Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

IE 11 Redirection Problems and Page Reload Issues


  • This topic is locked This topic is locked
28 replies to this topic

#1 SailorMama

SailorMama

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:11:17 PM

Posted 23 March 2016 - 11:11 PM

I am having problems with Internet Explorer 11 Home Page and Google redirection issues.  Also, Internet Explorer seems to load the initial page and then reload it again.  I have run all of the primary malware tools available looking for the issues. Please help me figure out how to solve this problem.  I had this problem in Windows 7 and I am still having the same issues in Windows 10.    Thank You!  Here is my FRST log:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by SailorMama (administrator) on BLUEBELLEE6400 (23-03-2016 23:29:46)
Running from C:\Users\SailorMama\Downloads
Loaded Profiles: SailorMama (Available Profiles: SailorMama & DefaultAppPool)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\afwServ.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(IObit) C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\asww10mon.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [487424 2010-05-21] (IDT, Inc.)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7139256 2016-03-23] (AVAST Software)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [594992 2016-01-29] (Oracle Corporation)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [468112 2011-07-25] (CANON INC.)
HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\Run: [Advanced SystemCare 8] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCTray.exe [2429728 2015-04-08] (IObit)
HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\Ribbons.scr [149504 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-22] (AVAST Software)
ShellIconOverlayIdentifiers: [1MediaFireIconError] -> {5EE8C634-CDC0-453D-9731-DF0B19F4E807} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon3_50548.dll [2015-03-23] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconReadOnly] -> {7995D0FC-769B-4197-AEC0-991921CB99E1} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon5_50548.dll [2015-03-23] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSynched] -> {9A3B79CB-D899-40B5-8DBC-20447F1ADC8F} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon_50548.dll [2015-03-23] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1MediaFireIconSyncing] -> {C4D81971-6B13-4173-AB21-F83AD20CCC04} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon2_50548.dll [2015-03-23] (TODO: <Company name>)
ShellIconOverlayIdentifiers: [1SecurityInfoIcons] -> {C0CEFF27-08AD-4E60-BF47-4AEE8FEB381A} =>  No File
ShellIconOverlayIdentifiers: [MediaFireIconLock] -> {759F3E92-F4E8-4953-8315-238B8B17E0F3} => C:\Program Files (x86)\MediaFire Desktop\MediaFireIcon4_50548.dll [2015-03-23] (TODO: <Company name>)
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: 127.0.0.1 localhost
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{947e3369-8f15-414a-a72c-88738a326260}: [DhcpNameServer] 192.168.1.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://search.msn.com/spbasic.htm
HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKLM -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {0191A6B0-1154-4C22-9182-23A95BBE92D9} URL = hxxp://www.google.com/search?q={searchTerms}
SearchScopes: HKLM-x32 -> {632F07F3-19A1-4d16-A23F-E6CE9486BAB5} URL = hxxp://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-22] (AVAST Software)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\ssv.dll [2016-03-22] (Oracle Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-22] (AVAST Software)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\jp2ssv.dll [2016-03-22] (Oracle Corporation)
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} -  No File
Toolbar: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} -  No File
Toolbar: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} -  No File
Toolbar: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} -  No File
DPF: HKLM-x32 {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} hxxp://support.dell.com/systemprofiler/SysProExe.CAB
DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab
DPF: HKLM-x32 {82774781-8F4E-11D1-AB1C-0000F8773BF0} hxxps://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
DPF: HKLM-x32 {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} hxxp://xserv.dell.com/DellDriverScanner/DellSystem.CAB
DPF: HKLM-x32 {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} hxxp://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\Advisor\System\BAVoilaX.dll [2010-02-10] (Belarc, Inc.)
 
FireFox:
========
FF ProfilePath: C:\Users\SailorMama\AppData\Roaming\Mozilla\Firefox\Profiles\pcp6jov7.default-1423595780804
FF DefaultSearchEngine.US: Google
FF Homepage: hxxps://www.google.com/
hxxps://www.google.com/maps/@27.698638,-83.804601,7z
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.1.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.3 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.1.5 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.0 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [2012-09-20] (Adobe Systems)
FF Plugin-x32: @java.com/DTPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\dtplugin\npDeployJava1.dll [2016-03-22] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.73.2 -> C:\Program Files (x86)\Java\jre1.8.0_73\bin\plugin2\npjp2.dll [2016-03-22] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @Nero.com/KM -> C:\PROGRA~2\COMMON~1\Nero\BROWSE~1\NPBROW~1.DLL [2015-10-23] (Nero AG)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Air\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect32.dll [2012-09-20] (Adobe Systems)
FF Plugin HKU\S-1-5-21-3676667488-3753770460-1425199946-1000: navionics.com/NavConnect -> C:\Program Files (x86)\Chart Installer\npNavConnect.dll [No File]
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2015-12-17] (Adobe Systems Inc.)
FF Extension: No Name - C:\Users\SailorMama\AppData\Roaming\Mozilla\Firefox\Profiles\pcp6jov7.default-1423595780804\extensions\iobitascsurfingprotection@iobit.com [not found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [not found]
FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-22]
FF HKLM-x32\...\Firefox\Extensions: [web2pdfextension@web2pdf.adobedotcom] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCFirefoxExtn [2014-10-16] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
 
Chrome:
=======
CHR HKLM-x32\...\Chrome\Extension: [efaidnbmnnnibpcajpcglclefindmkaj] - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx [2012-09-23]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-22]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AdvancedSystemCareService8; C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe [821024 2015-08-05] (IObit)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-22] (AVAST Software)
R2 avast! Firewall; C:\Program Files\AVAST Software\Avast\afwServ.exe [119128 2016-03-22] (AVAST Software)
S4 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [127752 2016-03-23] (SurfRight B.V.)
S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [121280 2009-11-11] (SlySoft, Inc.)
R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-22] (AVAST Software)
R1 aswKbd; C:\Windows\system32\drivers\aswKbd.sys [37144 2016-03-22] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-22] (AVAST Software)
R1 aswNetSec; C:\Windows\system32\drivers\aswNetSec.sys [552880 2016-03-22] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-22] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-22] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-22] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-22] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-22] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-22] (AVAST Software)
R3 BCMTPM; C:\Windows\system32\DRIVERS\btpmwx64.sys [32096 2016-01-28] (Broadcom Corp.)
R1 Eve; C:\Windows\system32\DRIVERS\eve.sys [43016 2013-02-20] ()
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-11-18] (REALiX™)
R2 mbamchameleon; C:\WINDOWS\system32\drivers\mbamchameleon.sys [140672 2016-03-10] (Malwarebytes)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-23] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation)
R2 mfmonitor; C:\Windows\System32\DRIVERS\mfmonitor_x64.sys [20696 2015-04-07] (Windows ® Win 7 DDK provider)
R3 SensorsAlsDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [216064 2015-10-30] (Microsoft Corporation)
R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33008 2014-11-06] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [28272 2016-03-23] ()
S3 tsusbhub; C:\Windows\System32\drivers\tsusbhub.sys [117248 2010-11-20] (Microsoft Corporation) [File not signed]
R3 wbfcvusbdrv; C:\Windows\System32\Drivers\wbfcvusbdrv.sys [17120 2013-03-08] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
S3 WsAudio_Device; C:\Windows\System32\drivers\VirtualAudio.sys [31080 2012-11-20] (Wondershare)
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-23 23:29 - 2016-03-23 23:30 - 00018324 _____ C:\Users\SailorMama\Downloads\FRST.txt
2016-03-23 23:29 - 2016-03-23 23:29 - 02374144 _____ (Farbar) C:\Users\SailorMama\Downloads\FRST64.exe
2016-03-23 23:28 - 2016-03-23 23:28 - 00457632 _____ (Bleeping Computer, LLC) C:\Users\SailorMama\Downloads\FixExec.exe
2016-03-23 23:28 - 2016-03-23 23:28 - 00001554 _____ C:\Users\SailorMama\Desktop\FixExec.txt
2016-03-23 23:24 - 2016-03-23 23:24 - 00463688 _____ (Bleeping Computer, LLC) C:\Users\SailorMama\Downloads\sc-cleaner.exe
2016-03-23 23:24 - 2016-03-23 23:24 - 00001860 _____ C:\Users\SailorMama\Desktop\sc-cleaner.txt
2016-03-23 23:01 - 2016-03-23 23:01 - 00000000 ____D C:\Users\SailorMama\Downloads\backups
2016-03-23 22:54 - 2016-03-23 22:55 - 00388608 _____ (Trend Micro Inc.) C:\Users\SailorMama\Downloads\HijackThis.exe
2016-03-23 22:39 - 2016-03-23 22:39 - 00000020 ___SH C:\Users\DefaultAppPool.IIS APPPOOL\ntuser.ini
2016-03-23 22:39 - 2016-03-23 22:39 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\My Documents
2016-03-23 22:39 - 2016-03-23 22:39 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\Documents\My Videos
2016-03-23 22:39 - 2016-03-23 22:39 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\Documents\My Pictures
2016-03-23 22:39 - 2016-03-23 22:39 - 00000000 _SHDL C:\Users\DefaultAppPool.IIS APPPOOL\Documents\My Music
2016-03-23 22:39 - 2016-03-23 22:39 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL
2016-03-23 22:39 - 2016-03-21 23:50 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming\Media Center Programs
2016-03-23 22:39 - 2016-03-21 23:50 - 00000000 ____D C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Microsoft Help
2016-03-23 22:30 - 2016-03-23 22:30 - 00000000 ____D C:\ProgramData\ProductData
2016-03-23 22:27 - 2016-03-23 22:27 - 00389896 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-23 21:51 - 2016-03-23 21:52 - 00261914 _____ C:\TDSSKiller.3.1.0.9_23.03.2016_21.51.27_log.txt
2016-03-23 21:35 - 2016-03-23 21:36 - 00127926 _____ C:\TDSSKiller.3.1.0.9_23.03.2016_21.35.35_log.txt
2016-03-23 21:29 - 2016-03-23 21:29 - 00028272 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-03-23 21:29 - 2016-03-23 21:29 - 00000910 _____ C:\Users\Public\Desktop\RogueKiller.lnk
2016-03-23 21:27 - 2016-03-23 21:27 - 00000771 _____ C:\Users\SailorMama\Desktop\JRT.txt
2016-03-23 21:15 - 2016-03-23 21:15 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-03-23 19:13 - 2015-12-24 09:03 - 00316168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
2016-03-23 18:58 - 2016-03-23 18:58 - 01530368 _____ C:\Users\SailorMama\Downloads\adwcleaner_5.105.exe
2016-03-23 18:38 - 2016-03-23 18:38 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-03-23 17:36 - 2016-03-23 17:36 - 00001262 _____ C:\Users\Public\Desktop\Smart Defrag 4.lnk
2016-03-23 17:36 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\WINDOWS\SysWOW64\IObitSmartDefragExtension.dll
2016-03-23 17:36 - 2015-01-10 15:32 - 00128288 _____ (IObit) C:\WINDOWS\system32\IObitSmartDefragExtension.dll
2016-03-23 17:32 - 2016-03-23 17:33 - 08195088 _____ (IObit ) C:\Users\SailorMama\Downloads\sd4_setup.exe
2016-03-23 17:32 - 2016-03-23 17:32 - 00003324 _____ C:\WINDOWS\System32\Tasks\SmartDefrag4_Startup
2016-03-23 16:47 - 2016-03-23 16:47 - 00002093 _____ C:\Users\Public\Desktop\Canon IJ Network Tool.lnk
2016-03-23 16:47 - 2016-03-23 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX890 series
2016-03-23 16:47 - 2011-09-21 09:19 - 00122880 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_AZU.dll
2016-03-23 16:47 - 2011-09-21 08:06 - 00424448 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNC_AZL.dll
2016-03-23 16:47 - 2011-05-31 16:48 - 00070656 _____ C:\WINDOWS\SysWOW64\CNC175ED.TBL
2016-03-23 16:47 - 2008-08-25 18:02 - 00015872 _____ (CANON INC.) C:\WINDOWS\SysWOW64\CNHMCA.dll
2016-03-23 16:46 - 2012-03-14 05:00 - 00385024 _____ (CANON INC.) C:\WINDOWS\system32\CNMLMAZ.DLL
2016-03-23 16:41 - 2016-03-23 16:42 - 24390792 _____ C:\Users\SailorMama\Downloads\fuu_-win-mx890-2_2-ea7.exe
2016-03-23 16:39 - 2016-03-23 16:39 - 30383744 _____ C:\Users\SailorMama\Downloads\mp68-win-mx890-1_03-ea24.exe
2016-03-23 16:10 - 2016-03-23 22:33 - 00003478 _____ C:\Users\SailorMama\Desktop\Rkill.txt
2016-03-22 13:28 - 2016-03-22 13:28 - 19896179 _____ C:\Users\SailorMama\Downloads\SunnyShores.themepack
2016-03-22 13:05 - 2016-03-22 13:05 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-03-22 13:04 - 2016-03-10 14:09 - 00065408 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-03-22 13:04 - 2016-03-10 14:08 - 00140672 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-03-22 13:04 - 2016-03-10 14:08 - 00027008 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-03-22 12:50 - 2016-03-22 12:50 - 95830016 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit
2016-03-22 12:50 - 2016-03-22 12:50 - 00348160 _____ C:\WINDOWS\system32\config\DEFAULT.iobit
2016-03-22 12:50 - 2016-03-22 12:50 - 00102400 _____ C:\WINDOWS\system32\config\SAM.iobit
2016-03-22 12:50 - 2016-03-22 12:50 - 00032768 _____ C:\WINDOWS\system32\config\SECURITY.iobit
2016-03-22 12:23 - 2016-03-22 12:35 - 00000870 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-03-22 12:23 - 2016-03-22 12:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2016-03-22 12:23 - 2016-03-22 12:26 - 00000000 ____D C:\Program Files\CCleaner
2016-03-22 12:23 - 2016-03-22 12:23 - 00002848 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2016-03-22 10:49 - 2016-03-22 10:49 - 00001986 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Internet Security.lnk
2016-03-22 10:49 - 2016-03-22 10:49 - 00001974 _____ C:\Users\Public\Desktop\Avast Internet Security.lnk
2016-03-22 10:47 - 2016-03-22 10:27 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2016-03-22 10:36 - 2016-03-22 10:36 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-03-22 10:31 - 2016-03-22 10:49 - 00003168 _____ C:\WINDOWS\System32\Tasks\SafeZone scheduled Autoupdate 1458657088
2016-03-22 10:31 - 2016-03-22 10:49 - 00001089 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast SafeZone Browser.lnk
2016-03-22 10:30 - 2016-03-22 10:30 - 00037144 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswKbd.sys
2016-03-22 10:29 - 2016-03-22 10:29 - 00000000 ____D C:\Users\SailorMama\AppData\Roaming\AVAST Software
2016-03-22 10:28 - 2016-03-23 22:33 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2016-03-22 10:28 - 2016-03-22 10:28 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
2016-03-22 10:28 - 2016-03-22 10:28 - 00552880 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswNetSec.sys
2016-03-22 10:28 - 2016-03-22 10:28 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2016-03-22 10:28 - 2016-03-22 10:28 - 00287016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2016-03-22 10:28 - 2016-03-22 10:28 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2016-03-22 10:28 - 2016-03-22 10:27 - 00165344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2016-03-22 10:28 - 2016-03-22 10:27 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2016-03-22 10:28 - 2016-03-22 10:27 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2016-03-22 10:28 - 2016-03-22 10:27 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2016-03-22 10:27 - 2016-03-22 10:27 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2016-03-22 09:28 - 2016-03-22 09:28 - 00000000 ____D C:\Users\SailorMama\AppData\Local\MicrosoftEdge
2016-03-22 09:15 - 2016-03-22 14:46 - 00000000 ____D C:\Users\SailorMama\AppData\Local\Comms
2016-03-22 09:05 - 2016-03-22 09:05 - 00000000 ____D C:\Users\SailorMama\AppData\Local\PeerDistRepub
2016-03-22 09:00 - 2016-03-22 10:23 - 00002434 _____ C:\Users\SailorMama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-22 09:00 - 2016-03-22 10:23 - 00000000 ___RD C:\Users\SailorMama\OneDrive
2016-03-22 08:57 - 2016-03-22 08:57 - 00000000 ____D C:\Users\SailorMama\AppData\Local\Publishers
2016-03-22 08:56 - 2016-03-22 08:56 - 00000000 ____D C:\Users\SailorMama\AppData\Local\ActiveSync
2016-03-22 08:54 - 2016-03-23 15:02 - 00000000 ____D C:\Users\SailorMama\AppData\Local\Packages
2016-03-22 08:54 - 2016-03-22 08:54 - 00000442 __RSH C:\Users\SailorMama\ntuser.pol
2016-03-22 08:54 - 2016-03-22 08:54 - 00000020 ___SH C:\Users\SailorMama\ntuser.ini
2016-03-22 08:54 - 2016-03-22 08:54 - 00000000 ____D C:\Users\SailorMama\AppData\Local\TileDataLayer
2016-03-22 03:30 - 2016-03-22 12:54 - 00000000 ___DC C:\WINDOWS\Panther
2016-03-22 03:24 - 2016-03-22 15:45 - 00000000 ____D C:\Windows.old
2016-03-22 03:23 - 2016-03-22 03:23 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-22 03:23 - 2016-03-22 03:23 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-22 03:23 - 2016-03-22 03:23 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-22 03:23 - 2016-03-22 03:23 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-22 03:23 - 2016-03-22 03:23 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-22 03:23 - 2016-03-22 03:23 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-22 03:23 - 2016-03-22 03:23 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-22 03:23 - 2016-03-22 03:23 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-22 03:23 - 2016-03-22 03:23 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-22 03:23 - 2016-03-22 03:23 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-22 03:23 - 2016-03-22 03:23 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-22 03:23 - 2016-03-22 03:23 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-22 03:23 - 2016-03-22 03:23 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-22 03:23 - 2016-03-22 03:23 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-22 03:23 - 2016-03-22 03:23 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-22 03:23 - 2016-03-22 03:23 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-22 03:23 - 2016-03-22 03:23 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-22 03:23 - 2016-03-22 03:23 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-22 03:23 - 2016-03-22 03:23 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-22 03:23 - 2016-03-22 03:23 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-22 03:23 - 2016-03-22 03:23 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-22 03:23 - 2016-03-22 03:23 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-22 03:23 - 2016-03-22 03:23 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-22 03:17 - 2016-03-22 03:17 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-03-22 03:09 - 2016-03-22 03:09 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2016-03-22 03:09 - 2016-03-22 03:09 - 00000000 ____D C:\WINDOWS\system32\msmq
2016-03-22 03:09 - 2016-03-22 03:09 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2016-03-22 03:09 - 2016-03-22 03:09 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-03-22 03:09 - 2016-03-22 03:09 - 00000000 ____D C:\Program Files\MSBuild
2016-03-22 03:09 - 2016-03-22 03:09 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-03-22 03:09 - 2016-03-22 03:09 - 00000000 ____D C:\inetpub
2016-03-22 03:09 - 2016-03-21 23:52 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-03-22 03:08 - 2015-10-23 21:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-03-22 03:08 - 2015-10-23 21:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-03-22 03:08 - 2015-10-23 21:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-03-22 03:08 - 2015-10-23 21:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-03-22 03:08 - 2015-10-23 21:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-03-22 03:08 - 2015-10-23 21:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-03-22 03:07 - 2016-03-22 03:07 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-03-22 03:07 - 2016-03-22 03:07 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-03-22 03:07 - 2016-03-22 03:07 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-22 03:07 - 2016-03-22 03:07 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-22 00:12 - 2016-03-22 10:48 - 00003040 _____ C:\WINDOWS\System32\Tasks\avast! Windows 10 Start Menu helper
2016-03-22 00:09 - 2016-03-22 00:09 - 00000000 _SHDL C:\Users\Default\My Documents
2016-03-22 00:09 - 2016-03-22 00:09 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-03-22 00:09 - 2016-03-22 00:09 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-03-22 00:09 - 2016-03-22 00:09 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-03-22 00:09 - 2016-03-22 00:09 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-03-22 00:09 - 2016-03-22 00:09 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-03-22 00:09 - 2016-03-22 00:09 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-03-22 00:06 - 2016-03-22 00:06 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-03-21 23:50 - 2016-03-21 23:50 - 00001519 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-03-21 23:50 - 2016-03-21 23:50 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
2016-03-21 23:50 - 2016-03-21 23:50 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2016-03-21 23:50 - 2016-03-21 23:50 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
2016-03-21 23:50 - 2016-03-21 23:50 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2016-03-21 23:43 - 2016-03-21 23:43 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2016-03-21 23:39 - 2016-03-22 16:16 - 00000000 ____D C:\Users\SailorMama
2016-03-21 23:39 - 2016-03-21 23:39 - 00000000 _SHDL C:\Users\SailorMama\My Documents
2016-03-21 23:39 - 2016-03-21 23:39 - 00000000 _SHDL C:\Users\SailorMama\Documents\My Videos
2016-03-21 23:39 - 2016-03-21 23:39 - 00000000 _SHDL C:\Users\SailorMama\Documents\My Pictures
2016-03-21 23:39 - 2016-03-21 23:39 - 00000000 _SHDL C:\Users\SailorMama\Documents\My Music
2016-03-21 23:36 - 2016-03-23 22:32 - 01011656 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-21 23:36 - 2016-03-21 23:36 - 00965390 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-03-21 23:33 - 2016-03-21 23:52 - 00000000 ____D C:\Program Files\IDT
2016-03-21 23:33 - 2016-03-21 23:33 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2016-03-21 23:33 - 2016-03-21 23:33 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_ushwbfdrv_01_09_00.Wdf
2016-03-21 23:33 - 2016-03-21 23:33 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_SensorsAlsDriver_01_11_00.Wdf
2016-03-21 23:33 - 2016-03-21 23:33 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_wbfcvusbdrv_01009.Wdf
2016-03-21 23:33 - 2016-03-21 23:33 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-03-21 23:33 - 2016-03-21 23:33 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-03-21 23:33 - 2016-03-21 23:33 - 00000000 ____D C:\Program Files\Synaptics
2016-03-21 23:33 - 2010-05-21 04:51 - 12812800 _____ (IDT, Inc.) C:\WINDOWS\system32\idtcpl64.cpl
2016-03-21 23:33 - 2010-05-21 04:51 - 03462656 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2016-03-21 23:33 - 2010-01-27 04:30 - 00162816 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTAC64.dll
2016-03-21 23:33 - 2009-10-10 02:45 - 00442368 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTEC64.dll
2016-03-21 23:33 - 2009-03-03 03:58 - 00068608 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTAR64.dll
2016-03-21 23:33 - 2009-03-03 03:47 - 00090624 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTCo64.dll
2016-03-21 22:55 - 2015-10-30 03:18 - 00000001 ___SH C:\BOOTNXT
2016-03-21 22:11 - 2016-03-21 22:46 - 00000000 ___HD C:\$WINDOWS.~BT
2016-03-21 22:04 - 2016-03-21 22:04 - 00000000 ____D C:\ESD
2016-03-21 21:57 - 2016-03-21 21:57 - 00000000 ___HD C:\$Windows.~WS
2016-03-21 20:38 - 2016-03-21 20:38 - 00000000 ____D C:\Users\SailorMama\AppData\LocalLow\Temp
2016-03-21 13:29 - 2016-03-21 13:29 - 00000000 ____D C:\ProgramData\TEMP
2016-03-19 16:25 - 2016-03-21 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
2016-03-19 16:25 - 2016-03-19 16:25 - 00002515 _____ C:\Users\Public\Desktop\TurboTax 2015.lnk
2016-03-18 21:17 - 2016-02-09 05:57 - 14634496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp(337).dll
2016-03-18 18:10 - 2016-03-21 23:32 - 00000000 ___RD C:\Users\Public\Recorded TV
2016-03-18 16:06 - 2016-03-21 23:32 - 00000000 ____D C:\Program Files (x86)\AdwCleaner
2016-03-18 15:07 - 2016-02-08 16:01 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll
2016-03-18 15:07 - 2016-02-08 14:06 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
2016-03-18 15:07 - 2016-02-08 13:33 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
2016-03-18 12:54 - 2016-03-23 21:31 - 00001973 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-03-18 12:20 - 2016-03-18 12:21 - 00219222 _____ C:\TDSSKiller.3.1.0.9_18.03.2016_12.20.21_log.txt
2016-03-18 09:52 - 2016-03-18 14:26 - 00000000 ____D C:\Program Files (x86)\DLL Suite
2016-03-04 12:53 - 2016-03-04 12:53 - 00000000 ____D C:\ProgramData\Canon IJ Network Tool
2016-03-04 12:39 - 2016-03-23 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-03-01 23:07 - 2016-02-12 14:18 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-2-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-2-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l2-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:07 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-2-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2016-03-01 23:07 - 2015-11-19 10:06 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2016-03-01 21:58 - 2015-12-20 14:50 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\RdpGroupPolicyExtension.dll
2016-03-01 15:10 - 2016-03-01 15:25 - 00436230 _____ C:\TDSSKiller.3.1.0.9_01.03.2016_14.10.15_log.txt
2016-02-25 17:30 - 2016-03-21 23:52 - 00000000 ____D C:\WINDOWS\SysWOW64\STRING
2016-02-25 17:28 - 2016-02-25 17:28 - 00000000 ___HD C:\ProgramData\CanonIJETV
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-23 23:29 - 2015-03-21 12:53 - 00000000 ____D C:\FRST
2016-03-23 22:32 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-23 22:29 - 2015-11-06 18:49 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-23 22:27 - 2016-02-13 09:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-23 22:26 - 2015-10-30 02:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2016-03-23 21:54 - 2012-06-10 01:37 - 00000000 ____D C:\Users\SailorMama\AppData\Local\CrashDumps
2016-03-23 21:29 - 2016-02-05 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2016-03-23 21:29 - 2016-02-05 14:37 - 00000000 ____D C:\Program Files\RogueKiller
2016-03-23 20:00 - 2016-02-02 15:14 - 01247506 _____ C:\Users\SailorMama\AppData\Local\census.cache
2016-03-23 19:59 - 2016-02-02 15:13 - 00187086 _____ C:\Users\SailorMama\AppData\Local\ars.cache
2016-03-23 19:44 - 2016-02-02 14:52 - 00000010 _____ C:\Users\SailorMama\AppData\Local\sponge.last.runtime.cache
2016-03-23 18:58 - 2016-02-05 14:18 - 00000000 ____D C:\AdwCleaner
2016-03-23 17:36 - 2016-01-01 15:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4
2016-03-23 17:32 - 2016-02-05 12:06 - 00000000 ____D C:\Users\SailorMama\AppData\LocalLow\IObit
2016-03-23 17:32 - 2016-02-05 12:05 - 00000000 ____D C:\Users\SailorMama\AppData\Roaming\IObit
2016-03-23 17:32 - 2016-02-05 12:05 - 00000000 ____D C:\Program Files (x86)\IObit
2016-03-23 16:47 - 2015-10-30 03:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-23 16:47 - 2014-04-11 14:32 - 00000000 ____D C:\Program Files (x86)\Canon
2016-03-23 16:45 - 2014-04-22 11:32 - 00000000 ____D C:\Users\SailorMama\AppData\Roaming\Canon
2016-03-23 16:10 - 2012-03-25 16:31 - 00000000 ____D C:\Users\SailorMama\Documents\Software
2016-03-23 15:07 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-23 14:55 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-23 14:49 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\appcompat
2016-03-22 13:34 - 2016-02-03 21:29 - 00000000 ____D C:\Users\SailorMama\AppData\Roaming\vlc
2016-03-22 13:19 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-22 13:05 - 2015-11-06 18:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-03-22 13:05 - 2015-06-26 19:23 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-03-22 12:02 - 2016-01-18 13:48 - 00000000 ____D C:\Users\SailorMama\Documents\**Removed**
2016-03-22 11:16 - 2015-07-20 13:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-03-22 11:16 - 2012-06-07 15:01 - 00000000 ____D C:\Program Files (x86)\Java
2016-03-22 11:15 - 2015-09-23 20:58 - 00000000 ____D C:\Users\SailorMama\.oracle_jre_usage
2016-03-22 11:15 - 2015-07-20 13:02 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-03-22 10:30 - 2016-02-04 21:28 - 00000000 ____D C:\Program Files\AVAST Software
2016-03-22 10:30 - 2015-08-03 15:19 - 00000000 ____D C:\ProgramData\AVAST Software
2016-03-22 10:07 - 2016-01-05 10:32 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-03-22 09:26 - 2012-04-25 22:44 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2016-03-22 08:58 - 2015-12-04 14:28 - 00000000 ____D C:\WINDOWS\System32\Tasks\AVAST Software
2016-03-22 08:54 - 2016-02-13 09:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-22 08:54 - 2012-04-19 15:34 - 00000000 ___RD C:\Users\SailorMama\Podcasts
2016-03-22 03:30 - 2015-10-30 03:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-03-22 03:24 - 2016-02-13 09:04 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-22 03:24 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-22 03:24 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-22 03:24 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-22 03:24 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-22 03:24 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-22 03:24 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-22 03:24 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-22 03:24 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-22 03:24 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-22 03:24 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-22 03:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-03-22 03:09 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-03-22 03:09 - 2015-10-30 03:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2016-03-22 03:09 - 2015-10-30 03:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2016-03-22 03:09 - 2015-10-30 03:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2016-03-22 03:09 - 2015-10-30 03:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2016-03-22 03:09 - 2015-10-30 03:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2016-03-22 03:09 - 2015-10-30 03:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2016-03-22 03:09 - 2015-10-30 03:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2016-03-22 03:09 - 2015-10-30 03:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2016-03-22 03:09 - 2015-10-30 03:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2016-03-22 03:09 - 2015-10-30 03:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2016-03-22 03:09 - 2015-10-30 03:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2016-03-22 03:09 - 2015-10-30 03:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2016-03-22 03:09 - 2015-10-30 03:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2016-03-22 03:09 - 2015-10-30 03:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2016-03-22 03:09 - 2015-10-30 03:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2016-03-22 03:09 - 2015-10-30 03:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2016-03-22 03:09 - 2015-10-30 03:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2016-03-22 03:09 - 2015-10-30 03:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2016-03-22 03:09 - 2015-10-30 03:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2016-03-22 03:09 - 2015-10-30 03:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2016-03-22 03:09 - 2015-10-30 03:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2016-03-22 03:09 - 2015-10-30 03:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2016-03-22 03:09 - 2015-10-30 03:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2016-03-22 03:09 - 2015-10-30 03:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2016-03-22 03:09 - 2015-10-30 03:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2016-03-22 03:09 - 2015-10-30 03:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2016-03-22 03:09 - 2015-10-30 03:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2016-03-22 03:09 - 2015-10-30 03:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2016-03-22 03:09 - 2015-10-30 03:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2016-03-22 03:09 - 2015-10-30 03:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2016-03-22 03:09 - 2015-10-30 03:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2016-03-22 03:09 - 2015-10-30 03:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2016-03-22 03:09 - 2015-10-30 03:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2016-03-22 03:09 - 2015-10-30 03:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2016-03-22 03:09 - 2015-10-30 03:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2016-03-22 03:09 - 2015-10-30 03:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2016-03-22 03:09 - 2015-10-30 03:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2016-03-22 00:12 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-22 00:08 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-03-22 00:08 - 2015-08-27 15:32 - 00014259 _____ C:\WINDOWS\diagerr.xml
2016-03-22 00:08 - 2015-08-27 15:32 - 00013338 _____ C:\WINDOWS\diagwrn.xml
2016-03-22 00:07 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Registration
2016-03-22 00:06 - 2016-02-05 12:06 - 00003358 _____ C:\WINDOWS\System32\Tasks\ASC8_PerformanceMonitor
2016-03-22 00:06 - 2016-02-05 12:06 - 00003046 _____ C:\WINDOWS\System32\Tasks\ASC8_SkipUac_SailorMama
2016-03-22 00:06 - 2014-07-01 14:24 - 00003270 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2016-03-22 00:06 - 2014-07-01 14:24 - 00003244 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2016-03-22 00:06 - 2014-07-01 14:24 - 00003242 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2016-03-22 00:06 - 2014-07-01 14:24 - 00003214 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2016-03-22 00:06 - 2014-07-01 14:24 - 00003212 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2016-03-22 00:05 - 2015-10-30 03:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-03-21 23:52 - 2016-02-13 09:04 - 00000000 ____D C:\WINDOWS\ShellNew
2016-03-21 23:52 - 2016-02-05 12:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8
2016-03-21 23:52 - 2015-12-23 10:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-03-21 23:52 - 2015-10-30 03:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-03-21 23:52 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-03-21 23:52 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-03-21 23:52 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-03-21 23:52 - 2015-10-30 02:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-03-21 23:52 - 2015-08-28 17:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-03-21 23:52 - 2015-04-17 18:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-03-21 23:52 - 2015-03-23 22:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2014
2016-03-21 23:52 - 2014-11-26 02:30 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
2016-03-21 23:52 - 2014-11-26 02:30 - 00000000 ____D C:\WINDOWS\system32\vbox
2016-03-21 23:52 - 2014-10-03 15:33 - 00000000 ____D C:\WINDOWS\SysWOW64\14100301_stream
2016-03-21 23:52 - 2014-10-03 13:00 - 00000000 ____D C:\WINDOWS\SysWOW64\14100300_stream
2016-03-21 23:52 - 2014-07-31 13:16 - 00000000 ____D C:\WINDOWS\SysWOW64\14073101_stream
2016-03-21 23:52 - 2014-07-31 10:05 - 00000000 ____D C:\WINDOWS\SysWOW64\14073100_stream
2016-03-21 23:52 - 2014-04-11 14:40 - 00000000 ____D C:\WINDOWS\system32\STRING
2016-03-21 23:52 - 2014-03-11 13:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2013
2016-03-21 23:52 - 2014-02-17 11:39 - 00000000 ____D C:\Users\SailorMama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-21 23:52 - 2014-02-17 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2016-03-21 23:52 - 2014-01-03 21:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Plex Media Server
2016-03-21 23:52 - 2013-06-24 16:14 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DW WLAN
2016-03-21 23:52 - 2013-04-12 11:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2012
2016-03-21 23:52 - 2012-05-25 11:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2016-03-21 23:52 - 2012-04-28 01:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AC3File
2016-03-21 23:52 - 2012-04-06 14:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Nero
2016-03-21 23:52 - 2012-03-27 12:40 - 00000000 ____D C:\WINDOWS\system32\BioAPIFFDB
2016-03-21 23:52 - 2012-03-26 19:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Webcam
2016-03-21 23:52 - 2012-03-26 18:16 - 00000000 ____D C:\Users\SailorMama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell Inc
2016-03-21 23:52 - 2012-03-25 23:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2011
2016-03-21 23:52 - 2012-03-25 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SharePoint
2016-03-21 23:52 - 2012-03-25 17:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2016-03-21 23:50 - 2009-07-13 23:20 - 00000000 ____D C:\Users\Default.migrated
2016-03-21 23:45 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-03-21 23:45 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-03-21 23:45 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-21 23:45 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\IME
2016-03-21 23:45 - 2013-08-19 16:16 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-21 23:45 - 2012-04-29 15:41 - 00000000 ____D C:\WINDOWS\system32\RtlGina
2016-03-21 23:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\schemas
2016-03-21 23:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Resources
2016-03-21 23:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-03-21 23:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-03-21 23:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Help
2016-03-21 23:44 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Cursors
2016-03-21 23:44 - 2015-02-03 09:12 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2016-03-21 23:44 - 2013-01-04 23:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare
2016-03-21 23:44 - 2012-05-25 12:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
2016-03-21 23:44 - 2012-05-25 12:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
2016-03-21 23:43 - 2015-12-11 18:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe
2016-03-21 23:43 - 2015-10-30 03:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-03-21 23:43 - 2015-10-30 03:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-03-21 23:43 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-03-21 23:43 - 2015-02-27 20:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP640 series
2016-03-21 23:43 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\Microsoft Games
2016-03-21 23:43 - 2009-07-14 01:32 - 00000000 ____D C:\Program Files\DVD Maker
2016-03-21 23:42 - 2009-07-13 23:20 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-03-21 23:40 - 2013-05-02 14:37 - 00000000 ____D C:\Users\SailorMama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Portable Programs
2016-03-21 23:36 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-03-21 23:32 - 2016-02-04 23:04 - 00000000 ____D C:\ProgramData\RogueKiller
2016-03-21 23:32 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-21 23:32 - 2014-02-14 18:25 - 00000000 ____D C:\WINDOWS\pss
2016-03-21 23:31 - 2014-10-27 00:03 - 00000000 ____D C:\Users\DefaultAppPool
2016-03-21 23:26 - 2012-03-25 23:09 - 00000000 ____D C:\ProgramData\Intuit
2016-03-21 23:25 - 2010-03-24 12:07 - 00000000 __RHD C:\MSOCache
2016-03-21 22:55 - 2010-02-14 11:59 - 00008192 __RSH C:\BOOTSECT.BAK
2016-03-21 22:49 - 2009-07-14 00:45 - 00021872 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-03-21 22:49 - 2009-07-14 00:45 - 00021872 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-03-21 21:29 - 2014-05-07 12:35 - 00002042 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belarc Advisor.lnk
2016-03-21 20:55 - 2015-12-11 18:09 - 00000000 ____D C:\Users\SailorMama\.ebookreader
2016-03-21 20:31 - 2012-03-26 16:45 - 00000000 ___RD C:\Users\SailorMama\Documents\Scanned Documents
2016-03-18 19:51 - 2016-02-05 12:06 - 00002152 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk
2016-03-18 17:15 - 2012-03-25 17:42 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-18 15:44 - 2014-04-11 14:39 - 00000000 ___HD C:\Program Files\CanonBJ
2016-03-18 12:52 - 2016-01-28 00:03 - 00000000 ___HD C:\Program Files (x86)\Temp
2016-03-17 11:48 - 2012-03-25 16:31 - 00000000 ____D C:\Users\SailorMama\Documents\Medical
2016-03-11 17:41 - 2012-03-25 16:36 - 00000000 ____D C:\Users\SailorMama\Documents\Keegans Files
2016-03-11 16:34 - 2015-04-26 13:53 - 00000000 ____D C:\Users\SailorMama\Documents\TurboTax
2016-03-10 19:04 - 2012-03-25 16:36 - 00000000 ____D C:\Users\SailorMama\Documents\Household
2016-03-09 20:55 - 2012-03-25 23:13 - 00000000 ____D C:\Users\SailorMama\AppData\Roaming\Intuit
2016-03-08 03:12 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 03:12 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-05 16:19 - 2012-03-25 16:31 - 00000000 ____D C:\Users\SailorMama\Documents\A+ Files
2016-03-04 12:53 - 2015-02-03 09:12 - 00000000 ____D C:\WINDOWS\medias
2016-03-01 22:15 - 2009-07-13 22:34 - 00000478 _____ C:\WINDOWS\win.ini
2016-03-01 13:30 - 2014-08-24 13:28 - 00000000 ____D C:\Users\SailorMama\AppData\Local\Adobe
 
