Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

excessive pop ups


  • This topic is locked This topic is locked
13 replies to this topic

#1 sushitime

sushitime

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 17 February 2016 - 11:59 PM

New computer here.  I am getting excessive pop ups and my tabs get redirected.  

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:17-02-2016
Ran by Brian (administrator) on DESKTOP-TE5JKGB (17-02-2016 23:34:34)
Running from C:\Users\Brian\Downloads
Loaded Profiles: Brian (Available Profiles: Brian)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Advanced Micro Devices, Inc.) C:\Windows\SysWOW64\tbaseprovisioning.exe
(AMD) C:\Windows\System32\atiesrxx.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
() C:\Windows\SysWOW64\OSDSrv\OSDSrv.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\AdminService.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
() C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Product Registration\PRSvc.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
() C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Wistron Corporation) C:\Windows\SysWOW64\OSDSrv\OSDApp.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\MOM.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Advanced Micro Devices Inc.) C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\CCC.exe
() C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
(CyberLink) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
() C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\PluginContainer.exe
() C:\Program Files (x86)\Common Files\3c022f79-33eb-49e6-81b8-ddaa369645b1\Updater.exe
(McAfee, Inc.) C:\Program Files\mcafee\virusscan\McVsShld.exe
() C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\PluginContainer.exe
() C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\Updater.exe
() C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugins\6\Plugin.exe
() C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugins\8\Plugin.exe
() C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugins\2\Plugin.exe
() C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugins\3\Plugin.exe
() C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugins\3\Plugin.exe
() C:\Users\Brian\AppData\Roaming\InetStat\inetstat.exe
() C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\12\Plugin.exe
() C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\12\Plugin.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugins\10\Plugin.exe
() C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugins\7\Plugin.exe
() C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\3\Plugin.exe
() C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\10\Plugin.exe
() C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\7\Plugin.exe
() C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugins\7\Plugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
() C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\3\Plugin.exe
() C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\7\Plugin.exe
() C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\8\Plugin.exe
() C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\2\Plugin.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.27.2.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2016-02-17] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2016-02-17] (Realtek Semiconductor)
HKLM\...\Run: [OSDApp] => C:\Windows\SysWOW64\OSDSrv\OSDApp.exe [2091520 2015-04-14] (Wistron Corporation)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [610048 2015-01-20] (Waves Audio Ltd.)
HKLM-x32\...\Run: [StartCCC] => c:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-06-23] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-3966969871-3314231949-1999686048-1002\...\Run: [InetStat] => C:\Users\Brian\AppData\Roaming\InetStat\inetstat.exe [840206 2016-02-17] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{57b067e0-f661-4ccb-865b-8be15a98be00}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{9af76321-83d7-4868-a393-56d243941532}: [DhcpNameServer] 192.0.0.3
 
Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCcw8PU1tIEBgXeQ4JTA1HQ1MOIglZVBRDQldGdggPUwwQEwEFIk0FA1ADB0VXfVBdFElXTwhsNUtrBFgDQl10KVdcDk4=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3966969871-3314231949-1999686048-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCcw8PU1tIEBgXeQ4JTA1HQ1MOIglZVBRDQldGdggPUwwQEwEFIk0FA1ADB0VXfVBdFElXTwhsNUtrBFgDQl10KVdcDk4=
HKU\S-1-5-21-3966969871-3314231949-1999686048-1002\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell15.msn.com/?pc=DCTE
SearchScopes: HKLM -> DefaultScope {1F1F27CD-5641-4257-B7C7-25B317F71AB7} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgLVw5DQwwSbQ0BVghcFQNBJhRaUVhEDAdAIlwOUA5DFFQRdB9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
SearchScopes: HKLM -> {1F1F27CD-5641-4257-B7C7-25B317F71AB7} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgLVw5DQwwSbQ0BVghcFQNBJhRaUVhEDAdAIlwOUA5DFFQRdB9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
BHO-x32: Our Search Window -> {79b7274a-124a-4eeb-8ce3-f4b50e19a3f7} -> C:\Program Files (x86)\Our Search Window\Extensions\79b7274a-124a-4eeb-8ce3-f4b50e19a3f7.dll [2016-02-17] ()
BHO-x32: Generous Deal -> {c9581878-64b2-410a-833b-b3bb063b1dde} -> C:\Program Files (x86)\Generous Deal\Extensions\c9581878-64b2-410a-833b-b3bb063b1dde.dll [2016-02-17] ()
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-01-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-01-08] (McAfee, Inc.)
 
FireFox:
========
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-17] (Google Inc.)
 
