Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.

Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Latest News: Microsoft Releases Huge OneNote Update for Windows 10

Featured Deal: Get 98% off the Ultimate Cisco Certification Bundle: Lifetime Access Deal

Please Help Me Guys. I am a computer novice so desperately in need of guidance..

Started by Browny69 , Feb 09 2016 06:46 AM

Please log in to reply

27 replies to this topic

#1 Browny69

Members
21 posts
OFFLINE

Local time:07:08 PM

Posted 09 February 2016 - 06:46 AM

I was scammed in the fake Microsoft phonecall scam and googled Acer support and allowed them remote access to my brand new then Acer Aspire ES1-512 . That was nearly a year ago. I've not had any Windows services active since,no windows
defender,no pop up blocker,they changed allmy security settings and removed any chance of a sytem restore, they deleted all points, I can't boot from cd as they've got shadow copies, infact most of the Acer products, Abdocs they are using that amoungst many other apps,ports, fake anti-virus software if I am lucky enough to install, I have no admin rights I've actually completely wiped everything, reset it my laptop to factory settings over 10 times . Each time all files and folders reappear.I have noticed a few suspicious looking files and folders WINDOWS OLD and they've completely ruined and deleted all my security settings and disabled Windows Defender, pop up blocker, smart screen filter everything. I have 2 network adapters possibly even 3 and I have only just been able to finally log onto our home router settings page I have noticed a Linux devicese , which I researched and it seems the and a lot of suspicious events been happening and looks like people logging onto our home router and they've done something to allow them open port access. It looks like I've got numerous network adapters operating I do not know what's real and what isn't, we have a BT broadband Hub4 router and the other is their realtek family stepping stone I think or a Qualcomm adapter, I need some help to remove the fake softare they have on my laptop and like I say they are using a lot of the Acer products to trick me I cannot even access my cd/dvd drive as they have installed something that monitors everything. I am disgusted with this, I contacted you time and time again when this first happened for help. It was Acer support I googled after their fake support phonecall and the top Freephone num was theirs somehow. Then they are accessing my filles ,folders,photos,banking details, emails,personal information all under Acer products/guises They even installed a complete fake whole OneDrive. I need some help with identifying the methods and fake Microsoft and Acer things so I can get Microsoft Key Authentification and try to be able to do a safe boot from disc to access win def offline or any other anti-malware cds I have to remove them. I am not the best on pcs and a newbie really. I haven't had any way shape or form in the way of HELP from Acer or Microsoft who these people claimed to be from when I fell for the 'support phonecall informing me of your pc's been seriously compromised They have files on here where when I boot up my laptop they have access before me even though I enter the password, autorun files backdoor this backdoor that so many exe and executeable files and I have no permissions to do anthing, HELP ME PLEASE>>> I have managed to upgrade to Windows 10 on last facory reset and have downloaded FRST and ran that and have a log if it will help me posting that? Iwould be so grateful as this laptop was 6 days old when I fell for the scam and gave these people access via Logmeinrescue and my laptop has barely worked and been on a 'limited internet connection ever since, they have changed a lot of settings to allow them to access everything in offline mode also. PLEASE HELPPPP..

BC AdBot (Login to Remove)

BleepingComputer.com
Register to remove ads

#2 bloopie

Bleepin' Sith Turner

Malware Response Team
7,927 posts
OFFLINE

Gender:Male
Location:New York
Local time:02:08 PM

Posted 10 February 2016 - 12:51 AM

Hello Browny69, and welcome to BC! :thumbsup:

My name is bloopie and I'll be helping you with your problems as best I can! :thumbup2:

A few things to keep in mind while we are working together:

Please tell me if you have your original Windows CD/DVD available.
Please copy and paste all logs here unless otherwise instructed.
If you are unsure about any of the steps I provide, just post what you can and I will guide you!
Please do not run any other tools without my instruction to do so!
Upon completing the steps below I will review your topic an do my best to resolve your issues.

====================

Okay by the way you've described the situation, you've already handed off the keys to your entire computer! I hope that's not the case in reality, but that's what it sounds like! We're going to have to delve a bit deeper to be sure though.

You've mentioned "backdoors" as well...the only way to be 100%, and totally sure your machine is safe when there have been open backdoors, is to reformat and reinstall Windows. Do you have an original Windows disc handy and your product key code you got with your laptop? That would be the fastest and safest method to be sure your system is clean! If you have this available, then please let me know!

==========

But if that is not a possibility, then we must firstly remove any visible malware from the system. You mention you have downloaded and ran FRST, then I would like you to copy and paste that log for review. I have already moved this topic to the Malware Removal Logs forum so that you can post the FRST.txt log.

Also, please post the Addition.txt file that also gets created when the tool runs the first time.

Note: If you do not have the Addition.txt file, you will have to scan again, but be sure to check the Addition.txt checkbox on the FRST splash screen this time, before scanning.

bloopie

energy=mass X speed of light²...that's a lot of energy!

If I have been helping you and have not replied to your last post in 48hrs, please send me a P.M.

Posted Image

#3 Browny69

Topic Starter

Members
21 posts
OFFLINE

Local time:07:08 PM

Posted 10 February 2016 - 02:53 PM

Hi Bloopie thank you . I am in the process of running the scan now. I will post results after it is done. Can I further mention that after I realised that I'd been scammed and made a huge mistake giving this Indian man complete control; over my Acer Aspire E 15 (ES 512) notebook/laptop twice for a period of well over 2 hours. I only twigged when he starts asking me for the bank details of a friend who I said was paying the bill on my behalf and by then the damage was already done. I noticed my and printers a fax machine and a printer, none of which was mine so I'd delete them only for them to reappear the next day or the next time I turned mt laptop on. Since upgrading to windows 10 after my last factory reset I noticed that they was back in and on my laptop yet again, only this time they seem to have installed not the fax and printer in my devices and printers but these devices have come from nowhere and I believe they are something to do with these hackers. A VGA webcam USB composite device Universal series Manufactur (standard USB controller) Location Port_#0004.Hub_#002 This device is disabled by me Code 22. Also a Bluetooth USB Module Manufactur Qualcomm Atheros Communications, location Port_#0001.Hub_#0003 says the device is USB\VID_04CA&PID_300B\7&20e6a1b6&0&1 says device install requested, device migrated bluetooth radio? Also Generic PnP Monitor Properties C\:WINDOWS\system32DRIVERS\monitorsys file version 10.0.10586.0fth2_release.151029-(700) Location On Intel® HD Graphics and a HDTV (Intel® DisplayAudio) Device description Audio endpoint Device SWD\MMDEVAPI\{0.0.00000000}.{fc669e87-IC45-4ae7-9fa2-ca99ec06625b} states device type audio input and output. I have been using an app on my Samsung Galaxy S5mini android phone wifi monitor and network tools and utilities are alerting me to unknown devices connecting to my wifi, the main one is this is udhcp-1-19-4-VD-Linux-3-1-1x-50-56... Mac : 50:56:bf:82:62:ae says it's Samsung Electronics but it isn't my phone and there's another Samsung which may be my lodgers but I am not certain as it has a massive long name and numbers in the title of it. Also it says Wayne.home (192.168.1.67) MAC: ac:b5:7d:3c:78:4c Name Liteon Technology Corporationwhen I think this is referring to my laptop but I thought it would say Acer technology or something like that, and it is states it is an untrusted device. Please can you help me with any guidance on how to secure my BT Home Hub 4 as I noticed a lot of TCP events in the events log of my router also. Thanks I am posting that scan results now with this.

#4 Browny69

Topic Starter

Members
21 posts
OFFLINE

Local time:07:08 PM

Posted 10 February 2016 - 02:55 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-02-2016

Ran by Wayne (administrator) on WAYNE (10-02-2016 18:55:06)

Running from C:\Users\Wayne\Downloads

Loaded Profiles: Wayne (Available Profiles: Wayne)

Platform: Windows 10 Home Version 1511 (X64) Language: English (United Kingdom)

Internet Explorer Version 11 (Default browser: Edge)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe

(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe

(Alcatel-Lucent) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe

(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfemms.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe

(Alcatel-Lucent) C:\Program Files (x86)\Common Files\Motive\pcCMService.exe

(Acer Cloud Technology) C:\Program Files (x86)\Acer\AOP Framework\acer\ccd.exe

(Joyent, Inc) C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\node.exe

(McAfee, Inc.) C:\Windows\System32\mfevtps.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\systemcore\mfefire.exe

(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe

(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\CSP\1.8.203.0\McCSPServiceHost.exe

(Pokki) C:\Users\Wayne\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe

(Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe

() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe

(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QASvc.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMEvent.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMLockHandler.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QALSvc.exe

(Acer Incorporate) C:\Program Files\Acer\Acer Launch Manager\LMTray.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAgent.exe

(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Quick Access\QAAdminAgent.exe

(Ruiware LLC) C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe

(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerTray.exe

(Intel Corporation) C:\Windows\System32\igfxext.exe

(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerEvent.exe

(Acer Incorporated) C:\Program Files\Acer\Acer Power Management\ePowerWinMonitor.exe

(McAfee, Inc.) C:\Program Files\Common Files\mcafee\platform\McUICnt.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6525.42271.0_x64__8wekyb3d8bbwe\HxMail.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6525.42271.0_x64__8wekyb3d8bbwe\HxTsr.exe

(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe

(Acer Incorporated) C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe

() C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe

(Pokki) C:\Users\Wayne\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe

() C:\Program Files (x86)\Acer\Care Center\ACCStd.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Google Inc.) C:\Program Files (x86)\Google\Update\Install\{D36CA3DE-0A28-4888-8443-B90DFEDC4923}\48.0.2564.109_48.0.2564.103_chrome_updater.exe

(Google Inc.) C:\Windows\Temp\CR_2C500.tmp\setup.exe

(acer) C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe

(TODO: <Company name>) C:\Program Files\Acer\User Experience Improvement Program\Plugin\AppMonitor\AppMonitorPlugIn.exe

(Pokki) C:\Users\Wayne\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Pokki) C:\Users\Wayne\AppData\Local\SweetLabs App Platform\Engine\ServiceStartMenuIndexer.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Farbar) C:\Users\Wayne\Downloads\FRST64 (1).exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch

HKLM-x32\...\Run: [Malwarebytes Anti-Exploit] => C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe [2622432 2016-01-29] (Malwarebytes Corporation)

HKLM-x32\...\Run: [AvgUi] => "C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe" /lps=fmw

HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3874216 2016-01-08] (AVG Technologies CZ, s.r.o.)

HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139768 2016-02-08] (AVAST Software)

HKU\S-1-5-21-92368520-1442784187-673530786-1001\...\Run: [WinPatrol] => C:\Program Files (x86)\Ruiware\WinPatrol\winpatrol.exe [1163264 2015-03-30] (Ruiware LLC)

HKU\S-1-5-18\Control Panel\Desktop\\SCRNSAVE.EXE ->

ShellIconOverlayIdentifiers: [ ACloudSynced] -> {5CCE71FA-9F61-4F24-9CD1-98D819B40D68} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)

ShellIconOverlayIdentifiers: [ ACloudSyncing] -> {C1E1456F-C2D8-4C96-870D-35F1E13941EE} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)

ShellIconOverlayIdentifiers: [ ACloudToBeSynced] -> {307523FA-DDC0-4068-983F-2A6B34627744} => C:\Program Files (x86)\Acer\shellext\x64\shellext_win.dll [2016-01-19] (Acer Incorporated)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-02-08] (AVAST Software)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{53c2476b-27d6-4520-bdcc-830607ff6afa}: [DhcpNameServer] 192.168.1.254

Tcpip\..\Interfaces\{a2f9e1f8-bfea-4cfc-96fd-5c82c820b652}: [DhcpNameServer] 192.168.1.254

Internet Explorer:

==================

HKU\S-1-5-21-92368520-1442784187-673530786-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs

HKU\S-1-5-21-92368520-1442784187-673530786-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://acer13.msn.com/?pc=ACJB

HKU\S-1-5-21-92368520-1442784187-673530786-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://www.msn.com/?pc=U270&ocid=U270DHP&osmkt=en-gb

SearchScopes: HKLM -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

SearchScopes: HKLM-x32 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL = hxxp://uk.yhs4.search.yahoo.com/yhs/search?hspart=acer&hsimp=yhs-acer_001&p={searchTerms}

SearchScopes: HKU\S-1-5-21-92368520-1442784187-673530786-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}

SearchScopes: HKU\S-1-5-21-92368520-1442784187-673530786-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?PC=WCUG&FORM=WCUGDF&q={searchTerms}

SearchScopes: HKU\S-1-5-21-92368520-1442784187-673530786-1001 -> {AA9A4890-4262-4441-8977-E2FFCBFB706C} URL =

BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-02-08] (AVAST Software)

BHO: BT Toolbar -> {aba8d0e6-0d4d-4cb8-836a-04d69824b108} -> C:\Program Files (x86)\bttb\bttbX64.dll [2014-02-07] ()

BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-02-08] (AVAST Software)

BHO-x32: BT Toolbar -> {aba8d0e6-0d4d-4cb8-836a-04d69824b108} -> C:\Program Files (x86)\bttb\bttbX.dll [2014-02-07] ()

Toolbar: HKLM - BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files (x86)\bttb\bttbX64.dll [2014-02-07] ()

Toolbar: HKLM-x32 - BT Toolbar - {aba8d0e6-0d4d-4cb8-836a-04d69824b108} - C:\Program Files (x86)\bttb\bttbX.dll [2014-02-07] ()

Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2015-12-03] (McAfee, Inc.)

Edge:

======

Edge HomeButtonPage: HKU\S-1-5-21-92368520-1442784187-673530786-1001 -> hxxp://www.msn,com/

FireFox:

========

FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2015-12-03] ()

FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/pdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()

FF Plugin-x32: @foxitsoftware.com/Foxit PhantomPDF Plugin,version=1.0,application/vnd.fdf -> C:\Program Files (x86)\Foxit PhantomPDF\plugins\npFoxitPhantomPDFPlugin.dll [2014-05-14] ()

FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2015-10-13] (Google, Inc.)

FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [No File]

FF Plugin-x32: @Motive.com/NpMotive,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotive.dll [2012-10-05] (Alcatel-Lucent)

FF Plugin-x32: @Motive.com/npMotiveRequest,version=1.0 -> C:\Program Files (x86)\Common Files\Motive\npMotiveRequest.dll [2011-12-06] (Alcatel-Lucent)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)

FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-02-08]

FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF

Chrome:

=======

CHR HomePage: Default -> msn.com/?pc=__PARAM__&ocid=__PARAM__DHP&osmkt=en-us

CHR StartupUrls: Default -> "hxxp://homepage-web.com/?s=acer&m=start"

CHR Profile: C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Docs) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-08]

CHR Extension: (Google Drive) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-08]

CHR Extension: (YouTube) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-08]

CHR Extension: (Google Search) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-08]

CHR Extension: (BT Toolbar) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdpkpbhapgfjahbajejahjjcghiclegg [2016-02-08] [UpdateUrl: hxxp://www.bt.com/static/includes/account/toolbar/update/chromeUpdates.xml] <==== ATTENTION

CHR Extension: (Chrome Web Store Payments) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-01-27]

CHR Extension: (Gmail) - C:\Users\Wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-08]

CHR HKU\S-1-5-21-92368520-1442784187-673530786-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [fcfenmboojpjinhpgggodefccipikbpd] - hxxps://clients2.google.com/service/update2/crx

CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-02-08]

CHR HKLM-x32\...\Chrome\Extension: [hdpkpbhapgfjahbajejahjjcghiclegg] - C:\Program Files (x86)\bttb\toolbar.crx [2014-02-07]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-02-08] (AVAST Software)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [627544 2016-01-08] (AVG Technologies CZ, s.r.o.)

R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3906568 2016-01-08] (AVG Technologies CZ, s.r.o.)

R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)

R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [583936 2016-01-08] (AVG Technologies CZ, s.r.o.)

R2 BT Help Wizard; C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\bin\MAHostService.exe [321024 2014-04-09] (Alcatel-Lucent) [File not signed]

R2 CCDMonitorService; C:\Program Files (x86)\Acer\AOP Framework\CCDMonitorService.exe [2860760 2016-01-14] (Acer Incorporated)

R3 ePowerSvc; C:\Program Files\Acer\Acer Power Management\ePowerSvc.exe [2573032 2014-06-12] (Acer Incorporated)

S2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

S2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2015-10-07] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)

R2 LMSvc; C:\Program Files\Acer\Acer Launch Manager\LMSvc.exe [469736 2014-09-10] (Acer Incorporate)

R2 MbaeSvc; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe [740832 2016-01-29] (Malwarebytes Corporation)

S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)

R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2015-12-03] (McAfee, Inc.)

S3 McAWFwk; C:\Program Files\Common Files\mcafee\ActWiz\McAWFwk.exe [334608 2013-07-29] (McAfee, Inc.)

R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)

S4 McOobeSv2; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

S2 mcpltsvc; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

S2 McProxy; C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe [451960 2015-11-02] (McAfee, Inc.)

R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [233680 2015-09-21] (McAfee, Inc.)

R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [378848 2015-10-21] (McAfee, Inc.)

R2 mfevtp; C:\Windows\system32\mfevtps.exe [256840 2015-09-21] (McAfee, Inc.)

R3 QALSvc; C:\Program Files\Acer\Acer Quick Access\QALSvc.exe [398176 2015-07-09] (Acer Incorporated)

R3 QASvc; C:\Program Files\Acer\Acer Quick Access\QASvc.exe [450400 2015-07-09] (Acer Incorporated)

R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()

S3 RMSvc; C:\Program Files\Acer\Acer Quick Access\RMSvc.exe [449768 2014-06-26] (Acer Incorporate)

R3 UEIPSvc; C:\Program Files\Acer\User Experience Improvement Program\Framework\UBTService.exe [234240 2014-07-15] (acer)

S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)

S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-02-08] (AVAST Software)

R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-02-08] (AVAST Software)

R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-02-08] (AVAST Software)

R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-02-08] (AVAST Software)

R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065720 2016-02-08] (AVAST Software)

R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-02-08] (AVAST Software)

R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-02-08] (AVAST Software)

R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-02-10] (AVAST Software)

S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)

R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)

R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2015-12-04] (AVG Technologies CZ, s.r.o.)

R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)

R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)

R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)

R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [258480 2015-12-04] (AVG Technologies CZ, s.r.o.)

R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)

R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)

S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [80760 2015-09-23] (McAfee, Inc.)

R1 ESProtectionDriver; C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys [66080 2016-01-29] ()

R3 GPIO; C:\Windows\System32\drivers\iaiogpioe.sys [31232 2014-06-09] (Intel Corporation)

R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [69632 2014-06-09] (Intel Corporation)

R3 LMDriver; C:\Windows\System32\drivers\LMDriver.sys [21360 2013-07-17] (Acer Incorporated)

S3 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [109272 2016-02-09] (Malwarebytes)

R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-02-09] (Malwarebytes)

S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)

R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [415976 2015-09-23] (McAfee, Inc.)

R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351120 2015-09-23] (McAfee, Inc.)

S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [82072 2015-09-23] (McAfee, Inc.)

R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [497888 2015-09-23] (McAfee, Inc.)

R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [841944 2015-09-23] (McAfee, Inc.)

R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [244544 2015-09-23] (McAfee, Inc.)

