=64efecf75f4a5049bbcfc211b15d0fd7&isRte=1,zBX8hFeDQI,true,true,oKPHXb-yu9U');//]]></script> FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN

Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on AdwCleaner.exe to run the tool.
  • Click on Scan.
  • After the scan is complete click on "Clean"
  • Confirm each time with Ok.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next answer.
  • You can find the logfile at C:\AdwCleaner[S0].txt as well.

 

&&0

 

 

In answer to your first question regarding Welcome.vbs .... yes I wrote that script and have now deleted it.

 

Okay, I did as you suggested and ran the Fix. Here is the report created:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Doug (2016-03-29 07:41:32) Run:1
Running from C:\Users\dougc\Downloads
Loaded Profiles: Doug (Available Profiles: Doug)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
S2 SpyHunter 4 Service; C:\Program Files\Enigma Software Group\SpyHunter\SH4Service.exe [1042304 2016-01-20] (Enigma Software Group USA, LLC.)
R3 esgiguard; C:\Program Files\Enigma Software Group\SpyHunter\esgiguard.sys [15920 2015-12-27] (Enigma Software Group USA, LLC.)
S3 EsgScanner; C:\Windows\System32\DRIVERS\EsgScanner.sys [22704 2015-12-27] ()
2016-03-22 17:15 - 2016-03-22 17:15 - 00000000 ____D C:\Users\dougc\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A}
2016-03-19 10:04 - 2016-03-19 10:04 - 00000000 ____D C:\ProgramData\35f5d33d-5851-1
2016-03-19 10:04 - 2016-03-19 10:04 - 00000000 ____D C:\ProgramData\35f5d33d-02a1-0
2016-03-27 18:00 - 2016-02-17 10:30 - 00000426 _____ C:\WINDOWS\Tasks\SpyHunter4.job
Task: {314DCA9D-E5C5-4B0B-869C-3F0E9C8D6787} - System32\Tasks\SpyHunter4 => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2016-01-20] (Enigma Software Group USA, LLC.)
Task: {A44412D7-BE16-4AC5-8DC6-015574A276B6} - \PC Cleaner Pro Update Job -> No File <==== ATTENTION
Task: {C102BE60-69DA-49FE-930C-082002B10097} - System32\Tasks\SpyHunter4Startup => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe [2016-01-20] (Enigma Software Group USA, LLC.)
Task: {F74EE66B-BCF3-47EC-80E9-4BBB84442714} - \{09090C47-0B0D-787E-0D11-7F7D0B7D117A} -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\SpyHunter4.job => C:\Program Files\Enigma Software Group\SpyHunter\SpyHunter4.exe
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
RemoveProxy:
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
EmptyTemp:
CMD: bitsadmin /reset /allusers

*****************

Restore point was successfully created.
SpyHunter 4 Service => service removed successfully
esgiguard => Unable to stop service.
esgiguard => service removed successfully
EsgScanner => service removed successfully
C:\Users\dougc\AppData\Roaming\{950EB46C-6AC7-4ACC-AB36-9A6A77C08B6A} => moved successfully
C:\ProgramData\35f5d33d-5851-1 => moved successfully
C:\ProgramData\35f5d33d-02a1-0 => moved successfully
C:\WINDOWS\Tasks\SpyHunter4.job => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{314DCA9D-E5C5-4B0B-869C-3F0E9C8D6787}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{314DCA9D-E5C5-4B0B-869C-3F0E9C8D6787}" => key removed successfully
C:\WINDOWS\System32\Tasks\SpyHunter4 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A44412D7-BE16-4AC5-8DC6-015574A276B6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A44412D7-BE16-4AC5-8DC6-015574A276B6}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Cleaner Pro Update Job => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C102BE60-69DA-49FE-930C-082002B10097}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C102BE60-69DA-49FE-930C-082002B10097}" => key removed successfully
C:\WINDOWS\System32\Tasks\SpyHunter4Startup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\SpyHunter4Startup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F74EE66B-BCF3-47EC-80E9-4BBB84442714}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F74EE66B-BCF3-47EC-80E9-4BBB84442714}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{09090C47-0B0D-787E-0D11-7F7D0B7D117A}" => key removed successfully
C:\WINDOWS\Tasks\SpyHunter4.job => not found.