==================== Files in the root of some directories =======
 
2012-03-26 00:32 - 2014-10-15 06:08 - 0099384 _____ () C:\Users\SailorMama\AppData\Roaming\inst.exe
2014-03-28 17:19 - 2014-03-28 17:20 - 0000073 _____ () C:\Users\SailorMama\AppData\Roaming\mbam.context.scan
2012-03-26 00:32 - 2014-10-15 06:08 - 0007859 _____ () C:\Users\SailorMama\AppData\Roaming\pcouffin.cat
2012-03-26 00:32 - 2014-10-15 06:08 - 0001167 _____ () C:\Users\SailorMama\AppData\Roaming\pcouffin.inf
2012-03-26 00:32 - 2014-10-15 06:08 - 0000055 _____ () C:\Users\SailorMama\AppData\Roaming\pcouffin.log
2012-03-26 00:32 - 2014-10-15 06:08 - 0082816 _____ (VSO Software) C:\Users\SailorMama\AppData\Roaming\pcouffin.sys
2012-03-26 00:33 - 2013-05-02 14:39 - 0001057 _____ () C:\Users\SailorMama\AppData\Roaming\vso_ts_preview.xml
2016-02-02 15:13 - 2016-03-23 19:59 - 0187086 _____ () C:\Users\SailorMama\AppData\Local\ars.cache
2016-02-02 15:14 - 2016-03-23 20:00 - 1247506 _____ () C:\Users\SailorMama\AppData\Local\census.cache
2014-02-05 14:49 - 2015-07-31 14:27 - 0006656 _____ () C:\Users\SailorMama\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2016-02-02 14:31 - 2016-02-02 14:31 - 0000036 _____ () C:\Users\SailorMama\AppData\Local\housecall.guid.cache
2012-04-06 17:20 - 2015-04-07 10:16 - 0007607 _____ () C:\Users\SailorMama\AppData\Local\Resmon.ResmonCfg
2008-02-05 16:28 - 2008-02-05 16:28 - 0000051 _____ () C:\Users\SailorMama\AppData\Local\setup.txt
2016-02-02 14:52 - 2016-03-23 19:44 - 0000010 _____ () C:\Users\SailorMama\AppData\Local\sponge.last.runtime.cache
2012-05-25 12:13 - 2014-02-05 14:53 - 0000083 ___SH () C:\ProgramData\.zreglib
2012-03-25 23:12 - 2016-01-24 21:03 - 0001255 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc
 
Some files in TEMP:
====================
C:\Users\SailorMama\AppData\Local\Temp\dllnt_dump.dll
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2016-03-22 09:05
 
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by SailorMama (2016-03-23 23:31:10)
Running from C:\Users\SailorMama\Downloads
Windows 10 Pro Version 1511 (X64) (2016-03-22 12:53:58)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3676667488-3753770460-1425199946-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3676667488-3753770460-1425199946-503 - Limited - Disabled)
Guest (S-1-5-21-3676667488-3753770460-1425199946-501 - Limited - Disabled)
SailorMama (S-1-5-21-3676667488-3753770460-1425199946-1000 - Administrator - Enabled) => C:\Users\SailorMama
SuperAdmin (S-1-5-21-3676667488-3753770460-1425199946-1004 - Administrator - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
FW: avast! Antivirus (Enabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat XI Pro (HKLM-x32\...\{AC76BA86-1033-FFFF-7760-000000000006}) (Version: 11.0.00 - Adobe Systems)
Adobe Digital Editions 4.5 (HKLM-x32\...\Adobe Digital Editions 4.5) (Version: 4.5.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.14) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.14 - Adobe Systems Incorporated)
Advanced Audio FX Engine (HKLM-x32\...\Advanced Audio FX Engine) (Version: 1.12.05 - Creative Technology Ltd)
Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.4.0 - IObit)
AnyDVD (HKLM-x32\...\AnyDVD) (Version: - SlySoft)
Avast Internet Security (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
Avery Wizard 5.0 (HKLM-x32\...\{FC3B3A5D-7058-4627-9F1E-F95CC38B6054}) (Version: 5.0.5 - Avery)
Belarc Advisor 8.1 (HKLM-x32\...\Belarc Advisor) (Version: - )
BioAPI Framework (Version: 1.0.1 - Dell Inc.) Hidden
Broadcom 802.11 Network Adapter (HKLM\...\Broadcom 802.11 Network Adapter) (Version: 6.30.95.26 - Broadcom Corporation)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: - )
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.1.1 - Canon Inc.)
Canon MP Navigator EX 5.1 (HKLM-x32\...\MP Navigator EX 5.1) (Version: - )
Canon MP640 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP640_series) (Version: - Canon Inc.)
Canon MX890 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MX890_series) (Version: - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
Cisco EAP-FAST Module (x32 Version: 2.2.14 - Cisco Systems, Inc.) Hidden
Cisco LEAP Module (x32 Version: 1.0.19 - Cisco Systems, Inc.) Hidden
Cisco PEAP Module (x32 Version: 1.1.6 - Cisco Systems, Inc.) Hidden
CloneDVD2 (HKLM-x32\...\CloneDVD2) (Version: - Elaborate Bytes)
Dell ControlVault Host Components Installer 64 bit (HKLM\...\{97308CC9-FAED-4A1C-9593-64B2F1FD852D}) (Version: 2.3.309.1625 - Broadcom Corporation)
Dell Driver Download Manager (HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\bd4d3a0508d364f5) (Version: 3.0.0.0 - Dell Inc)
Dell Webcam Central (HKLM-x32\...\Dell Webcam Central) (Version: 1.40.05 - Creative Technology Ltd)
Driver Booster 3.2 (HKLM-x32\...\Driver Booster_is1) (Version: 3.2 - IObit)
DW WLAN Card Utility (HKLM\...\DW WLAN Card Utility) (Version: 6.20.55.52 - Dell Inc.)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
HDVLink Software (HKLM-x32\...\{9ABF758A-EDFC-4091-A66A-6543DC1C7E76}) (Version: 3.0.4 - H.D Vest)
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.9.245 - SurfRight B.V.)
HP USB Disk Storage Format Tool (HKLM-x32\...\{0E0DF90C-D0BA-4C89-9262-AD78D1A3DE51}) (Version: - )
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6286.0 - IDT)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.4.4.0 - LIGHTNING UK!)
Integrated Webcam Driver (1.03.02.0919) (HKLM\...\Creative OA001) (Version: - )
Intel® Network Connections 17.3.63.0 (HKLM\...\PROSetDX) (Version: 17.3.63.0 - Intel)
Internet TV for Windows Media Center (HKLM-x32\...\{9D318C86-AF4C-409F-A6AC-7183FF4CF424}) (Version: 4.2.2.0 - Microsoft Corporation)
Java 7 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83217055FF}) (Version: 7.0.650 - )
Java 8 Update 73 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218073F0}) (Version: 8.0.730.2 - Oracle Corporation)
Live! Cam Avatar Creator (HKLM-x32\...\{65D0C510-D7B6-4438-9FC8-E6B91115AB0D}) (Version: 4.6.3009.1 - Creative Technology Ltd)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft Camera Codec Pack (HKLM\...\{A6A4A258-0A48-4F76-B8F1-61F0514594DD}) (Version: 16.4.1970.0624 - Microsoft Corporation)
Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Nero 11 (HKLM-x32\...\{9FC86590-AC98-4845-80D4-3EB37B51947B}) (Version: 11.0.15800 - Nero AG)
Nero Backup Drivers (HKLM\...\{D600D357-5CB9-4DE9-8FD4-14E208BD1970}) (Version: 12.0.4000 - Nero AG)
Nero Info (HKLM-x32\...\{F030BFE8-8476-4C08-A553-233DE80A2BE1}) (Version: 16.0.1009 - Nero AG)
Nero Prerequisite Installer 1.0 (HKLM-x32\...\{E4B86819-E9B8-4089-963B-DF5E70E7A05E}) (Version: 11.0.13100 - Nero AG)
Nero Video 11 (HKLM-x32\...\{2436A979-497D-47C4-B448-D0625035F77E}) (Version: 11.0.10700 - Nero AG)
NVIDIA Drivers (HKLM\...\NVIDIA Drivers) (Version: 1.10.61.39 - NVIDIA Corporation)
NVIDIA nView Desktop Manager (HKLM\...\nView Desktop Manager) (Version: - )
NVIDIA PhysX System Software 9.13.1220 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.13.1220 - NVIDIA Corporation)
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Plex Media Server (HKLM-x32\...\{876ab221-6562-4f34-9335-68fc92bb3f1b}) (Version: 0.9.818 - Plex, Inc.)
Plex Media Server (x32 Version: 0.9.818 - Plex, Inc.) Hidden
RICOH Media Driver ver.2.07.01.01 (HKLM-x32\...\{2B818257-E6C7-4841-8C29-C5C9A982BCE5}) (Version: 2.07.01.01 - RICOH)
RICOH R5C83x/84x Media Driver Ver.3.53.02 (HKLM-x32\...\{59F6A514-9813-47A3-948C-8A155460CC2A}) (Version: 3.53.02 - )
RogueKiller version 11 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 11 - Adlice Software)
SafeZone Stable 1.48.2066.44 (x32 Version: 1.48.2066.44 - Avast Software) Hidden
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUSR_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.3 - IObit)
TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc)
TurboTax 2012 (HKLM-x32\...\TurboTax 2012) (Version: 2012.0 - Intuit, Inc)
TurboTax 2013 (HKLM-x32\...\TurboTax 2013) (Version: 2013.0 - Intuit, Inc)
TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc)
TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VSO ConvertXtoDVD v5.0.0.45 FINAL (HKLM-x32\...\VSO ConvertXtoDVD v5.0.0.45 FINAL5.0.0.45) (Version: 5.0.0.45 - Friends in War)
VSO EVE Network Driver version 0.4 (HKLM-x32\...\{1AC41DC5-DD17-41D7-AE0B-139A9D2725EC}_is1) (Version: 0.4 - VSO Software)
Welcome App (Start-up experience) (x32 Version: 11.0.23500.0.0 - Nero AG) Hidden
WIDCOMM Bluetooth Software (HKLM\...\{A1439D4F-FD46-47F2-A1D3-FEE097C29A09}) (Version: 6.5.1.3500 - Broadcom Corporation)
Windows Driver Package - Broadcom (BCM43XX) Net (02/05/2014 6.30.223.228) (HKLM\...\82ACFC4A438ECB25946F0D8B338AA7581B0B4217) (Version: 02/05/2014 6.30.223.228 - Broadcom)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Wondershare Video Converter Ultimate(Build 6.0.3.2) (HKLM-x32\...\Wondershare Video Converter Ultimate_is1) (Version: 6.0.3.2 - Wondershare Software)
Zune (HKLM\...\Zune) (Version: 04.08.2345.00 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\SailorMama\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0227CB98-B0DF-44F8-9FF6-3F846E40593E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {022D1285-E707-48E4-AFDB-3F85323C2D80} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
Task: {07B6830D-36A2-4A3E-A05E-47AF308AD801} - System32\Tasks\Nero\Nero Info => C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe [2015-05-06] (Nero AG)
Task: {0B6AAE8E-B72F-4977-AAAB-42DD6CA29240} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0F6D78CC-B699-4403-9242-1E3E83D848CE} - System32\Tasks\SmartDefrag4_Startup => C:\Program Files (x86)\IObit\Smart Defrag 4\SmartDefrag.exe [2015-10-27] (IObit)
Task: {1405ED75-7103-4B33-8A97-C6D509188A24} - \DropboxUpdateTaskUserS-1-5-21-3676667488-3753770460-1425199946-1000Core -> No File <==== ATTENTION
Task: {161C6B9D-24B6-47CB-8EB8-716ABDB42B22} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
Task: {16D78823-1C06-4F30-8C9B-36161D572151} - System32\Tasks\SafeZone scheduled Autoupdate 1458657088 => C:\Program Files\AVAST Software\SZBrowser\launcher.exe [2016-02-01] (Avast Software)
Task: {2328D98C-5ECD-46C4-9A28-D723200EAF86} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {28B65DA8-8D8B-4FB5-B573-B43869814491} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
Task: {2A1E7B69-7209-42FE-B2E9-E55E3DC706C5} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
Task: {2FB9C305-C4D0-4F87-9B3A-D6CC0BA7F6ED} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
Task: {3370CCA8-068E-4636-9528-CE20D3CBA717} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
Task: {351AA02C-1B20-42A7-9013-65395FDFFFAE} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-22] (AVAST Software)
Task: {45AD46D5-70C2-459C-9666-D31A08C12207} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
Task: {46A0BA1D-94B8-4BEE-8B85-A2898ABA0BBA} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
Task: {471741B0-571B-4B7E-84A7-2A6D8F846173} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
Task: {4E26D9F6-4CAF-4B63-A189-92BA62DF5799} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
Task: {58E533B8-6D8E-45CD-92E3-393B09F31103} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {65B7D4F4-7EB9-4CBD-8F0D-CA3B65BC900C} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
Task: {6AD7B509-6FCC-4E2F-B4DE-4E370385FAC7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {731EEE1F-2EF0-4365-A291-8382FED99170} - \Adobe Acrobat Update Task -> No File <==== ATTENTION
Task: {7BD9657F-B253-4B3D-AE2E-FC2B7430EC4B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {7D6795F4-8350-49DA-A0F7-1DCEDCE31B33} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
Task: {85A0224B-DFC4-43E2-AE1A-52C70F1A31F1} - \DropboxUpdateTaskUserS-1-5-21-3676667488-3753770460-1425199946-1000UA -> No File <==== ATTENTION
Task: {8A4363BF-EECD-495C-968F-33CCD1EB31D8} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {8D6E9BA4-8428-4D20-A78E-D52E793C5494} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {9563DB05-509E-486E-B961-3F404C07231B} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {A07FF2DE-0F60-42E8-BE92-1C62D8A51F2D} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
Task: {A0C2A7FF-10B6-46C5-B981-0AAFE93D9DF9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {A50152E5-2EBC-40AD-A6EF-F2A3A48E2568} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
Task: {A65B98F6-E24F-4A31-96E3-EED8EA82B0A5} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
Task: {A974C4ED-3253-4457-B049-B6AE789C9CFC} - System32\Tasks\ASC8_SkipUac_SailorMama => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-08-17] (IObit)
Task: {B1CCC8BD-55A3-4AB0-ADFB-ADD559B7B65A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {BE83EEBD-88F4-4D16-9EC2-4BA208D4EE4F} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
Task: {C25F67D8-435B-4FA7-AE87-31D3F62D7751} - System32\Tasks\avast! Windows 10 Start Menu helper => c:\program files\avast software\avast\asww10mon.exe [2016-03-22] (AVAST Software)
Task: {D7D8761E-808A-46E0-9DB1-7E5EF839F143} - \SmartDefrag4_Update -> No File <==== ATTENTION
Task: {DB0325DE-8B62-4414-A13E-28F2E0A39220} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
Task: {DB864C84-07E1-4061-85F9-1CC5293F706C} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
Task: {E32A4F07-BAFB-4EA8-9214-02E06F4D1036} - \IntelBootstrapCCDashServer -> No File <==== ATTENTION
Task: {E713CDBE-8584-40AA-8AF7-51D9CA3A83B6} - System32\Tasks\ASC8_PerformanceMonitor => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Monitor.exe [2015-08-12] (IObit)
Task: {F3205944-E6FA-4EF7-8111-C5A58F2295A6} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
Task: {F88BF060-B409-4016-9929-9D1532825D6D} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
Task: {F8E5F3E6-431A-4799-96DF-55C5DB74E90F} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
Task: {FD3017C1-98B1-43F0-A66F-71DCF955B0E9} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2013-09-05 03:17 - 2013-09-05 03:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 17:23 - 2010-10-20 17:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-03-22 11:14 - 2016-03-22 11:14 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-13 08:54 - 2016-02-13 08:54 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-22 03:23 - 2016-03-22 03:23 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-02-13 08:54 - 2016-02-13 08:54 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-02-13 08:54 - 2016-02-13 08:54 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-02-13 08:54 - 2016-02-13 08:54 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-02-13 08:54 - 2016-02-13 08:54 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-03-22 10:27 - 2016-03-22 10:27 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2016-03-22 10:27 - 2016-03-22 10:27 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2016-03-23 15:34 - 2016-03-23 15:34 - 02857472 _____ () C:\Program Files\AVAST Software\Avast\defs\16032302\algo.dll
2016-03-22 10:27 - 2016-03-22 10:27 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
2016-03-22 10:27 - 2016-03-22 10:27 - 00307808 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
2013-09-05 03:14 - 2013-09-05 03:14 - 04300456 _____ () C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\Cultures\OFFICE.ODF
2010-10-20 17:45 - 2010-10-20 17:45 - 08801120 _____ () C:\Program Files (x86)\Microsoft Office\Office14\1033\GrooveIntlResource.dll
2016-03-23 17:36 - 2015-10-27 14:05 - 00618784 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\ProductStatistics.dll
2016-03-23 17:36 - 2013-01-15 18:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Smart Defrag 4\webres.dll
2016-03-22 11:14 - 2016-03-22 11:14 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-03-22 11:14 - 2016-03-22 11:14 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-02-05 12:06 - 2013-01-15 19:47 - 00893248 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\webres.dll
2016-03-22 10:27 - 2016-03-22 10:27 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\SailorMama\MediaFire:mf_x [26]

