Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! av scan shows dialerchivio trojan


  • This topic is locked This topic is locked
4 replies to this topic

#1 Help_Computers_Sick_

Help_Computers_Sick_

  • Members
  • 14 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:U.S
  • Local time:06:36 PM

Posted 23 August 2016 - 07:55 PM

Computer hangs when i open Task Manager to see whats eating resources it shows task manager using the most up to 48%, Also drops internet connection i still show connected but programs not connected, error 404 codes when browsing, also programs will show to be update but are not. Thanks for any help.
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 21-08-2016 01
Ran by mjben (administrator) on MIKESPC (23-08-2016 18:25:04)
Running from C:\Users\mjben\Downloads
Loaded Profiles: mjben (Available Profiles: mjben)
Platform: Windows 10 Pro Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(AMD) C:\Windows\System32\atiesrxx.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
(Advanced Micro Devices, Inc.) C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfemms.exe
(Validity Sensors, Inc.) C:\Windows\System32\valWBFPolicyService.exe
(McAfee, Inc.) C:\Windows\System32\mfevtps.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\SystemCore\mfefire.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\mcsacore.exe
(McAfee, Inc.) C:\Program Files\McAfee\MSC\McAPExe.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\AMCore\mcshield.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(McAfee, Inc.) C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(McAfee, Inc.) C:\Program Files\McAfee\MAT\McPvTray.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\accelerometerST.exe
(McAfee, Inc.) C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(McAfee, Inc.) C:\Program Files\McAfee\VirusScan\mcods.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(McAfee, Inc.) C:\Program Files (x86)\McAfee\SiteAdvisor\McChHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Intel Security) C:\Program Files\Common Files\McAfee\ClientAnalytics\McClientAnalytics.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3954352 2016-04-28] (Synaptics Incorporated)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1128448 2011-03-17] (IDT, Inc.)
HKLM-x32\...\Run: [StartCCC] => C:\Program Files (x86)\ATI Technologies\ATI.ACE\Core-Static\amd64\CLIStart.exe [767176 2015-08-21] (Advanced Micro Devices, Inc.)
HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\Run: [AccelerometerSysTrayApplet] => C:\Program Files\Hewlett-Packard\HP 3D DriveGuard\AccelerometerSt.Exe [77112 2011-05-27] (Hewlett-Packard Company)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\McAfee Security Scan Plus.lnk [2016-08-12]
ShortcutTarget: McAfee Security Scan Plus.lnk -> C:\Program Files\McAfee Security Scan\3.11.376\SSScheduler.exe (McAfee, Inc.)
GroupPolicyScripts: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.253.194.49
Tcpip\..\Interfaces\{bbd8e797-2a80-45e5-9c28-549545f28114}: [DhcpNameServer] 10.253.194.49
Tcpip\..\Interfaces\{f95417fd-4b9a-4a02-8e05-af3e1eeb85de}: [DhcpNameServer] 10.253.194.49
 
Internet Explorer:
==================
HKU\S-1-5-21-272622730-2409571262-2050676497-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://www.google.com/
Handler: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-07-29] (McAfee, Inc.)
Handler-x32: dssrequest - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-07-29] (McAfee, Inc.)
Handler: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\x64\McIEPlg.dll [2016-07-29] (McAfee, Inc.)
Handler-x32: sacore - {5513F07E-936B-4E52-9B00-067394E91CC5} - c:\Program Files (x86)\McAfee\SiteAdvisor\McIEPlg.dll [2016-07-29] (McAfee, Inc.)
Filter: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files\McAfee\MSC\McSnIePl64.dll [2016-07-07] (McAfee, Inc.)
Filter-x32: application/x-mfe-ipt - {3EF5086B-5478-4598-A054-786C45D75692} - c:\Program Files (x86)\McAfee\MSC\McSnIePl.dll [2016-07-07] (McAfee, Inc.)