========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========

The operation completed successfully.

 

========= End of Reg: =========

========= RemoveProxy: =========

HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully

========= End of RemoveProxy: =========

=========  netsh advfirewall reset =========

Ok.

========= End of CMD: =========

=========  netsh advfirewall set allprofiles state ON =========

Ok.

========= End of CMD: =========

=========  ipconfig /flushdns =========

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

=========  netsh winsock reset catalog =========

Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.

========= End of CMD: =========

=========  netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Unicast Address, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  ipconfig /release =========

Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::fcd4:c6b4:a23a:f9d%2
   IPv4 Address. . . . . . . . . . . : 169.254.123.175
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::8cda:4351:ce61:41bf%5
   Default Gateway . . . . . . . . . :

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.{2688DFF0-C8CE-4FE1-BB5B-36E375B68B67}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========

=========  ipconfig /renew =========

Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Local Area Connection* 2 while it has its media disconnected.
No operation can be performed on Bluetooth Network Connection while it has its media disconnected.

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Local Area Connection* 2:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Ethernet adapter Ethernet 2:

   Connection-specific DNS Suffix  . :
   Link-local IPv6 Address . . . . . : fe80::fcd4:c6b4:a23a:f9d%2
   IPv4 Address. . . . . . . . . . . : 169.254.123.175
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Default Gateway . . . . . . . . . :

Wireless LAN adapter Wi-Fi:

   Connection-specific DNS Suffix  . : ns.bigpond.net.au
   Link-local IPv6 Address . . . . . : fe80::8cda:4351:ce61:41bf%5
   IPv4 Address. . . . . . . . . . . : 192.168.0.10
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : 192.168.0.1

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Tunnel adapter isatap.ns.bigpond.net.au:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : ns.bigpond.net.au

Tunnel adapter isatap.{2688DFF0-C8CE-4FE1-BB5B-36E375B68B67}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========

=========  netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting , failed.
Access is denied.

Restart the computer to complete this action.

========= End of CMD: =========

=========  netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.

========= End of CMD: =========

=========  bitsadmin /reset /allusers =========

BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

{915802D4-A05B-4E4F-8E58-A3E841D4F459} canceled.
{3A5BF53E-D38C-479D-A20B-88679197CF8E} canceled.
{6234C738-A041-4F4C-8614-64890CBD1B2B} canceled.
3 out of 3 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 396.5 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 07:42:12 ====

 

 

Following that I downloaded and ran the AdwCleaner scan.  Several items in the registry were listed for removal as well as two entries in the Chrome browser:

 

# AdwCleaner v5.107 - Logfile created 29/03/2016 at 07:50:35
# Updated 28/03/2016 by Xplode
# Database : 2016-03-28.2 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Doug - DESKTOP-EGUU4T7
# Running from : C:\Users\dougc\Downloads\AdwCleaner.exe
# Option : Scan
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLL ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector
Key Found : HKLM\SOFTWARE\Classes\protector_dll.Protector.1
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib
Key Found : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1
Key Found : HKLM\SOFTWARE\SmartPCFixer
Key Found : HKLM\SOFTWARE\Trymedia Systems
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Your Software Deals_is1
Key Found : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\11598763487076930564
Key Found : [x64] HKLM\SOFTWARE\SmartPCFixer
Key Found : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKU\S-1-5-21-1093210795-3861125405-2594234469-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d16fk4ms6rqz1v.cloudfront.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\EdpDomStorage\d22j4fzzszoii2.cloudfront.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d16fk4ms6rqz1v.cloudfront.net
Key Found : HKCU\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\microsoft.microsoftedge_8wekyb3d8bbwe\Children\001\Internet Explorer\DOMStorage\d22j4fzzszoii2.cloudfront.net

***** [ Web browsers ] *****

[C:\Users\dougc\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : aol.com
[C:\Users\dougc\AppData\Local\Google\Chrome\User Data\Default\Web data] [Search Provider] Found : ask.com

*************************

C:\AdwCleaner\AdwCleaner[S1].txt - [2529 bytes] - [29/03/2016 07:50:35]

########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [2602 bytes] ##########

 

 

When I selected the Clean option, however, I received a BSOD message stating:

 

      "Your PC ran into a problem and needs to restart.  We're just collecting some error info and then we'll restart for you (100% complete).