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\advisor-connection.com -> advisor-connection.com
IE trusted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\amazon.com -> amazon.com
IE trusted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\dell.com -> dell.com
IE trusted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\google.com -> *.maps.google.com
IE trusted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\hdvest.com -> hdvest.com
IE trusted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\hdvlink.com -> hdvlink.com
IE trusted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\remitonline.com -> remitonline.com
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\1001movie.com -> 1001movie.com
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\1001night.biz -> 1001night.biz
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\100gal.net -> 100gal.net
IE restricted site: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\...\100sexlinks.com -> 100sexlinks.com

There are 4795 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 22:34 - 2016-03-22 17:01 - 00000768 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\SailorMama\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is disabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AdobeARMservice => 3
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: HitmanProScheduler => 2
MSCONFIG\Services: Intel® PROSet Monitoring Service => 2
MSCONFIG\Services: IntuitUpdateServiceV4 => 2
MSCONFIG\Services: LiveUpdateSvc => 2
MSCONFIG\Services: MBAMScheduler => 2
MSCONFIG\Services: NAUpdate => 3
MSCONFIG\startupreg: Acrobat Assistant 8.0 => "C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Acrotray.exe"
MSCONFIG\startupreg: Adobe ARM => "C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe"
MSCONFIG\startupreg: Dell Webcam Central => "C:\Program Files (x86)\Dell Webcam\Dell Webcam Central\WebcamDell2.exe" /mode2
MSCONFIG\startupreg: NvCplDaemon => RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
MSCONFIG\startupreg: NVHotkey => rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
MSCONFIG\startupreg: SunJavaUpdateSched => "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
FirewallRules: [{4A62CD4D-A516-4DB2-9D16-B41EAC8B801F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{0D056E23-07D2-4843-B363-DEA84774AC25}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{B301034C-331F-4BBF-9D87-969DBEE226A1}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{495E9116-5BDA-4B3A-A832-EEDA56560B95}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4A04E035-CBBC-4464-A168-AAC1D703262E}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe
FirewallRules: [{4411C220-52FB-4317-9516-3B807685EA78}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe
FirewallRules: [{F6E75D54-20FD-49F2-BDD8-6CC262BC3001}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{12C33731-8BAE-444C-AC83-873FD2FF69E1}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{DAACE821-48FB-4A3B-97F5-3636E84BEC58}] => (Allow) C:\Program Files (x86)\Nero\Nero Blu-ray Player\Blu-rayPlayer.exe
FirewallRules: [{2A50EC0E-EA31-4C31-A74E-A04DAFD97432}] => (Allow) C:\Program Files (x86)\Nero\KM\NMDllHost.exe
FirewallRules: [{F456ED6B-169D-4A66-B08D-08A723B4FFB0}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{00E814AF-7E66-49F9-8B3C-8B09DF5F5769}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{5C2868DA-BF97-422B-B64C-6D2598FED1A2}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{7F7C2047-6389-493C-BD38-A08AAA596797}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{DA9CD977-6CC9-43CB-A220-CC630E156E7E}] => (Allow) LPort=7900
FirewallRules: [{FCCFFC36-6638-480D-8EE7-46B6A8BA8404}] => (Allow) LPort=24234
FirewallRules: [{1EF67151-1EF1-4DB1-A1F5-7A1E0F539290}] => (Allow) LPort=7679
FirewallRules: [{72A6A8A9-B977-4AD6-AE68-83526BC06D01}] => (Allow) LPort=7676
FirewallRules: [{0D6F8AAF-43C7-4B54-99A2-FE48F2D752A4}] => (Allow) LPort=8643
FirewallRules: [{004E2C95-E22A-4D15-BE33-1A558F0D5D00}] => (Allow) LPort=8743
FirewallRules: [{39E59772-17A2-482F-AA9A-9442849B026F}] => (Allow) LPort=1900
FirewallRules: [{1999C3DC-CFBC-4DFC-9BD7-3FA0C4C4AB49}] => (Allow) LPort=20102
FirewallRules: [{543CF8F8-2DEE-47F8-AD02-6CA578386228}] => (Allow) LPort=7878
FirewallRules: [{139DD596-064C-4B1F-ACEF-7F4643CFB28B}] => (Allow) C:\Windows\system32\rundll32.exe
FirewallRules: [{9B9014A6-C331-438D-9269-91C6F6EB697B}] => (Block) C:\Windows\explorer.exe
FirewallRules: [{D397F96B-18AB-4ECA-855B-C5067111C121}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexDlnaServer.exe
FirewallRules: [{58824A76-6329-4989-970D-76B3ACB07500}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\PlexScriptHost.exe
FirewallRules: [{54852BB8-3DAA-4DB5-9BCC-257390717E6C}] => (Allow) C:\Program Files (x86)\Plex\Plex Media Server\Plex Media Server.exe
FirewallRules: [{D7928B75-5056-419F-8F02-21BC8F897327}] => (Allow) LPort=53
FirewallRules: [{C81F5D74-1C6D-43C2-A871-A83FD8F36C5E}] => (Allow) LPort=1542
FirewallRules: [{C9C9E729-4CCA-45FD-939C-878B5ACAE9C9}] => (Allow) LPort=1542
FirewallRules: [{88C2D3BE-79B4-4EC3-9FDE-7A465250444F}] => (Allow) %ProgramFiles%\Zune\Zune.exe
FirewallRules: [{6805FCDA-0EBF-4CDC-B0B1-D68173CDC388}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{1EA310D1-9662-4508-80AD-4234F5EF35E2}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{C877515E-08F9-460A-84EA-4659A81A461F}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{6153C152-1265-4BCC-8E0B-299B0C322E1C}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{393BDDBD-B2BD-4E96-A933-5C89D510B354}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{3629E823-38ED-4021-8668-6314CB59FDCE}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{CCB5370F-2ADA-4595-A2F8-6AAA28035454}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{1CB82626-DBC1-48D9-BA53-0E98247426E4}] => (Allow) %ProgramFiles%\Zune\ZuneNSS.exe
FirewallRules: [{D4FF9FC4-CFAA-4D9B-A2B4-27DED922E9E6}] => (Allow) %ProgramFiles%\Zune\Zune.exe

==================== Restore Points =========================

23-03-2016 18:14:18 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/23/2016 10:32:07 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (03/23/2016 10:08:22 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BlueBelleE6400)
Description: Activation of app Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppXg58n4jqcxjfvb6epaz8mmvfjtq8mhj65.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/23/2016 10:05:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BlueBelleE6400)
Description: Activation of app Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbwe:MicrosoftEdge.AppXxat4m5y1bf9ghax409y1vwyatpqea4s8.mca failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (03/23/2016 11:05:54 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (03/23/2016 11:03:54 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (03/23/2016 11:01:52 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (03/23/2016 10:59:52 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (03/23/2016 10:44:27 PM) (Source: DCOM) (EventID: 10016) (User: BlueBelleE6400)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}BlueBelleE6400SailorMamaS-1-5-21-3676667488-3753770460-1425199946-1000LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/23/2016 10:44:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (03/23/2016 10:42:27 PM) (Source: DCOM) (EventID: 10016) (User: BlueBelleE6400)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}BlueBelleE6400SailorMamaS-1-5-21-3676667488-3753770460-1425199946-1000LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/23/2016 10:42:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}

Error: (03/23/2016 10:40:27 PM) (Source: DCOM) (EventID: 10016) (User: BlueBelleE6400)
Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}BlueBelleE6400SailorMamaS-1-5-21-3676667488-3753770460-1425199946-1000LocalHost (Using LRPC)UnavailableUnavailable

Error: (03/23/2016 10:40:27 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}


CodeIntegrity:
===================================
Date: 2016-03-23 21:24:22.461
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-23 21:23:09.792
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume1\Program Files\Windows Defender\MsMpEng.exe because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-03-22 15:23:06.193
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-22 09:59:01.644
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-21 23:58:01.556
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-21 23:32:38.986
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel® Core™2 Duo CPU P8400 @ 2.26GHz
Percentage of memory in use: 51%
Total physical RAM: 6131.89 MB
Available physical RAM: 2962.84 MB
Total Virtual: 12275.89 MB
Available Virtual: 8830.73 MB

==================== Drives ================================

Drive c: (Primary) (Fixed) (Total:200.55 GB) (Free:86.63 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive r: (Recovery) (Fixed) (Total:31.75 GB) (Free:23.83 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E0000000)
Partition 1: (Active) - (Size=200.5 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=484 MB) - (Type=27)
Partition 3: (Not Active) - (Size=31.8 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 26 March 2016 - 07:58 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:17 PM

Posted 24 March 2016 - 09:05 AM

Greetings SailorMama and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. I am assuming no other browsers are affected, is that correct?

Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

Advanced SystemCare 8

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Click Format and check Word Wrap
  • Please copy and paste the contents of the below code box into the open notepad and save it to your Desktop as fixlist.txt. If FRST.exe is not on your Deskptop please move it to that location. (<<<Important)
CreateRestorePoint:
CloseProcesses:
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
Toolbar: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
Toolbar: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93}
Toolbar: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F}
FF Plugin HKU\S-1-5-21-3676667488-3753770460-1425199946-1000: navionics.com/NavConnect -> C:\Program Files (x86)\Chart Installer\npNavConnect.dll [No File]
FF Extension: No Name - C:\Users\SailorMama\AppData\Roaming\Mozilla\Firefox\Profiles\pcp6jov7.default-1423595780804\extensions\iobitascsurfingprotection@iobit.com [not found]
FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [not found]
U3 idsvc; no ImagePath
U3 wpcsvc; no ImagePath
Task: {0B6AAE8E-B72F-4977-AAAB-42DD6CA29240} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent
Task: {1405ED75-7103-4B33-8A97-C6D509188A24} - \DropboxUpdateTaskUserS-1-5-21-3676667488-3753770460-1425199946-1000Core
Task: {731EEE1F-2EF0-4365-A291-8382FED99170} - \Adobe Acrobat Update Task
Task: {7BD9657F-B253-4B3D-AE2E-FC2B7430EC4B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent
Task: {85A0224B-DFC4-43E2-AE1A-52C70F1A31F1} - \DropboxUpdateTaskUserS-1-5-21-3676667488-3753770460-1425199946-1000UA
Task: {8D6E9BA4-8428-4D20-A78E-D52E793C5494} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig
Task: {A0C2A7FF-10B6-46C5-B981-0AAFE93D9DF9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess
Task: {D7D8761E-808A-46E0-9DB1-7E5EF839F143} - \SmartDefrag4_Update
Task: {E32A4F07-BAFB-4EA8-9214-02E06F4D1036} - \IntelBootstrapCCDashServer
AlternateDataStreams: C:\Users\SailorMama\MediaFire:mf_x [26]
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • Test Internet Explorer
===================================================

Launching Internet Explorer Without Add-ons

----------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type iexplore.exe -extoff then press Enter
  • Check the browser behavior
===================================================

System Summary Information

--------------------
  • Press the windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type msinfo32 and press Enter
  • Left click on System Summary
  • Click File, Save, and name the file Summary
  • Zip and attach the file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Other browsers?
  • Fixlog
  • Internet Explorer
  • System Summary Information
  • Update on computer behavior

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 SailorMama

SailorMama
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:11:17 PM

Posted 25 March 2016 - 10:03 AM

Thank you so much for your help with fixing my IE Explorer browser issues!

•Other browsers? I am running Windows 10, so I also have Microsoft Edge.  It is running slow, but fine.
•System Summary Information - attached
•Update on computer behavior -
•1. FYI...  My wireless network adapter froze, so I had to uninstall and reinstall Avast after I sent you the initial log.  Gotta love Windows 10.  It does NOT seem to be immediately re-directing.  However, when I do a Google search from www.google.com, I am still getting the next screen which says "Please click here if you are not redirected within a few seconds.". 
•3. I think there are still other issues to be resolved as the Computer is running very slow as well as hot ever since I installed Windows 10.  I understand if you want that to be a separate topic.

Fixlog - below

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
 Ran by SailorMama (2016-03-25 09:09:59) Run:1
 Running from C:\Users\SailorMama\Desktop
 Loaded Profiles: SailorMama (Available Profiles: SailorMama & Administrator & DefaultAppPool)
 Boot Mode: Normal
 ==============================================
fixlist content:
 *****************
 CreateRestorePoint:
 CloseProcesses:
 CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F}
 Toolbar: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000 -> No Name - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}
 Toolbar: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93}
 Toolbar: HKU\S-1-5-21-3676667488-3753770460-1425199946-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F}
 FF Plugin HKU\S-1-5-21-3676667488-3753770460-1425199946-1000: navionics.com/NavConnect -> C:\Program Files (x86)\Chart Installer\npNavConnect.dll [No File]
 FF Extension: No Name -
 C:\Users\SailorMama\AppData\Roaming\Mozilla\Firefox\Profiles\pcp6jov7.default-1423595780804\extensions\iobitascsurfingprotection@iobit.com [not found]
 FF Extension: No Name - C:\Program Files (x86)\IObit Apps Toolbar\FF [not found]
 U3 idsvc; no ImagePath
 U3 wpcsvc; no ImagePath
 Task: {0B6AAE8E-B72F-4977-AAAB-42DD6CA29240} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent
 Task: {1405ED75-7103-4B33-8A97-C6D509188A24} - \DropboxUpdateTaskUserS-1-5-21-3676667488-3753770460-1425199946-1000Core
 Task: {731EEE1F-2EF0-4365-A291-8382FED99170} - \Adobe Acrobat Update Task
 Task: {7BD9657F-B253-4B3D-AE2E-FC2B7430EC4B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent
 Task: {85A0224B-DFC4-43E2-AE1A-52C70F1A31F1} - \DropboxUpdateTaskUserS-1-5-21-3676667488-3753770460-1425199946-1000UA
 Task: {8D6E9BA4-8428-4D20-A78E-D52E793C5494} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig
 Task: {A0C2A7FF-10B6-46C5-B981-0AAFE93D9DF9} - \Microsoft\Windows\Setup\gwx\launchtrayprocess
 Task:
 {D7D8761E-808A-46E0-9DB1-7E5EF839F143} - \SmartDefrag4_Update
 Task: {E32A4F07-BAFB-4EA8-9214-02E06F4D1036} - \IntelBootstrapCCDashServer
 AlternateDataStreams: C:\Users\SailorMama\MediaFire:mf_x [26]

*****************

Restore point was successfully created.
 Processes closed successfully.
 "HKLM\SOFTWARE\Policies\Google" => key removed successfully
 HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
 HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
 HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} => value removed successfully
 "HKCR\CLSID\{7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA}" => key removed successfully
 HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => value removed successfully
 HKCR\CLSID\{47833539-D0C5-4125-9FA8-0819E2EAAC93} => key not found.
 HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
 HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
 "HKU\S-1-5-21-3676667488-3753770460-1425199946-1000\Software\MozillaPlugins\navionics.com/NavConnect" => key removed successfully
 C:\Program Files (x86)\Chart Installer\npNavConnect.dll => not found.
 FF Extension: No Name - => not found.
 "C:\Users\SailorMama\AppData\Roaming\Mozilla\Firefox\Profiles\pcp6jov7.default-1423595780804\extensions\iobitascsurfingprotection@iobit.com [not found]" => not found.
 C:\Program Files (x86)\IObit Apps Toolbar\FF => path removed successfully
 idsvc => service removed successfully
 wpcsvc => service removed successfully
 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B6AAE8E-B72F-4977-AAAB-42DD6CA29240}" => key removed successfully
 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B6AAE8E-B72F-4977-AAAB-42DD6CA29240}" => key removed successfully
 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1405ED75-7103-4B33-8A97-C6D509188A24}" => key removed successfully
 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1405ED75-7103-4B33-8A97-C6D509188A24}" => key removed successfully
 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{731EEE1F-2EF0-4365-A291-8382FED99170}" => key removed successfully
 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{731EEE1F-2EF0-4365-A291-8382FED99170}" => key removed successfully
 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7BD9657F-B253-4B3D-AE2E-FC2B7430EC4B}" => key removed successfully
 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7BD9657F-B253-4B3D-AE2E-FC2B7430EC4B}" => key removed successfully
 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{85A0224B-DFC4-43E2-AE1A-52C70F1A31F1}" => key removed successfully
 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{85A0224B-DFC4-43E2-AE1A-52C70F1A31F1}" => key removed successfully
 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D6E9BA4-8428-4D20-A78E-D52E793C5494}" => key removed successfully
 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D6E9BA4-8428-4D20-A78E-D52E793C5494}" => key removed successfully
 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A0C2A7FF-10B6-46C5-B981-0AAFE93D9DF9}" => key removed successfully
 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A0C2A7FF-10B6-46C5-B981-0AAFE93D9DF9}" => key removed successfully
 Task: => Error: No automatic fix found for this entry.
 {D7D8761E-808A-46E0-9DB1-7E5EF839F143} - \SmartDefrag4_Update => Error: No automatic fix found for this entry.
 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E32A4F07-BAFB-4EA8-9214-02E06F4D1036}" => key removed successfully
 "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E32A4F07-BAFB-4EA8-9214-02E06F4D1036}" => key removed successfully
 "C:\Users\SailorMama\MediaFire" => ":mf_x" ADS not found.

 The system needed a reboot.

==== End of Fixlog 09:10:49 ====



#4 SailorMama

SailorMama
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:11:17 PM

Posted 25 March 2016 - 10:10 AM

Hello - The zipped Summary file is attached.  Thx, Shannon

Attached Files



#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:17 PM

Posted 25 March 2016 - 01:33 PM

Hi Shannon,

Thanks for the update.

Did you try the IE without Add-ons? I am not clear about that.

Were you able to uninstall Advanced SystemCare?

Please do this.

===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
Task: {D7D8761E-808A-46E0-9DB1-7E5EF839F143} - \SmartDefrag4_Update
emptytemp:
  • Launch FRST and press the Fix button just once and wait, the program will automatically launch fixlist.txt.
  • The tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
===================================================

Core Temp

--------------------

NOTE: Many antivirus programs will flag this as malicious software but it is not. It can be safely downloaded and launched.
  • Disable your AntiVirus and AntiSpyware applications. Sometimes you can simply select that option after right clicking on the System Tray Program icon on the lower right corner of the screen
  • Please download Core Temp and save it to your desktop
  • If you receive a warning the file is malicious you can ignore the warning and download the file anyway
  • Unzip the folder onto your Desktop
  • Double click the unzipped folder then double click Core Temp.exe
  • Monitor the core temperature both at computer idle and while stressing your computer by launching videos, multiple programs, and high demand programs all at the same time
  • Please report the readings and especially the readings if your computer freezes or shuts down
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Response to questions
  • Fixlog
  • Core Temp results

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#6 SailorMama

SailorMama
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:11:17 PM

Posted 25 March 2016 - 03:29 PM

Hello Again,
Thanks once again for your Help!!!  It is much appreciated!
Here are my answers and results....................................

================
Did you try the IE without Add-ons? I am not clear about that.

I did run IE without add-ons.  It is very slow loading.  For the home page (www.msn.com) it loads the following URL: http://www.msn.com/?pc=EUPP_.   It seems to act the same as before, very slow loading, flashes once as if it is reloading.  When I open another tab and enter another URL, it is extremenly slow to load.  Also, the computer seems to start running fast (surging) and getting hot.  I have checked the memory and it is OK.

===============
Were you able to uninstall Advanced SystemCare?

I did uninstall ASC and all other IOBit software that was on my computer,  I am only running Avast and MalwareBytes AntiMalware and AntiExploit and CCleaner now.

===========================
I ran FRST.  Here's the log:

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by SailorMama (2016-03-25 14:53:58) Run:2
Running from C:\Users\SailorMama\Desktop
Loaded Profiles: SailorMama (Available Profiles: SailorMama & Administrator & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {D7D8761E-808A-46E0-9DB1-7E5EF839F143} - \SmartDefrag4_Update
emptytemp:

*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D7D8761E-808A-46E0-9DB1-7E5EF839F143}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D7D8761E-808A-46E0-9DB1-7E5EF839F143}" => key removed successfully
EmptyTemp: => 150.7 MB temporary data Removed.