 
Edge: 
======
Edge Extension: Page Analyzer (powered by Vorlon.js) -> PageAnalyzer_MicrosoftPageAnalyzer_8wekyb3d8bbwe => C:\Program Files\WindowsApps\Microsoft.PageAnalyzer_1.3.0.0_neutral__8wekyb3d8bbwe [2016-08-10]
 
FireFox:
========
FF ProfilePath: C:\Users\mjben\AppData\Roaming\Mozilla\Firefox\Profiles\V5QMrOuY.default
FF Plugin: @mcafee.com/MSC,version=10 -> c:\PROGRA~1\mcafee\msc\NPMCSN~1.DLL [2016-07-07] ()
FF Plugin-x32: @mcafee.com/MSC,version=10 -> c:\PROGRA~2\mcafee\msc\NPMCSN~1.DLL [2016-07-07] ()
FF Plugin-x32: @mcafee.com/MVT -> C:\Program Files (x86)\McAfee\Supportability\MVT\NPMVTPlugin.dll [2016-03-07] (McAfee, Inc.)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.20513.0\npctrl.dll [2013-05-13] ( Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.31.5\npGoogleUpdate3.dll [2016-07-28] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.4 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Extension: Avira Browser Safety - C:\Users\mjben\AppData\Roaming\Mozilla\Firefox\Profiles\V5QMrOuY.default\Extensions\abs@avira.com [2016-05-27]
FF HKLM\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF Extension: McAfee WebAdvisor - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi [2016-08-13]
FF HKLM-x32\...\Firefox\Extensions: [{4ED1F68A-5463-4931-9384-8FFF5ED91D92}] - C:\Program Files (x86)\McAfee\SiteAdvisor\saffplg.xpi
FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK
FF Extension: McAfee Anti-Spam Thunderbird Extension - C:\Program Files\McAfee\MSK [2016-08-13] [not signed]
 
Chrome: 
=======
CHR HomePage: Profile 3 -> hxxps://www.google.com/
CHR StartupUrls: Profile 3 -> "hxxps://www.google.com/"
CHR DefaultSearchKeyword: Profile 3 -> google.com_
CHR Profile: C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default
CHR Extension: (Google Slides) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-05-27]
CHR Extension: (ShowIp) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\agoljmemkbciolpigpabjfkagboolkcj [2016-06-04]
CHR Extension: (Google Docs) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-05-27]
CHR Extension: (Google Drive) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-05-27]
CHR Extension: (YouTube) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-05-27]
CHR Extension: (Adblock Plus) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-06-30]
CHR Extension: (Network and Internet tools) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ekpdpmpcgcmpaeokmclflfpadaklgpji [2016-06-07]
CHR Extension: (Google Sheets) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-05-27]
CHR Extension: (User-Agent Switcher for Google Chrome) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ffhkkpnppgnfaobgihpdblnhmmbodake [2016-06-07]
CHR Extension: (Avira Browser Safety) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\flliilndjeohchalpbbcdekjklbdgfkk [2016-06-22]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2016-06-25]
CHR Extension: (Website IP) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmhlgniedlklkpimlibbaoomlpacmk [2016-06-04]
CHR Extension: (Google Docs Offline) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-05-28]
CHR Extension: (My IP address) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\monhkdcehmbdgkhgpccaccbbcgcfpjkd [2016-06-07]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-27]
CHR Extension: (Gmail) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-05-27]
CHR Profile: C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Profile 2
CHR Profile: C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Profile 3
CHR Extension: (Theme Creator) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\akpelnjfckgfiplcikojhomllgombffc [2016-08-15]
CHR Extension: (Google Drive) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-15]
CHR Extension: (YouTube) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-15]
CHR Extension: (Adblock Plus) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-08-23]
CHR Extension: (SiteAdvisor) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\fheoggkfdfchfphceeifdbepaooicaho [2016-08-15]
CHR Extension: (IBA Opt-out (by Google)) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\gbiekjoijknlhijdjbaadobpkdhmoebb [2016-08-15]
CHR Extension: (DataLint) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\hfbjcpdmllignigngedfibdlnedoeokj [2016-08-15]
CHR Extension: (Google Play Music) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2016-08-15]
CHR Extension: (Chrome Web Store Payments) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-15]
CHR Extension: (SSH for Google Cloud Platform) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\ojilllmhjhibplnppnamldakhpmdnibd [2016-08-20]
CHR Extension: (Gmail) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-15]
CHR Extension: (Chrome Media Router) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Profile 3\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-08-18]
CHR HKLM\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [fheoggkfdfchfphceeifdbepaooicaho] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [flliilndjeohchalpbbcdekjklbdgfkk] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 HomeNetSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [29760 2016-07-04] (HP Inc.)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [21184 2016-07-28] (Microsoft Corporation)
R2 McAfee SiteAdvisor Service; C:\Program Files (x86)\McAfee\SiteAdvisor\McSACore.exe [158952 2016-07-29] (McAfee, Inc.)
R2 McAPExe; C:\Program Files\McAfee\MSC\McAPExe.exe [993824 2016-07-07] (McAfee, Inc.)
R2 McBootDelayStartSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S3 McComponentHostService; C:\Program Files\McAfee Security Scan\3.11.376\McCHSvc.exe [327944 2016-07-18] (McAfee, Inc.)
R2 McMPFSvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McNaiAnn; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R3 McODS; C:\Program Files\McAfee\VirusScan\mcods.exe [816128 2016-06-21] (McAfee, Inc.)
R2 mcpltsvc; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R2 McProxy; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
R3 mfefire; C:\Program Files\Common Files\McAfee\SystemCore\\mfefire.exe [232688 2016-04-26] (McAfee, Inc.)
R2 mfemms; C:\Program Files\Common Files\McAfee\SystemCore\\mfemms.exe [382456 2016-06-23] (McAfee, Inc.)
R3 mfevtp; C:\WINDOWS\system32\mfevtps.exe [277744 2016-04-26] (McAfee, Inc.)
R2 ModuleCoreService; C:\Program Files\Common Files\McAfee\ModuleCore\ModuleCoreService.exe [1454216 2016-06-17] (McAfee, Inc.)
S3 MSK80Service; C:\Program Files\Common Files\McAfee\Platform\McSvcHost\McSvHost.exe [596768 2016-07-07] (McAfee, Inc.)
S3 Sense; C:\Program Files\Windows Defender Advanced Threat Protection\MsSense.exe [2889896 2016-07-16] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [253960 2016-04-28] (Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\10\Testing\Runtimes\TAEF\Wex.Services.exe [139264 2016-07-27] (Microsoft Corporation) [File not signed]
R2 valWBFPolicyService; C:\Windows\system32\valWBFPolicyService.exe [35328 2013-10-30] (Validity Sensors, Inc.)