 

       If you'd like to know more you can search online later for this error:  CRITICAL_PROCESS_DIED"

 

After waiting an eternity no restart occurred, so I manualy powered off and powered up again and Windows started normally.

 

I have since tried this operation several times, always with the same result, so I cannot provide the report you requested after a clean.

 

A point worthy of note, however, is that I am no longer receiving the original Norton 360 message asking me to run Power Eraser so there has been definite progress and for that I am grateful.

 

Is there any way that I can avoid the BSOD to let AdwCleaner complete it's task?

 

I look forward to your response

 

 

Thanks again.


  • 0

#6
Essexboy
Posted 29 March 2016 - 07:47 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts
OK we will replace AdwCleaner with a different programme that does the same job

Please download Junkware Removal Tool to your desktop.
  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

  • 0

#7
DMCEE
Posted 29 March 2016 - 02:30 PM

DMCEE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts

OK we will replace AdwCleaner with a different programme that does the same job

Please download Junkware Removal Tool to your desktop.

  • Right-mouse click JRT.exe and select "Run as Administrator" the tool will open and start scanning your system
  • please be patient as this can take a while to complete depending on your system's specifications
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • post the contents of JRT.txt into your next message.

 

Okay, here are the results from JRT:

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.4 (03.14.2016)
Operating System: Windows 10 Home x64
Ran by Doug (Administrator) on 30-Mar-16 at  7:01:00.70
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

File System: 2

Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)

 

Registry: 2

Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{1EF56ABA-D965-41A7-9161-2FB96FFAFD77} (Registry Key)
Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} (Registry Key)

 

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 30-Mar-16 at  7:05:34.60
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

 

Interestingly, this program did not detect as many entries as AdwCleaner?


  • 0

#8
Essexboy
Posted 29 March 2016 - 02:43 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

It does not look in Edge yet and I believe that is where the crash originated from :)

 

How is the computer now .. Any problems


  • 0

#9
DMCEE
Posted 29 March 2016 - 05:13 PM

DMCEE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Essexboy, on 30 Mar 2016 - 07:43 AM, said:

It does not look in Edge yet and I believe that is where the crash originated from :)

 

How is the computer now .. Any problems

 

Computer seems reasonably stable now. No Norton 360 messages regarding having to run Power Eraser etc.  Still concerned, however, that AdwCleaner caused the system to crash and that registry entries regarding Edge were not removed by JRT.  Would it be worthwhile to do a Windows 10 repair install to fix Registry problems but still retain data and applications?

 

Thanks for your attention.  It is greatly appreciated.


  • 0

#10
Essexboy
Posted 30 March 2016 - 07:43 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

No need for that as we can reset Edge

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

CreateRestorePoint:
C:\Users\dougc\AppData\Local\Packages\Microsoft.MicrosoftEdge


Save this as fixlist.txt, in the same location as FRST.exe
FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN


Click Start and in the search box and type powershell

Right click the top option (powershell.exe) and select run as administrator

In the box that opens copy and paste the following command :

Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml” -Verbose}

It should autorun, if not then press enter


  • 0

#11
DMCEE
Posted 30 March 2016 - 02:13 PM

DMCEE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
Essexboy, on 31 Mar 2016 - 12:43 AM, said:

No need for that as we can reset Edge

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

Quote

CreateRestorePoint:
C:\Users\dougc\AppData\Local\Packages\Microsoft.MicrosoftEdge