The system needed a reboot.

==== End of Fixlog 14:57:17 ====

========================================

Core Temp Results:

Tj Max: 105C
Core #0 Min 48C  Max 75C 
Core #1 Min 48C  Max 79C

I disabled all anti-virus software including Avast and MalwareBytes AntiMalware and AntiExploit.  I ran Core Temp.
I launched many apps, videos, etc.  The temperature surged upwards when I was using Microsoft Edge and Internet Explorer.  Both of these apps were very slow, would freeze and took forever to load the tabs.  All other apps ran fine.  I was running IE with the add-ons off. Without the Microsoft Edge and Internet Explorer running the temp stayed around the minimum of 48C or below. There were no shut downs.

 

SailorMama
 



#7 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:17 PM

Posted 25 March 2016 - 03:37 PM

Thank you. 

The temperature surged upwards when I was using Microsoft Edge and Internet Explorer.

What were the readings?

Please do this.

===================================================

Zoek by Smeenk - Scan and Automatic Cleanup

--------------------
  • Download Zoek and save it to your Desktop
  • Right click the icon, select Run as Admistrator, and wait for the Program to appear on your Desktop (may take 15 seconds or so)
  • Verify Scan All Users is selected then click Run Script
  • Type 4 in the lower box to Do a Deep Scan and Automated Cleanup then click OK
  • Wait patiently for the program to run
  • Do not use your computer while the scan is running
  • When completed a zoek-results.txt report will appear on your desktop. Copy and paste the contents in your reply
===================================================

Farbar's MiniToolBox

--------------------
  • Please download MiniToolBox, save it to your desktop
  • Please close any Firefox browsers you may have open
  • Double click the icon to launch the program
  • Make sure only the following options are checked:

Flush DNS
Report IE Proxy Settings
Reset IE Proxy Settings
Report FF Proxy Settings
Reset FF Proxy Settings
List content of Hosts
List IP configuration
List Winsock Entries

  • Click Go and once the scan is completed a MTB.txt Notepad document will open on your desktop
  • Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Temperature readings
  • Zoek report
  • MTB.txt
  • Internet Explorer any better?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#8 SailorMama

SailorMama
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:11:17 PM

Posted 26 March 2016 - 03:24 PM

Hello Again,

I will be out of pocket the next 24 hours. Going SAILING on Tampa Bay! I Hope you have a great weekend as well!

Once again, Thanks for your Help!!! It is much appreciated!

Shannon (SailorMama)

Here are my answers and results....................................

• Temperature readings
Temperature at boot Min 30 max 50
Temp with IE running Min 47 max 74
Temp with multiple apps running Min 56 Max 81
It seems to be running cooler and faster since cleaning it up with Zoek. There is still something that causes the hard drive to run continuouly after boot up though....a scan or indexing or something. Eventually (after 20 minutes or so) it quiets down a bit but the hard drive and/or fan can still be heard. I think perhaps it is time for a new hard drive for BlueBelleE6400 (my computer).....perhaps a SSD this time around...she is getting old.
• Internet Explorer any better?
Internet Explorer is definitely better. It does not appear to be re-drecting anymore. It runs really well when it is the only app being used. If I am running multip0le other apps, it will occasionally hang when I enter either www.msn.com or a bogus URL. I upped the intenet temp file setting from 250MB to 500MB and that seemed to help with faster load time.
• Zoek report
NOTE: FYI.......I HAD TO DISABLE AVAST TO RUN ZOEK
Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by SailorMama on Sat 03/26/2016 at 9:53:54.97.
Microsoft Windows 10 Pro 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\SailorMama\Desktop\zoek.exe [Scan all users] [Deep Scan] [Auto Clean]
==== System Restore Info ======================
3/26/2016 9:59:02 AM Zoek.exe System Restore Point Created Successfully.
==== Empty Folders Check ======================
C:\PROGRA~2\VideoLAN deleted successfully
C:\PROGRA~3\Canon IJ Network Tool deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) deleted successfully
C:\PROGRA~3\SoftwareDistribution deleted successfully
C:\PROGRA~3\WinZip deleted successfully
C:\PROGRA~3\xml_param deleted successfully
C:\Users\DefaultAppPool.IIS APPPOOL\AppData\LocalLow deleted successfully
C:\Users\Administrator.BlueBelleE6400\AppData\Local\ActiveSync deleted successfully
C:\Users\Administrator.BlueBelleE6400\AppData\Local\PeerDistRepub deleted successfully
C:\Users\SailorMama\AppData\Local\ActiveSync deleted successfully
C:\Users\SailorMama\AppData\Local\lptmp deleted successfully
C:\Users\SailorMama\AppData\Local\lptmp1314322943 deleted successfully
C:\Users\SailorMama\AppData\Local\lptmp1674266984 deleted successfully
C:\Users\SailorMama\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistPub deleted successfully
C:\WINDOWS\serviceprofiles\networkservice\AppData\Local\PeerDistRepub deleted successfully
C:\WINDOWS\serviceprofiles\Localservice\AppData\Local\CrashDumps deleted successfully
==== Deleting CLSID Registry Keys ======================
==== Deleting CLSID Registry Values ======================
==== Running Processes ======================
C:\Program Files\AVAST Software\Avast\AvastSvc.exe
C:\Program Files\AVAST Software\Avast\afwServ.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
c:\program files\avast software\avast\asww10mon.exe
C:\Users\SailorMama\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files\AVAST Software\Avast\avastui.exe
C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
C:\Users\SailorMama\Desktop\zoek.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\cmd.exe
C:\WINDOWS\SysWOW64\ctfmon.exe
C:\WINDOWS\SysWOW64\cmd.exe
==== Deleting Services ======================
==== FireFox Fix ======================
ProfilePath: C:\Users\SAILOR~1\AppData\Roaming\Mozilla\Firefox\Profiles\pcp6jov7.default-1423595780804
user.js not found
---- Lines yahoo removed from prefs.js ----
user_pref("browser.search.hiddenOneOffs", "Yahoo,Bing,Amazon.com,DuckDuckGo,eBay,Twitter,Wikipedia (en)");
---- FireFox user.js and prefs.js backups ----
prefs_20160326_1049_.backup
ProfilePath: C:\Users\SAILOR~1\AppData\Roaming\Mozilla\Firefox\Profiles\x28xmivg.default
prefs.js not found
user.js not found
---- FireFox user.js and prefs.js backups ----
==== Deleting Files \ Folders ======================
C:\PROGRA~2\VideoLAN not found
C:\PROGRA~3\Malwarebytes' Anti-Malware (portable) not found
C:\PROGRA~3\Wondershare Video Converter Ultimate deleted
C:\PROGRA~3\ProductData deleted
C:\PROGRA~3\Package Cache deleted
C:\Users\SailorMama\AppData\Local\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\windows\SysNative\Tasks\avast! Windows 10 Start Menu helper deleted
C:\windows\SysNative\GroupPolicy\Machine deleted
C:\windows\SysNative\GroupPolicy\User deleted
C:\windows\SysNative\GroupPolicy\GPT.INI deleted
C:\Users\SAILOR~1\AppData\Roaming\Mozilla\Firefox\Profiles\pcp6jov7.default-1423595780804\Yahoo Inc deleted
==== System Specs ======================
Windows: Windows Version 6.2 (Build 9200)
Memory (RAM): 6132 MB
CPU Info: Intel® Core™2 Duo CPU P8400 @ 2.26GHz
CPU Speed: 1555.9 MHz
Sound Card: Speakers / Headphones (IDT High |
Independent (R.T.C.) Headphones |
Display Adapters: NVIDIA Quadro NVS 160M | NVIDIA Quadro NVS 160M
Monitors: 1x; Generic PnP Monitor |
Screen Resolution: 1440 X 900 - 32 bit
Network: Network Present
Network Adapters: Microsoft Hosted Network Virtual Adapter #2 | Intel® 82567LM Gigabit Network Connection | Dell Wireless 1510 Wireless-N WLAN Mini-Card
CD / DVD Drives: 1x (D: | ) D: PLDS DVD+-RW DU-8A2S
Ports: COM Ports NOT Present. LPT Port NOT Present.
Mouse: 5 Button Wheel Mouse Present
Hard Disks: C: 200.5GB | R: 31.8GB
Hard Disks - Free: C: 100.9GB | R: 31.0GB
Manufacturer *: Dell Inc.
BIOS Info: AT/AT COMPATIBLE | 06/04/13 | DELL - 27dd0604
Time Zone: Eastern Standard Time
Motherboard *: Dell Inc. 0R916R
Country: United States
Language: ENU
==== System Specs (Software) ======================
Internet Explorer Version: 11.162.10586.0
Adobe Reader version: 11.0.14.16
Sun Java version: 1.8.0_77 (32-bit)
Sun Java version: 1.8.0_77 (64-bit)
==== Files Recently Created / Modified ======================
====== C:\WINDOWS ====
2016-03-26 09:21:56 C04A5CDCB446DC708D9302BE4E91E46D 16880 ----a-w- C:\WINDOWS\DellBIOS.Sys
2016-03-25 03:44:11 9A4721C52C4746019879D9F8033DCA00 52184 ----a-w- C:\WINDOWS\avastSS.scr
====== C:\Users\SAILOR~1\AppData\Local\Temp ====
====== Java Cache =====
====== C:\WINDOWS\SysWOW64 =====
2016-03-26 10:15:54 446734E63D58CB28A6FA5ACC828F22B3 97856 ----a-w- C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-03-26 09:52:47 F774E527825C25AAEBA3B3EEDB188B39 131072 ----a-w- C:\WINDOWS\SysWOW64\DellSPMsg.dll
2016-03-23 20:47:41 F11029B1C89917B5C7534756D90E0BE9 122880 ----a-w- C:\WINDOWS\SysWOW64\CNC_AZU.dll
2016-03-23 20:47:41 31650119B40100B5C3841F53ACBD6DA8 424448 ----a-w- C:\WINDOWS\SysWOW64\CNC_AZL.dll
2016-03-23 20:47:41 16486C561E45C8A50E01114A2118DE74 70656 ----a-w- C:\WINDOWS\SysWOW64\CNC175ED.TBL
2016-03-23 20:47:40 D16CF34B17899F90A8FCF2A3F77B4A27 15872 ----a-w- C:\WINDOWS\SysWOW64\CNHMCA.dll
2016-03-22 07:30:11 25AC3BCB8AF11A13CA663249CF49D6BC 36746 ----a-w- C:\WINDOWS\SysWOW64\license.rtf
2016-03-22 07:23:21 E3C2853C8F2EED113646F07D62D08C9E 503296 ----a-w- C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-22 07:23:21 463DA1563BB9C1849527967BA80C1810 287712 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-22 07:23:20 EC21FC40C74206DAB19F1A8F9132EFAB 890368 ----a-w- C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-22 07:23:20 D641F5B6C115C334FD990827979028F3 18677760 ----a-w- C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-22 07:23:20 C8F351BE29CEA63BC5EE5A175576B7F3 1105920 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-22 07:23:20 C86784A6F08E733BE19D62C82182FA7D 266752 ----a-w- C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-22 07:23:20 C117F577BB0CC6545EA181FBB3FACE99 980352 ----a-w- C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-22 07:23:20 B65549A1CDB2C827AD022A3F35994FCF 2180136 ----a-w- C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-22 07:23:20 B315EB17077EF082A79922D4EA47DBF4 163328 ----a-w- C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-22 07:23:20 B073C14F8B76DF8652415488C22F10A1 670928 ----a-w- C:\WINDOWS\SysWOW64\mfds.dll
2016-03-22 07:23:20 AF209F751EB761084CEFE2CF10E1CE8D 895080 ----a-w- C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-22 07:23:20 AD1B282BDE4A19D7CE2D405409DBB8D0 1497088 ----a-w- C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-22 07:23:20 A7583A49B0F4A91E5B2E154C3582DF82 420928 ----a-w- C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-22 07:23:20 A34EDEA5F401143A0190642EABA28518 709688 ----a-w- C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-22 07:23:20 A19A2DDCC69FF16B5FB68AD4F02B564A 480256 ----a-w- C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-22 07:23:20 9DEB4C56FAAB147839BF68B6C28A38FC 164864 ----a-w- C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-22 07:23:20 964DE3052B6A869EFBC86930DD51E8BD 379392 ----a-w- C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-22 07:23:20 8C2E49ACD2A820A3FA7C598B811F3803 450912 ----a-w- C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-22 07:23:20 8BD7A79F9A8FF011B89A61C8AC796988 502112 ----a-w- C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-22 07:23:20 888D41F5EFD6995491326C0DEEA2124A 713824 ----a-w- C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-22 07:23:20 780795062541AF34415CCCE4072FBBB8 12586496 ----a-w- C:\WINDOWS\SysWOW64\wmp.dll
2016-03-22 07:23:20 7734BD0E9C8ED7DC48F559A67D0A79F4 20480 ----a-w- C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-22 07:23:20 5D676C1C350EA4976B888804444932CE 2061312 ----a-w- C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-22 07:23:20 550ECFF3C3808065169BFEA6C2B7837C 400896 ----a-w- C:\WINDOWS\SysWOW64\winspool.drv
2016-03-22 07:23:20 49CF99392314B7CAD65DE8A05ABFE30D 882720 ----a-w- C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-22 07:23:20 22269B90E92BECDEB3D67EBE1DDB378E 3666432 ----a-w- C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-22 07:23:20 162CB5DE3BAB5A029E658180A2E0673A 2919320 ----a-w- C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-22 07:23:20 160CC95D34D62B6A72F9E4E3EE52EBCC 369664 ----a-w- C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-22 07:23:20 0C39C1CC2ABC5D88D586EA0D86E79EEE 2793472 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-22 07:23:20 05B15BD9C92BE52F35A2295B22C5D892 168448 ----a-w- C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-22 07:23:19 FABAF2C5E74BA9ADC07D28BB03F5C32A 349696 ----a-w- C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-22 07:23:19 F40196C743D54C56C7C2CCDD6FDE262E 572272 ----a-w- C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-22 07:23:19 E83DA16178E4E97B572900803183419D 1542816 ----a-w- C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-22 07:23:19 CA57FE09C1255009C9AC1462B7D7264D 957608 ----a-w- C:\WINDOWS\SysWOW64\ole32.dll
2016-03-22 07:23:19 AA20E6BCDC5A617F4333EE5EEE3CC79E 5661696 ----a-w- C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-22 07:23:19 9DB69A637142A6C72DF22706CF2F6F7B 31744 ----a-w- C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-22 07:23:19 97E96ABEBCB6CF556406781C47C5282A 78848 ----a-w- C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-22 07:23:19 8CE4D365EF60DA0A098757371DD43752 88576 ----a-w- C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-22 07:23:19 7BB6C35792323E4761AC6624E2D42397 12125696 ----a-w- C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-22 07:23:19 76B9CA3DF18D9E116051652EB4CD2FF2 9919488 ----a-w- C:\WINDOWS\SysWOW64\twinui.dll
2016-03-22 07:23:19 5A98CF000F5202776E4A58438AB2E070 4412928 ----a-w- C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-22 07:23:19 4591BC3EC5FD8336642F8B94EABD4D4F 187744 ----a-w- C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-22 07:23:19 42248856CC8A2AE6642B5D1B170EAB35 450560 ----a-w- C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-22 07:23:19 2D0C2AB110A51895D9D1E875201013DE 1557768 ----a-w- C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-22 07:23:19 2BECAD7E55AB723F361254477270ED2F 1707520 ----a-w- C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-22 07:23:19 197948552BE23DACBEF10ECC8168FD11 29696 ----a-w- C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-22 07:23:19 100E983F59F3BF3A3F8BFA327CF9B438 157184 ----a-w- C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-22 07:23:19 0C60922D59461C8D1B0A2AA3CF493438 21124344 ----a-w- C:\WINDOWS\SysWOW64\shell32.dll
2016-03-22 07:23:19 00CE414BA74B576960B559C8C2674106 19339776 ----a-w- C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-22 07:23:15 EB5DBA11B7C79B28A759AF12F03A17BB 769536 ----a-w- C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-22 07:23:15 E34395496B11CF5C8C5B6D2E438BFA43 18944 ----a-w- C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-22 07:23:15 D8DA5B9D54225B46242011154C9E417A 133632 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-22 07:23:15 CE9B87CDE4D7BCEA229D676720E28C6B 1859960 ----a-w- C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-22 07:23:15 CA2EA5401563387162E61444AE15AF59 53248 ----a-w- C:\WINDOWS\SysWOW64\profext.dll
2016-03-22 07:23:15 C97B5BEADC79FFC5DAF1C9011CAE796B 5242496 ----a-w- C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-22 07:23:15 C406A5FDC8A1ECF2A9632F302B7D0EC3 294752 ----a-w- C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-22 07:23:15 C012CE3AB0120D01C75EDBB869AC463E 523752 ----a-w- C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-22 07:23:15 A43688711B5DA91ED9FC159BB8F8AF14 646656 ----a-w- C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-22 07:23:15 93B7ED5F44D9C3FB0A74C059E1B9E68B 89088 ----a-w- C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-22 07:23:15 88D538838692B2D66514301CCB37B4E7 83456 ----a-w- C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-22 07:23:15 75B5C1588D3703F44004D3EB2BD358AD 129024 ----a-w- C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2016-03-22 07:23:15 6DFDAD2B0EA3385069276DF547F4CAC8 2186864 ----a-w- C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-22 07:23:15 65D0043F608A12AF75ED37A65AFB906B 342528 ----a-w- C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-22 07:23:15 620737C11CD32E03299E0B60BC896230 552960 ----a-w- C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-22 07:23:15 5A212173FC0622865F409B16ED77C9DF 98304 ----a-w- C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-22 07:23:15 56315A6A6598E701BB0A5F506DA6143E 200704 ----a-w- C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-22 07:23:15 4B9DE8EAA2E16C34E018749F325BAEFF 949248 ----a-w- C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-22 07:23:15 43AE8C9F7D031AB3DBEADA4C17D8C682 150528 ----a-w- C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-22 07:23:15 3BFCD46B7D67D0B137BD54C2BE644C4A 161280 ----a-w- C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-22 07:23:15 3B1F2F6F89F3F4ED75C5FADDB2E7CFE1 56320 ----a-w- C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-22 07:23:15 39E7BAB659A6AB4419A908E578BE7029 56320 ----a-w- C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-22 07:23:15 395F9E50709FAE503C339047207E46CF 540160 ----a-w- C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-22 07:23:15 392434472351B2DA0499AEC962E988CE 37888 ----a-w- C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-22 07:23:15 3547D79A60007624BFEBAFCAE158E992 169984 ----a-w- C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-22 07:23:15 3249EA75874EE3DD3FCBA141656DF210 713728 ----a-w- C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-22 07:23:15 31657EDEEA6039E71C708BDA61AB62D5 37888 ----a-w- C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-22 07:23:15 2C84609F09FD003FA955567D395EEA8A 575488 ----a-w- C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-22 07:23:15 259517866C369BCC5990292BCB57E709 223744 ----a-w- C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-22 07:23:15 242708810A22D373904539EDF39FFAD1 196608 ----a-w- C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-22 07:23:15 1ECA3CCBC61038D780FC179C9CB5F0CA 1944576 ----a-w- C:\WINDOWS\SysWOW64\InputService.dll
2016-03-22 07:23:15 1AEBF2230422716D8CE1BEBCBAE961D3 48128 ----a-w- C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-22 07:23:15 15E75D27F0C67A7A21D5A514601F0E5A 135168 ----a-w- C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-22 07:23:14 FC90756CB632C0E4AC0D6A60AF2DF9AD 585216 ----a-w- C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-22 07:23:14 F7447D7EDE2E9F4FEC87143F5CC021F5 65536 ----a-w- C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-22 07:23:14 EBD26D676238C0B3938AFF925043576F 394752 ----a-w- C:\WINDOWS\SysWOW64\werui.dll
2016-03-22 07:23:14 E43400F37F8F0FA9281FEB64E3D7F72B 754176 ----a-w- C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-22 07:23:14 DD73501C379ABF585DC7CC1765BE8E2E 303104 ----a-w- C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-22 07:23:14 DB6C9645A16676FDE0D730CB05D8F6E1 1443328 ----a-w- C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-22 07:23:14 D1817C1F148C21EC4403186D731DF042 540752 ----a-w- C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-22 07:23:14 CF342DCC0B8053DCABA7C5D30BE4B5C3 1500672 ----a-w- C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-22 07:23:14 C9B1E5A2FE0C7BF75B8B751311331EB4 2604032 ----a-w- C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-22 07:23:14 C23A52581FEA6CD49A49160BFA794BF7 6952088 ----a-w- C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-22 07:23:14 B014F98BEE810D5BF9F8C1C75F0EAD92 489984 ----a-w- C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-22 07:23:14 AC42505CBCEE5825BB2695C34E43B1D0 184832 ----a-w- C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-22 07:23:14 A8EF9AEDACF24908E12E910BF3977DC9 703840 ----a-w- C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-22 07:23:14 9B60985A87BA2FED9F57DA30F191098E 315904 ----a-w- C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-22 07:23:14 978D6640C869D7FA4FCDD877E4A5C2C7 93696 ----a-w- C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-22 07:23:14 952D6065F133D9525B399E6274CFE027 793600 ----a-w- C:\WINDOWS\SysWOW64\SRH.dll
2016-03-22 07:23:14 856AD15FD2D187EA8435564A135C85C0 228352 ----a-w- C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-22 07:23:14 7F0A9630C78E3783680CC9620C4E09C0 6740992 ----a-w- C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-22 07:23:14 7A2A3BAAA05C8124D95B2915E904F900 141664 ----a-w- C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-22 07:23:14 6FA3485DB4DE58EE9E73597CAC493AB4 37376 ----a-w- C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-22 07:23:14 6DA0B412C0DD9DDB5382527488A5AD2E 237056 ----a-w- C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-22 07:23:14 64B0C2833EB2501DAE37C0A9700BF48F 45568 ----a-w- C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-22 07:23:14 594B272EA8C34067CD74AAE90EFFBE88 1626624 ----a-w- C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-22 07:23:14 4D2E3D6BC01E7A5E9C6F9AFDBFAF98BB 220064 ----a-w- C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-22 07:23:14 44F1D7984F8B7739EF7EF50DEC6B41B9 2229760 ----a-w- C:\WINDOWS\SysWOW64\wininet.dll
2016-03-22 07:23:14 38EE252AD45EB7D6834F718B9487D3F9 538736 ----a-w- C:\WINDOWS\SysWOW64\wer.dll
2016-03-22 07:23:14 05B81C404A34101E1DC17C0D9A67EA32 5321728 ----a-w- C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-22 07:23:14 053E2D136DB8A4743E4C40D5D979834B 200704 ----a-w- C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-22 07:08:32 F432E0E5B0958F4982D40EB622FBD7FC 35480 ----a-w- C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-03-22 07:08:32 BF9CAA33ADD4C21C118148B5CFC5494B 778936 ----a-w- C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-03-22 07:08:32 6F391E9286733CC6B34FC0FAB23B8DF3 103120 ----a-w- C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-03-22 03:36:38 9743867DEE211A9C66394C1227C49701 965390 ----a-w- C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-03-18 19:07:04 4F8E44453EDB8083F504DDF679B55034 1155072 ----a-w- C:\WINDOWS\SysWOW64\mshtmlmedia.dll
====== C:\WINDOWS\SysWOW64\drivers =====
====== C:\WINDOWS\Sysnative =====
2016-03-25 03:44:28 CBE6A51D10DA701BAFF2729EAD1BAC6B 398152 ----a-w- C:\WINDOWS\Sysnative\aswBoot.exe
2016-03-24 17:44:20 1E1CCF3DF0686A4EADBE29A834D6C488 1172378 ----a-w- C:\WINDOWS\Sysnative\oem63.inf
2016-03-24 13:08:51 5614386D4CFDF9E56F355C45BEEBC976 12872 ----a-w- C:\WINDOWS\Sysnative\bootdelete.exe
2016-03-24 05:34:10 A9E527191B66634D8D5C1D0BC12E101F 389896 ----a-w- C:\WINDOWS\Sysnative\FNTCACHE.DAT
2016-03-23 21:36:22 293C21F0EE9720B9B710DDA40A545CFD 128288 ----a-w- C:\WINDOWS\Sysnative\IObitSmartDefragExtension.dll
2016-03-23 20:46:13 93B9E4D0B7BD601372C5B50FE0381533 385024 ----a-w- C:\WINDOWS\Sysnative\CNMLMAZ.DLL
2016-03-22 07:30:11 25AC3BCB8AF11A13CA663249CF49D6BC 36746 ----a-w- C:\WINDOWS\Sysnative\license.rtf
2016-03-22 07:23:21 C3F15E167CB84E2E6027AF17D49D5904 372224 ----a-w- C:\WINDOWS\Sysnative\MDEServer.exe
2016-03-22 07:23:20 FEBBA212353E4FA90C6164AA970B772F 536256 ----a-w- C:\WINDOWS\Sysnative\AudioSes.dll
2016-03-22 07:23:20 F9B6E75F16F92CB79F68DA3ABCB576E0 989536 ----a-w- C:\WINDOWS\Sysnative\SecConfig.efi
2016-03-22 07:23:20 F6B9E6CB351D86A0C318B37E14B97656 196608 ----a-w- C:\WINDOWS\Sysnative\fwpolicyiomgr.dll
2016-03-22 07:23:20 EB05F5368F8BBF75157B87FD1F689167 2581504 ----a-w- C:\WINDOWS\Sysnative\MFMediaEngine.dll
2016-03-22 07:23:20 E9B10E704AD5B1BA5E531809C89A085B 93184 ----a-w- C:\WINDOWS\Sysnative\wpninprc.dll
2016-03-22 07:23:20 E0932D924DA7C363F40E5B90DC9D2669 129536 ----a-w- C:\WINDOWS\Sysnative\flvprophandler.dll
2016-03-22 07:23:20 D79FFE2219AE3BA3B871BA2D39B16519 1152328 ----a-w- C:\WINDOWS\Sysnative\mfasfsrcsnk.dll
2016-03-22 07:23:20 D12D3DD397A35EF06CDF41C1A9E3EE45 613376 ----a-w- C:\WINDOWS\Sysnative\SettingSync.dll
2016-03-22 07:23:20 C9BFE1D6420BFADB249162039C321F63 1131520 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Audio.dll
2016-03-22 07:23:20 C78D43083400B8FAE408FEB1E99F9DA8 1847808 ----a-w- C:\WINDOWS\Sysnative\WMPDMC.exe
2016-03-22 07:23:20 C3D11EE0D07D6CAF9F8D4073B9F5579E 557056 ----a-w- C:\WINDOWS\Sysnative\PsmServiceExtHost.dll
2016-03-22 07:23:20 BD70B866034C1366D74CCBB5CA97395E 2544264 ----a-w- C:\WINDOWS\Sysnative\mfcore.dll
2016-03-22 07:23:20 BC767AD01E4DAFD08C21D5D07CC290C9 567808 ----a-w- C:\WINDOWS\Sysnative\MCRecvSrc.dll
2016-03-22 07:23:20 AA97AC06BFA15DA23C7C9C145A226C2D 25600 ----a-w- C:\WINDOWS\Sysnative\wfapigp.dll
2016-03-22 07:23:20 9C4C3EB6A2371A2038E2BB3A9D54CDE0 498448 ----a-w- C:\WINDOWS\Sysnative\MFCaptureEngine.dll
2016-03-22 07:23:20 9AE80C03EA83537F17B286ECBBA13D43 184320 ----a-w- C:\WINDOWS\Sysnative\fwbase.dll
2016-03-22 07:23:20 9610CE53A9ED0789C8B669A5F86008F7 1054208 ----a-w- C:\WINDOWS\Sysnative\audiosrv.dll
2016-03-22 07:23:20 92F74BF86088520654BD5636A69E37F1 848168 ----a-w- C:\WINDOWS\Sysnative\mfsvr.dll
2016-03-22 07:23:20 751F5B6AF16546162E06211AF1FC2979 794888 ----a-w- C:\WINDOWS\Sysnative\mfds.dll
2016-03-22 07:23:20 6E76BB89EED6C2BD7B1E7B5F9A1C41F0 320000 ----a-w- C:\WINDOWS\Sysnative\MSFlacDecoder.dll
2016-03-22 07:23:20 6E0BFE7FAFAC7B5D0C13062D5884B135 369912 ----a-w- C:\WINDOWS\Sysnative\audiodg.exe
2016-03-22 07:23:20 6A5290128257BC733107E7819648CA76 526336 ----a-w- C:\WINDOWS\Sysnative\FirewallAPI.dll
2016-03-22 07:23:20 669F733F85FEBE6F7438C66CBF7FD3FD 1062480 ----a-w- C:\WINDOWS\Sysnative\mfmp4srcsnk.dll
2016-03-22 07:23:20 63F861960D2EA541831072D88E08EABA 3425792 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.dll
2016-03-22 07:23:20 5C6B3AFF685A17163315276E86CE173E 696160 ----a-w- C:\WINDOWS\Sysnative\NetSetupEngine.dll
2016-03-22 07:23:20 553F19DC6F3F73545CB17FCD7A8AE37B 870912 ----a-w- C:\WINDOWS\Sysnative\MPSSVC.dll
2016-03-22 07:23:20 48E90F12346EE70764CEE435826ABD31 493568 ----a-w- C:\WINDOWS\Sysnative\mfmkvsrcsnk.dll
2016-03-22 07:23:20 47323DE2A684895004CE63EC66FB4AB4 401408 ----a-w- C:\WINDOWS\Sysnative\sharemediacpl.dll
2016-03-22 07:23:20 468D29ECE0AD7700B790A20FA2765313 408120 ----a-w- C:\WINDOWS\Sysnative\AUDIOKSE.dll
2016-03-22 07:23:20 42BF7FA295F453618104B5A50BEE105B 275456 ----a-w- C:\WINDOWS\Sysnative\AudioEndpointBuilder.dll
2016-03-22 07:23:20 40D666AEFB8775F25AA403EDB5D2414E 4894208 ----a-w- C:\WINDOWS\Sysnative\jscript9.dll
2016-03-22 07:23:20 3ED081A1F371E63BC6DA0327E1E51D22 22376960 ----a-w- C:\WINDOWS\Sysnative\edgehtml.dll
2016-03-22 07:23:20 3E80E2B0C0010154CC504DC51BE21968 14252544 ----a-w- C:\WINDOWS\Sysnative\wmp.dll
2016-03-22 07:23:20 3D58D04A9269CE21B61960544A05573D 204288 ----a-w- C:\WINDOWS\Sysnative\NetSetupSvc.dll
2016-03-22 07:23:20 350CFCC870E30BEE151F3DFB83BD0178 1017032 ----a-w- C:\WINDOWS\Sysnative\mfsrcsnk.dll
2016-03-22 07:23:20 28343B7C30E6AF073B02288EB579D984 476728 ----a-w- C:\WINDOWS\Sysnative\msvproc.dll
2016-03-22 07:23:20 218CEC10714AF029BF4D8BCE600AD1DA 819648 ----a-w- C:\WINDOWS\Sysnative\mfmpeg2srcsnk.dll
2016-03-22 07:23:19 FF07BE14ED82E218C3EEE7C986118A2E 307712 ----a-w- C:\WINDOWS\Sysnative\usbmon.dll
2016-03-22 07:23:19 F8083C536BEDE61AFB4069D8A8C16DA7 456704 ----a-w- C:\WINDOWS\Sysnative\ipnathlp.dll
2016-03-22 07:23:19 F3FE9C939D684607118E306B98CEBBBC 22564328 ----a-w- C:\WINDOWS\Sysnative\shell32.dll
2016-03-22 07:23:19 F0D97E9816795E1AAA17396ABD2660C4 4827136 ----a-w- C:\WINDOWS\Sysnative\ExplorerFrame.dll
2016-03-22 07:23:19 F01ADB9BD13B60B6AB9538447F901921 365568 ----a-w- C:\WINDOWS\Sysnative\atmfd.dll
2016-03-22 07:23:19 EB850DDF36D7462F1ADC1B6A329CE266 7835648 ----a-w- C:\WINDOWS\Sysnative\Chakra.dll
2016-03-22 07:23:19 EA30B6E587862DF15E35525C60CCAFA9 838144 ----a-w- C:\WINDOWS\Sysnative\uDWM.dll
2016-03-22 07:23:19 E9A0D466F6D8EC349DB526146618BCB6 606720 ----a-w- C:\WINDOWS\Sysnative\wcmsvc.dll
2016-03-22 07:23:19 D20C52607024BD08A88CF1CA6B339C9B 517632 ----a-w- C:\WINDOWS\Sysnative\winspool.drv
2016-03-22 07:23:19 D1241DFC397FA8CCFB4BB4B63AAD31AC 755712 ----a-w- C:\WINDOWS\Sysnative\spoolsv.exe
2016-03-22 07:23:19 BF0B4D43097A7FEFE3F7F9EEC13C31FB 764928 ----a-w- C:\WINDOWS\Sysnative\Chakradiag.dll
2016-03-22 07:23:19 A80237F337639402450C5F6CE9B75C94 474624 ----a-w- C:\WINDOWS\Sysnative\NetSetupShim.dll
2016-03-22 07:23:19 A78E76034D230AFE6B74B57BAF8C8BF2 27648 ----a-w- C:\WINDOWS\Sysnative\WiFiConfigSP.dll
2016-03-22 07:23:19 A74CEC306AB99D74559F7075EDB60A9B 451584 ----a-w- C:\WINDOWS\Sysnative\werui.dll
2016-03-22 07:23:19 96B060E7FDDD6E2902282C12C3BFD6AE 630632 ----a-w- C:\WINDOWS\Sysnative\fontdrvhost.exe
2016-03-22 07:23:19 91038CB7820CFB27E7C9D10320307301 1390080 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Shell.dll
2016-03-22 07:23:19 8AF0CBE3FC6129C42D7A2A73B681F226 1118208 ----a-w- C:\WINDOWS\Sysnative\localspl.dll
2016-03-22 07:23:19 84ADBF35DAF6404148AE85973BE26D59 48640 ----a-w- C:\WINDOWS\Sysnative\wfdprov.dll
2016-03-22 07:23:19 7185B16516478DF0061C2561C1B072CE 228352 ----a-w- C:\WINDOWS\Sysnative\wsqmcons.exe
2016-03-22 07:23:19 717FDDACE38C314CA5A517E12162CC6D 216576 ----a-w- C:\WINDOWS\Sysnative\QuickActionsDataModel.dll
2016-03-22 07:23:19 6CA51117CDDB89DB6AE9F196B01C3491 389992 ----a-w- C:\WINDOWS\Sysnative\wlanapi.dll
2016-03-22 07:23:19 68B34C3558BEE0F6B822FA603E9AE441 258280 ----a-w- C:\WINDOWS\Sysnative\sqmapi.dll
2016-03-22 07:23:19 610D0502400BDAFD4BB8EA10713234C7 74240 ----a-w- C:\WINDOWS\Sysnative\SMSRouter.dll
2016-03-22 07:23:19 6072C7DB85FD3FE8D308EE44865C04DE 305664 ----a-w- C:\WINDOWS\Sysnative\wifiprofilessettinghandler.dll
2016-03-22 07:23:19 557496EE056CEF8D1D569D2663BC701F 988160 ----a-w- C:\WINDOWS\Sysnative\SharedStartModel.dll
2016-03-22 07:23:19 54E585CFCD208E460A70D1356CD489BE 13382656 ----a-w- C:\WINDOWS\Sysnative\ieframe.dll
2016-03-22 07:23:19 53AC4B2658807691D2A485EE0F8A50E9 463360 ----a-w- C:\WINDOWS\Sysnative\wlansec.dll
2016-03-22 07:23:19 52623F9ED4D00357F3874DD31BB232FD 45568 ----a-w- C:\WINDOWS\Sysnative\atmlib.dll
2016-03-22 07:23:19 453740989239803FE363FF8B40EA2E08 2295808 ----a-w- C:\WINDOWS\Sysnative\wlansvc.dll
2016-03-22 07:23:19 417D1526811D9646A7E8779209F11361 1213440 ----a-w- C:\WINDOWS\Sysnative\wwansvc.dll
2016-03-22 07:23:19 408E62A03168C0016B986C80ECFD088C 24600576 ----a-w- C:\WINDOWS\Sysnative\mshtml.dll
2016-03-22 07:23:19 3F8466CC13D1F614C8FAC24B1C030D59 214528 ----a-w- C:\WINDOWS\Sysnative\Windows.Devices.Scanners.dll
2016-03-22 07:23:19 2C8130AFF9C3F0E99DE4B52A0A187CB3 118272 ----a-w- C:\WINDOWS\Sysnative\fontsub.dll
2016-03-22 07:23:19 2989A5B700D1C706ED496CCA75DCFA67 7533568 ----a-w- C:\WINDOWS\Sysnative\mstscax.dll
2016-03-22 07:23:19 2985697A74DE409D53C6ACD2CD30FDAA 1818696 ----a-w- C:\WINDOWS\Sysnative\ntdll.dll
2016-03-22 07:23:19 186BAF9C9F422E6B784E4C990585E2E3 673792 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.dll
2016-03-22 07:23:19 0ED8556CB47EC7689D0046791F3427AE 26112 ----a-w- C:\WINDOWS\Sysnative\wlansvcpal.dll
2016-03-22 07:23:19 0D7BB44BFFFA4E153F4EA1E05522D2C3 37376 ----a-w- C:\WINDOWS\Sysnative\LaunchWinApp.exe
2016-03-22 07:23:19 09918925526BC0B5B823CF1A2473D909 412672 ----a-w- C:\WINDOWS\Sysnative\wlanmsm.dll
2016-03-22 07:23:19 043051E7D39381BC1DCA5B25236BBA72 11545600 ----a-w- C:\WINDOWS\Sysnative\twinui.dll
2016-03-22 07:23:19 0088614FE67298E6996AD19B05AE90C7 1997328 ----a-w- C:\WINDOWS\Sysnative\KernelBase.dll
2016-03-22 07:23:15 FF1FF1A83425C77D1CAFF9EC7AFA8C1F 108544 ----a-w- C:\WINDOWS\Sysnative\InputLocaleManager.dll
2016-03-22 07:23:15 FF0F6AAD313DCD878D2ECF1BA0B32478 2624512 ----a-w- C:\WINDOWS\Sysnative\InputService.dll
2016-03-22 07:23:15 FB2FBCF8AD0DF4F8A50B1639F0256D83 555520 ----a-w- C:\WINDOWS\Sysnative\SyncController.dll
2016-03-22 07:23:15 FA7FE5ECB4E0103F132BB00E526E67EF 852480 ----a-w- C:\WINDOWS\Sysnative\Windows.ApplicationModel.Store.dll
2016-03-22 07:23:15 F2232A78D975E8F1B99DAC4873CBDC89 414720 ----a-w- C:\WINDOWS\Sysnative\bcastdvr.exe
2016-03-22 07:23:15 F07301C282AA222C33F8C28B4F545275 591872 ----a-w- C:\WINDOWS\Sysnative\SmsRouterSvc.dll
2016-03-22 07:23:15 EEA1E99FBC7D91A1A271012F2B4567BB 60416 ----a-w- C:\WINDOWS\Sysnative\PimIndexMaintenanceClient.dll
2016-03-22 07:23:15 EBD07BD20B5E0E92A398566EF8720F79 31232 ----a-w- C:\WINDOWS\Sysnative\seclogon.dll
2016-03-22 07:23:15 EAB4B1DD5E18EE57853ACD0156AE92E6 199168 ----a-w- C:\WINDOWS\Sysnative\InstallAgent.exe
2016-03-22 07:23:15 EA195B8BC11C1CDB313CFD456EFFA0E9 997376 ----a-w- C:\WINDOWS\Sysnative\schedsvc.dll
2016-03-22 07:23:15 E78793375E53690605E4441078CCBF84 87552 ----a-w- C:\WINDOWS\Sysnative\AppxSysprep.dll
2016-03-22 07:23:15 E7588419770BDDB510741F734D290E27 1318912 ----a-w- C:\WINDOWS\Sysnative\wifinetworkmanager.dll
2016-03-22 07:23:15 E4AFFF129D51A779B75164CB6D077FC1 1831936 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentExtensions.dll
2016-03-22 07:23:15 E432FCF8572682126C3362AA856DC4AE 221184 ----a-w- C:\WINDOWS\Sysnative\PhoneCallHistoryApis.dll
2016-03-22 07:23:15 E1D8055043DF089DB8ADB67C21DF2CC4 70656 ----a-w- C:\WINDOWS\Sysnative\POSyncServices.dll
2016-03-22 07:23:15 DEFF4C7B937F60923980D4BB7D1724B8 274944 ----a-w- C:\WINDOWS\Sysnative\ExSMime.dll
2016-03-22 07:23:15 DD877B48C28AB34197AD88902971B81D 45056 ----a-w- C:\WINDOWS\Sysnative\UserDataLanguageUtil.dll
2016-03-22 07:23:15 DD57E9F1482E1A9BD2514F6D017DF58A 258560 ----a-w- C:\WINDOWS\Sysnative\UserDataAccountApis.dll
2016-03-22 07:23:15 DAFECF80513C6E6892BBEBB48D555A31 115712 ----a-w- C:\WINDOWS\Sysnative\srpapi.dll
2016-03-22 07:23:15 DAB53783AD08864E873A6B7B874D1783 3671888 ----a-w- C:\WINDOWS\Sysnative\iertutil.dll
2016-03-22 07:23:15 D4170CA7268AEDE7DE43EE54D7C8F639 256512 ----a-w- C:\WINDOWS\Sysnative\accountaccessor.dll
2016-03-22 07:23:15 D169A4C1EDA2F63545628420014F2FE3 808800 ----a-w- C:\WINDOWS\Sysnative\WWAHost.exe
2016-03-22 07:23:15 CD8C4364BC6040C0226638EF37E13CBB 161280 ----a-w- C:\WINDOWS\Sysnative\CallHistoryClient.dll
2016-03-22 07:23:15 CB902A15DD21B363FECA5DCCF34F5C57 1224704 ----a-w- C:\WINDOWS\Sysnative\Unistore.dll
2016-03-22 07:23:15 C6856D20BE1DB90407C9154B0EC319B9 77824 ----a-w- C:\WINDOWS\Sysnative\provpackageapidll.dll
2016-03-22 07:23:15 C64B693DF26EB7BFF25F9BAD8B54D571 649216 ----a-w- C:\WINDOWS\Sysnative\ngcsvc.dll
2016-03-22 07:23:15 BEF109D45139E2646C116DD9B6E53E3C 847360 ----a-w- C:\WINDOWS\Sysnative\netlogon.dll
2016-03-22 07:23:15 BE8C62B0B7BBA8F1152A6A7FCF248404 915456 ----a-w- C:\WINDOWS\Sysnative\configurationclient.dll
2016-03-22 07:23:15 BAEFEFB04D7F9A554C029FBA52A02BB8 652392 ----a-w- C:\WINDOWS\Sysnative\dxgi.dll
2016-03-22 07:23:15 B6877446C93D3110E56C90CF13CBEC89 45568 ----a-w- C:\WINDOWS\Sysnative\UserDataTypeHelperUtil.dll
2016-03-22 07:23:15 B58CE40AC84F1B068A2004400E68245B 87040 ----a-w- C:\WINDOWS\Sysnative\MDMAppInstaller.exe
2016-03-22 07:23:15 B37F21B4C25BF10605A196791F93E324 360448 ----a-w- C:\WINDOWS\Sysnative\vaultsvc.dll
2016-03-22 07:23:15 AFAF7063071A1124985A63382B2BC34C 161792 ----a-w- C:\WINDOWS\Sysnative\AppxSip.dll
2016-03-22 07:23:15 AE46FC3FC01DA2DC876D75776F5943B0 86528 ----a-w- C:\WINDOWS\Sysnative\AppCapture.dll
2016-03-22 07:23:15 A9073B21B807C28A5A2246BB1440E823 1030416 ----a-w- C:\WINDOWS\Sysnative\winresume.efi
2016-03-22 07:23:15 A34D9229F8D3A7164247213C9A283DB0 189952 ----a-w- C:\WINDOWS\Sysnative\WiFiDisplay.dll
2016-03-22 07:23:15 A249C98D869623F1AF0DB4BCFFF6D2A8 68096 ----a-w- C:\WINDOWS\Sysnative\UserDataPlatformHelperUtil.dll
2016-03-22 07:23:15 9BE5ECE2F17B3BEDE6FDE1175BD23266 376536 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.MediaControl.dll
2016-03-22 07:23:15 9A3D731707AC0059E0ACBD4E8CDF46E6 1731584 ----a-w- C:\WINDOWS\Sysnative\urlmon.dll
2016-03-22 07:23:15 9972A886D911234F833A265D5D641D30 587776 ----a-w- C:\WINDOWS\Sysnative\bisrv.dll
2016-03-22 07:23:15 9953FA89A4E3BC33296DAFB1ACFDC62F 617984 ----a-w- C:\WINDOWS\Sysnative\StorSvc.dll
2016-03-22 07:23:15 9822B613AEB1CF24E05EFEE748160637 25088 ----a-w- C:\WINDOWS\Sysnative\irmon.dll
2016-03-22 07:23:15 98112F9B965646D338896FD7B13BB32E 1173344 ----a-w- C:\WINDOWS\Sysnative\aeinv.dll
2016-03-22 07:23:15 96BAB1499995B85B91C312BA5114CA03 1322248 ----a-w- C:\WINDOWS\Sysnative\ole32.dll
2016-03-22 07:23:15 95D2BD6AC94FB337AF69F8AFE056BEBE 147808 ----a-w- C:\WINDOWS\Sysnative\wermgr.exe
2016-03-22 07:23:15 907B65AD953EA159B573A0BCC82F6DB0 243712 ----a-w- C:\WINDOWS\Sysnative\cemapi.dll
2016-03-22 07:23:15 8EC4F381818F8A073DEC52C6D1ED9C76 86016 ----a-w- C:\WINDOWS\Sysnative\DeviceEnroller.exe
2016-03-22 07:23:15 8CDC28FB78253481353A882FA3139FBB 2654872 ----a-w- C:\WINDOWS\Sysnative\CoreUIComponents.dll
2016-03-22 07:23:15 8465AF051B7C887C0D163AB939FDF570 358752 ----a-w- C:\WINDOWS\Sysnative\msv1_0.dll
2016-03-22 07:23:15 83012CF88DF6EC835B2308941B47CA8A 7474528 ----a-w- C:\WINDOWS\Sysnative\ntoskrnl.exe
2016-03-22 07:23:15 80021DC2AF64B92F3FA8935C0D5C81D7 69632 ----a-w- C:\WINDOWS\Sysnative\wininetlui.dll
2016-03-22 07:23:15 7E81E3E0D7F83BFE3C3975020B6C7F12 163840 ----a-w- C:\WINDOWS\Sysnative\TimeBrokerServer.dll
2016-03-22 07:23:15 7C6B51E0233814D401905289AFD27BC5 1390592 ----a-w- C:\WINDOWS\Sysnative\win32kbase.sys
2016-03-22 07:23:15 7C20F3EC0BA5ACB8ED40CDEF41B0AC56 779384 ----a-w- C:\WINDOWS\Sysnative\taskschd.dll
2016-03-22 07:23:15 7BD715D15060E0B6E4AF222CA7120BD1 69632 ----a-w- C:\WINDOWS\Sysnative\EnterpriseDesktopAppMgmtCSP.dll
2016-03-22 07:23:15 77B2F9C522467B1FC8770028D09534DB 91648 ----a-w- C:\WINDOWS\Sysnative\asycfilt.dll
2016-03-22 07:23:15 7489ACBF86C3774E7EF0DC8C7616B07E 641536 ----a-w- C:\WINDOWS\Sysnative\enterprisecsps.dll
2016-03-22 07:23:15 722FA682ED9EA8B85FA843A5C8F39E61 2273792 ----a-w- C:\WINDOWS\Sysnative\wuaueng.dll
2016-03-22 07:23:15 7118498F6E48758A2EF5A7D1982E2B62 1139712 ----a-w- C:\WINDOWS\Sysnative\XblGameSave.dll
2016-03-22 07:23:15 70BA4CAAC5D621DCE88082DA0B1FF014 23552 ----a-w- C:\WINDOWS\Sysnative\ExtrasXmlParser.dll
2016-03-22 07:23:15 703430E9FFF072334B247B5E88428331 288768 ----a-w- C:\WINDOWS\Sysnative\vaultcli.dll
2016-03-22 07:23:15 6F9775D843AA4595A3F60A60829B11A9 1098752 ----a-w- C:\WINDOWS\Sysnative\dosvc.dll
2016-03-22 07:23:15 6E04BBE242E2889B37300C4DF5CE1126 3449168 ----a-w- C:\WINDOWS\Sysnative\WSService.dll
2016-03-22 07:23:15 6D31FB3E4263749BD994B3895322D799 982016 ----a-w- C:\WINDOWS\Sysnative\AppxPackaging.dll
2016-03-22 07:23:15 69B6B69C95E1FBDC796F5B2019A8B24D 791744 ----a-w- C:\WINDOWS\Sysnative\generaltel.dll
2016-03-22 07:23:15 6855984AA46D2452A7C518787E1F2643 1996288 ----a-w- C:\WINDOWS\Sysnative\ActiveSyncProvider.dll
2016-03-22 07:23:15 6817CD1A33EB94CDE8FBBCB7E3C4E469 1317640 ----a-w- C:\WINDOWS\Sysnative\winload.efi
2016-03-22 07:23:15 6807A6D971AA7A26245397ADDFE3B5D8 2755584 ----a-w- C:\WINDOWS\Sysnative\wininet.dll
2016-03-22 07:23:15 61C99C1A4BB5EE14563ED321A859ACB6 726528 ----a-w- C:\WINDOWS\Sysnative\ChatApis.dll
2016-03-22 07:23:15 5D88798FC34BB61C74256CDD66BDD205 318976 ----a-w- C:\WINDOWS\Sysnative\domgmt.dll
2016-03-22 07:23:15 5B50521452D87A439A87B1EAEBC138C7 208896 ----a-w- C:\WINDOWS\Sysnative\storewuauth.dll
2016-03-22 07:23:15 597AA6F5B21B1B15C87982FAFD1555EE 6607080 ----a-w- C:\WINDOWS\Sysnative\windows.storage.dll
2016-03-22 07:23:15 56027D21265759F4EADD0555E7915D9A 957952 ----a-w- C:\WINDOWS\Sysnative\SRH.dll
2016-03-22 07:23:15 5548D83C60E37CBB1B451A1108D4142C 513888 ----a-w- C:\WINDOWS\Sysnative\devinv.dll
2016-03-22 07:23:15 5125BB69518578E5EDC4117BABF2A687 874968 ----a-w- C:\WINDOWS\Sysnative\winresume.exe
2016-03-22 07:23:15 50007CDB0F9801A7186F3E81D3377D12 2773096 ----a-w- C:\WINDOWS\Sysnative\d3d11.dll
2016-03-22 07:23:15 4C3A93515CA70A7017CBA3A6A95CF080 121856 ----a-w- C:\WINDOWS\Sysnative\AppointmentActivation.dll
2016-03-22 07:23:15 46D84D62993CEB88542EFA438F4D6E82 167936 ----a-w- C:\WINDOWS\Sysnative\dafBth.dll
2016-03-22 07:23:15 45FDB4ACF680DF92D6510F77E7FF3E7F 713568 ----a-w- C:\WINDOWS\Sysnative\invagent.dll
2016-03-22 07:23:15 3DF25A56F18D2AB4CF58C1300C8CD323 2158592 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentServer.dll
2016-03-22 07:23:15 3CE8EBC0B1A74A7AC639C5FAFC549CCA 436736 ----a-w- C:\WINDOWS\Sysnative\AppXDeploymentClient.dll
2016-03-22 07:23:15 39D5E08E69BFC5CBFA94EE09656D6427 1713664 ----a-w- C:\WINDOWS\Sysnative\SRHInproc.dll
2016-03-22 07:23:15 3932940E0DB7A31B00A415F6B3D3E242 700416 ----a-w- C:\WINDOWS\Sysnative\AppointmentApis.dll
2016-03-22 07:23:15 333F190DFAE2E1EE500234B78ADDA297 640472 ----a-w- C:\WINDOWS\Sysnative\wer.dll
2016-03-22 07:23:15 32509061F29DA432B62336A4462ADEBF 3593216 ----a-w- C:\WINDOWS\Sysnative\win32kfull.sys
2016-03-22 07:23:15 2E165E1CF278FC2B4959B825642A595B 558080 ----a-w- C:\WINDOWS\Sysnative\MBMediaManager.dll
2016-03-22 07:23:15 2DDEA2BEDD3169F483C9BE610ADFE8B1 8705672 ----a-w- C:\WINDOWS\Sysnative\Windows.Media.Protection.PlayReady.dll
2016-03-22 07:23:15 2BCCAEB08EAF8C5D6BD024B3F020D0EA 790528 ----a-w- C:\WINDOWS\Sysnative\EmailApis.dll
2016-03-22 07:23:15 29C0CB42B16F323AB8003A73B7E81DD5 1141504 ----a-w- C:\WINDOWS\Sysnative\winload.exe
2016-03-22 07:23:15 28CFFDB411375B2BBB0EBF295ABAEF29 382464 ----a-w- C:\WINDOWS\Sysnative\wuuhext.dll
2016-03-22 07:23:15 2771EBB565F5C121E66060B173991D4D 1490432 ----a-w- C:\WINDOWS\Sysnative\UserDataService.dll
2016-03-22 07:23:15 2362BCA98EAF8CE0487664467F720861 178176 ----a-w- C:\WINDOWS\Sysnative\psmsrv.dll
2016-03-22 07:23:15 215C9C65601378F56BEECDECBD1EF4AE 216416 ----a-w- C:\WINDOWS\Sysnative\AppxAllUserStore.dll
2016-03-22 07:23:15 21098276051C6BEBBA7C8EB79AAF4E22 938496 ----a-w- C:\WINDOWS\Sysnative\ContactApis.dll
2016-03-22 07:23:15 20E6B1B1F23615B5CF21AC3CE0A2E227 52224 ----a-w- C:\WINDOWS\Sysnative\jsproxy.dll
2016-03-22 07:23:15 1D445E497D7BE9566D51BD60CA8B8CE7 175616 ----a-w- C:\WINDOWS\Sysnative\Windows.UI.Core.TextInput.dll
2016-03-22 07:23:15 1D00BBEEE33FA7F64A8CBFF471968CB0 195072 ----a-w- C:\WINDOWS\Sysnative\VCardParser.dll
2016-03-22 07:23:15 1A0945D67F0499600E7B43A69210EC5B 41984 ----a-w- C:\WINDOWS\Sysnative\TimeBrokerClient.dll
2016-03-22 07:23:15 04F7878E7017105AB782353231561749 252928 ----a-w- C:\WINDOWS\Sysnative\PimIndexMaintenance.dll
2016-03-22 07:23:15 04BB77409644685810DBD63D86F5720E 99328 ----a-w- C:\WINDOWS\Sysnative\ngckeyenum.dll
2016-03-22 07:23:15 023338E1DA5B6E5C2EFC7E5ADA7929C5 685568 ----a-w- C:\WINDOWS\Sysnative\scapi.dll
2016-03-22 07:23:15 020AD2DA67F206DC160053F88454A0D4 111616 ----a-w- C:\WINDOWS\Sysnative\UserDataTimeUtil.dll
2016-03-22 07:23:14 FBC8C56814642A7CA88ACBCA8DD1121F 145408 ----a-w- C:\WINDOWS\Sysnative\dssvc.dll
2016-03-22 07:23:14 F7526C133AC265F283012E9CD751F873 625000 ----a-w- C:\WINDOWS\Sysnative\ClipSVC.dll
2016-03-22 07:23:14 F66EEB5365413D4B968C5B51D25F88B8 141560 ----a-w- C:\WINDOWS\Sysnative\AuthHost.exe
2016-03-22 07:23:14 C62ACC8B1B1136464583F871EBB4ACE1 1946624 ----a-w- C:\WINDOWS\Sysnative\dwmcore.dll
2016-03-22 07:23:14 B8CBDF64077D764D26E6E0255270B7BF 224256 ----a-w- C:\WINDOWS\Sysnative\PackageStateRoaming.dll
2016-03-22 07:23:14 B174232356859EBB0CF8FA950119DA1E 159232 ----a-w- C:\WINDOWS\Sysnative\DeviceCensus.exe
2016-03-22 07:23:14 A407435633C74CB1D6911DC05A90D939 2912256 ----a-w- C:\WINDOWS\Sysnative\CertEnroll.dll
2016-03-22 07:23:14 9CB84B6398F10BCF0CE357F2C7B6056D 286720 ----a-w- C:\WINDOWS\Sysnative\deviceaccess.dll
2016-03-22 07:23:14 797497201A406D6CFDB72FE0545F990C 6972416 ----a-w- C:\WINDOWS\Sysnative\Windows.Data.Pdf.dll
2016-03-22 07:23:14 7890990143812A452858058BBD52149F 297472 ----a-w- C:\WINDOWS\Sysnative\thumbcache.dll
2016-03-22 07:23:14 5CBB046266CD7CD1593354C93BCDBE91 870400 ----a-w- C:\WINDOWS\Sysnative\modernexecserver.dll
2016-03-22 07:23:14 5B5F518D6487FDCC9C40A74D3C72B8EE 828928 ----a-w- C:\WINDOWS\Sysnative\Windows.AccountsControl.dll
2016-03-22 07:23:14 497EB340D13433E8FE53625103E0C2D0 146432 ----a-w- C:\WINDOWS\Sysnative\AuthBroker.dll
2016-03-22 07:23:14 4098813724BDAC23A74DD6E75CA360CC 450560 ----a-w- C:\WINDOWS\Sysnative\Windows.Internal.Bluetooth.dll
2016-03-22 07:23:14 405A419F4CDAC3C18F91FEDBD146C0A8 948736 ----a-w- C:\WINDOWS\Sysnative\XblAuthManager.dll
2016-03-22 07:23:14 3EEB5260D4321F7F124955E1D228FDF2 274944 ----a-w- C:\WINDOWS\Sysnative\DisplayManager.dll
2016-03-22 07:23:14 1C8474EF741ABA77E53BE94DE8E89D26 990720 ----a-w- C:\WINDOWS\Sysnative\SettingSyncCore.dll
2016-03-22 07:23:14 15D174719872A30F2FDD6B5B1B8BA5D9 1613664 ----a-w- C:\WINDOWS\Sysnative\diagtrack.dll
2016-03-22 07:23:14 0FEE16BB03B1A97A70121165E7414903 67584 ----a-w- C:\WINDOWS\Sysnative\profext.dll
2016-03-22 07:08:27 E91942A0D00C6AA014B2EA33EE0ED0A3 35480 ----a-w- C:\WINDOWS\Sysnative\TsWpfWrp.exe
2016-03-22 07:08:27 E2296A6174894682DF8F0FF29FDDCC82 1166520 ----a-w- C:\WINDOWS\Sysnative\PresentationNative_v0300.dll
2016-03-22 07:08:27 C5FEF4B4A7FB961ECDB0AB07DBCF379E 124624 ----a-w- C:\WINDOWS\Sysnative\PresentationCFFRasterizerNative_v0300.dll
2016-03-22 07:07:58 48E7F01CD9246CAF86702F5CB9100C9F 1087488 ----a-w- C:\WINDOWS\Sysnative\reseteng.dll
2016-03-22 07:07:58 20B48DC4AF4492B31A756528444BDA8C 304752 ----a-w- C:\WINDOWS\Sysnative\systemreset.exe
2016-03-22 04:06:20 976AFCB2733FBFC34DEAF117D2F2330C 22744 ----a-w- C:\WINDOWS\Sysnative\emptyregdb.dat
2016-03-22 03:36:42 F5923F5B5EDF56A2FCEF46D2AA85530E 1166136 ----a-w- C:\WINDOWS\Sysnative\PerfStringBackup.INI
2016-03-22 03:33:24 FFA1A0DD5C18130DABE0F68D6F1EBFBA 162816 ----a-w- C:\WINDOWS\Sysnative\AESTAC64.dll
2016-03-22 03:33:24 E571EABD1753F1A1474C1EA8C2AD0B36 442368 ----a-w- C:\WINDOWS\Sysnative\AESTEC64.dll
2016-03-22 03:33:24 C469893743E18BA547DB3C7ED98B32F5 68608 ----a-w- C:\WINDOWS\Sysnative\AESTAR64.dll
2016-03-22 03:33:23 5F9479B2BD3575E789F06F4DEB86C9E0 90624 ----a-w- C:\WINDOWS\Sysnative\AESTCo64.dll
2016-03-22 03:33:23 1FA12C7246E4C4FC93541D318527CC27 3462656 ----a-w- C:\WINDOWS\Sysnative\stlang64.dll
2016-03-22 03:33:23 134C6D378B75C61365EEA000E90C4701 12812800 ----a-w- C:\WINDOWS\Sysnative\idtcpl64.cpl
2016-03-19 01:17:30 4EA9F4738CE519E3D8C31A41AE2DE822 14634496 ----a-w- C:\WINDOWS\Sysnative\wmp(337).dll
2016-03-18 19:07:06 81A506305EA2DBA0E0EE33332B642143 968704 ----a-w- C:\WINDOWS\Sysnative\MsSpellCheckingFacility.exe
2016-03-18 19:07:01 93D65A0011C3DC4F7422624068A6A4FC 1359360 ----a-w- C:\WINDOWS\Sysnative\mshtmlmedia.dll
====== C:\WINDOWS\Sysnative\drivers =====
2016-03-25 16:22:37 0D5A09B08568760AE85A801FCBC0F83D 28272 ----a-w- C:\WINDOWS\Sysnative\drivers\TrueSight.sys
2016-03-25 04:07:46 719B704109B933D819093CDDB156A7F1 1070904 ----a-w- C:\WINDOWS\Sysnative\drivers\aswsnx.sys
2016-03-25 04:07:45 1459AAD5C6A66A458C2D57EE6E080FA5 107792 ----a-w- C:\WINDOWS\Sysnative\drivers\aswmonflt.sys
2016-03-25 04:06:42 43F46E7D103F46EC345B1056BDD2A60B 463744 ----a-w- C:\WINDOWS\Sysnative\drivers\aswsp.sys
2016-03-25 04:06:29 B5479D1DB58E6080DD1E03F970C6D0F3 552880 ----a-w- C:\WINDOWS\Sysnative\drivers\aswnetsec.sys
2016-03-25 04:05:54 9949BBD5BB70C4D317B7549896132579 287016 ----a-w- C:\WINDOWS\Sysnative\drivers\aswvmm.sys
2016-03-25 03:44:40 AECE9E699CAC76DC993BB988652B5AD8 37144 ----a-w- C:\WINDOWS\Sysnative\drivers\aswKbd.sys
2016-03-25 03:44:40 7E66DFE6B62C6C34FD6B09DB6169E9F6 37656 ----a-w- C:\WINDOWS\Sysnative\drivers\aswHwid.sys
2016-03-25 03:44:40 219D0E2348629FAE4E6E3478C21B23D6 165344 ----a-w- C:\WINDOWS\Sysnative\drivers\aswStm.sys
2016-03-25 03:44:40 0AA12ADF5F87B4A70BDBAED77F54B978 74544 ----a-w- C:\WINDOWS\Sysnative\drivers\aswRvrt.sys
2016-03-25 03:44:40 0866D5FE02D614501B7B4AD5E1BC7B53 103064 ----a-w- C:\WINDOWS\Sysnative\drivers\aswRdr2.sys
2016-03-24 14:28:12 754C2DDD1913332B4BF11FACF80D7B13 287016 ----a-w- C:\WINDOWS\Sysnative\drivers\aswvmm.sys.1458829693703
2016-03-24 14:28:00 E4D644C795019BF28F34D902CB53190F 286440 ----a-w- C:\WINDOWS\Sysnative\drivers\aswvmm.sys.1458829692109
2016-03-24 14:28:00 C445C4459ADC7A04E02D4646980515FC 1065720 ----a-w- C:\WINDOWS\Sysnative\drivers\aswsnx.sys.1458829700859
2016-03-24 14:28:00 99B1202BE83B7599B681D3AEBA99D3EB 552368 ----a-w- C:\WINDOWS\Sysnative\drivers\aswnetsec.sys.1458829696875
2016-03-24 14:28:00 6538FDD733D155F901913D3C09C618CB 463744 ----a-w- C:\WINDOWS\Sysnative\drivers\aswsp.sys.1458829696234
2016-03-24 14:28:00 259ABA699202DCE45815128D7BEAE41E 107792 ----a-w- C:\WINDOWS\Sysnative\drivers\aswmonflt.sys.1458829700859
2016-03-24 14:18:36 5545FB5B49268C903F311849DB1942ED 423240 ----a-w- C:\WINDOWS\Sysnative\drivers\foipqsrm.sys
2016-03-23 23:13:42 59F6320772A2E6B0B3587536BE4CC022 316168 ----a-w- C:\WINDOWS\Sysnative\drivers\tmcomm.sys
2016-03-22 17:04:57 898415AC0B5F1D2A9A48ABCB68A6DC4B 65408 ----a-w- C:\WINDOWS\Sysnative\drivers\mwac.sys
2016-03-22 17:04:57 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\WINDOWS\Sysnative\drivers\mbam.sys
2016-03-22 17:04:57 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\WINDOWS\Sysnative\drivers\mbamchameleon.sys
2016-03-22 14:36:13 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-03-22 07:23:20 1A490555FD330CA2764D89191177C867 285696 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb10.sys
2016-03-22 07:23:19 E3C82823B22463BC38AA4F8ADA852624 104960 ----a-w- C:\WINDOWS\Sysnative\drivers\rasl2tp.sys
2016-03-22 07:23:19 A4411C522D41707D5BCA817A5BB9E30B 114688 ----a-w- C:\WINDOWS\Sysnative\drivers\bridge.sys
2016-03-22 07:23:19 58BFFEF692A47FCE3FAAEDBC8F3DCBBB 2152288 ----a-w- C:\WINDOWS\Sysnative\drivers\ntfs.sys
2016-03-22 07:23:19 0B3B0C1D86050355676640488FA897D3 430944 ----a-w- C:\WINDOWS\Sysnative\drivers\mrxsmb.sys
2016-03-22 07:23:15 F45665E77D11F3C1552EDBEAD1559DC8 1997152 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgkrnl.sys
2016-03-22 07:23:15 EDDB0D726DBECDFC1DBCC6DB464E5A13 146272 ----a-w- C:\WINDOWS\Sysnative\drivers\appid.sys
2016-03-22 07:23:15 64D4F5DE44B64B8284BADE5819B5195A 394080 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms1.sys
2016-03-22 07:23:15 33190E86460C4FF7382848187463DC28 576864 ----a-w- C:\WINDOWS\Sysnative\drivers\dxgmms2.sys
2016-03-22 07:23:14 F279536122B83FD0D8E158AA753E1B7C 238592 ----a-w- C:\WINDOWS\Sysnative\drivers\xboxgip.sys
2016-03-22 07:23:14 DBACD4E4FE191D0CE7C624ACA389535E 29696 ----a-w- C:\WINDOWS\Sysnative\drivers\xinputhid.sys
2016-03-22 07:23:14 B7E1CAA9429E4C3E7E01CB35B97E1536 534368 ----a-w- C:\WINDOWS\Sysnative\drivers\USBHUB3.SYS
2016-03-22 07:23:14 8949F77132A4F8F3BA17C6727099F002 127840 ----a-w- C:\WINDOWS\Sysnative\drivers\USBSTOR.SYS
2016-03-22 07:23:14 469441BAE3FF8A16826FC62C51EF5E18 563552 ----a-w- C:\WINDOWS\Sysnative\drivers\acpi.sys
2016-03-22 07:07:58 F871CE85AF64D81A9CB6C361CF797144 185184 ----a-w- C:\WINDOWS\Sysnative\drivers\dumpsd.sys
2016-03-22 07:07:58 70165A0A2653FB8AFDE3D85000727F29 277856 ----a-w- C:\WINDOWS\Sysnative\drivers\sdbus.sys
2016-03-22 03:33:49 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_WUDFUsbccidDriver_01_09_00.Wdf
2016-03-22 03:33:11 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-03-22 03:33:08 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_SensorsAlsDriver_01_11_00.Wdf
2016-03-22 03:33:02 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_User_ushwbfdrv_01_09_00.Wdf
2016-03-22 03:33:02 D41D8CD98F00B204E9800998ECF8427E 0 ---ha-w- C:\WINDOWS\Sysnative\drivers\Msft_Kernel_wbfcvusbdrv_01009.Wdf
====== C:\WINDOWS\Tasks ======
2016-03-25 03:45:39 D7CBE4E8FBEDDE8B5D7B021AE6B274A4 3182 ----a-w- C:\WINDOWS\Sysnative\Tasks\SafeZone scheduled Autoupdate 1458877531
2016-03-24 14:49:13 77D61E128CAD5C9791FF5FD4F815F30A 214 ----a-w- C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-03-24 14:32:33 8744BD5D948F0A7F0DE1DE2B3834F948 3168 ----a-w- C:\WINDOWS\Sysnative\Tasks\SafeZone scheduled Autoupdate 1458829944
2016-03-24 14:31:53 D9BB873B507DC4AAB7D33B0AD48C2DAF 4006 ----a-w- C:\WINDOWS\Sysnative\Tasks\avast! Emergency Update
2016-03-24 04:34:18 DA9931B55DBA167EBB58936930FD7323 3176 ----a-w- C:\WINDOWS\Sysnative\Tasks\SafeZone scheduled Autoupdate 1458657088
====== C:\WINDOWS\Temp ======
======= C:\Program Files =====
2016-03-25 19:28:26 -------- d-----w- C:\Program Files\Core Temp
2016-03-22 07:09:29 -------- d-----w- C:\Program Files\Reference Assemblies
2016-03-22 07:09:29 -------- d-----w- C:\Program Files\MSBuild
2016-03-22 03:43:43 -------- d-----w- C:\Program Files\Common Files\SpeechEngines
2016-03-22 03:33:24 -------- d---a-w- C:\Program Files\IDT
2016-03-22 03:33:09 -------- d-----w- C:\Program Files\Synaptics
======= C:\PROGRA~2 =====
2016-03-26 10:14:47 -------- d-----w- C:\PROGRA~2\COMMON~1\Java
2016-03-24 17:07:38 12964920 ----a-w- C:\PROGRA~2\COMMON~1\wruninstall.exe
2016-03-22 07:09:29 -------- d---a-w- C:\PROGRA~2\MSBuild
2016-03-22 07:09:29 -------- d-----w- C:\PROGRA~2\Reference Assemblies
2016-03-22 03:43:49 -------- d-----w- C:\PROGRA~2\COMMON~1\SpeechEngines
2016-03-18 20:06:01 -------- d-----w- C:\PROGRA~2\AdwCleaner
2016-03-18 13:52:15 -------- d-----w- C:\PROGRA~2\DLL Suite
======= C: =====
2016-03-22 02:55:26 93B885ADFE0DA089CDF634904FD59F71 1 --sha-w- C:\BOOTNXT
====== C:\Users\SailorMama\AppData\Roaming ======
2016-03-26 09:08:59 -------- d-----w- C:\Users\SailorMama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-03-26 09:08:48 -------- d-----w- C:\Users\SailorMama\AppData\Local\Deployment
2016-03-24 18:12:07 -------- d-----w- C:\Users\SailorMama\AppData\Local\ElevatedDiagnostics
2016-03-24 17:07:35 -------- d-----w- C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-03-24 14:30:52 -------- d-----w- C:\Users\SailorMama\AppData\Local\Google
2016-03-24 13:43:47 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\Publishers
2016-03-24 13:43:47 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\Publishers
2016-03-24 13:42:31 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\Packages
2016-03-24 13:42:31 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\Packages
2016-03-24 13:42:29 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\TileDataLayer
2016-03-24 13:42:29 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\TileDataLayer
2016-03-24 13:42:18 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\LocalLow
2016-03-24 13:42:18 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\LocalLow
2016-03-24 13:42:17 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\Roaming
2016-03-24 13:42:17 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\Roaming
2016-03-24 13:42:17 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\Temp
2016-03-24 13:42:17 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\Temp
2016-03-24 13:42:17 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\Microsoft Help
2016-03-24 13:42:17 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\Microsoft Help
2016-03-24 13:42:17 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\Microsoft
2016-03-24 13:42:17 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\Microsoft
2016-03-24 13:42:17 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\Local
2016-03-24 13:42:17 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\AppData\Local
2016-03-24 02:39:50 -------- d-----w- C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Roaming
2016-03-24 02:39:50 -------- d-----w- C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Temp
2016-03-24 02:39:50 -------- d-----w- C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Microsoft Help
2016-03-24 02:39:50 -------- d-----w- C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local\Microsoft
2016-03-24 02:39:50 -------- d-----w- C:\Users\DefaultAppPool.IIS APPPOOL\AppData\Local
2016-03-22 19:39:13 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\CrashDumps
2016-03-22 13:28:01 -------- d-----w- C:\Users\SailorMama\AppData\Local\MicrosoftEdge
2016-03-22 13:15:40 -------- d-----w- C:\Users\SailorMama\AppData\Local\Comms
2016-03-22 13:05:00 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\DataSharing
2016-03-22 12:57:20 -------- d-----w- C:\Users\SailorMama\AppData\Local\Publishers
2016-03-22 12:54:32 -------- d-----w- C:\Users\SailorMama\AppData\Local\Packages
2016-03-22 12:54:30 -------- d-----w- C:\Users\SailorMama\AppData\Local\TileDataLayer
2016-03-22 04:06:32 -------- d-----w- C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Packages
2016-03-22 03:54:32 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft
2016-03-22 03:50:04 -------- d-----w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
2016-03-22 03:50:04 -------- d-----w- C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
2016-03-22 03:50:04 -------- d-----w- C:\Users\Default\AppData\Local\Microsoft Help
2016-03-22 03:50:04 -------- d-----w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools
2016-03-22 03:50:04 -------- d-----w- C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Accessibility
2016-03-22 03:50:04 -------- d-----w- C:\Users\Default User\AppData\Local\Microsoft Help
2016-03-22 03:39:45 -------- d-s---r- C:\Users\SailorMama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2016-03-22 03:39:45 -------- d-----w- C:\Users\SailorMama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2016-03-22 03:39:45 -------- d-----w- C:\Users\SailorMama\AppData\Roaming
2016-03-22 03:39:45 -------- d-----w- C:\Users\SailorMama\AppData\Local\Temp
2016-03-22 03:39:45 -------- d-----w- C:\Users\SailorMama\AppData\Local\Microsoft
2016-03-22 03:39:45 -------- d-----w- C:\Users\SailorMama\AppData\Local
2016-03-22 03:39:45 -------- d-----r- C:\Users\SailorMama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2016-03-22 03:39:45 -------- d-----r- C:\Users\SailorMama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2016-03-22 03:39:45 -------- d-----r- C:\Users\SailorMama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2016-03-22 03:39:45 -------- d-----r- C:\Users\SailorMama\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
====== C:\Users\SailorMama ======
2016-03-26 13:28:30 F794E988B53804105BF915ABDAFAFCD7 891392 ----a-w- C:\Users\SailorMama\Desktop\MiniToolBox.exe
2016-03-26 12:26:45 2BD9A786C7E1DD2A792F9303065DB40F 4194304 ----a-w- C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bin
2016-03-26 10:13:07 FE65F17EACB8C525B9224AC653E66640 734784 ----a-w- C:\Users\SailorMama\Downloads\JavaSetup8u77.exe
2016-03-26 10:05:21 F1383114CC6E1C8B5C8C8D35006313A5 215849384 ----a-w- C:\Users\SailorMama\Downloads\341.92-quadro-desktop-notebook-win10-64bit-international-whql.exe
2016-03-26 09:32:51 B5020B9C07D38D1851E3F4C833017EBB 196608 ----a-w- C:\WINDOWS\serviceprofiles\networkservice\msmqlog.bak
2016-03-25 19:28:27 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Core Temp
2016-03-24 22:12:48 -------- d-----w- C:\ProgramData\WRData
2016-03-24 13:45:45 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\OneDrive
2016-03-24 13:45:45 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\OneDrive
2016-03-24 13:42:33 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Searches
2016-03-24 13:42:33 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Searches
2016-03-24 13:42:32 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Podcasts
2016-03-24 13:42:32 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Podcasts
2016-03-24 13:42:32 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Contacts
2016-03-24 13:42:32 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Contacts
2016-03-24 13:42:19 D7744DF181306CEC9B77B7DCB2BFE54B 442 --sha-r- C:\Users\Administrator.BlueBelleE6400\ntuser.pol
2016-03-24 13:42:19 D7744DF181306CEC9B77B7DCB2BFE54B 442 --sha-r- C:\Users\Administrator.BlueBelleE6400\ntuser.pol
2016-03-24 13:42:18 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Administrator.BlueBelleE6400\ntuser.ini
2016-03-24 13:42:18 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\Administrator.BlueBelleE6400\ntuser.ini
2016-03-24 13:42:17 -------- d--h--w- C:\Users\Administrator.BlueBelleE6400\AppData
2016-03-24 13:42:17 -------- d--h--w- C:\Users\Administrator.BlueBelleE6400\AppData
2016-03-24 13:42:17 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\Cookies
2016-03-24 13:42:17 -------- d-----w- C:\Users\Administrator.BlueBelleE6400\Cookies
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Videos
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Videos
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Saved Games
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Saved Games
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Pictures
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Pictures
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Music
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Music
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Links
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Links
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Favorites
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Favorites
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Downloads
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Downloads
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Documents
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Documents
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Desktop
2016-03-24 13:42:17 -------- d-----r- C:\Users\Administrator.BlueBelleE6400\Desktop
2016-03-24 03:29:22 D9D59BD0D90893F9AE9F875B30A382AE 2374144 ----a-w- C:\Users\SailorMama\Desktop\FRST64.exe
2016-03-24 02:39:51 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\DefaultAppPool.IIS APPPOOL\ntuser.ini
2016-03-24 02:39:50 -------- d--h--w- C:\Users\DefaultAppPool.IIS APPPOOL\AppData
2016-03-24 02:39:50 -------- d-----w- C:\Users\DefaultAppPool.IIS APPPOOL\Saved Games
2016-03-24 02:39:50 -------- d-----w- C:\Users\DefaultAppPool.IIS APPPOOL\Cookies
2016-03-24 02:39:50 -------- d-----r- C:\Users\DefaultAppPool.IIS APPPOOL\Videos
2016-03-24 02:39:50 -------- d-----r- C:\Users\DefaultAppPool.IIS APPPOOL\Pictures
2016-03-24 02:39:50 -------- d-----r- C:\Users\DefaultAppPool.IIS APPPOOL\Music
2016-03-24 02:39:50 -------- d-----r- C:\Users\DefaultAppPool.IIS APPPOOL\Links
2016-03-24 02:39:50 -------- d-----r- C:\Users\DefaultAppPool.IIS APPPOOL\Favorites
2016-03-24 02:39:50 -------- d-----r- C:\Users\DefaultAppPool.IIS APPPOOL\Downloads
2016-03-24 02:39:50 -------- d-----r- C:\Users\DefaultAppPool.IIS APPPOOL\Documents
2016-03-24 02:39:50 -------- d-----r- C:\Users\DefaultAppPool.IIS APPPOOL\Desktop
2016-03-23 20:47:58 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX890 series
2016-03-22 13:00:10 -------- d-----r- C:\Users\SailorMama\OneDrive
2016-03-22 12:54:06 D7744DF181306CEC9B77B7DCB2BFE54B 442 --sha-r- C:\Users\SailorMama\ntuser.pol
2016-03-22 12:54:00 6FC234AD3752E1267B34FB12BCD6718B 20 --sh--w- C:\Users\SailorMama\ntuser.ini
2016-03-22 03:55:25 -------- d-----w- C:\WINDOWS\sysWoW64\config\systemprofile\.oracle_jre_usage
2016-03-22 03:50:04 -------- d-----w- C:\Users\Default\Cookies
2016-03-22 03:39:45 -------- d--h--w- C:\Users\SailorMama\AppData
2016-03-21 17:29:34 -------- d-----w- C:\ProgramData\Logs
2016-03-21 17:29:33 -------- d-----w- C:\ProgramData\TEMP
2016-03-19 20:25:39 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TurboTax 2015
2016-03-18 22:10:34 -------- d-----r- C:\Users\Public\Recorded TV
2016-03-04 16:39:09 -------- d-----w- C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2016-02-25 21:28:19 -------- d--h--w- C:\ProgramData\CanonIJETV
====== C: exe-files ==
2016-03-26 13:28:30 F794E988B53804105BF915ABDAFAFCD7 891392 ----a-w- C:\Users\SailorMama\Desktop\MiniToolBox.exe
2016-03-26 10:15:54 C31F1BDBB1902458FA15515BD0D8340B 0 ----a-we C:\ProgramData\Oracle\Java\javapath\java.exe
2016-03-26 10:15:54 A5AECC1529B64CB123B1880D3AD0F1AE 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaws.exe
2016-03-26 10:15:54 2AD9EFBB015490AA315707BAC2BFD816 0 ----a-we C:\ProgramData\Oracle\Java\javapath\javaw.exe
2016-03-26 10:14:17 F85C40988E94C2F463508FBEE94025BF 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\kinit.exe
2016-03-26 10:14:17 F4E94CBB9DEF622171D8943F2160B214 51776 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssvagent.exe
2016-03-26 10:14:17 E2AF676759086BAE2F16D6B5033E7F46 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\policytool.exe
2016-03-26 10:14:17 D709404CB67D09946628987244B98A60 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\servertool.exe
2016-03-26 10:14:17 D62B10425DC16A177CB64D6B0356F915 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\jjs.exe
2016-03-26 10:14:17 C558C87F624CF96F812028165190EEDE 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\pack200.exe
2016-03-26 10:14:17 C1F46A7656D1DED6326D8E28B1CF1862 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\rmiregistry.exe
2016-03-26 10:14:17 AC4F3A4F853070419C9E8479B3868103 16448 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\tnameserv.exe
2016-03-26 10:14:17 A756D5633F6596B0E4711E60D3F61BCA 16448 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\orbd.exe
2016-03-26 10:14:17 A48BDE309534612FBA41D58E754A38BE 159296 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\unpack200.exe
2016-03-26 10:14:17 8DF0EA1993F98096557A4AFA6235DE4E 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\rmid.exe
2016-03-26 10:14:17 724998551979EB4E0DF53CA3994AF035 77888 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2launcher.exe
2016-03-26 10:14:17 5192C3656176D1D21D21372E1061D1A4 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\ktab.exe
2016-03-26 10:14:17 4CC7AA4DCC143BB06999A62B8763EA6C 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\keytool.exe
2016-03-26 10:14:17 26E779D9D96192E312E5DC042E993DED 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\klist.exe
2016-03-26 10:14:16 D763E321831C859D9195ADF15A951E95 15936 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\java-rmi.exe
2016-03-26 10:14:16 C31F1BDBB1902458FA15515BD0D8340B 191040 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\java.exe
2016-03-26 10:14:16 AAADCD8DA5BCE8986D6FEC09FAB7B70D 68672 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\javacpl.exe
2016-03-26 10:14:16 A5AECC1529B64CB123B1880D3AD0F1AE 268352 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\javaws.exe
2016-03-26 10:14:16 6101EC702C56D5F688AA578AC457A440 30784 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\jabswitch.exe
2016-03-26 10:14:16 2AD9EFBB015490AA315707BAC2BFD816 191552 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\bin\javaw.exe
2016-03-26 09:25:55 FAF96A2F5FE795EC15056F1D904B24C1 26930080 ----a-w- C:\Users\SailorMama\AppData\Local\Apps\2.0\O1TB9R5O.3DH\E2DG5GT9.32L\dell..tion_6d0a76327dca4869_0007.0003_a90ffe7d1431644d\Drivers\InvColPC_7.1.0.9999.exe
2016-03-26 09:08:59 EE98E941470EB37A72C3964789FFDA18 310216 ------w- C:\Users\SailorMama\AppData\Local\Apps\2.0\O1TB9R5O.3DH\E2DG5GT9.32L\dell..tion_6d0a76327dca4869_0007.0003_a90ffe7d1431644d\DellSystemDetect.exe
2016-03-26 09:08:59 7F18D8BD246C2F4595E2C3729ACD058A 46536 ------w- C:\Users\SailorMama\AppData\Local\Apps\2.0\O1TB9R5O.3DH\E2DG5GT9.32L\dell..tion_6d0a76327dca4869_0007.0003_a90ffe7d1431644d\Uninstaller.exe
2016-03-25 19:28:26 F995715799B81B5BE41BC4D2E5E58E06 891344 ----a-w- C:\Program Files\Core Temp\Core Temp.exe
2016-03-25 19:28:26 467E3D2E77E846B0EDB07B4DEDD5215E 1193161 ----a-w- C:\Program Files\Core Temp\unins000.exe
2016-03-24 17:07:38 6085CA8297985BDA3E4A91EEB38AD3A3 12964920 ----a-w- C:\Program Files (x86)\Common Files\wruninstall.exe
2016-03-24 13:46:09 61F488AC3053DEB2AADB6A34DEBC8876 551104 ----a-w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\Microsoft\OneDrive\OneDrive.exe
2016-03-24 13:46:08 E4D26B91BBDC51ADF460F371323AECD1 8076992 ----a-w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
2016-03-24 13:46:08 E4D26B91BBDC51ADF460F371323AECD1 8076992 ----a-w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\OneDriveSetup.exe
2016-03-24 13:45:56 092405FB2D6BC20668BEA02647FE2393 164040 ----a-w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncConfig.exe
2016-03-24 13:45:55 1E9D2587344160BB2AF16C503F062868 171712 ----a-w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe
2016-03-24 04:51:34 1CB698757D7C855B2868A6EAF2E55A66 5956080 ----a-w- C:\Users\SailorMama\Documents\Software\Avast\avastclear.exe
2016-03-24 03:29:22 D9D59BD0D90893F9AE9F875B30A382AE 2374144 ----a-w- C:\Users\SailorMama\Desktop\FRST64.exe
2016-03-24 03:28:19 C455110B3E233303D7183BE33D0400C0 457632 ----a-w- C:\Users\SailorMama\Documents\Software\AntiVirusMalwareEtc\FixExec.exe
2016-03-24 03:24:01 53D6577E4957FDA214B7CE6DBD092A1B 463688 ----a-w- C:\Users\SailorMama\Documents\Software\AntiVirusMalwareEtc\sc-cleaner.exe
2016-03-24 02:21:08 D41D8CD98F00B204E9800998ECF8427E 0 ----a-w- C:\ProgramData\IObit\ASCDownloader\ASC8\Java Runtime Environment 8.exe
2016-03-24 01:29:05 D652BFCF530F2E5E449D4740988CBDE9 11853384 ----a-w- C:\Program Files\RogueKiller\Updater.exe
2016-03-24 01:29:04 D06B44637012B9FB47E1AB7F26EF602B 8645704 ----a-w- C:\Program Files\RogueKiller\RogueKillerCMD64.exe
2016-03-24 01:29:01 6E872D0CBB7AA5C7D634FE436AC999E3 796744 ----a-w- C:\Program Files\RogueKiller\unins000.exe
2016-03-24 01:29:01 56A2916F97D9547AE3750FE199E13012 25169992 ----a-w- C:\Program Files\RogueKiller\RogueKiller64.exe
2016-03-23 22:58:29 086799C07332F3E3C1D29D7B7D6FD114 1530368 ----a-w- C:\Users\SailorMama\Documents\Software\AntiVirusMalwareEtc\adwcleaner_5.105.exe
2016-03-23 20:47:46 C1DDF24C40BA13D1015890431A9D7B5F 468112 ----a-w- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe
2016-03-23 20:47:46 09106822B056876C9833CCB7FA39EA0F 423080 ---ha-w- C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSU.exe
2016-03-23 20:46:36 3E030B75567D4FBE89E3857BD16DE092 64192 ------w- C:\Program Files\CanonBJ\IJPrinter\Canon MX890 series\IJDIA6.exe
2016-03-23 19:19:52 C5B68AC8EC40CAB217AB4F479B953B54 2870984 ----a-w- C:\Users\SailorMama\Documents\Software\AntiVirusMalwareEtc\esetsmartinstaller_enu.exe
2016-03-22 15:39:08 FCE2E90882D41C8FFCD5E2A8C56D2A6F 324864 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\registry_backup_tool\TweakingRegistryBackup.exe
2016-03-22 15:39:08 ED94A8B1E8AA6FEB31387384061FB080 206848 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\registry_backup_tool\files\vss_vista_32.exe
2016-03-22 15:39:08 D64426C77296E981F5B28709196BE972 29664 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\registry_backup_tool\files\Backup_Failed_Message.exe
2016-03-22 15:39:08 D35987841B3CCA26CECAE6D1C8EEDF25 70040 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\TweakingRemoveSafeBoot_64.exe
2016-03-22 15:39:08 CD82EA3F01F34AB1A19933FE58A91494 352256 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\registry_backup_tool\files\vss_2003.exe
2016-03-22 15:39:08 CCEE518E051958CEFB58A81491F3205F 240448 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\registry_backup_tool\files\vss_7_8_2008_2012_32.exe
2016-03-22 15:39:08 C0CF30371AE2257E1D21CBA60531BEB1 347984 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\registry_backup_tool\files\vss_7_8_2008_2012_64.exe
2016-03-22 15:39:08 B4B9621A855113141226C1CF90484B73 95200 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\registry_backup_tool\files\vss_start.exe
2016-03-22 15:39:08 6CE3FCA03A2BAB20DD767C67BFCAB82C 748952 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\Repair_Windows.exe
2016-03-22 15:39:08 6A61133667A63E3D9CC15F006D17D13A 294912 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\registry_backup_tool\files\vss_xp.exe
2016-03-22 15:39:08 61DB058975271F30DB6E35C4E453BB6D 491264 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\tweaking_winverify.exe
2016-03-22 15:39:08 5BCE88BF575641349FF8E034F1888422 33760 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\registry_backup_tool\files\vss_pause.exe
2016-03-22 15:39:08 53D3E33AD31AF6716559F29E889ACA49 306688 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\registry_backup_tool\files\vss_vista_64.exe
2016-03-22 15:39:08 27EC7614F489A47B6B6BB310ABF54DE4 66528 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\Tweaking_CleanMem.exe
2016-03-22 15:39:08 1B5612FD70AD7789E4DCD52B5BFFA815 61848 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\TweakingRemoveSafeBoot_32.exe
2016-03-22 15:39:08 1B128828BF5E4353811B6DA58156B7F4 6656 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\registry_backup_tool\files\dosdev.exe
2016-03-22 15:39:08 13DE29CF5CEE42AF76A0D20019AF6086 46048 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\tweaking_ras.exe
2016-03-22 15:39:05 EBA57F08AD4DFDAE2C716F6432CBBE8E 307968 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\ManageACL_64.exe
2016-03-22 15:39:05 8007AF9F2434F390AA51F0A516B9756F 66816 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\WR_Tray_Icon.exe
2016-03-22 15:39:05 6750145EA2787C76F198484409F4D2A8 253184 ----a-w- C:\Users\SailorMama\Documents\**Removed**\Tweaking.com - Windows Repair\files\ManageACL_32.exe
2016-03-22 14:23:08 E4D26B91BBDC51ADF460F371323AECD1 8076992 ----a-w- C:\Users\SailorMama\AppData\Local\Microsoft\OneDrive\Update\OneDriveSetup.exe
2016-03-22 14:23:08 E4D26B91BBDC51ADF460F371323AECD1 8076992 ----a-w- C:\Users\SailorMama\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\OneDriveSetup.exe
2016-03-22 14:22:55 1E9D2587344160BB2AF16C503F062868 171712 ----a-w- C:\Users\SailorMama\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe
2016-03-22 14:22:55 092405FB2D6BC20668BEA02647FE2393 164040 ----a-w- C:\Users\SailorMama\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileSyncConfig.exe
2016-03-22 13:00:10 61F488AC3053DEB2AADB6A34DEBC8876 551104 ----a-w- C:\Users\SailorMama\AppData\Local\Microsoft\OneDrive\OneDrive.exe
2016-03-22 07:23:20 09D8EBC01776C2D117918993EDDC19B2 1474560 ----a-w- C:\Program Files\Windows Media Player\wmpnetwk.exe
2016-03-22 03:33:26 811FC5CA8D22902AB4284F213D8B19BD 38400 ----a-w- C:\Program Files\IDT\WDM\suhlp64.exe
2016-03-22 03:33:25 82611146BAE413CD44A66B8DA6DA9945 258560 ----a-w- C:\Program Files\IDT\WDM\stacsv64.exe
2016-03-22 03:33:25 7ACAE73E6B93D322BF09036B940189E8 88576 ----a-w- C:\Program Files\IDT\WDM\idtpma64.exe
2016-03-22 03:33:25 34BBA349BB9CEF8F83F28DC7F4D3B0F3 487424 ----a-w- C:\Program Files\IDT\WDM\sttray64.exe
2016-03-22 03:33:24 A6FB9DB8F1A86861D955FD6975977AE0 89600 ----a-w- C:\Program Files\IDT\WDM\AESTSr64.exe
2016-03-22 01:29:16 2B85FE26CA828485BFF6A454B881A295 164864 ----a-w- C:\Program Files (x86)\Belarc\Advisor\Uninstall.exe
2016-03-21 02:57:48 5C6E6BA9BEA5B157466618CC53530BCD 436760 ----a-w- C:\Program Files (x86)\Common Files\Java\Java Update\jaureg.exe
2016-03-21 02:57:38 C9B67BCB8E384064A8C2263740B0C437 595480 ----a-w- C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
2016-03-21 02:57:26 B17404D208C4B20518592AA43B81E04B 927256 ----a-w- C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
2016-03-19 15:32:18 85ADECCA45B8837EBC0E6E1C98E1D105 197679 ----a-w- C:\Users\SailorMama\Documents\Software\ListChkdskResult.exe
=== C: other files ==
2016-03-26 10:14:17 4EDC09D3151E434741F50E8F7210D162 14130 ----a-w- C:\Program Files (x86)\Java\jre1.8.0_77\lib\deploy\ffjcext.zip
2016-03-26 09:21:56 C04A5CDCB446DC708D9302BE4E91E46D 16880 ----a-w- C:\Windows\DellBIOS.Sys
2016-03-26 09:09:07 D46C67C8602753DECCB8E904E5854F51 144 ----a-w- C:\Users\SailorMama\AppData\Local\Apps\2.0\O1TB9R5O.3DH\E2DG5GT9.32L\dell..tion_6d0a76327dca4869_0007.0003_a90ffe7d1431644d\uninstaller.bat
2016-03-25 19:28:32 BA5F0F6347780C2ED911BBF888E75BEF 25072 ----a-w- C:\Users\SailorMama\AppData\Local\Temp\ALSysIO64.sys
2016-03-25 19:02:26 B8732F25657B4EF5BE0C617A9AAF4B5D 1596725 ----a-w- C:\Users\SailorMama\AppData\Local\Temp\lptmp\lp_languages.zip
2016-03-25 16:22:37 0D5A09B08568760AE85A801FCBC0F83D 28272 ----a-w- C:\Windows\System32\drivers\TrueSight.sys
2016-03-25 04:07:46 719B704109B933D819093CDDB156A7F1 1070904 ----a-w- C:\Windows\System32\drivers\aswsnx.sys
2016-03-25 04:07:45 1459AAD5C6A66A458C2D57EE6E080FA5 107792 ----a-w- C:\Windows\System32\drivers\aswmonflt.sys
2016-03-25 04:06:42 43F46E7D103F46EC345B1056BDD2A60B 463744 ----a-w- C:\Windows\System32\drivers\aswsp.sys
2016-03-25 04:06:29 B5479D1DB58E6080DD1E03F970C6D0F3 552880 ----a-w- C:\Windows\System32\drivers\aswnetsec.sys
2016-03-25 04:05:54 9949BBD5BB70C4D317B7549896132579 287016 ----a-w- C:\Windows\System32\drivers\aswvmm.sys
2016-03-25 03:44:40 AECE9E699CAC76DC993BB988652B5AD8 37144 ----a-w- C:\Windows\System32\drivers\aswKbd.sys
2016-03-25 03:44:40 7E66DFE6B62C6C34FD6B09DB6169E9F6 37656 ----a-w- C:\Windows\System32\drivers\aswHwid.sys
2016-03-25 03:44:40 219D0E2348629FAE4E6E3478C21B23D6 165344 ----a-w- C:\Windows\System32\drivers\aswStm.sys
2016-03-25 03:44:40 0AA12ADF5F87B4A70BDBAED77F54B978 74544 ----a-w- C:\Windows\System32\drivers\aswRvrt.sys
2016-03-25 03:44:40 0866D5FE02D614501B7B4AD5E1BC7B53 103064 ----a-w- C:\Windows\System32\drivers\aswRdr2.sys
2016-03-25 03:10:19 6A28AFEB1409E07DE96E805FA1C5723C 8071888 ----a-w- C:\Windows\LastGood\system32\DRIVERS\BCMWL664.SYS
2016-03-24 21:15:18 7BDBDA32372B6B0ADD9274F2862140A8 110 ----a-w- C:\$RECYCLE.BIN\S-1-5-18\$IY3M2XO.sys
2016-03-24 19:01:49 15C2055E50301DB30DD2A6DC2079105B 7764216 ----a-w- C:\Windows\LastGood.Tmp\system32\DRIVERS\BCMWL664.SYS
2016-03-24 17:07:18 3A8EB5BA8DCE7F00DDB6F3D8D8DFE8B4 45592 ----atw- C:\$RECYCLE.BIN\S-1-5-18\$RY3M2XO.sys
2016-03-24 14:18:36 5545FB5B49268C903F311849DB1942ED 423240 ----a-w- C:\Windows\System32\drivers\foipqsrm.sys
2016-03-24 13:45:55 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Users\Administrator.BlueBelleE6400\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\CollectOneDriveLogs.bat
2016-03-23 23:13:42 59F6320772A2E6B0B3587536BE4CC022 316168 ----a-w- C:\Windows\System32\drivers\tmcomm.sys
2016-03-22 17:04:57 898415AC0B5F1D2A9A48ABCB68A6DC4B 65408 ----a-w- C:\Windows\System32\drivers\mwac.sys
2016-03-22 17:04:57 78BFF5425E044086E74E78650A359FBB 27008 ----a-w- C:\Windows\System32\drivers\mbam.sys
2016-03-22 17:04:57 1239597BAB7EED2BB16D035AF87E65D9 140672 ----a-w- C:\Windows\System32\drivers\mbamchameleon.sys
2016-03-22 14:22:55 8CF4163521FDB8E53482003C7EFA7121 5850 ----a-w- C:\Users\SailorMama\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\CollectOneDriveLogs.bat
2016-03-22 13:28:52 0D8B132625B22BA82B29A2AB76DA6F7B 444136 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{DC6649FE-0EE6-4404-9CC0-A72FFF3D1F96}\nvstusb32.sys
2016-03-22 13:28:52 01BD6C736F9DDE5EBBF708A94818C970 460776 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\Display.NVIRUSB.{DC6649FE-0EE6-4404-9CC0-A72FFF3D1F96}\nvstusb64.sys
2016-03-22 13:28:51 E9E7663D55A42E09FB49B9784F464B75 171304 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{91C39503-4755-4488-B550-A484D0786338}\nvhda32v.sys
2016-03-22 13:28:51 6CA2FCA120F8AD6150E2FDA8FCF58AEE 206120 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{91C39503-4755-4488-B550-A484D0786338}\nvhda64v.sys
2016-03-22 13:28:51 62C6C898FCA85F9A562ADCF4F610D65A 138032 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{91C39503-4755-4488-B550-A484D0786338}\nvhda32.sys
2016-03-22 13:28:51 0154C1762770114D04816A0B1555C029 171824 ----a-w- C:\Program Files\NVIDIA Corporation\Installer2\HDAudio.Driver.{91C39503-4755-4488-B550-A484D0786338}\nvhda64.sys
2016-03-22 07:23:20 1A490555FD330CA2764D89191177C867 285696 ----a-w- C:\Windows\System32\drivers\mrxsmb10.sys
2016-03-22 07:23:19 E3C82823B22463BC38AA4F8ADA852624 104960 ----a-w- C:\Windows\System32\drivers\rasl2tp.sys
2016-03-22 07:23:19 A4411C522D41707D5BCA817A5BB9E30B 114688 ----a-w- C:\Windows\System32\drivers\bridge.sys
2016-03-22 07:23:19 58BFFEF692A47FCE3FAAEDBC8F3DCBBB 2152288 ----a-w- C:\Windows\System32\drivers\ntfs.sys
2016-03-22 07:23:19 0B3B0C1D86050355676640488FA897D3 430944 ----a-w- C:\Windows\System32\drivers\mrxsmb.sys
2016-03-22 07:23:15 F45665E77D11F3C1552EDBEAD1559DC8 1997152 ----a-w- C:\Windows\System32\drivers\dxgkrnl.sys
2016-03-22 07:23:15 EDDB0D726DBECDFC1DBCC6DB464E5A13 146272 ----a-w- C:\Windows\System32\drivers\appid.sys
2016-03-22 07:23:15 7C6B51E0233814D401905289AFD27BC5 1390592 ----a-w- C:\Windows\System32\win32kbase.sys
2016-03-22 07:23:15 64D4F5DE44B64B8284BADE5819B5195A 394080 ----a-w- C:\Windows\System32\drivers\dxgmms1.sys
2016-03-22 07:23:15 33190E86460C4FF7382848187463DC28 576864 ----a-w- C:\Windows\System32\drivers\dxgmms2.sys
2016-03-22 07:23:15 32509061F29DA432B62336A4462ADEBF 3593216 ----a-w- C:\Windows\System32\win32kfull.sys
2016-03-22 07:23:14 F279536122B83FD0D8E158AA753E1B7C 238592 ----a-w- C:\Windows\System32\drivers\xboxgip.sys
2016-03-22 07:23:14 DBACD4E4FE191D0CE7C624ACA389535E 29696 ----a-w- C:\Windows\System32\drivers\xinputhid.sys
2016-03-22 07:23:14 B7E1CAA9429E4C3E7E01CB35B97E1536 534368 ----a-w- C:\Windows\System32\drivers\USBHUB3.SYS
2016-03-22 07:23:14 8949F77132A4F8F3BA17C6727099F002 127840 ----a-w- C:\Windows\System32\drivers\USBSTOR.SYS
2016-03-22 07:23:14 469441BAE3FF8A16826FC62C51EF5E18 563552 ----a-w- C:\Windows\System32\drivers\acpi.sys
2016-03-22 07:07:58 F871CE85AF64D81A9CB6C361CF797144 185184 ----a-w- C:\Windows\System32\drivers\dumpsd.sys
2016-03-22 07:07:58 70165A0A2653FB8AFDE3D85000727F29 277856 ----a-w- C:\Windows\System32\drivers\sdbus.sys
2016-03-22 03:33:26 7F43422BEE65CD1284FED6C4FA577D5E 506880 ----a-w- C:\Program Files\IDT\WDM\stwrt64.sys
2016-03-19 18:36:42 F46E92DE5CEF3BB5892CACD0B43351DA 615478 ----a-w- C:\Users\SailorMama\Documents\Software\Microsoft\Windows7\Autoruns.zip
==== Startup Registry Enabled ======================
[HKEY_USERS\S-1-5-19\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"
[HKEY_USERS\S-1-5-20\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDriveSetup"="C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup"
[HKEY_USERS\S-1-5-21-3676667488-3753770460-1425199946-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\SailorMama\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IJNetworkScannerSelectorEX"="C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE"
"AvastUI.exe"="C:\Program Files\AVAST Software\Avast\AvastUI.exe /nogui"
"Malwarebytes Anti-Exploit"="C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe"
"SunJavaUpdateSched"="C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
[HKEY_CURRENT_USER\Software\Microsoft\Windows\CurrentVersion\Run]
"OneDrive"="C:\Users\SailorMama\AppData\Local\Microsoft\OneDrive\OneDrive.exe /background"
==== Startup Registry Enabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Zune Launcher"="C:\Program Files\Zune\ZuneLauncher.exe"
"SysTrayApp"="C:\Program Files\IDT\WDM\sttray64.exe"
==== Startup Registry Disabled x64 ======================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Acrobat Assistant 8.0]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Acrobat Assistant 8.0"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Adobe\\Acrobat 11.0\\Acrobat\\Acrotray.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Adobe ARM]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Adobe ARM"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Adobe\\ARM\\1.0\\AdobeARM.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\Dell Webcam Central]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Dell Webcam Central"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Dell Webcam\\Dell Webcam Central\\WebcamDell2.exe\" /mode2"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NvCplDaemon]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NvCplDaemon"
"hkey"="HKLM"
"command"="RUNDLL32.EXE C:\\Windows\\system32\\NvCpl.dll,NvStartup"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\NVHotkey]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NVHotkey"
"hkey"="HKLM"
"command"="rundll32.exe C:\\Windows\\system32\\nvHotkey.dll,Start"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Wow6432Node\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SunJavaUpdateSched"
"hkey"="HKLM"
"command"="\"C:\\Program Files (x86)\\Common Files\\Java\\Java Update\\jusched.exe\""
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeARMservice]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\AdobeFlashPlayerUpdateSvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\HitmanProScheduler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\Intel® PROSet Monitoring Service]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\IntuitUpdateServiceV4]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\LiveUpdateSvc]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\MBAMScheduler]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Shared Tools\MSConfig\Services\NAUpdate]
==== Task Scheduler Jobs ======================
C:\WINDOWS\tasks\CreateExplorerShellUnelevatedTask.job --a-------- C:\WINDOWS\explorer.exe [02/13/2016 08:54 AM]
==== Other Scheduled Tasks ======================
"C:\WINDOWS\SysNative\tasks\CCleanerSkipUAC" ["C:\Program Files\CCleaner\CCleaner.exe"]
"C:\WINDOWS\SysNative\tasks\SafeZone scheduled Autoupdate 1458657088" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe]
"C:\WINDOWS\SysNative\tasks\SafeZone scheduled Autoupdate 1458829944" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe]
"C:\WINDOWS\SysNative\tasks\SafeZone scheduled Autoupdate 1458877531" [C:\Program Files\AVAST Software\SZBrowser\launcher.exe]
"C:\WINDOWS\SysNative\tasks\Nero\Nero Info" [C:\Program Files (x86)\Common Files\Nero\Nero Info\NeroInfo.exe]
"C:\WINDOWS\SysNative\tasks\OfficeSoftwareProtectionPlatform\SvcRestartTask" [%systemroot%\system32\sc.exe start osppsvc]
==== Firefox Start and Search pages ======================
ProfilePath: C:\Users\SAILOR~1\AppData\Roaming\Mozilla\Firefox\Profiles\pcp6jov7.default-1423595780804
user_pref("browser.startup.homepage", "https://www.google.com/|https://www.google.com/maps/@27.698638,-83.804601,7z");
user_pref("browser.search.defaultenginename.US", "Google");
==== Firefox Extensions Registry ======================
[HKEY_LOCAL_MACHINE\Software\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [03/24/2016 11:44 PM]
[HKEY_LOCAL_MACHINE\Software\Wow6432Node\Mozilla\Firefox\Extensions]
"wrc@avast.com"="C:\Program Files\AVAST Software\Avast\WebRep\FF" [03/24/2016 11:44 PM]
==== Firefox Extensions ======================
ProfilePath: C:\Users\SAILOR~1\AppData\Roaming\Mozilla\Firefox\Profiles\pcp6jov7.default-1423595780804
- Undetermined - C:\Users\SailorMama\AppData\Roaming\Mozilla\Firefox\Profiles\pcp6jov7.default-1423595780804\extensions\iobitascsurfingprotection@iobit.com
- Undetermined - C:\Program Files (x86)\IObit Apps Toolbar\FF
- Webroot Password Manager - %ProfilePath%\extensions\{8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda}
==== Firefox Plugins ======================
==== Chromium Look ======================
HKEY_LOCAL_MACHINE\SOFTWARE\Google\Chrome\Extensions
efaidnbmnnnibpcajpcglclefindmkaj - C:\Program Files (x86)\Adobe\Acrobat 11.0\Acrobat\Browser\WCChromeExtn\WCChromeExtn.crx[09/23/2012 10:43 PM]
gomekmidlodglbbmalcneegieacbdmki - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx[03/24/2016 11:43 PM]
kjeghcllfecehndceplomkocgfbklffd - No path found[]
==== Set IE to Default ======================
Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.msn.com/"
==== All HKLM and HKCU SearchScopes ======================
HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9} - http://www.google.com/search?q={searchTerms}
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9} - http://www.google.com/search?q={searchTerms}
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC
HKLM\Wow6432Node\SearchScopes\{632F07F3-19A1-4d16-A23F-E6CE9486BAB5} - http://www.bing.com/search?q={searchTerms}&FORM=AVASDF&PC=AV01
HKCU\SearchScopes "DefaultScope"="{0191A6B0-1154-4C22-9182-23A95BBE92D9}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0191A6B0-1154-4C22-9182-23A95BBE92D9} - http://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IESR02
==== HijackThis Entries ======================
F2 - REG:system.ini: UserInit=
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\ssv.dll
O2 - BHO: avast! Online Security - {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} - C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll
O2 - BHO: URLRedirectionBHO - {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\PROGRA~2\MICROS~1\Office14\URLREDIR.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_77\bin\jp2ssv.dll
O4 - HKLM\..\Run: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
O4 - HKLM\..\Run: [AvastUI.exe] "C:\Program Files\AVAST Software\Avast\AvastUI.exe" /nogui
O4 - HKLM\..\Run: [Malwarebytes Anti-Exploit] C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKCU\..\Run: [OneDrive] "C:\Users\SailorMama\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
O4 - HKUS\S-1-5-19\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [OneDriveSetup] C:\Windows\SysWOW64\OneDriveSetup.exe /thfirstsetup (User 'NETWORK SERVICE')
O4 - Global Startup: Install LastPass FF RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O4 - Global Startup: Install LastPass IE RunOnce.lnk = C:\Program Files (x86)\Common Files\wruninstall.exe
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - (no file)
O9 - Extra 'Tools' menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - (no file)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O15 - Trusted Zone: *.advisor-connection.com
O15 - Trusted Zone: *.amazon.com
O15 - Trusted Zone: *.hdvest.com
O15 - Trusted Zone: *.hdvlink.com
O15 - Trusted Zone: *.remitonline.com
O16 - DPF: {49312E18-AA92-4CC2-BB97-55DEA7BCADD6} (WMI Class) - http://support.dell.com/systemprofiler/SysProExe.CAB
O16 - DPF: {7530BFB8-7293-4D34-9923-61A11451AFC5} (OnlineScanner Control) - http://download.eset.com/special/eos/OnlineScanner.cab
O16 - DPF: {82774781-8F4E-11D1-AB1C-0000F8773BF0} - https://transfers.ds.microsoft.com/FTM/TransferSource/grTransferCtrl.cab
O16 - DPF: {8CFCF42C-1C64-47D6-AEEC-F9D001832ED3} - http://xserv.dell.com/DellDriverScanner/DellSystem.CAB
O16 - DPF: {CF84DAC5-A4F5-419E-A0BA-C01FFD71112F} - http://content.systemrequirementslab.com/bin/srldetect_intel_4.5.24.0.cab
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Filter hijack: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
O23 - Service: Advanced SystemCare Service 8 (AdvancedSystemCareService8) - Unknown owner - C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASCService.exe (file missing)
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Program Files\IDT\WDM\AESTSr64.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Avast Antivirus (avast! Antivirus) - AVAST Software - C:\Program Files\AVAST Software\Avast\AvastSvc.exe
O23 - Service: Avast Firewall (avast! Firewall) - AVAST Software - C:\Program Files\AVAST Software\Avast\afwServ.exe
O23 - Service: Credential Vault Host Control Service - Broadcom Corporation - C:\Program Files\Broadcom Corporation\Broadcom USH Host Components\CV\bin\HostControlService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ieetwcollectorres.dll,-1000 (IEEtwCollectorService) - Unknown owner - C:\WINDOWS\system32\IEEtwCollector.exe (file missing)
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Malwarebytes Anti-Exploit Service (MbaeSvc) - Malwarebytes Corporation - C:\Program Files (x86)\Malwarebytes Anti-Exploit\mbae-svc.exe
O23 - Service: MBAMScheduler - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
O23 - Service: MBAMService - Malwarebytes - C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: @mqutil.dll,-6102 (MSMQ) - Unknown owner - C:\WINDOWS\system32\mqsvc.exe (file missing)
O23 - Service: NVIDIA Display Driver Service (nvsvc) - Unknown owner - C:\Windows\system32\nvvsvc.exe (file missing)
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: @%SystemRoot%\system32\stlang64.dll,-10101 (STacSV) - IDT, Inc. - C:\Program Files\IDT\WDM\STacSV64.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
==== Empty IE Cache ======================
C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\SailorMama\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\SailorMama\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\SailorMama\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\SailorMama\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
==== Empty FireFox Cache ======================
No FireFox Profiles found
==== Empty Chrome Cache ======================
No Chrome User Data found
==== Empty All Flash Cache ======================
No Flash Cache Found
==== Empty All Java Cache ======================
No Java Cache Found
==== C:\zoek_backup content ======================
C:\zoek_backup (files=28 folders=27 80417986 bytes)
==== Empty Temp Folders ======================
C:\WINDOWS\Temp will be emptied at reboot
==== After Reboot ======================
==== Empty Temp Folders ======================
C:\WINDOWS\Temp successfully emptied
C:\Users\SAILOR~1\AppData\Local\Temp successfully emptied
==== Empty Recycle Bin ======================
C:\$RECYCLE.BIN successfully emptied
==== EOF on Sat 03/26/2016 at 11:26:22.92 ======================