S3 VSStandardCollectorService140; C:\Program Files (x86)\Microsoft Visual Studio 14.0\Team Tools\DiagnosticsHub\Collector\StandardCollector.Service.exe [108776 2016-07-26] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
S4 chromoting; "C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe" --type=daemon --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json"
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [111120 2016-03-01] (Advanced Micro Devices)
R3 cfwids; C:\Windows\System32\drivers\cfwids.sys [78632 2016-04-27] (McAfee, Inc.)
S3 dg_ssudbus; C:\Windows\system32\DRIVERS\ssudbus.sys [130688 2016-07-22] (Samsung Electronics Co., Ltd.)
R3 HipShieldK; C:\Windows\System32\drivers\HipShieldK.sys [207968 2016-02-24] (McAfee, Inc.)
R2 McPvDrv; C:\Windows\system32\drivers\McPvDrv.sys [79192 2016-04-20] (McAfee, Inc.)
R3 mfeaack; C:\Windows\System32\drivers\mfeaack.sys [419616 2016-04-27] (McAfee, Inc.)
R3 mfeavfk; C:\Windows\System32\drivers\mfeavfk.sys [349480 2016-04-27] (McAfee, Inc.)
S0 mfeelamk; C:\Windows\System32\drivers\mfeelamk.sys [83608 2016-04-27] (McAfee, Inc.)
R3 mfefirek; C:\Windows\System32\drivers\mfefirek.sys [493352 2016-04-27] (McAfee, Inc.)
R0 mfehidk; C:\Windows\System32\drivers\mfehidk.sys [843048 2016-04-27] (McAfee, Inc.)
R3 mfencbdc; C:\Windows\system32\DRIVERS\mfencbdc.sys [519976 2016-04-27] (McAfee, Inc.)
S3 mfencrk; C:\Windows\system32\DRIVERS\mfencrk.sys [100136 2016-04-27] (McAfee, Inc.)
R3 mfesapsn; C:\Program Files (x86)\McAfee\SiteAdvisor\x64\mfesapsn.sys [46240 2016-06-06] (McAfee, Inc.)
R0 mfewfpk; C:\Windows\System32\drivers\mfewfpk.sys [243488 2016-04-27] (McAfee, Inc.)
R1 mirrorv3; C:\Windows\system32\DRIVERS\rminiv3.sys [5632 2012-12-18] (Famatech International Corp.)
S3 NetAdapterCx; C:\Windows\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-06-12] (MediaTek Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2016-07-16] (Realtek                                            )
R3 SensorsSimulatorDriver; C:\Windows\System32\drivers\WUDFRd.sys [216064 2016-07-16] (Microsoft Corporation)
S3 ssudmdm; C:\Windows\system32\DRIVERS\ssudmdm.sys [164992 2016-07-22] (Samsung Electronics Co., Ltd.)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 WIMMount; C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wimmount.sys [42688 2016-07-16] (Microsoft Corporation)
S3 WofAdk; C:\Program Files (x86)\Windows Kits\10\Assessment and Deployment Kit\Deployment Tools\amd64\DISM\wofadk.sys [221376 2016-07-16] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-23 18:25 - 2016-08-23 18:27 - 00020525 _____ C:\Users\mjben\Downloads\FRST.txt
2016-08-23 18:24 - 2016-08-23 18:25 - 00000000 ____D C:\FRST
2016-08-23 18:21 - 2016-08-23 18:23 - 02396672 _____ (Farbar) C:\Users\mjben\Downloads\FRST64.exe
2016-08-23 17:50 - 2016-08-23 18:23 - 00000000 ____D C:\Program Files\Plumbytes Software
2016-08-23 17:50 - 2016-08-23 18:22 - 00000000 ____D C:\Users\mjben\AppData\Local\{698D0BA5-6E4B-44BD-9F9A-AA32F2E98D9A}
2016-08-23 17:48 - 2016-08-23 17:49 - 00582416 _____ (Plumbytes Software) C:\Users\mjben\Downloads\antimalwaresetup.exe
2016-08-23 14:07 - 2016-08-23 14:07 - 01292248 _____ C:\Users\mjben\Downloads\lightbox.zip
2016-08-22 20:14 - 2016-08-22 20:14 - 00000000 ____D C:\WINDOWS\Panther
2016-08-22 13:30 - 2016-08-22 13:30 - 00002260 _____ C:\Users\mjben\Desktop\Google Chrome.lnk
2016-08-22 02:11 - 2016-08-22 02:11 - 00092515 _____ C:\Users\mjben\Documents\url header.txt
2016-08-21 14:58 - 2016-08-21 15:08 - 00000000 ____D C:\Users\mjben\AppData\Roaming\vlc
2016-08-21 14:58 - 2016-08-21 14:58 - 00001139 _____ C:\Users\Public\Desktop\VLC media player.lnk
2016-08-21 14:58 - 2016-08-21 14:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
2016-08-21 14:58 - 2016-08-21 14:58 - 00000000 ____D C:\Program Files (x86)\VideoLAN
2016-08-21 14:54 - 2016-08-21 14:56 - 30533688 _____ C:\Users\mjben\Downloads\vlc-2.2.4-win32.exe
2016-08-21 03:01 - 2016-08-21 03:01 - 00001237 _____ C:\Users\mjben\Documents\reg keys to edit.txt
2016-08-20 23:35 - 2016-08-20 23:36 - 00378132 _____ C:\WINDOWS\Minidump\082016-35515-01.dmp
2016-08-20 23:31 - 2016-08-20 23:31 - 06835684 _____ C:\Users\mjben\Downloads\10.1.1.46.3120.ps
2016-08-20 09:40 - 2016-08-20 09:42 - 00000000 ___RD C:\Users\mjben\Downloads\MediaMobileTechnologies.7zZIPRAR_pshwwm0bwg8de!App
2016-08-20 09:40 - 2016-08-20 09:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AMD Catalyst Control Center
2016-08-20 09:39 - 2016-08-20 09:39 - 00000000 ____D C:\Program Files (x86)\ATI Technologies
2016-08-20 08:45 - 2016-08-23 17:43 - 00004020 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse
2016-08-19 23:31 - 2016-08-19 23:31 - 00081314 _____ C:\Users\mjben\Desktop\DxDiag.txt
2016-08-19 18:45 - 2016-08-23 16:03 - 00004208 _____ C:\WINDOWS\System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse
2016-08-17 21:57 - 2016-08-17 21:57 - 00000108 _____ C:\Users\mjben\Documents\tiworker file location.txt
