Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

New computer with adware


  • Please log in to reply
20 replies to this topic

#1 lrec

lrec

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 07 March 2016 - 04:14 PM

Almost any website I try to visit in any browser (Edge, Chrome, Firefox) brings up all sorts of ads.  Generally it starts with a small grey one in the bottom left corner that says "Advertising in..." with a countdown.  Then I get a variety of ads: Reimage Repair, a 'lucky winner' announcement/game, or a 'you've been hacked, call us to get it fixed' warning.

 

I'm running Windows 10 Home.  Your help would be greatly appreciated!



BC AdBot (Login to Remove)

 


#2 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 07 March 2016 - 05:23 PM

Hello lrec and Welcome to the BleepingComputer. :welcome:
My name is Yılmaz and I'll help you with the cleanup of malware from your computer.

Before we move on, please read the following points carefully.

  • Please complete all steps in the specified order.
  • Even if tools don't find malware, I want you to post the logfiles anyway.
  • Please copy and paste the logfiles directly into your posts. Please do not attach them unless you are instructed to do so.
  • Read the instructions carefully. If you have problems, stop what you  were doing and describe the problems you encountered as precisely as  you can.
  • Don't install or uninstall software during the cleanup unless you are told to do so.
  • If you can't answer for the next few days, please let me know. If  you haven't answered within 5 days, I am assuming that you don't need  help anymore and your topic will be closed.
  • I can not guarantee that we will find and be able to remove all  malware. The cleaning process is not instant. Please continue to review  my answers until I tell you that your computer is clean
  • Please reply to this thread. Do not start a new topic
  • As my first language is not English, please do not use slang or idioms. It could be hard for me to understand.
  • Please open as administrator  the computer. How is open as administrator  the computer?
  • Disable your AntiVirus and AntiSpyware applications, as they will  interfere with our tools and the removal. If you are unsure how to do  this, please refer to get help here

Thanks
---------------------------------------------------------------------------------------------------------
 
Please do the following.
 
Uninstall some programs

We need to uninstall some unwanted/unneeded programs.

  • Press the WindowsKey.png + R on your keyboard at the same time. Type appwiz.cpl and click OK.
  • Search there for each entry mentioned below, right-click the entry and click Uninstall one at a time

The list of programs to uninstall:

  • Reimage Repair

After completing uninstalls, please manually reboot your machine!

Note: If you get the message like: An error occurred while trying to uninstall, just press Yes.
Note: If you are unable to uninstall all programs, please inform me, but continue with other steps.
===========================================================================================
Step 1:

  • Temporarily disable your Antivirus protection - if you don't know how to do that, please consult the article below.

How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs

  • Please download ZOEK and save it to your desktop (preferred version is the *.exe one - upper left corner).

http://hijackthis.nl/smeenk/

  • Attached to this message you will find a file called zoekscript

txt.gif  zoekscript.txt   188bytes   118 downloads

  • Download it too and save to your desktop - _it needs to be in the same location as the ZOEK tool
  • Drag zoekscript file and drop it onto ZOEK icon - this should launch the program:
  • The scan may take a while and may need a reboot.
  • Upon completion a file zoek-results should appear.
  • Attach it for my review.

Please Restart PC and browsers now.
 
Next >>>>
 Step 2:
Please download Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatibale with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

  • Double-click to run it. When the tool opens click Yes to disclaimer.
  • Make sure the following option is checked: addition.png
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it makes also another log (Addition.txt). Please attach it to your reply.

Sincerely  . :hello:


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#3 lrec

lrec
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 08 March 2016 - 05:54 PM

There was no program called Reimage Repair so I moved to the next step.

(Before I ran zoek, I could not even get into this forum without the ads blocking everything.  I had to make my first post and download the txt file on another computer.  Things are improving!)

 

 

********************ZOEK-RESULTS********************

 

 
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by Danelle on Tue 03/08/2016 at  7:19:57.73.
Microsoft Windows 10 Home 10.0.10240  x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\Danelle\Desktop\zoek.exe
Script used: C:\Users\Danelle\Desktop\zoekscript.txt
 
==== System Restore Info ======================
 
3/8/2016 7:20:45 AM Zoek.exe System Restore Point Created Successfully.
 
==== Empty Folders Check ======================
 
C:\PROGRA~3\0d46ea8d-2165-1 deleted successfully
C:\PROGRA~3\0d46ea8d-7907-0 deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\Users\Danelle\AppData\Local\Adobe deleted successfully
C:\Windows\serviceprofiles\Localservice\AppData\Local\NetworkTiles deleted successfully
 
==== Deleting CLSID Registry Keys ======================
 
HKEY_USERS\S-1-5-21-2526677092-4190251304-3396366693-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} deleted successfully
 
==== Deleting CLSID Registry Values ======================
 
 
==== Deleting Services ======================
 
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SearchProtectionService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\LavasoftTcpService deleted successfully
HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\PremierOpinion deleted successfully
 
==== FireFox Fix ======================
 
Deleted from C:\Users\Danelle\AppData\Roaming\Mozilla\Firefox\Profiles\yeuo479n.default\prefs.js:
user_pref("browser.search.defaultenginename.US", "Google");
 
Added to C:\Users\Danelle\AppData\Roaming\Mozilla\Firefox\Profiles\yeuo479n.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
Deleted from C:\Users\Danelle\AppData\Roaming\Thunderbird\Profiles\gn8932gj.default\prefs.js:
 
Added to C:\Users\Danelle\AppData\Roaming\Thunderbird\Profiles\gn8932gj.default\prefs.js:
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
ProfilePath: C:\Users\Danelle\AppData\Roaming\Mozilla\Firefox\Profiles\yeuo479n.default
 
user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("browser.search.hiddenOneOffs", "Yahoo,DuckDuckGo,eBay,Twitter");
---- Lines searches removed from prefs.js ----
user_pref("browser.urlbar.suggest.searches", true);
---- FireFox user.js and prefs.js backups ---- 
 
prefs_20160308_0733_.backup
 
ProfilePath: C:\Users\Danelle\AppData\Roaming\Thunderbird\Profiles\gn8932gj.default
 
user.js not found
---- Lines Search  removed from prefs.js ----
user_pref("messenger.save.dir", "G:\\_1Research and Monitoring\\Interns\\2015\\Jennifer");
---- FireFox user.js and prefs.js backups ---- 
 
prefs_20160308_0733_.backup
 
==== Batch Command(s) Run By Tool======================
 
 
Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.
 
 
==== Deleting Files \ Folders ======================
 
C:\windows\SysNative\Tasks\ASUS Patch for Touch Panel deleted
C:\Users\Danelle\AppData\Local\11425 deleted
C:\PROGRA~2\Lavasoft\Web Companion deleted
C:\PROGRA~3\Lavasoft\Web Companion deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\Danelle\AppData\Local\uninstall.exe deleted
C:\Users\Danelle\AppData\Local\Lavasoft\WebCompanion.exe_Url_siq0lwf3tzgxp2khfkllybk3idtbehng deleted
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle deleted
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\LavasoftTcpService deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\lavasoft\WebCompanion deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PremierOpinion deleted
"C:\Windows\Installer\2d0c5d.msi" deleted
"C:\Windows\SysWOW64\pmls.dll" deleted
"C:\PROGRA~2\PremierOpinion\pmropn.exe" deleted
"C:\PROGRA~2\PremierOpinion\pmropn32.exe" deleted
"C:\PROGRA~2\PremierOpinion\pmropn64.exe" deleted
"C:\PROGRA~2\PremierOpinion" deleted
 
==== Firefox Start and Search pages ======================
 
ProfilePath: C:\Users\Danelle\AppData\Roaming\Mozilla\Firefox\Profiles\yeuo479n.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
ProfilePath: C:\Users\Danelle\AppData\Roaming\Thunderbird\Profiles\gn8932gj.default
user_pref("browser.startup.homepage", "about:home");
user_pref("browser.newtab.url", "about:newtab");
 
==== Firefox Extensions Registry ======================
 
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [12/29/2015 12:20 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"{4ED1F68A-5463-4931-9384-8FFF5ED91D92}"="C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi" [12/29/2015 12:20 PM]
 
==== Firefox Extensions ======================
 
ProfilePath: C:\Users\Danelle\AppData\Roaming\Thunderbird\Profiles\gn8932gj.default
- Lightning - %ProfilePath%\extensions\{e2fda1a4-762b-4020-b5ad-a41df1933103}
 
AppDir: C:\Program Files (x86)\Mozilla Firefox
- Default - %AppDir%\browser\extensions\{972ce4c6-7e08-4474-a285-3208198ce6fd}
 
==== Firefox Plugins ======================
 
Profilepath: C:\Users\Danelle\AppData\Roaming\Mozilla\Firefox\Profiles\yeuo479n.default
18CF51689186AEB9D1D149AEB0E92D03 - C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL - Microsoft Office 2013
88C9284589B5AEEF93AAF8016BA1290D - C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npMeetingJoinPluginOC.dll - Microsoft Office 2013
 
 
==== Chromium Look ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
fheoggkfdfchfphceeifdbepaooicaho - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx[02/25/2016 01:03 PM]
mkndcbhcgphcfkkddanakjiepeknbgle - C:\Program Files (x86)\PremierOpinion\pmcm.crx[]
 
SiteAdvisor - Danelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho
 
==== Chromium Fix ======================
 
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage deleted successfully
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal deleted successfully
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage deleted successfully
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_cdncache-a.akamaihd.net_0.localstorage-journal deleted successfully
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage deleted successfully
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markable00.re-markable.net_0.localstorage-journal deleted successfully
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.cmptch.com_0.localstorage deleted successfully
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.cmptch.com_0.localstorage-journal deleted successfully
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage deleted successfully
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_c.betrad.com_0.localstorage-journal deleted successfully
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage deleted successfully
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal deleted successfully
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage deleted successfully
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal deleted successfully
 
==== Set IE to Default ======================
 
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}] not found
 
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
 
==== All HKLM and HKCU SearchScopes ======================
 
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC
 
==== Reset Google Chrome ======================
 
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully
 
==== Deleting CLSID Registry Keys ======================
 
 
==== Deleting CLSID Registry Values ======================
 
HKEY_LOCAL_MACHINE\software\Wow6432Node\mozilla\Firefox\extensions\{C7AE725D-FA5C-4027-BB4C-787EF9F8248A} deleted successfully
 
==== Deleting Registry Keys ======================
 
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Installer\UserData\S-1-5-18\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\wow6432node\Google\Chrome\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{99C91FC5-DB5B-4AA0-BB70-5D89C5A4DF96} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{2e5c430c-8f17-4038-b135-1aea5bb9a503} deleted successfully
HKEY_LOCAL_MACHINE\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\{730E03E4-350E-48E5-9D3E-4329903D454D} deleted successfully
HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Installer\Products\4E30E037E0535E84D9E3349209D354D4 deleted successfully
 
==== Empty IE Cache ======================
 
C:\Windows\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\Danelle\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Danelle\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Windows\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\Danelle\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\Danelle\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\Windows\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Windows\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
 
==== Empty FireFox Cache ======================
 
C:\Users\Danelle\AppData\Local\Mozilla\Firefox\Profiles\yeuo479n.default\cache2 emptied successfully
 
==== Empty Chrome Cache ======================
 
C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
 
==== Empty All Flash Cache ======================
 
No Flash Cache Found
 
==== Empty All Java Cache ======================
 
No Java Cache Found
 
==== C:\zoek_backup content ======================
 
C:\zoek_backup (files=269 folders=73 40507097 bytes)
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp will be emptied at reboot
 
==== After Reboot ======================
 
==== Empty Temp Folders ======================
 
C:\Windows\Temp successfully emptied
C:\Users\Danelle\AppData\Local\Temp successfully emptied
 
==== Empty Recycle Bin ======================
 
C:\$RECYCLE.BIN successfully emptied
 
==== EOF on Tue 03/08/2016 at 16:41:15.39 ======================
 
 
 
 
********************FRST.TXT********************
 
 
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Danelle (administrator) on DESKTOP-3TQLJAO (08-03-2016 16:44:47)
Running from C:\Users\Danelle\Desktop
Loaded Profiles: Danelle (Available Profiles: Danelle)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Windows ® Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe
(ASUS Cloud Corporation) C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe
(ASUS) C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
() C:\Program Files\CyberLink\Shared files\RichVideo64.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel Security, Inc.) C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe
() C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\mcafee\msc\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
() C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
(ASUS) C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
(ASUSTek Computer INC.) C:\ProgramData\AsTouchPanel\AsPatchTouchPanel64.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLoader.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\notepad.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPCenter.exe
() C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\platform\McUICnt.exe
(AsusTek) C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\WinSxS\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_10.0.10240.16565_none_1162030161f5c19b\TiWorker.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [WebStorage] => C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe [63272 2015-05-31] ()
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize 
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\RunOnce: [Uninstall C:\Users\Danelle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Danelle\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
ShellIconOverlayIdentifiers: [!AsusWSShellExt_B] -> {6D4133E5-0742-4ADC-8A8C-9303440F7191} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_O] -> {64174815-8D98-4CE6-8646-4C039977D809} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers: [!AsusWSShellExt_U] -> {1C5AB7B1-0B38-4EC4-9093-7FD277E2AF4E} => C:\Program Files (x86)\Common Files\AWS\2.2.2.524\ASUSWSShellExt64.dll [2015-04-22] (ASUS Cloud Corporation.)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-29] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-29] (Microsoft Corporation)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\Parameters: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{4266a5b7-1bbc-4dd3-94e8-68df56d26ad5}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{4266a5b7-1bbc-4dd3-94e8-68df56d26ad5}: [DhcpNameServer] 82.163.142.7
Tcpip\..\Interfaces\{4290a587-96b5-4887-886e-acc0dad66ee0}: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{d2469aea-0473-4fa1-83ce-f49dbb0d94cd}: [NameServer] 82.163.142.7 95.211.158.134
Tcpip\..\Interfaces\{d2469aea-0473-4fa1-83ce-f49dbb0d94cd}: [DhcpNameServer] 82.163.142.7
 
Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
SearchScopes: HKU\S-1-5-21-2526677092-4190251304-3396366693-1001 -> DefaultScope {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKU\S-1-5-21-2526677092-4190251304-3396366693-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-02-29] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-02-29] (Microsoft Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2016-02-29] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2016-02-29] (Microsoft Corporation)
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2016-02-29] (Microsoft Corporation)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-02-25] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\mcafee\msc\McSnIePl64.dll [2016-01-08] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\msc\McSnIePl.dll [2016-01-08] (McAfee, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\Danelle\AppData\Roaming\Mozilla\Firefox\Profiles\yeuo479n.default
FF NewTab: about:newtab
FF Homepage: about:home
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-04-21] (Intel Corporation)
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-01-08] ()
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-02-29] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2016-02-17] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
FF SearchPlugin: C:\Users\Danelle\AppData\Roaming\Mozilla\Firefox\Profiles\yeuo479n.default\searchplugins\McSiteAdvisor.xml [2016-03-07]
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2015-12-29]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-02-12] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-03-08]
CHR Extension: (Google Docs) - C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-03-08]
CHR Extension: (Google Drive) - C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-03-08]
CHR Extension: (YouTube) - C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-03-08]
CHR Extension: (Google Sheets) - C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-03-08]
CHR Extension: (SiteAdvisor) - C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-03-08]
CHR Extension: (Google Docs Offline) - C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-08]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-03-08]
CHR Extension: (Gmail) - C:\Users\Danelle\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-03-08]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-29]
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - C:\Program Files (x86)\McAfee\SiteAdvisor\McChPlg.crx [2016-02-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 ASUS Flip Service; C:\Program Files\ASUS\ASUS FlipLock\FlipService.exe [17688 2015-07-16] (ASUS)
R2 Asus WebStorage Windows Service; C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\AsusWSWinService.exe [71168 2015-05-31] (ASUS Cloud Corporation) [File not signed]
R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [323152 2015-07-29] (Windows ® Win 7 DDK provider)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2809072 2016-01-20] (Microsoft Corporation)
R2 esifsvc; C:\Windows\SysWOW64\esif_uf.exe [1385640 2015-08-03] (Intel Corporation)
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359856 2015-07-29] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-05-19] (Intel Corporation) [File not signed]
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-05-19] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [223520 2015-07-22] (Intel Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [163592 2016-02-25] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [863448 2016-01-08] (McAfee, Inc.)
S3 McAWFwk; c:\Program Files\Common Files\McAfee\ActWiz\McAWFwk.exe [338208 2015-03-19] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mccspsvc; C:\Program Files\Common Files\McAfee\CSP\1.8.267.0\McCSPServiceHost.exe [1696712 2016-02-23] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
S3 McODS; C:\Program Files\mcafee\VirusScan\mcods.exe [681680 2016-01-08] (McAfee, Inc.)
S4 McOobeSv2; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [234192 2015-11-18] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [380896 2016-01-21] (McAfee, Inc.)
R2 mfevtp; C:\Windows\system32\mfevtps.exe [275368 2015-11-18] (McAfee, Inc.)
R2 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [453520 2016-01-03] (McAfee, Inc.)
R2 PEFService; C:\Program Files\Common Files\Intel Security\PEF\CORE\PEFService.exe [902112 2015-12-14] (Intel Security, Inc.)
R2 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [389896 2014-04-14] ()
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4317808 2015-07-14] (Qualcomm Atheros Communications, Inc.)
R3 ATP; C:\Windows\System32\drivers\AsusTP.sys [101368 2015-12-14] (ASUS Corporation)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [79248 2015-11-25] (McAfee, Inc.)
R3 dptf_cpu; C:\Windows\System32\drivers\dptf_cpu.sys [43512 2015-08-03] (Intel Corporation)
R3 dptf_pch; C:\Windows\System32\drivers\dptf_pch.sys [41976 2015-08-03] (Intel Corporation)
R3 esif_lf; C:\Windows\system32\DRIVERS\esif_lf.sys [251384 2015-08-03] (Intel Corporation)
S3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207208 2015-05-19] (McAfee, Inc.)
R3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [132360 2015-06-15] (Intel Corporation)
R0 IntelHSWPcc; C:\Windows\System32\drivers\IntelPcc.sys [88256 2015-06-25] (Intel Corporation)
R3 kxspb; C:\Windows\System32\drivers\kxspb.sys [49696 2015-07-22] (Kionix, Inc.)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [184608 2015-07-07] (Intel Corporation)
R2 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419624 2015-11-25] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [351144 2015-11-25] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83096 2015-11-25] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [496368 2015-11-25] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [846080 2015-11-25] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\System32\DRIVERS\mfencbdc.sys [539496 2015-11-20] (McAfee, Inc.)
S3 mfencrk; C:\Windows\System32\DRIVERS\mfencrk.sys [109480 2015-11-20] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [36968 2016-01-19] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [245096 2015-11-25] (McAfee, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [887552 2015-07-14] (Realtek                                            )
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-05-27] (Realsil Semiconductor Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U0 msahci; system32\drivers\msahci.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-08 16:45 - 2016-03-08 16:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-03-08 16:44 - 2016-03-08 16:46 - 00021022 _____ C:\Users\Danelle\Desktop\FRST.txt
2016-03-08 16:44 - 2016-03-08 16:44 - 00000000 ____D C:\FRST
2016-03-08 16:43 - 2016-03-08 16:44 - 02374144 _____ (Farbar) C:\Users\Danelle\Desktop\FRST64.exe
2016-03-08 16:40 - 2016-03-08 16:40 - 00016148 _____ C:\Windows\system32\DESKTOP-3TQLJAO_Danelle_HistoryPrediction.bin
2016-03-08 07:37 - 2016-03-08 07:19 - 00024064 _____ C:\Windows\zoek-delete.exe
2016-03-08 07:19 - 2016-03-08 07:34 - 00000000 ____D C:\zoek_backup
2016-03-08 07:08 - 2016-03-08 07:19 - 01309184 _____ C:\Users\Danelle\Desktop\zoek.exe
2016-03-07 14:50 - 2016-03-08 16:41 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2016-03-07 11:44 - 2016-03-07 11:44 - 1040333254 _____ C:\Windows\MEMORY.DMP
2016-03-07 11:44 - 2016-03-07 11:44 - 00879824 _____ C:\Windows\Minidump\030716-24906-01.dmp
2016-03-07 11:44 - 2016-03-07 11:44 - 00000000 ____D C:\Windows\Minidump
2016-03-07 09:18 - 2016-03-07 09:18 - 00002350 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-07 09:15 - 2016-03-07 09:16 - 00987728 _____ (Google Inc.) C:\Users\Danelle\Downloads\ChromeSetup.exe
2016-03-07 08:58 - 2016-03-08 03:47 - 00004020 _____ C:\Windows\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-03-04 12:42 - 2016-03-04 14:18 - 02359296 _____ C:\Users\Danelle\Desktop\Restoration Management.accdb
2016-03-03 22:17 - 2016-03-03 22:17 - 00000000 ____D C:\ProgramData\6a8f1158-2bd1-0
2016-03-03 22:12 - 2016-03-03 22:12 - 00003886 _____ C:\Windows\System32\Tasks\{74CB11D1-F4A1-684D-5811-8F6AD8FAB348}
2016-03-03 22:12 - 2016-03-03 22:12 - 00000000 ____D C:\ProgramData\709d0637
2016-03-03 22:12 - 2016-03-03 22:12 - 00000000 ____D C:\ProgramData\6a8f1158-1ab1-0
2016-03-03 22:12 - 2016-03-03 22:12 - 00000000 ____D C:\ProgramData\{0348f79b-412c-0}
2016-03-03 22:12 - 2016-03-03 22:12 - 00000000 ____D C:\ProgramData\{022192c2-512c-1}
2016-02-29 16:13 - 2016-02-29 16:13 - 00000985 _____ C:\Users\Danelle\Desktop\2016 Timesheets - Shortcut.lnk
2016-02-29 12:18 - 2016-02-29 12:18 - 00003628 _____ C:\Windows\System32\Tasks\ASUS Smart Gesture Launcher
2016-02-29 12:17 - 2016-02-29 12:17 - 00065648 _____ C:\Windows\system32\ASGCoInstaller_x64.dll
2016-02-29 12:17 - 2016-02-29 12:17 - 00000000 ____D C:\Windows\LastGood.Tmp
2016-02-29 11:38 - 2016-02-29 11:38 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-02-29 11:37 - 2016-03-07 15:03 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-02-29 11:36 - 2016-03-07 15:02 - 00000000 ____D C:\ProgramData\Adobe
2016-02-29 11:36 - 2016-02-29 11:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-02-22 13:06 - 2016-02-22 13:06 - 00000000 ____D C:\Users\Danelle\AppData\Local\Cyberlink
2016-02-19 11:17 - 2016-02-19 11:17 - 00000000 ____D C:\Users\Danelle\Documents\Custom Office Templates
2016-02-19 09:20 - 2016-02-24 08:24 - 00005274 _____ C:\Windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-3TQLJAO-Danelle DESKTOP-3TQLJAO
2016-02-17 16:14 - 2016-02-29 11:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-02-17 16:14 - 2016-02-29 11:38 - 00000000 ____D C:\Program Files\Microsoft Office 15
2016-02-17 16:13 - 2016-02-17 16:14 - 01112816 _____ (Microsoft Corporation) C:\Users\Danelle\Downloads\Setup.X86.en-us_O365ProPlusRetail_cfe0ccae-c148-49ce-8f86-17700bc00ca3_TX_PR_.exe
2016-02-17 11:09 - 2016-03-08 16:41 - 00000928 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-02-17 11:09 - 2016-03-08 07:14 - 00000932 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-02-17 11:09 - 2016-03-07 09:18 - 00000000 ____D C:\Program Files (x86)\Google
2016-02-17 11:09 - 2016-02-17 11:09 - 00003990 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-17 11:09 - 2016-02-17 11:09 - 00003758 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-02-17 11:09 - 2016-02-17 11:09 - 00002235 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2016-02-17 11:09 - 2016-02-17 11:09 - 00000000 ____D C:\Users\Danelle\AppData\LocalLow\Google
2016-02-17 11:08 - 2016-03-07 09:18 - 00000000 ____D C:\Users\Danelle\AppData\Local\Google
2016-02-17 10:55 - 2016-02-17 11:08 - 00987728 _____ (Google Inc.) C:\Users\Danelle\Downloads\GoogleEarthSetup.exe
2016-02-12 12:47 - 2016-02-12 12:49 - 00000000 ____D C:\Users\Danelle\Documents\Favorite Photos
2016-02-12 12:45 - 2016-02-12 12:46 - 00000000 ____D C:\Users\Danelle\Documents\LREC Management
2016-02-12 12:44 - 2016-02-12 12:44 - 00000000 ____D C:\Users\Danelle\Documents\Haake HR
2016-02-12 10:10 - 2016-02-26 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-12 09:51 - 2016-02-12 09:51 - 00002057 _____ C:\Users\Danelle\Desktop\Welcome to ASUS Product Registration.lnk
2016-02-12 09:51 - 2016-02-12 09:51 - 00000000 ____D C:\ProgramData\APRP
2016-02-12 09:35 - 2016-02-12 09:35 - 00000000 ____D C:\ProgramData\Intel Security
2016-02-12 09:33 - 2016-02-12 09:33 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-02-11 08:24 - 2016-02-12 09:35 - 00003122 _____ C:\Windows\System32\Tasks\McAfeeLogon
2016-02-11 08:24 - 2016-02-12 09:35 - 00000000 ____D C:\Windows\System32\Tasks\McAfee
2016-02-10 21:38 - 2016-02-10 21:38 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-02-10 19:54 - 2016-02-10 21:55 - 00000000 ____D C:\Users\Danelle\Documents\My Garmin
2016-02-10 19:45 - 2016-01-06 16:30 - 00019617 _____ C:\Users\Danelle\Documents\ST Hours 2014-15.xlsx
2016-02-10 19:44 - 2015-07-31 15:30 - 00076800 _____ C:\Users\Danelle\Documents\Books Spreadsheet.xls
2016-02-10 19:44 - 2015-07-24 11:43 - 00031943 _____ C:\Users\Danelle\Documents\Books Spreadsheet.xlsx
2016-02-10 19:43 - 2016-02-10 21:49 - 00000000 ____D C:\Users\Danelle\Desktop\LREC-PC
2016-02-10 18:50 - 2016-02-10 18:50 - 00000000 ____D C:\Windows\system32\SleepStudy
2016-02-10 18:34 - 2016-02-10 18:34 - 00000000 ____D C:\Users\Danelle\AppData\Roaming\WildTangent
2016-02-10 18:10 - 2016-02-10 18:10 - 00000000 ____D C:\Program Files\Common Files\AV
2016-02-10 18:02 - 2016-02-10 18:03 - 00000000 ____D C:\Windows\system32\MRT
2016-02-10 18:02 - 2016-02-10 18:02 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-10 17:55 - 2016-01-31 00:25 - 01248896 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-02-10 17:55 - 2016-01-31 00:23 - 02601160 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-02-10 17:55 - 2016-01-31 00:04 - 01811360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-02-10 17:55 - 2016-01-30 23:38 - 21873152 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-02-10 17:55 - 2016-01-30 23:34 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\ngckeyenum.dll
2016-02-10 17:55 - 2016-01-30 23:33 - 24593920 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-02-10 17:55 - 2016-01-30 23:26 - 06787072 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Data.Pdf.dll
2016-02-10 17:55 - 2016-01-30 23:26 - 03793408 _____ (Microsoft Corporation) C:\Windows\system32\rdpcorets.dll
2016-02-10 17:55 - 2016-01-30 23:25 - 12504576 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-02-10 17:55 - 2016-01-30 23:25 - 02237952 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-02-10 17:55 - 2016-01-30 23:25 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-02-10 17:55 - 2016-01-30 23:25 - 00143872 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 17:55 - 2016-01-30 23:23 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\rdpudd.dll
2016-02-10 17:55 - 2016-01-30 23:22 - 00680448 _____ (Microsoft Corporation) C:\Windows\system32\rasmans.dll
2016-02-10 17:55 - 2016-01-30 23:20 - 02849792 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-02-10 17:55 - 2016-01-30 23:17 - 19324928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-02-10 17:55 - 2016-01-30 23:17 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-02-10 17:55 - 2016-01-30 23:14 - 07525376 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-02-10 17:55 - 2016-01-30 23:14 - 03588096 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-02-10 17:55 - 2016-01-30 23:13 - 04791808 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-02-10 17:55 - 2016-01-30 23:11 - 05156352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Data.Pdf.dll
2016-02-10 17:55 - 2016-01-30 23:11 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 17:55 - 2016-01-30 23:07 - 18802176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-02-10 17:55 - 2016-01-30 23:06 - 02316800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-02-10 17:55 - 2016-01-30 23:04 - 00100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-02-10 17:55 - 2016-01-30 23:02 - 03580416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-02-10 17:55 - 2016-01-30 23:00 - 11263488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-02-10 17:55 - 2016-01-30 22:59 - 05457408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-02-10 17:55 - 2016-01-04 21:06 - 08022368 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-02-10 17:55 - 2016-01-04 21:06 - 01063504 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2adec.dll
2016-02-10 17:55 - 2016-01-04 21:06 - 00119800 _____ (Microsoft Corporation) C:\Windows\system32\MP3DMOD.DLL
2016-02-10 17:55 - 2016-01-04 21:04 - 02824248 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2016-02-10 17:55 - 2016-01-04 20:30 - 00882208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2adec.dll
2016-02-10 17:55 - 2016-01-04 20:30 - 00100712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP3DMOD.DLL
2016-02-10 17:55 - 2016-01-04 20:28 - 02445128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2016-02-10 17:55 - 2016-01-04 20:15 - 00042496 _____ (Microsoft Corporation) C:\Windows\system32\usermgrcli.dll
2016-02-10 17:55 - 2016-01-04 20:09 - 01234944 _____ (Microsoft Corporation) C:\Windows\system32\aitstatic.exe
2016-02-10 17:55 - 2016-01-04 19:57 - 00712704 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2016-02-10 17:55 - 2016-01-04 19:57 - 00578560 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2016-02-10 17:55 - 2016-01-04 19:57 - 00455168 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-02-10 17:55 - 2016-01-04 19:29 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-02-10 17:55 - 2016-01-04 19:29 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-02-10 17:55 - 2016-01-04 19:26 - 00373760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-02-10 17:55 - 2015-11-24 23:42 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-10 17:55 - 2015-11-24 23:40 - 00516448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2016-02-10 17:55 - 2015-11-24 23:12 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-10 17:55 - 2015-11-24 22:49 - 01569280 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2016-02-10 17:55 - 2015-11-24 22:31 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\DAMM.dll
2016-02-10 17:55 - 2015-11-24 22:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\dot3mm.dll
2016-02-10 17:55 - 2015-11-24 22:30 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2016-02-10 17:55 - 2015-11-24 22:30 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2016-02-10 17:55 - 2015-11-24 22:22 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-02-10 17:55 - 2015-11-24 22:18 - 01233920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2016-02-10 17:55 - 2015-11-04 23:15 - 00541024 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2016-02-10 17:55 - 2015-11-04 23:14 - 00459104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2016-02-10 17:55 - 2015-11-04 23:13 - 00577888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2016-02-10 17:55 - 2015-11-04 23:11 - 01392480 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2016-02-10 17:55 - 2015-11-04 23:06 - 00966416 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2016-02-10 17:55 - 2015-11-04 22:56 - 00116064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2016-02-10 17:55 - 2015-11-04 22:30 - 00961376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2016-02-10 17:55 - 2015-11-04 22:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2016-02-10 17:55 - 2015-11-04 22:18 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-02-10 17:55 - 2015-11-04 22:17 - 02418688 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-02-10 17:55 - 2015-11-04 22:10 - 02987520 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2016-02-10 17:55 - 2015-11-04 22:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-02-10 17:55 - 2015-11-04 21:58 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-02-10 17:55 - 2015-11-04 21:40 - 01918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-02-10 17:55 - 2015-11-04 21:35 - 02639872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2016-02-10 17:55 - 2015-10-05 21:03 - 16708608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2016-02-10 17:55 - 2015-10-05 20:46 - 13027840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2016-02-10 17:55 - 2015-09-24 21:56 - 22322624 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-02-10 17:55 - 2015-09-24 21:26 - 20858360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-02-10 17:55 - 2015-09-17 00:48 - 02432336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2016-02-10 17:55 - 2015-09-17 00:48 - 00406864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2016-02-10 17:55 - 2015-09-17 00:28 - 00441168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2016-02-10 17:55 - 2015-09-17 00:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\CellularAPI.dll
2016-02-10 17:55 - 2015-09-17 00:06 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2016-02-10 17:55 - 2015-09-17 00:05 - 00483328 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2016-02-10 17:55 - 2015-09-17 00:03 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2016-02-10 17:55 - 2015-09-17 00:02 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2016-02-10 17:55 - 2015-09-17 00:00 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\KeywordDetectorMsftSidAdapter.dll
2016-02-10 17:55 - 2015-09-16 23:55 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\dmcsps.dll
2016-02-10 17:55 - 2015-09-16 23:52 - 06572032 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2016-02-10 17:55 - 2015-09-16 23:52 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-02-10 17:55 - 2015-09-16 23:51 - 01812480 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2016-02-10 17:55 - 2015-09-16 23:50 - 00929280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2016-02-10 17:55 - 2015-09-16 23:50 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2016-02-10 17:55 - 2015-09-16 23:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\buttonconverter.sys
2016-02-10 17:55 - 2015-09-16 23:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\LocationGeofences.dll
2016-02-10 17:55 - 2015-09-16 23:49 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
2016-02-10 17:55 - 2015-09-16 23:48 - 02093056 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2016-02-10 17:55 - 2015-09-16 23:47 - 00513536 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2016-02-10 17:55 - 2015-09-16 23:47 - 00371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2016-02-10 17:55 - 2015-09-16 23:46 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-02-10 17:55 - 2015-09-16 23:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2016-02-10 17:55 - 2015-09-16 23:46 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\HttpsDataSource.dll
2016-02-10 17:55 - 2015-09-16 23:44 - 01844736 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2016-02-10 17:55 - 2015-09-16 23:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-02-10 17:55 - 2015-09-16 23:30 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2016-02-10 17:55 - 2015-08-26 23:42 - 00596480 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-02-10 17:55 - 2015-08-26 23:42 - 00184320 _____ (Microsoft Corporation) C:\Windows\system32\shacct.dll
2016-02-10 17:55 - 2015-08-26 23:39 - 00045568 _____ (Adobe Systems) C:\Windows\system32\atmlib.dll
2016-02-10 17:55 - 2015-08-26 23:11 - 00139776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shacct.dll
2016-02-10 17:55 - 2015-08-26 23:08 - 00037376 _____ (Adobe Systems) C:\Windows\SysWOW64\atmlib.dll
2016-02-10 17:55 - 2015-08-18 01:55 - 00373072 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBXHCI.SYS
2016-02-10 17:55 - 2015-08-18 00:56 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\BthRadioMedia.dll
2016-02-10 17:55 - 2015-08-18 00:26 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PackageStateRoaming.dll
2016-02-10 17:55 - 2015-08-11 04:03 - 00442208 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\storport.sys
2016-02-10 17:55 - 2015-08-11 04:02 - 00080720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\stornvme.sys
2016-02-10 17:55 - 2015-08-11 03:21 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\tetheringclient.dll
2016-02-10 17:55 - 2015-08-11 03:08 - 00893440 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApiPublic.dll
2016-02-10 17:55 - 2015-08-11 03:07 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\MbaeParserTask.exe
2016-02-10 17:55 - 2015-08-11 03:05 - 00137216 _____ (Microsoft Corporation) C:\Windows\system32\LocationPermissions.dll
2016-02-10 17:54 - 2016-01-31 00:25 - 01951872 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 17:54 - 2016-01-31 00:24 - 01824880 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-02-10 17:54 - 2016-01-31 00:23 - 01420392 _____ (Microsoft Corporation) C:\Windows\system32\msctf.dll
2016-02-10 17:54 - 2016-01-31 00:06 - 01535032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-02-10 17:54 - 2016-01-31 00:06 - 01531368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 17:54 - 2016-01-31 00:06 - 00809336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-02-10 17:54 - 2016-01-31 00:04 - 01180696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msctf.dll