Save this as fixlist.txt, in the same location as FRST.exe
<script pagespeed_no_defer="" type="text/javascript">//=d.offsetWidth&&0>=d.offsetHeight)a=!1;else{c=d.getBoundingClientRect();var f=document.body;a=c.top+("pageYOffset"in window?window.pageYOffset:(document.documentElement||f.parentNode||f).scrollTop);c=c.left+("pageXOffset"in window?window.pageXOffset:(document.documentElement||f.parentNode||f).scrollLeft);f=a.toString()+","+c;b.b.hasOwnProperty(f)?a=!1:(b.b[f]=!0,a=a<=b.e.height&&c<=b.e.width)}a&&(b.a.push(e),b.d[e]=!0)};p.prototype.checkImageForCriticality=function(b){b.getBoundingClientRect&&q(this,b)};h("pagespeed.CriticalImages.checkImageForCriticality",function(b){n.checkImageForCriticality(b)});h("pagespeed.CriticalImages.checkCriticalImages",function(){r(n)});var r=function(b){b.b={};for(var d=["IMG","INPUT"],a=[],c=0;c=a.length+e.length&&(a+=e)}b.g&&(e="&rd="+encodeURIComponent(JSON.stringify(s())),131072>=a.length+e.length&&(a+=e),d=!0);t=a;if(d){c=b.f;b=b.h;var f;if(window.XMLHttpRequest)f=new XMLHttpRequest;else if(window.ActiveXObject)try{f=new ActiveXObject("Msxml2.XMLHTTP")}catch(k){try{f=new ActiveXObject("Microsoft.XMLHTTP")}catch(u){}}f&&(f.open("POST",c+(-1==c.indexOf("?")?"?":"&")+"url="+encodeURIComponent(b)),f.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),f.send(a))}}},s=function(){var b={},d=document.getElementsByTagName("IMG");if(0==d.length)return{};var a=d[0];if(!("naturalWidth"in a&&"naturalHeight"in a))return{};for(var c=0;a=d[c];++c){var e=a.getAttribute("pagespeed_url_hash");e&&(!(e in b)&&0=b[e].k&&a.height>=b[e].j)&&(b[e]={rw:a.width,rh:a.height,ow:a.naturalWidth,oh:a.naturalHeight})}return b},t="";h("pagespeed.CriticalImages.getBeaconData",function(){return t});h("pagespeed.CriticalImages.Run",function(b,d,a,c,e,f){var k=new p(b,d,a,e,f);n=k;c&&m(function(){window.setTimeout(function(){r(k)},0)})});})();pagespeed.CriticalImages.Run('/mod_pagespeed_beacon','http://www.geekstogo.com/forum/index.php?s=5ba38ada7c77164abfb1e0b4499fbfaa&app=forums&module=ajax§ion=topics&do=quote&t=360307&p=2556964&md5check=64efecf75f4a5049bbcfc211b15d0fd7&isRte=1,zBX8hFeDQI,true,true,N8iQLBimbOo');//]]></script> FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN


Click Start and in the search box and type powershell

Right click the top option (powershell.exe) and select run as administrator

In the box that opens copy and paste the following command :

Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml” -Verbose}

It should autorun, if not then press enter&&0

Okay, completed both tasks. 

 

Here is the log created by FRST:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Doug (2016-03-31 07:05:54) Run:2
Running from C:\Users\dougc\Downloads
Loaded Profiles: Doug (Available Profiles: Doug)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
 C:\Users\dougc\AppData\Local\Packages\Microsoft.MicrosoftEdge
*****************

Restore point was successfully created.
"C:\Users\dougc\AppData\Local\Packages\Microsoft.MicrosoftEdge" => not found.

==== End of Fixlog 07:06:00 ====

 

Powershell command executed successfully also.