2016-08-15 23:31 - 2016-08-20 06:34 - 00000000 ____D C:\Users\mjben\Documents\Visual Studio 2015
2016-08-15 23:21 - 2016-08-15 23:21 - 00000000 ____D C:\Program Files (x86)\Windows Phone Kits
2016-08-15 23:11 - 2016-08-15 23:11 - 00000000 ____D C:\ProgramData\Windows App Certification Kit
2016-08-15 23:11 - 2016-08-15 23:11 - 00000000 ____D C:\Program Files\Application Verifier
2016-08-15 23:11 - 2016-08-15 23:11 - 00000000 ____D C:\Program Files (x86)\Application Verifier
2016-08-15 23:04 - 2016-08-15 23:04 - 00000000 ____D C:\Program Files (x86)\AppInsights
2016-08-15 23:02 - 2016-08-15 23:02 - 00000000 ____D C:\Program Files\IIS
2016-08-15 23:02 - 2016-08-15 23:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 11.0
2016-08-15 23:02 - 2016-08-15 23:02 - 00000000 ____D C:\Program Files (x86)\IIS
2016-08-15 23:02 - 2016-07-15 19:58 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\system32\DxToolsReportGenerator.dll
2016-08-15 23:02 - 2016-07-15 19:28 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsProxyStub.dll
2016-08-15 23:02 - 2016-07-15 19:28 - 00082432 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARP12Debug.dll
2016-08-15 23:02 - 2016-07-15 19:26 - 00376320 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\system32\DXCpl.exe
2016-08-15 23:02 - 2016-07-15 19:26 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DWARPDebug.dll
2016-08-15 23:02 - 2016-07-15 19:25 - 00337408 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXGIDebug.dll
2016-08-15 23:02 - 2016-07-15 19:23 - 14388224 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCaptureReplay.dll
2016-08-15 23:02 - 2016-07-15 19:22 - 00429056 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1debug3.dll
2016-08-15 23:02 - 2016-07-15 19:22 - 00355840 _____ (Microsoft Corporation) C:\WINDOWS\system32\perf_gputiming.dll
2016-08-15 23:02 - 2016-07-15 19:19 - 01323520 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11_3SDKLayers.dll
2016-08-15 23:02 - 2016-07-15 19:16 - 05850624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsDesktopEngine.exe
2016-08-15 23:02 - 2016-07-15 19:16 - 04969472 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsRemoteEngine.exe
2016-08-15 23:02 - 2016-07-15 19:15 - 06582784 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12warp.dll
2016-08-15 23:02 - 2016-07-15 19:14 - 02485760 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d12SDKLayers.dll
2016-08-15 23:02 - 2016-07-15 19:13 - 02005504 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsOfflineAnalysis.dll
2016-08-15 23:02 - 2016-07-15 19:13 - 01198592 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXCap.exe
2016-08-15 23:02 - 2016-07-15 19:13 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsCapture.dll
2016-08-15 23:02 - 2016-07-15 19:12 - 00297984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VsGraphicsExperiment.dll
2016-08-15 23:02 - 2016-07-15 19:12 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsMonitor.dll
2016-08-15 23:02 - 2016-07-15 19:11 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\DXToolsReporting.dll
2016-08-15 23:02 - 2016-07-15 18:58 - 00094720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DxToolsReportGenerator.dll
2016-08-15 23:02 - 2016-07-15 18:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsProxyStub.dll
2016-08-15 23:02 - 2016-07-15 18:43 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARP12Debug.dll
2016-08-15 23:02 - 2016-07-15 18:42 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DWARPDebug.dll
2016-08-15 23:02 - 2016-07-15 18:41 - 00355840 _____ (Windows ® Win 7 DDK provider) C:\WINDOWS\SysWOW64\DXCpl.exe
2016-08-15 23:02 - 2016-07-15 18:41 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXGIDebug.dll
2016-08-15 23:02 - 2016-07-15 18:39 - 11670528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCaptureReplay.dll
2016-08-15 23:02 - 2016-07-15 18:38 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1debug3.dll
2016-08-15 23:02 - 2016-07-15 18:37 - 01935360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12SDKLayers.dll
2016-08-15 23:02 - 2016-07-15 18:37 - 01074176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11_3SDKLayers.dll
2016-08-15 23:02 - 2016-07-15 18:35 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\perf_gputiming.dll
2016-08-15 23:02 - 2016-07-15 18:32 - 04596224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsDesktopEngine.exe
2016-08-15 23:02 - 2016-07-15 18:32 - 03701248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsRemoteEngine.exe
2016-08-15 23:02 - 2016-07-15 18:31 - 04977664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d12warp.dll
2016-08-15 23:02 - 2016-07-15 18:29 - 00953344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXCap.exe
2016-08-15 23:02 - 2016-07-15 18:29 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsExperiment.dll