• MTB.txt
MiniToolBox by Farbar Version: 07-02-2016 01
Ran by SailorMama (administrator) on 26-03-2016 at 11:29:25
Running from "C:\Users\SailorMama\Desktop"
Microsoft Windows 10 Pro (X64)
Model: Latitude E6400 Manufacturer: Dell Inc.
Boot Mode: Normal
***************************************************************************
========================= Flush DNS: ===================================
Windows IP Configuration
Successfully flushed the DNS Resolver Cache.
========================= IE Proxy Settings: ==============================
Proxy is not enabled.
No Proxy Server is set.
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= FF Proxy Settings: ==============================
"Reset FF Proxy Settings": Firefox Proxy settings were reset.
========================= Hosts content: =================================
127.0.0.1 localhost
========================= IP Configuration: ================================
Dell Wireless 1510 Wireless-N WLAN Mini-Card = Wi-Fi (Connected)
Intel® 82567LM Gigabit Network Connection = Local Area Connection (Media disconnected)
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
reset
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 11" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
popd
# End of IPv4 configuration

Windows IP Configuration
Host Name . . . . . . . . . . . . : BlueBelleE6400
Primary Dns Suffix . . . . . . . :
Node Type . . . . . . . . . . . . : Hybrid
IP Routing Enabled. . . . . . . . : No
WINS Proxy Enabled. . . . . . . . : No
DNS Suffix Search List. . . . . . : fios-router.home
Ethernet adapter Local Area Connection:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Intel® 82567LM Gigabit Network Connection
Physical Address. . . . . . . . . : 00-24-E8-BB-18-7E
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Local Area Connection* 11:
Media State . . . . . . . . . . . : Media disconnected
Connection-specific DNS Suffix . :
Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter #2
Physical Address. . . . . . . . . : 00-25-56-77-BF-32
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Wireless LAN adapter Wi-Fi:
Connection-specific DNS Suffix . : fios-router.home
Description . . . . . . . . . . . : Dell Wireless 1510 Wireless-N WLAN Mini-Card
Physical Address. . . . . . . . . : 00-25-56-77-BF-32
DHCP Enabled. . . . . . . . . . . : Yes
Autoconfiguration Enabled . . . . : Yes
Link-local IPv6 Address . . . . . : fe80::f93a:36a4:ae74:75eb%11(Preferred)
IPv4 Address. . . . . . . . . . . : 192.168.1.4(Preferred)
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Lease Obtained. . . . . . . . . . : Saturday, March 26, 2016 11:25:40 AM
Lease Expires . . . . . . . . . . : Sunday, March 27, 2016 11:25:40 AM
Default Gateway . . . . . . . . . : 192.168.1.1
DHCP Server . . . . . . . . . . . : 192.168.1.1
DHCPv6 IAID . . . . . . . . . . . : 184558934
DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-17-01-32-B1-00-24-E8-BB-18-7E
DNS Servers . . . . . . . . . . . : 192.168.1.1
NetBIOS over Tcpip. . . . . . . . : Enabled
Server: FIOS_Quantum_Gateway.fios-router.home
Address: 192.168.1.1
Name: google.com
Addresses: 2607:f8b0:4002:c0c::8a
74.125.138.139
74.125.138.100
74.125.138.102
74.125.138.113
74.125.138.138
74.125.138.101
Pinging google.com [74.125.138.139] with 32 bytes of data:
Reply from 74.125.138.139: bytes=32 time=31ms TTL=45
Reply from 74.125.138.139: bytes=32 time=30ms TTL=45
Ping statistics for 74.125.138.139:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 30ms, Maximum = 31ms, Average = 30ms
Server: FIOS_Quantum_Gateway.fios-router.home
Address: 192.168.1.1
Name: yahoo.com
Addresses: 2001:4998:c:a06::2:4008
2001:4998:44:204::a7
2001:4998:58:c02::a9
98.139.183.24
98.138.253.109
206.190.36.45
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=86ms TTL=51
Reply from 206.190.36.45: bytes=32 time=87ms TTL=51
Ping statistics for 206.190.36.45:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 86ms, Maximum = 87ms, Average = 86ms
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Ping statistics for 127.0.0.1:
Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
8...00 24 e8 bb 18 7e ......Intel® 82567LM Gigabit Network Connection
12...00 25 56 77 bf 32 ......Microsoft Hosted Network Virtual Adapter #2
11...00 25 56 77 bf 32 ......Dell Wireless 1510 Wireless-N WLAN Mini-Card
1...........................Software Loopback Interface 1
===========================================================================
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination Netmask Gateway Interface Metric
0.0.0.0 0.0.0.0 192.168.1.1 192.168.1.4 20
127.0.0.0 255.0.0.0 On-link 127.0.0.1 306
127.0.0.1 255.255.255.255 On-link 127.0.0.1 306
127.255.255.255 255.255.255.255 On-link 127.0.0.1 306
169.254.0.0 255.255.0.0 On-link 192.168.1.4 306
169.254.255.255 255.255.255.255 On-link 192.168.1.4 276
192.168.1.0 255.255.255.0 On-link 192.168.1.4 276
192.168.1.4 255.255.255.255 On-link 192.168.1.4 276
192.168.1.255 255.255.255.255 On-link 192.168.1.4 276
224.0.0.0 240.0.0.0 On-link 127.0.0.1 306
224.0.0.0 240.0.0.0 On-link 192.168.1.4 276
255.255.255.255 255.255.255.255 On-link 127.0.0.1 306
255.255.255.255 255.255.255.255 On-link 192.168.1.4 276
===========================================================================
Persistent Routes:
None
IPv6 Route Table
===========================================================================
Active Routes:
If Metric Network Destination Gateway
1 306 ::1/128 On-link
11 276 fe80::/64 On-link
11 276 fe80::f93a:36a4:ae74:75eb/128
On-link
1 306 ff00::/8 On-link
11 276 ff00::/8 On-link
===========================================================================
Persistent Routes:
None
========================= Winsock entries =====================================
Catalog5 01 C:\WINDOWS\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 02 C:\WINDOWS\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 03 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\WINDOWS\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\WINDOWS\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog9 01 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\WINDOWS\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
**** End of log ****

Edited by Oh My!, 26 March 2016 - 07:56 PM.


#9 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:17 PM

Posted 26 March 2016 - 08:03 PM

I hope you had a good time. :)

Though your computer is not running dangerously high it is running above normal temperatures. Have you cleaned out your laptop? If not, do your best to make sure it is as free of dust as possible.

===================================================

Emsisoft Emergency Kit Scan

--------------------
  • Download Emsisoft Emergency Kit and save it to your desktop.
  • Double-click icon then click Install
  • A Window should open highlighting Start Emergency Kit Scanner
  • Double click that icon and allow the program to load
  • Click Yes to run an online update
  • Once the update is completed select Settings under Scan
  • Uncheck Join the Emsisoft Anti-Malware Network
  • Click Scan at the top
  • Click Yes to detect Potentially Unwanted Programs
  • Click Malware Scan
  • Once completed click View Report
  • Save the file to your Desktop using the default file name
  • Click Quarantine selected (all should be selected by default)
  • Copy and paste the report in your reply
===================================================

screen317's Security Check

--------------------
  • Please download screen317's Security Check to your desktop
  • Double-click icon then click Run
  • Press any key to launch the program
  • Note: If you receive an error message saying UNSUPPORTED OPERATING SYSTEM! ABORTED! reboot your computer and attempt to run it again
  • Allow the program to run
  • When completed a Notepad document will open on your desktop. Please copy and paste the contents in your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Run run better after cleaning?
  • Emsisoft report
  • Security Check report
  • How is your computer running?

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#10 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:17 PM

Posted 29 March 2016 - 10:18 PM

Greetings,

===================================================

3 Day Bump

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#11 SailorMama

SailorMama
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:11:17 PM

Posted 31 March 2016 - 10:56 AM

Hello!!!
Sorry it took so long to get back to you....
I sincerely appreciate all you have done to help me!  My computer is defintely running better.  We have made a lot of progress getting this machine cleaned up and performing well.  Plus I was forced to get acquainted with Windows 10 :)  Thanks so much!  SailorMama

=========================================================================================

Things I would like to see in your next reply.

->Run run better after cleaning?
I have not a a chance to get the canned air for cleaning but I will as soon as possible.

->Emsisoft report
Emsisoft Emergency Kit - Version 11.0
Last update: 3/31/2016 10:40:20 AM
User account: BlueBelleE6400\SailorMama

Scan settings:

Scan type: Malware Scan
Objects: Rootkits, Memory, Traces, Files

Detect PUPs: On
Scan archives: Off
ADS Scan: On
File extension filter: Off
Advanced caching: On
Direct disk access: Off

Scan start: 3/31/2016 10:43:05 AM
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
Value: HKEY_LOCAL_MACHINE\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\POLICIES\SYSTEM -> DISABLEREGISTRYTOOLS  detected: Setting.DisableRegistryTools (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP  detected: Application.Win32.InstallAd (A)
Key: HKEY_LOCAL_MACHINE\SOFTWARE\CLASSES\SDP  detected: Application.Win32.InstallAd (A)

Scanned 78155
Found 4

Scan end: 3/31/2016 10:47:50 AM
Scan time: 0:04:45

 

->Security Check report

Results of screen317's Security Check version 1.014 --- 12/23/15 
   x64 (UAC is enabled) 
 Internet Explorer 11 
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Disabled! 
Windows Defender  
avast! Antivirus  
 Antivirus out of date! 
`````````Anti-malware/Other Utilities Check:`````````
 Java 7 Update 65 
 Java 8 Update 77 
 Java version 32-bit out of Date!
 Adobe Reader XI 
````````Process Check: objlist.exe by Laurent```````` 
 Malwarebytes Anti-Malware mbamservice.exe 
 Malwarebytes Anti-Malware mbam.exe 
 Malwarebytes Anti-Malware mbamscheduler.exe  
 Malwarebytes Anti-Exploit mbae-svc.exe  
 Malwarebytes Anti-Exploit mbae64.exe  
 Malwarebytes Anti-Exploit mbae.exe  
 AVAST Software Avast AvastSvc.exe 
 AVAST Software Avast afwServ.exe 
 avast software avast asww10mon.exe 
 AVAST Software Avast avastui.exe 
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````

->How is your computer running?

My Computer is running better...not as hot as before.  It will occasionally run hotter for 5-10 minutes then will stop....possibly some new task running for Windows 10.  I read that the Microsoft "SuperFetch" task could be the culprit.  I will get the canned air as soon as possible.  and clean it and hope that helps.

Here are some other things I have done which seem to have helped:

0. I removed Advanced System Care entirely.  I think it was causing some issues.  I have used it for years, but it is getting to be too much with all of it's components.  I do like the system clean up feature though.
1. I ran sfc /scannow a couple of times and fixed broken entries
2. I am primarily using Microsoft Edge unless I have to use Internet Explorer for compatibility. Internet Explorer seems to freeze frequently in Windows 10.  I do have to use Internet Explorer when uing the Bleeping Computer website to reply.  I can't paste my post when using Edge! 
3. I disabled Avast Real time protection, anti-virus and anti-spam.  I AM USING Avast Firewall.
4. I am using Malwarebytes Premium and Malwarebytes Anti-Exploit

Questions for you:

1. What firewall do you recommend?

2. What antivirus do you recommend?

Note: I have an Avast Internet Security license for another year but I am not impressed with it. Too much malware / PUPS seem to get through it.



#12 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:17 PM

Posted 31 March 2016 - 07:19 PM

Greetings Shannon.

Please open Avast and update the database.

Let me know about the temperature when you are able to clean things out.

I think any reputable program's firewall is sufficient.

Personally I use Avast Free and have been happy with it. That is not a recommendation but it is the only one I really know anything about.

Did you want to try to troubleshoot your web browsers or are they sufficient to serve your purposes?
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#13 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:17 PM

Posted 03 April 2016 - 09:25 PM

Greetings,

===================================================

3 Day Bump

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#14 SailorMama

SailorMama
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Florida
  • Local time:11:17 PM

Posted 04 April 2016 - 09:36 PM

Hi Gary,

The computer ran quite well for a few days until I HAD to start using Internet Explorer for websites that will not work on the Microsoft Edge browser.  The same problems started up again with Internet Explorer getting redirected.  AVAST also started "freezing" and causing problems, so I had to uninstall AVAST completely.  The new version of AVAST Internet Security is supposed to work with Windows 10, but I don't think it is quite up to par yet.  Google seems to be working OK now.  With your permission, I would like to send you another FRST.log file to evaluate and see if you can see any remaining issues that could possibly be fixed.  Thank You!   

Shannon

PS....I still have not been able to get any canned air yet to clean my PC, but I plan too!  All they had at Costco was a six pack for $18.00!

 



#15 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 38,159 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:07:17 PM

Posted 04 April 2016 - 10:28 PM

Hi Shannon,

Yes you can post the FRST logs again. In addition boot into Safe Mode with Networking and check your computer performance.

I am going to be ending for the evening pretty soon so I may not be replying until tomorrow.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users