 

I will test the system now and report back.  Thanks


  • 0

#12
Essexboy
Posted 30 March 2016 - 02:54 PM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

:)


  • 0

#13
DMCEE
Posted 31 March 2016 - 12:07 AM

DMCEE

    Member

  • Topic Starter
  • Member
  • PipPip
  • 13 posts
DMCEE, on 31 Mar 2016 - 07:13 AM, said:

 

Essexboy, on 31 Mar 2016 - 12:43 AM, said:Essexboy, on 31 Mar 2016 - 12:43 AM, said:

No need for that as we can reset Edge

CAUTION : This fix is only valid for this specific machine, using it on another may break your computer

Open notepad and copy/paste the text in the quotebox below into it:
 

QuoteQuote

CreateRestorePoint:
C:\Users\dougc\AppData\Local\Packages\Microsoft.MicrosoftEdge


Save this as fixlist.txt, in the same location as FRST.exe
<script pagespeed_no_defer="" type="text/javascript">//=d.offsetWidth&&0>=d.offsetHeight)a=!1;else{c=d.getBoundingClientRect();var f=document.body;a=c.top+("pageYOffset"in window?window.pageYOffset:(document.documentElement||f.parentNode||f).scrollTop);c=c.left+("pageXOffset"in window?window.pageXOffset:(document.documentElement||f.parentNode||f).scrollLeft);f=a.toString()+","+c;b.b.hasOwnProperty(f)?a=!1:(b.b[f]=!0,a=a<=b.e.height&&c<=b.e.width)}a&&(b.a.push(e),b.d[e]=!0)};p.prototype.checkImageForCriticality=function(b){b.getBoundingClientRect&&q(this,b)};h("pagespeed.CriticalImages.checkImageForCriticality",function(b){n.checkImageForCriticality(b)});h("pagespeed.CriticalImages.checkCriticalImages",function(){r(n)});var r=function(b){b.b={};for(var d=["IMG","INPUT"],a=[],c=0;c=a.length+e.length&&(a+=e)}b.g&&(e="&rd="+encodeURIComponent(JSON.stringify(s())),131072>=a.length+e.length&&(a+=e),d=!0);t=a;if(d){c=b.f;b=b.h;var f;if(window.XMLHttpRequest)f=new XMLHttpRequest;else if(window.ActiveXObject)try{f=new ActiveXObject("Msxml2.XMLHTTP")}catch(k){try{f=new ActiveXObject("Microsoft.XMLHTTP")}catch(u){}}f&&(f.open("POST",c+(-1==c.indexOf("?")?"?":"&")+"url="+encodeURIComponent(b)),f.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),f.send(a))}}},s=function(){var b={},d=document.getElementsByTagName("IMG");if(0==d.length)return{};var a=d[0];if(!("naturalWidth"in a&&"naturalHeight"in a))return{};for(var c=0;a=d[c];++c){var e=a.getAttribute("pagespeed_url_hash");e&&(!(e in b)&&0=b[e].k&&a.height>=b[e].j)&&(b[e]={rw:a.width,rh:a.height,ow:a.naturalWidth,oh:a.naturalHeight})}return b},t="";h("pagespeed.CriticalImages.getBeaconData",function(){return t});h("pagespeed.CriticalImages.Run",function(b,d,a,c,e,f){var k=new p(b,d,a,e,f);n=k;c&&m(function(){window.setTimeout(function(){r(k)},0)})});})();pagespeed.CriticalImages.Run('/mod_pagespeed_beacon','http://www.geekstogo.com/forum/index.php?s=5ba38ada7c77164abfb1e0b4499fbfaa&app=forums&module=ajax§ion=topics&do=quote&t=360307&p=2556964&md5check=64efecf75f4a5049bbcfc211b15d0fd7&isRte=1,zBX8hFeDQI,true,true,N8iQLBimbOo');//]]></script> <script pagespeed_no_defer="" type="text/javascript">//=d.offsetWidth&&0>=d.offsetHeight)a=!1;else{c=d.getBoundingClientRect();var f=document.body;a=c.top+("pageYOffset"in window?window.pageYOffset:(document.documentElement||f.parentNode||f).scrollTop);c=c.left+("pageXOffset"in window?window.pageXOffset:(document.documentElement||f.parentNode||f).scrollLeft);f=a.toString()+","+c;b.b.hasOwnProperty(f)?a=!1:(b.b[f]=!0,a=a<=b.e.height&&c<=b.e.width)}a&&(b.a.push(e),b.d[e]=!0)};p.prototype.checkImageForCriticality=function(b){b.getBoundingClientRect&&q(this,b)};h("pagespeed.CriticalImages.checkImageForCriticality",function(b){n.checkImageForCriticality(b)});h("pagespeed.CriticalImages.checkCriticalImages",function(){r(n)});var r=function(b){b.b={};for(var d=["IMG","INPUT"],a=[],c=0;c=a.length+e.length&&(a+=e)}b.g&&(e="&rd="+encodeURIComponent(JSON.stringify(s())),131072>=a.length+e.length&&(a+=e),d=!0);t=a;if(d){c=b.f;b=b.h;var f;if(window.XMLHttpRequest)f=new XMLHttpRequest;else if(window.ActiveXObject)try{f=new ActiveXObject("Msxml2.XMLHTTP")}catch(k){try{f=new ActiveXObject("Microsoft.XMLHTTP")}catch(u){}}f&&(f.open("POST",c+(-1==c.indexOf("?")?"?":"&")+"url="+encodeURIComponent(b)),f.setRequestHeader("Content-Type","application/x-www-form-urlencoded"),f.send(a))}}},s=function(){var b={},d=document.getElementsByTagName("IMG");if(0==d.length)return{};var a=d[0];if(!("naturalWidth"in a&&"naturalHeight"in a))return{};for(var c=0;a=d[c];++c){var e=a.getAttribute("pagespeed_url_hash");e&&(!(e in b)&&0=b[e].k&&a.height>=b[e].j)&&(b[e]={rw:a.width,rh:a.height,ow:a.naturalWidth,oh:a.naturalHeight})}return b},t="";h("pagespeed.CriticalImages.getBeaconData",function(){return t});h("pagespeed.CriticalImages.Run",function(b,d,a,c,e,f){var k=new p(b,d,a,e,f);n=k;c&&m(function(){window.setTimeout(function(){r(k)},0)})});})();pagespeed.CriticalImages.Run('/mod_pagespeed_beacon','http://www.geekstogo.com/forum/index.php?s=0dec3b0878eeb3c689af366f6b2f2a30&app=forums&module=ajax§ion=topics&do=quote&t=360307&p=2557015&md5check=64efecf75f4a5049bbcfc211b15d0fd7&isRte=1,zBX8hFeDQI,true,true,onGd_xxJHfU');//]]></script> FRSTfix.JPG
Run FRST and press Fix
On completion a log will be generated please post that