2016-08-15 23:02 - 2016-07-15 18:29 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VsGraphicsCapture.dll
2016-08-15 23:02 - 2016-07-15 18:28 - 01509888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsOfflineAnalysis.dll
2016-08-15 23:02 - 2016-07-15 18:28 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsMonitor.dll
2016-08-15 23:02 - 2016-07-15 18:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DXToolsReporting.dll
2016-08-15 22:56 - 2016-08-15 22:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2016-08-15 22:55 - 2016-08-15 22:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2016-08-15 22:54 - 2016-08-15 22:54 - 00000000 ____D C:\Program Files\Microsoft SQL Server Compact Edition
2016-08-15 22:54 - 2016-08-15 22:54 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2016-08-15 22:51 - 2016-08-15 22:51 - 00000000 ____D C:\ProgramData\PreEmptive Solutions
2016-08-15 22:51 - 2016-08-15 22:51 - 00000000 ____D C:\Program Files (x86)\ShellDir
2016-08-15 22:48 - 2016-08-15 22:48 - 00000000 ____D C:\Program Files (x86)\Microsoft Office365 Tools
2016-08-15 22:47 - 2016-08-15 22:47 - 00000000 ____D C:\ProgramData\NuGet
2016-08-15 22:47 - 2016-08-15 22:47 - 00000000 ____D C:\Program Files (x86)\NuGet
2016-08-15 22:47 - 2016-08-15 22:47 - 00000000 ____D C:\Program Files (x86)\Microsoft WCF Data Services
2016-08-15 22:46 - 2016-08-15 22:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Expression
2016-08-15 22:45 - 2016-08-15 22:45 - 00001498 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Blend for Visual Studio 2015.lnk
2016-08-15 22:44 - 2016-08-15 23:25 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 12.0
2016-08-15 22:44 - 2016-08-15 22:44 - 00000000 ____D C:\Program Files\Microsoft Visual Studio 12.0
2016-08-15 22:44 - 2016-08-15 22:44 - 00000000 ____D C:\Program Files (x86)\HTML Help Workshop
2016-08-15 22:40 - 2016-08-15 22:41 - 00000000 ____D C:\WINDOWS\SysWOW64\1033
2016-08-15 22:38 - 2016-08-15 22:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015
2016-08-15 22:35 - 2016-08-15 22:35 - 00000000 ____D C:\WINDOWS\symbols
2016-08-15 22:35 - 2016-08-15 22:35 - 00000000 ____D C:\Program Files (x86)\Microsoft Help Viewer
2016-08-15 22:33 - 2016-08-15 22:55 - 00000000 ____D C:\Program Files\Microsoft SQL Server
2016-08-15 22:33 - 2016-08-15 22:55 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server
2016-08-15 22:33 - 2016-08-15 22:33 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visual Studio 2015.lnk
2016-08-15 22:29 - 2016-08-15 23:21 - 00000000 ____D C:\Program Files (x86)\Microsoft Visual Studio 14.0
2016-08-15 22:29 - 2016-08-15 22:34 - 00000000 ____D C:\WINDOWS\system32\1033
2016-08-15 22:26 - 2016-08-15 23:20 - 00000000 ____D C:\Program Files (x86)\Microsoft SDKs
2016-08-15 18:28 - 2016-08-15 18:29 - 00000000 ____D C:\Users\mjben\Documents\WPR Files
2016-08-15 18:17 - 2016-08-15 18:17 - 00000000 ____D C:\ProgramData\WindowsPerformanceRecorder
2016-08-15 18:09 - 2016-08-15 18:09 - 00000000 ____D C:\Users\mjben\Documents\WPA Files
2016-08-15 18:08 - 2016-08-18 23:21 - 00000000 ____D C:\Users\mjben\AppData\Local\Windows Performance Analyzer
2016-08-15 16:05 - 2016-08-15 23:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Kits
2016-08-15 16:05 - 2016-08-15 22:35 - 00000000 ____D C:\Program Files (x86)\Windows Kits
2016-08-15 14:51 - 2016-08-15 14:51 - 00000882 _____ C:\WINDOWS\system32\Drivers\etc\hosts_PTbackup2.bak
2016-08-15 07:00 - 2016-08-16 00:34 - 00000000 ____D C:\Windows10Upgrade
2016-08-15 07:00 - 2016-08-15 07:01 - 00000731 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows 10 Upgrade Assistant.lnk
2016-08-15 06:43 - 2016-08-15 06:44 - 00371260 _____ C:\WINDOWS\Minidump\081516-30781-01.dmp
2016-08-15 00:48 - 2016-08-15 00:48 - 00000000 ____D C:\Users\mjben\AppData\Local\tkdata
2016-08-14 22:30 - 2016-08-14 22:31 - 00000000 ____D C:\Program Files\IDT
2016-08-14 22:14 - 2016-08-14 22:14 - 00000022 ___SH C:\Users\mjben\AppData\Roaming\App1755 Conf_DB.ind
2016-08-14 22:14 - 2016-08-14 22:14 - 00000022 ___SH C:\Users\mjben\AppData\Roaming\0BF913075E33065.xrd
2016-08-14 22:13 - 2016-08-20 01:52 - 00000000 ____D C:\Program Files (x86)\jv16 PowerTools X
2016-08-14 22:13 - 2016-08-14 22:13 - 00001937 _____ C:\Users\mjben\Desktop\jv16 PowerTools X.lnk
2016-08-14 22:13 - 2016-08-14 22:13 - 00000000 ____D C:\Users\mjben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\jv16 PowerTools X
2016-08-14 21:42 - 2016-08-14 21:42 - 00000000 ____D C:\Program Files\Common Files\Intel Security
2016-08-14 21:24 - 2016-08-21 01:56 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2016-08-13 21:47 - 2016-08-15 18:58 - 00007670 _____ C:\Users\mjben\AppData\Local\Resmon.ResmonCfg
2016-08-13 06:40 - 2016-08-23 13:48 - 00000000 __RSD C:\Users\mjben\Documents\McAfee Vaults
2016-08-13 06:40 - 2016-08-13 06:40 - 00000000 ____D C:\Users\mjben\AppData\Local\McAfee File Lock
2016-08-13 06:40 - 2016-04-20 11:00 - 00079192 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\McPvDrv.sys
2016-08-13 06:40 - 2016-02-24 21:07 - 00207968 _____ (McAfee, Inc.) C:\WINDOWS\system32\Drivers\HipShieldK.sys
2016-08-13 06:39 - 2016-08-13 06:39 - 00003142 _____ C:\WINDOWS\System32\Tasks\McAfeeLogon
2016-08-13 06:39 - 2016-08-13 06:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\McAfee
2016-08-13 06:38 - 2016-08-13 06:38 - 00000000 ____D C:\Program Files\McAfee.com
2016-08-13 06:35 - 2016-04-26 17:56 - 00277744 _____ (McAfee, Inc.) C:\WINDOWS\system32\mfevtps.exe
2016-08-12 23:08 - 2016-08-12 23:08 - 00000219 _____ C:\Users\mjben\Documents\router.txt
2016-08-12 21:16 - 2016-08-12 21:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee Security Scan Plus
2016-08-10 22:22 - 2016-08-10 22:22 - 00196668 _____ C:\WINDOWS\system32\gpresult.html
2016-08-10 21:50 - 2016-08-20 23:35 - 788884021 _____ C:\WINDOWS\MEMORY.DMP
2016-08-10 21:50 - 2016-08-10 21:50 - 00370156 _____ C:\WINDOWS\Minidump\081016-34593-01.dmp
2016-08-09 21:53 - 2016-08-12 21:16 - 00000000 ____D C:\Program Files\McAfee Security Scan
2016-08-09 21:53 - 2016-08-09 21:53 - 00000000 ____D C:\ProgramData\McAfee Security Scan
2016-08-09 21:30 - 2016-08-09 21:30 - 00000248 _____ C:\rescue.info
2016-08-09 21:20 - 2016-08-09 22:08 - 00000000 ____D C:\Users\mjben\AppData\Local\LogMeIn Rescue Applet
2016-08-09 20:48 - 2016-08-09 20:48 - 00000000 ____D C:\Users\mjben\AppData\Roaming\McAfee
2016-08-09 20:21 - 2016-08-19 20:56 - 00000000 ____D C:\Users\mjben\AppData\Roaming\McAfee TechCheck
2016-08-09 19:51 - 2016-08-09 19:51 - 00000000 ____D C:\Program Files\Common Files\Intel
2016-08-09 17:21 - 2016-08-02 02:48 - 22219328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-08-09 17:21 - 2016-08-02 02:44 - 00114192 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32u.dll
2016-08-09 17:21 - 2016-08-02 02:20 - 00210944 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-08-09 17:21 - 2016-08-02 01:55 - 03617280 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-08-09 17:21 - 2016-08-01 22:51 - 20965240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-08-09 17:21 - 2016-08-01 22:37 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-08-09 17:21 - 2016-08-01 22:33 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-08-09 17:21 - 2016-08-01 22:27 - 07623168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-08-09 17:21 - 2016-08-01 22:25 - 05398016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aclui.dll
2016-08-09 17:21 - 2016-08-01 22:23 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-08-09 17:21 - 2016-08-01 22:13 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-08-09 17:21 - 2016-08-01 22:09 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2016-08-09 17:20 - 2016-08-02 02:58 - 00168800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2016-08-09 17:20 - 2016-08-02 02:53 - 02745224 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-08-09 17:20 - 2016-08-02 02:52 - 00619368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-08-09 17:20 - 2016-08-02 02:48 - 00241496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-08-09 17:20 - 2016-08-02 02:44 - 00151232 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-08-09 17:20 - 2016-08-02 02:23 - 22572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-08-09 17:20 - 2016-08-02 02:21 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-08-09 17:20 - 2016-08-02 02:21 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakrathunk.dll
2016-08-09 17:20 - 2016-08-02 02:20 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-08-09 17:20 - 2016-08-02 02:15 - 00231424 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2016-08-09 17:20 - 2016-08-02 02:15 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-08-09 17:20 - 2016-08-02 02:14 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeveloperOptionsSettingsHandlers.dll
2016-08-09 17:20 - 2016-08-02 02:13 - 01081856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-08-09 17:20 - 2016-08-02 02:12 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-08-09 17:20 - 2016-08-02 02:11 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-08-09 17:20 - 2016-08-02 02:11 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-08-09 17:20 - 2016-08-02 02:10 - 00509952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Bluetooth.dll
2016-08-09 17:20 - 2016-08-02 02:09 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-08-09 17:20 - 2016-08-02 02:07 - 23682048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-08-09 17:20 - 2016-08-02 02:07 - 09125888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-08-09 17:20 - 2016-08-02 02:03 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-08-09 17:20 - 2016-08-02 02:00 - 05511168 _____ (Microsoft Corporation) C:\WINDOWS\system32\aclui.dll