S3 MREMP50; C:\Program Files (x86)\Common Files\Motive\MREMP50.sys [21248 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MREMP50a64; C:\Program Files\Common Files\Motive\MREMP50a64.SYS [43008 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))

S3 MRESP50; C:\Program Files (x86)\Common Files\Motive\MRESP50.sys [20096 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA)) [File not signed]

S3 MRESP50a64; C:\Program Files\Common Files\Motive\MRESP50a64.SYS [40960 2010-02-02] (Printing Communications Assoc., Inc. (PCAUSA))

R3 RadioShim; C:\Windows\System32\drivers\RadioShim.sys [14680 2013-07-17] (Acer Incorporated)

R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [895256 2016-01-28] (Realtek )

R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)

S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)

S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)

S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

S3 MREMPR5; \??\C:\PROGRA~2\COMMON~1\Motive\MREMPR5.SYS [X]

S3 MRENDIS5; \??\C:\PROGRA~2\COMMON~1\Motive\MRENDIS5.SYS [X]

========================== Drivers MD5 =======================

C:\Windows\System32\drivers\1394ohci.sys DF1C3D7E6C7929AD83BE22852B5B08CB

C:\Windows\System32\drivers\3ware.sys 2C5B3035B86770ADD2FE9BFBAF5B35A4

C:\Windows\System32\drivers\ACPI.sys 6B6C39AB2CD7BEB6CFF624522E5449DE

C:\Windows\System32\Drivers\acpiex.sys 7EADED8087C392876521F7EBCE846EF4

C:\Windows\System32\drivers\acpipagr.sys C498887123327CDFD73A05E7A2780920

C:\Windows\System32\drivers\acpipmi.sys C8DBE6EFFCF014CAA010B9BDDAC833EC

C:\Windows\System32\drivers\acpitime.sys 17039DBEB3B7B9ADCDB4B4533AA9771F

C:\Windows\System32\drivers\ADP80XX.SYS F7D0CD345D2DA42E7042ABCD73662403

C:\Windows\system32\drivers\afd.sys 70148EFA9A562E7185B75BBE7D376BF7

C:\Windows\System32\drivers\agp440.sys 870F1A2C936F92B5D053DF7EC75B352F

C:\Windows\System32\DRIVERS\ahcache.sys 3DF7751D5DC6525E7DC6617FBB45054F

C:\Windows\System32\drivers\amdk8.sys B70F0F2F54B4A4DB6E9C830454752F5A

C:\Windows\System32\drivers\amdppm.sys 35E890482C9728DD5C552B85DA8A5AB2

C:\Windows\System32\drivers\amdsata.sys 5B30BCFE6E02E45D3EE268FF001BC5E0

C:\Windows\System32\drivers\amdsbs.sys F20B30F35A5C7888441B4DCA001ECF8E

C:\Windows\System32\drivers\amdxata.sys AFE838D7576C581D6483529621AB10CC

C:\Windows\System32\drivers\appid.sys 2BBD3A492B93C7E669D01EE88977D7DE

C:\Windows\System32\drivers\arcsas.sys E3FE8F610B1CC12BC3B2E6BC43DC97E2

C:\Windows\system32\drivers\aswHwid.sys 7E66DFE6B62C6C34FD6B09DB6169E9F6

C:\Windows\system32\drivers\aswMonFlt.sys 259ABA699202DCE45815128D7BEAE41E

C:\Windows\system32\drivers\aswRdr2.sys 0866D5FE02D614501B7B4AD5E1BC7B53

C:\Windows\System32\Drivers\aswRvrt.sys 0AA12ADF5F87B4A70BDBAED77F54B978

C:\Windows\system32\drivers\aswSnx.sys C445C4459ADC7A04E02D4646980515FC

C:\Windows\system32\drivers\aswSP.sys 6538FDD733D155F901913D3C09C618CB

C:\Windows\system32\drivers\aswStm.sys 219D0E2348629FAE4E6E3478C21B23D6

C:\Windows\System32\Drivers\aswVmm.sys 9949BBD5BB70C4D317B7549896132579

C:\Windows\System32\drivers\asyncmac.sys 5E00748A1AD246CAECBBB7553BED36CC

C:\Windows\System32\drivers\atapi.sys 492B99D2E3D5D7BFD5F0AE1BE7BD37DD

C:\Windows\System32\drivers\athw8x.sys 41DFF214D30294F18F64257167F1CCBA

C:\Windows\System32\DRIVERS\avgboota.sys CB0316E55674D69AF814250FD6EAEAB2

C:\Windows\System32\DRIVERS\avgdiska.sys FF641C4AD6F27902A7D3CA57BEAA8E80

C:\Windows\System32\DRIVERS\avgidsdrivera.sys 9B66A210388AC7569FE35B01F4E0FC36

C:\Windows\System32\DRIVERS\avgidsha.sys E9796E2C69DC0D3AEE77EC82B80F83F3

C:\Windows\System32\DRIVERS\avgldx64.sys D2E83AA008426FC9408272035E50D40B

C:\Windows\System32\DRIVERS\avgloga.sys 6BB3E78DE490503540DD93B9A733794D

C:\Windows\System32\DRIVERS\avgmfx64.sys 4331F3946B25285322DC2F0C47011E13

C:\Windows\System32\DRIVERS\avgrkx64.sys 392339315A0738429B3C9E92A0F8F995

C:\Windows\system32\DRIVERS\avgwfpa.sys E1280D6DE33584FF88B128C9A6773719

C:\Windows\System32\drivers\bxvbda.sys 6447BA6FA709514B6C803D159B4C7D1E

C:\Windows\System32\drivers\BasicDisplay.sys B4AC08B1D04D0CE085435E5CD0E663C5

C:\Windows\System32\drivers\BasicRender.sys 25B5BB369DEE2BAE4BF459C978FF9035

C:\Windows\System32\drivers\bcmfn.sys 3F5523DCEFE42B385659C5CB46A6B810

C:\Windows\System32\drivers\bcmfn2.sys 0B750A6A6D847E73CA48ADD7A0F5A393

C:\Windows\System32\Drivers\Beep.sys 5A88834AEE15D97695FAE0837B73B3E4

C:\Windows\System32\DRIVERS\bowser.sys DA2C6F7ACE392193C424FEA975C5BFFB

C:\Windows\System32\drivers\btath_bus.sys AF7DEA6A0E93AF8517A310D189B656BE

C:\Windows\system32\DRIVERS\btfilter.sys 239A81CC18170F3369D389DA65E74342

C:\Windows\System32\drivers\BthAvrcpTg.sys CAEC7BC11AF69A181AF7932E636E09E4

C:\Windows\System32\drivers\BthEnum.sys 7F2165B51C19A5F59BCA94E0A1B1E0D3

C:\Windows\System32\drivers\bthhfenum.sys 5F2B4B32E986C058525D3BA2A475A16C

C:\Windows\System32\drivers\BthHFHid.sys 5406289E8AE2CB52FC408154E0A64BA7

C:\Windows\system32\DRIVERS\BthLEEnum.sys CC6C1393B423EBFF9F6696CB9CC4CBCB

C:\Windows\System32\drivers\bthmodem.sys A76F20CCCA31895A1DA78A875E50F946

C:\Windows\System32\drivers\bthpan.sys 09C3DB1B137B269A822F941D867A6BB6

C:\Windows\system32\DRIVERS\BTHport.sys 40811857B266F02D75DE654AE92D98C9

C:\Windows\system32\DRIVERS\BTHUSB.sys F001B81D47CEBF96E60CE971FFCC45C4

C:\Windows\System32\drivers\buttonconverter.sys BF89BDBA5D3A0B4256D3F6FC8D31880D

C:\Windows\System32\drivers\capimg.sys C24C27FDF93B85A4EFCF25F830253AA2

C:\Windows\System32\DRIVERS\cdfs.sys 7F9C7226D743B232907ED2537B8A574F

C:\Windows\System32\drivers\cdrom.sys 82D97776BF982AA143BDC7DFB5054EA8

C:\Windows\System32\drivers\cfwids.sys D7BB4B5C3339D23901BD6265171918D5

C:\Windows\System32\drivers\circlass.sys 0505C1D991D0F9D47F3353BB98597C7E

C:\Windows\System32\drivers\CLFS.sys 8B4B39C507ABA09AAFE8E3932D1B392C

C:\Windows\System32\drivers\CmBatt.sys 95832B049E2833B9F5189823CDF946C7

C:\Windows\System32\Drivers\cng.sys 80977779A19947939D680A4899E829EC

C:\Windows\System32\DRIVERS\cnghwassist.sys 58D640BC2294C71BDE0953F12D4B432F

C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_912dfdedc3d2f520\CompositeBus.sys 14F9883588398A1BDE49C75098C75DE6

C:\Windows\System32\drivers\condrv.sys 02B8E49148DE5E0A2F6FDF28CE94A6AC

C:\Windows\System32\drivers\dam.sys 2619DC483579DB9FE804044C1ADFFD1A

C:\Windows\System32\Drivers\dfsc.sys C9478D7DB7BE5D7ACE65CB1167F07320

C:\Windows\System32\drivers\disk.sys 4904B152E4942BF700F2D73228B4D477

C:\Windows\System32\drivers\dmvsc.sys 0197AE4B9790A4E73751CACFAA480126

C:\Windows\system32\DRIVERS\drmkaud.sys 25FA06D3B49D6ADF8E874FFCDCD76B50

C:\Windows\System32\drivers\dxgkrnl.sys DEE20E660C079BDAB5B7533826F99FA8

C:\Windows\System32\drivers\evbda.sys 491275B864B704B54EC08168344E0F38

C:\Windows\System32\drivers\EhStorClass.sys CEF108FCE06892CFA5F1B49527D4BF49

C:\Windows\System32\drivers\EhStorTcgDrv.sys 5B1EAAE3001A7A320C106FC3859F4111

C:\Windows\System32\drivers\errdev.sys 7A2705148A4BB3CA255F81624338B461

C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae64.sys 60281B807AC3F5202D3008F5DA902842

C:\Windows\system32\DRIVERS\ETD.sys DDCCBE95C557EC0123C3B076C8780048

C:\Windows\System32\Drivers\exfat.sys DFE8A33FBCF6F38182631A4D6097B92D

C:\Windows\System32\Drivers\fastfat.sys 03DE0EC072C5EBD5B018CAD83F1E522A

C:\Windows\System32\drivers\fdc.sys 9D299AE86D671488926126A84DF77BFD

C:\Windows\System32\drivers\filecrypt.sys 8F12AB59336143B680F71B217B495AD2

C:\Windows\System32\drivers\fileinfo.sys 92ECCFA58C8195B8EA33ED942469D4E6

C:\Windows\System32\drivers\filetrace.sys 87C51FDD50C17882BA93E28BBABB9847

C:\Windows\System32\drivers\flpydisk.sys E99261DD76D1C9E05AF575939CAE5AC5

C:\Windows\System32\drivers\fltmgr.sys 25D7A58625E1453E40D36825DE74E4F1

C:\Windows\System32\drivers\FsDepends.sys B4175E8BE60B099686FF55CA7D692316

C:\Windows\System32\Drivers\Fs_Rec.sys CC71372CEB811A72F1DC99089C5CBF53

C:\Windows\System32\DRIVERS\fvevol.sys 421497634C86EF4B8F86D0EBC076728F

C:\Windows\System32\drivers\gagp30kx.sys B9981A4CB9F728B3312A3885BFAA7204

C:\Windows\System32\drivers\vmgencounter.sys 77555B11B264991DDC26872FFCF1AB97

C:\Windows\System32\drivers\genericusbfn.sys F3AC9652D88BF87BA6596CBEA28CE10F

C:\Windows\System32\drivers\iaiogpioe.sys 794F13178118C609BA4F59111EDB6758

C:\Windows\System32\Drivers\msgpioclx.sys F802FBABF0C4DF1BAA733187B2E476F5

C:\Windows\System32\drivers\gpuenergydrv.sys D011B0ADB15F4815310CE1BF4780B33E

C:\Windows\System32\drivers\HDAudBus.sys 84BC034B6BB763733C1949B7B9BAF976

C:\Windows\System32\drivers\HidBatt.sys 6B8CB114B8E64C0636EB49F7B914D1FC

C:\Windows\System32\drivers\hidbth.sys D1AD197CCDAAC0CB4819DA1D6EB17BAE

C:\Windows\System32\drivers\hidi2c.sys 64909DECCFCC6FB5D9A5BAFDCCB31FEE

C:\Windows\System32\drivers\hidinterrupt.sys F510F7B7BF61DEAAC04E65C3B65E8D59

C:\Windows\System32\drivers\hidir.sys 90F3ED42D423C942BA5EA54E2FFE7AC7

C:\Windows\System32\drivers\hidusb.sys 128DEDDD61915DBA4D451D91D21F0513

C:\Windows\System32\drivers\HpSAMD.sys FF442DCDCE1F6E9FAA9C8AD0CD1D199B

C:\Windows\System32\drivers\HTTP.sys 318E816717431D3C23DC82779900C744

C:\Windows\System32\drivers\hwpolicy.sys CBA5E88A0F0475B7F49653BB72150BEF

C:\Windows\System32\drivers\hyperkbd.sys D668FAB4B0397B426EE3D41683B9A1C0

C:\Windows\System32\drivers\i8042prt.sys 53FDD9E69189E546DE4740F8C4D8AB2F

C:\Windows\System32\drivers\iai2c.sys 9A2A2F3C69B9A30B6E78536F6D258BAD

C:\Windows\System32\drivers\iaioi2ce.sys F49D75806D962F85C44E32A1AFB9B8E0

C:\Windows\System32\drivers\iaLPSS2i_I2C.sys 59A20F5AD9F4AE54098154359519408E

C:\Windows\System32\drivers\iaLPSSi_GPIO.sys 16A10CCEDCF5AC4CAAE43DC9FC40392F

C:\Windows\System32\drivers\iaLPSSi_I2C.sys EB82A11613326691508D9ED9A4FE29E7

C:\Windows\System32\drivers\iaStorAV.sys 6B0029A0253098CCE28EACCFDB9E7208

C:\Windows\System32\drivers\iaStorV.sys 9652E1E35A92D8C75710C17A63B15796

C:\Windows\System32\drivers\ibbus.sys FFADF691F7BF727AF5C863454A372723

C:\Windows\system32\DRIVERS\igdkmd64.sys D440A4CC07DECA9C9E61A005C53666DB

C:\Windows\system32\drivers\intelaud.sys B1F193AB8FB72E9FC34B3A39314ED872

C:\Windows\system32\drivers\RTKVHD64.sys AAB0607E015F07D342DD3CB04A311257

C:\Windows\system32\DRIVERS\IntcDAud.sys 87871AB7AC797F922A6F3D4C874CED96

C:\Windows\System32\drivers\intelide.sys ECDB27420D3A98424666904525A8562A

C:\Windows\System32\drivers\intelpep.sys 8FF1978643EFD219C5BA49690191D701

C:\Windows\System32\drivers\intelppm.sys B61B60F36E1C8022FA8166ABF0F66B07

C:\Windows\System32\drivers\ioqos.sys CA0D42029AFFC4514D295E1EF823D02D

C:\Windows\System32\DRIVERS\ipfltdrv.sys 6E3F9D95235DFC9417384080A216F310

C:\Windows\System32\drivers\IPMIDrv.sys 4F527ECB5EAB47D8EAF34A469666C469

C:\Windows\System32\drivers\ipnat.sys 9E5E8F2A1996F23B7E9687846AA81B01

C:\Windows\System32\drivers\irenum.sys C317EB660138BC9CBFE37CCDE56351AE

C:\Windows\System32\drivers\isapnp.sys 531994A6D9399D9B74BE12B5BB58A81E

C:\Windows\System32\drivers\msiscsi.sys 68D5354A4A9692EEC24664C60F47D4A2

C:\Windows\System32\drivers\iwdbus.sys DD1F43B86AD84E53203F92FD3EF3AEB6

C:\Windows\System32\drivers\kbdclass.sys 701D7DB13B0815E7076EF4CB4CE981F8

C:\Windows\System32\drivers\kbdhid.sys 884EBBDDBF5968003B40185BD96FF0E6

C:\Windows\System32\drivers\kdnic.sys 6B3A0C7902811E6372643447E41F7048

C:\Windows\System32\Drivers\ksecdd.sys 982C795DE20CED7AEDD2E7899B5D9BC1

C:\Windows\System32\Drivers\ksecpkg.sys 7D8B9214692C4D0F1646215D9984E19A

C:\Windows\system32\drivers\ksthunk.sys E9BB0023D730701BB5D9839B44F5E6B5

C:\Windows\System32\drivers\lltdio.sys EC34EED89C34B27C292166B725AC7A7B

C:\Windows\System32\drivers\LMDriver.sys 4ACC60B4CBC911F3F34A1D66213BBBF5

C:\Windows\System32\drivers\lsi_sas.sys 961F28D879D345BFA50AF51285C90F2E

C:\Windows\System32\drivers\lsi_sas2i.sys 6BFB8D1B3407518BE06B6F81F92FA0F5

C:\Windows\System32\drivers\lsi_sas3i.sys BE0E47988D78F731DEC2C0CB03E765CB

C:\Windows\System32\drivers\lsi_sss.sys F99BF02BE9219986817BF094981EEB18

C:\Windows\system32\drivers\luafv.sys 2FCF837196082864F66CFD9CAB256275

C:\WINDOWS\system32\drivers\mbamchameleon.sys 47701ECA633574E122687693B5C5D35C

C:\WINDOWS\system32\drivers\mbam.sys CFBC6C6D8A492697CABD1D353EE64933

C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys 78488AF2AB2111D67B3C4044707A519B

C:\WINDOWS\system32\drivers\mwac.sys 08DECFCB9BA97786165A69AB1015BC30

C:\Windows\System32\drivers\megasas.sys 2ED29B635F35E31A1C0D3DDB7DD2AD03

C:\Windows\System32\drivers\megasr.sys 22E3CB85870879CBAE13C5095A8B12E3

C:\Windows\System32\drivers\mfeaack.sys 67CD258ECEA02ADA4D57592AE720F452

C:\Windows\System32\drivers\mfeavfk.sys E3084E1F0A542DF32312B7D2FE52D6E1

C:\Windows\System32\drivers\mfeelamk.sys B6573DD495385DDB9B304812C23D17AA

C:\Windows\System32\drivers\mfefirek.sys 5203A63B8FDB8E072BDFA036D63589C3

C:\Windows\System32\drivers\mfehidk.sys 578AE1184B6342A06E7020BE866472D5

C:\Windows\System32\drivers\mfewfpk.sys F0E1B2EF49D967B17256F2334E93005A

C:\Windows\System32\drivers\mlx4_bus.sys D41920FBFFF2BBCBBC69A5B383AD022E

C:\Windows\system32\drivers\mmcss.sys 64BD0C87064EA20C2D3DC4199F9C239C

C:\Windows\System32\drivers\modem.sys 8D4B46FA84A3A3702EDADD37FAC6EDBA

C:\Windows\System32\drivers\monitor.sys 78FEC1BDB168370F131BFBFEA0A04E9D

C:\Windows\System32\drivers\mouclass.sys D1CC0833CFBC4222A95CAA5D0C8C78FF

C:\Windows\System32\drivers\mouhid.sys C2E05EC6B80BCF5AE362DA873E1BCE64

C:\Windows\System32\drivers\mountmgr.sys D5B7668A8F6C67C51FA5C6C513396D6C

C:\Windows\System32\drivers\mpsdrv.sys 5FBCB85D127BE21E3A9DAF11A13C00EA

C:\Program Files (x86)\Common Files\Motive\MREMP50.sys 9BD4DCB5412921864A7AACDEDFBD1923

C:\Program Files\Common Files\Motive\MREMP50a64.SYS C2758DF79C83A0D12A5599A040CA1818

C:\Program Files (x86)\Common Files\Motive\MRESP50.sys 07C02C892E8E1A72D6BF35004F0E9C5E

C:\Program Files\Common Files\Motive\MRESP50a64.SYS 38BD5B32E0722752BE8465D2A6DA43D9

C:\Windows\system32\drivers\mrxdav.sys 37C9EC0398BFC22C616711E41AE157D5

C:\Windows\System32\DRIVERS\mrxsmb.sys 61F9F27A8C3D7BCD287FE98A440421CE

C:\Windows\System32\DRIVERS\mrxsmb10.sys CCAD845F4D21D0E0E0468205EE865473

C:\Windows\System32\DRIVERS\mrxsmb20.sys 0F47A6C09F0A7FB5513D322A2B9BE4EC

C:\Windows\System32\drivers\bridge.sys A934DF064C503A31683DD7EECDBD327A

C:\Windows\System32\Drivers\Msfs.sys D123343DDB02E372B02BF2C4293F835F

C:\Windows\System32\drivers\msgpiowin32.sys B3358F380BA3F29F56BE0F7734C24D5F

C:\Windows\System32\drivers\mshidkmdf.sys B2044D5D125F249680508EC0B2AAEFAC

C:\Windows\System32\drivers\mshidumdf.sys 36ABE7FC80BED4FE44754AE5CFB51432

C:\Windows\System32\drivers\msisadrv.sys 59307FEAFC9E72EEEC56B7FD7D294F4C

C:\Windows\system32\DRIVERS\MSKSSRV.sys E9457EDFEBC774199F907395C6D09CA2

C:\Windows\System32\drivers\mslldp.sys C85D79735641D27C5821C35ECDDC2334

C:\Windows\system32\DRIVERS\MSPCLOCK.sys EF75184B64356850D0F04D049C253526

C:\Windows\system32\DRIVERS\MSPQM.sys 543933D166C618E7588EA77707EC1683

C:\Windows\System32\Drivers\MsRPC.sys 182711E9DDF70121A20EBB61B2DFB9E8

C:\Windows\System32\drivers\mssmbios.sys E887FFDD6734C496407E9219225CB6FF

C:\Windows\system32\DRIVERS\MSTEE.sys 83A2AB75951000D681FABDB80C07AEFC

C:\Windows\System32\drivers\MTConfig.sys 4FA0483896FC16583851EFB733FCB083

C:\Windows\System32\Drivers\mup.sys 60F88248608315E13391C2F1C3B4473F

C:\Windows\System32\drivers\mvumis.sys 218705233D02776AE4D19CC37D985C1B

C:\Windows\System32\DRIVERS\nwifi.sys 536A0806CE2061A2157E65D4D8ABF30C

C:\Windows\System32\drivers\ndfltr.sys B57CE307DA101C739885B7CC0678077F

C:\Windows\System32\drivers\ndis.sys AFAECF904F1C343EBD50F91BC8D0DBE8

C:\Windows\System32\drivers\ndiscap.sys 202260E7CDD731A32AF62ABD1ABEE008

C:\Windows\System32\drivers\NdisImPlatform.sys A1D473D0CF10561F29B58EA7C5412A92

C:\Windows\System32\DRIVERS\ndistapi.sys 1A0AE283B8DE6BB76412A0F8213D45AC

C:\Windows\System32\drivers\ndisuio.sys A74EE2D2C0BFF5EC3A6185791868C4CA

C:\Windows\System32\drivers\NdisVirtualBus.sys 32A9BD1342640D48AD85C8B3E812B984

C:\Windows\System32\drivers\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057

C:\Windows\System32\DRIVERS\ndiswan.sys 6A6A8CF5EE61801375A38EBB871D4057

C:\Windows\System32\DRIVERS\NDProxy.sys 50AEF8EF0064A91ABB08D858D039C9DE

C:\Windows\System32\drivers\Ndu.sys D358DF634F52247CB43F0781218F4D6E

C:\Windows\System32\drivers\netbios.sys 026618ECF6C4BEBDCB7885D42EC0DBE4

C:\Windows\System32\DRIVERS\netbt.sys F51C02D992A8D6BC5EC4D990F227D4C7

C:\Windows\System32\Drivers\Npfs.sys 465DC580170CD844206D7E3EF1DBF2A1

C:\Windows\System32\drivers\npsvctrig.sys 29395C214D2CD4C81F73166AB988A797

C:\Windows\System32\drivers\nsiproxy.sys 2871225495F832A8C8A7DD1A17EDB3DC

C:\Windows\System32\Drivers\NTFS.sys EFEFC245B884B1BE0401931398DCD707

C:\Windows\System32\Drivers\Null.sys 6DBD703320484C37CEA9E4E2D266A8CE

C:\Windows\System32\drivers\nvraid.sys 604D27CC38CC23493F218D0BB834B3FF

C:\Windows\System32\drivers\nvstor.sys 8B50D897657AB4A15FD9E251BBF7D107

C:\Windows\System32\drivers\nv_agp.sys 31F990B2B6B91E9D7A667405CE12FCB1

C:\Windows\System32\drivers\parport.sys 7D0FC96264C0F8F2C1321E33E8EB646C

C:\Windows\System32\drivers\partmgr.sys 24AC0FD10325FBC2303B29A5F237AEB0

C:\Windows\System32\drivers\pci.sys 1D4E995955BDAE781C46CB97AE1CFB58

C:\Windows\System32\drivers\pciide.sys 2B4D98DF0CA57FB9536DBC80D2449D1F

C:\Windows\System32\drivers\pcmcia.sys F4D5793BF2E58AF15C6CF2FEEF9E73EB

C:\Windows\System32\drivers\pcw.sys 22A53744CEEADFFFD33BA010FAD95229

C:\Windows\System32\drivers\pdc.sys 48F3A3222CF340FE31535CB6D49C6D6F

C:\Windows\System32\drivers\peauth.sys E2F8376F9731D12A009C522036C6073A

C:\Windows\System32\drivers\percsas2i.sys 1398A85E59698067CBBE1D66A9C13ADF

C:\Windows\System32\drivers\percsas3i.sys 35F7C7AD709D909D618D9EDF987FC3ED

C:\Windows\System32\drivers\raspptp.sys 5BA6B9AD03B81546BA64E488C4EF9D17

C:\Windows\System32\drivers\processr.sys 21AECFF3EB5748CBE12538A2500EFDE5

C:\Windows\System32\drivers\pacer.sys 596FB6C5A72F34B7566930985E543806

C:\Windows\system32\drivers\qwavedrv.sys CFBA9C976CBF6796E5DC39EF59984021

C:\Windows\System32\drivers\RadioShim.sys 6A52182919E25FB56D253D389F92CE98

C:\Windows\System32\DRIVERS\rasacd.sys 7B2AD8C55217B514C14281AB97B4E21D

C:\Windows\System32\drivers\AgileVpn.sys E15A9CE1E2E7D1C8DF97A4FC1FFE6289

C:\Windows\System32\drivers\rasl2tp.sys 381B8F2311A0375676B635EA5E7C8AB0

C:\Windows\System32\DRIVERS\raspppoe.sys 3369023EB5790A75BA7DABA14B75D922

C:\Windows\System32\drivers\rassstp.sys 1E32A8CD65C4AD0A827CFEB13034DA29

C:\Windows\System32\DRIVERS\rdbss.sys 2B648363E4C5E34B469C58596F377DD9

C:\Windows\System32\drivers\rdpbus.sys D0221C13960E274CC539D72D5A842ED0

C:\Windows\System32\drivers\rdpdr.sys 1DC2CC74B51E4DC4CD5A20C1021E4010

C:\Windows\System32\drivers\rdpvideominiport.sys 177DF954D0DEC0465A380C75F6E7F65F

C:\Windows\System32\drivers\rdyboost.sys 5D1680871054D2B0B8A971BC8AB3B837

C:\Windows\System32\Drivers\ReFSv1.sys 341E6830DA70F65730300DAB4CB0B490

C:\Windows\System32\drivers\rfcomm.sys 60BFD9EE962C87747A0EB648634281ED

C:\Windows\System32\drivers\rspndr.sys 0AC5FCDC29ED97ECDEF1276425EE2059

C:\Windows\System32\Drivers\RtsUVStor.sys BCDE27DA663D2F1BE1EA262F2BFDA8D0

C:\Windows\System32\drivers\rt640x64.sys 471929D729C7FBC284ABDE74D9CED9DF

C:\Windows\System32\drivers\Rt630x64.sys D5C3918E3EF787A41172B8E5348247F0

C:\Windows\System32\drivers\vms3cap.sys 044890BB0D6CF1E23C1087234D320509

C:\Windows\System32\drivers\sbp2port.sys 530F797129776AA7E81994783A97E2AD

C:\Windows\System32\DRIVERS\scfilter.sys 9B6B1D4DB35A3D9BEAF023BC95E1F49D

C:\Windows\System32\drivers\sdbus.sys E1137E39C3BB3EF9AF2243745D901D60

C:\Windows\System32\drivers\sdstor.sys DE6D7DC78D956928F59F7415A0F41E13

C:\Windows\System32\drivers\SerCx.sys 67585C295FF2D221679E376B68893B35

C:\Windows\System32\drivers\SerCx2.sys B8C4852CBCAAC1374C08EC7445443824

C:\Windows\System32\drivers\serenum.sys D3A103944A8FCD78FD48B2B19092790C

C:\Windows\System32\drivers\serial.sys 88D58E1DAA6C5062DD3A26273106961F

C:\Windows\System32\drivers\sermouse.sys 0F5B43074AE731D2C6F061241C9D84A6

C:\Windows\System32\drivers\sfloppy.sys D9FE59276BD56A9643C32D5FACE2F251

C:\Windows\System32\drivers\SiSRaid2.sys ABBE803FE0BDAE0E5BE74DDEFBE62F23

C:\Windows\System32\drivers\sisraid4.sys 6043DF55CFE3C7ACF477645FA64DEA98

C:\Windows\System32\drivers\spaceport.sys 1A6CB30F0EFC1632E6F1B852CA892583

C:\Windows\System32\drivers\SpbCx.sys E1C158F6C00359278727A2CEE5D2ED71

C:\Windows\System32\DRIVERS\srv.sys ACC1709EC7FE6EB8999DBC91C50C2B34

C:\Windows\System32\DRIVERS\srv2.sys AFBCFC946FAE7483E27BD316D03F94A5

C:\Windows\System32\DRIVERS\srvnet.sys 107C1EBE79710E4A759449BD6604245A

C:\Windows\System32\drivers\stexstor.sys CCDA497C880AD16D87EDFAEFCFB2EDF5

C:\Windows\System32\drivers\storahci.sys BF8EA6FC3358C2F69678E3E94F764F84

C:\Windows\System32\drivers\vmstorfl.sys 32FF460DA8C1F370F5C08B7654899B73

C:\Windows\System32\drivers\stornvme.sys CC21DB3EF619B9480FE31A4EFE92CBEB

C:\Windows\System32\drivers\storqosflt.sys 390B8A75768E2689586539C224520895

C:\Windows\System32\drivers\storufs.sys 770A92D9D3A0BF61C97C3AFCB36847D9

C:\Windows\System32\drivers\storvsc.sys 736A2418E3E7F3DB3CF6EB0A55D1D581

C:\Windows\System32\drivers\swenum.sys BD98B0225BCD49E8A62F4F8EE1D1F613

C:\Windows\System32\drivers\Synth3dVsc.sys CAE4B27B469C583131EA5AAE622F5D76

C:\Windows\System32\drivers\tcpip.sys 892F30506DCCF230C5A57019C1D8D31B

C:\Windows\System32\drivers\tcpipreg.sys 17F37EC9042D84561C550620643D9A85

C:\Windows\system32\DRIVERS\tdx.sys 91D3F2A6253EF83EFBD7903028F58C4D

C:\Windows\System32\drivers\terminpt.sys E730D0EB1B84EBC98423FC8D285EDBC0

C:\Windows\System32\drivers\tpm.sys 169B0A246067457FEF8A18EED7EED9D5

C:\Windows\System32\drivers\TsUsbFlt.sys 48E828C66AB016E48F2CB4DD585315FD

C:\Windows\System32\drivers\TsUsbGD.sys 267C76EE60736EA5A1811A53FA02AABE

C:\Windows\System32\drivers\tunnel.sys 8CE72F094B822AD5EE9C3A3AFC0C16B6

C:\Windows\System32\drivers\TXEIx64.sys E624283C1A2F9BB4688A002914CC00A7

C:\Windows\System32\drivers\uagp35.sys 42C546414F80BD6C0137FC3A106F8A69

C:\Windows\System32\drivers\uaspstor.sys 1686DBC81748B096232B15F16C302985

C:\Windows\System32\Drivers\UcmCx.sys 3995CC3DEDED258768B8EBC2F4C0DC73

C:\Windows\System32\drivers\UcmUcsi.sys 1C95F7CE37D9EFB90EBE987A9712356C

C:\Windows\System32\drivers\ucx01000.sys AED081772091C98173905E2DF28C223B

C:\Windows\System32\drivers\udecx.sys DCA34A111C29E4578DF2B8CEA3C7CDBD

C:\Windows\System32\DRIVERS\udfs.sys 718A956AE00CE086F381044AB66CC29C

C:\Windows\System32\drivers\UEFI.sys BA760F8E66428BA9FF1E8BFBC6248136

C:\Windows\System32\drivers\ufx01000.sys 5F0D997E6FC5A418D7673148CEF72887

C:\Windows\System32\drivers\UfxChipidea.sys 2B1DABA97DDF5365FC66EE7DEDD86A13

C:\Windows\System32\drivers\ufxsynopsys.sys DB630FC660443D63EBAB2C830C298EFE

C:\Windows\System32\drivers\uliagpkx.sys 6DE78C04BF32ECA7AF3064F53687C9A5

C:\Windows\System32\drivers\umbus.sys 67D1E0E6E4D5D33AF0AEF0E33B4DA0F4

C:\Windows\System32\drivers\umpass.sys 11680607944A719EF20E0E740785712A

C:\Windows\System32\drivers\urschipidea.sys 2410A0C20D21A25E6C01979FA886BE90

C:\Windows\System32\drivers\urscx01000.sys 6E59CE43B6BA5AA1ADCF36A4DBBB92BB

C:\Windows\System32\drivers\urssynopsys.sys E8A59FA109A22FC07E44BDFCC9727DBD

C:\Windows\System32\drivers\usbccgp.sys D8A44550ECE102B6443F5D54DCE7DAB3

C:\Windows\System32\drivers\usbcir.sys 66B3D22DAB5312FF238ABF5C6D9F8FAB

C:\Windows\System32\drivers\usbehci.sys 3E4F20DB902D2E2914F3FF3DB9772200

C:\Windows\System32\drivers\usbhub.sys 41F7F00D76904416EF1F9EFA1A4C37A2

C:\Windows\System32\drivers\UsbHub3.sys 12A0B486EA13DF46C27B90CC2CE92FE5

C:\Windows\System32\drivers\usbohci.sys DAB35CCA86F5FBE77D870A40089BC4A1

C:\Windows\System32\drivers\usbprint.sys 21162F65C7756AAECAEBED9E67D0A5FE

C:\Windows\System32\drivers\usbser.sys F259A45D6B555B14CC8365AA6BC8DC20

C:\Windows\System32\drivers\USBSTOR.SYS 37C2CD8587BF7F785381EB7B26916B52

C:\Windows\System32\drivers\usbuhci.sys 8B3E458A8851F9A3B2109B1680EE1159

C:\Windows\System32\Drivers\usbvideo.sys 4B13B61CBB9CC3CB373C60B930D648F5

C:\Windows\System32\drivers\USBXHCI.SYS 325727F01F03C504CF788618A13DC266

C:\Windows\System32\drivers\vdrvroot.sys E1BE37312785A71862516F66B3FD24CE

C:\Windows\System32\drivers\VerifierExt.sys E42C0F2850735FF9D908B9DB581E6314

C:\Windows\System32\drivers\vhdmp.sys EC15FD6A28757793E2DA394CD94ABD52

C:\Windows\System32\drivers\vhf.sys D0C9632C350F46786643A069251BC249

C:\Windows\System32\drivers\vmbus.sys E886CB75DA2B6EB35469EF10135624C7

C:\Windows\System32\drivers\VMBusHID.sys 46D2EC27820EC0F798F85821E53C2942

C:\Windows\System32\drivers\volmgr.sys B9265F47E7A354BAAA0AF5CBA3F8F7CE

C:\Windows\System32\drivers\volmgrx.sys BEE9C8B72AB752B794F69C2B9B3678AA

C:\Windows\System32\drivers\volsnap.sys E1F91A727A04C9F8199D04FF3BBBF63C

C:\Windows\System32\drivers\vpci.sys F7B1B1101271E31F43CC76E890704F51

C:\Windows\System32\drivers\vsmraid.sys D48ED0A08BD2FD25A833E6AC99623091

C:\Windows\System32\drivers\vstxraid.sys 6990D4AFDF545669D4E6C232F26DE1FB

C:\Windows\System32\drivers\vwifibus.sys 1EE11F0508C58EF081F4176E66D6970B

C:\Windows\System32\drivers\vwififlt.sys 938E4EF58E42D252B742B0E243011B90

C:\Windows\System32\drivers\vwifimp.sys 3BE5AAC930447FD18D4A8255A2FEC95C

C:\Windows\System32\drivers\wacompen.sys 00C27B64C758C111E5D78A70DE6CA2B6

C:\Windows\System32\DRIVERS\wanarp.sys 8CB53620B2C2F0641DD7563EA0FDF491

C:\Windows\system32\drivers\WdBoot.sys 069D3D6E20AD753B34FCE856F0436869

C:\Windows\System32\drivers\Wdf01000.sys 6CC727E94CD84E9720FDCDA8089CABCC

C:\Windows\system32\drivers\WdFilter.sys E3E97151A1D1E87BB2D5371F66C5F169

C:\Windows\System32\DRIVERS\wdiwifi.sys E70DDD8E2245CC67547B0861983912D8

C:\Windows\System32\Drivers\WdNisDrv.sys 07B043160399AF4009054E2EA3464BF4

C:\Windows\System32\drivers\wfplwfs.sys C11272713719922DE5711094333BD166

C:\Windows\System32\drivers\wimmount.sys EF536C54AB9281FDC4E83B07279FCFC4

C:\Windows\System32\drivers\WindowsTrustedRT.sys D8966A76408107224C6013993135DD78

C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys 8B102A7B6CE326FD4208CC7C2D183343

C:\Windows\System32\drivers\winmad.sys 4A53441C1C4D2878BEF27E381138BB2D

C:\Windows\System32\drivers\WinUSB.SYS 260907CE034FE327AC99BDA4153AB22F

C:\Windows\System32\drivers\winverbs.sys 40A3E8D729F458B2C9A8BD9380FF83D5

C:\Windows\System32\drivers\wmiacpi.sys 8F010BF65238F3F822D22BA12831796E

C:\Windows\System32\Drivers\Wof.sys 2A9650FCC696DB28E45EA8B33B99B8E6

C:\Windows\System32\DRIVERS\wpcfltr.sys 22C52D7EE7C7D0E02C8EFD8CAE8E3A71

C:\Windows\System32\drivers\WpdUpFltr.sys 1C08E424CBDD5065BB7266F8C048C1B1

C:\Windows\system32\drivers\ws2ifsl.sys 638B43D39A3D0B47024555CF1095E6F1

C:\Windows\System32\drivers\WudfPf.sys A928F25CB62232F413EE655352856E10

C:\Windows\System32\drivers\WudfRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD

C:\Windows\system32\DRIVERS\WUDFRd.sys A932391623D5CEC4EF4A2A17D3CEBFCD

C:\Windows\System32\drivers\xboxgip.sys 80BC02A73A3949A7AEF34791206C7D7F

C:\Windows\System32\drivers\xinputhid.sys 1F1EF8E701859581251B52035C1C1CEF

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-10 18:47 - 2016-02-10 18:53 - 02370560 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64 (1).exe

2016-02-10 08:50 - 2016-02-10 08:50 - 00001037 _____ C:\Users\Wayne\Desktop\NTREGOPT.lnk

2016-02-10 08:50 - 2016-02-10 08:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NT Registry Optimizer

2016-02-10 08:50 - 2016-02-10 08:50 - 00000000 ____D C:\Program Files (x86)\NT Registry Optimizer

2016-02-10 02:42 - 2016-02-10 02:42 - 00000000 ____D C:\Program Files (x86)\Windows Defender

2016-02-10 00:59 - 2016-02-10 00:59 - 00130048 _____ (CodePlex Community) C:\Users\Wayne\Downloads\Microsoft.Win32.TaskScheduler.dll

2016-02-10 00:50 - 2016-02-10 00:50 - 00000468 _____ C:\Users\Wayne\Downloads\url.htm10-stepremovalguide.htm

2016-02-10 00:46 - 2016-02-10 00:47 - 00612520 _____ (www.patchmypc.net) C:\Users\Wayne\Downloads\PatchMyPC.exe

2016-02-09 18:02 - 2016-02-09 22:43 - 24683584 _____ (SUPERAntiSpyware) C:\Users\Wayne\Downloads\SUPERAntiSpyware.exe

2016-02-09 17:31 - 2016-02-09 17:31 - 04777232 _____ (Tweaking.com) C:\Users\Wayne\Downloads\Unconfirmed 902316.crdownload

2016-02-09 17:06 - 2016-02-09 17:10 - 00003290 _____ C:\Users\Wayne\Desktop\Rkill.txt

2016-02-09 12:58 - 2016-02-09 13:21 - 00000244 _____ C:\Users\Wayne\Downloads\Search.txt

2016-02-09 12:49 - 2016-02-09 12:49 - 00156246 _____ C:\Users\Wayne\Downloads\FRST.txtFSRT3.txt

2016-02-09 12:48 - 2016-02-09 12:48 - 00037683 _____ C:\Users\Wayne\Downloads\Addition.txtFRST2.txt

2016-02-09 12:45 - 2016-02-09 12:45 - 00039100 _____ C:\Users\Wayne\Downloads\Shortcut.txtFRST.txt

2016-02-09 12:43 - 2016-02-09 12:43 - 00039100 _____ C:\Users\Wayne\Downloads\Shortcut.txt

2016-02-09 12:37 - 2016-02-09 12:37 - 00002192 _____ C:\Users\Wayne\Desktop\Tweaking.com - Windows Repair.lnk

2016-02-09 12:28 - 2016-02-09 12:28 - 00003228 _____ C:\WINDOWS\System32\Tasks\PandaUSBVaccine

2016-02-09 12:28 - 2016-02-09 12:28 - 00000000 ____D C:\ProgramData\Panda Security

2016-02-09 12:27 - 2016-02-09 12:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security

2016-02-09 12:27 - 2016-02-09 12:27 - 00000000 ____D C:\Program Files (x86)\Panda USB Vaccine

2016-02-09 12:26 - 2016-02-09 12:26 - 00003762 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon

2016-02-09 12:26 - 2016-02-09 12:26 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com

2016-02-09 12:23 - 2016-02-09 12:23 - 00000000 ____D C:\Program Files (x86)\Tweaking.com

2016-02-09 12:21 - 2016-02-09 22:43 - 00184632 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt

2016-02-09 12:20 - 2016-02-09 12:24 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\WinPatrol

2016-02-09 12:19 - 2016-02-09 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol

2016-02-09 12:19 - 2016-02-09 12:19 - 00000000 ____D C:\ProgramData\InstallMate

2016-02-09 12:19 - 2016-02-09 12:19 - 00000000 ____D C:\Program Files (x86)\Ruiware

2016-02-09 12:16 - 2016-02-09 12:17 - 01187840 _____ (Ruiware) C:\Users\Wayne\Downloads\wpsetup.exe

2016-02-09 12:13 - 2016-02-09 12:16 - 00865272 _____ (Panda Security ) C:\Users\Wayne\Downloads\usbvaccine.exe

2016-02-09 12:11 - 2016-02-09 12:21 - 21771608 _____ (Tweaking.com) C:\Users\Wayne\Downloads\tweaking.com_windows_repair_aio_setup.exe

2016-02-09 10:43 - 2016-02-09 17:06 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\Wayne\Downloads\rkill.exe

2016-02-09 10:13 - 2016-02-09 12:47 - 00037683 _____ C:\Users\Wayne\Downloads\Addition.txt

2016-02-09 10:09 - 2016-02-10 18:57 - 00049147 _____ C:\Users\Wayne\Downloads\FRST.txt

2016-02-09 10:07 - 2016-02-10 18:55 - 00000000 ____D C:\FRST

2016-02-09 10:05 - 2016-02-09 10:07 - 02370560 _____ (Farbar) C:\Users\Wayne\Downloads\FRST64.exe

2016-02-09 09:37 - 2016-02-09 09:37 - 00000000 ____D C:\Users\Wayne\abBox

2016-02-09 09:36 - 2016-02-09 09:36 - 00000000 ____D C:\Users\Wayne\AppData\Local\acer

2016-02-08 19:18 - 2016-02-08 23:33 - 00000226 _____ C:\Users\Wayne\Downloads\FSS.txt

2016-02-08 18:44 - 2016-02-08 19:15 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Wayne\Downloads\mbar-1.09.3.1001 (4).exe

2016-02-08 15:57 - 2016-02-08 15:57 - 00006514 _____ C:\Users\Wayne\Documents\free_av_11.1.2253_2016-2-8_15-57-35.avastconfig

2016-02-08 15:01 - 2016-02-08 14:55 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe

2016-02-08 14:58 - 2016-02-08 14:58 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\AVAST Software

2016-02-08 14:57 - 2016-02-08 14:57 - 00001983 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk

2016-02-08 14:57 - 2016-02-08 14:57 - 00001971 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk

2016-02-08 14:56 - 2016-02-10 12:45 - 00287016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys

2016-02-08 14:56 - 2016-02-08 15:01 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update

2016-02-08 14:56 - 2016-02-08 14:55 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys

2016-02-08 14:56 - 2016-02-08 14:55 - 00165344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys

2016-02-08 14:56 - 2016-02-08 14:55 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys

2016-02-08 14:56 - 2016-02-08 14:55 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys

2016-02-08 14:56 - 2016-02-08 14:55 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys

2016-02-08 14:56 - 2016-02-08 14:55 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys

2016-02-08 14:56 - 2016-02-08 14:54 - 01065720 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys

2016-02-08 14:55 - 2016-02-08 14:55 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr

2016-02-08 14:50 - 2016-02-08 14:50 - 00000000 ____D C:\Program Files\AVAST Software

2016-02-08 14:39 - 2016-02-08 14:41 - 01508352 _____ C:\Users\Wayne\Downloads\adwcleaner_5.033.exe

2016-02-08 14:37 - 2016-02-08 14:37 - 00000000 ____D C:\ProgramData\AVAST Software

2016-02-08 14:36 - 2016-02-08 14:37 - 05207096 _____ (AVAST Software) C:\Users\Wayne\Downloads\avast_free_antivirus_setup_online.exe

2016-02-08 02:22 - 2016-02-08 02:22 - 00001515 _____ C:\malwarebytes app error logs.txt2.txt3.txt

2016-02-08 02:20 - 2016-02-08 02:20 - 00001515 _____ C:\malwarebytes app error logs.txt2.txt

2016-02-08 02:19 - 2016-02-08 02:19 - 00001515 _____ C:\malwarebytes app error logs.txt

2016-02-08 02:13 - 2016-02-08 22:11 - 00899584 _____ (Farbar) C:\Users\Wayne\Downloads\FSS (1).exe

2016-02-08 02:09 - 2016-02-08 19:17 - 00899584 _____ (Farbar) C:\Users\Wayne\Downloads\FSS.exe

2016-02-08 02:08 - 2016-02-08 02:34 - 01508352 _____ C:\Users\Wayne\Downloads\AdwCleaner.exe

2016-02-08 00:07 - 2016-02-08 00:07 - 00000000 ____D C:\WINDOWS\System32\Tasks\Event Viewer Tasks

2016-02-07 23:35 - 2016-02-07 23:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip

2016-02-07 23:35 - 2016-02-07 23:35 - 00000000 ____D C:\Program Files\7-Zip

2016-02-07 16:15 - 2016-02-07 22:52 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\WildTangent

2016-02-07 16:13 - 2016-02-07 16:13 - 00000000 ____D C:\Users\Wayne\Intel

2016-02-07 03:27 - 2016-02-07 03:27 - 00003372 _____ C:\WINDOWS\System32\Tasks\SweetLabs App Platform

2016-02-07 02:30 - 2016-02-07 02:35 - 00000499 _____ C:\Users\Wayne\Downloads\Appsdiagnostic10.diagcab

2016-02-07 02:30 - 2016-02-07 02:30 - 00000499 _____ C:\Users\Wayne\Downloads\Appsdiagnostic10 (1).diagcab

2016-02-06 19:07 - 2016-02-06 19:08 - 07186992 _____ (Microsoft Corporation) C:\Users\Wayne\Downloads\vcredist_x64.exe

2016-02-06 19:04 - 2016-02-06 19:04 - 00000000 ____D C:\$SysReset

2016-02-06 18:34 - 2016-02-06 18:36 - 04728048 _____ () C:\Users\Wayne\Downloads\adblockplusie-1.0 (1).exe

2016-02-06 18:33 - 2016-02-06 18:34 - 04728048 _____ () C:\Users\Wayne\Downloads\adblockplusie-1.0.exe

2016-02-06 02:20 - 2016-02-06 02:20 - 00000000 ____D C:\WINDOWS\LastGood

2016-02-06 02:14 - 2016-02-06 02:14 - 00000000 ____D C:\ProgramData\Avg_Update_0116avz

2016-02-04 13:00 - 2016-02-04 13:00 - 00003388 _____ C:\WINDOWS\System32\Tasks\AcerCloud

2016-02-04 13:00 - 2016-02-04 13:00 - 00002087 _____ C:\Users\Public\Desktop\Acer Portal.lnk

2016-02-04 12:35 - 2016-02-08 00:53 - 00000485 _____ C:\Users\Wayne\Desktop\Administrative Tools - Shortcut.lnk

2016-02-04 12:34 - 2016-02-04 12:34 - 00000385 _____ C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools.lnk

2016-02-04 11:39 - 2016-02-04 11:45 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job

2016-02-03 18:34 - 2016-02-03 18:34 - 00000000 ____D C:\ProgramData\Comodo

2016-02-03 18:10 - 2016-02-03 18:10 - 00000000 ____D C:\New folder

2016-02-03 15:20 - 2016-02-04 12:49 - 00000000 ____D C:\WINDOWS\pss

2016-02-03 14:37 - 2016-02-03 14:37 - 00000927 _____ C:\Users\Wayne\Desktop\WINDOWS - Shortcut.lnk

2016-02-03 12:29 - 2016-02-03 12:29 - 00000000 ____D C:\Users\Wayne\Documents\My Videos

2016-02-03 10:16 - 2016-02-08 02:32 - 00000000 ____D C:\Users\Wayne\Downloads\mbam-chameleon-3.1.28.0

2016-02-03 08:25 - 2016-02-07 03:20 - 00007605 _____ C:\Users\Wayne\AppData\Local\resmon.resmoncfg

2016-02-03 08:17 - 2016-02-03 08:17 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\bttb

2016-02-03 05:07 - 2016-02-08 18:47 - 00000000 ____D C:\AdwCleaner

2016-02-03 04:38 - 2016-02-03 04:38 - 00000000 ____D C:\Users\Wayne\AppData\Local\Cyberlink

2016-02-03 02:41 - 2016-02-03 02:41 - 00000000 ____D C:\WINDOWS\LastGood.Tmp

2016-02-02 04:35 - 2016-02-03 15:10 - 00000000 ____D C:\Users\Wayne\AppData\LocalLow\bttb

2016-02-02 04:35 - 2016-02-03 05:09 - 00000000 ____D C:\Program Files (x86)\bttb

2016-02-02 04:35 - 2016-02-02 04:35 - 00001519 _____ C:\Users\Public\Desktop\BT Desktop Help.lnk

2016-02-02 04:34 - 2016-02-02 04:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Desktop Help

2016-02-02 04:29 - 2016-02-07 19:45 - 01609032 _____ (Malwarebytes) C:\Users\Wayne\Downloads\JRT.exe

2016-02-02 04:20 - 2016-02-02 04:20 - 00000000 ____D C:\Program Files\BT Broadband Desktop Help

2016-02-02 04:11 - 2016-02-02 04:11 - 00000000 ____D C:\ProgramData\Motive

2016-02-02 04:09 - 2016-02-02 04:24 - 00000000 ____D C:\Program Files\Common Files\Motive

2016-02-02 04:08 - 2016-02-02 04:08 - 00000000 ____D C:\Program Files (x86)\BT Broadband Desktop Help

2016-02-02 03:56 - 2016-02-02 03:56 - 00316944 _____ (Motive, Inc.) C:\Users\Wayne\Downloads\BTBBDesktopHelpInstall.exe

2016-02-02 03:30 - 2016-02-03 18:32 - 09781212 _____ C:\Users\Wayne\Downloads\autoruns.zip

2016-02-02 03:29 - 2016-02-09 17:15 - 07326784 _____ (Datpol ) C:\Users\Wayne\Downloads\setupfree.exe

2016-02-02 03:29 - 2016-02-03 15:14 - 05656479 _____ (Swearware) C:\Users\Wayne\Downloads\ComboFix.exe

2016-02-02 02:43 - 2016-02-09 21:40 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)

2016-02-02 02:35 - 2016-02-09 17:06 - 00000000 ____D C:\Users\Wayne\Desktop\mbar

2016-02-02 02:32 - 2016-02-02 02:35 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Wayne\Downloads\mbar-1.09.3.1001 (2).exe

2016-02-02 02:32 - 2016-02-02 02:35 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Wayne\Downloads\mbar-1.09.3.1001 (1).exe

2016-02-02 02:32 - 2016-02-02 02:35 - 01609032 _____ (Malwarebytes) C:\Users\Wayne\Downloads\JRT (1).exe

2016-02-02 02:12 - 2016-02-02 02:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee

2016-02-01 23:37 - 2016-02-02 03:54 - 00361888 _____ (Motive, Inc.) C:\Users\Wayne\Downloads\FlDesktopHelpInstall.exe

2016-02-01 22:09 - 2016-02-02 01:54 - 00065232 _____ (Malwarebytes) C:\Users\Wayne\Downloads\regassassin-setup-1.03.exe

2016-02-01 22:09 - 2016-02-01 22:09 - 06392130 _____ C:\Users\Wayne\Downloads\mbam-chameleon-3.1.28.0.zip

2016-02-01 22:08 - 2016-02-07 23:33 - 00204496 _____ (Malwarebytes) C:\Users\Wayne\Downloads\startuplite-setup-1.07.exe

2016-02-01 22:08 - 2016-02-03 18:15 - 00167034 _____ C:\Users\Wayne\Downloads\fileassassin-setup-1.06.exe

2016-02-01 22:08 - 2016-02-03 09:22 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Wayne\Downloads\mbar-1.09.3.1001.exe

2016-01-28 19:13 - 2015-09-10 06:01 - 02546392 _____ (ELAN Microelectronics Corp.) C:\WINDOWS\ETDUninst.dll

2016-01-28 18:33 - 2016-01-28 18:33 - 00000000 ____D C:\Users\Wayne\AppData\LocalLow\Temp

2016-01-28 04:44 - 2016-01-28 04:45 - 21982024 _____ (Ashampoo GmbH & Co. KG ) C:\Users\Wayne\Downloads\ashampoo_uninstaller_5_5.0.4_16311.exe

2016-01-28 04:39 - 2016-01-28 04:39 - 00000000 ____D C:\ProgramData\Avg_Update_0615piz

2016-01-28 04:28 - 2016-01-28 04:28 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\AVG

2016-01-28 04:23 - 2016-01-28 04:23 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\TuneUp Software

2016-01-28 04:23 - 2016-01-28 04:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG

2016-01-28 04:17 - 2016-01-28 04:17 - 00000000 ___HD C:\$AVG

2016-01-28 04:07 - 2016-02-10 18:25 - 00000000 ____D C:\ProgramData\MFAData

2016-01-28 04:07 - 2016-01-28 04:07 - 00000000 ____D C:\Users\Wayne\AppData\Local\MFAData

2016-01-28 04:06 - 2016-01-28 04:06 - 00000882 _____ C:\Users\Public\Desktop\AVG.lnk

2016-01-28 04:06 - 2016-01-28 04:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen

2016-01-28 03:57 - 2016-02-01 20:14 - 00000000 ____D C:\ProgramData\SecTaskMan

2016-01-28 03:57 - 2016-01-28 04:17 - 00000000 ____D C:\ProgramData\Avg

2016-01-28 03:57 - 2016-01-28 04:12 - 00000000 ____D C:\Program Files (x86)\AVG

2016-01-28 03:47 - 2016-02-07 16:14 - 00000000 ____D C:\WINDOWS\System32\Tasks\NCH Software

2016-01-28 03:47 - 2016-01-28 03:47 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\NCH Software

2016-01-28 03:47 - 2016-01-28 03:47 - 00000000 ____D C:\ProgramData\Canneverbe Limited

2016-01-28 03:44 - 2016-01-28 04:27 - 00000000 ____D C:\Users\Wayne\AppData\Local\Avg

2016-01-28 03:44 - 2016-01-28 04:05 - 00000000 ____D C:\Users\Wayne\AppData\Local\AvgSetupLog

2016-01-28 03:44 - 2016-01-28 03:44 - 00001216 _____ C:\Users\Public\Desktop\CDBurnerXP.lnk

2016-01-28 03:44 - 2016-01-28 03:44 - 00001174 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk

2016-01-28 03:44 - 2016-01-28 03:44 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Canneverbe Limited

2016-01-28 03:44 - 2016-01-28 03:44 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP

2016-01-28 03:43 - 2016-01-28 03:43 - 00000000 ____D C:\ProgramData\NCH Software

2016-01-28 03:41 - 2016-01-28 03:41 - 00001179 _____ C:\Users\Public\Desktop\Picasa 3.lnk

2016-01-28 03:41 - 2016-01-28 03:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3

2016-01-28 03:31 - 2016-01-28 03:31 - 00001227 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk

2016-01-28 03:31 - 2016-01-28 03:31 - 00001216 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk

2016-01-28 03:31 - 2016-01-28 03:31 - 00001204 _____ C:\Users\Public\Desktop\Security Task Manager.lnk

2016-01-28 03:31 - 2016-01-28 03:31 - 00000000 ____D C:\Program Files (x86)\Security Task Manager

2016-01-28 02:42 - 2016-02-07 23:35 - 52988120 _____ (Microsoft Corporation) C:\Users\Wayne\Downloads\Windows-KB890830-x64-V5.32.exe

2016-01-28 02:42 - 2016-01-28 02:51 - 02551952 _____ (Microsoft Corporation) C:\Users\Wayne\Downloads\DefaultPack.EXE

2016-01-28 02:29 - 2016-01-28 02:30 - 02836520 _____ C:\Users\Wayne\Downloads\SecurityTaskManager_Setup.exe

2016-01-28 02:10 - 2016-01-28 02:07 - 00895256 _____ (Realtek ) C:\WINDOWS\system32\Drivers\rt640x64.sys

2016-01-28 02:10 - 2016-01-28 02:07 - 00091272 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll

2016-01-28 02:08 - 2016-01-28 02:08 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Acer Incorporated

2016-01-28 02:07 - 2016-01-28 21:48 - 00000000 ____D C:\WINDOWS\System32\Tasks\CareCenter

2016-01-28 01:39 - 2016-01-28 01:39 - 01851493 _____ C:\Users\Wayne\Downloads\3124262.csv

2016-01-27 21:25 - 2016-02-09 16:53 - 00000000 ____D C:\Users\Public\OEM

2016-01-27 21:18 - 2016-01-27 21:18 - 00000920 _____ C:\Users\Public\Desktop\VLC media player.lnk

2016-01-27 21:18 - 2016-01-27 21:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN

2016-01-27 21:17 - 2016-01-27 21:17 - 00000000 ____D C:\Program Files\VideoLAN

2016-01-27 21:16 - 2016-01-27 21:17 - 29833438 _____ C:\Users\Wayne\Downloads\vlc-2.2.1-win64.exe

2016-01-27 21:14 - 2016-02-04 02:35 - 00002276 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk

2016-01-27 21:14 - 2016-02-04 02:35 - 00002264 _____ C:\Users\Public\Desktop\Google Chrome.lnk

2016-01-27 21:13 - 2016-01-28 03:41 - 13677800 _____ (Google) C:\Users\Wayne\Downloads\picasa39-setup.exe

2016-01-27 21:12 - 2016-02-10 18:33 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2016-01-27 21:12 - 2016-02-10 18:28 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2016-01-27 21:12 - 2016-02-07 23:34 - 01371668 _____ (Igor Pavlov) C:\Users\Wayne\Downloads\7z1514-x64.exe

2016-01-27 21:12 - 2016-02-02 01:28 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA

2016-01-27 21:12 - 2016-02-02 01:28 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore

2016-01-27 21:12 - 2016-01-28 03:42 - 00000000 ____D C:\Users\Wayne\AppData\Local\Google

2016-01-27 21:12 - 2016-01-28 03:41 - 00000000 ____D C:\Program Files (x86)\Google

2016-01-27 21:11 - 2016-01-27 21:12 - 00927824 _____ (Google Inc.) C:\Users\Wayne\Downloads\ChromeSetup.exe

2016-01-27 19:22 - 2016-01-16 06:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll

2016-01-27 19:22 - 2016-01-16 06:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll

2016-01-27 19:22 - 2016-01-16 06:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll

2016-01-27 19:22 - 2016-01-16 06:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll

2016-01-27 19:22 - 2016-01-16 06:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2016-01-27 19:22 - 2016-01-16 06:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll

2016-01-27 19:22 - 2016-01-16 06:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll

2016-01-27 19:22 - 2016-01-16 06:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe

2016-01-27 19:22 - 2016-01-16 06:21 - 22572624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2016-01-27 19:22 - 2016-01-16 06:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe

2016-01-27 19:22 - 2016-01-16 06:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll

2016-01-27 19:22 - 2016-01-16 06:20 - 06600904 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2016-01-27 19:22 - 2016-01-16 06:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll

2016-01-27 19:22 - 2016-01-16 06:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll

2016-01-27 19:22 - 2016-01-16 06:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2016-01-27 19:22 - 2016-01-16 06:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2016-01-27 19:22 - 2016-01-16 06:17 - 21125400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2016-01-27 19:22 - 2016-01-16 06:16 - 05238360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2016-01-27 19:22 - 2016-01-16 06:13 - 01998168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2016-01-27 19:22 - 2016-01-16 06:13 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2016-01-27 19:22 - 2016-01-16 06:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll

2016-01-27 19:22 - 2016-01-16 06:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys

2016-01-27 19:22 - 2016-01-16 06:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll

2016-01-27 19:22 - 2016-01-16 06:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe

2016-01-27 19:22 - 2016-01-16 05:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2016-01-27 19:22 - 2016-01-16 05:44 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2016-01-27 19:22 - 2016-01-16 05:40 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll

2016-01-27 19:22 - 2016-01-16 05:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll

2016-01-27 19:22 - 2016-01-16 05:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll

2016-01-27 19:22 - 2016-01-16 05:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll

2016-01-27 19:22 - 2016-01-16 05:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll

2016-01-27 19:22 - 2016-01-16 05:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll

2016-01-27 19:22 - 2016-01-16 05:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2016-01-27 19:22 - 2016-01-16 05:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe

2016-01-27 19:22 - 2016-01-16 05:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll

2016-01-27 19:22 - 2016-01-16 05:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2016-01-27 19:22 - 2016-01-16 05:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll

2016-01-27 19:22 - 2016-01-16 05:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll

2016-01-27 19:22 - 2016-01-16 05:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll

2016-01-27 19:22 - 2016-01-16 05:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll

2016-01-27 19:22 - 2016-01-16 05:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll

2016-01-27 19:22 - 2016-01-16 05:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll

2016-01-27 19:22 - 2016-01-16 05:32 - 24602624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2016-01-27 19:22 - 2016-01-16 05:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll

2016-01-27 19:22 - 2016-01-16 05:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll

2016-01-27 19:22 - 2016-01-16 05:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll

2016-01-27 19:22 - 2016-01-16 05:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll

2016-01-27 19:22 - 2016-01-16 05:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll

2016-01-27 19:22 - 2016-01-16 05:30 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2016-01-27 19:22 - 2016-01-16 05:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl

2016-01-27 19:22 - 2016-01-16 05:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2016-01-27 19:22 - 2016-01-16 05:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll

2016-01-27 19:22 - 2016-01-16 05:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll

2016-01-27 19:22 - 2016-01-16 05:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe

2016-01-27 19:22 - 2016-01-16 05:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll

2016-01-27 19:22 - 2016-01-16 05:28 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll

2016-01-27 19:22 - 2016-01-16 05:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll

2016-01-27 19:22 - 2016-01-16 05:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll

2016-01-27 19:22 - 2016-01-16 05:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll

2016-01-27 19:22 - 2016-01-16 05:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll

2016-01-27 19:22 - 2016-01-16 05:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll

2016-01-27 19:22 - 2016-01-16 05:26 - 19338752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2016-01-27 19:22 - 2016-01-16 05:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll

2016-01-27 19:22 - 2016-01-16 05:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll

2016-01-27 19:22 - 2016-01-16 05:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll

2016-01-27 19:22 - 2016-01-16 05:24 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2016-01-27 19:22 - 2016-01-16 05:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll

2016-01-27 19:22 - 2016-01-16 05:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll

2016-01-27 19:22 - 2016-01-16 05:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll

2016-01-27 19:22 - 2016-01-16 05:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll

2016-01-27 19:22 - 2016-01-16 05:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl

2016-01-27 19:22 - 2016-01-16 05:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll

2016-01-27 19:22 - 2016-01-16 05:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll

2016-01-27 19:22 - 2016-01-16 05:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll

2016-01-27 19:22 - 2016-01-16 05:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2016-01-27 19:22 - 2016-01-16 05:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll

2016-01-27 19:22 - 2016-01-16 05:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll

2016-01-27 19:22 - 2016-01-16 05:19 - 12126208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2016-01-27 19:22 - 2016-01-16 05:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll

2016-01-27 19:22 - 2016-01-16 05:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll

2016-01-27 19:22 - 2016-01-16 05:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll

2016-01-27 19:22 - 2016-01-16 05:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll

2016-01-27 19:22 - 2016-01-16 05:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll

2016-01-27 19:22 - 2016-01-16 05:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll

2016-01-27 19:22 - 2016-01-16 05:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll

2016-01-27 19:22 - 2016-01-16 05:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll

2016-01-27 19:22 - 2016-01-16 05:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll

2016-01-27 19:22 - 2016-01-16 05:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll

2016-01-27 19:22 - 2016-01-16 05:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll

2016-01-27 19:21 - 2016-01-16 06:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll

2016-01-27 19:21 - 2016-01-16 06:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll

2016-01-27 19:21 - 2016-01-16 06:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll

2016-01-27 19:21 - 2016-01-16 06:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll

2016-01-27 19:21 - 2016-01-16 05:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys

2016-01-27 19:21 - 2016-01-16 05:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe

2016-01-27 19:21 - 2016-01-16 05:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll

2016-01-27 19:21 - 2016-01-16 05:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll

2016-01-27 19:21 - 2016-01-16 05:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll

2016-01-27 19:21 - 2016-01-16 05:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll

2016-01-27 19:21 - 2016-01-16 05:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll

2016-01-27 19:21 - 2016-01-16 05:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe

2016-01-27 19:21 - 2016-01-16 05:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll

2016-01-27 19:21 - 2016-01-16 05:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe

2016-01-27 19:21 - 2016-01-16 05:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe

2016-01-27 19:21 - 2016-01-16 05:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll

2016-01-27 19:21 - 2016-01-16 05:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll

2016-01-27 19:21 - 2016-01-16 05:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll

2016-01-27 19:21 - 2016-01-16 05:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll

2016-01-27 19:21 - 2016-01-16 05:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll

2016-01-27 19:21 - 2016-01-16 05:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll

2016-01-27 19:21 - 2016-01-16 05:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll

2016-01-27 19:21 - 2016-01-16 05:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll

2016-01-27 19:21 - 2016-01-16 05:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll

2016-01-27 19:21 - 2016-01-16 05:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll

2016-01-27 19:21 - 2016-01-16 05:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe

2016-01-27 19:21 - 2016-01-16 05:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe

2016-01-27 19:21 - 2016-01-16 05:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll

2016-01-27 19:21 - 2016-01-16 05:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll

2016-01-27 19:21 - 2016-01-16 05:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll

2016-01-27 19:21 - 2016-01-16 05:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll

2016-01-27 19:21 - 2016-01-16 05:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll

2016-01-27 19:21 - 2016-01-16 05:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll

2016-01-27 19:21 - 2016-01-16 05:18 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2016-01-27 19:21 - 2016-01-16 05:09 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll

2016-01-27 17:08 - 2016-01-27 17:08 - 00000000 ____D C:\WINDOWS\system32\SleepStudy

2016-01-27 02:53 - 2016-01-27 02:53 - 00003404 _____ C:\WINDOWS\System32\Tasks\abDocsDllLoader

2016-01-27 02:53 - 2016-01-27 02:53 - 00002026 _____ C:\Users\Public\Desktop\abDocs.lnk

2016-01-26 22:18 - 2016-02-08 22:22 - 00285248 _____ (NCH Software) C:\Users\Wayne\Downloads\orionsetup.exe

2016-01-26 20:28 - 2016-01-26 20:41 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Apple Computer

2016-01-26 20:28 - 2016-01-26 20:28 - 00000000 ____D C:\Users\Wayne\AppData\Local\Apple Computer

2016-01-26 20:27 - 2016-01-26 20:27 - 00001826 _____ C:\Users\Public\Desktop\iTunes.lnk

2016-01-26 20:27 - 2016-01-26 20:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2016-01-26 20:27 - 2016-01-26 20:27 - 00000000 ____D C:\ProgramData\Apple Computer

2016-01-26 20:27 - 2016-01-26 20:27 - 00000000 ____D C:\Program Files\iTunes

2016-01-26 20:27 - 2016-01-26 20:27 - 00000000 ____D C:\Program Files\iPod

2016-01-26 20:27 - 2016-01-26 20:27 - 00000000 ____D C:\Program Files (x86)\iTunes

2016-01-26 20:26 - 2016-01-26 20:26 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2016-01-26 20:26 - 2016-01-26 20:26 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple

2016-01-26 20:26 - 2016-01-26 20:26 - 00000000 ____D C:\Users\Wayne\AppData\Local\Apple

2016-01-26 20:26 - 2016-01-26 20:26 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

2016-01-26 20:25 - 2016-01-28 03:16 - 00000000 ____D C:\Program Files\Common Files\Apple

2016-01-26 20:25 - 2016-01-26 20:25 - 00000000 ____D C:\Program Files\Bonjour

2016-01-26 20:25 - 2016-01-26 20:25 - 00000000 ____D C:\Program Files (x86)\Bonjour

2016-01-26 20:24 - 2016-01-26 20:26 - 00000000 ____D C:\ProgramData\Apple

2016-01-26 20:16 - 2016-01-26 20:23 - 167583000 _____ (Apple Inc.) C:\Users\Wayne\Downloads\iTunes6464Setup.exe

2016-01-26 19:05 - 2016-01-26 19:05 - 00002058 _____ C:\Users\Public\Desktop\abMedia.lnk

2016-01-26 18:45 - 2016-01-26 18:45 - 00000000 ____D C:\Users\Wayne\AppData\Local\NetworkTiles

2016-01-26 10:22 - 2016-01-26 10:22 - 00003418 _____ C:\WINDOWS\System32\Tasks\BacKGroundAgent

2016-01-26 09:30 - 2016-02-07 23:35 - 143671360 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2016-01-26 09:30 - 2016-01-26 10:05 - 00000000 ____D C:\WINDOWS\system32\MRT

2016-01-26 09:03 - 2016-01-26 09:03 - 00000000 ____D C:\ProgramData\USOShared

2016-01-26 07:01 - 2016-01-26 07:08 - 00000000 ____D C:\Users\Wayne\AppData\Local\MicrosoftEdge

2016-01-26 06:55 - 2016-01-26 06:55 - 00002398 _____ C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2016-01-26 06:53 - 2016-01-26 06:53 - 00000000 ____D C:\Users\Wayne\AppData\Local\Publishers

2016-01-26 06:52 - 2016-01-26 06:52 - 00000000 ____D C:\ProgramData\Microsoft OneDrive

2016-01-26 06:46 - 2016-01-26 06:46 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_ETD_01011.Wdf

2016-01-26 06:40 - 2016-01-26 06:40 - 00000000 ____D C:\Users\Wayne\AppData\Local\Acer Aspire R7 Tutorial

2016-01-26 06:32 - 2016-01-26 06:32 - 00000000 ____D C:\Users\Wayne\AppData\Local\ActiveSync

2016-01-26 06:31 - 2016-01-26 19:12 - 00000000 ____D C:\Users\Wayne\AppData\Local\Comms

2016-01-26 06:30 - 2016-01-26 09:12 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat

2016-01-26 06:30 - 2016-01-26 06:30 - 00000020 ___SH C:\Users\Wayne\ntuser.ini

2016-01-26 06:30 - 2016-01-26 06:30 - 00000000 ____D C:\Users\Wayne\AppData\Local\TileDataLayer

2016-01-26 05:48 - 2016-02-10 18:31 - 00880970 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2016-01-26 05:46 - 2016-01-26 05:46 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat

2016-01-26 05:45 - 2016-02-10 18:25 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2016-01-26 05:38 - 2016-01-26 05:38 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2016-01-26 05:38 - 2016-01-26 05:38 - 00000000 ____D C:\Users\Default\AppData\Local\Pokki

2016-01-26 05:38 - 2016-01-26 05:38 - 00000000 ____D C:\Users\Default User\AppData\Local\Pokki

2016-01-26 05:33 - 2016-01-26 05:33 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate

2016-01-26 05:32 - 2016-02-09 09:37 - 00000000 ____D C:\Users\Wayne

2016-01-26 05:28 - 2016-01-26 05:28 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf

2016-01-26 05:28 - 2016-01-26 05:28 - 00000000 ____H C:\ProgramData\DP45977C.lfl

2016-01-26 05:28 - 2016-01-26 05:28 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM

2016-01-26 05:28 - 2016-01-26 05:28 - 00000000 ____D C:\Program Files\Realtek

2016-01-26 05:28 - 2016-01-26 05:28 - 00000000 ____D C:\Program Files\Common Files\Atheros

2016-01-26 05:28 - 2015-10-07 11:29 - 00072696 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL

2016-01-26 05:28 - 2015-10-07 11:29 - 00069112 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL

2016-01-26 05:27 - 2016-01-26 05:33 - 00000000 ____D C:\Program Files\Intel

2016-01-26 05:27 - 2015-10-30 07:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

2016-01-26 05:24 - 2016-02-04 10:02 - 00283688 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2016-01-26 05:23 - 2016-01-26 06:29 - 00000000 ___DC C:\WINDOWS\Panther

2016-01-26 05:20 - 2016-01-26 05:20 - 00000000 ____D C:\Windows.old

2016-01-26 05:18 - 2016-01-26 05:18 - 07826432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 07477600 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 03667456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb

2016-01-26 05:18 - 2016-01-26 05:18 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb

2016-01-26 05:18 - 2016-01-26 05:18 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys

2016-01-26 05:18 - 2016-01-26 05:18 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2016-01-26 05:18 - 2016-01-26 05:18 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2016-01-26 05:18 - 2016-01-26 05:18 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL

2016-01-26 05:18 - 2016-01-26 05:18 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL

2016-01-26 05:18 - 2016-01-26 05:18 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL

2016-01-26 05:18 - 2016-01-26 05:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys

2016-01-26 05:18 - 2016-01-26 05:18 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL

2016-01-26 05:18 - 2016-01-26 05:18 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL

2016-01-26 05:18 - 2016-01-26 05:18 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL

2016-01-26 05:18 - 2016-01-26 05:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL

2016-01-26 05:18 - 2016-01-26 05:18 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL

2016-01-26 05:18 - 2016-01-26 05:18 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys

2016-01-26 05:18 - 2016-01-26 05:18 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys

2016-01-26 05:18 - 2016-01-26 05:18 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv

2016-01-26 05:18 - 2016-01-26 05:18 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv

2016-01-26 05:18 - 2016-01-26 05:18 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax

2016-01-26 05:18 - 2016-01-26 05:18 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys

2016-01-26 05:18 - 2016-01-26 05:18 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax

2016-01-26 05:18 - 2016-01-26 05:18 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys

2016-01-26 05:18 - 2016-01-26 05:18 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx

2016-01-26 05:18 - 2016-01-26 05:18 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys

2016-01-26 05:18 - 2016-01-26 05:18 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx

2016-01-26 05:18 - 2016-01-26 05:18 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL

2016-01-26 05:18 - 2016-01-26 05:18 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys

2016-01-26 05:18 - 2016-01-26 05:18 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys

2016-01-26 05:18 - 2016-01-26 05:18 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys

2016-01-26 05:18 - 2016-01-26 05:18 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL

2016-01-26 05:18 - 2016-01-26 05:18 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys

2016-01-26 05:18 - 2016-01-26 05:18 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys

2016-01-26 05:18 - 2016-01-26 05:18 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe

2016-01-26 05:18 - 2016-01-26 05:18 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll

2016-01-26 05:18 - 2016-01-26 05:18 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll

2016-01-26 05:13 - 2016-01-26 05:13 - 00008192 _____ C:\WINDOWS\system32\config\userdiff

2016-01-26 05:11 - 2016-01-26 05:11 - 00000000 ____D C:\Program Files\Reference Assemblies

2016-01-26 05:11 - 2016-01-26 05:11 - 00000000 ____D C:\Program Files\MSBuild

2016-01-26 05:11 - 2016-01-26 05:11 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies

2016-01-26 05:11 - 2016-01-26 05:11 - 00000000 ____D C:\Program Files (x86)\MSBuild

2016-01-26 05:10 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll

2016-01-26 05:10 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2016-01-26 05:10 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe

2016-01-26 05:10 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll

2016-01-26 05:10 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe

2016-01-26 05:10 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll

2016-01-26 04:50 - 2016-01-26 05:50 - 00009528 _____ C:\WINDOWS\diagwrn.xml

2016-01-26 04:50 - 2016-01-26 05:50 - 00009528 _____ C:\WINDOWS\diagerr.xml

2016-01-26 02:58 - 2016-01-26 05:45 - 00002070 _____ C:\WINDOWS\System32\Tasks\Launch Manager

2016-01-26 02:47 - 2016-02-07 23:23 - 00000000 ____D C:\Users\Wayne\AppData\Local\ElevatedDiagnostics

2016-01-26 02:38 - 2016-01-26 02:38 - 00005244 _____ C:\Users\Wayne\Documents\SystemInformation.csv

2016-01-26 02:36 - 2016-01-26 02:36 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\CareCenter

2016-01-26 00:53 - 2016-01-26 00:53 - 00006504 _____ C:\Users\Wayne\Documents\My laptop has been configured to a workgroup and another million and one other changes, security settings deleted changed, windows defender has beeh turned off by remote hackers connected to Microsoft support fake phonecall.xml

2016-01-25 18:22 - 2016-01-26 02:55 - 00000000 ____D C:\Users\Wayne\AppData\Local\CareCenter

2016-01-25 18:21 - 2016-02-08 12:51 - 00001810 _____ C:\Users\Public\Desktop\Acer Care Center.lnk

2016-01-25 18:21 - 2016-01-26 05:45 - 00002186 _____ C:\WINDOWS\System32\Tasks\ACCBackgroundApplication

2016-01-25 12:32 - 2016-02-10 01:08 - 00000000 ____D C:\Users\Wayne\AppData\Local\CrashDumps

2016-01-25 12:27 - 2015-09-23 09:43 - 00415976 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\mfeaack.sys

2016-01-25 12:25 - 2016-02-01 21:59 - 00003138 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon

2016-01-25 12:25 - 2016-01-25 12:25 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee

2016-01-25 12:13 - 2016-01-26 05:46 - 00002226 _____ C:\WINDOWS\System32\Tasks\McAfee Remediation (Prepare)

2016-01-25 12:13 - 2016-01-25 12:13 - 00000000 ____D C:\Program Files\Common Files\AV

2016-01-25 12:04 - 2016-02-09 23:41 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit

2016-01-25 12:04 - 2016-02-09 21:37 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2016-01-25 12:04 - 2016-02-02 02:08 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Exploit

2016-01-25 12:04 - 2016-02-02 01:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit

2016-01-25 12:03 - 2016-02-09 17:07 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2016-01-25 12:03 - 2016-01-26 05:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2016-01-25 12:03 - 2016-01-25 12:03 - 00001114 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2016-01-25 12:03 - 2016-01-25 12:03 - 00000000 ____D C:\ProgramData\Malwarebytes