THEN


Click Start and in the search box and type powershell

Right click the top option (powershell.exe) and select run as administrator

In the box that opens copy and paste the following command :

Get-AppXPackage -AllUsers -Name Microsoft.MicrosoftEdge | Foreach {Add-AppxPackage -DisableDevelopmentMode -Register “$($_.InstallLocation)\AppXManifest.xml” -Verbose}

It should autorun, if not then press enter&&0&&0

Okay, completed both tasks. 

 

Here is the log created by FRST:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Doug (2016-03-31 07:05:54) Run:2
Running from C:\Users\dougc\Downloads
Loaded Profiles: Doug (Available Profiles: Doug)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CreateRestorePoint:
 C:\Users\dougc\AppData\Local\Packages\Microsoft.MicrosoftEdge
*****************

Restore point was successfully created.
"C:\Users\dougc\AppData\Local\Packages\Microsoft.MicrosoftEdge" => not found.

==== End of Fixlog 07:06:00 ====

 

Powershell command executed successfully also.

 

I will test the system now and report back.  Thanks

 

Happy to report that everything seems fine and the system is stable.

 

Sincere thanks for a job well done!


  • 0

#14
Essexboy
Posted 31 March 2016 - 07:39 AM

Essexboy

    GeekU Moderator

  • Retired Staff
  • 69,964 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP