Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Viruses Found

Started by cahagg01 , Apr 30 2016 07:52 PM

This topic is locked

#1
cahagg01

Posted 30 April 2016 - 07:52 PM

Member

Member
37 posts

I ran an AVG Scan on my computer, and it found one threat and it was trojan horse generic37.BELF. After running my AVG virus scan I turned it off and ran an ESET online virus scan and it found three threats. All of them being win32/adware.coupon.aa

I am unsure if these viruses are removed from my computer though, and if you can tell me what to do in order to check this, and fix the problem if they are not removed, along with making sure that there is nothing else on the computer. Thanks

#2
zep516

Posted 01 May 2016 - 03:06 PM

Trusted Helper

Malware Removal
8,090 posts

Hi! My name is zep516 and Welcome to Geekstogo!
I'll do the best I can to resolve your computer issue
Please make sure to carefully read any instruction that I give you. If you're not sure, or if something unexpected happens, don't continue Stop and ask! Never be afraid to ask questions!

Everything gets download to the desktop and tools are "Run as administrator."

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
Press Scan button.
It will produce a log called FRST.txt in the same directory the tool is run from.
Please copy and paste log back here.
The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please also paste that along with the FRST.txt into your reply.

Next

Please download AdwCleaner by Xplode onto your Desktop.
Close all open programs and internet browsers.
Double click on AdwCleaner.exe to run the tool.
Click the Scan button and wait for the process to complete.
Click the logfile button and the log will open in Notepad.
Click on the Clean button follow the prompts.
A log file will automatically open after the scan has finished and the PC has rebooted.
Please post the content of that log file with your next answer.
The report will be saved in the C:\AdwCleaner folder.

Next

Please download Junkware Removal Tool to your Desktop.
Please close your security software to avoid potential conflicts. See Here how to disable you security protection (Anti Virus)
Run the tool by double-clicking it. If you are using Windows Vista or 7, right-mouse click it and select Run as administrator.
The tool will open and start scanning your system.
Please be patient as this can take a while to complete, depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your Desktop and will automatically open.
Please post the contents of JRT.txt into your reply.

Please post in your next reply, post the log reports directly no attachments please.
FRST.TXT
Additions.txt
AdwCleaner log
JRT.txt

Thanks
Joe

#3
cahagg01

Posted 01 May 2016 - 06:01 PM

Member

Topic Starter
Member
37 posts

Additional Results

aAdditional scan result of Farbar Recovery Scan Tool (x64) Version:01-05-2016

Ran by Chad (2016-05-01 18:57:06)

Running from C:\Users\rob\Downloads

Windows 10 Home Version 1511 (X64) (2015-11-20 03:04:29)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-3233161892-925590444-3610564290-500 - Administrator - Disabled)

Chad (S-1-5-21-3233161892-925590444-3610564290-1001 - Administrator - Enabled) => C:\Users\rob

DefaultAccount (S-1-5-21-3233161892-925590444-3610564290-503 - Limited - Disabled)

Guest (S-1-5-21-3233161892-925590444-3610564290-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-3233161892-925590444-3610564290-1002 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

FW: AVG update module (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Acer Backup Manager (HKLM-x32\...\InstallShield_{72B776E5-4530-4C4B-9453-751DF87D9D93}) (Version: 2.0.0.60 - NewTech Infosystems)

Acer Crystal Eye webcam Ver:1.1.178.503 (HKLM-x32\...\{D0ACE89D-EC7F-470F-80BE-4C98ED366B32}) (Version: 1.1.178.503 - Chicony Electronics Co.,Ltd.)

Acer ePower Management (HKLM-x32\...\{3DB0448D-AD82-4923-B305-D001E521A964}) (Version: 5.00.3002 - Acer Incorporated)

Acer eRecovery Management (HKLM-x32\...\{7F811A54-5A09-4579-90E1-C93498E230D9}) (Version: 4.05.3007 - Acer Incorporated)

Acer Game Console (x32 Version: - WildTangent) Hidden

Acer Games (HKLM-x32\...\WildTangent acer Master Uninstall) (Version: 1.0.0.80 - WildTangent)

Acer ScreenSaver (HKLM-x32\...\Acer Screensaver) (Version: 1.1.0423.2010 - Acer Incorporated)

Acer Updater (HKLM-x32\...\{EE171732-BEB4-4576-887D-CB62727F01CA}) (Version: 1.02.3001 - Acer Incorporated)

Acrobat.com (HKLM-x32\...\{287ECFA4-719A-2143-A09B-D6A12DE54E40}) (Version: 1.6.65 - Adobe Systems Incorporated)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 22.0.0.97 - Adobe Systems Incorporated)

Alcor Micro USB Card Reader (HKLM-x32\...\InstallShield_{6030FCD7-8F1A-427D-AF05-8DD1A2EA2ABA}) (Version: 1.5.17.05094 - Alcor Micro Corp.)

Alcor Micro USB Card Reader (x32 Version: 1.5.17.05094 - Alcor Micro Corp.) Hidden

ALPS Touch Pad Driver (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 7.105.2015.1107 - Alps Electric)

Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)

Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{6F085FCD-4B6A-4F63-AF23-B74629C40797}) (Version: 9.3.0.15 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)

AVG (Version: 16.61.7539 - AVG Technologies) Hidden

AVG 2016 (Version: 16.0.4563 - AVG Technologies) Hidden

AVG Protection (HKLM\...\AVG) (Version: 2016.61.7539 - AVG Technologies)

Backup Manager Basic (x32 Version: 2.0.0.60 - NewTech Infosystems) Hidden

Bejeweled 2 Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

Blackboard Collaborate Launcher (HKLM-x32\...\{7D82D616-8BD8-4BE3-B19C-C4BC772E8426}) (Version: 1.2.0.0 - Blackboard)

Blackhawk Striker 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Bob the Builder Can-Do-Zoo (x32 Version: 2.2.0.82 - WildTangent) Hidden

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

Broadcom Gigabit NetLink Controller (HKLM\...\{A84DB02B-9C2B-4272-9D2D-A80E00A56513}) (Version: 12.52.03 - Broadcom Corporation)

Build-a-lot 2 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Canon MX320 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX320_series) (Version: - )

Compatibility Pack for the 2007 Office system (HKLM-x32\...\{90120000-0020-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Content Manager (HKLM-x32\...\{B64BC516-2406-43AE-A21A-1E387A2343B1}) (Version: 2.70 - Magellan)

Coupon Printer for Windows (HKLM-x32\...\Coupon Printer for Windows5.0.0.9) (Version: 5.0.0.9 - Coupons.com Incorporated)

CyberLink PowerDVD 14 (HKLM-x32\...\{32C8E300-BDB4-4398-92C2-E9B7D8A233DB}) (Version: 14.0.4412.58 - CyberLink Corp.)

CyberLink PowerDVD 9 (HKLM-x32\...\InstallShield_{A8516AC9-AAF1-47F9-9766-03E2D4CDBCF8}) (Version: 9.0.2529.50 - CyberLink Corp.)

CyberSports for Basketball V6 (HKLM-x32\...\{0996B5A2-1D87-4CDF-9029-1FD14D7EFBE0}) (Version: - )

D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden

eBay Worldwide (HKLM-x32\...\{E0B19DF7-B1C7-4937-82C4-0E4B1E346965}) (Version: 2.1.0901 - OEM)

Escape Rosecliff Island (x32 Version: 2.2.0.82 - WildTangent) Hidden

ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )

eSobi v2 (HKLM-x32\...\InstallShield_{15D967B5-A4BE-42AE-9E84-64CD062B25AA}) (Version: 2.0.4.000274 - esobi Inc.)

eSobi v2 (x32 Version: 2.0.4.000274 - esobi Inc.) Hidden

Faerie Solitaire (x32 Version: 2.2.0.82 - WildTangent) Hidden

FATE - The Traitor Soul (x32 Version: 2.2.0.82 - WildTangent) Hidden

FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)

FMW 1 (Version: 1.73.2 - AVG Technologies) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.112 - Google Inc.)

Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.)

Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden

HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.)

HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard)

HP Support Solutions Framework (HKLM-x32\...\{55065080-504F-43BB-BE00-36B80D7D39A5}) (Version: 12.2.8.17 - Hewlett-Packard Company)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

Identity Card (HKLM-x32\...\Identity Card) (Version: 1.00.3003 - Acer Incorporated)

Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)

Intel® Graphics Media Accelerator Driver (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 8.15.10.2119 - Intel Corporation)

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 6.0.0.1179 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 9.5.6.1001 - Intel Corporation)

iTunes (HKLM\...\{8E7A6BD9-016E-4AA0-9A09-BB03537562D8}) (Version: 12.3.3.17 - Apple Inc.)

Jewel Quest Solitaire 3 (x32 Version: 2.2.0.82 - WildTangent) Hidden

Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Launch Manager (HKLM-x32\...\LManager) (Version: 4.0.8 - Acer Inc.)

Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)

Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)

Microsoft Office PowerPoint Viewer 2007 (English) (HKLM-x32\...\{95120000-00AF-0409-0000-0000000FF1CE}) (Version: 12.0.6612.1000 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)

Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Monopoly (x32 Version: 2.2.0.82 - WildTangent) Hidden

Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden

Mystery P.I. - Lost in Los Angeles (x32 Version: 2.2.0.82 - WildTangent) Hidden

MyWinLocker (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden

MyWinLocker Suite (HKLM-x32\...\InstallShield_{738BF5C3-AF7B-4BB0-B7EF-E505EFC756BE}) (Version: 3.1.206.0 - Egis Technology Inc.)

MyWinLocker Suite (x32 Version: 3.1.206.0 - Egis Technology Inc.) Hidden

NTI Backup Now 5 (HKLM-x32\...\InstallShield_{12EFA1A4-AC3B-443C-8143-237EDE760403}) (Version: 5.1.2.628 - NewTech Infosystems)

NTI Backup Now Standard (x32 Version: 5.1.2.628 - NewTech Infosystems) Hidden

NTI Media Maker 8 (HKLM-x32\...\InstallShield_{2413930C-8309-47A6-BC61-5EF27A4222BC}) (Version: 8.0.12.6630 - NewTech Infosystems)

NTI Media Maker 8 (x32 Version: 8.0.12.6630 - NewTech Infosystems) Hidden

Penguins! (x32 Version: 2.2.0.82 - WildTangent) Hidden

Plants vs. Zombies (x32 Version: 2.2.0.82 - WildTangent) Hidden

Polar Bowler (x32 Version: 2.2.0.82 - WildTangent) Hidden

Polar Golfer (x32 Version: 2.2.0.82 - WildTangent) Hidden

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)

Scrabble Plus (x32 Version: 2.2.0.82 - WildTangent) Hidden

Shredder (Version: 2.0.5.0 - Egis Technology Inc.) Hidden

Shredder (x32 Version: 2.0.5.0 - Egis Technology Inc.) Hidden

Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)

Skype™ 7.23 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.23.104 - Skype Technologies S.A.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.19.1 - Synaptics Incorporated)

The Price is Right (x32 Version: 2.2.0.82 - WildTangent) Hidden

Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)

Virtual Families (x32 Version: 2.2.0.82 - WildTangent) Hidden

Virtual Villagers - A New Home (x32 Version: 2.2.0.82 - WildTangent) Hidden

Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)

Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

Welcome Center (HKLM-x32\...\Acer Welcome Center) (Version: 1.00.3013 - Acer Incorporated)

Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

Windows Live Sync (HKLM-x32\...\{84EBDF39-4B33-49D7-A0BD-EB6E2C4E81C1}) (Version: 14.0.8089.726 - Microsoft Corporation)

Yahtzee (x32 Version: 2.2.0.82 - WildTangent) Hidden

Zuma Deluxe (x32 Version: 2.2.0.82 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3233161892-925590444-3610564290-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\rob\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {01FA6A11-48C8-4B53-AC52-5821739D8DEB} - System32\Tasks\0215avUpdateInfo => C:\ProgramData\Avg_Update_0215av\0215av_AVG-Secure-Search-Update.exe

Task: {035ED136-340F-421D-8F42-636A91D1DE3C} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-03-11] (Hewlett-Packard)

Task: {052ACBE1-173F-4456-8775-D7736E79A7A7} - System32\Tasks\1215avtUpdateInfo => C:\ProgramData\Avg_Update_1215avt\1215avt_AVG-Secure-Search-Update.exe [2015-11-22] ()

Task: {057DD9A1-9A24-46B3-86BD-07C3B726AC27} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {0A2C29AE-1991-4033-BF93-A6CE3AABE8AE} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {1060171C-6EB0-43C3-B362-F8D703F5D4D4} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe

Task: {1D66B644-CBA5-4C4C-BA9A-F47E26FE396B} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {1DF9DAAD-B7D6-4D66-A1B4-D634C95B16F4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {35972B2D-BDE2-4F9F-9CB8-7BCF22513286} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {391B4761-209D-4924-B017-AC2739140AEB} - System32\Tasks\0615pitUpdateInfo => C:\ProgramData\Avg_Update_0615pit\0615pit_AVG-Secure-Search-Update.exe [2015-09-17] ()

Task: {3E8490E5-410A-457D-8B7A-B7A20D9CCAE8} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe

Task: {4186CBAA-E820-4A91-96BA-39F391EC41C4} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe

Task: {44557719-3107-4C6E-83E6-3D05059A975F} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe

Task: {4550DFDD-9684-4D01-84E3-DA50DDD55847} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-03-07] (Hewlett-Packard)

Task: {501AAE30-D0D1-49E0-9552-AD04037F40E0} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {61B9DAB6-F5F9-4D88-A955-8B929F9F68A2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)

Task: {676CBC95-98CA-4641-960A-683E2181487B} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-07-15] (Adobe Systems Incorporated)

Task: {6B67C001-147E-48B6-AFD1-DEBD3FA12A9A} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {6BB04C42-5B02-4416-879B-201C92581D73} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {6E5EACD8-1A59-4DAE-87B1-2BFA26D45653} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe

Task: {76195294-988B-4FFC-9E1F-3FC17D9ADCBA} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {7BC93B9A-591E-45C5-9D8F-C4B97DD7DA71} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe

Task: {7FBA3706-C7AF-46D0-A5AE-6AAEAE686180} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {86461943-CFA5-4287-A5AB-5854DCF9E68F} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe

Task: {88748D69-B49F-4771-B4ED-957E49009358} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe

Task: {890E9DCF-BF69-4EA7-950E-BB64810ECBEB} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe

Task: {8EB86243-0E8C-4E59-9973-B3611E6559EE} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe

Task: {99E3F095-FF58-4C93-9743-7194F92D2D36} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {9B40D1CB-9170-49C8-95E8-8C208957F6C9} - System32\Tasks\{66C26588-CF9D-47CB-950D-3A3618077956} => pcalua.exe -a "C:\Users\rob\Downloads\CM_Setup_NA_2703 (6).exe" -d C:\Users\rob\Downloads

Task: {AEFB069E-2B7E-4DA1-A7CE-B217649AE0F5} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe

Task: {B0EF36D8-A02F-4A5F-B34D-644595C664DD} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

Task: {C7EBDD46-486D-42AD-A57B-80AC292B2BDD} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe

Task: {CB07F9F9-B453-4AF2-AEC5-A12C75AC2FBE} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe

Task: {CB9C6C92-E27D-490F-AA5D-4366EC6B5B5B} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe

Task: {CC31EB7C-4B34-4CD8-B69C-BD9965FC44A0} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {CC97D294-849F-4DDE-B8ED-8D9B6A37F49C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe

Task: {D0B47E3E-AB6B-49C5-980B-BD68057027CE} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {D2CE0CE3-EC91-4109-809A-32689E46FC96} - System32\Tasks\{3B592274-10CE-4122-8474-6800506B31E2} => pcalua.exe -a "C:\Users\rob\Downloads\CM_Setup_NA_2703 (5).exe" -d C:\Users\rob\Downloads

Task: {D7929925-DD51-422C-8257-2E2424DB8B0B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {DB099173-18AF-42EC-8F41-1404B22EAE3B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe

Task: {DC466EF9-8497-4983-9197-A75646505F63} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {DFB9A512-67F1-4EBD-AB64-6986F1C73D75} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe

Task: {E4D3AE10-C97A-4F8A-B8B0-0F9928E06CAA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-04-20] (Microsoft Corporation)

Task: {E961713A-7C36-4F48-9065-0FC3DDB5CFEC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {EA38AD2F-07CA-4655-BD41-D520B965B43C} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe

Task: {EB9D353D-CAB5-4B9D-9DBA-07758D9C9216} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)

Task: {F017425D-A17F-448E-AE5B-E0895CC0327C} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {F223B7A3-B11F-42D2-8285-DABC3FDCEF0E} - System32\Tasks\{BDC9C38C-FD6C-41C1-8D4E-82E6A7FAD338} => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2015-09-02] ()

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\ParetoLogic Update Version3_triggeronce.job => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2016-04-27 18:48 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2016-04-27 18:48 - 2016-03-29 05:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2016-04-26 18:23 - 2016-04-26 18:23 - 00959176 _____ () C:\Users\rob\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\amd64\ClientTelemetry.dll

2016-04-18 19:47 - 2016-04-18 19:47 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

2015-12-17 22:16 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll

2016-04-27 18:45 - 2016-04-01 22:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2016-04-27 18:46 - 2016-04-01 22:03 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2016-04-27 18:46 - 2016-04-01 21:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2016-04-27 18:47 - 2016-04-01 21:59 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2016-04-27 18:47 - 2016-04-01 22:02 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2012-11-26 23:54 - 2012-11-26 23:54 - 00094208 _____ () C:\Windows\System32\IccLibDll_x64.dll

2014-05-17 15:38 - 2014-05-17 15:38 - 00206208 _____ () C:\Windows\PLFSetI.exe

2016-03-30 20:56 - 2016-03-30 20:56 - 00016896 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

2016-03-30 20:56 - 2016-03-30 20:56 - 17535488 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll

2016-03-17 19:15 - 2016-03-17 19:15 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll

2016-03-18 22:56 - 2016-03-18 22:56 - 00080184 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll

2016-03-18 22:56 - 2016-03-18 22:56 - 01040656 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll

2010-03-27 06:57 - 2009-12-23 19:32 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll

2010-03-08 19:18 - 2010-03-08 19:18 - 00465576 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\sqlite3.dll

2010-03-08 19:13 - 2010-03-08 19:13 - 01081600 _____ () C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\ACE.dll

2016-04-18 19:47 - 2016-04-18 19:47 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll

2016-04-18 19:47 - 2016-04-18 19:47 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll

2016-04-18 19:47 - 2016-04-18 19:47 - 02941440 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll

2016-04-18 19:47 - 2016-04-18 19:47 - 00583168 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll

2016-04-18 19:47 - 2016-04-18 19:47 - 01300992 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\MessagingNativeBase.dll

2016-04-26 18:23 - 2016-04-26 18:23 - 00679624 _____ () C:\Users\rob\AppData\Local\Microsoft\OneDrive\17.3.6386.0412\ClientTelemetry.dll

2014-05-17 19:04 - 2009-05-20 17:02 - 00072200 _____ () C:\Program Files (x86)\Launch Manager\CdDirIo.dll

2016-04-08 09:12 - 2016-04-08 09:12 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll

2016-04-17 20:36 - 2016-04-06 05:04 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libglesv2.dll

2016-04-17 20:36 - 2016-04-06 05:04 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.112\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3233161892-925590444-3610564290-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\rob\Pictures\Chad and Sarah 1.jpg

DNS Servers: 209.18.47.61 - 209.18.47.62

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: Skype => "C:\Program Files (x86)\Skype\Phone\Skype.exe" /minimized /regrun

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe

FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808

FirewallRules: [{A2184142-D13F-4269-842C-A9558531F18A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{B60853ED-E280-42DF-9853-B072FA37CB23}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe

FirewallRules: [{BB25A475-0434-47EC-8FAF-D626414B8AF7}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{773C8124-7746-43F0-A434-828E7302519B}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{BD44B656-7890-4A65-B068-3EDAC52711B5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{A8170BE6-C858-4506-B3C9-181BE65A2C2E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [UDP Query User{61B8B96C-1DEA-40FA-A311-5B613B729F8E}C:\users\rob\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe] => (Block) C:\users\rob\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe

FirewallRules: [TCP Query User{80B99CF2-F824-420A-BB69-759074ED905E}C:\users\rob\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe] => (Block) C:\users\rob\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe

FirewallRules: [{6506D408-AE0F-49F8-9410-A792F87ADC36}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{C6C32231-99BD-4F68-9900-BBD8A5A83ED3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe

FirewallRules: [{7E645FD6-4489-4A37-ADFD-EC6DC424AA68}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

FirewallRules: [{1C40B32F-8D73-4325-82E0-0FD4E9EBE375}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe

FirewallRules: [UDP Query User{A3E64385-67B7-47B1-B68D-EA8FD1D55AA6}C:\users\rob\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe] => (Block) C:\users\rob\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe

FirewallRules: [TCP Query User{1EFBFED2-CCB2-4110-89AA-FD5E6465FD8C}C:\users\rob\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe] => (Block) C:\users\rob\appdata\local\blackboard\blackboard collaborate launcher\embedded\java\jre1.7.0_40\bin\javaw.exe

FirewallRules: [{D49C6295-18B3-4958-8D7E-60291148E02D}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{1DA7A0D8-7EDA-4114-B5E8-8EB75E999D24}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{951EBD8D-3269-4021-B70B-9FAC568FD864}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{26B40E8F-3DA5-411A-A18D-1793B5E9B8C9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{D0632429-D4D1-4A69-83C6-17E13ADA3804}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

FirewallRules: [{A3E35E11-4EA2-448C-851A-FB616AEADA9C}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

FirewallRules: [{C8551269-20A7-4E5C-9A3F-18D2E017527B}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

FirewallRules: [{75F51096-0EA2-4E45-8868-4A3FDAC22D30}] => (Allow) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\BackupSvc.exe

FirewallRules: [{51CA5D47-EEDE-4208-B696-FCD86E1D7333}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe

FirewallRules: [{25A8317E-FA65-4612-BBB1-B78A7E9BE953}] => (Allow) C:\Program Files\Common Files\mcafee\mcsvchost\McSvHost.exe

FirewallRules: [{7BF7DA0F-AB5E-46B5-AAD8-BAFB75610056}] => (Allow) c:\Program Files (x86)\CyberLink\PowerDVD9\PowerDVD9.EXE

FirewallRules: [{4275617E-5B91-4FAB-916D-4F866D4C2139}] => (Allow) svchost.exe

FirewallRules: [{FDA4339E-47AF-4593-BEE9-75512B7207F7}] => (Allow) C:\Program Files (x86)\Windows Live\Sync\WindowsLiveSync.exe

FirewallRules: [{F12C0A73-EDDD-4BC4-A786-1769084A0244}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe

FirewallRules: [{943513E7-280B-4EF3-ABA5-80B6E1A94843}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe

FirewallRules: [{018D995D-99D5-48D0-BE4A-BA696BF4E10F}] => (Allow) LPort=5357

FirewallRules: [{41597B00-847D-4539-B8E4-FE77A744ECB6}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{E1CF0EE7-FC23-4F1D-B772-AC802C098006}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{502286A1-1A0A-42E8-A23F-1C626093FE85}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe

FirewallRules: [{2CEC02A0-9DCD-4715-A4FB-A503ABFB8FD9}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe

FirewallRules: [{50A97697-FA28-4C75-BD2D-E9E7687196CF}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe

FirewallRules: [{A97FD0A2-7139-4C96-905F-84C5342AC482}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe

FirewallRules: [{60031558-8E07-41E7-9BD1-853CE9988C4F}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD.exe

FirewallRules: [{D8947091-1D49-460F-984E-C84E76678F44}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe

FirewallRules: [{3F5EEA16-DBFB-4F9B-84B7-0F04EF4685CA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe

FirewallRules: [{80D4F3D0-998F-4A13-B9CE-161FFA3996EA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe

FirewallRules: [{3B184526-7379-48F0-A39C-DF4C76310629}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Kernel\DMS\CLMSServerPDVD14.exe

FirewallRules: [{3E378251-312E-4C58-87F0-760D50070AF7}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe

FirewallRules: [{E82EBFD1-A022-4480-B0CC-413DFCC654D8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe

FirewallRules: [{CB79D124-AF76-4BCD-B5D3-01DD7E24BE91}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe

FirewallRules: [{7189731B-2028-40C3-A130-53AD9A01FD31}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe

FirewallRules: [{9A7E6B83-5B8E-435C-807A-F55154A3F0BE}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe

FirewallRules: [{0860B635-5671-4D7A-9394-D06377679342}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe

FirewallRules: [{6047426B-C043-48FD-BE31-D21A1F3DFAAA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe

FirewallRules: [{7744FDD7-F1D5-4D98-981A-BCA00C91E694}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVDMovie.exe

FirewallRules: [{699A4669-6003-458F-9685-33095877A8C8}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe

FirewallRules: [{DCEE9193-8A43-4F25-8768-F5747B7EF054}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD14\Movie\PowerDVD Cinema\PowerDVDCinema.exe

FirewallRules: [{70ADBD56-EDBC-491B-A602-C0AA4D2FB136}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe

FirewallRules: [{C2A43256-28BB-46D1-A167-5875561AD630}] => (Allow) LPort=2869

FirewallRules: [{0A1A2B88-9BBD-4914-A1B1-9884159B30B8}] => (Allow) LPort=1900

FirewallRules: [{1CE11D20-C779-4869-9281-10C41B0BB44F}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe

FirewallRules: [TCP Query User{DDAE2413-1AF3-4978-997A-0230A7377CA4}C:\program files (x86)\cyberlink\powerdvd14\powerdvd14agent.exe] => (Block) C:\program files (x86)\cyberlink\powerdvd14\powerdvd14agent.exe

FirewallRules: [UDP Query User{3C67382F-6CB4-4517-99C9-EDE6DBC90E35}C:\program files (x86)\cyberlink\powerdvd14\powerdvd14agent.exe] => (Block) C:\program files (x86)\cyberlink\powerdvd14\powerdvd14agent.exe

FirewallRules: [{65BFB445-37DC-4C4B-865F-7246A08A8935}] => (Allow) C:\Users\rob\AppData\Local\Temp\7zS2414\HPDiagnosticCoreUI.exe

FirewallRules: [{EB12BD0B-265D-451D-9658-34337EF89FC5}] => (Allow) C:\Users\rob\AppData\Local\Temp\7zS2414\HPDiagnosticCoreUI.exe

FirewallRules: [{45066AFC-3FE7-4A84-B5FF-E30E32B77BA8}] => (Allow) C:\Users\rob\AppData\Local\Temp\7zS4048\hppiw.exe

FirewallRules: [{E70EE188-6313-4662-AD7E-B4B5914782B5}] => (Allow) C:\Users\rob\AppData\Local\Temp\7zS4048\hppiw.exe

FirewallRules: [{6ACBBDF9-AE3F-4B4D-8040-A1A2019169A8}] => (Allow) C:\Users\rob\AppData\Local\Temp\7zS4514\hppiw.exe

FirewallRules: [{46B01C22-D659-45F6-8CC2-51095B3CFA01}] => (Allow) C:\Users\rob\AppData\Local\Temp\7zS4514\hppiw.exe

FirewallRules: [{DB5DD981-156B-4F7A-92B6-0FD2A5957E19}] => (Allow) C:\Users\rob\AppData\Local\Temp\7zS644A\hppiw.exe

FirewallRules: [{5F030D5C-7DD8-4274-AA71-25C2326B0CEE}] => (Allow) C:\Users\rob\AppData\Local\Temp\7zS644A\hppiw.exe

FirewallRules: [{A9A4AD26-E8EC-4877-9D20-1EDEF135C132}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{D6249084-8C28-44C3-8E29-ED1DC84A762C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe

FirewallRules: [{08952A17-3D02-416D-AAE8-9560970AD563}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{B579F772-87D5-4255-8267-662A72B9AF46}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe

FirewallRules: [{33DAB25A-D97C-4994-8ED0-CAB387A8DD2A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{586C72D8-4F45-4F7C-BB98-95C3AFF5234C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

FirewallRules: [{3C581F77-0962-4420-BE79-3A974D3AB27E}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{DD2FFE37-C844-476A-9E57-69E8BAC20E7A}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe

==================== Restore Points =========================

09-04-2016 16:08:46 Scheduled Checkpoint

20-04-2016 20:32:06 Windows Update

27-04-2016 19:01:24 Windows Update

30-04-2016 17:28:30 Installed iTunes

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (05/01/2016 06:50:32 PM) (Source: ESENT) (EventID: 448) (User: )

Description: svchost (2348) TILEREPOSITORYS-1-5-21-3233161892-925590444-3610564290-1001: Data inconsistency detected in table Tile of database C:\Users\rob\AppData\Local\TileDataLayer\Database\vedatamodel.edb (666,4556).

Error: (05/01/2016 06:50:20 PM) (Source: ESENT) (EventID: 448) (User: )

Error: (05/01/2016 06:50:01 PM) (Source: ESENT) (EventID: 448) (User: )

Error: (05/01/2016 06:49:01 PM) (Source: ESENT) (EventID: 448) (User: )

Error: (05/01/2016 06:49:00 PM) (Source: ESENT) (EventID: 448) (User: )

Error: (05/01/2016 06:47:04 PM) (Source: ESENT) (EventID: 448) (User: )

Error: (05/01/2016 06:44:11 PM) (Source: ESENT) (EventID: 448) (User: )

System errors:

=============

Error: (05/01/2016 06:49:07 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x8000ffff: Microsoft Solitaire Collection.

Error: (05/01/2016 11:14:12 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 5

Error: (04/30/2016 11:13:56 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )

Description: 4

Error: (04/30/2016 11:09:06 PM) (Source: Service Control Manager) (EventID: 7000) (User: )

Description: The NetPipeActivator service failed to start due to the following error:

%%1053

Error: (04/30/2016 11:09:06 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.

Error: (04/30/2016 11:08:31 PM) (Source: Service Control Manager) (EventID: 7001) (User: )

Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:

%%1058

Error: (04/30/2016 11:06:41 PM) (Source: DCOM) (EventID: 10010) (User: CHAD)

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/30/2016 11:06:41 PM) (Source: DCOM) (EventID: 10010) (User: CHAD)

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/30/2016 11:06:41 PM) (Source: DCOM) (EventID: 10010) (User: CHAD)

Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

Error: (04/30/2016 11:06:40 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The User Data Access_36b15 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

CodeIntegrity:

===================================

Date: 2016-05-01 18:55:19.161

Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-05-01 18:55:19.120

Date: 2016-05-01 18:55:18.495

Date: 2016-05-01 18:55:18.428

Date: 2016-05-01 18:43:13.432

Date: 2016-05-01 18:43:13.362

Date: 2016-04-30 21:49:22.445

Date: 2016-04-30 21:49:22.398

Date: 2016-04-30 21:49:22.018

Date: 2016-04-30 21:49:21.948

==================== Memory info ===========================

Processor: Intel® Pentium® CPU P6000 @ 1.87GHz

Percentage of memory in use: 63%

Total physical RAM: 2804.5 MB

Available physical RAM: 1012.73 MB

Total Virtual: 5620.5 MB

Available Virtual: 3541.73 MB

==================== Drives ================================

Drive c: (ACER) (Fixed) (Total:219.11 GB) (Free:164.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 232.9 GB) (Disk ID: B6F4B6F4)

Partition 1: (Not Active) - (Size=13.2 GB) - (Type=27)

Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)

Partition 3: (Not Active) - (Size=219.1 GB) - (Type=07 NTFS)

Partition 4: (Not Active) - (Size=499 MB) - (Type=27)

Edited by cahagg01, 01 May 2016 - 06:02 PM.

#4
cahagg01

Posted 01 May 2016 - 06:04 PM

Member

Topic Starter
Member
37 posts

FRST Results

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-05-2016

Ran by Chad (administrator) on CHAD (01-05-2016 18:53:57)

Running from C:\Users\rob\Downloads

Loaded Profiles: Chad (Available Profiles: Chad & DefaultAppPool)

Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Edge)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe

(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe

(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Coupons.com Inc.) C:\Program Files (x86)\Coupons\CouponPrinterService.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\dsiwmis.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Acer Group) C:\Program Files\Acer\Acer Updater\UpdaterService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\NTI Backup Now 5\SchedulerSvc.exe

(Microsoft Corporation) C:\Windows\System32\mqsvc.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

() C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\System32\igfxtray.exe

(Intel Corporation) C:\Windows\System32\igfxsrvc.exe

(Intel Corporation) C:\Windows\System32\hkcmd.exe

(Intel Corporation) C:\Windows\System32\igfxpers.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(Alcor Micro Corp.) C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe

() C:\Windows\PLFSetI.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(Acer Incorporated) C:\Program Files\Acer\Acer ePower Management\ePowerEvent.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(NewTech Infosystems, Inc.) C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LManager.exe

(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\MMDx64Fx.exe

(Dritek System Inc.) C:\Program Files (x86)\Launch Manager\LMworker.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe

(Apple Inc.) C:\Program Files (x86)\iTunes\iTunesHelper.exe

(Egis Technology Inc.) C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6769.40891.0_x64__8wekyb3d8bbwe\HxTsr.exe

(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe

() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.325.12390.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\rob\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)

HKLM\...\Run: [AmIcoSinglun64] => C:\Program Files (x86)\AmIcoSingLun\AmIcoSinglun64.exe [323584 2009-09-22] (Alcor Micro Corp.)

HKLM\...\Run: [mwlDaemon] => C:\Program Files (x86)\EgisTec MyWinLocker\x86\mwlDaemon.exe [349552 2010-02-01] (Egis Technology Inc.)

HKLM\...\Run: [PLFSetI] => C:\Windows\PLFSetI.exe [206208 2014-05-17] ()

HKLM\...\Run: [Apoint] => C:\Program Files\Apoint2K\Apoint.exe [325120 2009-10-22] (Alps Electric Co., Ltd.)

HKLM\...\Run: [Acer ePower Management] => C:\Program Files\Acer\Acer ePower Management\ePowerTray.exe [860192 2010-02-05] (Acer Incorporated)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3952800 2015-08-31] (Synaptics Incorporated)

HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [284696 2009-12-23] (Intel Corporation)

HKLM-x32\...\Run: [BackupManagerTray] => C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\BackupManagerTray.exe [260608 2010-03-08] (NewTech Infosystems, Inc.)

HKLM-x32\...\Run: [SuiteTray] => C:\Program Files (x86)\EgisTec MyWinLockerSuite\x86\SuiteTray.exe [337264 2010-02-01] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisUpdate] => C:\Program Files (x86)\EgisTec IPS\EgisUpdate.exe [201512 2009-12-24] (Egis Technology Inc.)

HKLM-x32\...\Run: [EgisTecPMMUpdate] => C:\Program Files (x86)\EgisTec IPS\PmmUpdate.exe [401192 2009-12-24] (Egis Technology Inc.)

HKLM-x32\...\Run: [LManager] => C:\Program Files (x86)\Launch Manager\LManager.exe [908368 2010-04-08] (Dritek System Inc.)

HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)

HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)

HKLM-x32\...\Run: [] => [X]

HKLM-x32\...\Run: [PowerDVD14Agent] => C:\Program Files (x86)\CyberLink\PowerDVD14\PowerDVD14Agent.exe [795672 2014-08-12] (CyberLink Corp.)

HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [186640 2016-04-14] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3930384 2016-04-06] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [164152 2016-03-19] (Apple Inc.)

Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)

HKU\S-1-5-21-3233161892-925590444-3610564290-1001\...\Run: [swg] => C:\Program Files (x86)\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe [39408 2010-03-27] (Google Inc.)

HKU\S-1-5-21-3233161892-925590444-3610564290-1001\...\Run: [CmTray] => C:\Program Files (x86)\Content Manager\launchCM.exe [94208 2011-12-28] ()

HKU\S-1-5-21-3233161892-925590444-3610564290-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\PhotoScreensaver.scr [583680 2015-10-30] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x64\psdprotect.dll [2010-02-01] (Egis Technology Inc.)

ShellIconOverlayIdentifiers-x32: [egisPSDP] -> {30A0A3F6-38AC-4C53-BB8B-0D95238E25BA} => C:\Program Files (x86)\EgisTec MyWinLocker\x86\psdprotect.dll [2010-02-01] (Egis Technology Inc.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.61 209.18.47.62

Tcpip\..\Interfaces\{d1909660-5563-4607-9a26-a9b1739d9b98}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Tcpip\..\Interfaces\{d77da7df-9773-4d49-9768-a9f371f48e49}: [DhcpNameServer] 209.18.47.61 209.18.47.62

Internet Explorer:

==================

HKU\S-1-5-21-3233161892-925590444-3610564290-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://homepage.acer.com/rdr.aspx?b=ACAW&l=0409&m=aspire_7741&r=273605145106l04h8z135t4671p251

URLSearchHook: HKU\S-1-5-21-3233161892-925590444-3610564290-1001 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll (McAfee, Inc.)

SearchScopes: HKLM-x32 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

SearchScopes: HKLM-x32 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW

SearchScopes: HKU\.DEFAULT -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL =

SearchScopes: HKU\S-1-5-21-3233161892-925590444-3610564290-1001 -> DefaultScope {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS588

SearchScopes: HKU\S-1-5-21-3233161892-925590444-3610564290-1001 -> {67A2568C-7A0A-4EED-AECC-B5405DE63B64} URL = hxxp://www.google.com/search?sourceid=ie7&q={searchTerms}&rls=com.microsoft:{language}:{referrer:source?}&ie={inputEncoding}&oe={outputEncoding}&rlz=1I7ACAW_enUS588

BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)

BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)

BHO: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-23] (McAfee, Inc.)

BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)

BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)

BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

BHO-x32: McAfee SiteAdvisor BHO -> {B164E929-A1B6-4A06-B104-2CD0E90A88FF} -> c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-23] (McAfee, Inc.)

Toolbar: HKLM - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-23] (McAfee, Inc.)

Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)

Toolbar: HKLM-x32 - McAfee SiteAdvisor Toolbar - {0EBBBE48-BAD4-4B4C-8E5A-516ABECAE064} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-23] (McAfee, Inc.)

Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-28] (Google Inc.)

Toolbar: HKU\S-1-5-21-3233161892-925590444-3610564290-1001 -> Google Toolbar - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-28] (Google Inc.)

Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-23] (McAfee, Inc.)

Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-23] (McAfee, Inc.)

Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2014-04-23] (McAfee, Inc.)

Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2014-04-23] (McAfee, Inc.)

Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)

Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:

========

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor

FF Extension: McAfee SiteAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor [2014-05-20] [not signed]

Chrome:

=======

CHR Profile: C:\Users\rob\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-18]

CHR Extension: (Google Drive) - C:\Users\rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-25]

CHR Extension: (YouTube) - C:\Users\rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-15]

CHR Extension: (Google Search) - C:\Users\rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-03]

CHR Extension: (SiteAdvisor) - C:\Users\rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2015-07-13]

CHR Extension: (Google Docs Offline) - C:\Users\rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-17]

CHR Extension: (Skype) - C:\Users\rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2016-04-27]

CHR Extension: (Chrome Web Store Payments) - C:\Users\rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-06]

CHR Extension: (Gmail) - C:\Users\rob\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-31]

CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2014-05-20]

CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [638456 2016-04-06] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3993088 2016-04-06] (AVG Technologies CZ, s.r.o.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1074448 2016-04-14] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [593880 2016-04-06] (AVG Technologies CZ, s.r.o.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)

R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)

R2 CouponPrinterService; C:\Program Files (x86)\Coupons\CouponPrinterService.exe [177136 2014-04-28] (Coupons.com Inc.)

R2 HPSLPSVC; C:\Users\rob\AppData\Local\Temp\7zS4048\hpslpsvc64.dll [1039360 2015-09-21] (Hewlett-Packard Co.) [File not signed]

R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [26680 2016-02-18] (Hewlett-Packard Company)

S3 MWLService; C:\Program Files (x86)\EgisTec MyWinLocker\x86\MWLService.exe [305520 2010-02-01] (Egis Technology Inc.)

R2 NTI IScheduleSvc; C:\Program Files (x86)\NewTech Infosystems\Acer Backup Manager\IScheduleSvc.exe [250368 2010-03-08] (NewTech Infosystems, Inc.) [File not signed]

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [247968 2015-08-31] (Synaptics Incorporated)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athwnx.sys [4207104 2015-10-30] (Qualcomm Atheros Communications, Inc.)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [162592 2016-02-16] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [306976 2016-03-08] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-26] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [360736 2016-02-16] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [246560 2016-03-07] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)

R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [71456 2016-03-08] (AVG Technologies CZ, s.r.o.)

R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)

S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-10-19] (Windows ® Win 7 DDK provider)

S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-10-19] (Windows ® Win 7 DDK provider)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [44192 2015-08-31] (Synaptics Incorporated)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

R2 {C5F942FD-1110-4664-86CE-0C6BDA305235}; C:\Program Files (x86)\CyberLink\PowerDVD14\Common\NavFilter\000.fcl [32456 2014-08-11] (CyberLink Corp.)

U3 idsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-01 18:53 - 2016-05-01 18:55 - 00021886 _____ C:\Users\rob\Downloads\FRST.txt

2016-05-01 18:53 - 2016-05-01 18:53 - 02377216 _____ (Farbar) C:\Users\rob\Downloads\FRST64 (1).exe

2016-05-01 18:53 - 2016-05-01 18:53 - 00000000 ____D C:\FRST

2016-05-01 18:52 - 2016-05-01 18:52 - 02377216 _____ (Farbar) C:\Users\rob\Downloads\FRST64.exe

2016-04-30 23:09 - 2016-04-30 23:09 - 00000000 ___HD C:\OneDriveTemp

2016-04-30 17:33 - 2016-04-30 17:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2016-04-30 17:32 - 2016-04-30 17:33 - 00000000 ____D C:\Program Files\iTunes

2016-04-30 17:32 - 2016-04-30 17:33 - 00000000 ____D C:\Program Files (x86)\iTunes

2016-04-30 17:32 - 2016-04-30 17:32 - 00000000 ____D C:\Program Files\iPod

2016-04-30 17:28 - 2016-04-30 17:28 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2016-04-30 17:20 - 2016-04-30 17:20 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk

2016-04-30 17:20 - 2016-04-30 17:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype

2016-04-27 19:28 - 2016-04-27 19:28 - 00000000 __SHD C:\found.008

2016-04-27 19:09 - 2016-04-27 19:09 - 00000000 __SHD C:\found.007

2016-04-27 19:09 - 2016-04-27 19:09 - 00000000 __SHD C:\found.006

2016-04-27 18:49 - 2016-03-29 02:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll

2016-04-27 18:49 - 2016-03-29 02:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2016-04-27 18:49 - 2016-03-29 02:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2016-04-27 18:49 - 2016-03-29 02:15 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2016-04-27 18:49 - 2016-03-29 02:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll

2016-04-27 18:49 - 2016-03-29 02:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2016-04-27 18:49 - 2016-03-29 01:37 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2016-04-27 18:49 - 2016-03-29 01:32 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2016-04-27 18:49 - 2016-03-29 01:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2016-04-27 18:49 - 2016-03-29 01:05 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2016-04-27 18:49 - 2016-03-29 01:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2016-04-27 18:49 - 2016-03-29 00:51 - 22378496 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2016-04-27 18:49 - 2016-03-29 00:41 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-04-27 18:49 - 2016-03-29 00:38 - 18673664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2016-04-27 18:49 - 2016-03-29 00:37 - 19340800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-04-27 18:48 - 2016-03-29 05:20 - 07474016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2016-04-27 18:48 - 2016-03-29 05:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2016-04-27 18:48 - 2016-03-29 05:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2016-04-27 18:48 - 2016-03-29 04:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2016-04-27 18:48 - 2016-03-29 03:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2016-04-27 18:48 - 2016-03-29 03:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2016-04-27 18:48 - 2016-03-29 03:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll

2016-04-27 18:48 - 2016-03-29 03:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2016-04-27 18:48 - 2016-03-29 02:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2016-04-27 18:48 - 2016-03-29 02:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2016-04-27 18:48 - 2016-03-29 02:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll

2016-04-27 18:48 - 2016-03-29 02:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll

2016-04-27 18:48 - 2016-03-29 02:07 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2016-04-27 18:48 - 2016-03-29 02:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll

2016-04-27 18:48 - 2016-03-29 02:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2016-04-27 18:48 - 2016-03-29 02:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll

2016-04-27 18:48 - 2016-03-29 01:42 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2016-04-27 18:48 - 2016-03-29 01:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll

2016-04-27 18:48 - 2016-03-29 01:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll

2016-04-27 18:48 - 2016-03-29 01:31 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2016-04-27 18:48 - 2016-03-29 01:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll

2016-04-27 18:48 - 2016-03-29 01:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll

2016-04-27 18:48 - 2016-03-29 01:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2016-04-27 18:48 - 2016-03-29 01:01 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2016-04-27 18:48 - 2016-03-29 00:56 - 16985600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2016-04-27 18:48 - 2016-03-29 00:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2016-04-27 18:48 - 2016-03-29 00:51 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2016-04-27 18:48 - 2016-03-29 00:41 - 24602112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-04-27 18:48 - 2016-03-29 00:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-04-27 18:47 - 2016-04-01 22:26 - 00630272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll

2016-04-27 18:47 - 2016-04-01 22:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2016-04-27 18:47 - 2016-04-01 22:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll

2016-04-27 18:47 - 2016-04-01 22:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2016-04-27 18:47 - 2016-04-01 22:09 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2016-04-27 18:47 - 2016-04-01 22:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll

2016-04-27 18:47 - 2016-04-01 22:07 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2016-04-27 18:47 - 2016-04-01 22:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll

2016-04-27 18:47 - 2016-03-29 04:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll

2016-04-27 18:47 - 2016-03-29 04:28 - 00696664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2016-04-27 18:47 - 2016-03-29 04:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

2016-04-27 18:47 - 2016-03-29 04:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2016-04-27 18:47 - 2016-03-29 02:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2016-04-27 18:47 - 2016-03-29 02:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll

2016-04-27 18:47 - 2016-03-29 02:16 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll

2016-04-27 18:47 - 2016-03-29 02:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2016-04-27 18:47 - 2016-03-29 02:12 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll

2016-04-27 18:47 - 2016-03-29 02:10 - 01388544 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2016-04-27 18:47 - 2016-03-29 02:10 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll

2016-04-27 18:47 - 2016-03-29 02:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

2016-04-27 18:47 - 2016-03-29 01:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll

2016-04-27 18:47 - 2016-03-29 01:34 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll

2016-04-27 18:47 - 2016-03-29 01:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll

2016-04-27 18:47 - 2016-03-29 01:31 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2016-04-27 18:47 - 2016-03-29 01:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

2016-04-27 18:47 - 2016-03-29 01:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2016-04-27 18:47 - 2016-03-29 01:05 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll

2016-04-27 18:47 - 2016-03-29 01:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2016-04-27 18:47 - 2016-03-29 00:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2016-04-27 18:47 - 2016-03-29 00:49 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll

2016-04-27 18:47 - 2016-03-29 00:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll

2016-04-27 18:47 - 2016-03-29 00:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2016-04-27 18:47 - 2016-03-29 00:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2016-04-27 18:47 - 2016-03-29 00:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll

2016-04-27 18:47 - 2016-03-29 00:27 - 07836160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2016-04-27 18:47 - 2016-03-29 00:27 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2016-04-27 18:47 - 2016-03-29 00:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll

2016-04-27 18:46 - 2016-04-01 23:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2016-04-27 18:46 - 2016-04-01 23:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll

2016-04-27 18:46 - 2016-04-01 23:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll

2016-04-27 18:46 - 2016-04-01 23:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe

2016-04-27 18:46 - 2016-04-01 22:30 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll

2016-04-27 18:46 - 2016-04-01 22:29 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll

2016-04-27 18:46 - 2016-04-01 22:29 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll

2016-04-27 18:46 - 2016-04-01 22:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll

2016-04-27 18:46 - 2016-04-01 22:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll

2016-04-27 18:46 - 2016-04-01 22:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll

2016-04-27 18:46 - 2016-04-01 22:23 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll

2016-04-27 18:46 - 2016-04-01 22:21 - 00498688 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll

2016-04-27 18:46 - 2016-04-01 22:15 - 01090048 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll

2016-04-27 18:46 - 2016-03-29 05:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2016-04-27 18:46 - 2016-03-29 05:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2016-04-27 18:46 - 2016-03-29 05:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2016-04-27 18:46 - 2016-03-29 05:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2016-04-27 18:46 - 2016-03-29 05:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2016-04-27 18:46 - 2016-03-29 05:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll

2016-04-27 18:46 - 2016-03-29 05:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll

2016-04-27 18:46 - 2016-03-29 05:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2016-04-27 18:46 - 2016-03-29 05:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2016-04-27 18:46 - 2016-03-29 05:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll

2016-04-27 18:46 - 2016-03-29 04:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll

2016-04-27 18:46 - 2016-03-29 04:28 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll

2016-04-27 18:46 - 2016-03-29 04:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys

2016-04-27 18:46 - 2016-03-29 04:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll

2016-04-27 18:46 - 2016-03-29 04:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll

2016-04-27 18:46 - 2016-03-29 04:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys

2016-04-27 18:46 - 2016-03-29 04:17 - 00300104 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe

2016-04-27 18:46 - 2016-03-29 04:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe

2016-04-27 18:46 - 2016-03-29 04:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll

2016-04-27 18:46 - 2016-03-29 04:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll

2016-04-27 18:46 - 2016-03-29 04:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll

2016-04-27 18:46 - 2016-03-29 04:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe

2016-04-27 18:46 - 2016-03-29 04:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll

2016-04-27 18:46 - 2016-03-29 03:44 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2016-04-27 18:46 - 2016-03-29 03:44 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll

2016-04-27 18:46 - 2016-03-29 03:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll

2016-04-27 18:46 - 2016-03-29 03:32 - 00253088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe

2016-04-27 18:46 - 2016-03-29 03:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2016-04-27 18:46 - 2016-03-29 03:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys

2016-04-27 18:46 - 2016-03-29 03:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll

2016-04-27 18:46 - 2016-03-29 03:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll

2016-04-27 18:46 - 2016-03-29 03:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll

2016-04-27 18:46 - 2016-03-29 03:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll

2016-04-27 18:46 - 2016-03-29 03:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS

2016-04-27 18:46 - 2016-03-29 03:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys

2016-04-27 18:46 - 2016-03-29 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll

2016-04-27 18:46 - 2016-03-29 03:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll

2016-04-27 18:46 - 2016-03-29 02:57 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll

2016-04-27 18:46 - 2016-03-29 02:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll

2016-04-27 18:46 - 2016-03-29 02:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll

2016-04-27 18:46 - 2016-03-29 02:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll

2016-04-27 18:46 - 2016-03-29 02:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll

2016-04-27 18:46 - 2016-03-29 02:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll

2016-04-27 18:46 - 2016-03-29 02:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll

2016-04-27 18:46 - 2016-03-29 02:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll

2016-04-27 18:46 - 2016-03-29 02:42 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll

2016-04-27 18:46 - 2016-03-29 02:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll

2016-04-27 18:46 - 2016-03-29 02:38 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2016-04-27 18:46 - 2016-03-29 02:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll

2016-04-27 18:46 - 2016-03-29 02:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys

2016-04-27 18:46 - 2016-03-29 02:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll

2016-04-27 18:46 - 2016-03-29 02:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll

2016-04-27 18:46 - 2016-03-29 02:34 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll

2016-04-27 18:46 - 2016-03-29 02:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll

2016-04-27 18:46 - 2016-03-29 02:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll

2016-04-27 18:46 - 2016-03-29 02:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll

2016-04-27 18:46 - 2016-03-29 02:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll

2016-04-27 18:46 - 2016-03-29 02:28 - 00460288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll

2016-04-27 18:46 - 2016-03-29 02:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll

2016-04-27 18:46 - 2016-03-29 02:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll

2016-04-27 18:46 - 2016-03-29 02:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys

2016-04-27 18:46 - 2016-03-29 02:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll

2016-04-27 18:46 - 2016-03-29 02:23 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll

2016-04-27 18:46 - 2016-03-29 02:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll

2016-04-27 18:46 - 2016-03-29 02:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2016-04-27 18:46 - 2016-03-29 02:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll

2016-04-27 18:46 - 2016-03-29 02:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll

2016-04-27 18:46 - 2016-03-29 02:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll

2016-04-27 18:46 - 2016-03-29 02:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll

2016-04-27 18:46 - 2016-03-29 02:17 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll

2016-04-27 18:46 - 2016-03-29 02:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll

2016-04-27 18:46 - 2016-03-29 02:17 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll

2016-04-27 18:46 - 2016-03-29 02:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll

2016-04-27 18:46 - 2016-03-29 02:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2016-04-27 18:46 - 2016-03-29 02:11 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll

2016-04-27 18:46 - 2016-03-29 02:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll

2016-04-27 18:46 - 2016-03-29 02:11 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll

2016-04-27 18:46 - 2016-03-29 02:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll

2016-04-27 18:46 - 2016-03-29 02:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll

2016-04-27 18:46 - 2016-03-29 02:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll

2016-04-27 18:46 - 2016-03-29 02:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll

2016-04-27 18:46 - 2016-03-29 02:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll

2016-04-27 18:46 - 2016-03-29 02:06 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll

2016-04-27 18:46 - 2016-03-29 02:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll

2016-04-27 18:46 - 2016-03-29 02:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys

2016-04-27 18:46 - 2016-03-29 02:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll

2016-04-27 18:46 - 2016-03-29 02:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll

2016-04-27 18:46 - 2016-03-29 01:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe

2016-04-27 18:46 - 2016-03-29 01:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll

2016-04-27 18:46 - 2016-03-29 01:56 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2016-04-27 18:46 - 2016-03-29 01:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll

2016-04-27 18:46 - 2016-03-29 01:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll

2016-04-27 18:46 - 2016-03-29 01:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll

2016-04-27 18:46 - 2016-03-29 01:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll

2016-04-27 18:46 - 2016-03-29 01:52 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll

2016-04-27 18:46 - 2016-03-29 01:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll

2016-04-27 18:46 - 2016-03-29 01:48 - 00346624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll

2016-04-27 18:46 - 2016-03-29 01:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll

2016-04-27 18:46 - 2016-03-29 01:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll

2016-04-27 18:46 - 2016-03-29 01:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll

2016-04-27 18:46 - 2016-03-29 01:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2016-04-27 18:46 - 2016-03-29 01:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll

2016-04-27 18:46 - 2016-03-29 01:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll

2016-04-27 18:46 - 2016-03-29 01:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll

2016-04-27 18:46 - 2016-03-29 01:39 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll

2016-04-27 18:46 - 2016-03-29 01:38 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll

2016-04-27 18:46 - 2016-03-29 01:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll

2016-04-27 18:46 - 2016-03-29 01:35 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll

2016-04-27 18:46 - 2016-03-29 01:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll

2016-04-27 18:46 - 2016-03-29 01:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll

2016-04-27 18:46 - 2016-03-29 01:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll

2016-04-27 18:46 - 2016-03-29 01:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll

2016-04-27 18:46 - 2016-03-29 01:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll

2016-04-27 18:46 - 2016-03-29 01:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll

2016-04-27 18:46 - 2016-03-29 01:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll

2016-04-27 18:46 - 2016-03-29 01:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll

2016-04-27 18:46 - 2016-03-29 01:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll

2016-04-27 18:46 - 2016-03-29 01:31 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll

2016-04-27 18:46 - 2016-03-29 01:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll

2016-04-27 18:46 - 2016-03-29 01:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll

2016-04-27 18:46 - 2016-03-29 01:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll

2016-04-27 18:46 - 2016-03-29 01:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll

2016-04-27 18:46 - 2016-03-29 01:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll

2016-04-27 18:46 - 2016-03-29 01:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll

2016-04-27 18:46 - 2016-03-29 01:22 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2016-04-27 18:46 - 2016-03-29 01:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll

2016-04-27 18:46 - 2016-03-29 01:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll

2016-04-27 18:46 - 2016-03-29 01:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll

2016-04-27 18:46 - 2016-03-29 01:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll

2016-04-27 18:46 - 2016-03-29 01:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll

2016-04-27 18:46 - 2016-03-29 01:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll

2016-04-27 18:46 - 2016-03-29 01:04 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll

2016-04-27 18:46 - 2016-03-29 01:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll

2016-04-27 18:46 - 2016-03-29 01:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL

2016-04-27 18:46 - 2016-03-29 00:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll

2016-04-27 18:46 - 2016-03-29 00:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll

2016-04-27 18:46 - 2016-03-29 00:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll

2016-04-27 18:45 - 2016-04-01 22:08 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll

2016-04-27 18:45 - 2016-04-01 22:03 - 04774912 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll

2016-04-27 18:45 - 2016-03-29 03:17 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll

2016-04-27 18:45 - 2016-03-29 03:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll

2016-04-27 18:45 - 2016-03-29 03:07 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll

2016-04-27 18:45 - 2016-03-29 03:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll

2016-04-27 18:45 - 2016-03-29 03:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll

2016-04-27 18:45 - 2016-03-29 03:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe

2016-04-27 18:45 - 2016-03-29 03:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll

2016-04-27 18:45 - 2016-03-29 03:00 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll

2016-04-27 18:45 - 2016-03-29 02:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe

2016-04-27 18:45 - 2016-03-29 02:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe

2016-04-27 18:45 - 2016-03-29 02:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll

2016-04-27 18:45 - 2016-03-29 02:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll

2016-04-27 18:45 - 2016-03-29 02:55 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll

2016-04-27 18:45 - 2016-03-29 02:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys

2016-04-27 18:45 - 2016-03-29 02:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll

2016-04-27 18:45 - 2016-03-29 02:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll

2016-04-27 18:45 - 2016-03-29 02:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll

2016-04-27 18:45 - 2016-03-29 02:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe

2016-04-27 18:45 - 2016-03-29 02:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll

2016-04-27 18:45 - 2016-03-29 02:50 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll

2016-04-27 18:45 - 2016-03-29 02:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll

2016-04-27 18:45 - 2016-03-29 02:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll

2016-04-27 18:45 - 2016-03-29 02:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll

2016-04-27 18:45 - 2016-03-29 02:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys

2016-04-27 18:45 - 2016-03-29 02:32 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2016-04-27 18:45 - 2016-03-29 02:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe

2016-04-27 18:45 - 2016-03-29 02:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll

2016-04-27 18:45 - 2016-03-29 02:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll

2016-04-27 18:45 - 2016-03-29 02:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe

2016-04-27 18:45 - 2016-03-29 02:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll

2016-04-27 18:45 - 2016-03-29 02:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll

2016-04-27 18:45 - 2016-03-29 02:09 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll

2016-04-27 18:45 - 2016-03-29 02:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll

2016-04-27 18:45 - 2016-03-29 02:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll

2016-04-27 18:45 - 2016-03-29 02:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe

2016-04-27 18:45 - 2016-03-29 02:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll

2016-04-27 18:45 - 2016-03-29 02:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll

2016-04-27 18:45 - 2016-03-29 02:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll

2016-04-27 18:45 - 2016-03-29 01:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll

2016-04-27 18:45 - 2016-03-29 01:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll

2016-04-27 18:45 - 2016-03-29 01:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

2016-04-27 18:45 - 2016-03-29 01:34 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll

2016-04-27 18:45 - 2016-03-29 01:27 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll

2016-04-27 18:45 - 2016-03-29 01:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll

2016-04-27 18:45 - 2016-03-29 01:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll

2016-04-27 18:45 - 2016-03-29 01:00 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll

2016-04-27 18:45 - 2016-03-29 00:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll

2016-04-27 18:45 - 2016-03-29 00:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll

2016-04-27 18:45 - 2016-03-29 00:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL

2016-04-27 18:45 - 2016-03-29 00:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL

2016-04-27 18:45 - 2016-03-29 00:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL

2016-04-27 18:45 - 2016-03-29 00:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll

2016-04-26 21:08 - 2016-04-26 21:08 - 00000000 __SHD C:\found.005

2016-04-26 21:08 - 2016-04-26 21:08 - 00000000 __SHD C:\found.004

2016-04-26 21:08 - 2016-04-26 21:08 - 00000000 __SHD C:\found.003

2016-04-26 20:01 - 2016-04-26 20:01 - 00000000 ____D C:\Users\rob\AppData\Local\CEF

2016-04-18 21:27 - 2016-04-27 17:50 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk

2016-04-18 21:27 - 2016-04-18 21:27 - 00002128 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk

2016-04-18 21:25 - 2016-04-18 21:25 - 00000000 __SHD C:\found.002

2016-04-18 21:25 - 2016-04-18 21:25 - 00000000 __SHD C:\found.001

2016-04-17 20:18 - 2016-04-17 20:21 - 00000000 ____D C:\Users\rob\Desktop\HSD Prep

2016-04-12 22:35 - 2016-04-12 22:35 - 00060908 _____ C:\Users\rob\Desktop\Chad Application.pdf

2016-04-12 22:34 - 2016-04-12 22:34 - 00060908 _____ C:\Users\rob\Documents\Chad Application.pdf

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-05-01 18:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-05-01 18:47 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps

2016-05-01 18:45 - 2015-11-01 19:50 - 00004140 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{DB3D469E-E2A3-46CE-BE8A-077D35184D90}

2016-05-01 18:45 - 2014-08-19 21:54 - 00000000 ____D C:\ProgramData\MFAData

2016-04-30 23:12 - 2014-06-03 19:43 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job

2016-04-30 23:09 - 2015-08-03 22:40 - 00000000 ___RD C:\Users\rob\OneDrive

2016-04-30 23:08 - 2015-11-19 21:57 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-04-30 23:08 - 2014-05-17 19:18 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-04-30 23:07 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

2016-04-30 22:27 - 2014-05-17 19:18 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-04-30 21:51 - 2015-11-19 21:37 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-04-30 21:51 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF

2016-04-30 21:42 - 2015-11-19 21:38 - 00000000 ____D C:\Users\rob

2016-04-30 20:54 - 2014-05-17 19:07 - 00000000 ____D C:\Users\rob\AppData\Roaming\Skype

2016-04-30 20:50 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM

2016-04-30 20:42 - 2014-09-01 18:57 - 00000000 ____D C:\Program Files (x86)\Coupons

2016-04-30 17:51 - 2010-03-27 07:14 - 00000000 ____D C:\Program Files (x86)\EgisTec MyWinLocker

2016-04-30 17:32 - 2015-08-12 21:07 - 00000000 ____D C:\Program Files\Common Files\Apple

2016-04-30 17:28 - 2015-08-12 21:09 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2016-04-30 17:23 - 2015-07-13 20:48 - 00000000 ____D C:\Users\rob\Documents\My Filehippo Downloads

2016-04-30 17:21 - 2014-05-17 19:07 - 00000000 ___RD C:\Program Files (x86)\Skype

2016-04-30 17:20 - 2014-05-17 19:07 - 00000000 ____D C:\Users\rob\AppData\Local\Skype

2016-04-30 17:20 - 2014-05-17 19:06 - 00000000 ____D C:\ProgramData\Skype

2016-04-27 19:30 - 2015-11-19 21:29 - 00359072 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-04-27 19:21 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2016-04-27 19:21 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser

2016-04-27 19:21 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

2016-04-27 19:21 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr

2016-04-27 19:12 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-04-27 17:51 - 2015-07-15 11:30 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task

2016-04-26 18:23 - 2015-08-03 22:40 - 00002395 _____ C:\Users\rob\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2016-04-20 20:54 - 2014-09-14 12:40 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-04-20 20:36 - 2014-09-14 12:40 - 135176864 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-04-18 21:27 - 2010-03-27 06:21 - 00000000 ____D C:\ProgramData\Adobe

2016-04-18 21:27 - 2010-03-27 06:21 - 00000000 ____D C:\Program Files (x86)\Adobe

2016-04-18 20:57 - 2015-07-23 21:42 - 02029715 _____ C:\Users\rob\Desktop\Sarah North Carolina.zip

2016-04-18 20:57 - 2015-07-23 20:09 - 05079034 _____ C:\Users\rob\Desktop\Chad North Carolina Material.zip

2016-04-17 20:36 - 2014-06-24 03:52 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-04-17 20:36 - 2014-06-24 03:52 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-04-17 20:33 - 2015-07-29 23:10 - 00000000 ____D C:\Users\rob\AppData\Local\Packages

2016-04-15 22:13 - 2015-11-14 13:00 - 00001013 _____ C:\Users\Public\Desktop\AVG Protection.lnk

2016-04-12 22:20 - 2015-04-23 21:21 - 00000000 ____D C:\Users\rob\Desktop\Application Material

2016-04-12 22:07 - 2015-08-13 21:47 - 00000000 ____D C:\Users\rob\Desktop\IPOD Pic Folder

2016-04-12 22:06 - 2014-09-24 21:34 - 00000000 ____D C:\Users\rob\Documents\Sarah

2016-04-07 20:30 - 2014-09-14 12:52 - 00000000 ____D C:\Users\rob\AppData\Local\Windows Live

2016-04-07 19:17 - 2014-05-17 15:33 - 00093944 _____ C:\Users\rob\AppData\Local\GDIPFONTCACHEV1.DAT

2016-04-06 13:32 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2016-04-06 13:32 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2014-05-18 17:03 - 2014-08-14 10:25 - 0000350 _____ () C:\Users\rob\AppData\Roaming\wklnhst.dat

2015-05-21 21:33 - 2015-05-21 21:35 - 0004608 _____ () C:\Users\rob\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-08-17 21:54 - 2014-08-17 21:54 - 0000057 _____ () C:\ProgramData\Ament.ini

2015-11-19 21:34 - 2015-11-19 21:34 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

2014-05-23 01:12 - 2014-05-23 01:12 - 0000516 _____ () C:\ProgramData\RUNDLL32.EXE-2644-F.txt

2014-05-23 00:59 - 2014-05-23 01:00 - 0000987 _____ () C:\ProgramData\RUNDLL32.EXE-2784-F.txt

2014-05-23 00:56 - 2014-05-23 00:57 - 0001163 _____ () C:\ProgramData\RUNDLL32.EXE-3336-F.txt

Some files in TEMP:

====================

C:\Users\rob\AppData\Local\Temp\avguirn_081422580978.exe

C:\Users\rob\AppData\Local\Temp\avguirn_08273733853.exe

C:\Users\rob\AppData\Local\Temp\avguirn_08629091846.exe

C:\Users\rob\AppData\Local\Temp\c5wkznet.dll

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-04-21 18:53

#5
cahagg01

Posted 01 May 2016 - 06:15 PM

Member

Topic Starter
Member
37 posts

ADWCleaner Results

# AdwCleaner v5.115 - Logfile created 01/05/2016 at 19:09:45

# Updated 01/05/2016 by Xplode

# Database : 2016-05-01.2 [Server]

# Operating system : Windows 10 Home (X64)

# Username : Chad - CHAD

# Running from : C:\Users\rob\Downloads\adwcleaner_5.115.exe

# Option : Clean

# Support : http://toolslib.net/forum

***** [ Services ] *****

[-] Service Deleted : CouponPrinterService

***** [ Folders ] *****

[-] Folder Deleted : C:\ProgramData\ParetoLogic

[-] Folder Deleted : C:\ProgramData\Partner

[-] Folder Deleted : C:\ProgramData\Avg_Update_0116av

[-] Folder Deleted : C:\ProgramData\Avg_Update_0316av

[-] Folder Deleted : C:\ProgramData\Avg_Update_1215avt

[#] Folder Deleted : C:\ProgramData\Application Data\ParetoLogic

[#] Folder Deleted : C:\ProgramData\Application Data\Partner

[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0116av

[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_0316av

[#] Folder Deleted : C:\ProgramData\Application Data\Avg_Update_1215avt

[-] Folder Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Coupons

[-] Folder Deleted : C:\Program Files (x86)\Coupons

[-] Folder Deleted : C:\Users\rob\AppData\Roaming\DriverCure

[-] Folder Deleted : C:\Users\rob\AppData\Roaming\Easeware

[-] Folder Deleted : C:\Users\rob\AppData\Roaming\ParetoLogic

***** [ Files ] *****

[-] File Deleted : C:\Users\rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage

[-] File Deleted : C:\Users\rob\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.ask.com_0.localstorage-journal

***** [ DLLs ] *****

***** [ WMI ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

[-] Task Deleted : ParetoLogic Update Version3_triggeronce

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.Protector.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorBho.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib

[-] Key Deleted : HKLM\SOFTWARE\Classes\protector_dll.ProtectorLib.1

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\ActiveX Compatibility\{9522B3FB-7A2B-4646-8AF6-36E7F593073C}

[-] Key Deleted : HKCU\Software\ParetoLogic

[-] Key Deleted : HKLM\SOFTWARE\ParetoLogic

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\{EE171732-BEB4-4576-887D-CB62727F01CA}

[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\WT079149

***** [ Web browsers ] *****

[-] [C:\Users\rob\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com

[-] [C:\Users\rob\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys deleted

:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [3238 bytes] - [01/05/2016 19:09:45]

C:\AdwCleaner\AdwCleaner[S1].txt - [3181 bytes] - [01/05/2016 19:06:07]

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3384 bytes] ##########

#6
cahagg01

Posted 01 May 2016 - 06:50 PM

Member

Topic Starter
Member
37 posts

JRT Results

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 8.0.6 (04.25.2016)

Operating System: Windows 10 Home x64

Ran by Chad (Administrator) on Sun 05/01/2016 at 19:16:25.22

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

File System: 7

Successfully deleted: C:\WINDOWS\system32\Tasks\0215avUpdateInfo (Task)

Successfully deleted: C:\WINDOWS\prefetch\DRIVEREASY.EXE-212E4654.pf (File)

Successfully deleted: C:\WINDOWS\prefetch\DRIVEREASY_SETUP.TMP-297D2A64.pf (File)

Successfully deleted: C:\WINDOWS\prefetch\DRIVEREASY_SETUP.TMP-F6BAE565.pf (File)

Successfully deleted: C:\WINDOWS\prefetch\DRIVERTOOLKITINSTALLER.TMP-1CDD8FE3.pf (File)

Successfully deleted: C:\WINDOWS\prefetch\DRIVERTOOLKITINSTALLER.TMP-354927B2.pf (File)

Successfully deleted: C:\WINDOWS\prefetch\GOOGLETOOLBARNOTIFIER.EXE-969E73DB.pf (File)

Registry: 0

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Sun 05/01/2016 at 19:20:51.34

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

#7
zep516

Posted 01 May 2016 - 08:03 PM

Trusted Helper

Malware Removal
8,090 posts

Hello,

Please download Malwarebytes Anti-Malware to your desktop.
Double-click mbam-setup-version.exe and follow the prompts to install the program.
Launch Malwarebytes Anti-Malware
Then click Finish.
If an update is found, you will be prompted to download and install the latest version.
Once the program has loaded, select Scan now. Or select the Threat Scan from the Scan menu.
When the scan is complete , make sure that that all Threats are selected, and click Remove Selected.
Reboot your computer if prompted.

Posting the Malwarebytes log.
After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
post that saved log to your next reply.

#8
cahagg01

Posted 01 May 2016 - 09:29 PM

Member

Topic Starter
Member
37 posts

Malwarebytes Log attached malwarebytes log.txt 1.02KB 168 downloads

#9
zep516

Posted 01 May 2016 - 09:31 PM

Trusted Helper

Malware Removal
8,090 posts

Hello,

A clean Malwarebytes is a good sign

a few things to clean up,

Download the enclosed =>

fixlist.txt 1.64KB 168 downloads Save it in the location FRST64 is. Run FRST and click on the Fix button. Wait until finished.

The tool will make a log in the location FRST is, (Fixlog.txt). Please post it to your reply.

#10
cahagg01

Posted 01 May 2016 - 10:14 PM

Member

Topic Starter
Member
37 posts

Attached

Fixlog.txt 4.06KB 169 downloads

#11
zep516

Posted 01 May 2016 - 10:17 PM

Trusted Helper

Malware Removal
8,090 posts

What issues remain with the computer ?

Your logs are clean now, if you need to run it for a day please do so and get back to me.

Thanks
Joe

#12
cahagg01

Posted 01 May 2016 - 10:20 PM

Member

Topic Starter
Member
37 posts

Sounds good. Playing with it a little bit now, and it's moving much better than before. Thanks a lot!!

Chad

#13
zep516

Posted 01 May 2016 - 10:24 PM

Trusted Helper

Malware Removal
8,090 posts

OK

We still need to remove all that stuff I had you download. So use if for a bit and let me know things are still ok and we can then clean up.

#14
zep516

Posted 02 May 2016 - 05:07 PM

Trusted Helper

Malware Removal
8,090 posts

The following procedures will implement some cleanup procedures to remove these tools. It will also reset your System Restore by flushing out previous restore points and create a new restore point. It will also remove all the backups our tools may have made.
Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).

Why we need to remove some of our tools:
Some of the tools we have used to clean your computer were made by fellow malware fighters and are very powerful and if used incorrectly or at the wronge time can make the computer an expensive paper weight. They are updated all the time and some of them more than once a day so by the time you are ready to use them again they will already be outdated.

Download DelFix by Xplode and save it to your desktop.

Run the tool by right click on the icon and Run as administrator option.
Make sure that these ones are checked:
- Remove disinfection tools
- Purge system restore
- Reset system settings
Push Run.
The program will run for a few seconds and display a notepad report.
Paste it for my review.