2016-01-25 12:03 - 2016-01-25 12:03 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2016-01-25 12:03 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2016-01-25 12:03 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2016-01-25 11:59 - 2016-02-10 05:43 - 00004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{98B8066E-2DEA-43A2-A738-AAE1EAE30693}

2016-01-25 11:48 - 2016-01-25 11:48 - 00000000 ____D C:\Users\Wayne\AppData\Local\GWX

2016-01-25 11:47 - 2016-02-03 12:08 - 00000000 ___RD C:\Users\Wayne\OneDrive

2016-01-25 11:44 - 2016-01-26 05:46 - 00002806 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-92368520-1442784187-673530786-1001

2016-01-25 11:44 - 2016-01-25 11:44 - 00000000 ____D C:\Users\Public\Pokki

2016-01-25 11:43 - 2016-02-07 10:31 - 00002496 _____ C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

2016-01-25 11:43 - 2016-02-07 03:27 - 00002358 _____ C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk

2016-01-25 11:42 - 2016-01-25 11:42 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Macromedia

2016-01-25 11:40 - 2016-02-10 18:58 - 00000000 ____D C:\Users\Wayne\AppData\Local\clear.fi

2016-01-25 11:40 - 2016-01-25 11:40 - 00001272 _____ C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk

2016-01-25 11:40 - 2016-01-25 11:40 - 00000000 ____D C:\WINDOWS\System32\Tasks\WPD

2016-01-25 11:40 - 2016-01-25 11:40 - 00000000 ____D C:\Users\Wayne\PicStream

2016-01-25 11:40 - 2016-01-25 11:40 - 00000000 ____D C:\Users\Wayne\Documents\Bluetooth Folder

2016-01-25 11:40 - 2016-01-25 11:40 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Atheros

2016-01-25 11:40 - 2016-01-25 11:40 - 00000000 ____D C:\Users\Wayne\AppData\Local\BMExplorer

2016-01-25 11:40 - 2016-01-25 11:40 - 00000000 ____D C:\Users\Wayne\AppData\Local\AOP SDK

2016-01-25 11:39 - 2016-01-25 11:39 - 00001782 _____ C:\Users\Public\Desktop\Buy Online.lnk

2016-01-25 11:39 - 2016-01-25 11:39 - 00000000 ____D C:\WINDOWS\oem

2016-01-25 11:39 - 2016-01-25 11:39 - 00000000 ____D C:\ProgramData\OEM_YAHOO

2016-01-25 11:39 - 2016-01-25 11:39 - 00000000 ____D C:\Program Files\Accessory Store

2016-01-25 11:38 - 2016-02-09 16:46 - 00000000 ____D C:\Users\Wayne\AppData\Local\Packages

2016-01-25 11:38 - 2016-02-04 12:54 - 00000000 __SHD C:\Users\Wayne\IntelGraphicsProfiles

2016-01-25 11:38 - 2016-01-25 11:38 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2016-01-25 11:38 - 2016-01-25 11:38 - 00000000 ____D C:\Users\Wayne\AppData\Roaming\Adobe

2016-01-25 11:38 - 2016-01-25 11:38 - 00000000 ____D C:\Users\Wayne\AppData\Local\VirtualStore

2016-01-25 11:38 - 2016-01-25 11:38 - 00000000 ____D C:\Users\Wayne\AppData\Local\OEM

2016-01-25 11:34 - 2016-02-10 18:34 - 00000000 ____D C:\Users\Wayne\AppData\Local\SweetLabs App Platform

2016-01-25 11:34 - 2015-03-14 01:51 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll

2016-01-25 11:31 - 2016-01-28 02:03 - 00000000 __RHD C:\Users\Public\AccountPictures

2016-01-25 09:10 - 2016-01-25 09:10 - 00000000 _____ C:\Recovery.txt

2015-12-16 01:14 - 2015-12-16 01:14 - 00315840 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgwfpa.sys

2015-12-04 14:36 - 2015-12-04 14:36 - 00258480 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys

2015-12-04 14:35 - 2015-12-04 14:35 - 00315312 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgidsdrivera.sys

2015-12-04 14:27 - 2015-12-04 14:27 - 00042416 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgrkx64.sys

==================== Three Months Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-10 18:31 - 2015-10-30 07:21 - 00000000 ____D C:\WINDOWS\INF

2016-02-10 18:25 - 2014-07-25 09:39 - 00000000 ____D C:\Program Files (x86)\McAfee

2016-02-10 02:42 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\addins

2016-02-09 19:58 - 2015-10-30 06:28 - 00008192 ___SH C:\WINDOWS\system32\config\ELAM

2016-02-09 16:47 - 2015-10-30 07:24 - 00000000 ___HD C:\Program Files\WindowsApps

2016-02-09 16:47 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\AppReadiness

2016-02-09 13:01 - 2014-07-25 09:31 - 00000000 ____D C:\Program Files (x86)\Acer

2016-02-09 12:31 - 2014-07-25 09:32 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer

2016-02-08 12:58 - 2015-10-30 06:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

2016-02-07 19:59 - 2014-07-25 09:32 - 00000000 ____D C:\ProgramData\Package Cache

2016-02-07 16:16 - 2014-07-25 09:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games

2016-02-07 16:15 - 2014-07-25 09:35 - 00000000 ____D C:\ProgramData\WildTangent

2016-02-04 18:11 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\NDF

2016-02-04 18:10 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\Registration

2016-02-04 13:00 - 2014-07-25 10:08 - 00000000 ___HD C:\OEM

2016-02-04 12:53 - 2014-07-25 09:39 - 00000000 ____D C:\ProgramData\McAfee

2016-02-04 12:53 - 2014-07-25 09:39 - 00000000 ____D C:\Program Files\mcafee

2016-02-04 12:52 - 2014-07-25 09:39 - 00000000 ____D C:\Program Files\Common Files\mcafee

2016-02-04 10:02 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\Web

2016-02-03 11:32 - 2014-07-25 09:33 - 00000000 ____D C:\ProgramData\CyberLink

2016-02-03 04:40 - 2014-12-08 12:21 - 00000000 ____D C:\Users\Public\CyberLink

2016-02-02 07:47 - 2015-10-30 07:11 - 00000000 ____D C:\WINDOWS\CbsTemp

2016-02-02 03:02 - 2014-07-25 09:11 - 00000000 ____D C:\Users\Administrator

2016-02-02 03:02 - 2013-08-22 13:36 - 00000000 ____D C:\Users\Default.migrated

2016-02-01 23:48 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\Performance

2016-01-28 20:05 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\rescache

2016-01-28 19:41 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports

2016-01-28 04:22 - 2015-10-30 07:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP

2016-01-28 02:10 - 2014-12-08 11:51 - 00000000 ____D C:\Program Files (x86)\Realtek

2016-01-28 02:08 - 2014-07-25 09:32 - 00005404 _____ C:\WINDOWS\System32\Tasks\Software Update Application

2016-01-28 01:55 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2016-01-28 01:55 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\oobe

2016-01-28 01:54 - 2015-10-30 07:24 - 00000000 ___SD C:\WINDOWS\system32\F12

2016-01-28 01:54 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog

2016-01-28 01:54 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2016-01-28 01:54 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\appraiser

2016-01-28 01:54 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\bcastdvr

2016-01-27 21:25 - 2014-07-25 09:37 - 00000000 ____D C:\Program Files\Acer

2016-01-27 17:15 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\appcompat

2016-01-26 19:35 - 2014-07-25 09:32 - 00000000 ____D C:\ProgramData\OEM

2016-01-26 09:29 - 2015-10-30 07:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2016-01-26 09:03 - 2015-10-30 07:24 - 00000000 ____D C:\ProgramData\USOPrivate

2016-01-26 07:14 - 2014-07-25 09:32 - 00000000 ____D C:\ProgramData\acer

2016-01-26 06:53 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow

2016-01-26 06:52 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\PrintDialog

2016-01-26 06:52 - 2015-10-30 07:24 - 00000000 ___RD C:\WINDOWS\MiracastView

2016-01-26 05:51 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase

2016-01-26 05:46 - 2014-12-08 12:38 - 00002744 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-92368520-1442784187-673530786-500

2016-01-26 05:45 - 2015-10-30 07:24 - 00000000 __RHD C:\Users\Public\Libraries

2016-01-26 05:45 - 2014-12-08 12:18 - 00002182 _____ C:\WINDOWS\System32\Tasks\Quick Access Quick Launcher

2016-01-26 05:45 - 2014-12-08 12:18 - 00002062 _____ C:\WINDOWS\System32\Tasks\Quick Access

2016-01-26 05:45 - 2014-12-08 12:16 - 00002096 _____ C:\WINDOWS\System32\Tasks\Power Management

2016-01-26 05:45 - 2014-07-25 09:37 - 00002574 _____ C:\WINDOWS\System32\Tasks\UbtFrameworkService

2016-01-26 05:40 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp

2016-01-26 05:39 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\Help

2016-01-26 05:39 - 2015-10-30 07:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft

2016-01-26 05:39 - 2014-12-08 12:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12

2016-01-26 05:39 - 2014-12-08 11:17 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

2016-01-26 05:36 - 2015-10-30 18:04 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr

2016-01-26 05:36 - 2015-10-30 18:04 - 00000000 ____D C:\WINDOWS\system32\slmgr

2016-01-26 05:36 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV

2016-01-26 05:36 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT

2016-01-26 05:36 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE

2016-01-26 05:36 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\spool

2016-01-26 05:36 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV

2016-01-26 05:36 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT

2016-01-26 05:36 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod

2016-01-26 05:36 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\et-EE

2016-01-26 05:36 - 2014-12-08 11:56 - 00000000 ____D C:\WINDOWS\SysWOW64\sda

2016-01-26 05:36 - 2014-03-18 10:00 - 00000000 ____D C:\WINDOWS\SysWOW64\gl-es

2016-01-26 05:36 - 2014-03-18 10:00 - 00000000 ____D C:\WINDOWS\SysWOW64\eu-es

2016-01-26 05:36 - 2014-03-18 10:00 - 00000000 ____D C:\WINDOWS\SysWOW64\ca-es-valencia

2016-01-26 05:36 - 2014-03-18 10:00 - 00000000 ____D C:\WINDOWS\SysWOW64\ca-es

2016-01-26 05:36 - 2014-03-18 10:00 - 00000000 ____D C:\WINDOWS\system32\gl-es

2016-01-26 05:36 - 2014-03-18 10:00 - 00000000 ____D C:\WINDOWS\system32\eu-es

2016-01-26 05:36 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared

2016-01-26 05:36 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared

2016-01-26 05:34 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\InputMethod

2016-01-26 05:34 - 2014-03-18 10:00 - 00000000 ____D C:\WINDOWS\system32\ca-es-valencia

2016-01-26 05:34 - 2014-03-18 10:00 - 00000000 ____D C:\WINDOWS\system32\ca-es

2016-01-26 05:34 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\MediaViewer

2016-01-26 05:34 - 2013-08-22 15:36 - 00000000 ____D C:\WINDOWS\ADFS

2016-01-26 05:33 - 2014-12-08 11:57 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros

2016-01-26 05:33 - 2014-07-25 09:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF

2016-01-26 05:33 - 2014-07-25 09:34 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 10

2016-01-26 05:33 - 2014-07-25 09:33 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 3

2016-01-26 05:30 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep

2016-01-26 05:24 - 2015-10-30 18:15 - 00000000 ____D C:\WINDOWS\ServiceProfiles

2016-01-26 05:23 - 2015-10-30 07:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template

2016-01-26 05:19 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB

2016-01-26 05:19 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2016-01-26 05:19 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\system32\en-GB

2016-01-26 05:19 - 2015-10-30 07:24 - 00000000 ____D C:\WINDOWS\Provisioning

2016-01-26 05:19 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism

2016-01-26 05:19 - 2015-10-30 06:28 - 00000000 ____D C:\WINDOWS\system32\Dism

2016-01-26 04:51 - 2015-10-30 19:02 - 00000000 ___HD C:\$WINDOWS.~BT

==================== Files in the root of some directories =======

2016-02-03 08:25 - 2016-02-07 03:20 - 0007605 _____ () C:\Users\Wayne\AppData\Local\resmon.resmoncfg

2016-01-26 05:28 - 2016-01-26 05:28 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:

====================

C:\Users\Wayne\AppData\Local\Temp\AXB.exe

C:\Users\Wayne\AppData\Local\Temp\AXB64.exe

C:\Users\Wayne\AppData\Local\Temp\OCB.exe

C:\Users\Wayne\AppData\Local\Temp\oct3A59.tmp.exe

C:\Users\Wayne\AppData\Local\Temp\oct6397.tmp.exe

C:\Users\Wayne\AppData\Local\Temp\sqlite3.dll

C:\Users\Wayne\AppData\Local\Temp\ToolbarDownloader1.0.0.4.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

==================== BCD ================================

Firmware Boot Manager

---------------------

identifier {fwbootmgr}

displayorder {bootmgr}

{132e65d9-cb3e-11e5-8270-806e6f6e6963}

{132e65d7-cb3e-11e5-8270-806e6f6e6963}

{132e65d8-cb3e-11e5-8270-806e6f6e6963}

timeout 2

Windows Boot Manager

--------------------

identifier {bootmgr}

device partition=\Device\HarddiskVolume2

path \EFI\Microsoft\Boot\bootmgfw.efi

description Windows Boot Manager

locale en-GB

inherit {globalsettings}

default {current}

resumeobject {f8811170-b9a9-11e5-aa27-80f832bcde1f}

displayorder {current}

toolsdisplayorder {memdiag}

timeout 30

Firmware Application (101fffff)

-------------------------------

identifier {0a57a4b6-c27d-11e5-bc2e-806e6f6e6963}

description Network Boot-IPV4: 20-6A-8A-A9-00-50

Firmware Application (101fffff)

-------------------------------

identifier {0a57a4b7-c27d-11e5-bc2e-806e6f6e6963}

description Network Boot-IPV6: 20-6A-8A-A9-00-50

Firmware Application (101fffff)

-------------------------------

identifier {132e65d7-cb3e-11e5-8270-806e6f6e6963}

description EFI USB Device

Firmware Application (101fffff)

-------------------------------

identifier {132e65d8-cb3e-11e5-8270-806e6f6e6963}

description EFI DVD/CDROM

Firmware Application (101fffff)

-------------------------------

identifier {132e65d9-cb3e-11e5-8270-806e6f6e6963}

description EFI Network

Firmware Application (101fffff)

-------------------------------

identifier {132e65da-cb3e-11e5-8270-806e6f6e6963}

description Network Boot-IPV4: 20-6A-8A-A9-00-50

Firmware Application (101fffff)

-------------------------------

identifier {132e65db-cb3e-11e5-8270-806e6f6e6963}

description Network Boot-IPV6: 20-6A-8A-A9-00-50

Firmware Application (101fffff)

-------------------------------

identifier {f6355922-ac0e-11e5-8296-806e6f6e6963}

description Network Boot-IPV4: 20-6A-8A-A9-00-50

badmemoryaccess Yes

Firmware Application (101fffff)

-------------------------------

identifier {f6355923-ac0e-11e5-8296-806e6f6e6963}

description Network Boot-IPV6: 20-6A-8A-A9-00-50

badmemoryaccess Yes

Windows Boot Loader

-------------------

identifier {0b759716-7f20-11e4-8a4d-206a8aa90050}

device ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{0b759717-7f20-11e4-8a4d-206a8aa90050}

path \windows\system32\winload.efi

description Windows Recovery Environment

locale en-us

inherit {bootloadersettings}

displaymessage Recovery

displaymessageoverride Recovery

badmemoryaccess Yes

osdevice ramdisk=[\Device\HarddiskVolume1]\Recovery\WindowsRE\Winre.wim,{0b759717-7f20-11e4-8a4d-206a8aa90050}

systemroot \windows

nx OptIn

bootmenupolicy Standard

winpe Yes

Windows Setup

-------------

identifier {7254a080-1510-4e85-ac0f-e7fb3d444736}

device ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{f881116f-b9a9-11e5-aa27-80f832bcde1f}

path \windows\system32\winload.efi

description Windows Rollback

locale en-GB

inherit {bootloadersettings}

osdevice ramdisk=[C:]\$WINDOWS.~BT\Sources\SafeOS\winre.wim,{f881116f-b9a9-11e5-aa27-80f832bcde1f}

systemroot \windows

nx OptIn

bootmenupolicy Standard

winpe Yes

Windows Boot Loader

-------------------

identifier {current}

device partition=C:

path \WINDOWS\system32\winload.efi

description Windows 10

locale en-GB

inherit {bootloadersettings}

recoverysequence {f8811172-b9a9-11e5-aa27-80f832bcde1f}

recoveryenabled Yes

isolatedcontext Yes

allowedinmemorysettings 0x15000075

osdevice partition=C:

systemroot \WINDOWS

resumeobject {f8811170-b9a9-11e5-aa27-80f832bcde1f}

nx OptIn

bootmenupolicy Standard

Windows Boot Loader

-------------------

identifier {f8811172-b9a9-11e5-aa27-80f832bcde1f}

device ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{f8811173-b9a9-11e5-aa27-80f832bcde1f}

path \windows\system32\winload.efi

description Windows Recovery Environment

locale en-GB

inherit {bootloadersettings}

displaymessage Recovery

displaymessageoverride Recovery

osdevice ramdisk=[\Device\HarddiskVolume5]\Recovery\WindowsRE\Winre.wim,{f8811173-b9a9-11e5-aa27-80f832bcde1f}

systemroot \windows

nx OptIn

bootmenupolicy Standard

winpe Yes

Resume from Hibernate

---------------------

identifier {0b75971e-7f20-11e4-8a4d-206a8aa90050}

device partition=C:

path \WINDOWS\system32\winresume.efi

description Windows Resume Application

locale en-GB

inherit {resumeloadersettings}

recoverysequence {0b759716-7f20-11e4-8a4d-206a8aa90050}

recoveryenabled Yes

badmemoryaccess Yes

isolatedcontext Yes

allowedinmemorysettings 0x15000075

filedevice partition=C:

filepath \hiberfil.sys

bootmenupolicy Standard

debugoptionenabled No

Resume from Hibernate

---------------------

identifier {f881116d-b9a9-11e5-aa27-80f832bcde1f}

device partition=C:

path \WINDOWS\system32\winresume.efi

description Windows Resume Application

locale en-GB

inherit {resumeloadersettings}

recoverysequence {0b759716-7f20-11e4-8a4d-206a8aa90050}

recoveryenabled Yes

isolatedcontext Yes

allowedinmemorysettings 0x15000075

filedevice partition=C:

filepath \hiberfil.sys

bootmenupolicy Standard

debugoptionenabled No

Resume from Hibernate

---------------------

identifier {f8811170-b9a9-11e5-aa27-80f832bcde1f}

device partition=C:

path \WINDOWS\system32\winresume.efi

description Windows Resume Application

locale en-GB

inherit {resumeloadersettings}

recoverysequence {f8811172-b9a9-11e5-aa27-80f832bcde1f}

recoveryenabled Yes

isolatedcontext Yes

allowedinmemorysettings 0x15000075

filedevice partition=C:

filepath \hiberfil.sys

bootmenupolicy Standard

debugoptionenabled No

Windows Memory Tester

---------------------

identifier {memdiag}

device partition=\Device\HarddiskVolume2

path \EFI\Microsoft\Boot\memtest.efi

description Windows Memory Diagnostic

locale en-GB

inherit {globalsettings}

badmemoryaccess Yes

EMS Settings

------------

identifier {emssettings}

bootems No

Debugger Settings

-----------------

identifier {dbgsettings}

debugtype Serial

debugport 1

baudrate 115200

RAM Defects

-----------

identifier {badmemory}

Global Settings

---------------

identifier {globalsettings}

inherit {dbgsettings}

{emssettings}

{badmemory}

Boot Loader Settings

--------------------

identifier {bootloadersettings}

inherit {globalsettings}

{hypervisorsettings}

Hypervisor Settings

-------------------

identifier {hypervisorsettings}

hypervisordebugtype Serial

hypervisordebugport 1

hypervisorbaudrate 115200

Resume Loader Settings

----------------------

identifier {resumeloadersettings}

inherit {globalsettings}

Device options

--------------

identifier {0b759717-7f20-11e4-8a4d-206a8aa90050}

description Windows Recovery

badmemoryaccess Yes

ramdisksdidevice partition=\Device\HarddiskVolume1

ramdisksdipath \Recovery\WindowsRE\boot.sdi

Device options

--------------

identifier {0b759720-7f20-11e4-8a4d-206a8aa90050}

description Windows Setup

badmemoryaccess Yes

ramdisksdidevice partition=C:

ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Setup Ramdisk Options

---------------------

identifier {ramdiskoptions}

description Acer Recovery Management

badmemoryaccess Yes

ramdisksdidevice partition=\Device\HarddiskVolume5

ramdisksdipath \boot\boot.sdi

Device options

--------------

identifier {f881116f-b9a9-11e5-aa27-80f832bcde1f}

description Windows Setup

ramdisksdidevice partition=C:

ramdisksdipath \$WINDOWS.~BT\Sources\SafeOS\boot.sdi

Device options

--------------

identifier {f8811173-b9a9-11e5-aa27-80f832bcde1f}

description Windows Recovery

ramdisksdidevice partition=\Device\HarddiskVolume5

ramdisksdipath \Recovery\WindowsRE\boot.sdi

LastRegBack: 2016-02-09 19:25

==================== End of FRST.txt ============================

#5 bloopie

Bleepin' Sith Turner

Malware Response Team
7,927 posts
OFFLINE

Gender:Male
Location:New York
Local time:02:08 PM

Posted 10 February 2016 - 07:18 PM

Hello again,

Thanks for the log and the information! Okay, we've got some work to do on this machine, but don't worry...we'll get you cleaned up, and we'll harden the Operating System as well.

It would be wise to NOT use the machine except for running tools that I ask you to. Best also is to keep the system unplugged from the internet (or turn off your wireless card unless you need the internet to download/run tools that I ask you to download for the cleaning process).

==========

I see several AV solutions running simultaneously (AVG, Avast, McAfee) ...this is actually not making you any safer so we'll have to remove two of those. Which antivirus program would you like to keep? I would suggest keeping Avast, but you may keep another if that's your preference. Just let me know, and I will add in instructions for removing the others. :wink:

====================

But before we can continue, I still don't see the "Addition.txt" file that I asked for! Please copy and paste that into your next reply for my review.

Also, you're running FRST with just about all the boxes checked...I don't need all of them checked, but it's okay for the time being. If you ran FRST will all boxes checked, then you should have Addition.txt and Shortcut.txt in your Downloads folder where you ran FRST. Please post the Addition.txt (and the Shortcut.txt if you have it already) in your next reply so we can see where we're at. Then I will craft the next set of instructions for you. Just keep in mind that the logs take time to analyze, so bear with me okay?

I try to respond at least once per day, but that doesn't always happen because I work full-time outside of Bleeping Computer... :wink:

====================

You seem pretty worried, and I completely understand that...but try not to be...I will stay with you until the end! :thumbup2:

...And as long as you can follow my instructions properly, then we shouldn't have too much trouble cleaning up the system. :wink:

==========

...As well as what I asked for in this post, please also tell me how the system is running at this point (performance-wise). Is it running normally, fast, or slow?

Thanks again,

bloopie

energy=mass X speed of light²...that's a lot of energy!

If I have been helping you and have not replied to your last post in 48hrs, please send me a P.M.

Posted Image

#6 Browny69

Topic Starter

Members
21 posts
OFFLINE

Local time:07:08 PM

Posted 11 February 2016 - 05:46 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-02-2016
Ran by Wayne (2016-02-10 18:59:31)
Running from C:\Users\Wayne\Downloads
Windows 10 Home (X64) (2016-01-26 06:29:26)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-92368520-1442784187-673530786-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-92368520-1442784187-673530786-503 - Limited - Disabled)
Guest (S-1-5-21-92368520-1442784187-673530786-501 - Limited - Disabled)
Wayne (S-1-5-21-92368520-1442784187-673530786-1001 - Administrator - Enabled) => C:\Users\Wayne

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.09.2001 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3002 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.09.2003.0 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8109 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.09.2002 - Acer Incorporated)
Acer Power Management (HKLM\...\{91F52DE4-B789-42B0-9311-A349F10E5479}) (Version: 7.00.8105 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Quick Access (HKLM\...\{E3678E72-78E3-4F91-A9FB-913876FF6DA2}) (Version: 2.00.3005 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2005.0 - Acer Incorporated)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.15.2000.1 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
AVG (HKLM\...\AvgZen) (Version: 1.31.1.48846 - AVG Technologies)
AVG (Version: 16.31.7357 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.31.7357 - AVG Technologies)
AVG Zen (Version: 1.31.9 - AVG Technologies) Hidden
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
BT Desktop Help (HKLM-x32\...\BT Desktop Help) (Version: - )
BT Toolbar (HKLM-x32\...\bttb) (Version: 1.0.0.43 - )
Care Center (HKLM\...\{1AF41E84-3408-499A-8C93-8891F0612719}) (Version: 2.00.3019 - Acer Incorporated)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.5931 - CDBurnerXP)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4609.02 - CyberLink Corp.)
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
Foxit PhantomPDF (HKLM-x32\...\{D4DF5498-C95C-4A02-9951-725FB2D7BC0D}) (Version: 6.0.121.624 - Foxit Corporation)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.103 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Host App Service (HKU\S-1-5-21-92368520-1442784187-673530786-1001\...\SweetLabs_AP) (Version: 0.269.7.840 - Pokki)
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Malwarebytes Anti-Exploit version 1.8.1.1189 (HKLM\...\Malwarebytes Anti-Exploit_is1) (Version: 1.8.1.1189 - Malwarebytes)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
McAfee LiveSafe Internet Security (HKLM-x32\...\MSC) (Version: 14.0.6136 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.30319 (HKLM\...\{DA5E371C-6333-3D8A-93A4-6FD5B20BCC6E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.30319 (HKLM-x32\...\{196BB40D-1578-3D01-B289-BEFC77A11A1E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
NTREGOPT 1.1j (HKLM-x32\...\NTREGOPT_is1) (Version: - Lars Hederer)
Panda USB Vaccine 1.0.1.16 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.141.259 - Google, Inc.)
Pokki Start Menu (HKU\S-1-5-21-92368520-1442784187-673530786-1001\...\SweetLabs_Start_Menu) (Version: 0.269.7.840 - Pokki)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.322 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.33 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.39059 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7288 - Realtek Semiconductor Corp.)
Security Task Manager 2.1e (HKLM-x32\...\Security Task Manager) (Version: 2.1e - Neuber Software)
Spotify (HKLM-x32\...\Spotify) (Version: 0.9.6.81.gd359a796 - Spotify AB)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.1 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinPatrol (HKLM-x32\...\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}) (Version: 33.1.2015.0 - Ruiware)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-92368520-1442784187-673530786-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-92368520-1442784187-673530786-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0C74ADD0-DC61-4429-B58C-9E7685A2BE20} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0FB757AE-1128-4E56-84C7-8BB7A044CBC3} - System32\Tasks\ACCBackgroundApplication => C:\Program Files (x86)\Acer\Care Center\ACCStd.exe [2015-11-25] ()
Task: {206C25F9-DB73-4871-B534-176CEBF950D6} - System32\Tasks\Quick Access => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-07-09] (Acer Incorporated)
Task: {282FEF79-A2F2-4FF9-99CA-F6DFD281BB62} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-02-08] (AVAST Software)
Task: {28339B1A-9F14-4697-ADEE-93645FBACEB2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {2B0497FE-96B3-4514-8D82-BC4E7923621A} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2F2C6CC5-89DE-4E27-8CC8-FDBDE469611D} - System32\Tasks\SweetLabs App Platform => C:\Users\Wayne\AppData\Local\SweetLabs App Platform\Engine\ServiceHostAppUpdater.exe [2015-12-11] (Pokki)
Task: {31D15DCB-AF60-41DD-A781-689E78526147} - System32\Tasks\McAfee Remediation (Prepare) => C:\Program Files\Common Files\AV\McAfee Anti-Virus And Anti-Spyware\upgrade.exe [2015-11-03] (McAfee, Inc.)
Task: {36E37510-4E6D-450A-B28C-934D7651B02B} - System32\Tasks\AcerCloud => C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe [2016-01-19] (Acer)
Task: {3C28888F-D9BD-41D4-A178-237A219EC4F9} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4262439E-5284-4DBB-9FA5-085F245643D3} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {58FE6455-027F-49D1-9D26-FE8F60B5A09C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5C35C9DF-95F4-4551-B8B0-BFAE569C326A} - System32\Tasks\Power Management => C:\Program Files\Acer\Acer Power Management\ePowerTrayLauncher.exe [2014-06-12] (Acer Incorporated)
Task: {5ECE2C10-24BD-4E93-A1DF-24ACD4BC1C49} - System32\Tasks\Quick Access Quick Launcher => C:\Program Files\Acer\Acer Quick Access\QALauncher.exe [2015-07-09] (Acer Incorporated)
Task: {86BB18D0-8E2A-4B8A-94FB-650491D63458} - System32\Tasks\Software Update Application => C:\ProgramData\OEM\UpgradeTool\ListCheck.exe [2015-07-09] (Acer Incorporated)
Task: {86FA2463-0D0E-4D19-99F5-C6A4CBD6439B} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {912C7231-F29B-41BD-A46A-6E786135E82A} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {9A6C33AC-86AF-4DC7-BE60-6420A5528500} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {9B225D04-7D76-435D-8AA5-56B887B0C34C} - System32\Tasks\UbtFrameworkService => C:\Program Files\Acer\User Experience Improvement Program\Framework\TriggerFramework.exe [2014-03-12] (TODO: <Company name>)
Task: {9FDAB37D-A6ED-4382-B5AD-7F39B582E07E} - System32\Tasks\Launch Manager => C:\Program Files\Acer\Acer Launch Manager\LMLauncher.exe [2014-09-10] (Acer Incorporate)
Task: {A13FB884-D0E5-43EA-8E03-251E1765EC0D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-27] (Google Inc.)
Task: {AE3D9228-670C-4BDA-84CB-CE0D957C74FC} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\mcafee\platform\McUICnt.exe [2015-11-02] (McAfee, Inc.)
Task: {BE56584A-D1F2-4D11-841C-824BC2D05995} - System32\Tasks\abDocsDllLoader => C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe [2015-11-23] ()
Task: {D0CD59C6-4855-4FCB-BAB5-F11C80A9DDC8} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2010-06-01] ()
Task: {D190BC50-3A79-4889-9243-354F1FDF914A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-01-27] (Google Inc.)
Task: {EAC09DE7-2A5E-44A2-8B23-972EF6D16B9A} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-07] (Microsoft Corporation)
Task: {F7EE8C42-6257-46A6-999B-5DD59D83206D} - System32\Tasks\BacKGroundAgent => C:\Program Files (x86)\Acer\AOP Framework\BackgroundAgent.exe [2016-01-14] (Acer Incorporated)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Public\Desktop\Booking.com.lnk -> C:\Program Files\Booking.COM\StartURL.exe () -> hxxp://www.booking.com/index.html?aid=379334
ShortcutWithArgument: C:\Users\Public\Desktop\Dropbox.lnk -> C:\Program Files\Dropbox\StartURL.exe () -> hxxps://www.dropbox.com/partners/acer2014/download

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 07:18 - 2015-10-30 07:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2014-07-25 09:34 - 2012-04-24 10:43 - 00254512 _____ () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2016-01-26 05:18 - 2016-01-26 05:18 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-01-26 05:18 - 2016-01-26 05:18 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-02-02 19:21 - 2016-02-02 19:22 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-01-26 05:18 - 2016-01-26 05:18 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-26 05:18 - 2016-01-26 05:18 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-01-26 05:18 - 2016-01-26 05:18 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-26 05:18 - 2016-01-26 05:18 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-26 05:18 - 2016-01-26 05:18 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-27 19:22 - 2016-01-16 05:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 19:22 - 2016-01-16 05:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-23 18:44 - 2015-11-23 18:44 - 01769312 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoaderMonitor.exe
2015-11-23 18:44 - 2015-11-23 18:44 - 00091488 _____ () C:\Program Files (x86)\Acer\abDocs\abDocsDllLoader.exe
2015-11-25 11:03 - 2015-11-25 11:03 - 04644256 _____ () C:\Program Files (x86)\Acer\Care Center\ACCStd.exe
2016-02-08 14:55 - 2016-02-08 14:55 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-02-08 14:55 - 2016-02-08 14:55 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-02-08 15:01 - 2016-02-08 15:01 - 02819072 _____ () C:\Program Files\AVAST Software\Avast\defs\16020802\algo.dll
2016-02-08 14:55 - 2016-02-08 14:55 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2013-11-07 17:58 - 2013-11-07 17:58 - 00244736 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-activex-wrapper\build\Release\NodeActiveXWrapper.node
2013-11-07 17:58 - 2013-11-07 17:58 - 00271360 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-osbridge\build\Release\MotiveOSBridgeNodeModule.node
2013-11-07 17:57 - 2013-11-07 17:57 - 00237056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\motive-xmpps\build\Release\MotiveXMPPSNode.node
2013-04-24 07:55 - 2013-04-24 07:55 - 01581056 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\libxmljs\build\Release\xmljs.node
2013-04-18 16:55 - 2013-04-18 16:55 - 00068608 _____ () C:\Program Files (x86)\BT Broadband Desktop Help\btbb\MA\8.4.0.53.bt.10\ma\node_modules\dnode\node_modules\weak\build\Release\weakref.node
2016-02-02 19:21 - 2016-02-02 19:22 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-02-02 19:21 - 2016-02-02 19:22 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-02-08 14:55 - 2016-02-08 14:55 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2015-12-03 15:21 - 2015-12-03 15:21 - 00202456 _____ () C:\Program Files (x86)\Acer\abMedia\curllib.dll
2015-12-03 15:23 - 2015-12-03 15:23 - 00654000 _____ () C:\Program Files (x86)\Acer\abMedia\sqlite3.dll
2015-12-03 15:23 - 2015-12-03 15:23 - 00641240 _____ () C:\Program Files (x86)\Acer\abMedia\tag.dll
2015-12-03 15:23 - 2015-12-03 15:23 - 00119000 _____ () C:\Program Files (x86)\Acer\abMedia\OpenLDAP.dll
2016-02-04 13:00 - 2016-02-04 13:00 - 00015064 _____ () C:\WINDOWS\assembly\GAC_MSIL\MyService\1.0.0.1__2dfa3f50f0bed57d\MyService.dll
2016-01-14 17:12 - 2016-01-14 17:12 - 00013016 _____ () C:\Program Files (x86)\Acer\AOP Framework\ServiceInterface.dll
2016-01-14 17:11 - 2016-01-14 17:11 - 00277856 _____ () C:\Program Files (x86)\Acer\AOP Framework\libcurl.dll
2015-11-23 18:44 - 2015-11-23 18:44 - 00277856 _____ () C:\Program Files (x86)\Acer\abDocs\libcurl.dll
2015-04-28 20:15 - 2015-04-28 20:15 - 00569856 _____ () C:\Users\Wayne\AppData\Local\SweetLabs App Platform\Engine\ppGoogleNaClPluginChrome.dll
2015-04-28 20:15 - 2015-04-28 20:15 - 01400846 _____ () C:\Users\Wayne\AppData\Local\SweetLabs App Platform\Engine\avcodec-54.dll
2015-04-28 20:15 - 2015-04-28 20:15 - 00151054 _____ () C:\Users\Wayne\AppData\Local\SweetLabs App Platform\Engine\avutil-51.dll
2015-04-28 20:15 - 2015-04-28 20:15 - 00222734 _____ () C:\Users\Wayne\AppData\Local\SweetLabs App Platform\Engine\avformat-54.dll
2016-02-04 02:35 - 2016-02-03 07:27 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\libglesv2.dll
2016-02-04 02:35 - 2016-02-03 07:27 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\libegl.dll
2016-02-04 02:35 - 2016-02-03 07:27 - 16799048 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.103\PepperFlash\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 13:25 - 2013-08-22 13:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-92368520-1442784187-673530786-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\Web\Wallpaper\acer01.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
MpsSvc => Firewall Service is not running.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: mcbootdelaystartsvc => 2
HKLM\...\StartupApproved\Run: => "Logitech Download Assistant"
HKLM\...\StartupApproved\Run: => "btbb_McciTrayApp"
HKLM\...\StartupApproved\Run32: => "AvgUi"
HKLM\...\StartupApproved\Run32: => "AVG_UI"
HKU\S-1-5-21-92368520-1442784187-673530786-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [TCP Query User{AE76A30A-6E90-4B3F-A89A-9B3EB7F878CA}C:\program files (x86)\acer\abmedia\dmcdaemon.exe] => (Block) C:\program files (x86)\acer\abmedia\dmcdaemon.exe
FirewallRules: [UDP Query User{456D2FDF-7F39-408F-8677-5AFAB968184F}C:\program files (x86)\acer\abmedia\dmcdaemon.exe] => (Block) C:\program files (x86)\acer\abmedia\dmcdaemon.exe

==================== Restore Points =========================

26-01-2016 09:27:09 Windows Update
28-01-2016 02:08:07 Installed Realtek Ethernet Controller Driver
01-02-2016 22:54:16 Removed abDocs Office AddIn
03-02-2016 03:15:00 dismomuntonwards
06-02-2016 18:34:36 Adblock Plus for IE
07-02-2016 19:50:02 Adblock Plus for IE
09-02-2016 17:53:55 Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

Name: USB Composite Device
Description: USB Composite Device
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service: usbccgp
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.

==================== Event log errors: =========================

Application errors:
==================
Error: (02/10/2016 06:49:13 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:

Error: (02/10/2016 06:49:07 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A

Error: (02/10/2016 06:40:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 5.0.6060.0, time stamp: 0x563809af
Faulting module name: mcmscshm.dll, version: 14.0.6136.0, time stamp: 0x56609d81
Exception code: 0xc0000005
Fault offset: 0x0000000000078a20
Faulting process ID: 0x630
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report ID: McSvHost.exe3
Faulting package full name: McSvHost.exe4
Faulting package-relative application ID: McSvHost.exe5

Error: (02/10/2016 06:35:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 5.0.6060.0, time stamp: 0x563809af
Faulting module name: mcmscshm.dll, version: 14.0.6136.0, time stamp: 0x56609d81
Exception code: 0xc0000005
Fault offset: 0x0000000000078a20
Faulting process ID: 0x26a0
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report ID: McSvHost.exe3
Faulting package full name: McSvHost.exe4
Faulting package-relative application ID: McSvHost.exe5

Error: (02/10/2016 06:30:27 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: McSvHost.exe, version: 5.0.6060.0, time stamp: 0x563809af
Faulting module name: mcmscshm.dll, version: 14.0.6136.0, time stamp: 0x56609d81
Exception code: 0xc0000005
Fault offset: 0x0000000000078a20
Faulting process ID: 0x132c
Faulting application start time: 0xMcSvHost.exe0
Faulting application path: McSvHost.exe1
Faulting module path: McSvHost.exe2
Report ID: McSvHost.exe3
Faulting package full name: McSvHost.exe4
Faulting package-relative application ID: McSvHost.exe5

Error: (02/10/2016 12:47:37 PM) (Source: PerfNet) (EventID: 2005) (User: )
Description:

Error: (02/10/2016 12:47:34 PM) (Source: MSDTC Client 2) (EventID: 4104) (User: )
Description: 0x8007085A

Error: (02/10/2016 12:03:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 11431547

Error: (02/10/2016 12:03:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledEvent 11431547

Error: (02/10/2016 12:03:04 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: Continuously busy for more than a second

System errors:
=============
Error: (02/10/2016 07:02:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DNS Client service failed to start due to the following error:
%%1079

Error: (02/10/2016 07:02:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DNS Client service failed to start due to the following error:
%%1079

Error: (02/10/2016 07:00:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DNS Client service failed to start due to the following error:
%%1079

Error: (02/10/2016 07:00:11 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DNS Client service failed to start due to the following error:
%%1079

Error: (02/10/2016 06:59:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DNS Client service failed to start due to the following error:
%%1079

Error: (02/10/2016 06:59:50 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DNS Client service failed to start due to the following error:
%%1079

Error: (02/10/2016 06:59:49 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DNS Client service failed to start due to the following error:
%%1079

Error: (02/10/2016 06:59:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DNS Client service failed to start due to the following error:
%%1079

Error: (02/10/2016 06:59:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DNS Client service failed to start due to the following error:
%%1079

Error: (02/10/2016 06:59:37 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DNS Client service failed to start due to the following error:
%%1079

CodeIntegrity:
===================================
Date: 2016-02-10 18:54:37.173
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-10 18:54:37.043
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-10 12:03:54.825
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-10 12:03:54.780
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-10 08:50:51.012
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-10 08:50:50.965
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-10 01:51:52.692
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-10 01:51:52.567
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-10 00:52:07.723
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-10 00:52:07.527
Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume4\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

==================== Memory info ===========================

Processor: Intel® Celeron® CPU N2840 @ 2.16GHz
Percentage of memory in use: 59%
Total physical RAM: 3977.98 MB
Available physical RAM: 1609 MB
Total Virtual: 7817.98 MB
Available Virtual: 4969.11 MB

==================== Drives ================================

Drive c: (Acer) (Fixed) (Total:450.6 GB) (Free:378.16 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 5E02E400)

Partition: GPT.

==================== End of Addition.txt ============================

Attached Files

Addition.txt 33.67KB 2 downloads

Edited by bloopie, 11 February 2016 - 06:07 PM.
removed extra copies of FRST.txt and pasted correct log

#7 bloopie

Bleepin' Sith Turner

Malware Response Team
7,927 posts
OFFLINE

Gender:Male
Location:New York
Local time:02:08 PM

Posted 11 February 2016 - 07:25 PM

Hello again,

Okay, thanks for that!

Although bear in mind, you must be very mindful to read my instructions carefully!! I asked how the computer was running, and to copy and paste the Addition.txt log. Running my instructions incorrectly could lead to your system crashing when we get to the more sensitive tools...so please be careful! :wink:

Please copy and paste all logs (do not attach them) unless otherwise instructed.

Now, let's continue with the below steps:

Step :step1:

Please remove any AVG product that is currently installed on your machine using Programs and Features. Here is a quick way to get there:

Hold the "Windows 0d8a4985-b5e2-41a6-a1b6-e4bafb517937_92. " key and press "R" to open the runbox, and type in appwiz.cpl and press Enter. This should open Programs and Features (aka the Add/Remove Programs list).

If for any reason, you're unable to remove AVG products, then download and run the AVG Removal Tool found HERE (You will need the 64-bit version). If you need to use the Removal Tool, please be sure to reboot the computer after running it!

==========

Step :step2:

I see you have MalwareBytes Antimalware (aka MBAM) installed. Please update the program first, then run a Threat Scan (removing ANYTHING it finds), and post the resultant log in your next reply.

==========

Step :step3:

Please download AdwCleaner by Xplode and save to your Desktop.

Double click on AdwCleaner.exe to run the tool.
Vista/Windows 7/8 users right-click and select Run As Administrator
The tool will start to update the database, please wait a bit.
Click on the Scan button.
AdwCleaner will begin...be patient as the scan may take some time to complete.
After the scan has finished, click on the Clean button.
Press OK when asked to close all programs and follow the onscreen prompts.
Press OK again to allow AdwCleaner to restart the computer and complete the removal process.
After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
Copy and paste the contents of that logfile in your next reply.
A copy of that logfile will also be saved in the C:\AdwCleaner folder.

==========

Step :step4:

Please download Junkware Removal Tool to your Desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

====================

In your next reply, please include the following:

Let me know if you were successful removing the AVG products!
Paste the MBAM log
Paste the AdwCleaner cleaning log
Paste the JRT log

And please let me know how the computer is running now!! Any problems with any steps?

bloopie

energy=mass X speed of light²...that's a lot of energy!

If I have been helping you and have not replied to your last post in 48hrs, please send me a P.M.

Posted Image

#8 Browny69

Topic Starter

Members
21 posts
OFFLINE

Local time:07:08 PM

Posted 12 February 2016 - 11:38 AM

Users shortcut scan result (x64) Version:07-02-2016

Ran by Wayne (2016-02-12 16:25:18)

Running from C:\Users\Wayne\Downloads

Boot Mode: Normal

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

Shortcut: C:\ProgramData\Pokki\PC App Store.lnk -> C:\Users\Wayne\AppData\Local\Pokki\Engine\HostAppService.exe (No File)

Shortcut: C:\ProgramData\Pokki\Pokki Start Menu.lnk -> C:\Users\Wayne\AppData\Local\Pokki\Engine\HostAppService.exe (No File)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\Wayne\Documents ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\Wayne\Downloads ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\Wayne\Music ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\Wayne\Pictures ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\Wayne\Videos ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\Wayne ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}\AppleSoftwareUpdateIco.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk -> C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe (Canneverbe Limited)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Devices Flow.lnk -> C:\Windows\DevicesFlow\DevicesFlow.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Security Task Manager.lnk -> C:\Program Files (x86)\Security Task Manager\TaskMan.exe (Neuber Software)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spotify.lnk -> C:\Program Files (x86)\Spotify\SpotifyLauncher.exe (Spotify Ltd)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spy Protector.lnk -> C:\Program Files (x86)\Security Task Manager\SpyProtector.exe (Neuber Software - www.neuber.com)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol\WinPatrol Explorer.lnk -> C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrolEx.exe (Ruiware LLC)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol\WinPatrol Help.lnk -> C:\Program Files (x86)\Ruiware\WinPatrol\features.html ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol\WinPatrol.lnk -> C:\Program Files (x86)\Ruiware\WinPatrol\WinPatrol.exe (Ruiware LLC)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Documentation.lnk -> C:\Program Files\VideoLAN\VLC\Documentation.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\Release Notes.lnk -> C:\Program Files\VideoLAN\VLC\NEWS.txt ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VideoLAN Website.lnk -> C:\Program Files\VideoLAN\VLC\VideoLAN Website.url ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Uninstall.lnk -> C:\Program Files (x86)\Google\Picasa3\uninstall.exe (Google)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda USB Vaccine\Uninstall Panda USB Vaccine.lnk -> C:\Program Files (x86)\Panda USB Vaccine\unins000.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NT Registry Optimizer\Documentation.lnk -> C:\Program Files (x86)\NT Registry Optimizer\README.TXT ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NT Registry Optimizer\NTREGOPT Homepage.lnk -> C:\Program Files (x86)\NT Registry Optimizer\NTREGOPT.URL ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NT Registry Optimizer\NTREGOPT.lnk -> C:\Program Files (x86)\NT Registry Optimizer\NTREGOPT.EXE ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NT Registry Optimizer\Uninstall NTREGOPT.lnk -> C:\Program Files (x86)\NT Registry Optimizer\unins000.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware Notifications.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Uninstall Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\unins000.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware\Tools\Malwarebytes Anti-Malware Chameleon.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\Chameleon\Windows\chameleon.chm ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit\Malwarebytes Anti-Exploit.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe (Malwarebytes Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Exploit\Uninstall Malwarebytes Anti-Exploit.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Exploit\unins000.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en_GB.lproj\About iTunes.rtf ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel Control Center.lnk -> C:\Program Files (x86)\Intel\Intel Control Center\IntelControlCenter.exe (Intel Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF\Foxit PhantomPDF.lnk -> C:\Program Files (x86)\Foxit PhantomPDF\FoxitPhantomPDF.exe (Foxit Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12\CyberLink PowerDVD 12.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLP.exe (CyberLink Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 10\PowerDirector 10.lnk -> C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.exe (CyberLink Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 3\CyberLink PhotoDirector 3.lnk -> C:\Program Files (x86)\CyberLink\PhotoDirector3\PhotoDirector3.exe (CyberLink Corp.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Desktop Help\Uninstall BT Desktop Help.lnk -> C:\Program Files (x86)\BT Broadband Desktop Help\btbb\unBTBDH.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG\AVG Protection.lnk -> C:\Program Files (x86)\AVG\Av\avgui.exe (AVG Technologies CZ, s.r.o.)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abDocs.lnk -> C:\Program Files (x86)\Acer\abDocs\abDocs.exe (acer)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\abMedia.lnk -> C:\Program Files (x86)\Acer\abMedia\abMedia.exe (Acer Incorporated)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Care Center.lnk -> C:\Program Files (x86)\Acer\Care Center\CareCenter.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Portal.lnk -> C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe (Acer)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Power Management.lnk -> C:\Program Files\Acer\Acer Power Management\ePowerUI.exe (Acer Incorporated)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Quick Access.lnk -> C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe (Acer Incorporated)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer User Experience Improvement Program.lnk -> C:\Program Files\Acer\User Experience Improvement Program\Framework\Setting.exe (acer)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer User's Manual.lnk -> C:\OEM\Preload\Autorun\GUI\Acer User's Manual\00\OnePager.exe ()

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer\Acer Video Player.lnk -> C:\Program Files (x86)\Acer\Acer Video Player\AcerVideoPlayer.exe (Acer Incorporated)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Sticky Notes.lnk -> C:\Windows\System32\StikyNot.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Tablet PC\Windows Journal.lnk -> C:\Program Files\Windows Journal\Journal.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip File Manager.lnk -> C:\Program Files\7-Zip\7zFM.exe (Igor Pavlov)

Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip\7-Zip Help.lnk -> C:\Program Files\7-Zip\7-zip.chm ()

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\Wayne\Documents ()

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\Wayne\Pictures ()

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)

Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

Shortcut: C:\Users\Public\Desktop\abDocs.lnk -> C:\Program Files (x86)\Acer\abDocs\abDocs.exe (acer)

Shortcut: C:\Users\Public\Desktop\abMedia.lnk -> C:\Program Files (x86)\Acer\abMedia\abMedia.exe (Acer Incorporated)

Shortcut: C:\Users\Public\Desktop\Acer Care Center.lnk -> C:\Program Files (x86)\Acer\Care Center\CareCenter.exe ()

Shortcut: C:\Users\Public\Desktop\Acer Portal.lnk -> C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe (Acer)

Shortcut: C:\Users\Public\Desktop\Avast Free Antivirus.lnk -> C:\Program Files\AVAST Software\Avast\avastui.exe (AVAST Software)

Shortcut: C:\Users\Public\Desktop\CDBurnerXP.lnk -> C:\Program Files (x86)\CDBurnerXP\cdbxpp.exe (Canneverbe Limited)

Shortcut: C:\Users\Public\Desktop\CyberLink PhotoDirector 3.lnk -> C:\Program Files (x86)\CyberLink\PhotoDirector3\PhotoDirector3.exe (CyberLink Corp.)

Shortcut: C:\Users\Public\Desktop\CyberLink PowerDirector 10.lnk -> C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.exe (CyberLink Corp.)

Shortcut: C:\Users\Public\Desktop\CyberLink PowerDVD 12.lnk -> C:\Program Files (x86)\CyberLink\PowerDVD12\PDVDLP.exe (CyberLink Corp.)

Shortcut: C:\Users\Public\Desktop\Foxit PhantomPDF.lnk -> C:\Program Files (x86)\Foxit PhantomPDF\FoxitPhantomPDF.exe (Foxit Corporation)

Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)

Shortcut: C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk -> C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Malwarebytes)

Shortcut: C:\Users\Public\Desktop\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)

Shortcut: C:\Users\Public\Desktop\Security Task Manager.lnk -> C:\Program Files (x86)\Security Task Manager\TaskMan.exe (Neuber Software)

Shortcut: C:\Users\Public\Desktop\VLC media player.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN)

Shortcut: C:\Users\Wayne\Links\Desktop.lnk -> C:\Users\Wayne\Desktop ()

Shortcut: C:\Users\Wayne\Links\Downloads.lnk -> C:\Users\Wayne\Downloads ()

Shortcut: C:\Users\Wayne\Documents\My Videos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Documents.lnk -> C:\Users\Wayne\Documents ()

Shortcut: C:\Users\Wayne\Documents\My Videos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pictures.lnk -> C:\Users\Wayne\Pictures ()

Shortcut: C:\Users\Wayne\Documents\My Videos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\Documents\My Videos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\Documents\My Videos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\Documents\My Videos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\Documents\My Videos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\Documents\My Videos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\Documents\My Videos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\Documents\My Videos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\Documents\My Videos\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\Desktop\NTREGOPT.lnk -> C:\Program Files (x86)\NT Registry Optimizer\NTREGOPT.EXE ()

Shortcut: C:\Users\Wayne\Desktop\Tweaking.com - Windows Repair.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking.com)

Shortcut: C:\Users\Wayne\Desktop\WINDOWS - Shortcut.lnk -> C:\Windows.old\WINDOWS ()

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk -> C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe (Realtek Semiconductor)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Open Windows Repair (WR) Tray Icon.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe (Tweaking.com)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Registry Backup.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\files\registry_backup_tool\TweakingRegistryBackup.exe (Tweaking.com)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Tweaking.com - Windows Repair.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Repair_Windows.exe (Tweaking.com)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Launch Internet Explorer Browser.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\NTREGOPT.lnk -> C:\Program Files (x86)\NT Registry Optimizer\NTREGOPT.EXE ()

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Picasa 3.lnk -> C:\Program Files (x86)\Google\Picasa3\Picasa3.exe (Google Inc.)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\abPhoto.lnk -> C:\Program Files (x86)\Acer\abPhoto\abPhoto.exe (No File)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Acer Quick Access.lnk -> C:\Program Files\Acer\Acer Quick Access\QuickAccess.exe (Acer Incorporated)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Spotify.lnk -> C:\Program Files (x86)\Spotify\SpotifyLauncher.exe (Spotify Ltd)

Shortcut: C:\Users\Wayne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\StartMenu\Acer Portal.lnk -> C:\Program Files (x86)\Acer\Acer Portal\AcerPortal.exe (Acer)

Shortcut: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()

Shortcut: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()

Shortcut: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)

Shortcut: C:\Users\Wayne\AppData\Local\Microsoft\OneDrive\Desktop - Shortcut.lnk -> C:\Users\Wayne\Desktop ()

ShortcutWithArgument: C:\Users\Public\Desktop\Booking.com.lnk -> C:\Program Files\Booking.COM\StartURL.exe () -> hxxp://www.booking.com/index.html?aid=379334

ShortcutWithArgument: C:\Users\Public\Desktop\Buy Online.lnk -> C:\Program Files\Accessory Store\StartURL.exe () -> hxxp://go.acer.com/?id=13397&model=Aspire ES1-512

ShortcutWithArgument: C:\Users\Public\Desktop\Dropbox.lnk -> C:\Program Files\Dropbox\StartURL.exe () -> hxxps://www.dropbox.com/partners/acer2014/download

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk -> C:\Program Files (x86)\Microsoft Office\Office15\FIRSTRUN.EXE (Microsoft Corporation) -> /OEM

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk -> C:\Windows\System32\rundll32.exe (Microsoft Corporation) -> -sta {C90FB8CA-3295-4462-A721-2935E83694BA}

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinPatrol\Uninstall WinPatrol.lnk -> C:\ProgramData\InstallMate\{6A206A04-6BC1-411B-AA04-4E52EDEEADF2}\Setup.exe (Tarma Software Research Ltd) -> /remove /q0

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player - reset preferences and cache files.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> --reset-config --reset-plugins-cache vlc://quit

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN\VLC media player skinned.lnk -> C:\Program Files\VideoLAN\VLC\vlc.exe (VideoLAN) -> -Iskins

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Default Programs.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DefaultPrograms

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /7

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Picasa 3\Configure Picasa Photo Viewer.lnk -> C:\Program Files (x86)\Google\Picasa3\PicasaPhotoViewer.exe (Google Inc.) -> /reconfig

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda USB Vaccine\Panda USB Vaccine.lnk -> C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe (Panda Security) -> /resident /autovaccinate /shownow

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee\McAfee LiveSafe – Internet Security.lnk -> C:\Program Files\mcafee.com\agent\mcagent.exe (McAfee, Inc.) -> /desktopicon /platui

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BT Desktop Help\BT Desktop Help.lnk -> C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe (Alcatel-Lucent) -> -APPKEY=btbb -hidden -URL=file://C:\Program Files (x86)\BT Broadband Desktop Help\btbb/Start.html

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen\AVG.lnk -> C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) -> /zen.open_ui

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1

ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX

ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0

ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

ShortcutWithArgument: C:\Users\Public\Desktop\abFiles.lnk -> C:\Program Files (x86)\Acer\abFiles\abFilesTrayIcon.exe () ->

ShortcutWithArgument: C:\Users\Public\Desktop\AVG.lnk -> C:\Program Files (x86)\AVG\Framework\Common\avguix.exe (AVG Technologies CZ, s.r.o.) -> /zen.open_ui

ShortcutWithArgument: C:\Users\Public\Desktop\BT Desktop Help.lnk -> C:\Program Files (x86)\BT Broadband Desktop Help\btbb\BTHelpBrowser.exe (Alcatel-Lucent) -> -APPKEY=btbb -hidden -URL=file://C:\Program Files (x86)\BT Broadband Desktop Help\btbb/Start.html

ShortcutWithArgument: C:\Users\Wayne\Documents\My Videos\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk -> C:\Users\Wayne\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki) -> /OPEN"f22abfeae27a67446927d078890381efc546d3e1"

ShortcutWithArgument: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk -> C:\Users\Wayne\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki) -> /OPEN"menu"

ShortcutWithArgument: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Tweaking.com\Windows Repair (All in One)\Uninstall Tweaking.com - Windows Repair.lnk -> C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\uninstall.exe (Indigo Rose Corporation) -> "/U:C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\Uninstall\uninstall.xml"

ShortcutWithArgument: C:\Users\Wayne\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo

ShortcutWithArgument: C:\Users\Wayne\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk -> C:\Users\Wayne\AppData\Local\SweetLabs App Platform\Engine\ServiceHostApp.exe (Pokki) -> /OPEN"menu"

ShortcutWithArgument: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}

ShortcutWithArgument: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager

ShortcutWithArgument: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System

ShortcutWithArgument: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions

ShortcutWithArgument: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures

ShortcutWithArgument: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}

ShortcutWithArgument: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> /e,::{20D04FE0-3AEA-1069-A2D8-08002B30309D}

ShortcutWithArgument: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft Corporation) -> /0

ShortcutWithArgument: C:\Users\Wayne\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}

InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security\Panda USB Vaccine\Panda USB Vaccine on the Web.url -> hxxp://research.pandasecurity.com/archive/Panda-USB-and-AutoRun-Vaccine.aspx

InternetURL: C:\Users\Default\Favorites\Booking.com.url -> hxxp://www.booking.com/index.html?aid=379334

InternetURL: C:\Users\Default\Favorites\Acer\Acer.url -> hxxp://www.acer.com/

InternetURL: C:\Users\Wayne\Favorites\Bing.url -> hxxp://go.microsoft.com/fwlink/p/?LinkId=255142

InternetURL: C:\Users\Wayne\Favorites\Booking.com.url -> hxxp://www.booking.com/index.html?aid=379334

InternetURL: C:\Users\Wayne\Favorites\Google Apps for Work – Email, Collaboration Tools and More.url -> hxxps://apps.google.com/intx/en_uk/index.html?utm_source=gdn&utm_medium=display&utm_campaign=emea-gb-en-apps-tt-all-trial&utm_content=Text

InternetURL: C:\Users\Wayne\Favorites\Links\Acer Accessory Store.url -> hxxp://go.acer.com/?id=14167&model=Aspire ES1-512

InternetURL: C:\Users\Wayne\Favorites\Acer\Acer.url -> hxxp://www.acer.com/

InternetURL: C:\Users\Wayne\Favorites\Acer\eBay.url -> hxxp://rover.ebay.com/rover/1/710-66995-24801-1/4

InternetURL: C:\Users\Wayne\Documents\My Videos\Favorites\Booking.com.url -> hxxp://www.booking.com/index.html?aid=379334

InternetURL: C:\Users\Wayne\Documents\My Videos\Favorites\Acer\Acer.url -> hxxp://www.acer.com/

==================== End of Shortcut.txt =============================

Hi Bloopie so should I run that JRT now and delete what AV's I don't want or need from my download folder. I will stick with what you say about keeping Avast yes? What else should I delete? Thanks