2016-02-10 17:54 - 2016-01-30 23:33 - 00057856 _____ (Microsoft Corporation) C:\Windows\system32\IoTAssignedAccessLockFramework.dll
2016-02-10 17:54 - 2016-01-30 23:29 - 11557888 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-02-10 17:54 - 2016-01-30 23:19 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-02-10 17:54 - 2016-01-30 23:19 - 00237056 _____ (Microsoft Corporation) C:\Windows\system32\NetworkDesktopSettings.dll
2016-02-10 17:54 - 2016-01-30 23:18 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-02-10 17:54 - 2016-01-30 23:16 - 09889280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-02-10 17:54 - 2016-01-30 23:16 - 00950272 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 17:54 - 2016-01-30 23:11 - 00291840 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-10 17:54 - 2016-01-30 23:05 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-02-10 17:54 - 2016-01-30 23:02 - 00768000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 17:54 - 2016-01-04 21:07 - 02463704 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-02-10 17:54 - 2016-01-04 21:07 - 00377592 _____ (Microsoft Corporation) C:\Windows\system32\MP4SDECD.DLL
2016-02-10 17:54 - 2016-01-04 21:06 - 01991120 _____ (Microsoft Corporation) C:\Windows\system32\WMVENCOD.DLL
2016-02-10 17:54 - 2016-01-04 21:06 - 01270104 _____ (Microsoft Corporation) C:\Windows\system32\mfnetsrc.dll
2016-02-10 17:54 - 2016-01-04 21:04 - 02641928 _____ (Microsoft Corporation) C:\Windows\system32\WMVDECOD.DLL
2016-02-10 17:54 - 2016-01-04 21:04 - 01150816 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-02-10 17:54 - 2016-01-04 21:04 - 00862056 _____ (Microsoft Corporation) C:\Windows\system32\mfnetcore.dll
2016-02-10 17:54 - 2016-01-04 21:04 - 00787720 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOD.DLL
2016-02-10 17:54 - 2016-01-04 21:04 - 00784136 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-02-10 17:54 - 2016-01-04 21:04 - 00779928 _____ (Microsoft Corporation) C:\Windows\system32\evr.dll
2016-02-10 17:54 - 2016-01-04 21:04 - 00772448 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-02-10 17:54 - 2016-01-04 21:04 - 00751992 _____ (Microsoft Corporation) C:\Windows\system32\WMADMOE.DLL
2016-02-10 17:54 - 2016-01-04 21:04 - 00667856 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-02-10 17:54 - 2016-01-04 21:04 - 00233992 _____ (Microsoft Corporation) C:\Windows\system32\mftranscode.dll
2016-02-10 17:54 - 2016-01-04 21:04 - 00115704 _____ (Microsoft Corporation) C:\Windows\system32\VIDRESZR.DLL
2016-02-10 17:54 - 2016-01-04 21:04 - 00090912 _____ (Microsoft Corporation) C:\Windows\system32\devenum.dll
2016-02-10 17:54 - 2016-01-04 21:04 - 00083704 _____ (Microsoft Corporation) C:\Windows\system32\mfvdsp.dll
2016-02-10 17:54 - 2016-01-04 20:59 - 00781976 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2016-02-10 17:54 - 2016-01-04 20:52 - 00441696 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-02-10 17:54 - 2016-01-04 20:50 - 01083072 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2016-02-10 17:54 - 2016-01-04 20:50 - 00723648 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-02-10 17:54 - 2016-01-04 20:50 - 00345080 _____ (Microsoft Corporation) C:\Windows\system32\WMVSDECD.DLL
2016-02-10 17:54 - 2016-01-04 20:50 - 00205072 _____ (Microsoft Corporation) C:\Windows\system32\COLORCNV.DLL
2016-02-10 17:54 - 2016-01-04 20:30 - 02459096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVDECOD.DLL
2016-02-10 17:54 - 2016-01-04 20:30 - 02162064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVENCOD.DLL
2016-02-10 17:54 - 2016-01-04 20:30 - 02152744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-02-10 17:54 - 2016-01-04 20:30 - 01106872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetsrc.dll
2016-02-10 17:54 - 2016-01-04 20:30 - 00368776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP4SDECD.DLL
2016-02-10 17:54 - 2016-01-04 20:30 - 00232896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RESAMPLEDMO.DLL
2016-02-10 17:54 - 2016-01-04 20:29 - 00208688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mftranscode.dll
2016-02-10 17:54 - 2016-01-04 20:28 - 00714808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfnetcore.dll
2016-02-10 17:54 - 2016-01-04 20:28 - 00696192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOE.DLL
2016-02-10 17:54 - 2016-01-04 20:28 - 00695752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMADMOD.DLL
2016-02-10 17:54 - 2016-01-04 20:28 - 00645144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-02-10 17:54 - 2016-01-04 20:28 - 00635312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\evr.dll
2016-02-10 17:54 - 2016-01-04 20:28 - 00497896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-02-10 17:54 - 2016-01-04 20:28 - 00107952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VIDRESZR.DLL
2016-02-10 17:54 - 2016-01-04 20:28 - 00082096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\devenum.dll
2016-02-10 17:54 - 2016-01-04 20:28 - 00072808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfvdsp.dll
2016-02-10 17:54 - 2016-01-04 20:21 - 00658528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2016-02-10 17:54 - 2016-01-04 20:15 - 00931328 _____ (Microsoft Corporation) C:\Windows\system32\MSMPEG2ENC.DLL
2016-02-10 17:54 - 2016-01-04 20:10 - 00539136 _____ (Microsoft Corporation) C:\Windows\system32\mfh264enc.dll
2016-02-10 17:54 - 2016-01-04 20:10 - 00305776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSDECD.DLL
2016-02-10 17:54 - 2016-01-04 20:10 - 00188032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\COLORCNV.DLL
2016-02-10 17:54 - 2016-01-04 20:09 - 00205312 _____ (Microsoft Corporation) C:\Windows\system32\aepic.dll
2016-02-10 17:54 - 2016-01-04 20:02 - 01672192 _____ (Microsoft Corporation) C:\Windows\system32\quartz.dll
2016-02-10 17:54 - 2016-01-04 20:02 - 00678912 _____ (Microsoft Corporation) C:\Windows\system32\qedit.dll
2016-02-10 17:54 - 2016-01-04 20:02 - 00379392 _____ (Microsoft Corporation) C:\Windows\system32\qdvd.dll
2016-02-10 17:54 - 2016-01-04 20:00 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-02-10 17:54 - 2016-01-04 19:59 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-02-10 17:54 - 2016-01-04 19:51 - 01255936 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOE.DLL
2016-02-10 17:54 - 2016-01-04 19:51 - 01009664 _____ (Microsoft Corporation) C:\Windows\system32\WMSPDMOD.DLL
2016-02-10 17:54 - 2016-01-04 19:51 - 00634368 _____ (Microsoft Corporation) C:\Windows\system32\WMVXENCD.DLL
2016-02-10 17:54 - 2016-01-04 19:51 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\MFWMAAEC.DLL
2016-02-10 17:54 - 2016-01-04 19:51 - 00447488 _____ (Microsoft Corporation) C:\Windows\system32\WMVSENCD.DLL
2016-02-10 17:54 - 2016-01-04 19:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserMgrProxy.dll
2016-02-10 17:54 - 2016-01-04 19:44 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usermgrcli.dll
2016-02-10 17:54 - 2016-01-04 19:42 - 00871936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSMPEG2ENC.DLL
2016-02-10 17:54 - 2016-01-04 19:38 - 00556032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfh264enc.dll
2016-02-10 17:54 - 2016-01-04 19:32 - 01541632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\quartz.dll
2016-02-10 17:54 - 2016-01-04 19:32 - 00573440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qedit.dll
2016-02-10 17:54 - 2016-01-04 19:31 - 00563200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\qdvd.dll
2016-02-10 17:54 - 2016-01-04 19:20 - 00890880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOD.DLL
2016-02-10 17:54 - 2016-01-04 19:19 - 01070080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMSPDMOE.DLL
2016-02-10 17:54 - 2016-01-04 19:19 - 00747008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVXENCD.DLL
2016-02-10 17:54 - 2016-01-04 19:19 - 00409088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMVSENCD.DLL
2016-02-10 17:54 - 2016-01-04 19:19 - 00404992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFWMAAEC.DLL
2016-02-10 17:54 - 2015-12-01 01:01 - 02115936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-02-10 17:54 - 2015-12-01 00:03 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\gpuenergydrv.sys
2016-02-10 17:54 - 2015-11-24 23:42 - 00168288 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.exe
2016-02-10 17:54 - 2015-11-24 23:33 - 03622272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-02-10 17:54 - 2015-11-24 23:27 - 01366680 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2016-02-10 17:54 - 2015-11-24 23:09 - 01310880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2016-02-10 17:54 - 2015-11-24 23:01 - 02879024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-02-10 17:54 - 2015-11-24 22:49 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\WlanMediaManager.dll
2016-02-10 17:54 - 2015-11-24 22:49 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2016-02-10 17:54 - 2015-11-24 22:49 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\RasMediaManager.dll
2016-02-10 17:54 - 2015-11-24 22:48 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\EthernetMediaManager.dll
2016-02-10 17:54 - 2015-11-24 22:48 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\DAMediaManager.dll
2016-02-10 17:54 - 2015-11-24 22:37 - 02350592 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2016-02-10 17:54 - 2015-11-24 22:36 - 01710592 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2016-02-10 17:54 - 2015-11-24 22:35 - 00929792 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2016-02-10 17:54 - 2015-11-24 22:35 - 00845824 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2016-02-10 17:54 - 2015-11-24 22:29 - 01649152 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2016-02-10 17:54 - 2015-11-24 22:29 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\ninput.dll
2016-02-10 17:54 - 2015-11-24 22:28 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2016-02-10 17:54 - 2015-11-24 22:27 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-02-10 17:54 - 2015-11-24 22:23 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-02-10 17:54 - 2015-11-24 22:22 - 01717248 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2016-02-10 17:54 - 2015-11-24 22:22 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2016-02-10 17:54 - 2015-11-24 22:19 - 01795584 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-02-10 17:54 - 2015-11-24 22:19 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2016-02-10 17:54 - 2015-11-24 22:17 - 00774656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2016-02-10 17:54 - 2015-11-24 22:16 - 01442816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2016-02-10 17:54 - 2015-11-24 22:16 - 00786432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2016-02-10 17:54 - 2015-11-24 22:13 - 02153984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2016-02-10 17:54 - 2015-11-24 22:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll
2016-02-10 17:54 - 2015-11-24 22:10 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2016-02-10 17:54 - 2015-11-24 22:10 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2016-02-10 17:54 - 2015-11-24 22:04 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2016-02-10 17:54 - 2015-11-24 22:04 - 00480768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2016-02-10 17:54 - 2015-11-24 22:04 - 00474624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-02-10 17:54 - 2015-11-04 23:01 - 00607408 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2016-02-10 17:54 - 2015-11-04 22:23 - 00762888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2016-02-10 17:54 - 2015-11-04 22:18 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2016-02-10 17:54 - 2015-11-04 22:12 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll
2016-02-10 17:54 - 2015-11-04 22:03 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2016-02-10 17:54 - 2015-11-04 21:59 - 02675200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2016-02-10 17:54 - 2015-11-04 21:54 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll
2016-02-10 17:54 - 2015-11-04 21:42 - 02647040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-02-10 17:54 - 2015-11-04 21:27 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2016-02-10 17:54 - 2015-11-04 21:27 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-02-10 17:54 - 2015-11-04 21:23 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll
2016-02-10 17:54 - 2015-09-30 21:03 - 00757760 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2016-02-10 17:54 - 2015-09-24 22:01 - 02573768 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2016-02-10 17:54 - 2015-09-24 21:33 - 01997336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2016-02-10 17:54 - 2015-09-24 21:03 - 00796160 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2016-02-10 17:54 - 2015-09-24 21:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2016-02-10 17:54 - 2015-09-24 21:00 - 01423872 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2016-02-10 17:54 - 2015-09-24 20:59 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2016-02-10 17:54 - 2015-09-24 20:59 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\CallHistoryClient.dll
2016-02-10 17:54 - 2015-09-24 20:58 - 01871360 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2016-02-10 17:54 - 2015-09-24 20:37 - 00613376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2016-02-10 17:54 - 2015-09-24 20:32 - 01594368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2016-02-10 17:54 - 2015-09-17 00:50 - 01563392 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2016-02-10 17:54 - 2015-09-17 00:50 - 00099664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2016-02-10 17:54 - 2015-09-17 00:49 - 06487248 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-02-10 17:54 - 2015-09-17 00:49 - 00894256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2016-02-10 17:54 - 2015-09-17 00:49 - 00553808 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2016-02-10 17:54 - 2015-09-17 00:48 - 02494712 _____ C:\Windows\system32\CoreUIComponents.dll
2016-02-10 17:54 - 2015-09-17 00:48 - 02156400 _____ (Microsoft Corporation) C:\Windows\system32\hevcdecoder.dll
2016-02-10 17:54 - 2015-09-17 00:48 - 01983824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-02-10 17:54 - 2015-09-17 00:48 - 00555768 _____ (Microsoft Corporation) C:\Windows\system32\directmanipulation.dll
2016-02-10 17:54 - 2015-09-17 00:48 - 00476760 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2016-02-10 17:54 - 2015-09-17 00:48 - 00332624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2016-02-10 17:54 - 2015-09-17 00:37 - 01295712 _____ (Microsoft Corporation) C:\Windows\system32\wpx.dll
2016-02-10 17:54 - 2015-09-17 00:28 - 05120056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-02-10 17:54 - 2015-09-17 00:28 - 00074880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2016-02-10 17:54 - 2015-09-17 00:27 - 01766952 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2016-02-10 17:54 - 2015-09-17 00:27 - 00454512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\directmanipulation.dll
2016-02-10 17:54 - 2015-09-17 00:26 - 01895568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hevcdecoder.dll
2016-02-10 17:54 - 2015-09-17 00:26 - 00434376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2016-02-10 17:54 - 2015-09-17 00:05 - 02226688 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2016-02-10 17:54 - 2015-09-17 00:04 - 07569408 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2016-02-10 17:54 - 2015-09-17 00:04 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\DataSenseHandlers.dll
2016-02-10 17:54 - 2015-09-16 23:57 - 02228736 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2016-02-10 17:54 - 2015-09-16 23:56 - 00859136 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2016-02-10 17:54 - 2015-09-16 23:55 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx02000.dll
2016-02-10 17:54 - 2015-09-16 23:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\wwancfg.dll
2016-02-10 17:54 - 2015-09-16 23:54 - 03781120 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2016-02-10 17:54 - 2015-09-16 23:54 - 00780288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-02-10 17:54 - 2015-09-16 23:54 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-02-10 17:54 - 2015-09-16 23:53 - 07055872 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2016-02-10 17:54 - 2015-09-16 23:52 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll
2016-02-10 17:54 - 2015-09-16 23:52 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2016-02-10 17:54 - 2015-09-16 23:52 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApi.dll
2016-02-10 17:54 - 2015-09-16 23:52 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2016-02-10 17:54 - 2015-09-16 23:51 - 02660864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-02-10 17:54 - 2015-09-16 23:49 - 01290240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-02-10 17:54 - 2015-09-16 23:48 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\ncryptprov.dll
2016-02-10 17:54 - 2015-09-16 23:46 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2016-02-10 17:54 - 2015-09-16 23:45 - 01331200 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2016-02-10 17:54 - 2015-09-16 23:43 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\RemoteNaturalLanguage.dll
2016-02-10 17:54 - 2015-09-16 23:43 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2016-02-10 17:54 - 2015-09-16 23:40 - 06101504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2016-02-10 17:54 - 2015-09-16 23:39 - 00587264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2016-02-10 17:54 - 2015-09-16 23:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-02-10 17:54 - 2015-09-16 23:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApi.dll
2016-02-10 17:54 - 2015-09-16 23:36 - 01171456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcenter.dll
2016-02-10 17:54 - 2015-09-16 23:35 - 05079552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2016-02-10 17:54 - 2015-09-16 23:35 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-02-10 17:54 - 2015-09-16 23:31 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptprov.dll
2016-02-10 17:54 - 2015-09-16 23:29 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2016-02-10 17:54 - 2015-08-26 23:54 - 00365568 _____ (Adobe Systems Incorporated) C:\Windows\system32\atmfd.dll
2016-02-10 17:54 - 2015-08-26 23:42 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.PicturePassword.dll
2016-02-10 17:54 - 2015-08-26 23:23 - 00303104 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\atmfd.dll
2016-02-10 17:54 - 2015-08-26 23:11 - 00484352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2016-02-10 17:54 - 2015-08-20 00:06 - 00609592 _____ (Microsoft Corporation) C:\Windows\system32\ci.dll
2016-02-10 17:54 - 2015-08-18 00:59 - 01294336 _____ (Microsoft Corporation) C:\Windows\system32\wcnwiz.dll
2016-02-10 17:54 - 2015-08-18 00:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\WcnNetsh.dll
2016-02-10 17:54 - 2015-08-18 00:57 - 00045568 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll
2016-02-10 17:54 - 2015-08-18 00:54 - 00322048 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll
2016-02-10 17:54 - 2015-08-18 00:52 - 01888768 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-02-10 17:54 - 2015-08-18 00:49 - 00246272 _____ (Microsoft Corporation) C:\Windows\system32\PackageStateRoaming.dll
2016-02-10 17:54 - 2015-08-18 00:36 - 01226752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wcnwiz.dll
2016-02-10 17:54 - 2015-08-18 00:35 - 00100352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WcnApi.dll
2016-02-10 17:54 - 2015-08-18 00:35 - 00095744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fdWCN.dll
2016-02-10 17:54 - 2015-08-18 00:29 - 01593344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-02-10 17:54 - 2015-08-11 03:50 - 01643872 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-02-10 17:54 - 2015-08-11 03:11 - 02446336 _____ C:\Windows\system32\InputService.dll
2016-02-10 17:54 - 2015-08-11 03:05 - 03527168 _____ (Microsoft Corporation) C:\Windows\system32\tquery.dll
2016-02-10 17:54 - 2015-08-11 03:03 - 02558976 _____ (Microsoft Corporation) C:\Windows\system32\mssrch.dll
2016-02-10 17:54 - 2015-08-11 02:59 - 00042496 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tetheringclient.dll
2016-02-10 17:54 - 2015-08-11 02:48 - 00671232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApiPublic.dll
2016-02-10 17:54 - 2015-08-11 02:43 - 02748416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tquery.dll
2016-02-10 17:54 - 2015-08-11 02:40 - 01964544 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mssrch.dll
2016-02-10 17:53 - 2016-01-30 23:29 - 00141312 _____ (Microsoft Corporation) C:\Windows\system32\rasman.dll
2016-02-10 17:53 - 2016-01-30 23:24 - 00784384 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2016-02-10 17:53 - 2016-01-30 23:24 - 00047616 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2016-02-10 17:53 - 2016-01-30 23:24 - 00033280 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2016-02-10 17:53 - 2016-01-30 23:19 - 00046592 _____ (Microsoft Corporation) C:\Windows\SysWOW64\IoTAssignedAccessLockFramework.dll
2016-02-10 17:53 - 2016-01-30 23:18 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 17:53 - 2016-01-30 23:13 - 00123392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rasman.dll
2016-02-10 17:53 - 2016-01-30 23:13 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\ztrace_maps.dll
2016-02-10 17:53 - 2016-01-30 23:11 - 00678400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2016-02-10 17:53 - 2016-01-30 23:05 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2016-02-10 17:53 - 2016-01-30 23:05 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 17:53 - 2016-01-30 22:58 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ztrace_maps.dll
2016-02-10 17:53 - 2016-01-04 21:04 - 01591848 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-02-10 17:53 - 2016-01-04 21:04 - 00250520 _____ (Microsoft Corporation) C:\Windows\system32\MPG4DECD.DLL
2016-02-10 17:53 - 2016-01-04 21:04 - 00249464 _____ (Microsoft Corporation) C:\Windows\system32\RESAMPLEDMO.DLL
2016-02-10 17:53 - 2016-01-04 21:04 - 00243248 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2016-02-10 17:53 - 2016-01-04 20:50 - 01817064 _____ (Microsoft Corporation) C:\Windows\system32\WMALFXGFXDSP.dll
2016-02-10 17:53 - 2016-01-04 20:50 - 00251544 _____ (Microsoft Corporation) C:\Windows\system32\MP43DECD.DLL
2016-02-10 17:53 - 2016-01-04 20:31 - 01365576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-02-10 17:53 - 2016-01-04 20:28 - 00277400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MPG4DECD.DLL
2016-02-10 17:53 - 2016-01-04 20:28 - 00116728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfps.dll
2016-02-10 17:53 - 2016-01-04 20:15 - 00235008 _____ (Microsoft Corporation) C:\Windows\system32\UserMgrProxy.dll
2016-02-10 17:53 - 2016-01-04 20:10 - 00278424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MP43DECD.DLL
2016-02-10 17:53 - 2016-01-04 20:01 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\ksproxy.ax
2016-02-10 17:53 - 2016-01-04 19:31 - 00235008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ksproxy.ax
2016-02-10 17:53 - 2015-11-24 23:32 - 00113184 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2016-02-10 17:53 - 2015-11-24 22:59 - 00092992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2016-02-10 17:53 - 2015-11-24 22:36 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2016-02-10 17:53 - 2015-11-24 22:26 - 00849408 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2016-02-10 17:53 - 2015-11-24 22:26 - 00181760 _____ (Microsoft Corporation) C:\Windows\system32\shutdownux.dll
2016-02-10 17:53 - 2015-11-24 22:25 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2016-02-10 17:53 - 2015-11-24 22:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2016-02-10 17:53 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2016-02-10 17:53 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2016-02-10 17:53 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2016-02-10 17:53 - 2015-11-24 22:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2016-02-10 17:53 - 2015-11-24 22:08 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2016-02-10 17:53 - 2015-11-24 22:07 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2016-02-10 17:53 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2016-02-10 17:53 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2016-02-10 17:53 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2016-02-10 17:53 - 2015-11-24 22:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2016-02-10 17:53 - 2015-11-24 20:52 - 00775312 _____ C:\Windows\SysWOW64\locale.nls