Chrome: 
=======
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCcw8PU1tIEBgXeQ4JTA1HQ1MOIglZVBRDQldGdggPUwwQEwEFIk0FA1oDB0VXfV5bFElXTwhsNUtrBFgDQl10KVdcDk4="
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCcw8PU1tIEBgXeQ4JTA1HQ1MOIglZVBRDQldGdggPUwwQEwEFIk0FA1oDB0VXfV5bFElXTwhsNUtrBFgDQl10KVdcDk4="
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgLVw5DQwwSbQ0BVghcFQNBJhRaUVhEDAdAIlwOUA5DFFQRdB9aFQQTQkcFME0FBloEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFQQdg4KAwBADAEadwgVVQ8TRxhBcFgNTAsSQ1AVcQ4KVFhDFRNBNARaAktXUUEeJ1pNER8fHHpWMmpdAEsSSWJKLl1XFg==
CHR Profile: C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-02-17]
CHR Extension: (Google Docs) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-17]
CHR Extension: (Google Drive) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (YouTube) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-17]
CHR Extension: (Google Search) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Google Sheets) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-02-17]
CHR Extension: (Google Docs Offline) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-17]
CHR Extension: (Our Search Window) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbomhpfemhagdhggnjbdnlaicjfmklif [2016-02-17] [UpdateUrl: hxxp://cdn.oursearchwindow.com/update] <==== ATTENTION
CHR Extension: (Chrome Web Store Payments) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-17]
CHR Extension: (Gmail) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-17]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S2 0298281455754043mcinstcleanup; C:\WINDOWS\TEMP\029828~1.EXE [918056 2015-11-27] (McAfee, Inc.)
R2 AMD FUEL Service; c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-06-23] (Advanced Micro Devices, Inc.) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\adminservice.exe [323152 2015-06-07] (Windows ® Win 7 DDK provider)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [139504 2015-12-17] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [139504 2015-12-17] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [119656 2016-01-15] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [49864 2015-08-24] ()
R2 Dell Product Registration; C:\Program Files\Dell\Product Registration\PRSvc.exe [32104 2015-12-05] (Dell)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)
S3 McAWFwk; C:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [379896 2015-07-03] (McAfee, Inc.)
R2 mcbootdelaystartsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.203.0\McCSPServiceHost.exe [1694152 2015-12-02] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R3 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 OSDSrv; C:\Windows\SysWOW64\OSDSrv\OSDSrv.EXE [192512 2013-12-27] () [File not signed]
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [253776 2014-04-14] ()
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2016-02-17] (Realtek Semiconductor)
R2 Service Mgr GenerousDeal; C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugincontainer.exe [1413352 2016-02-17] () <==== ATTENTION
R2 Service Mgr OurSearchWindow; C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugincontainer.exe [1406176 2016-02-17] () <==== ATTENTION
R2 tbaseprovisioning; C:\Windows\SysWOW64\tbaseprovisioning.exe [60432 2015-06-23] (Advanced Micro Devices, Inc.)
R2 Update Mgr GenerousDeal; C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\updater.exe [1271528 2016-02-17] () <==== ATTENTION
R2 Update Mgr OurSearchWindow; C:\Program Files (x86)\Common Files\3c022f79-33eb-49e6-81b8-ddaa369645b1\updater.exe [1283296 2016-02-17] () <==== ATTENTION
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [563456 2015-01-20] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S3 amdkmcsp; C:\Windows\system32\DRIVERS\amdkmcsp.sys [101104 2015-06-23] (Advanced Micro Devices, Inc. )
R0 amdkmpfd; C:\Windows\System32\drivers\amdkmpfd.sys [73976 2015-06-04] (Advanced Micro Devices, Inc.)
R0 amdpsp; C:\Windows\System32\DRIVERS\amdpsp.sys [277240 2015-06-23] (Advanced Micro Devices, Inc. )
R2 APXACC; C:\Windows\system32\DRIVERS\appexDrv.sys [229056 2015-04-03] (AppEx Networks Corporation)
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4341424 2016-02-17] (Qualcomm Atheros Communications, Inc.)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-05-28] (Advanced Micro Devices)
R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
S3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [91912 2013-11-12] (CyberLink)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
U3 mfeaack01; no ImagePath
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
U3 mfeavfk01; no ImagePath
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
U3 mfehidk01; no ImagePath
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [886528 2015-05-29] (Realtek                                            )
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-17 23:34 - 2016-02-17 23:36 - 00019898 _____ C:\Users\Brian\Downloads\FRST.txt
2016-02-17 23:33 - 2016-02-17 23:34 - 00000000 ____D C:\FRST
2016-02-17 23:32 - 2016-02-17 23:33 - 02371072 _____ (Farbar) C:\Users\Brian\Downloads\FRST64.exe
2016-02-17 23:32 - 2016-02-17 23:33 - 02371072 _____ (Farbar) C:\Users\Brian\Downloads\FRST64 (1).exe
2016-02-17 21:59 - 2016-02-17 21:59 - 01119338 _____ ( ) C:\Users\Brian\exe.exe
2016-02-17 21:40 - 2016-02-17 21:45 - 00000000 ____D C:\Users\Brian\AppData\Roaming\InetStat
2016-02-17 21:40 - 2016-02-17 21:40 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2016-02-17 21:40 - 2016-02-17 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Streaming Movies
2016-02-17 21:40 - 2016-02-17 21:40 - 00000000 ____D C:\Program Files (x86)\HD Streaming Movies
2016-02-17 21:39 - 2016-02-17 21:40 - 00000000 ____D C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
2016-02-17 21:39 - 2016-02-17 21:40 - 00000000 ____D C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1
2016-02-17 21:39 - 2016-02-17 21:39 - 00003686 _____ C:\WINDOWS\System32\Tasks\One System Care Task
2016-02-17 21:39 - 2016-02-17 21:39 - 00003372 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
2016-02-17 21:39 - 2016-02-17 21:39 - 00002936 _____ C:\WINDOWS\System32\Tasks\One System CarePeriod
2016-02-17 21:39 - 2016-02-17 21:39 - 00000308 _____ C:\WINDOWS\Tasks\One System CarePeriod.job
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\Users\Brian\AppData\Roaming\One System Care
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\ProgramData\5a6b4461-7821-1
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\ProgramData\5a6b4461-1f93-0
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\Program Files (x86)\Our Search Window
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\Program Files (x86)\Generous Deal
2016-02-17 21:35 - 2016-02-17 21:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-02-17 19:13 - 2016-02-17 19:13 - 00000000 ____D C:\ProgramData\Intel Security
2016-02-17 19:11 - 2016-02-17 19:11 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-02-17 17:30 - 2016-02-17 18:00 - 00000000 ___DC C:\WINDOWS\Panther
2016-02-17 17:27 - 2016-02-17 17:27 - 00000000 ____D C:\Windows.old
2016-02-17 17:25 - 2016-02-17 17:25 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-17 17:25 - 2016-02-17 17:25 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-02-17 17:25 - 2016-02-17 17:25 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-02-17 17:25 - 2016-02-17 17:25 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-02-17 17:25 - 2016-02-17 17:25 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2016-02-17 17:25 - 2016-02-17 17:25 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2016-02-17 17:25 - 2016-02-17 17:25 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-17 17:25 - 2016-02-17 17:25 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-02-17 17:25 - 2016-02-17 17:25 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-02-17 17:25 - 2016-02-17 17:25 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
2016-02-17 17:25 - 2016-02-17 17:25 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
2016-02-17 17:25 - 2016-02-17 17:25 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
2016-02-17 17:25 - 2016-02-17 17:25 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
2016-02-17 17:25 - 2016-02-17 17:25 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2016-02-17 17:25 - 2016-02-17 17:25 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
2016-02-17 17:25 - 2016-02-17 17:25 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2016-02-17 17:25 - 2016-02-17 17:25 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
2016-02-17 17:25 - 2016-02-17 17:25 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
2016-02-17 17:25 - 2016-02-17 17:25 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-17 17:25 - 2016-02-17 17:25 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2016-02-17 17:25 - 2016-02-17 17:25 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-17 17:25 - 2016-02-17 17:25 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-02-17 17:25 - 2016-02-17 17:25 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-02-17 17:25 - 2016-02-17 17:25 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
2016-02-17 17:25 - 2016-02-17 17:25 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
2016-02-17 17:25 - 2016-02-17 17:25 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-02-17 17:25 - 2016-02-17 17:25 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
2016-02-17 17:25 - 2016-02-17 17:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2016-02-17 17:25 - 2016-02-17 17:25 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-17 17:25 - 2016-02-17 17:25 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
2016-02-17 17:25 - 2016-02-17 17:25 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
2016-02-17 17:25 - 2016-02-17 17:25 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2016-02-17 17:25 - 2016-02-17 17:25 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-02-17 17:25 - 2016-02-17 17:25 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
2016-02-17 17:25 - 2016-02-17 17:25 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2016-02-17 17:25 - 2016-02-17 17:25 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2016-02-17 17:25 - 2016-02-17 17:25 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2016-02-17 17:24 - 2016-02-17 17:25 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-02-17 17:24 - 2016-02-17 17:24 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-02-17 17:24 - 2016-02-17 17:24 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
2016-02-17 17:24 - 2016-02-17 17:24 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-02-17 17:24 - 2016-02-17 17:24 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-02-17 17:24 - 2016-02-17 17:24 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-02-17 17:24 - 2016-02-17 17:24 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-02-17 17:24 - 2016-02-17 17:24 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-02-17 17:24 - 2016-02-17 17:24 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-02-17 17:24 - 2016-02-17 17:24 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-02-17 17:24 - 2016-02-17 17:24 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2016-02-17 17:24 - 2016-02-17 17:24 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-02-17 17:24 - 2016-02-17 17:24 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2016-02-17 17:24 - 2016-02-17 17:24 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-02-17 17:24 - 2016-02-17 17:24 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-02-17 17:24 - 2016-02-17 17:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
2016-02-17 17:24 - 2016-02-17 17:24 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
2016-02-17 17:24 - 2016-02-17 17:24 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-17 17:24 - 2016-02-17 17:24 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2016-02-17 17:24 - 2016-02-17 17:24 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2016-02-17 17:24 - 2016-02-17 17:24 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2016-02-17 17:24 - 2016-02-17 17:24 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-17 17:24 - 2016-02-17 17:24 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2016-02-17 17:19 - 2016-02-17 17:19 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-02-17 17:16 - 2016-02-17 17:16 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-02-17 17:16 - 2016-02-17 17:16 - 00000000 ____D C:\Program Files\MSBuild
2016-02-17 17:16 - 2016-02-17 17:16 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-02-17 17:16 - 2016-02-17 17:16 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-02-17 17:15 - 2015-10-23 20:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-02-17 17:15 - 2015-10-23 20:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-02-17 17:15 - 2015-10-23 20:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-02-17 17:15 - 2015-10-23 20:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-02-17 17:15 - 2015-10-23 20:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-02-17 17:15 - 2015-10-23 20:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-02-17 16:22 - 2016-02-17 16:22 - 00002215 _____ C:\Users\Public\Desktop\Dell Help & Support.lnk
2016-02-17 15:29 - 2016-02-17 15:29 - 00002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-02-17 15:29 - 2016-02-17 15:29 - 00002338 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-02-17 15:20 - 2016-02-17 15:20 - 00987728 _____ (Google Inc.) C:\Users\Brian\Downloads\ChromeSetup.exe
2016-02-17 15:00 - 2016-02-17 15:00 - 00000000 ____D C:\Users\Brian\AppData\Local\ActiveSync
2016-02-17 14:58 - 2016-02-17 14:58 - 00000020 ___SH C:\Users\Brian\ntuser.ini
2016-02-17 14:55 - 2016-02-17 14:55 - 00000000 _SHDL C:\Users\Default\My Documents
2016-02-17 14:55 - 2016-02-17 14:55 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-02-17 14:55 - 2016-02-17 14:55 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-02-17 14:55 - 2016-02-17 14:55 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-02-17 14:55 - 2016-02-17 14:55 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-02-17 14:55 - 2016-02-17 14:55 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-02-17 14:55 - 2016-02-17 14:55 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-02-17 14:49 - 2016-02-17 14:49 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-02-17 14:48 - 2016-02-17 15:10 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-17 14:48 - 2016-02-17 14:48 - 00000272 _____ C:\WINDOWS\Tasks\RunDLC.job
2016-02-17 14:42 - 2016-02-17 14:42 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-02-17 14:40 - 2016-02-17 14:43 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-02-17 14:38 - 2016-02-17 21:59 - 00000000 ____D C:\Users\Brian
2016-02-17 14:38 - 2016-02-17 14:38 - 00000000 _SHDL C:\Users\Brian\My Documents
2016-02-17 14:38 - 2016-02-17 14:38 - 00000000 _SHDL C:\Users\Brian\Documents\My Videos
2016-02-17 14:38 - 2016-02-17 14:38 - 00000000 _SHDL C:\Users\Brian\Documents\My Pictures
2016-02-17 14:38 - 2016-02-17 14:38 - 00000000 _SHDL C:\Users\Brian\Documents\My Music
2016-02-17 14:35 - 2016-02-17 15:09 - 00065536 _____ C:\WINDOWS\system32\spu_storage.bin
2016-02-17 14:35 - 2016-02-17 14:40 - 00000000 ____D C:\Program Files\AMD
2016-02-17 14:35 - 2016-02-17 14:35 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_amdpsp_01011.Wdf
2016-02-17 14:35 - 2016-02-17 14:35 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2016-02-17 14:35 - 2016-02-17 14:35 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-02-17 14:35 - 2016-02-17 14:35 - 00000000 ____D C:\Program Files\Common Files\ATI Technologies
2016-02-17 14:35 - 2016-02-17 14:35 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-02-17 14:35 - 2015-10-30 02:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-02-17 14:34 - 2016-02-17 14:34 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-02-17 14:34 - 2016-02-17 14:34 - 00000000 ____D C:\Program Files\Realtek
2016-02-17 14:31 - 2016-02-17 14:44 - 00201352 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-17 13:41 - 2016-02-17 13:41 - 72130584 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCORES64.dat
2016-02-17 13:41 - 2016-02-17 13:41 - 13242880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 13078352 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 12126952 _____ (Waves Audio Ltd.) C:\WINDOWS\SysWOW64\MaxxVoiceAPO30.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 07181616 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 07104888 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2016-02-17 13:41 - 2016-02-17 13:41 - 04518136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-02-17 13:41 - 2016-02-17 13:41 - 03709056 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioMeters64.exe
2016-02-17 13:41 - 2016-02-17 13:41 - 03309264 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 03269440 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 02999808 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 02935544 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 02880873 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2016-02-17 13:41 - 2016-02-17 13:41 - 02856704 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 02719992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-02-17 13:41 - 2016-02-17 13:41 - 02058880 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 02001056 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO264.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 01991784 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 01804936 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 01766136 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 01764432 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO232.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 01613720 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 01530872 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 01416832 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 01351176 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 01231248 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 01183352 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 01015608 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00930848 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBAPO64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00784312 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBAPO32.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00759208 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00742536 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00723232 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00693032 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00692520 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00659872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00657304 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBTHX64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00591640 _____ (Creative Technology Ltd.) C:\WINDOWS\SysWOW64\MBTHX32.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00588120 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00545824 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00517464 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00460440 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00458016 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00453848 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00422432 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBWrp64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00399464 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00355496 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00342280 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00339136 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00333288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00333288 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00283928 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00264968 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00264896 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00263944 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00232712 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00225504 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00220136 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00212256 _____ (Waves Audio) C:\WINDOWS\system32\MaxxAudioVienna264.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00187280 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00176480 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00174632 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkXInterface64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00161952 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00144184 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00131024 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00128512 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00120720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00097976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00094168 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00084048 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBppld64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00079296 _____ (Creative Technology Ltd.) C:\WINDOWS\system32\MBPPCn64.dll
2016-02-17 13:41 - 2016-02-17 13:41 - 00032392 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-02-17 13:05 - 2016-02-17 23:10 - 00000928 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-17 13:05 - 2016-02-17 21:33 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-17 13:05 - 2016-02-17 14:49 - 00003440 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-17 13:05 - 2016-02-17 14:48 - 00003216 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-17 13:05 - 2016-02-17 13:05 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-17 13:05 - 2016-02-17 13:05 - 00000000 ____D C:\Program Files (x86)\Dell Customer Connect
2016-02-17 13:04 - 2016-02-17 16:12 - 00000000 ____D C:\Users\Brian\AppData\Local\Google
2016-02-17 12:59 - 2016-02-17 12:59 - 00000000 ____D C:\Users\Brian\AppData\Local\Comms
2016-02-17 12:57 - 2016-02-17 12:59 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-17 12:57 - 2016-02-17 12:57 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-17 12:53 - 2016-02-17 13:03 - 00000000 ____D C:\Users\Brian\AppData\Local\MicrosoftEdge
2016-02-17 12:22 - 2016-02-17 15:02 - 00002369 _____ C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-17 12:22 - 2016-02-17 15:02 - 00000000 ___RD C:\Users\Brian\OneDrive
2016-02-17 12:22 - 2016-02-17 12:22 - 00000000 ____D C:\Users\Brian\AppData\Local\AMD
2016-02-17 12:21 - 2016-02-17 12:21 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Macromedia
2016-02-17 12:21 - 2016-02-17 12:21 - 00000000 ____D C:\Users\Brian\AppData\Roaming\ATI
2016-02-17 12:21 - 2016-02-17 12:21 - 00000000 ____D C:\Users\Brian\AppData\Local\NetworkTiles
2016-02-17 12:21 - 2016-02-17 12:21 - 00000000 ____D C:\Users\Brian\AppData\Local\ATI
2016-02-17 12:21 - 2016-02-17 12:21 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-02-17 12:21 - 2016-02-17 12:21 - 00000000 ____D C:\ProgramData\ATI
2016-02-17 12:20 - 2016-02-17 12:20 - 00000000 ____D C:\Users\Brian\AppData\Roaming\DropboxOEM
2016-02-17 12:19 - 2016-02-17 12:19 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Adobe
2016-02-17 12:19 - 2016-02-17 12:19 - 00000000 ____D C:\Users\Brian\AppData\Local\VirtualStore
2016-02-17 12:19 - 2016-02-17 12:19 - 00000000 ____D C:\Users\Brian\AppData\Local\Publishers
2016-02-17 12:19 - 2016-02-17 12:19 - 00000000 ____D C:\Users\Brian\AppData\Local\Power2Go8
2016-02-17 12:19 - 2016-02-17 12:19 - 00000000 ____D C:\Users\Brian\AppData\Local\DropboxOEM
2016-02-17 12:18 - 2016-02-17 17:13 - 00000000 ____D C:\Users\Brian\AppData\Local\Packages
2016-02-17 12:18 - 2016-02-17 12:18 - 00016148 _____ C:\WINDOWS\system32\DESKTOP-TE5JKGB_defaultuser0_HistoryPrediction.bin
2016-02-17 12:18 - 2016-02-17 12:18 - 00000000 ____D C:\Users\Brian\AppData\Local\TileDataLayer
2016-02-17 12:15 - 2016-02-17 14:49 - 00002702 _____ C:\WINDOWS\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337
2016-02-17 12:12 - 2016-02-17 12:12 - 04341424 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys
2016-02-17 12:11 - 2016-02-17 12:11 - 00000000 ____D C:\Program Files (x86)\Dell Update
2016-02-17 12:07 - 2016-02-17 15:12 - 00000000 _____ C:\WINDOWS\system32\Buffer.xml
2016-02-17 12:06 - 2016-02-17 14:49 - 00002996 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
2016-02-17 12:06 - 2016-02-17 14:49 - 00002984 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
2016-02-17 12:06 - 2016-02-17 14:48 - 00003814 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
2016-02-17 11:58 - 2016-02-17 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 20 GB
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-02-17 23:12 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-02-17 23:06 - 2015-12-17 05:01 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-02-17 21:41 - 2015-07-10 06:04 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-02-17 21:32 - 2015-12-17 05:01 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-02-17 19:15 - 2015-12-17 05:05 - 00000000 ____D C:\ProgramData\McAfee
2016-02-17 19:15 - 2015-12-17 05:05 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-02-17 19:14 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-02-17 19:13 - 2015-12-17 05:06 - 00003122 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2016-02-17 19:13 - 2015-12-17 05:06 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-02-17 19:13 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
2016-02-17 17:30 - 2015-10-30 02:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-02-17 17:26 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-17 17:26 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-02-17 17:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-02-17 17:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-02-17 17:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-17 17:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
2016-02-17 17:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-02-17 17:26 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-02-17 17:26 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-02-17 17:18 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-17 16:22 - 2015-12-17 05:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-02-17 16:22 - 2015-12-17 04:40 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2016-02-17 16:21 - 2015-12-17 05:00 - 00000000 ____D C:\Program Files\Dell
2016-02-17 16:20 - 2015-12-17 04:12 - 00000000 ____D C:\ProgramData\Dell
2016-02-17 15:17 - 2015-12-17 04:45 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-17 15:14 - 2015-12-17 04:51 - 00336612 _____ C:\WINDOWS\SysWOW64\rootpa.e2e
2016-02-17 15:14 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-02-17 15:09 - 2015-10-30 01:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2016-02-17 15:07 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-17 14:59 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-02-17 14:59 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-02-17 14:59 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-17 14:58 - 2015-12-17 06:06 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-17 14:56 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-17 14:55 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
2016-02-17 14:54 - 2015-12-17 06:11 - 00027118 _____ C:\WINDOWS\diagerr.xml
2016-02-17 14:54 - 2015-12-17 06:11 - 00024768 _____ C:\WINDOWS\diagwrn.xml
2016-02-17 14:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-02-17 14:52 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Registration
2016-02-17 14:48 - 2015-12-17 05:01 - 00003448 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineUA
2016-02-17 14:48 - 2015-12-17 05:01 - 00003224 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskMachineCore
2016-02-17 14:48 - 2015-12-17 05:01 - 00002172 _____ C:\WINDOWS\System32\Tasks\DropboxOEM
2016-02-17 14:48 - 2015-12-17 04:46 - 00002304 _____ C:\WINDOWS\System32\Tasks\RtHDVBg_PushButton
2016-02-17 14:48 - 2015-12-17 04:41 - 00002528 _____ C:\WINDOWS\System32\Tasks\CLVDLauncher
2016-02-17 14:48 - 2015-12-17 04:41 - 00002528 _____ C:\WINDOWS\System32\Tasks\CLMLSvc_P2G8
2016-02-17 14:48 - 2015-10-30 02:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-17 14:43 - 2015-12-17 04:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Quick Stream
2016-02-17 14:43 - 2015-12-17 04:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-02-17 14:43 - 2015-12-17 04:52 - 00000000 ____D C:\WINDOWS\system32\nn-NO
2016-02-17 14:43 - 2015-12-17 04:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio
2016-02-17 14:43 - 2015-12-17 04:45 - 00000000 ____D C:\WINDOWS\SysWOW64\OSDSrv
2016-02-17 14:43 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-02-17 14:43 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-17 14:42 - 2015-07-10 04:05 - 00000000 ____D C:\Users\Default.migrated
2016-02-17 14:40 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-02-17 14:40 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\spool
2016-02-17 14:40 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-17 14:40 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\USOPrivate
2016-02-17 14:37 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-02-17 14:32 - 2015-10-30 04:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-02-17 13:59 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-02-17 12:21 - 2015-12-17 05:05 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-02-17 12:06 - 2015-12-17 05:01 - 00000000 ____D C:\ProgramData\PCDr
2016-02-17 11:58 - 2015-12-17 05:01 - 00000000 ____D C:\Program Files (x86)\Dropbox
2016-02-03 14:01 - 2015-10-30 02:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-03 14:01 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
 
==================== Files in the root of some directories =======
 
2016-02-17 14:35 - 2016-02-17 14:35 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-12-17 04:45 - 2015-12-17 04:45 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-12-17 04:40 - 2015-12-17 04:41 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-12-17 04:44 - 2015-12-17 04:45 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-12-17 04:41 - 2015-12-17 04:44 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log
 
Files to move or delete:
====================
C:\Users\Brian\exe.exe
 
 
Some files in TEMP:
====================
C:\Users\Brian\AppData\Local\Temp\{2B0BB8C1-3F59-4F9A-87B0-9ECFB1AE2D05}.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-02-17 14:31
 
==================== End of FRST.txt ============================

 

 

 
 
 
 
 
 
 
 
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Brian (2016-02-17 23:38:23)
Running from C:\Users\Brian\Downloads
Windows 10 Home (X64) (2016-02-17 19:55:34)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-3966969871-3314231949-1999686048-500 - Administrator - Disabled)
Brian (S-1-5-21-3966969871-3314231949-1999686048-1002 - Administrator - Enabled) => C:\Users\Brian
DefaultAccount (S-1-5-21-3966969871-3314231949-1999686048-503 - Limited - Disabled)
Guest (S-1-5-21-3966969871-3314231949-1999686048-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
AMD Catalyst Install Manager (HKLM\...\{E047DD59-CE64-B61B-6A59-C29167BF36E7}) (Version: 8.0.916.0 - Advanced Micro Devices, Inc.)
AMD Quick Stream (HKLM\...\{E9EED4AE-682B-4501-9574-D09A21717599}_is1) (Version: 4.0.0.0 - AppEx Networks)
CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 12 - CyberLink Corp.)
Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.)
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{AE5E3C86-2633-4DAF-A7F4-C43D1E738BAE}) (Version: 3.1.3300.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{A00269ED-FD88-4907-834B-60B70DCE82C5}) (Version: 2.0.366.0 - Dell Inc.)
Dell Help & Support (Version: 2.0.366.0 - Dell Inc.) Hidden
Dell OSD (HKLM-x32\...\Dell OSD_is1) (Version: 1.3.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.1.6664.10 - Dell)
Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{BDFDA32C-FD6C-3BCA-B595-9BF9BE570347}) (Version: 3.1.0.0 - Dropbox, Inc.)
DSC/AA Factory Installer (Version: 1.1.6664.10 - PC-Doctor, Inc.) Hidden
Generous Deal (HKLM-x32\...\Generous Deal) (Version: 2.0.5891.31026 - Generous Deal) <==== ATTENTION
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.109 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
HD Streaming Movies 1.2 (HKLM-x32\...\{8842D370-60C5-4F0B-92E5-9158B57178DD}_is1) (Version: 1.2 - JDL)
InetStat (HKU\S-1-5-21-3966969871-3314231949-1999686048-1002\...\InetStat) (Version: 0.5b - InetStat) <==== ATTENTION
Maxx Audio Installer (x64) (Version: 1.6.5073.107 - Waves Audio Ltd.) Hidden
McAfee LiveSafe - Internet Security (HKLM-x32\...\MSC) (Version: 14.0.7080 - McAfee, Inc.)
Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4693.1005 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
One System Care (HKLM-x32\...\OneSystemCare) (Version: 2.10.10.0 - OneSystemCare) <==== ATTENTION
Our Search Window (HKLM-x32\...\Our Search Window) (Version: 2.0.5891.32727 - Our Search Window) <==== ATTENTION
Product Registration (HKLM-x32\...\InstallShield_{B96204EB-3051-4B4F-9534-ED13FE7095D1}) (Version: 2.2.27.0 - Dell Inc.)
Product Registration (Version: 2.2.27.0 - Dell Inc.) Hidden
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.0 - Qualcomm Atheros)
Realtek Ethernet Controller All-In-One Windows Driver (HKLM-x32\...\{F7E7F0CB-AA41-4D5A-B6F2-8E6738EB063F}) (Version: 10.1.505.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-3966969871-3314231949-1999686048-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Brian\AppData\Local\Microsoft\OneDrive\17.3.6301.0127_1\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {35105A6B-F7A0-4141-B209-FA29FE71AA07} - System32\Tasks\One System Care Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2016-02-05] () <==== ATTENTION
Task: {3DC3518D-A2DF-43F4-8EB0-C68D373380F1} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {4DE4D67E-77D6-40AF-A916-EAF9304B7406} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe <==== ATTENTION
Task: {6365F991-DDBA-4260-BF93-017484F4D84A} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-12-15] ()
Task: {642CF56F-BED9-4F7F-87FC-E079AA0A1249} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-02-17] (Microsoft Corporation)
Task: {906B35F3-8E1C-4A5F-BB9C-D441CE8FED2A} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-17] (Dropbox, Inc.)
Task: {9A202180-4F46-4772-9E9A-FE5FF4543900} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-05-19] (PC-Doctor, Inc.)
Task: {9A60AAD4-0CDF-43E6-AF2A-F2F31E2451B4} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {A9B82DEA-FD92-4B17-BCC1-304AEA59F95E} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2016-02-05] () <==== ATTENTION
Task: {AE86FF9D-FBAB-4D97-BBB7-F0C52EC1C04C} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-05-19] (PC-Doctor, Inc.)
Task: {B0B1B692-24B8-44FA-ADF8-857ED358942B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-17] (Google Inc.)
Task: {B60C9C89-CF71-4280-8C55-74384257D7EC} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-01-03] (McAfee, Inc.)
Task: {B8BAA861-F609-4E5C-9196-256D8E6EC52A} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {B94CFC20-E7B6-4F86-BC2C-8AAD011D757D} - System32\Tasks\CLVDLauncher => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLVDLauncher.exe [2015-01-28] (CyberLink Corp.)
Task: {B95981CB-B779-4BC7-93CD-51B66D4A6D44} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-12-17] (Dropbox, Inc.)
Task: {D029BD83-B64F-4F7F-80B6-3164F4637E61} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe
Task: {D7F6C482-BFA9-46D8-85F7-41FD39587BD9} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-17] (Realtek Semiconductor)
Task: {E15EB29D-8272-473B-973F-F1E7743E424E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-17] (Google Inc.)
Task: {FF964B6F-6CC4-455C-9CC5-43D5789708BB} - System32\Tasks\CLMLSvc_P2G8 => C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvc_P2G8.exe [2015-08-18] (CyberLink)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\One System CarePeriod.job =>  <==== ATTENTION
Task: C:\WINDOWS\Tasks\RunDLC.job => rth \ cmd c sc start Dell Help Support WORKGROUP DESKTOP TE5JKGB
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-12-17 04:45 - 2013-12-27 13:02 - 00192512 _____ () C:\Windows\SysWOW64\OSDSrv\OSDSrv.EXE
2015-06-23 00:37 - 2015-06-23 00:37 - 00127488 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2015-12-17 04:43 - 2014-04-14 21:59 - 00253776 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
2015-08-24 16:32 - 2015-08-24 16:32 - 00049864 _____ () C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-17 17:25 - 2016-02-17 17:25 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-06-23 00:37 - 2015-06-23 00:37 - 00102400 _____ () c:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Proxy.Native.dll
2015-12-15 16:54 - 2015-12-15 16:54 - 00539136 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe
2016-02-17 15:35 - 2016-02-17 15:36 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-17 20:15 - 2016-02-17 20:15 - 01406176 ____N () C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugincontainer.exe
2016-02-17 20:15 - 2016-02-17 23:40 - 01267936 _____ () C:\Program Files (x86)\Common Files\3c022f79-33eb-49e6-81b8-ddaa369645b1\updater.exe
2016-02-17 20:15 - 2016-02-17 20:15 - 01413352 ____N () C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugincontainer.exe
2016-02-17 20:17 - 2016-02-17 23:40 - 01275624 _____ () C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\updater.exe
2016-02-17 21:40 - 2016-02-17 21:40 - 00713960 _____ () C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugins\6\plugin.exe
2016-02-17 21:40 - 2016-02-17 21:40 - 01625824 _____ () C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugins\8\plugin.exe
2016-02-17 21:40 - 2016-02-17 21:40 - 01580768 _____ () C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugins\2\plugin.exe
2016-02-17 21:40 - 2016-02-17 21:40 - 00794856 _____ () C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugins\3\plugin.exe
2016-02-17 21:40 - 2016-02-17 21:40 - 00840206 _____ () C:\Users\Brian\AppData\Roaming\InetStat\inetstat.exe
2016-02-17 21:40 - 2016-02-17 21:40 - 00729320 _____ () C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\12\plugin.exe
2016-02-17 22:40 - 2016-02-17 22:40 - 00509160 _____ () C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugins\10\plugin.exe
2016-02-17 22:40 - 2016-02-17 22:40 - 00536296 _____ () C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugins\7\plugin.exe
2016-02-17 22:40 - 2016-02-17 22:40 - 00793832 _____ () C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\3\plugin.exe
2016-02-17 22:40 - 2016-02-17 22:40 - 00515816 _____ () C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\10\plugin.exe
2016-02-17 22:40 - 2016-02-17 22:40 - 00537320 _____ () C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\7\plugin.exe
2016-02-17 21:40 - 2016-02-17 21:40 - 01644264 _____ () C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\8\plugin.exe
2016-02-17 21:40 - 2016-02-17 21:40 - 01588968 _____ () C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugins\2\plugin.exe
2016-02-17 13:02 - 2016-02-17 13:03 - 09789952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.27.2.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
2015-06-23 19:26 - 2015-06-23 19:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2015-11-04 16:21 - 2015-11-04 16:21 - 00197632 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\Ledger.dll
2015-10-23 11:27 - 2015-10-23 11:27 - 00107520 _____ () C:\Program Files (x86)\Dropbox\DropboxOEM\zlib1.dll
2015-12-17 04:41 - 2014-12-08 02:28 - 00627672 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMediaLibrary.dll
2014-12-08 18:28 - 2014-12-08 18:28 - 00016856 _____ () C:\Program Files (x86)\CyberLink\CyberLink Media Suite\Power2Go8\CLMLSvcPS.dll
2016-02-17 15:35 - 2016-02-17 15:36 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-02-17 15:35 - 2016-02-17 15:36 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-02-17 21:41 - 2016-02-17 21:40 - 00578792 _____ () C:\Users\Brian\AppData\Local\Temp\{2B0BB8C1-3F59-4F9A-87B0-9ECFB1AE2D05}.dll
2016-02-17 15:29 - 2016-02-09 06:58 - 01632584 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libglesv2.dll
2016-02-17 15:29 - 2016-02-09 06:58 - 00087880 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\libegl.dll
2016-02-17 15:29 - 2016-02-09 06:58 - 16810824 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.109\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 06:04 - 2015-07-10 06:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-3966969871-3314231949-1999686048-1002\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\theme1\img1.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{F89523DA-2476-4F44-814B-47A11016112E}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{18416899-F652-4A77-9E66-D5F0DA05D21F}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [{80420B34-9CE8-442F-BFC3-D9A4C4F51E6A}] => (Allow) C:\Program Files (x86)\CyberLink\CyberLink Media Suite\PowerDirector12\PDR10.EXE
FirewallRules: [{2CFBBA7F-96A1-4EBE-954F-05EE8F185B3D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
17-02-2016 15:06:20 Windows Update
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/17/2016 05:03:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: AUDIODG.EXE, version: 10.0.10586.71, time stamp: 0x5699d655
Faulting module name: combase.dll, version: 10.0.10586.103, time stamp: 0x56a849ab
Exception code: 0xc0000005
Fault offset: 0x000000000009fd18
Faulting process id: 0x1b7c
Faulting application start time: 0xAUDIODG.EXE0
Faulting application path: AUDIODG.EXE1
Faulting module path: AUDIODG.EXE2
Report Id: AUDIODG.EXE3
Faulting package full name: AUDIODG.EXE4
Faulting package-relative application ID: AUDIODG.EXE5
 
Error: (02/17/2016 04:22:21 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: InstallationTool.exe, version: 1.0.0.0, time stamp: 0x55dad243
Faulting module name: KERNELBASE.dll, version: 10.0.10586.103, time stamp: 0x56a853fe
Exception code: 0xe0434352
Fault offset: 0x000bd928
Faulting process id: 0xd68
Faulting application start time: 0xInstallationTool.exe0
Faulting application path: InstallationTool.exe1
Faulting module path: InstallationTool.exe2
Report Id: InstallationTool.exe3
Faulting package full name: InstallationTool.exe4
Faulting package-relative application ID: InstallationTool.exe5
 
Error: (02/17/2016 04:22:20 PM) (Source: .NET Runtime) (EventID: 1026) (User: )
Description: Application: InstallationTool.exe
Framework Version: v4.0.30319
Description: The process was terminated due to an unhandled exception.
Exception Info: System.IO.FileNotFoundException
   at UninstallDLC.Program.Main(System.String[])
 
Error: (02/17/2016 03:37:25 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-TE5JKGB)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/17/2016 03:37:12 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-TE5JKGB)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/17/2016 03:31:20 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-TE5JKGB)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/17/2016 03:26:07 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-TE5JKGB)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/17/2016 03:20:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-TE5JKGB)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/17/2016 03:16:06 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-TE5JKGB)
Description: Activation of app Microsoft.WindowsPhone_8wekyb3d8bbwe!CompanionApp.App failed with error: -2147024770 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (02/17/2016 03:06:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
 
System errors:
=============
Error: (02/17/2016 09:41:02 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/17/2016 09:31:39 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-TE5JKGB)
Description: {0002DF02-0000-0000-C000-000000000046}
 
Error: (02/17/2016 09:31:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_14df26a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/17/2016 09:31:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_14df26a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/17/2016 09:31:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_14df26a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/17/2016 09:31:36 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_14df26a service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/17/2016 09:31:34 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/17/2016 07:50:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_40c63 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/17/2016 07:50:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_40c63 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (02/17/2016 07:50:32 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_40c63 service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
 
CodeIntegrity:
===================================
  Date: 2016-02-17 21:33:40.781
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 21:33:40.715
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 21:26:53.035
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 21:26:52.960
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 17:24:00.859
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 17:23:26.486
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 17:03:38.235
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 17:03:36.670
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 17:03:36.610
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\SensorsApi.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-17 15:07:29.637
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: AMD A8-7410 APU with AMD Radeon R5 Graphics 
Percentage of memory in use: 46%
Total physical RAM: 7105.2 MB
Available physical RAM: 3767.85 MB
Total Virtual: 13907.28 MB
Available Virtual: 1838.02 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:918.2 GB) (Free:868.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: B9A73E6C)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 



BC AdBot (Login to Remove)

 


#2 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:06:21 PM

Posted 18 February 2016 - 02:54 AM

Hi sushi_time,

Welcome to BleepingComputer. My name is dbrisendine and I'll be helping you with this problem. Before I get into the removal of malware / correction of your problem, I need you to be aware of the following:

  • Please read all of my response through at least once before attempting to follow the procedures described.I would recommend printing them out, if you can, as you can check off each step as you complete it. Also, as some of the cleaning may be done in Safe Mode and there will be no internet connection then, you will find that having the steps printed for reference speeds the cleaning process along. If there's anything you don't understand or isn't totally clear to you, please come back to me for clarification before you start those steps.
  • All of the assistants and staff at BleepingComputer are here on a volunteer basis; please respect our time given to the cause of helping others.If you are going to be away for more than 4 days, please let me know here. (I will do the same for you.) We do realize that 'life happens' and situations arise unexpectedly; we just ask that you keep us up to date.
  • Malware removal is a complex, multiple step process; please stay with me on this thread (don't start another thread) until I declare that your logs are clean and you are good to go. The absence of apparent issues does not mean your system is clean; I will tell you when everything looks good for you to go and help you remove the tools we have used.
  • If any of the security programs on your system should give any warnings about the software tools I ask you to download and use, please do not be alarmed.All of the tools I will have you use are safe to use (as instructed) and malware free.
  • While we strive to disrupt your system as little as possible, things happen.If you can, it would be best to back up your personal files now (if you do not already have a backup). You can store these on a CD/DVD, USB drive or stick, anywhere but on your same system. This will save you from possible anguish later if something unforeseen happens.
  • Please do not run any other tools or scanners than what I ask you to.Some of the openly available software made for malware removal can make changes to your system that interfere with the cleaning of the malware, or even destroy your system. I will use only what the situation calls for and direct you in the proper use of that software.
  • Please do not attach any log files to your replies unless I specifically ask you.Instead please copy and paste so as to include the log in your reply. You can do this in separate posts if it's easier for you.