2016-08-09 17:20 - 2016-08-02 01:59 - 08124416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-08-09 17:20 - 2016-08-02 01:58 - 01656320 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2016-08-09 17:20 - 2016-08-02 01:57 - 01491456 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-08-09 17:20 - 2016-08-02 01:56 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-08-09 17:20 - 2016-08-02 01:56 - 01785856 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-08-09 17:20 - 2016-08-02 01:56 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-08-09 17:20 - 2016-08-02 01:55 - 01508864 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-08-09 17:20 - 2016-08-02 01:52 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2016-08-09 17:20 - 2016-08-01 22:56 - 02251440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-08-09 17:20 - 2016-08-01 22:47 - 00079536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32u.dll
2016-08-09 17:20 - 2016-08-01 22:39 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-08-09 17:20 - 2016-08-01 22:37 - 00121344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakrathunk.dll
2016-08-09 17:20 - 2016-08-01 22:36 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-08-09 17:20 - 2016-08-01 22:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-08-09 17:20 - 2016-08-01 22:28 - 19423232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-08-09 17:20 - 2016-08-01 22:26 - 19417600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-08-09 17:20 - 2016-08-01 22:26 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-08-09 17:20 - 2016-08-01 22:25 - 01456640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2016-08-09 17:20 - 2016-08-01 22:16 - 06044672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-08-09 17:20 - 2016-08-01 22:13 - 01600512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-08-09 17:20 - 2016-08-01 22:12 - 02999296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-08-08 19:37 - 2016-08-08 19:37 - 00000000 _____ C:\WINDOWS\Minidump\080816-28953-01.dmp
2016-08-08 06:45 - 2016-08-08 06:45 - 00000000 ____D C:\SymCache
2016-08-08 05:25 - 2016-08-08 05:25 - 00000000 ____D C:\Users\mjben\mess ext
2016-08-07 19:06 - 2016-08-07 19:06 - 00412796 _____ C:\WINDOWS\Minidump\080716-31187-01.dmp
2016-08-07 18:16 - 2016-08-07 18:16 - 00394036 _____ C:\WINDOWS\Minidump\080716-25062-01.dmp
2016-08-06 23:11 - 2016-08-06 23:12 - 00372004 _____ C:\WINDOWS\Minidump\080616-29890-01.dmp
2016-08-06 20:57 - 2016-08-20 23:35 - 00000000 ____D C:\WINDOWS\Minidump
2016-08-06 20:57 - 2016-08-06 20:58 - 00399116 _____ C:\WINDOWS\Minidump\080616-37359-01.dmp
2016-08-06 12:13 - 2016-08-06 12:13 - 02190688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-08-06 12:13 - 2016-08-06 12:13 - 01708544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtsvc.dll
2016-08-06 12:13 - 2016-08-06 12:13 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-08-06 12:13 - 2016-08-06 12:13 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-08-06 12:13 - 2016-08-06 12:13 - 01418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-08-06 12:13 - 2016-08-06 12:13 - 01265424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-08-06 12:13 - 2016-08-06 12:13 - 01260384 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-08-06 12:13 - 2016-08-06 12:13 - 00843104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-08-06 12:13 - 2016-08-06 12:13 - 00770048 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-08-06 12:13 - 2016-08-06 12:13 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-08-06 12:13 - 2016-08-06 12:13 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-08-06 12:13 - 2016-08-06 12:13 - 00389000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wevtapi.dll
2016-08-06 12:13 - 2016-08-06 12:13 - 00297552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wevtapi.dll
2016-08-06 12:13 - 2016-08-06 12:13 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-08-06 12:13 - 2016-08-06 12:13 - 00062816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2016-08-06 12:13 - 2016-08-06 12:13 - 00000000 ____D C:\Program Files\CMAK
2016-08-06 12:13 - 2016-08-06 12:13 - 00000000 ____D C:\Program Files (x86)\CMAK
2016-08-06 12:12 - 2016-08-06 10:21 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-08-06 12:11 - 2016-08-06 12:11 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-08-06 12:09 - 2016-08-15 22:36 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-08-06 12:09 - 2016-08-06 12:09 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-08-06 12:09 - 2016-08-06 12:09 - 00000000 ____D C:\Program Files\MSBuild