2016-02-10 17:53 - 2015-11-24 20:52 - 00775312 _____ C:\Windows\system32\locale.nls
2016-02-10 17:53 - 2015-11-04 22:56 - 00025280 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2016-02-10 17:53 - 2015-11-04 22:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2016-02-10 17:53 - 2015-11-04 22:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2016-02-10 17:53 - 2015-11-04 21:55 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2016-02-10 17:53 - 2015-11-04 21:34 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2016-02-10 17:53 - 2015-10-10 01:12 - 00078528 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2016-02-10 17:53 - 2015-09-30 22:01 - 01294352 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-02-10 17:53 - 2015-09-30 22:01 - 01123400 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-02-10 17:53 - 2015-09-30 22:01 - 01018568 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-02-10 17:53 - 2015-09-30 22:01 - 00858408 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-02-10 17:53 - 2015-09-24 22:01 - 00498016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2016-02-10 17:53 - 2015-09-24 21:52 - 00980832 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2016-02-10 17:53 - 2015-09-24 21:11 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\UserDataAccountApis.dll
2016-02-10 17:53 - 2015-09-24 21:11 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\PhoneCallHistoryApis.dll
2016-02-10 17:53 - 2015-09-24 21:07 - 01276416 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2016-02-10 17:53 - 2015-09-24 21:00 - 00856576 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2016-02-10 17:53 - 2015-09-24 21:00 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2016-02-10 17:53 - 2015-09-24 20:59 - 01205248 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2016-02-10 17:53 - 2015-09-24 20:59 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2016-02-10 17:53 - 2015-09-24 20:59 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll
2016-02-10 17:53 - 2015-09-24 20:59 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2016-02-10 17:53 - 2015-09-24 20:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2016-02-10 17:53 - 2015-09-24 20:47 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneCallHistoryApis.dll
2016-02-10 17:53 - 2015-09-24 20:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2016-02-10 17:53 - 2015-09-24 20:34 - 00928256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2016-02-10 17:53 - 2015-09-24 20:34 - 00625152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2016-02-10 17:53 - 2015-09-24 20:34 - 00579584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2016-02-10 17:53 - 2015-09-24 20:34 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2016-02-10 17:53 - 2015-09-24 20:34 - 00525312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2016-02-10 17:53 - 2015-09-24 20:33 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CallHistoryClient.dll
2016-02-10 17:53 - 2015-09-24 20:32 - 00466432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2016-02-10 17:53 - 2015-09-18 23:14 - 00102304 _____ (Microsoft Corporation) C:\Windows\system32\omadmapi.dll
2016-02-10 17:53 - 2015-09-17 00:50 - 00088384 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2016-02-10 17:53 - 2015-09-17 00:49 - 01563472 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2016-02-10 17:53 - 2015-09-17 00:49 - 00501008 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2016-02-10 17:53 - 2015-09-17 00:48 - 00809352 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2016-02-10 17:53 - 2015-09-17 00:48 - 00584656 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2016-02-10 17:53 - 2015-09-17 00:48 - 00537080 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2016-02-10 17:53 - 2015-09-17 00:48 - 00505696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-02-10 17:53 - 2015-09-17 00:48 - 00395088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-02-10 17:53 - 2015-09-17 00:48 - 00278352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2016-02-10 17:53 - 2015-09-17 00:37 - 01168736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2016-02-10 17:53 - 2015-09-17 00:28 - 01357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2016-02-10 17:53 - 2015-09-17 00:28 - 00407608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2016-02-10 17:53 - 2015-09-17 00:26 - 00508248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2016-02-10 17:53 - 2015-09-17 00:26 - 00428128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2016-02-10 17:53 - 2015-09-17 00:11 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2016-02-10 17:53 - 2015-09-17 00:10 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2016-02-10 17:53 - 2015-09-17 00:09 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2016-02-10 17:53 - 2015-09-17 00:09 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\provops.dll
2016-02-10 17:53 - 2015-09-17 00:08 - 00494592 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2016-02-10 17:53 - 2015-09-17 00:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Speech.Pal.dll
2016-02-10 17:53 - 2015-09-17 00:08 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManagerShellext.exe
2016-02-10 17:53 - 2015-09-17 00:04 - 00910848 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-02-10 17:53 - 2015-09-17 00:03 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2016-02-10 17:53 - 2015-09-17 00:03 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2016-02-10 17:53 - 2015-09-17 00:03 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2016-02-10 17:53 - 2015-09-17 00:02 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-02-10 17:53 - 2015-09-17 00:00 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2016-02-10 17:53 - 2015-09-16 23:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2016-02-10 17:53 - 2015-09-16 23:57 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2016-02-10 17:53 - 2015-09-16 23:57 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2016-02-10 17:53 - 2015-09-16 23:57 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2016-02-10 17:53 - 2015-09-16 23:56 - 00521728 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2016-02-10 17:53 - 2015-09-16 23:56 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\configmanager2.dll
2016-02-10 17:53 - 2015-09-16 23:55 - 01601536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2016-02-10 17:53 - 2015-09-16 23:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\ngccredprov.dll
2016-02-10 17:53 - 2015-09-16 23:55 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\accountaccessor.dll
2016-02-10 17:53 - 2015-09-16 23:55 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2016-02-10 17:53 - 2015-09-16 23:52 - 00856576 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2016-02-10 17:53 - 2015-09-16 23:52 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2016-02-10 17:53 - 2015-09-16 23:52 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2016-02-10 17:53 - 2015-09-16 23:52 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\SubscriptionMgr.dll
2016-02-10 17:53 - 2015-09-16 23:51 - 01203712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2016-02-10 17:53 - 2015-09-16 23:51 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2016-02-10 17:53 - 2015-09-16 23:51 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2016-02-10 17:53 - 2015-09-16 23:50 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2016-02-10 17:53 - 2015-09-16 23:50 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2016-02-10 17:53 - 2015-09-16 23:50 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\LocationPeWiFi.dll
2016-02-10 17:53 - 2015-09-16 23:50 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\LocationPeCell.dll
2016-02-10 17:53 - 2015-09-16 23:49 - 00439296 _____ (Microsoft Corporation) C:\Windows\system32\LocationWebproxy.dll
2016-02-10 17:53 - 2015-09-16 23:49 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\LocationCrowdsource.dll
2016-02-10 17:53 - 2015-09-16 23:49 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\LocationPeIP.dll
2016-02-10 17:53 - 2015-09-16 23:49 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\LocationWiFiAdapter.dll
2016-02-10 17:53 - 2015-09-16 23:49 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Speech.Pal.dll
2016-02-10 17:53 - 2015-09-16 23:48 - 00517632 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2016-02-10 17:53 - 2015-09-16 23:48 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2016-02-10 17:53 - 2015-09-16 23:48 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\LockAppBroker.dll
2016-02-10 17:53 - 2015-09-16 23:48 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2016-02-10 17:53 - 2015-09-16 23:47 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2016-02-10 17:53 - 2015-09-16 23:46 - 00928256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2016-02-10 17:53 - 2015-09-16 23:46 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2016-02-10 17:53 - 2015-09-16 23:46 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2016-02-10 17:53 - 2015-09-16 23:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\syncmlhook.dll
2016-02-10 17:53 - 2015-09-16 23:45 - 00869376 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2016-02-10 17:53 - 2015-09-16 23:45 - 00832512 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2016-02-10 17:53 - 2015-09-16 23:45 - 00193024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2016-02-10 17:53 - 2015-09-16 23:44 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2016-02-10 17:53 - 2015-09-16 23:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\syncutil.dll
2016-02-10 17:53 - 2015-09-16 23:43 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2016-02-10 17:53 - 2015-09-16 23:41 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2016-02-10 17:53 - 2015-09-16 23:40 - 01162240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2016-02-10 17:53 - 2015-09-16 23:38 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2016-02-10 17:53 - 2015-09-16 23:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2016-02-10 17:53 - 2015-09-16 23:34 - 00253440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2016-02-10 17:53 - 2015-09-16 23:32 - 00336384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2016-02-10 17:53 - 2015-09-16 23:32 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppBroker.dll
2016-02-10 17:53 - 2015-09-16 23:32 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-02-10 17:53 - 2015-09-16 23:29 - 00701952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2016-02-10 17:53 - 2015-09-16 23:29 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2016-02-10 17:53 - 2015-09-16 23:28 - 00473088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2016-02-10 17:53 - 2015-09-16 23:26 - 00899584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RemoteNaturalLanguage.dll
2016-02-10 17:53 - 2015-09-16 23:16 - 00512000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2016-02-10 17:53 - 2015-08-26 23:51 - 01774592 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Immersive.dll
2016-02-10 17:53 - 2015-08-26 23:49 - 01008640 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-02-10 17:53 - 2015-08-26 23:16 - 01612288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Immersive.dll
2016-02-10 17:53 - 2015-08-19 23:26 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-02-10 17:53 - 2015-08-19 23:21 - 00193024 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseModernAppMgmtCSP.dll
2016-02-10 17:53 - 2015-08-18 01:13 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-02-10 17:53 - 2015-08-18 00:59 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\WcnApi.dll
2016-02-10 17:53 - 2015-08-18 00:58 - 00187392 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-02-10 17:53 - 2015-08-18 00:58 - 00117760 _____ (Microsoft Corporation) C:\Windows\system32\dafWCN.dll
2016-02-10 17:53 - 2015-08-18 00:58 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\fdWCN.dll
2016-02-10 17:53 - 2015-08-18 00:54 - 00247296 _____ C:\Windows\system32\facecredentialprovider.dll
2016-02-10 17:53 - 2015-08-18 00:49 - 01061888 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2016-02-10 17:53 - 2015-08-18 00:49 - 00274432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-02-10 17:53 - 2015-08-18 00:34 - 00037376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wfdprov.dll
2016-02-10 17:53 - 2015-08-17 22:44 - 00008847 _____ C:\Windows\system32\ResPriHMImageList
2016-02-10 17:53 - 2015-08-11 04:04 - 01087296 _____ (Microsoft Corporation) C:\Windows\system32\mfplat.dll
2016-02-10 17:53 - 2015-08-11 04:02 - 00292856 _____ (Microsoft Corporation) C:\Windows\system32\LockAppHost.exe
2016-02-10 17:53 - 2015-08-11 03:52 - 00993104 _____ (Microsoft Corporation) C:\Windows\system32\ReAgent.dll
2016-02-10 17:53 - 2015-08-11 03:40 - 00918320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfplat.dll
2016-02-10 17:53 - 2015-08-11 03:37 - 00243800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppHost.exe
2016-02-10 17:53 - 2015-08-11 03:26 - 00845664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReAgent.dll
2016-02-10 17:53 - 2015-08-11 03:19 - 00235520 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_Notifications.dll
2016-02-10 17:53 - 2015-08-11 03:14 - 00404480 _____ C:\Windows\system32\diagtrack_wininternal.dll
2016-02-10 17:53 - 2015-08-11 03:13 - 00413184 _____ C:\Windows\system32\diagtrack_win.dll
2016-02-10 17:53 - 2015-08-11 03:11 - 00553472 _____ (Microsoft Corporation) C:\Windows\system32\GamePanel.exe
2016-02-10 17:53 - 2015-08-11 03:10 - 00293376 _____ C:\Windows\system32\TextInputFramework.dll
2016-02-10 17:53 - 2015-08-11 03:09 - 00032768 _____ (Microsoft Corporation) C:\Windows\system32\wuautoappupdate.dll
2016-02-10 17:53 - 2015-08-11 03:05 - 00078848 _____ (Microsoft Corporation) C:\Windows\system32\LocationFrameworkInternalPS.dll
2016-02-10 17:53 - 2015-08-11 03:00 - 00336384 _____ (Microsoft Corporation) C:\Windows\system32\SearchProtocolHost.exe
2016-02-10 17:53 - 2015-08-11 02:59 - 01106432 _____ (Microsoft Corporation) C:\Windows\system32\sysmain.dll
2016-02-10 17:53 - 2015-08-11 02:59 - 00642560 _____ (Microsoft Corporation) C:\Windows\system32\rdbui.dll
2016-02-10 17:53 - 2015-08-11 02:59 - 00123392 _____ (Microsoft Corporation) C:\Windows\system32\mssprxy.dll
2016-02-10 17:53 - 2015-08-11 02:51 - 01823232 _____ C:\Windows\SysWOW64\InputService.dll
2016-02-10 17:53 - 2015-08-11 02:50 - 00420352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GamePanel.exe
2016-02-10 17:53 - 2015-08-11 02:50 - 00200704 _____ C:\Windows\SysWOW64\TextInputFramework.dll
2016-02-10 17:53 - 2015-08-11 02:50 - 00131584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2016-02-10 17:53 - 2015-08-11 02:39 - 00280576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SearchProtocolHost.exe
2016-02-10 17:53 - 2015-08-11 02:38 - 00162304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ReInfo.dll
2016-02-10 17:00 - 2016-02-10 21:41 - 00000000 ____D C:\Users\Danelle\AppData\Local\Mozilla
2016-02-10 17:00 - 2016-02-10 17:00 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-10 16:56 - 2016-02-26 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Thunderbird
2016-02-10 16:56 - 2016-02-26 21:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-10 16:56 - 2016-02-10 17:00 - 00000000 ____D C:\Users\Danelle\AppData\Roaming\Mozilla
2016-02-10 16:56 - 2016-02-10 16:56 - 00001284 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Thunderbird.lnk
2016-02-10 16:56 - 2016-02-10 16:56 - 00000000 ____D C:\Users\Danelle\AppData\Roaming\Thunderbird
2016-02-10 16:56 - 2016-02-10 16:56 - 00000000 ____D C:\Users\Danelle\AppData\Local\Thunderbird
2016-02-10 16:55 - 2016-02-10 16:55 - 00242056 _____ C:\Users\Danelle\Downloads\Firefox Setup Stub 44.0.1.exe
2016-02-10 16:52 - 2016-02-29 12:17 - 00000000 ____D C:\ProgramData\SetupTPDriver
2016-02-10 16:46 - 2016-02-10 16:46 - 00000000 ____D C:\Users\Danelle\AppData\LocalLow\Temp
2016-02-10 16:45 - 2016-03-08 07:33 - 00000000 ____D C:\Users\Danelle\AppData\Local\Lavasoft
2016-02-10 16:45 - 2016-03-08 07:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-02-10 16:45 - 2016-03-08 07:33 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-02-10 16:45 - 2016-02-10 18:13 - 00002992 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2016-02-10 16:45 - 2016-02-10 18:13 - 00002992 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2016-02-10 16:45 - 2016-02-10 16:45 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2016-02-10 16:45 - 2016-02-10 16:45 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2016-02-10 16:45 - 2016-02-10 16:45 - 00000000 ____D C:\Users\Danelle\AppData\Roaming\Lavasoft
2016-02-10 16:45 - 2015-07-21 11:19 - 01084728 _____ (VoiceFive, Inc.) C:\Windows\system32\pmls64.dll
2016-02-10 16:45 - 2015-07-21 11:19 - 00733496 _____ (VoiceFive, Inc.) C:\Windows\SysWOW64\pmlsearch
2016-02-10 16:43 - 2016-03-08 07:33 - 00000000 ____D C:\ProgramData\Lavasoft
2016-02-10 16:42 - 2016-02-10 16:42 - 00000000 ____D C:\Users\Danelle\AppData\Roaming\Macromedia
2016-02-10 16:41 - 2016-02-10 16:41 - 00686584 _____ C:\Users\Danelle\Downloads\Mozilla-Thunderbird.exe
2016-02-10 16:39 - 2016-02-10 16:39 - 00000000 ___RD C:\Users\Danelle\3D Objects
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-08 16:45 - 2015-07-10 04:55 - 00000000 ____D C:\Windows\CbsTemp
2016-03-08 16:43 - 2015-10-28 21:38 - 00003544 _____ C:\Windows\System32\Tasks\ASUS Live Update1
2016-03-08 16:43 - 2015-10-28 21:38 - 00003534 _____ C:\Windows\System32\Tasks\ASUS Live Update2
2016-03-08 16:43 - 2015-08-18 02:36 - 00875126 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-08 16:43 - 2015-07-10 05:02 - 00000000 ____D C:\Windows\INF
2016-03-08 16:41 - 2015-10-28 22:28 - 00000165 _____ C:\Users\Danelle\AppData\Roaming\sp_data.sys
2016-03-08 16:41 - 2015-10-28 22:28 - 00000000 __SHD C:\Users\Danelle\IntelGraphicsProfiles
2016-03-08 16:41 - 2015-10-28 22:26 - 00000180 _____ C:\Windows\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-08 16:39 - 2015-07-10 06:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-08 16:38 - 2015-10-28 22:28 - 00000000 ____D C:\Users\Danelle
2016-03-08 16:38 - 2015-07-10 03:05 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-08 07:50 - 2015-07-10 05:04 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-08 07:50 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\AppReadiness
2016-03-07 11:45 - 2015-10-28 21:41 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-03-07 11:45 - 2015-07-10 03:05 - 00032768 ___SH C:\Windows\system32\config\ELAM
2016-03-07 10:48 - 2015-10-28 22:28 - 00000000 ____D C:\Users\Danelle\AppData\Local\Packages
2016-03-02 09:38 - 2015-08-21 12:31 - 00000000 ____D C:\Users\Danelle\Desktop\100RECNX
2016-02-29 13:13 - 2015-08-18 03:22 - 00000000 ____D C:\Windows\Panther
2016-02-29 13:11 - 2015-10-30 03:42 - 00000000 ___HD C:\$WINDOWS.~BT
2016-02-29 12:18 - 2015-10-28 21:33 - 00000000 ____D C:\Program Files\DIFX
2016-02-29 12:17 - 2015-08-18 02:37 - 00000000 ____D C:\Program Files (x86)\ASUS
2016-02-29 11:40 - 2015-07-10 05:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-26 21:45 - 2015-07-10 06:20 - 00350872 _____ C:\Windows\system32\FNTCACHE.DAT
2016-02-22 13:06 - 2015-10-28 21:52 - 00000000 ____D C:\ProgramData\CyberLink
2016-02-19 08:33 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\appcompat
2016-02-17 16:15 - 2015-10-28 22:28 - 00000000 ____D C:\Users\Danelle\AppData\Local\VirtualStore
2016-02-17 12:35 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\rescache
2016-02-17 08:42 - 2015-07-10 07:11 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-02-17 08:42 - 2015-07-10 07:11 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-02-17 08:42 - 2015-07-10 07:11 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-02-17 08:42 - 2015-07-10 07:11 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-02-17 08:42 - 2015-07-10 07:11 - 00000000 ____D C:\Windows\system32\winrm
2016-02-17 08:42 - 2015-07-10 07:11 - 00000000 ____D C:\Windows\system32\WCN
2016-02-17 08:42 - 2015-07-10 07:11 - 00000000 ____D C:\Windows\system32\slmgr
2016-02-17 08:42 - 2015-07-10 07:11 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-02-17 08:42 - 2015-07-10 05:04 - 00000000 ___SD C:\Windows\SysWOW64\F12
2016-02-17 08:42 - 2015-07-10 05:04 - 00000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2016-02-17 08:42 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-02-17 08:42 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-02-17 08:42 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\SysWOW64\Com
2016-02-17 08:42 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-02-17 08:42 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\system32\oobe
2016-02-17 08:42 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\system32\MUI
2016-02-17 08:42 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\system32\migwiz
2016-02-17 08:42 - 2015-07-10 03:05 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-02-17 08:42 - 2015-07-10 03:05 - 00000000 ____D C:\Windows\system32\Sysprep
2016-02-17 08:41 - 2015-07-10 07:14 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-17 08:41 - 2015-07-10 05:04 - 00000000 ___SD C:\Windows\system32\F12
2016-02-17 08:41 - 2015-07-10 05:04 - 00000000 ___SD C:\Windows\system32\dsc
2016-02-17 08:41 - 2015-07-10 05:04 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-02-17 08:41 - 2015-07-10 05:04 - 00000000 ___RD C:\Windows\MiracastView
2016-02-17 08:41 - 2015-07-10 05:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-02-17 08:41 - 2015-07-10 05:04 - 00000000 ___RD C:\Windows\DevicesFlow
2016-02-17 08:41 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\system32\Com
2016-02-17 08:41 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-02-17 08:41 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\IME
2016-02-17 08:41 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\Help
2016-02-17 08:41 - 2015-07-10 05:04 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-02-17 08:41 - 2015-07-10 05:04 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-17 08:41 - 2015-07-10 05:04 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-17 08:41 - 2015-07-10 05:04 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-02-17 08:41 - 2015-07-10 05:04 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-02-17 08:41 - 2015-07-10 03:05 - 00000000 ____D C:\Windows\system32\Dism
2016-02-17 08:41 - 2015-07-10 03:05 - 00000000 ____D C:\Windows\servicing
2016-02-12 09:37 - 2015-10-28 21:41 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-02-12 09:37 - 2015-07-10 05:04 - 00000000 ___HD C:\Windows\ELAMBKUP
2016-02-12 09:27 - 2015-10-28 21:41 - 00000000 ____D C:\ProgramData\McAfee
2016-02-11 21:14 - 2015-10-28 22:31 - 00002375 _____ C:\Users\Danelle\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-11 21:14 - 2015-10-28 22:31 - 00000000 ___RD C:\Users\Danelle\OneDrive
2016-02-10 18:34 - 2015-08-18 02:38 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2016-02-10 18:34 - 2015-08-18 02:37 - 00000000 ____D C:\ProgramData\WildTangent
2016-02-10 18:26 - 2015-10-28 22:36 - 00000000 ____D C:\Users\Danelle\AppData\Roaming\ASUS Flip
2016-02-10 18:15 - 2015-10-28 21:17 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-02-10 18:10 - 2015-07-10 05:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-02-10 18:10 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-02-10 18:10 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\system32\appraiser
2016-02-10 18:10 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\Provisioning
2016-02-10 18:10 - 2015-07-10 05:04 - 00000000 ____D C:\Windows\L2Schemas
2016-02-10 16:40 - 2015-10-28 22:34 - 00000000 ____D C:\Users\Danelle\AppData\Local\MicrosoftEdge
2016-02-10 16:39 - 2015-10-28 22:29 - 00000000 ____D C:\Users\Danelle\AppData\Roaming\DropboxOEM
 
==================== Files in the root of some directories =======
 
2015-10-28 22:28 - 2016-03-08 16:41 - 0000165 _____ () C:\Users\Danelle\AppData\Roaming\sp_data.sys
2015-10-28 21:31 - 2015-10-28 21:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-02 09:08
 
==================== End of FRST.txt ============================

 

 

 

 

********************ADDITION.TXT********************

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Danelle (2016-03-08 16:48:01)
Running from C:\Users\Danelle\Desktop
Windows 10 Home (X64) (2015-10-29 04:26:30)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2526677092-4190251304-3396366693-500 - Administrator - Disabled)
Danelle (S-1-5-21-2526677092-4190251304-3396366693-1001 - Administrator - Enabled) => C:\Users\Danelle
DefaultAccount (S-1-5-21-2526677092-4190251304-3396366693-503 - Limited - Disabled)
Guest (S-1-5-21-2526677092-4190251304-3396366693-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20059 - Adobe Systems Incorporated)
ASUS FlipLock (HKLM\...\{7C7F8DAC-8ADA-4B86-BCB6-48B6FFB673DD}) (Version: 1.0.10 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.3.4 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.12 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 3.11.0001 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 4.1.6 - ASUS)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0039 - ASUS)
CyberLink PhotoDirector 5 (HKLM-x32\...\InstallShield_{5A454EC5-217A-42a5-8CE1-2DDEC4E70E01}) (Version: 5.0.5.6515 - CyberLink Corp.)
CyberLink PhotoDirector 5 (Version: 5.0.5.6515 - CyberLink Corp.) Hidden
CyberLink PowerDirector 12 (HKLM-x32\...\InstallShield_{E1646825-D391-42A0-93AA-27FA810DA093}) (Version: 12.0.4010.0 - CyberLink Corp.)
CyberLink PowerDirector 12 (Version: 12.0.4010.0 - CyberLink Corp.) Hidden
Device Setup (HKLM-x32\...\{8D6B05E0-F457-408C-9D13-549334D8FAE1}) (Version: 2.0.2 - ASUSTek Computer Inc.)
Dropbox 25 GB (HKLM-x32\...\{597A58EC-42D6-4940-8739-FB94491B013C}) (Version: 1.0.8.0 - Dropbox, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.75 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Intel Collaborative Processor Performance Control (HKLM-x32\...\0E7DAF70-FB54-4B91-B192-7E771C25AEEB) (Version: 1.0.0.1018 - Intel Corporation)
Intel® Chipset Device Software (x32 Version: 10.1.1.7 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10602.174 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1159 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.15.4256 - Intel Corporation)
Intel® Serial IO (HKLM\...\{9FD91C5C-44AE-4D9D-85BE-AE52816B0294}) (Version: 1.1.253.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{4B230374-6475-4A73-BA6E-41015E9C5013}) (Version: 1.0.0.532 - Intel Corporation)
Maxx Audio Installer (x64) (Version: 1.6.5230.111 - Waves Audio Ltd.) Hidden
McAfee LiveSafe – Internet Security (HKLM-x32\...\MSC) (Version: 14.0.7080 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.173 - McAfee, Inc.)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4797.1003 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Mozilla Thunderbird 38.5.0 (x86 en-US) (HKLM-x32\...\Mozilla Thunderbird 38.5.0 (x86 en-US)) (Version: 38.5.0 - Mozilla)
Mozilla Thunderbird 38.6.0 (x86 en-US) (HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\Mozilla Thunderbird 38.6.0 (x86 en-US)) (Version: 38.6.0 - Mozilla)
NetStream 1.0 (HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\NetStream 1.0) (Version:  - )
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4797.1003 - Microsoft Corporation) Hidden
PremierOpinion (HKLM-x32\...\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}) (Version: 1.3.337.354 - VoiceFive, Inc.) <==== ATTENTION
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 10.0.1.2 - Qualcomm Atheros)
Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10125.31214 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 10.2.703.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7571 - Realtek Semiconductor Corp.)
WebStorage (HKLM-x32\...\WebStorage) (Version: 2.2.2.524 - ASUS Cloud Corporation)
Windows Driver Package - ASUS (ATP) Mouse  (11/11/2015 1.0.0.262) (HKLM\...\A044C5901003C24E6891688653ABA1068D04A1A0) (Version: 11/11/2015 1.0.0.262 - ASUS)
Windows Driver Package - Kionix, Inc. (kxspb) Sensor I/O devices  (07/02/2015 1.2.8.2) (HKLM\...\02038F383D2F136F8ACF0B06C3A2AEF14F0CC66F) (Version: 07/02/2015 1.2.8.2 - Kionix, Inc.)
Windows Driver Package - Kionix, Inc. (WUDFRd) Sensor  (07/03/2015 1.0.27.4) (HKLM\...\55432BC60BE38A1B161A455D9C76E9CB20D05D95) (Version: 07/03/2015 1.0.27.4 - Kionix, Inc.)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 3.0.1 - ASUS)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2526677092-4190251304-3396366693-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Danelle\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {077A4253-8F9E-42EB-A70A-E6BD6DF1B94A} - System32\Tasks\ASUS Live Update1 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {1F747313-F519-4A08-8C20-155A20CD89DE} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2015-05-25] (ASUSTek Computer Inc.)
Task: {25E715FC-B42C-477D-80CB-FC32189478C7} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-02-10] (Microsoft Corporation)
Task: {2CB33324-C404-42FC-B226-4F9866FEA49D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-02-29] (Microsoft Corporation)
Task: {34514D49-B19B-4730-A37C-977B9EC99DBB} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {3F70215F-2FCA-446E-857C-7E69CE375070} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)
Task: {4233DA5C-1224-4951-8D7B-5077D338E1B3} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-01-12] (Microsoft Corporation)
Task: {43904AFC-7919-4FA5-9C50-F9BDF4C8CB13} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\platform\McUICnt.exe [2016-01-03] (McAfee, Inc.)
Task: {4A09CA82-5EDB-4704-98A5-0A28882013A7} - System32\Tasks\ATK Package 36D18D69AFC3 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {536B73C3-C0B7-4BBF-819B-265BB859562B} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe [2015-12-14] (AsusTek)
Task: {5917530C-EA13-4B8B-A6C7-7D103E506A08} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {5923E2FE-882F-4E08-B26A-E5E085E63576} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {65850139-C4B6-422D-8F7F-C025B0D10053} - System32\Tasks\ATK Package A22126881260 => C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\SimAppExec.exe [2015-03-10] (ASUSTek Computer Inc.)
Task: {674DE2B8-3DF6-40FC-A861-233598B0BF9B} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2015-05-29] ()
Task: {7A90B96F-4440-42B0-86C3-0C1DCF734E5A} - \ASUS Patch for Touch Panel -> No File <==== ATTENTION
Task: {8811E0B8-0F73-45DA-B8E1-B7A7362A6B9E} - System32\Tasks\ASUS Splendid ACMON => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [2015-06-09] (ASUS)
Task: {A4C1A996-5130-4EA2-9C01-A1BDE8D538A7} - System32\Tasks\Update Checker => C:\Program Files (x86)\ASUS\ASUS Live Update\UpdateChecker.exe [2015-02-12] ()
Task: {A50BDC2E-C7D0-4B57-A690-0F1CB7531ADA} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-17] (Google Inc.)
Task: {AD7ADBE0-EC84-490F-BBB9-9A7C71BD6A30} - System32\Tasks\RtHDVBg_ListenToDevice => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor)
Task: {B24919A2-960B-4272-8BC5-8C1A321F8622} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2016-02-29] (Microsoft Corporation)
Task: {CA39BF1B-A596-45C2-A6E6-CCA1B6048FE3} - System32\Tasks\ASUS Live Update2 => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2015-03-23] (ASUSTeK Computer Inc.)
Task: {D37B7598-5DD5-4577-BD66-F9AC8C7798EF} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-02-12] (McAfee, Inc.)
Task: {DA277659-CB70-49EE-93E0-E57FC3082CCA} - System32\Tasks\Microsoft Office 15 Sync Maintenance for DESKTOP-3TQLJAO-Danelle DESKTOP-3TQLJAO => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2016-02-29] (Microsoft Corporation)
Task: {E3743588-7A16-4C43-8C71-1C01151FD07B} - System32\Tasks\ASUS\ASUS Product Register Service => C:\Program Files (x86)\ASUS\APRP\aprp.exe [2015-05-14] (ASUSTek Computer Inc.)
Task: {E8326570-D32B-47A1-AC27-0CB8B0D2E783} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2016-02-29] (Microsoft Corporation)
Task: {EF8CD4D1-3A42-4374-AA57-C2AE7D025EE7} - System32\Tasks\{74CB11D1-F4A1-684D-5811-8F6AD8FAB348} => C:\Windows\system32\regsvr32.exe [2015-07-10] (Microsoft Corporation)
Task: {F3843CB5-03A0-4D87-9331-E36268C21CDF} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-07-29] (Realtek Semiconductor)
Task: {F721514F-B345-42ED-BE62-8A6859FE9044} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-02-17] (Google Inc.)
Task: {F83D35F6-A91B-46F2-90CB-8FDAED66BAC9} - System32\Tasks\RtHDVBg => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2015-07-29] (Realtek Semiconductor)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-08-18 02:34 - 2015-07-14 20:04 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-07-10 05:00 - 2015-07-10 05:00 - 00009216 _____ () C:\Windows\System32\WppRecorderUM.dll
2016-02-10 17:53 - 2015-08-11 03:14 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-05-19 10:11 - 2015-05-19 10:11 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2015-10-28 21:53 - 2014-04-14 19:59 - 00389896 _____ () C:\Program Files\CyberLink\Shared files\RichVideo64.exe
2016-02-17 16:14 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-07-16 22:04 - 2015-07-16 22:04 - 00025880 _____ () C:\Program Files\ASUS\ASUS FlipLock\FlipController.exe
2016-02-10 17:54 - 2015-09-17 00:48 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll
2016-02-10 17:54 - 2015-09-17 00:48 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll
2016-02-29 11:34 - 2016-02-29 11:34 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-08-19 05:19 - 2015-07-29 21:13 - 00405432 _____ () C:\Windows\system32\igfxTray.exe
2016-02-10 17:53 - 2015-09-16 23:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-02-10 17:55 - 2015-11-24 22:20 - 06569472 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-02-10 17:55 - 2015-11-24 22:17 - 00471040 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-10 17:55 - 2015-11-24 22:17 - 01808384 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-10 17:55 - 2015-09-16 23:43 - 02274816 _____ () C:\windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-05-31 10:15 - 2015-05-31 10:15 - 00063272 _____ () C:\Program Files (x86)\ASUS\WebStorage\2.2.2.524\ASUSWSLoader.exe
2015-07-16 22:04 - 2015-07-16 22:04 - 00009216 _____ () C:\Program Files\ASUS\ASUS FlipLock\WMIProc.dll
2015-06-09 21:25 - 2015-06-09 21:25 - 00035376 _____ () C:\Program Files (x86)\ASUS\Splendid\DetectDisplayDC.dll
2015-06-09 21:25 - 2015-06-09 21:25 - 00124928 _____ () C:\Program Files (x86)\ASUS\Splendid\CCTAdjust.dll
2016-03-07 09:18 - 2016-03-01 22:47 - 01675928 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\libglesv2.dll
2016-03-07 09:18 - 2016-03-01 22:47 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.75\libegl.dll
2015-07-22 01:18 - 2015-07-22 01:18 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2013-04-27 11:24 - 2013-04-27 11:24 - 00071680 _____ () C:\Program Files (x86)\ASUS\ASUS Live Update\checkmetro.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\webcompanion.com -> hxxp://webcompanion.com
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-07-10 05:04 - 2015-07-10 05:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Danelle\Desktop\LREC-PC\Documents\moon background.jpg
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\StartupApproved\Run: => "Web Companion"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{E81F0872-2563-4E3C-ACB1-D9E6D35C7F2B}] => (Allow) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
FirewallRules: [{815C1D35-480E-4C41-A5A4-E298FC18F239}] => (Allow) C:\Program Files\CyberLink\PowerDirector12\PDR10.EXE
FirewallRules: [{D021ABF1-A0EC-485F-A0DE-F4E02960BE1A}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{51AF3F26-202D-48A3-92B9-4D333BD9886D}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7ED21F95-C34A-4D79-AC23-730A4234E28C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{DC1D8173-9C58-4796-B1C3-BAEE22129550}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{2D724CC4-0A37-438D-B22A-CCB1DF04DEEE}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7B226280-EDBA-4FBC-96D9-598FC3DAB396}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{F48AB856-FA21-4E71-A1B4-113C9D838749}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{7ABD2855-CB57-44A0-B4EA-63F1AEE0C662}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{49E06CC3-2342-4A59-8642-9BFD3E59C1B5}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{38201CD8-EFA4-4C30-8017-A23602AEDF8C}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{4A0D9769-8DC8-4C53-AF46-EDBEDE1B72E2}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{E210102D-8976-45AF-9976-3A7037CD68CD}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{DA09E1A7-BACD-48A3-8D50-CD1728DAF965}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
 
==================== Restore Points =========================
 
17-02-2016 08:28:46 Windows Modules Installer
29-02-2016 12:16:52 Windows Update
08-03-2016 07:20:27 zoek.exe restore point
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (03/08/2016 04:36:47 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
 
DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (03/08/2016 11:07:05 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
 
DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (03/08/2016 07:20:32 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.
 
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.
 
System Error:
Access is denied.
.
 
Error: (03/08/2016 07:13:38 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 49.0.2623.75 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: fcc
 
Start Time: 01d1793be5ffd8f7
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 915e8399-e52f-11e5-9bd8-80a58931ee08
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/08/2016 07:10:32 AM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program chrome.exe version 49.0.2623.75 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.
 
Process ID: 784
 
Start Time: 01d1793a9f336379
 
Termination Time: 4294967295
 
Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
Report Id: 2198492c-e52f-11e5-9bd8-80a58931ee08
 
Faulting package full name: 
 
Faulting package-relative application ID:
 
Error: (03/08/2016 06:59:34 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
 
DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (03/08/2016 03:44:28 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
 
DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (03/08/2016 03:05:19 AM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
 
DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (03/07/2016 11:50:12 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
 
DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
Error: (03/07/2016 07:34:32 PM) (Source: DPTF) (EventID: 256) (User: )
Description: Intel® Dynamic Platform and Thermal Framework : ESIF(8.1.10602.174) TYPE: ERROR
 
DPTF Build Version:  8.1.10602.174
DPTF Build Date:  Jul 23 2015 11:24:10
Source File:  ..\..\..\Sources\Manager\EsifApplicationInterface.cpp @ line 737
Executing Function:  DptfEvent
Message:  Received unexpected event
Framework Event:  DptfResume [3]
 
 
System errors:
=============
Error: (03/08/2016 04:46:22 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Interactive Services Detection service terminated with the following error: 
%%1
 
Error: (03/08/2016 04:38:14 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session1 service to connect.
 
Error: (03/08/2016 04:38:04 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (03/08/2016 07:33:24 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/08/2016 07:33:24 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/08/2016 07:33:24 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/08/2016 07:33:23 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/08/2016 07:33:23 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/08/2016 07:33:23 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
Error: (03/08/2016 07:33:22 AM) (Source: Service Control Manager) (EventID: 7030) (User: )
Description: The PEVSystemStart service is marked as an interactive service.  However, the system is configured to not allow interactive services.  This service may not function properly.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-5500U CPU @ 2.40GHz
Percentage of memory in use: 27%
Total physical RAM: 8095.11 MB
Available physical RAM: 5888.39 MB
Total Virtual: 9375.11 MB
Available Virtual: 7144.04 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:371.85 GB) (Free:300.83 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (DATA) (Fixed) (Total:558.91 GB) (Free:558.74 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 931.5 GB) (Disk ID: 349C52B9)
 
Partition: GPT.
 
==================== End of Addition.txt ============================


#4 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 09 March 2016 - 05:10 AM

Hi lrec,

McAfee Firewall (Enabled)
Windows Firewall is enabled.

Multiple Firewall Programs installed!

I do not recommend that you have more than one anti-virus product installed and running on your computer at a time.

It can also lead to a clash as both products fight for access to files which are opened again this is the resident/automatic protection. In general terms, the two programs may conflict and cause.  Firewall programs take up an enormous amount of your computer's resources when they are actively scanning your computer.  Having two     Firewall programs running at the same time can cause your computer to run very slow, become unstable and even, in rare cases, crash.

 

My suggestion to you;

Use Microsoft software. Remove the McAfee software. This is just a suggestion.
If you want to remove;

 

Download and run the McAfee Consumer Product Removal (MCPR) tool:

  1. Download the MCPR tool from http://us.mcafee.com/apps/supporttools/mcpr/mcpr.asp and save it to a temporary folder on your computer.
     
    IMPORTANT: Because the MCPR tool is updated periodically, always download a new copy before each use.
      
  2. Navigate to the folder where you saved the file, and Run McAfee Removal Tool -->> MCPR.exe . (if you have Windows Vista / Windows 7 / Windows 8: Please do a Right click on the MCPR.exe and select Run as Administrator)
     
  3. If you see a User Account Control dialog box, click Yes.
  4. At the McAfee Software Removal screen, click Next.
  5. At the End User License Agreement (EULA) dialog box, click Next to accept the agreement.
  6. When prompted, type the Captcha information exactly as seen (it is case-sensitive) and then click Next.

Please restart PC now.

 

How is  now ? McAfee check now.

========================================================================================
Please uninstall the following via Start->(or My Computer)->Control Panel->(Programs)->Programs and Features if it still exists:
webcompanion
PremierOpinion
C:\Program Files (x86)\Lavasoft

===========================================

Scan with Zemana AntiMalware Free:

  • Turn off the real time scanner of any existing antivirus and firewall programs while performing scan
  • Please download and install Zemana AntiMalware Free
  • Double-click software shortcut on the desktop and follow the prompts to install the program .
  • If an update is available, click the Update now button.
  • At the end Click Settings > Advanced > ''I have read the warning an wish to proceed anyway'' Click
  • Auto Launch > Untick the box next
  • Scan type > Smart scan (Default)
  • Close all open files, folders and browsers
  • Click scan now ''Run as Administrator'' and a threat Scan will begin.
  • When the scan is complete, Press report and send me report.
  • Please PC restart now.

================================================================

Frst Fixlist run:

Copy the below code to Notepad; Save As fixlist.txt to your Desktop.

start
Task: {7A90B96F-4440-42B0-86C3-0C1DCF734E5A} - \ASUS Patch for Touch Panel -> No File <==== ATTENTION
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\StartupApproved\Run\Web Companion
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\StartupApproved\Run\"Web Companion"
FirewallRules: [{38201CD8-EFA4-4C30-8017-A23602AEDF8C}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{4A0D9769-8DC8-4C53-AF46-EDBEDE1B72E2}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{E210102D-8976-45AF-9976-3A7037CD68CD}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{DA09E1A7-BACD-48A3-8D50-CD1728DAF965}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
C:\Windows\Temp\DPTF\esif_assist_64.exe
C:\Windows\Temp\DPTF
C:\Windows\Temp
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF ProfilePath: C:\Users\Danelle\AppData\Roaming\Mozilla\Firefox\Profiles\yeuo479n.default
FF NewTab: about:newtab
FF Homepage: about:home
FF SearchPlugin: C:\Users\Danelle\AppData\Roaming\Mozilla\Firefox\Profiles\yeuo479n.default\searchplugins\McSiteAdvisor.xml [2016-03-07]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2016-03-03 22:17 - 2016-03-03 22:17 - 00000000 ____D C:\ProgramData\6a8f1158-2bd1-0
2016-03-03 22:12 - 2016-03-03 22:12 - 00000000 ____D C:\ProgramData\709d0637
2016-03-03 22:12 - 2016-03-03 22:12 - 00000000 ____D C:\ProgramData\6a8f1158-1ab1-0
2016-03-03 22:12 - 2016-03-03 22:12 - 00000000 ____D C:\ProgramData\{0348f79b-412c-0}
2016-03-03 22:12 - 2016-03-03 22:12 - 00000000 ____D C:\ProgramData\{022192c2-512c-1}
2016-02-10 18:34 - 2016-02-10 18:34 - 00000000 ____D C:\Users\Danelle\AppData\Roaming\WildTangent
2016-02-10 16:45 - 2016-03-08 07:33 - 00000000 ____D C:\Users\Danelle\AppData\Local\Lavasoft
2016-02-10 16:45 - 2016-03-08 07:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-02-10 16:45 - 2016-03-08 07:33 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-02-10 16:45 - 2016-02-10 18:13 - 00002992 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2016-02-10 16:45 - 2016-02-10 18:13 - 00002992 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2016-02-10 16:45 - 2016-02-10 16:45 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2016-02-10 16:45 - 2016-02-10 16:45 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2016-02-10 16:45 - 2016-02-10 16:45 - 00000000 ____D C:\Users\Danelle\AppData\Roaming\Lavasoft
2016-02-10 16:43 - 2016-03-08 07:33 - 00000000 ____D C:\ProgramData\Lavasoft
2016-03-08 16:41 - 2015-10-28 22:28 - 00000165 _____ C:\Users\Danelle\AppData\Roaming\sp_data.sys
2016-02-10 18:26 - 2015-10-28 22:36 - 00000000 ____D C:\Users\Danelle\AppData\Roaming\ASUS Flip
2015-10-28 22:28 - 2016-03-08 16:41 - 0000165 _____ () C:\Users\Danelle\AppData\Roaming\sp_data.sys
2015-10-28 21:31 - 2015-10-28 21:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Hosts:
Emptytemp:
end

Close Notepad.

NOTE: It's important that both files, FRST64 and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST64 and press the Fix button just once and wait.

If the tool needed a restart please make sure you let the system to restart normally and let the tool complete its run after restart.

The tool will make a log on the Desktop (Fixlog.txt). Attach it to your reply.

Note: If the tool warns you about an outdated version please download and run the updated version.

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#5 lrec

lrec
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 09 March 2016 - 01:41 PM

I could not find this: 

webcompanion
 

This is still listed under Apps & features and I clicked Uninstall, but nothing happened. Suggestions?

PremierOpinion

 

This folder is still there, but is empty (size 0 bytes, contains 0 files, 0 folders).  Should I delete it?
C:\Program Files (x86)\Lavasoft

 

I will download the other files and wait on the next step until I hear from you.

Thanks!



#6 lrec

lrec
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 09 March 2016 - 05:23 PM

I went on ahead....

 

 

 

Zemana AntiMalware 2.19.2.904 (Installed)

------------------------------

-------------------------
Scan Result            : Completed
Scan Date              : 2016/3/9
Operating System       : Windows 10 64-bit
Processor              : 4X Intel® Core™ i7-5500U CPU @ 2.40GHz
BIOS Mode              : UEFI
CUID                   : 007EB3E565E97A45F35541
Scan Type              : Smart Scan
Duration               : 5m 0s
Scanned Objects        : 26254
Detected Objects       : 3
Excluded Objects       : 0
Read Level             : SCSI
Auto Upload            : Yes
Include All Extensions : No
Scan Documents         : No
Domain Info            : WORKGROUP,0,2

Detected Objects
-------------------------------------------------------

Wi-Fi
Status             : Scanned
Object             : Wi-Fi 82.163.142.7
MD5                : -
Publisher          : -
Size               : -
Version            : -
Detection          : DNS Hijack
Cleaning Action    : Repair
Traces             :
                DNS Server - Wi-Fi : 82.163.142.7

Mozilla-Thunderbird.exe
Status             : Scanned
Object             : %userprofile%\downloads\mozilla-thunderbird.exe
MD5                : D68A0A9F826517C889399B6276576690
Publisher          : Sivently SRL
Size               : 686584
Version            : 17.32.76.5940
Detection          : Adware:Win32/BulkHeur2.c9f91d!Ep
Cleaning Action    : Quarantine
Traces             :
                File - %userprofile%\downloads\mozilla-thunderbird.exe

6c7dcd3b.dll
Status             : Scanned
Object             : %programdata%\709d0637\6c7dcd3b.dll
MD5                : 71A31FA76596E96D77F494147454B98F
Publisher          : -
Size               : 482304
Version            : -
Detection          : Malware:Win32/Tazzi.A!Reak
Cleaning Action    : Quarantine
Traces             :
                File - %programdata%\709d0637\6c7dcd3b.dll
                Scheduled Task - C:\Windows\System32\Tasks\{74CB11D1-F4A1-684D-5811-8F6AD8FAB348}


Cleaning Result
-------------------------------------------------------
Cleaned               : 3
Reported as safe      : 0
Failed                : 0
 
 
 
 
 
Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Danelle (2016-03-09 16:11:03) Run:1
Running from C:\Users\Danelle\Desktop
Loaded Profiles: Danelle (Available Profiles: Danelle)
Boot Mode: Normal
==============================
================

fixlist content:
*****************
start
Task: {7A90B96F-4440-42B0-86C3-0C1DCF734E5A} - \ASUS Patch for Touch Panel -> No File <==== ATTENTION
IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\webcompanion.com -> hxxp://webcompanion.com
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\StartupApproved\Run: => "Web Companion"
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\StartupApproved\Run\Web Companion
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\StartupApproved\Run\"Web Companion"
FirewallRules: [{38201CD8-EFA4-4C30-8017-A23602AEDF8C}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{4A0D9769-8DC8-4C53-AF46-EDBEDE1B72E2}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{E210102D-8976-45AF-9976-3A7037CD68CD}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
FirewallRules: [{DA09E1A7-BACD-48A3-8D50-CD1728DAF965}] => (Allow) C:\Program Files (x86)\PremierOpinion\pmropn.exe
C:\Windows\Temp\DPTF\esif_assist_64.exe
C:\Windows\Temp\DPTF
C:\Windows\Temp
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe --minimize
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://asus15.msn.com/?pc=ASTE
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
FF ProfilePath: C:\Users\Danelle\AppData\Roaming\Mozilla\Firefox\Profiles\yeuo479n.default
FF NewTab: about:newtab
FF Homepage: about:home
FF SearchPlugin: C:\Users\Danelle\AppData\Roaming\Mozilla\Firefox\Profiles\yeuo479n.default\searchplugins\McSiteAdvisor.xml [2016-03-07]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
2016-03-03 22:17 - 2016-03-03 22:17 - 00000000 ____D C:\ProgramData\6a8f1158-2bd1-0
2016-03-03 22:12 - 2016-03-03 22:12 - 00000000 ____D C:\ProgramData\709d0637
2016-03-03 22:12 - 2016-03-03 22:12 - 00000000 ____D C:\ProgramData\6a8f1158-1ab1-0
2016-03-03 22:12 - 2016-03-03 22:12 - 00000000 ____D C:\ProgramData\{0348f79b-412c-0}
2016-03-03 22:12 - 2016-03-03 22:12 - 00000000 ____D C:\ProgramData\{022192c2-512c-1}
2016-02-10 18:34 - 2016-02-10 18:34 - 00000000 ____D C:\Users\Danelle\AppData\Roaming\WildTangent
2016-02-10 16:45 - 2016-03-08 07:33 - 00000000 ____D C:\Users\Danelle\AppData\Local\Lavasoft
2016-02-10 16:45 - 2016-03-08 07:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2016-02-10 16:45 - 2016-03-08 07:33 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2016-02-10 16:45 - 2016-02-10 18:13 - 00002992 _____ C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini
2016-02-10 16:45 - 2016-02-10 18:13 - 00002992 _____ C:\Windows\system32\LavasoftTcpServiceOff.ini
2016-02-10 16:45 - 2016-02-10 16:45 - 00425744 _____ (Lavasoft Limited) C:\Windows\system32\LavasoftTcpService64.dll
2016-02-10 16:45 - 2016-02-10 16:45 - 00345360 _____ (Lavasoft Limited) C:\Windows\SysWOW64\LavasoftTcpService.dll
2016-02-10 16:45 - 2016-02-10 16:45 - 00000000 ____D C:\Users\Danelle\AppData\Roaming\Lavasoft
2016-02-10 16:43 - 2016-03-08 07:33 - 00000000 ____D C:\ProgramData\Lavasoft
2016-03-08 16:41 - 2015-10-28 22:28 - 00000165 _____ C:\Users\Danelle\AppData\Roaming\sp_data.sys
2016-02-10 18:26 - 2015-10-28 22:36 - 00000000 ____D C:\Users\Danelle\AppData\Roaming\ASUS Flip
2015-10-28 22:28 - 2016-03-08 16:41 - 0000165 _____ () C:\Users\Danelle\AppData\Roaming\sp_data.sys
2015-10-28 21:31 - 2015-10-28 21:31 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
Hosts:
Emptytemp:
end
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7A90B96F-4440-42B0-86C3-0C1DCF734E5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7A90B96F-4440-42B0-86C3-0C1DCF734E5A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\ASUS Patch for Touch Panel" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => key removed successfully
"HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully
"HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\localhost" => key removed successfully
"HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\webcompanion.com" => key removed successfully
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\Software\Microsoft\Windows\CurrentVersion\Run\\HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\StartupApproved\Run: => "Web Companion" => value not found.
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\StartupApproved\Run\Web Companion => Error: No automatic fix found for this entry.
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\...\StartupApproved\Run\"Web Companion" => Error: No automatic fix found for this entry.
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{38201CD8-EFA4-4C30-8017-A23602AEDF8C} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{4A0D9769-8DC8-4C53-AF46-EDBEDE1B72E2} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E210102D-8976-45AF-9976-3A7037CD68CD} => value removed successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{DA09E1A7-BACD-48A3-8D50-CD1728DAF965} => value removed successfully
C:\Windows\Temp\DPTF\esif_assist_64.exe => moved successfully

"C:\Windows\Temp\DPTF" folder move:

Could not move "C:\Windows\Temp\DPTF" => Scheduled to move on reboot.


"C:\Windows\Temp" folder move:

Could not move "C:\Windows\Temp" => Scheduled to move on reboot.

HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\Software\Microsoft\Windows\CurrentVersion\Run\\Web Companion => value removed successfully
HKU\S-1-5-21-2526677092-4190251304-3396366693-1001\Software\Microsoft\Internet Explorer\Main\\Default_Page_URL => value restored successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
FF ProfilePath: C:\Users\Danelle\AppData\Roaming\Mozilla\Firefox\Profiles\yeuo479n.default => FRST is scripted not to move this directory.
Firefox "newtab" removed successfully
Firefox "homepage" removed successfully
C:\Users\Danelle\AppData\Roaming\Mozilla\Firefox\Profiles\yeuo479n.default\searchplugins\McSiteAdvisor.xml => moved successfully
wfpcapture => service removed successfully
C:\ProgramData\6a8f1158-2bd1-0 => moved successfully
C:\ProgramData\709d0637 => moved successfully
C:\ProgramData\6a8f1158-1ab1-0 => moved successfully
C:\ProgramData\{0348f79b-412c-0} => moved successfully
C:\ProgramData\{022192c2-512c-1} => moved successfully
C:\Users\Danelle\AppData\Roaming\WildTangent => moved successfully
C:\Users\Danelle\AppData\Local\Lavasoft => moved successfully
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft => moved successfully
C:\Program Files (x86)\Lavasoft => moved successfully
C:\Windows\SysWOW64\LavasoftTcpServiceOff.ini => moved successfully
C:\Windows\system32\LavasoftTcpServiceOff.ini => moved successfully
C:\Windows\system32\LavasoftTcpService64.dll => moved successfully
C:\Windows\SysWOW64\LavasoftTcpService.dll => moved successfully
C:\Users\Danelle\AppData\Roaming\Lavasoft => moved successfully
C:\ProgramData\Lavasoft => moved successfully
C:\Users\Danelle\AppData\Roaming\sp_data.sys => moved successfully
C:\Users\Danelle\AppData\Roaming\ASUS Flip => moved successfully
"C:\Users\Danelle\AppData\Roaming\sp_data.sys" => not found.
C:\ProgramData\DP45977C.lfl => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.
EmptyTemp: => 320.6 MB temporary data Removed.

Result of scheduled files to move (Boot Mode: Normal) (Date&Time: 2016-03-09 16:21:55)

"C:\Windows\Temp\DPTF" => Could not move
"C:\Windows\Temp" => Could not move

==== End of Fixlog 16:22:00 ====


#7 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 10 March 2016 - 02:07 PM

Hi there,

C:\Program Files (x86)\Lavasoft

You can delete.
Others is not important a problem. we could delete them

==============================================================

Please do the following:

 

Internet Explorer 9, 10 and 11 (Win) - Clearing Cache and Cookies
https://kb.wisc.edu/page.php?id=15141
Next >>
How to reset Internet Explorer settings
https://support.microsoft.com/en-us/kb/923737

 

Firefox:
Reset Default Browsing settings:
https://support.mozilla.org/en-US/kb/reset-firefox-easily-fix-problems?utm_expid=65912487-41.djHNRQY0RhaLvvtvcd0BQA.2&utm_referrer=https%3A%2F%2Fwww.google.ca%2F

Clean the Firefox Cache.
https://kb.wisc.edu/page.php?id=15141

 

For Chrome:
Delete your cache, history, and other browser data
https://support.google.com/chrome/answer/95582?hl=en
Next >>
Reset Chrome browser settings

https://support.google.com/chrome/answer/3296214?hl=en

 

================================================================================

Step 1:
 Scan with Malwarebytes Antimalware:

Please download Malwarebytes Anti-Malware to your desktop.

  • Double-click the downloaded setup file and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.

If the program is already installed:

  • Run Malwarebytes Antimalware
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the scan log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply

Step 2:

ComboFix run:

Please be sure to run our tools with administrator rights.

* IMPORTAN: 1   Place ComboFix.exe on your Desktop

* IMPORTAN: 2   Ensure your external and/or USB drives are inserted during the scan

Next, download ComboFix Save to the Desktop

  • Disable all antivirus and antispyware programs. Get help here
  • Now, close all open windows
  • Double-click combofix.exe to run the program
  • Follow the prompts.
  • If the option is offered, it is in your best interest to allow the download and install of the Recovery Console when prompted.
  • When told that the RC is installed correctly, press YES to continue scanning for malware.
  • ComboFix will run. Please don't click on the window while the program is running, it may cause your system to stall.
  • CF may reboot the computer and resume running when it restarts.
  • When finished, a log, ComboFix.txt, is produced.

Please provide the contents of the ComboFix report in your reply.

 

Have a nice day.
:hello:


Edited by olgun52, 10 March 2016 - 02:09 PM.

Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#8 lrec

lrec
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 10 March 2016 - 07:31 PM

I took care of the cache and browser history for all browsers.

I attached the MBAM file below.

I tried to run ComboFix, but the .exe provided does not support Windows 10.

 

Thanks!

 

*********************************************************************************************

 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/10/2016
Scan Time: 5:43 PM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.10.07
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Danelle
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 337534
Time Elapsed: 13 min, 47 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 18
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\CLSID\{117270FA-48AC-45BB-9171-B63D1B42A910}, Quarantined, [df4011756633da5c093aa720bf43ef11], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, Quarantined, [df4011756633da5c093aa720bf43ef11], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, Quarantined, [df4011756633da5c093aa720bf43ef11], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, Quarantined, [df4011756633da5c093aa720bf43ef11], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\INTERFACE\{EAC7DE5C-9520-435D-91AA-4A02E4773CEA}, Quarantined, [df4011756633da5c093aa720bf43ef11], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, Quarantined, [df4011756633da5c093aa720bf43ef11], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\TYPELIB\{B0660298-91AA-421F-BF0D-BFF6BB8BF3AE}, Quarantined, [df4011756633da5c093aa720bf43ef11], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\dream.capture.1, Quarantined, [df4011756633da5c093aa720bf43ef11], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\dream.capture, Quarantined, [df4011756633da5c093aa720bf43ef11], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\dream.capture, Quarantined, [df4011756633da5c093aa720bf43ef11], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\dream.capture, Quarantined, [df4011756633da5c093aa720bf43ef11], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\WOW6432NODE\CLASSES\dream.capture.1, Quarantined, [df4011756633da5c093aa720bf43ef11], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\dream.capture.1, Quarantined, [df4011756633da5c093aa720bf43ef11], 
PUP.Optional.Amonetize, HKLM\SOFTWARE\CLASSES\WOW6432NODE\CLSID\{117270FA-48AC-45BB-9171-B63D1B42A910}, Quarantined, [df4011756633da5c093aa720bf43ef11], 
Adware.PremierOpinion, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{eeb86aef-4a5d-4b75-9d74-f16d438fc286}, Quarantined, [958a790d1782c76fbc715c4a7f83e917], 
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExd, Quarantined, [e23def97e7b26fc7b06729c82cd78080], 
PUP.Optional.AmiUpdater, HKLM\SOFTWARE\MICROSOFT\WINDOWS NT\CURRENTVERSION\SCHEDULE\TASKCACHE\TREE\amiupdaterExi, Quarantined, [70af6d190f8a999d65b2b23fc14220e0], 
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{709D0637}, Quarantined, [de412264ff9afd3947481b67ef15f808], 
 
Registry Values: 3
PUP.Optional.DNSUnlocker.EncJob, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\UNINSTALL\{709d0637}|1, 1457064755, Quarantined, [de412264ff9afd3947481b67ef15f808]
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{4266a5b7-1bbc-4dd3-94e8-68df56d26ad5}|NameServer, 82.163.142.7 95.211.158.134, Quarantined, [28f726605c3d57df4c814632798bca36]
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS\INTERFACES\{d2469aea-0473-4fa1-83ce-f49dbb0d94cd}|NameServer, 82.163.142.7 95.211.158.134, Quarantined, [2ff0e99d8e0b61d52e9f83f5cb399967]
 
Registry Data: 1
Trojan.DNSChanger.DNSRst, HKLM\SYSTEM\CURRENTCONTROLSET\SERVICES\TCPIP\PARAMETERS|NameServer, 82.163.142.7 95.211.158.134, Good: (8.8.8.8), Bad: (82.163.142.7 95.211.158.134),Replaced,[54cbe0a6c4d5211513af9f73b84d47b9]
 
Folders: 2
PUP.Optional.Amonetize, C:\ProgramData\6a8f1158-3585-0, Quarantined, [35ea3c4a6435fd399ea8cb44847ff709], 
PUP.Optional.Amonetize, C:\ProgramData\6a8f1158-59d1-1, Quarantined, [ae7152341584082e66e0759a689bd927], 
 
Files: 2
Adware.PremierOpinion, C:\Windows\System32\pmls64.dll, Quarantined, [28f74a3cdfba59dd4a67ace3ed13a25e], 
Adware.PremierOpinion, C:\Windows\SysWOW64\pmlsearch, Quarantined, [5cc39de98019c86e9e13a9e64cb4c739], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#9 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 11 March 2016 - 02:11 PM

I tried to run ComboFix, but the .exe provided does not support Windows 10.

Ahh. I am sorry. I am sorry

 

=============================

Step 1:

  • Download and extract Malwarebytes Anti-Rootkit from here mbar-1.09.1.1004.zip and save it to your desktop.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up any important data before using.
  • Double-click mbar.exe inside the mbar folder then click 'Next'.
  • Note: Malwarebytes Anti-Rootkit requires administrative privileges to function properly.
  • Click 'Update'.
  • When finished updating, click 'Next' then 'Scan'.
  • If you are told you have the 'AppInit_Dlls rootkit', choose not to fix it and proceed with the scan.
  • With some infections, you may see two messages boxes:
    • 'Could not load protection driver'. Click 'OK'.
    • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart, then continue with the rest of these instructions.
  • If malware is found, do NOT press the 'Cleanup' button yet. Click 'Exit'.
  • Please zip and attach the two log files created by the tool within the folder from which it was run.

The logs will be named mbar-log-YYYY-MM-DD (##-##-##).txt and system-log.txt

 

Step 2:

 

Please download and run RogueKiller  32/64 bit to your desktop

Quit all running programs.

For Windows XP, double-click to start.
For Vista or Windows 7-8, do a right-click on the program, select Run as Administrator to start, & when prompted Allow to run.

Click Scan to scan the system.
When the scan completes > Close out the program > Don't Fix anything!

Don't run any other options, they're not all bad!

Post back the report which should be located on your desktop.
(please don't put logs in code or quotes)


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#10 lrec

lrec
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 11 March 2016 - 11:51 PM

MBAR didn't find anything.  I pasted the text below from the three reports:

 

 

 

 

Malwarebytes Anti-Rootkit BETA 1.9.3.1001
www.malwarebytes.org
 
Database version:
  main:    v2016.03.11.04
  rootkit: v2016.02.27.01
 
Windows 10 x64 NTFS
Internet Explorer 11.0.10240.16724
Danelle :: DESKTOP-3TQLJAO [administrator]
 
3/11/2016 3:19:21 PM
mbar-log-2016-03-11 (15-19-21).txt
 
Scan type: Quick scan
Scan options enabled: Anti-Rootkit | Drivers | MBR | Physical Sectors | Memory | Startup | Registry | File System | Heuristics/Extra | Heuristics/Shuriken
Scan options disabled: 
Objects scanned: 344492
Time elapsed: 22 minute(s), 3 second(s)
 
Memory Processes Detected: 0
(No malicious items detected)
 
Memory Modules Detected: 0
(No malicious items detected)
 
Registry Keys Detected: 0
(No malicious items detected)
 
Registry Values Detected: 0
(No malicious items detected)
 
Registry Data Items Detected: 0
(No malicious items detected)
 
Folders Detected: 0
(No malicious items detected)
 
Files Detected: 0
(No malicious items detected)
 
Physical Sectors Detected: 0
(No malicious items detected)
 
(end)
 
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.10240.16724
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 8488341504, free: 6523125760
 
=======================================
 
 
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.0.10240.16724
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 8488341504, free: 6542368768
 
Downloaded database version: v2016.03.11.04
Downloaded database version: v2016.02.27.01
Downloaded database version: v2016.03.10.01
Initializing...
======================
Driver version: 0.3.0.4
------------ Kernel report ------------
     03/11/2016 15:19:11
------------ Loaded modules -----------
\SystemRoot\system32\ntoskrnl.exe
\SystemRoot\system32\hal.dll
\SystemRoot\system32\kd.dll
\SystemRoot\system32\mcupdate_GenuineIntel.dll
\SystemRoot\System32\drivers\werkernel.sys
\SystemRoot\System32\drivers\CLFS.SYS
\SystemRoot\System32\drivers\tm.sys
\SystemRoot\system32\PSHED.dll
\SystemRoot\system32\BOOTVID.dll
\SystemRoot\System32\drivers\cmimcext.sys
\SystemRoot\System32\drivers\ntosext.sys
\SystemRoot\system32\CI.dll
\SystemRoot\System32\drivers\msrpc.sys
\SystemRoot\System32\drivers\FLTMGR.SYS
\SystemRoot\System32\drivers\ksecdd.sys
\SystemRoot\System32\drivers\clipsp.sys
\SystemRoot\system32\drivers\Wdf01000.sys
\SystemRoot\system32\drivers\WDFLDR.SYS
\SystemRoot\System32\Drivers\acpiex.sys
\SystemRoot\System32\Drivers\WppRecorder.sys
\SystemRoot\System32\Drivers\cng.sys
\SystemRoot\System32\drivers\ACPI.sys
\SystemRoot\System32\drivers\WMILIB.SYS
\SystemRoot\system32\drivers\WindowsTrustedRT.sys
\SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys
\SystemRoot\System32\drivers\axqyvtlf.sys
\SystemRoot\System32\drivers\pcw.sys
\SystemRoot\System32\drivers\msisadrv.sys
\SystemRoot\System32\drivers\pci.sys
\SystemRoot\System32\drivers\vdrvroot.sys
\SystemRoot\system32\drivers\pdc.sys
\SystemRoot\system32\drivers\CEA.sys
\SystemRoot\System32\drivers\partmgr.sys
\SystemRoot\System32\drivers\spaceport.sys
\SystemRoot\System32\drivers\volmgr.sys
\SystemRoot\System32\drivers\volmgrx.sys
\SystemRoot\System32\drivers\mountmgr.sys
\SystemRoot\System32\drivers\iaStorA.sys
\SystemRoot\System32\drivers\storport.sys
\SystemRoot\System32\drivers\EhStorClass.sys
\SystemRoot\System32\drivers\fileinfo.sys
\SystemRoot\System32\Drivers\Wof.sys
\SystemRoot\system32\drivers\WdFilter.sys
\SystemRoot\System32\Drivers\NTFS.sys
\SystemRoot\System32\Drivers\Fs_Rec.sys
\SystemRoot\system32\drivers\ndis.sys
\SystemRoot\system32\drivers\NETIO.SYS
\SystemRoot\System32\Drivers\ksecpkg.sys
\SystemRoot\System32\drivers\tcpip.sys
\SystemRoot\System32\drivers\fwpkclnt.sys
\SystemRoot\System32\drivers\wfplwfs.sys
\SystemRoot\System32\DRIVERS\fvevol.sys
\SystemRoot\System32\drivers\volsnap.sys
\SystemRoot\System32\drivers\rdyboost.sys
\SystemRoot\System32\Drivers\mup.sys
\SystemRoot\System32\drivers\IntelPcc.sys
\SystemRoot\System32\drivers\disk.sys
\SystemRoot\System32\drivers\CLASSPNP.SYS
\SystemRoot\System32\Drivers\crashdmp.sys
\SystemRoot\System32\drivers\cdrom.sys
\SystemRoot\system32\drivers\filecrypt.sys
\SystemRoot\system32\drivers\tbs.sys
\SystemRoot\System32\Drivers\Null.SYS
\SystemRoot\System32\Drivers\Beep.SYS
\SystemRoot\System32\drivers\BasicDisplay.sys
\SystemRoot\System32\drivers\watchdog.sys
\SystemRoot\System32\drivers\dxgkrnl.sys
\SystemRoot\System32\drivers\BasicRender.sys
\SystemRoot\System32\Drivers\Npfs.SYS
\SystemRoot\System32\Drivers\Msfs.SYS
\SystemRoot\system32\DRIVERS\tdx.sys
\SystemRoot\system32\DRIVERS\TDI.SYS
\SystemRoot\system32\drivers\ws2ifsl.sys
\SystemRoot\System32\DRIVERS\netbt.sys
\SystemRoot\system32\drivers\afd.sys
\SystemRoot\System32\drivers\vwififlt.sys
\SystemRoot\System32\drivers\pacer.sys
\SystemRoot\system32\drivers\netbios.sys
\SystemRoot\system32\DRIVERS\rdbss.sys
\??\C:\Windows\System32\drivers\zamguard64.sys
\??\C:\Windows\System32\drivers\zam64.sys
\SystemRoot\system32\drivers\nsiproxy.sys
\SystemRoot\System32\drivers\npsvctrig.sys
\SystemRoot\System32\drivers\mssmbios.sys
\SystemRoot\System32\drivers\gpuenergydrv.sys
\SystemRoot\System32\Drivers\dfsc.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys
\SystemRoot\system32\DRIVERS\ahcache.sys
\SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys
\SystemRoot\System32\drivers\kdnic.sys
\SystemRoot\System32\drivers\umbus.sys
\SystemRoot\system32\DRIVERS\igdkmd64.sys
\SystemRoot\System32\drivers\HDAudBus.sys
\SystemRoot\System32\drivers\portcls.sys
\SystemRoot\System32\drivers\drmk.sys
\SystemRoot\System32\drivers\ks.sys
\SystemRoot\System32\drivers\dptf_cpu.sys
\SystemRoot\System32\Drivers\fastfat.SYS
\SystemRoot\System32\drivers\USBXHCI.SYS
\SystemRoot\system32\drivers\ucx01000.sys
\SystemRoot\System32\drivers\TeeDriverW8x64.sys
\SystemRoot\System32\drivers\rt640x64.sys
\SystemRoot\System32\drivers\athw10x.sys
\SystemRoot\System32\drivers\vwifibus.sys
\SystemRoot\System32\drivers\i8042prt.sys
\SystemRoot\System32\drivers\AsusTP.sys
\SystemRoot\System32\drivers\mouclass.sys
\SystemRoot\System32\drivers\kbdclass.sys
\SystemRoot\System32\drivers\dptf_pch.sys
\SystemRoot\System32\drivers\iaLPSS_I2C.sys
\SystemRoot\system32\drivers\SpbCx.sys
\SystemRoot\System32\drivers\CmBatt.sys
\SystemRoot\System32\drivers\BATTC.SYS
\SystemRoot\System32\drivers\intelppm.sys
\SystemRoot\System32\drivers\acpipagr.sys
\SystemRoot\System32\drivers\wmiacpi.sys
\SystemRoot\System32\drivers\AsHIDSwitch64.sys
\SystemRoot\System32\drivers\HIDCLASS.SYS
\SystemRoot\System32\drivers\HIDPARSE.SYS
\SystemRoot\System32\drivers\msgpiowin32.sys
\SystemRoot\System32\drivers\UEFI.sys
\SystemRoot\System32\drivers\NdisVirtualBus.sys
\SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys
\SystemRoot\System32\drivers\rdpbus.sys
\SystemRoot\system32\DRIVERS\AiCharger.sys
\SystemRoot\System32\drivers\UsbHub3.sys
\SystemRoot\System32\drivers\USBD.SYS
\SystemRoot\system32\drivers\RTKVHD64.sys
\SystemRoot\system32\drivers\ksthunk.sys
\SystemRoot\System32\drivers\kxspb.sys
\SystemRoot\system32\Drivers\RtsUer.sys
\SystemRoot\System32\drivers\hidusb.sys
\SystemRoot\System32\drivers\usbccgp.sys
\SystemRoot\System32\Drivers\usbvideo.sys
\SystemRoot\system32\DRIVERS\btfilter.sys
\SystemRoot\System32\Drivers\BTHUSB.sys
\SystemRoot\System32\Drivers\bthport.sys
\SystemRoot\System32\Drivers\dump_diskdump.sys
\SystemRoot\System32\Drivers\dump_iaStorA.sys
\SystemRoot\System32\Drivers\dump_dumpfve.sys
\SystemRoot\system32\DRIVERS\BthLEEnum.sys
\SystemRoot\System32\drivers\rfcomm.sys
\SystemRoot\System32\drivers\BthEnum.sys
\SystemRoot\System32\drivers\bthpan.sys
\SystemRoot\System32\win32k.sys
\SystemRoot\System32\win32kfull.sys
\SystemRoot\System32\win32kbase.sys
\SystemRoot\System32\drivers\dxgmms2.sys
\SystemRoot\System32\drivers\monitor.sys
\SystemRoot\System32\TSDDD.dll
\SystemRoot\System32\cdd.dll
\SystemRoot\system32\drivers\WudfPf.sys
\SystemRoot\system32\drivers\storqosflt.sys
\SystemRoot\system32\drivers\luafv.sys
\SystemRoot\system32\DRIVERS\esif_lf.sys
\SystemRoot\System32\drivers\WUDFRd.sys
\SystemRoot\system32\drivers\lltdio.sys
\SystemRoot\system32\drivers\mslldp.sys
\SystemRoot\system32\drivers\rspndr.sys
\SystemRoot\system32\drivers\ndisuio.sys
\SystemRoot\system32\DRIVERS\nwifi.sys
\??\C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys
\SystemRoot\system32\drivers\HTTP.sys
\SystemRoot\System32\drivers\vwifimp.sys
\SystemRoot\system32\DRIVERS\bowser.sys
\SystemRoot\system32\DRIVERS\mrxsmb.sys
\SystemRoot\system32\DRIVERS\mrxsmb20.sys
\SystemRoot\System32\drivers\mpsdrv.sys
\SystemRoot\System32\DRIVERS\srvnet.sys
\SystemRoot\System32\DRIVERS\srv2.sys
\??\C:\Windows\system32\drivers\mbam.sys
\SystemRoot\system32\drivers\mmcss.sys
\SystemRoot\system32\DRIVERS\mrxsmb10.sys
\SystemRoot\system32\drivers\Ndu.sys
\SystemRoot\system32\drivers\peauth.sys
\SystemRoot\System32\DRIVERS\srv.sys
\SystemRoot\System32\drivers\tcpipreg.sys
\SystemRoot\system32\Drivers\WdNisDrv.sys
\SystemRoot\System32\drivers\condrv.sys
\SystemRoot\System32\drivers\tunnel.sys
\??\C:\Windows\system32\drivers\mbamchameleon.sys
\??\C:\Windows\system32\drivers\MBAMSwissArmy.sys
----------- End -----------
Done!
 
Scan started
Database versions:
  main:    v2016.03.11.04
  rootkit: v2016.02.27.01
 
<<<2>>>
Physical Sector Size: 512
Drive: 0, DevicePointer: 0xffffe000a149a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
--------- Disk Stack ------
DevicePointer: 0xffffe000a149ab10, DeviceName: Unknown, DriverName: \Driver\partmgr\
DevicePointer: 0xffffe000a149a060, DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
DevicePointer: 0xffffe0009ead1e40, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0009ead3040, DeviceName: Unknown, DriverName: \Driver\ACPI\
DevicePointer: 0xffffe0009d29d2f0, DeviceName: \Device\00000039\, DriverName: \Driver\iaStorA\
------------ End ----------
Alternate DeviceName: \Device\Harddisk0\DR0\, DriverName: \Driver\disk\
Upper DeviceData: 0x0, 0x0, 0x0
Lower DeviceData: 0x0, 0x0, 0x0
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
<<<2>>>
<<<3>>>
Volume: C:
File system type: NTFS
SectorSize = 512, ClusterSize = 4096, MFTRecordSize = 1024, MFTIndexSize = 4096 bytes
Scanning drivers directory: C:\WINDOWS\SYSTEM32\drivers...
Done!
Drive 0
This is a System drive
Scanning MBR on drive 0...
Inspecting partition table:
This drive is a GPT Drive.
MBR Signature: 55AA
Disk Signature: 349C52B9
 
GPT Protective MBR Partition information:
 
    Partition 0 type is EFI-GPT (0xee)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 1  Numsec = 4294967295
 
    Partition 1 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 2 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
    Partition 3 type is Empty (0x0)
    Partition is NOT ACTIVE.
    Partition starts at LBA: 0  Numsec = 0
 
GPT Partition information:
 
    GPT Header Signature 4546492050415254
    GPT Header Revision 65536 Size 92 CRC 74912818
    GPT Header CurrentLba = 1 BackupLba 1953525167
    GPT Header FirstUsableLba 34  LastUsableLba 1953525134
    GPT Header Guid fd2f7659-7ecd-4544-867f-b9492b20babb
    GPT Header Contains 128 partition entries starting at LBA 2
    GPT Header Partition entry size = 128
 
    Backup GPT header Signature 4546492050415254
    Backup GPT header Revision 65536 Size 92 CRC 74912818
    Backup GPT header CurrentLba = 1953525167 BackupLba 1
    Backup GPT header FirstUsableLba 34  LastUsableLba 1953525134
    Backup GPT header Guid fd2f7659-7ecd-4544-867f-b9492b20babb
    Backup GPT header Contains 128 partition entries starting at LBA 1953525135
    Backup GPT header Partition entry size = 128
 
    Partition 0 Type c12a7328-f81f-11d2-ba4b-0a0c93ec93b
    Partition ID aeceb2a7-63f8-476f-9d71-bc45ea4c7282
    FirstLBA 2048  Last LBA 534527
    Attributes 0
    Partition Name                 EFI system partition
 
    GPT Partition 0 is bootable
    Partition 1 Type e3c9e316-b5c-4db8-817d-f92df0215ae
    Partition ID bf14e3cf-3b08-4ad6-be2a-a25721ed9a8a
    FirstLBA 534528  Last LBA 567295
    Attributes 0
    Partition Name         Microsoft reserved partition
 
    Partition 2 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 7c49f6f9-6aea-481f-9571-4380bc23b0e2
    FirstLBA 567296  Last LBA 780388351
    Attributes 0
    Partition Name                 Basic data partition
 
    Partition 3 Type de94bba4-6d1-4d40-a16a-bfd5179d6ac
    Partition ID f0c6faf0-21db-4fbe-98ba-40c3a7d03b57
    FirstLBA 780388352  Last LBA 781410303
    Attributes 1
    Partition Name                 Basic data partition
 
    Partition 4 Type ebd0a0a2-b9e5-4433-87c0-68b6b72699c7
    Partition ID 98d6783b-d9c3-478e-a0af-17ca8355809e
    FirstLBA 781410304  Last LBA 1953523711
    Attributes 0
    Partition Name                 Basic data partition
 
Disk Size: 1000204886016 bytes
Sector size: 512 bytes
 
Done!
File "C:\Windows\System32\config\systemprofile\AppData\Local\DataSharing\Storage\DSTokenDB2.dat" is sparse (flags = 32768)
Scan finished
=======================================
 
 
Removal queue found; removal started
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-i.mbam...
Removing C:\ProgramData\Malwarebytes' Anti-Malware (portable)\MBR-0-r.mbam...
Removal finished
---------------------------------------
Malwarebytes Anti-Rootkit BETA 1.09.3.1001
 
© Malwarebytes Corporation 2011-2012
 
OS version: 10.0.9200 Windows 10 x64
 
Account is Administrative
 
Internet Explorer version: 11.103.10586.0
 
File system is: NTFS
Disk drives: C:\ DRIVE_FIXED, D:\ DRIVE_FIXED
CPU speed: 2.394000 GHz
Memory total: 8488341504, free: 5793943552
 
=======================================
 
 
 
 
 
 
 
 
RogueKiller V12.0.1.0 [Mar  7 2016] (Free) by Adlice Software
 
Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Danelle [Administrator]
Started from : C:\Users\Danelle\Desktop\RogueKiller.exe
Mode : Scan -- Date : 03/11/2016 22:40:07
 
¤¤¤ Processes : 0 ¤¤¤
 
¤¤¤ Registry : 6 ¤¤¤
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2526677092-4190251304-3396366693-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2526677092-4190251304-3396366693-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 10.0.0.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{4290a587-96b5-4887-886e-acc0dad66ee0} | DhcpNameServer : 10.0.0.1 ([X])  -> Found
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{4290a587-96b5-4887-886e-acc0dad66ee0} | DhcpNameServer : 10.0.0.1 ([X])  -> Found
 
¤¤¤ Tasks : 0 ¤¤¤
 
¤¤¤ Files : 0 ¤¤¤
 
¤¤¤ Hosts File : 0 ¤¤¤
 
¤¤¤ Antirootkit : 0 (Driver: Not loaded [0x0]) ¤¤¤
 
¤¤¤ Web browsers : 0 ¤¤¤
 
¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: HGST HTS541010A9E680 +++++
--- User ---
[MBR] 6ea96db2f6a0fca6db5318d8b9f1bdbd
[BSP] 8acbd1689e55b02c2c915edf6134cbff : Empty|VT.Unknown MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 260 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 534528 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 567296 | Size: 380772 MB
3 - [SYSTEM][MAN-MOUNT] Basic data partition | Offset (sectors): 780388352 | Size: 499 MB
4 - Basic data partition | Offset (sectors): 781410304 | Size: 572321 MB
User = LL1 ... OK
User = LL2 ... OK
 


#11 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 12 March 2016 - 12:13 PM

Your logs seems clean.

=====================

  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double click on the EmsisoftEmergencyKit.exe icon, click Run then Extract
  • Double click the Start Emsisoft Emergency Kit icon that will appear after extraction
  • Click Yes to update the program
  • Once the update is completed click the Back button
  • Click on 2. Scan (not Quick Scan or Smart Scan)
  • Click Yes to detect Potentially Unwanted Programs (PUPs)
  • Patiently wait for the thorough scan to complete, this can be a lengthy process
  • Once completed click Quarantine selected objects (if computer is clean you will not have this option) then click OK
  • Click View Report
  • Attach the report to your reply
  • Close the program then click Close

===================================================

Please scan your machine with ESET OnlineScan

  • Hold down Control and click on the following link to open ESET OnlineScan in a new window.
    ESET OnlineScan
  • Click the esetonlinebtn.png button.
  • For alternate browsers only: (Microsoft Internet Explorer users can skip these steps)
    • Click on esetsmartinstaller_enu.exe to download the ESET Smart Installer.
      Save it to your Desktop.
    • Double click on the esetsmartinstaller_enu.png to download the ESET Smart Installer. icon on your Desktop.
  • Check "YES, I accept the Terms of Use."
  • Click the Start button.
  • Accept any security warnings from your browser.
  • Under Scan Settings, check "Scan Archives" and "Remove found threats"
  • Click Advanced settings and select the following:
    • Scan potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth technology
  • ESET will then download updates for itself, install itself, and begin scanning your computer. Please be patient as this can take some time.
  • When the scan completes, click List Threats
  • Click Export, and save the file to your desktop using a unique name, such as ESETScan. Include the contents of this report in your next reply.
  • Click the Back button.
  • Click the Finish button.

=========================================================================

How is the machine running now and any issues ? Please let me know.

----------------------------------------------------------------
Things I would like to see in your next reply. :thumbup2:

  • Eset report
  • Emsisoft report

 


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#12 lrec

lrec
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 13 March 2016 - 12:31 AM

Here they are!

 

***********************************************************************

 

Emsisoft Emergency Kit - Version 11.0
Last update: 3/12/2016 5:19:26 PM
User account: DESKTOP-3TQLJAO\Danelle
 
Scan settings:
 
Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files
 
Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off
 
Scan start: 3/12/2016 5:22:40 PM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  detected: Setting.DisableTaskMgr (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN detected: Setting.NoRun (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS  detected: Setting.NoFolderOptions (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS  detected: Setting.NoFolderOptions (A)
 
Scanned 79202
Found 8
 
Scan end: 3/12/2016 5:26:20 PM
Scan time: 0:03:40
 
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NOFOLDEROPTIONS  Setting.NoFolderOptions (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\EXPLORER -> NORUN  Setting.NoRun (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLETASKMGR  Setting.DisableTaskMgr (A)
 
Quarantined 4
 
 
 
 
*************************** ESET REPORT ****************************
 
C:\zoek_backup\C_Windows_SysWOW64_pmls.dll.vir a variant of Win32/Adware.RK.AM application cleaned by deleting
C:\zoek_backup\C_PROGRA~2_PremierOpinion\pmls.dll a variant of Win32/Adware.RK.AM application cleaned by deleting
C:\zoek_backup\C_PROGRA~2_PremierOpinion\pmropn.exe a variant of Win32/Adware.RK.AE application cleaned by deleting
C:\zoek_backup\C_PROGRA~2_PremierOpinion\pmservice.exe a variant of Win32/Adware.RK.AU application cleaned by deleting
C:\zoek_backup\C_PROGRA~2_PremierOpinion\pmxf.dll a variant of Win32/Adware.RK.AT application cleaned by deleting
C:\zoek_backup\C_PROGRA~2_PremierOpinion\components\pmxg.dll a variant of Win32/Adware.RK.AM application cleaned by deleting
C:\zoek_backup\C_PROGRA~2_PremierOpinion\firefox\pmnx.dll a variant of Win32/Adware.RK.AM application cleaned by deleting
 


#13 lrec

lrec
  • Topic Starter

  • Members
  • 19 posts
  • OFFLINE
  •  
  • Local time:12:42 AM

Posted 13 March 2016 - 12:44 AM

By the way, I was just going to some of the (trusted) web sites that I went to when my system first got all blocked up - no problems!!

 Thanks!



#14 olgun52

olgun52

  • Malware Response Team
  • 3,782 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:08:42 AM

Posted 13 March 2016 - 12:28 PM

Okay, is there any issue ?


Best regards
 
paypal.gif
If you wish to show appreciation and support me personally fighting against malware, then you can consider a donation. Thank you. :thumbup2:
Malware fix forum
If I don't reply within 24 hours please PM me!

 


 


#15 bokiboki

bokiboki

  • Members
  • 10 posts
  • OFFLINE
  •  
  • Local time:06:42 AM

Posted 15 March 2016 - 03:45 PM

Hi,

 

I have the same problem with Reimage Plus, although at a lower frequency. It turns up occasionally.

My machine is several years old, and runs on Windows 7.

In the Progam list there is nothing registered as REIMAGE anything, so there is nothing to uninstall.

 

How should I proceed?






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users