    - Save ALL Tools to your Desktop-
     

    All the tools that I will have you download should be placed on the desktop unless otherwise stated. If you are familiar with how to save files to the desktop then you can skip this step.

    Since you are continuing with this step then I assume you are unfamiliar with saving files to your desktop. As a result it's easiest if you configure your browser(s) to download any tools to the desktop by default. Please use the appropriate instructions below depending on the browser you are using.
    Chrome.JPGGoogle Chrome - Click the "Customize and control Google Chrome" button in the upper right-corner of the browser.Settings.JPG Choose Settings. at the bottom of the screen click the
    "Show advanced settings..." link. Scroll down to find the Downloads section and click the Change... button. Select your desktop and click OK.
    Firefox.JPGMozilla Firefox - Click the "Open Menu" button in the upper right-corner of the browser. Settings.JPG Choose Options. In the downloads section, click the Browse button, click on the Desktop folder
    and the click the "Select Folder" button. Click OK to get out of the Options menu.
    IE.jpgInternet Explorer - Click the Tools menu in the upper right-corner of the browser. Tools.JPG Select View downloads. Select the Options link in the lower left of the window. Click Browse and
    select the Desktop and then choose the Select Folder button. Click OK to get out of the download options screen and then click Close to get out of the View Downloads screen.
    NOTE: IE8 Does not support changing download locations in this manner. You will need to download the tool(s) to the default folder, usually Downloads, then copy them to the desktop.
     

Let's get started....


Please move FRST64.exe from the downloads loaction to your desktop.  To do this, navigate to the C:\Users\Brian\Downloads folder and right click on the FRST64.exe file; select Cut from the menu.  Right click on an empty space on your desktop and select Paste from the menu.


FIRST >>>>

Please go to START (Windows Orb) >> Control Panel >> Uninstall a Program or Programs and Features and remove the following (if listed):

Generous Deal
InetStat
One System Care
Our Search Window


To do so, left clicking on the name once and then click Uninstall/Change at the bar above the list window.  

Follow the prompts of the uninstaller BUT please read carefully any questions it asks before answering; some uninstallers will try and deceive you into keeping the software.


SECOND >>>>

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt



Start
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1
C:\Program Files (x86)\Common Files\3c022f79-33eb-49e6-81b8-ddaa369645b1
C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
C:\Users\Brian\AppData\Roaming\InetStat
HKU\S-1-5-21-3966969871-3314231949-1999686048-1002\...\Run: [InetStat] => C:\Users\Brian\AppData\Roaming\InetStat\inetstat.exe [840206 2016-02-17] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCcw8PU1tIEBgXeQ4JTA1HQ1MOIglZVBRDQldGdggPUwwQEwEFIk0FA1ADB0VXfVBdFElXTwhsNUtrBFgDQl10KVdcDk4=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3966969871-3314231949-1999686048-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCcw8PU1tIEBgXeQ4JTA1HQ1MOIglZVBRDQldGdggPUwwQEwEFIk0FA1ADB0VXfVBdFElXTwhsNUtrBFgDQl10KVdcDk4=
SearchScopes: HKLM -> DefaultScope {1F1F27CD-5641-4257-B7C7-25B317F71AB7} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgLVw5DQwwSbQ0BVghcFQNBJhRaUVhEDAdAIlwOUA5DFFQRdB9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
SearchScopes: HKLM -> {1F1F27CD-5641-4257-B7C7-25B317F71AB7} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgLVw5DQwwSbQ0BVghcFQNBJhRaUVhEDAdAIlwOUA5DFFQRdB9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
BHO-x32: Our Search Window -> {79b7274a-124a-4eeb-8ce3-f4b50e19a3f7} -> C:\Program Files (x86)\Our Search Window\Extensions\79b7274a-124a-4eeb-8ce3-f4b50e19a3f7.dll [2016-02-17] ()
C:\Program Files (x86)\Our Search Window
BHO-x32: Generous Deal -> {c9581878-64b2-410a-833b-b3bb063b1dde} -> C:\Program Files (x86)\Generous Deal\Extensions\c9581878-64b2-410a-833b-b3bb063b1dde.dll [2016-02-17] ()
C:\Program Files (x86)\Generous Deal
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCcw8PU1tIEBgXeQ4JTA1HQ1MOIglZVBRDQldGdggPUwwQEwEFIk0FA1oDB0VXfV5bFElXTwhsNUtrBFgDQl10KVdcDk4="
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCcw8PU1tIEBgXeQ4JTA1HQ1MOIglZVBRDQldGdggPUwwQEwEFIk0FA1oDB0VXfV5bFElXTwhsNUtrBFgDQl10KVdcDk4="
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgLVw5DQwwSbQ0BVghcFQNBJhRaUVhEDAdAIlwOUA5DFFQRdB9aFQQTQkcFME0FBloEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFQQdg4KAwBADAEadwgVVQ8TRxhBcFgNTAsSQ1AVcQ4KVFhDFRNBNARaAktXUUEeJ1pNER8fHHpWMmpdAEsSSWJKLl1XFg==
CHR Extension: (Google Drive) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (Google Search) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Our Search Window) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbomhpfemhagdhggnjbdnlaicjfmklif [2016-02-17] [UpdateUrl: hxxp://cdn.oursearchwindow.com/update] <==== ATTENTION
S2 0298281455754043mcinstcleanup; C:\WINDOWS\TEMP\029828~1.EXE [918056 2015-11-27] (McAfee, Inc.)
C:\WINDOWS\TEMP\029828~1.EXE
R2 Service Mgr GenerousDeal; C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugincontainer.exe [1413352 2016-02-17] () <==== ATTENTION
R2 Service Mgr OurSearchWindow; C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugincontainer.exe [1406176 2016-02-17] () <==== ATTENTION
R2 Update Mgr GenerousDeal; C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\updater.exe [1271528 2016-02-17] () <==== ATTENTION
R2 Update Mgr OurSearchWindow; C:\Program Files (x86)\Common Files\3c022f79-33eb-49e6-81b8-ddaa369645b1\updater.exe [1283296 2016-02-17] () <==== ATTENTION
U3 mfeaack01; no ImagePath
U3 mfeavfk01; no ImagePath
U3 mfehidk01; no ImagePath
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
c:\program files\dell\supportassist\pcdsrvc_x64.pkms
2016-02-17 21:59 - 2016-02-17 21:59 - 01119338 _____ ( ) C:\Users\Brian\exe.exe
2016-02-17 21:40 - 2016-02-17 21:45 - 00000000 ____D C:\Users\Brian\AppData\Roaming\InetStat
2016-02-17 21:40 - 2016-02-17 21:40 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2016-02-17 21:40 - 2016-02-17 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Streaming Movies
2016-02-17 21:40 - 2016-02-17 21:40 - 00000000 ____D C:\Program Files (x86)\HD Streaming Movies
2016-02-17 21:39 - 2016-02-17 21:40 - 00000000 ____D C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
2016-02-17 21:39 - 2016-02-17 21:40 - 00000000 ____D C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1
2016-02-17 21:39 - 2016-02-17 21:39 - 00003686 _____ C:\WINDOWS\System32\Tasks\One System Care Task
2016-02-17 21:39 - 2016-02-17 21:39 - 00003372 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
2016-02-17 21:39 - 2016-02-17 21:39 - 00002936 _____ C:\WINDOWS\System32\Tasks\One System CarePeriod
2016-02-17 21:39 - 2016-02-17 21:39 - 00000308 _____ C:\WINDOWS\Tasks\One System CarePeriod.job
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\Users\Brian\AppData\Roaming\One System Care
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\ProgramData\5a6b4461-7821-1
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\ProgramData\5a6b4461-1f93-0
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\Program Files (x86)\Our Search Window
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\Program Files (x86)\Generous Deal
2016-02-17 14:35 - 2016-02-17 14:35 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-12-17 04:45 - 2015-12-17 04:45 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-12-17 04:40 - 2015-12-17 04:41 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-12-17 04:44 - 2015-12-17 04:45 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-12-17 04:41 - 2015-12-17 04:44 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log
C:\Users\Brian\AppData\Local\Temp\{2B0BB8C1-3F59-4F9A-87B0-9ECFB1AE2D05}.dll
Task: {35105A6B-F7A0-4141-B209-FA29FE71AA07} - System32\Tasks\One System Care Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2016-02-05] () <==== ATTENTION
C:\Program Files (x86)\OneSystemCare
Task: {4DE4D67E-77D6-40AF-A916-EAF9304B7406} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe <==== ATTENTION
Task: {A9B82DEA-FD92-4B17-BCC1-304AEA59F95E} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2016-02-05] () <==== ATTENTION
Task: {D029BD83-B64F-4F7F-80B6-3164F4637E61} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe
Task: C:\WINDOWS\Tasks\One System CarePeriod.job =>  <==== ATTENTION
Task: C:\WINDOWS\Tasks\RunDLC.job => rth \ cmd c sc start Dell Help Support WORKGROUP DESKTOP TE5JKGB
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


Things to Reply with >>>>

 

  • How did the uninstalls go?  Any problems?
  • The Fixlog.txt log file text.
  • How is your system running now?
     

Edited by dbrisendine, 18 February 2016 - 03:02 AM.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#3 sushitime

sushitime
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 18 February 2016 - 06:40 AM

The uninstalls were fine, no problems.

 

The system seems to be running normal now.  Those pop up and getting redirecting with ads are gone.

 

 

 

Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Brian (2016-02-18 06:20:51) Run:1
Running from C:\Users\Brian\Desktop
Loaded Profiles: Brian (Available Profiles: Brian)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1
C:\Program Files (x86)\Common Files\3c022f79-33eb-49e6-81b8-ddaa369645b1
C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
C:\Users\Brian\AppData\Roaming\InetStat
HKU\S-1-5-21-3966969871-3314231949-1999686048-1002\...\Run: [InetStat] => C:\Users\Brian\AppData\Roaming\InetStat\inetstat.exe [840206 2016-02-17] ()
GroupPolicy: Restriction - Chrome <======= ATTENTION
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCcw8PU1tIEBgXeQ4JTA1HQ1MOIglZVBRDQldGdggPUwwQEwEFIk0FA1ADB0VXfVBdFElXTwhsNUtrBFgDQl10KVdcDk4=
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-3966969871-3314231949-1999686048-1002\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCcw8PU1tIEBgXeQ4JTA1HQ1MOIglZVBRDQldGdggPUwwQEwEFIk0FA1ADB0VXfVBdFElXTwhsNUtrBFgDQl10KVdcDk4=
SearchScopes: HKLM -> DefaultScope {1F1F27CD-5641-4257-B7C7-25B317F71AB7} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgLVw5DQwwSbQ0BVghcFQNBJhRaUVhEDAdAIlwOUA5DFFQRdB9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
SearchScopes: HKLM -> {1F1F27CD-5641-4257-B7C7-25B317F71AB7} URL = hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgLVw5DQwwSbQ0BVghcFQNBJhRaUVhEDAdAIlwOUA5DFFQRdB9aFQQTSEcFME0FCFwEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
BHO-x32: Our Search Window -> {79b7274a-124a-4eeb-8ce3-f4b50e19a3f7} -> C:\Program Files (x86)\Our Search Window\Extensions\79b7274a-124a-4eeb-8ce3-f4b50e19a3f7.dll [2016-02-17] ()
C:\Program Files (x86)\Our Search Window
BHO-x32: Generous Deal -> {c9581878-64b2-410a-833b-b3bb063b1dde} -> C:\Program Files (x86)\Generous Deal\Extensions\c9581878-64b2-410a-833b-b3bb063b1dde.dll [2016-02-17] ()
C:\Program Files (x86)\Generous Deal
CHR RestoreOnStartup: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCcw8PU1tIEBgXeQ4JTA1HQ1MOIglZVBRDQldGdggPUwwQEwEFIk0FA1oDB0VXfV5bFElXTwhsNUtrBFgDQl10KVdcDk4="
CHR StartupUrls: Default -> "hxxp://searchinterneat-a.akamaihd.net/h?eq=U0EeCFZVBB8SRghCcw8PU1tIEBgXeQ4JTA1HQ1MOIglZVBRDQldGdggPUwwQEwEFIk0FA1oDB0VXfV5bFElXTwhsNUtrBFgDQl10KVdcDk4="
CHR DefaultSearchURL: Default -> hxxp://searchinterneat-a.akamaihd.net/s?eq=U0EeE1xZE1oZB1ZEfVgLVw5DQwwSbQ0BVghcFQNBJhRaUVhEDAdAIlwOUA5DFFQRdB9aFQQTQkcFME0FBloEURNNfXZNE2oUQEdAKG5RD10eVg==&q={searchTerms}
CHR DefaultSearchKeyword: Default -> searchinterneat-a.akamaihd.net
CHR DefaultNewTabURL: Default -> hxxp://searchinterneat-a.akamaihd.net/t?eq=U0EeFFhaR1oWHFQQdg4KAwBADAEadwgVVQ8TRxhBcFgNTAsSQ1AVcQ4KVFhDFRNBNARaAktXUUEeJ1pNER8fHHpWMmpdAEsSSWJKLl1XFg==
CHR Extension: (Google Drive) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-17]
CHR Extension: (Google Search) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-17]
CHR Extension: (Our Search Window) - C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbomhpfemhagdhggnjbdnlaicjfmklif [2016-02-17] [UpdateUrl: hxxp://cdn.oursearchwindow.com/update] <==== ATTENTION
S2 0298281455754043mcinstcleanup; C:\WINDOWS\TEMP\029828~1.EXE [918056 2015-11-27] (McAfee, Inc.)
C:\WINDOWS\TEMP\029828~1.EXE
R2 Service Mgr GenerousDeal; C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\plugincontainer.exe [1413352 2016-02-17] () <==== ATTENTION
R2 Service Mgr OurSearchWindow; C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1\plugincontainer.exe [1406176 2016-02-17] () <==== ATTENTION
R2 Update Mgr GenerousDeal; C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1\updater.exe [1271528 2016-02-17] () <==== ATTENTION
R2 Update Mgr OurSearchWindow; C:\Program Files (x86)\Common Files\3c022f79-33eb-49e6-81b8-ddaa369645b1\updater.exe [1283296 2016-02-17] () <==== ATTENTION
U3 mfeaack01; no ImagePath
U3 mfeavfk01; no ImagePath
U3 mfehidk01; no ImagePath
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
c:\program files\dell\supportassist\pcdsrvc_x64.pkms
2016-02-17 21:59 - 2016-02-17 21:59 - 01119338 _____ ( ) C:\Users\Brian\exe.exe
2016-02-17 21:40 - 2016-02-17 21:45 - 00000000 ____D C:\Users\Brian\AppData\Roaming\InetStat
2016-02-17 21:40 - 2016-02-17 21:40 - 00000000 ____D C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat
2016-02-17 21:40 - 2016-02-17 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Streaming Movies
2016-02-17 21:40 - 2016-02-17 21:40 - 00000000 ____D C:\Program Files (x86)\HD Streaming Movies
2016-02-17 21:39 - 2016-02-17 21:40 - 00000000 ____D C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1
2016-02-17 21:39 - 2016-02-17 21:40 - 00000000 ____D C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1
2016-02-17 21:39 - 2016-02-17 21:39 - 00003686 _____ C:\WINDOWS\System32\Tasks\One System Care Task
2016-02-17 21:39 - 2016-02-17 21:39 - 00003372 _____ C:\WINDOWS\System32\Tasks\One System Care Monitor
2016-02-17 21:39 - 2016-02-17 21:39 - 00002936 _____ C:\WINDOWS\System32\Tasks\One System CarePeriod
2016-02-17 21:39 - 2016-02-17 21:39 - 00000308 _____ C:\WINDOWS\Tasks\One System CarePeriod.job
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\Users\Brian\AppData\Roaming\One System Care
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\ProgramData\5a6b4461-7821-1
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\ProgramData\5a6b4461-1f93-0
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\Program Files (x86)\Our Search Window
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\Program Files (x86)\OneSystemCare
2016-02-17 21:39 - 2016-02-17 21:39 - 00000000 ____D C:\Program Files (x86)\Generous Deal
2016-02-17 14:35 - 2016-02-17 14:35 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-12-17 04:45 - 2015-12-17 04:45 - 0000121 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
2015-12-17 04:40 - 2015-12-17 04:41 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
2015-12-17 04:44 - 2015-12-17 04:45 - 0000108 _____ () C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log
2015-12-17 04:41 - 2015-12-17 04:44 - 0000113 _____ () C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log
C:\Users\Brian\AppData\Local\Temp\{2B0BB8C1-3F59-4F9A-87B0-9ECFB1AE2D05}.dll
Task: {35105A6B-F7A0-4141-B209-FA29FE71AA07} - System32\Tasks\One System Care Task => C:\Program Files (x86)\OneSystemCare\SystemConsole.exe [2016-02-05] () <==== ATTENTION
C:\Program Files (x86)\OneSystemCare
Task: {4DE4D67E-77D6-40AF-A916-EAF9304B7406} - System32\Tasks\One System Care Monitor => C:\Program Files (x86)\OneSystemCare\CleanupConsole.exe <==== ATTENTION
Task: {A9B82DEA-FD92-4B17-BCC1-304AEA59F95E} - System32\Tasks\One System CarePeriod => C:\Program Files (x86)\OneSystemCare\OneSystemCare.exe [2016-02-05] () <==== ATTENTION
Task: {D029BD83-B64F-4F7F-80B6-3164F4637E61} - System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => C:\Windows\TEMP\DeleteFolderTask.exe
Task: C:\WINDOWS\Tasks\One System CarePeriod.job =>  <==== ATTENTION
Task: C:\WINDOWS\Tasks\RunDLC.job => rth \ cmd c sc start Dell Help Support WORKGROUP DESKTOP TE5JKGB
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
"C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1" => not found.
"C:\Program Files (x86)\Common Files\3c022f79-33eb-49e6-81b8-ddaa369645b1" => not found.
"C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1" => not found.
"C:\Program Files (x86)\Common Files\c00fd789-4044-4a32-8a4f-7d731dbdc0d1" => not found.
"C:\Users\Brian\AppData\Roaming\InetStat" => not found.
HKU\S-1-5-21-3966969871-3314231949-1999686048-1002\Software\Microsoft\Windows\CurrentVersion\Run\\InetStat => value not found.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\Software\\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-3966969871-3314231949-1999686048-1002\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{1F1F27CD-5641-4257-B7C7-25B317F71AB7}" => key removed successfully
HKCR\CLSID\{1F1F27CD-5641-4257-B7C7-25B317F71AB7} => key not found. 
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{79b7274a-124a-4eeb-8ce3-f4b50e19a3f7}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{79b7274a-124a-4eeb-8ce3-f4b50e19a3f7}" => key removed successfully
"C:\Program Files (x86)\Our Search Window" => not found.
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{c9581878-64b2-410a-833b-b3bb063b1dde}" => key removed successfully
"HKCR\Wow6432Node\CLSID\{c9581878-64b2-410a-833b-b3bb063b1dde}" => key removed successfully
"C:\Program Files (x86)\Generous Deal" => not found.
Chrome RestoreOnStartup => removed successfully
Chrome StartupUrls => removed successfully
Chrome DefaultSearchURL => removed successfully
Chrome DefaultSearchKeyword => removed successfully
Chrome DefaultNewTabURL => removed successfully
C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf => moved successfully
C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => moved successfully
C:\Users\Brian\AppData\Local\Google\Chrome\User Data\Default\Extensions\hbomhpfemhagdhggnjbdnlaicjfmklif <==== ATTENTION => not found
0298281455754043mcinstcleanup => service removed successfully
C:\WINDOWS\TEMP\029828~1.EXE => moved successfully
Service Mgr GenerousDeal => service not found.
Service Mgr OurSearchWindow => service not found.
Update Mgr GenerousDeal => service not found.
Update Mgr OurSearchWindow => service not found.
mfeaack01 => service not found.
mfeavfk01 => service not found.
mfehidk01 => service not found.
PCDSRVC{3B54B31B-D06B6431-06020200}_0 => service removed successfully
c:\program files\dell\supportassist\pcdsrvc_x64.pkms => moved successfully
C:\Users\Brian\exe.exe => moved successfully
"C:\Users\Brian\AppData\Roaming\InetStat" => not found.
"C:\Users\Brian\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\InetStat" => not found.
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Streaming Movies => moved successfully
C:\Program Files (x86)\HD Streaming Movies => moved successfully
"C:\ProgramData\c00fd789-4044-4a32-8a4f-7d731dbdc0d1" => not found.
"C:\ProgramData\3c022f79-33eb-49e6-81b8-ddaa369645b1" => not found.
"C:\WINDOWS\System32\Tasks\One System Care Task" => not found.
"C:\WINDOWS\System32\Tasks\One System Care Monitor" => not found.
"C:\WINDOWS\System32\Tasks\One System CarePeriod" => not found.
"C:\WINDOWS\Tasks\One System CarePeriod.job" => not found.
"C:\Users\Brian\AppData\Roaming\One System Care" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\One System Care" => not found.
C:\ProgramData\5a6b4461-7821-1 => moved successfully
C:\ProgramData\5a6b4461-1f93-0 => moved successfully
"C:\Program Files (x86)\Our Search Window" => not found.
"C:\Program Files (x86)\OneSystemCare" => not found.
"C:\Program Files (x86)\Generous Deal" => not found.
C:\ProgramData\DP45977C.lfl => moved successfully
C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log => moved successfully
C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log => moved successfully
C:\ProgramData\{B46BEA36-0B71-4A4E-AE41-87241643FA0A}.log => moved successfully
C:\ProgramData\{E1646825-D391-42A0-93AA-27FA810DA093}.log => moved successfully
C:\Users\Brian\AppData\Local\Temp\{2B0BB8C1-3F59-4F9A-87B0-9ECFB1AE2D05}.dll => moved successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35105A6B-F7A0-4141-B209-FA29FE71AA07} => key not found. 
C:\WINDOWS\System32\Tasks\One System Care Task => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Task => key not found. 
"C:\Program Files (x86)\OneSystemCare" => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4DE4D67E-77D6-40AF-A916-EAF9304B7406} => key not found. 
C:\WINDOWS\System32\Tasks\One System Care Monitor => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System Care Monitor => key not found. 
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A9B82DEA-FD92-4B17-BCC1-304AEA59F95E} => key not found. 
C:\WINDOWS\System32\Tasks\One System CarePeriod => not found.
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\One System CarePeriod => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D029BD83-B64F-4F7F-80B6-3164F4637E61}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D029BD83-B64F-4F7F-80B6-3164F4637E61}" => key removed successfully
C:\WINDOWS\System32\Tasks\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337 => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\UninstallDDS-C960901F-CE14-4DE1-9729-1305F719A337" => key removed successfully
C:\WINDOWS\Tasks\One System CarePeriod.job => not found.
C:\WINDOWS\Tasks\RunDLC.job => moved successfully
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {F7595824-AFD4-41E4-9EC1-21FA048190BF}.
{83BEA45B-D374-4709-AAD0-AAD8D45073E5} canceled.
{F63677E5-328C-4DF0-A83E-25EE5D3CA6E8} canceled.
2 out of 3 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3966969871-3314231949-1999686048-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3966969871-3314231949-1999686048-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
EmptyTemp: => 618.2 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 06:21:25 ====


#4 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:06:21 PM

Posted 20 February 2016 - 03:03 AM

Good; let's check for any leftovers.

 

FIRST >>>>

Junkware Removal Tool
Please download JRT from here to your desktop.

Note: Temporarily disable/shut down your protection software now to avoid potential conflicts, how to do so can be read here.

Double click the JRT.exe file to run the application.

The application will open an Command Prompt window and run from there (this is normal for this program, so not to be alarmed).

When it is asked, press any key to allow the program to continue / run.

This will create a log on the desktop; please copy and paste the JRT.txt log text in your next post.

Note: After the log file is created, please enable your protection software / reboot your system and verify your protection software is enabled.

 

SECOND >>>>

AdwCleaner by Xplode

Download AdwCleaner from here or from here. Save the file to the desktop.


NOTE: If you are using IE 8 or above you may get a warning that stops the program from downloading. Just click on the warning and allow the download to complete.

Close all open windows and browsers.

  • Vista/7/8 users: Right click the AdwCleaner icon on the desktop, click Run as administrator and accept the UAC prompt to run AdwCleaner.
    You will see the following console:

    AdwCleaner_v5016_zpsf8ln0fea.png
  • Click the Scan button and wait for the scan to finish.
  • After the Scan has finished the window may or may not show what it found and above, in the progress bar, you will see: Waiting for action. Please uncheck elements you don't want to remove.
  • Click the Clean button.
  • Everything checked will be deleted.
  • When the program has finished cleaning a report appears.
  • Once done it will ask to reboot, allow this

    adwcleaner_delete_restart.jpg
  • On reboot a log will be produced please copy / paste that in your next reply. This report is also saved to C:\AdwCleaner\AdwCleaner[C0].txt

Optional:

NOTE: If you see AVG Secure Search being targeted for deletion, Here's Why and Here. You can always Reinstall it.
 

 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#5 sushitime

sushitime
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 20 February 2016 - 08:56 AM

The screen shot you posted of the AdwCleaner-Restart required notifying me it will reboot I didn't get.  After the program scanned, nothing was in the log like you mentioned was possible, I clicked the clean button and when it was finished my computer did a reboot but I didn't get that screen or a log after the reboot.  So I don't have a log to show you.  

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x64 
Ran by Brian (Administrator) on Sat 02/20/2016 at  8:27:11.37
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
 
 
 
File System: 2 
 
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
 
 
 
Registry: 0 
 
 
 
 
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sat 02/20/2016 at  8:30:52.94
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~


#6 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:06:21 PM

Posted 20 February 2016 - 11:25 AM

I will adjust those directions; if AdwCleaner does not find any malware to correct, it does not produce a cleaning log to display,  There should be a log located at C:\AdwCleaner.

 

This next step may take a while (just to warn you) .....

ESET Online does not work with IE 11 (Internet Explorer) at the moment (a few weeks ago anyway) so if you have IE 11, Chrome or Firefox has to be used instead. ESET Online does work with IE 10 and earlier.

You can leave your Antivirus enabled even though ESET may warn about it. just makes the scan take longer. The pictures below showing what to click may be blue instead of green on the ESET website now, but the procedure is still the same

Please read carefully and Slowly, Notice all the settings listed below to check before starting the scan. Stop and ask if you have any questions.

Take note of the NO tick in the Remove found threats setting below at it needs to have the tick removed.

-------------------------------------------------------------------------------------------------------------------

Hold down Control key and click on the following link to open ESET OnlineScan in a new window.

Link =>> ESET Online Scanner <<

Click the Run ESET Online Scanner located on the left side of the page (not the free trial).

abfacb96-0c99-4b59-b9e9-9298aa0ee3ec_zps

For browsers other than Internet Explorer only: (Microsoft Internet Explorer users can skip this step)
Click on the esetsmartinstaller link in the popup window that opens. Save it to your desktop.

Getinstallerpopup2_zps65f446a6.png

Double click on the icon on your desktop.

desktopfile_zps98a1ee89.png

Check (accept) the Terms of Use.

TOU_zps4ecd3406.png

Click the START button.
Accept any security warnings from your browser.

Now in the Computer scan settings window that appears:-
Make sure that the option Enable detection of potentially unwanted applications is selected.
Now click on Advanced Settings and configure the options as follows:

Remove found threats is Not checked
Scan archives is checked
Scan for potentially unsafe applications is checked
Enable Anti-Stealth Technology is checked


Now click on: Start
Loadsettings_2014-08-23_zps3f2d0c88.png



ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.

Downloadingsignatures_zps36c38587.png


Scanningdisplay_zpsec3aac14.png

When the scan is finished, if any threats are found you will see the screen below. Click to view the found threats.

Threatsfound_zpsfe95fb4e.png

At the bottom of the listed threats, there is an option to save the results to a text file. Please do this so you can attach the results here for review and removal of the items that are not false positives (these will be scripted out so do not worry).

Exporttotextfile_zps16cb487f.png

Once the log text file is saved, return to the Scan Finished screen by clicking "<<Back", then click on the uninstall button and click Finish.

UninstallcheckedandFinish_zps6fb26ad8.pn

Attach the saved log file in your next reply please. Thanks.
 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#7 sushitime

sushitime
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 20 February 2016 - 03:04 PM

C:\FRST\Quarantine\C\Users\Brian\AppData\Local\Temp\{2B0BB8C1-3F59-4F9A-87B0-9ECFB1AE2D05}.dll.xBAD a variant of Win32/BrowseFox.CN potentially unwanted application
C:\Users\Brian\AppData\Local\Microsoft\Windows\INetCache\IE\4X3B1EYN\OneSystemCare[1].exe a variant of Win32/OptimizerEliteMax.E potentially unwanted application
C:\Users\Brian\AppData\Local\Microsoft\Windows\INetCache\IE\AEVQ4NNP\inter_silent_nt[1].exe a variant of Win32/RiskWare.Astori.C application
C:\Users\Brian\AppData\Local\Microsoft\Windows\INetCache\IE\D5284IAR\setup[1].exe Win32/BrowseFox.CC potentially unwanted application
C:\Users\Brian\AppData\Local\Microsoft\Windows\INetCache\IE\WTS8DAJX\setup[1].exe Win32/BrowseFox.CC potentially unwanted application


#8 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:06:21 PM

Posted 20 February 2016 - 05:43 PM

Open notepad by pressing the Windows Key + R key, typing notepad in the Run box and pressing Enter.  Please copy the contents of the quote box below. To do this highlight the contents of the box and right click on it and select copy. Paste this into the open notepad. Save it to your desktop as fixlist.txt
 

Start
CreateRestorePoint:
CloseProcesses:
C:\Users\Brian\AppData\Local\Microsoft\Windows\INetCache\IE\4X3B1EYN\OneSystemCare[1].exe
C:\Users\Brian\AppData\Local\Microsoft\Windows\INetCache\IE\AEVQ4NNP\inter_silent_nt[1].exe
C:\Users\Brian\AppData\Local\Microsoft\Windows\INetCache\IE\D5284IAR\setup[1].exe
C:\Users\Brian\AppData\Local\Microsoft\Windows\INetCache\IE\WTS8DAJX\setup[1].exe
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end


NOTE. It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Start FRST that is on the desktop by right clicking on file and selecting "Run as Administrator..." and press the Fix button just once and wait.

Press%20the%20FIX%20button_zpsdd5zi3mt.p

If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
 

 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#9 sushitime

sushitime
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 20 February 2016 - 05:53 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:17-02-2016
Ran by Brian (2016-02-20 17:48:10) Run:2
Running from C:\Users\Brian\Desktop
Loaded Profiles: Brian (Available Profiles: Brian)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
C:\Users\Brian\AppData\Local\Microsoft\Windows\INetCache\IE\4X3B1EYN\OneSystemCare[1].exe
C:\Users\Brian\AppData\Local\Microsoft\Windows\INetCache\IE\AEVQ4NNP\inter_silent_nt[1].exe
C:\Users\Brian\AppData\Local\Microsoft\Windows\INetCache\IE\D5284IAR\setup[1].exe
C:\Users\Brian\AppData\Local\Microsoft\Windows\INetCache\IE\WTS8DAJX\setup[1].exe
cmd: ipconfig /flushdns
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
Reg: reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f
CMD: bitsadmin /reset /allusers
RemoveProxy:
EmptyTemp:
Reboot:
end
*****************
 
Restore point was successfully created.
Processes closed successfully.
C:\Users\Brian\AppData\Local\Microsoft\Windows\INetCache\IE\4X3B1EYN\OneSystemCare[1].exe => moved successfully
C:\Users\Brian\AppData\Local\Microsoft\Windows\INetCache\IE\AEVQ4NNP\inter_silent_nt[1].exe => moved successfully
C:\Users\Brian\AppData\Local\Microsoft\Windows\INetCache\IE\D5284IAR\setup[1].exe => moved successfully
C:\Users\Brian\AppData\Local\Microsoft\Windows\INetCache\IE\WTS8DAJX\setup[1].exe => moved successfully
 
=========  ipconfig /flushdns =========
 
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========= End of CMD: =========
 
 
=========  netsh advfirewall reset =========
 
Ok.
 
 
========= End of CMD: =========
 
 
=========  netsh advfirewall set allprofiles state on =========
 
Ok.
 
 
========= End of CMD: =========
 
 
========= reg delete HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
========= reg add HKLM\SOFTWARE\Policies\Microsoft\Windows\IPSec\Policy\Local /f =========
 
The operation completed successfully.
 
 
 
========= End of Reg: =========
 
 
=========  bitsadmin /reset /allusers =========
 
 
BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.
 
BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.
 
Unable to cancel {74C73CF4-6444-483F-A554-3DE1F33D74CB}.
0 out of 1 jobs canceled.
 
========= End of CMD: =========
 
 
========= RemoveProxy: =========
 
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-3966969871-3314231949-1999686048-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-3966969871-3314231949-1999686048-1002\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 
 
========= End of RemoveProxy: =========
 
EmptyTemp: => 750 MB temporary data Removed.
 
 
The system needed a reboot.
 
==== End of Fixlog 17:48:39 ====


#10 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:06:21 PM

Posted 21 February 2016 - 01:22 AM

How is the system running now?


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#11 sushitime

sushitime
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 21 February 2016 - 01:24 AM

Great.  All those pop ups are gone and I am not be redirected to nonsense ads.  



#12 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:06:21 PM

Posted 21 February 2016 - 01:28 AM

All right!! :bananas: Your logs are clean and you're good to go now!! :thumbup2: We've got some final steps left to do to clean up our tools and get your system in good running condition and then you are on your way. I must say though, even though we met through less than ideal circumstances, it has been really great to work with you. :) Just run through the steps from the Cleanup of Tools to the Program Update Checker. That's it. Thanks. :cool:


Clean up of Malware Removal Tools
Now that we are through using these tools, let's clean them off your system so that should you ever need to have malware removed again (we hope not) fresh, updated copies will be downloaded.

  • Download Delfix from here to your desktop and double click it to start the program
  • Ensure Remove disinfection tools is ticked
    Also tick:
  • Activate UAC
  • Create registry backup
  • Purge system restore
  • Reset system settings
  • DelFixSelectall_zps0f04cec4.png
  • Click Run
  • The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.

You can delete any log files left on your desktop as these are no longer needed.


Keep Windows Updated
Microsoft issues updates to Windows to close vulnerabilities as they are discovered. Staying updated helps protect your system from current exploits.
  • Click Start and then click Control Panel.
  • Click on the View by: in the upper right corner and select Large Icons (you can change this back later if you like).
  • Scroll down and click on Windows Update.
  • Click on Change settings.
  • Under Important Updates, click on Install updates automatically (recommended).
  • Select (click on) the other options on this page.
  • Select a day and time to have windows install the updates.
  • Click on Ok to change the settings.
  • If you want to change the view of the Control Panel display, click on the View by: in the upper right hand corner and select an option you prefer.

Keep other Important Programs Updated
Along with keeping Windows updated, it is a good idea to keep important programs updated. Java and Adobe Reader both need to be kept updated to the latest versions; malware writers utilize exploits in the unpatched versions to their advantages.

Java
Most security experts and the US CERT (part of the US Homeland Security) now recommend that users uninstall Java from their systems; if you don't have any programs that need Java on your system, you are safe to do this. You can read some of the articles on this here and here. I strongly suggest you uninstall Java unless you need it run certain software; in that case I would recommend that you disable or unplug Java from your web browsers and only enable it when you need it.

To disable / unplug Java in your browsers:

To uninstall Java (on Win7):
  • Click Start and then click Control Panel.
  • If you need to, click View by: and select either Large Icons or Small Icons.
  • Click on Programs and Features.
  • Scroll down until you find Java and click on it to select that program.
  • (Older versions of Java may appear in the program list as J2SE, Java 2, Java SE or Java Runtime Environment.)
  • Click Uninstall.
  • If more than one version of Java shows in your program list, you should repeat the selection and uninstall until all of them are removed.

To check for the latest version of Java and installation steps:
  • Go to java.com and click on Do I have Java?.
  • On the next page, click on Verify Java Version.
  • If you get a security pop up entitled "Do you want to run this application?" with the Name: Java Detection and Publisher: Oracle America, Inc., click Run.
  • Follow the recommendations (if any) on the results screen.
  • If there is a new version (or none at all on your system), there will be a button on the page showing Agree and Start Free Download. Click on it to update or install Java.
  • The site will start a download of jxpiinstall.exe. Save the file to your desktop.
  • When the download is finished, close your browser.
  • Right click on the jxpiinstall.exe and select Run as Administrator.
  • On the opening window, check Change destination folder and then click Install>.
  • The program will now download the rest of the files needed to install Java.
  • On the Destination Folder window, click Next>.
  • On the next window, the install will present you the option of adding additional software (this is known as Foistware).
  • Uncheck the Set and keep Ask as my default search provider.
  • Uncheck the Install the Ask Toolbar.
  • Click Next> to finish the install.
  • When the installation is finished, you will be taken to a web page that will check to see if Java is working properly.

Adobe Reader
Adobe Reader is the second most targeted (by malware) common software. If all you ever do with Adobe Reader is view PDF files, then please consider replacing it with a lighter, free PDF reader that is not exploitable. One that I recommend is Sumatra PDF.

To update Adobe Reader:
  • Launch your Adobe Reader.
  • Click Help and then click on About Adobe Reader from the menu list.
  • If the version is 11.0.10 then you are up to date. If it is less than this and you are keeping Adobe Reader, you should update to the latest version.
  • The best place to get Adobe Reader is from Adobe (click on Adobe to go there now).
  • Click on Download in the menu bar on top of the Adobe web page.
  • Click on Adobe Reader in the list on the right hand side of the page.
  • On the next page, click on the check mark (to turn it off) beside the option to include the McAfee scanner in the download and install. Make sure the check is NOT marked (this is another example of Foistware).
  • Click the Install Now button and follow the directions on next page.
  • If you are prompted to Save the installer file, choose to save it to your desktop. Once it is saved, right click on the file and select Run as Administrator.
  • When the installation is finished, you can delete the installer file on your desktop.

Consider a program that will check for out-of-date programs on your system
Some programs don't have update checks built in or make you run the application to start the check for updates process. An easier way to stay on top of the current versions of your installed programs is to use a version checking program like Heimdal Free from Heimdal Security (you can get the software from here and read more about it on the same page).


You are now done! :thumbup2: :grinner: :thumbup2: :grinner: :smilers:

Now some information on programs to help keep you safe:

First, an Antivirus program. You NEED one; free is just as good as paid-for as long as you keep them updated. ONLY use one at a time as having more than that will cause system problems. Here are some free ones to check out:
Microsoft Security Essentials
Avast! Free Antivirus

Next, a firewall is a must have now-a-days. The built in firewall in Windows 7 is fine (just make sure it is turned on (Start > Control Panel > Windows Firewall)). Or, if you like, you could choose one of the free ones listed here:
Zone Alarm Free Firewall - installer includes foistware so read the options very carefully

=== options ====
Unchecky is a small service that runs in the background to help keep those "extra toolbars" and tag along search engines from automatically installing. By automatically directing you to a custom install with all the options unchecked, only what you manually choose and confirm gets installed.

CryptoPrevent is a free program that prevents CryptoLocker / ransomware from infecting your PC by locking down the OS so the malware can not get a grip on your system. You can read the details about this program here.

Also, consider adding MalwareBytes Antimalware to your arsenal of safe keeping programs. Use the free version (not the paid or trial version) and you won't have a problem with your antivirus scanner program. Keep it updated and run a scan with it once a week.

Lastly, if you use Firefox as your main web browser, consider adding the NoScript and AdBlockPlus add-ons to the browser to block scripting hijacks and remove unwanted ads from the pages you view.

You may also find some information and tips at this thread:
How did I get infected in the first place?
and
COMPUTER SECURITY - a short quide to staying safer online

_____________________________________________________________________

Please come back and paste the DelFix.txt log when you can. After that, if you have no more questions, you are good to go. Surf safe, my friend!!
 


unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif


#13 sushitime

sushitime
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:08:21 PM

Posted 21 February 2016 - 09:02 AM

# DelFix v1.011 - Logfile created 21/02/2016 at 08:53:26
# Updated 18/08/2015 by Xplode
# Username : Brian - DESKTOP-TE5JKGB
# Operating System : Windows 10 Home  (64 bits)
 
~ Activating UAC ... OK
 
~ Removing disinfection tools ...
 
Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Brian\Desktop\AdwCleaner.exe
Deleted : C:\Users\Brian\Desktop\esetsmartinstaller_enu.exe
Deleted : C:\Users\Brian\Desktop\Fixlog.txt
Deleted : C:\Users\Brian\Desktop\FRST64.exe
Deleted : C:\Users\Brian\Desktop\JRT.exe
Deleted : C:\Users\Brian\Desktop\JRT.txt
Deleted : C:\Users\Brian\Downloads\Addition.txt
Deleted : C:\Users\Brian\Downloads\FRST.txt
 
~ Creating registry backup ... OK
 
~ Cleaning system restore ...
 
Deleted : RP #1 [Windows Update | 02/17/2016 20:06:20]
Deleted : RP #2 [JRT Pre-Junkware Removal | 02/20/2016 13:27:13]
 
New restore point created !
 
~ Resetting system settings ... OK
 
########## - EOF - ##########


#14 dbrisendine

dbrisendine

  • Malware Response Team
  • 508 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:BC, Canada
  • Local time:06:21 PM

Posted 21 February 2016 - 03:54 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.

unite_blue_zpsba2e96f7.png
 
Please do not ask for Malware help via PM (Private Messages).  Please post in the forum boards instead.  Thanks.

My help is always free but if you would like to help encourage me or show your thanks -----> btn_donate_LG.gif





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users