2016-08-06 12:09 - 2016-08-06 12:09 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-08-06 12:08 - 2016-05-25 16:31 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2016-08-06 12:08 - 2016-05-25 16:31 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2016-08-06 12:08 - 2016-05-25 16:31 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2016-08-06 12:08 - 2016-05-25 13:03 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2016-08-06 12:08 - 2016-05-25 13:03 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2016-08-06 12:08 - 2016-05-25 13:03 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2016-08-06 11:07 - 2016-08-06 11:07 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-08-06 11:04 - 2016-08-06 11:04 - 00000000 ____D C:\ProgramData\USOShared
2016-08-06 11:03 - 2016-08-06 11:05 - 00000000 ____D C:\Users\mjben\AppData\Local\ConnectedDevicesPlatform
2016-08-06 11:03 - 2016-08-06 11:03 - 00000020 ___SH C:\Users\mjben\ntuser.ini
2016-08-06 11:02 - 2016-08-06 11:02 - 00000000 _SHDL C:\Users\Default\My Documents
2016-08-06 11:02 - 2016-08-06 11:02 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-08-06 11:02 - 2016-08-06 11:02 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-08-06 11:02 - 2016-08-06 11:02 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-08-06 11:02 - 2016-08-06 11:02 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-08-06 11:02 - 2016-08-06 11:02 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-08-06 11:02 - 2016-08-06 11:02 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-08-06 10:58 - 2016-08-06 11:01 - 00007623 _____ C:\WINDOWS\diagwrn.xml
2016-08-06 10:58 - 2016-08-06 11:01 - 00007623 _____ C:\WINDOWS\diagerr.xml
2016-08-06 10:46 - 2016-08-22 20:13 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-08-06 10:46 - 2016-08-06 10:47 - 00003764 _____ C:\WINDOWS\System32\Tasks\AMD Updater
2016-08-06 10:46 - 2016-08-06 10:46 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2016-08-06 10:46 - 2016-08-06 10:46 - 00003450 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-08-06 10:46 - 2016-08-06 10:46 - 00003308 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C3C2A489-FF9B-412C-84BE-173150267113}
2016-08-06 10:46 - 2016-08-06 10:46 - 00003226 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-08-06 10:46 - 2016-08-06 10:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-08-06 10:46 - 2016-08-06 10:46 - 00000000 ____D C:\WINDOWS\System32\Tasks\Hewlett-Packard
2016-08-06 10:36 - 2016-08-06 10:36 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2016-08-06 10:32 - 2016-08-06 10:36 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2016-08-06 10:30 - 2016-08-23 13:48 - 00000000 ____D C:\Users\mjben
2016-08-06 10:30 - 2016-08-06 10:30 - 00000000 _SHDL C:\Users\mjben\My Documents
2016-08-06 10:30 - 2016-08-06 10:30 - 00000000 _SHDL C:\Users\mjben\Documents\My Videos
2016-08-06 10:30 - 2016-08-06 10:30 - 00000000 _SHDL C:\Users\mjben\Documents\My Music
2016-08-06 10:30 - 2016-08-06 10:30 - 00000000 _RHDL C:\Users\mjben\Documents\My Pictures
2016-08-06 10:25 - 2016-08-20 09:39 - 00000000 ____D C:\ProgramData\AMD
2016-08-06 10:25 - 2016-08-06 10:36 - 00000000 ____D C:\ProgramData\Validity
2016-08-06 10:25 - 2016-08-06 10:25 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_wbf_vfs_0018_01_09_00.Wdf
2016-08-06 10:25 - 2016-08-06 10:25 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2016-08-06 10:25 - 2016-08-06 10:25 - 00000000 ____D C:\Program Files\Validity Sensors
2016-08-06 10:25 - 2016-08-06 10:25 - 00000000 ____D C:\Program Files\ATI Technologies
2016-08-06 10:24 - 2016-08-20 09:39 - 00000000 ____D C:\ProgramData\Package Cache
2016-08-06 10:24 - 2016-08-06 10:24 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2016-08-06 10:24 - 2016-08-06 10:24 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
2016-08-06 10:24 - 2016-08-06 10:24 - 00000000 ____D C:\Program Files\Synaptics
2016-08-06 10:24 - 2016-07-16 05:41 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-08-06 10:24 - 2011-03-17 03:14 - 06351872 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNGUI.exe
2016-08-06 10:24 - 2011-03-17 03:14 - 04642816 _____ (IDT, Inc.) C:\WINDOWS\system32\stlang64.dll
2016-08-06 10:24 - 2011-03-17 03:14 - 03293184 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNHP.dll
2016-08-06 10:24 - 2011-03-17 03:14 - 01523712 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNC64.cpl
2016-08-06 10:24 - 2011-03-17 03:14 - 01128448 _____ (IDT, Inc.) C:\WINDOWS\sttray64.exe
2016-08-06 10:24 - 2011-03-17 03:14 - 01020416 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNX.dll
2016-08-06 10:24 - 2011-03-17 03:14 - 00652288 ____N (IDT, Inc.) C:\WINDOWS\system32\stapi64.dll
2016-08-06 10:24 - 2011-03-17 03:14 - 00221184 _____ (IDT, Inc.) C:\WINDOWS\system32\HPToneCtrls64.dll
2016-08-06 10:24 - 2011-03-17 03:14 - 00212480 _____ (IDT, Inc.) C:\WINDOWS\system32\IDTNJ.exe
2016-08-06 10:24 - 2010-04-01 14:11 - 00162304 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTAC64.dll
2016-08-06 10:24 - 2009-10-10 00:45 - 00442368 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTEC64.dll
2016-08-06 10:24 - 2009-03-03 01:58 - 00068608 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTAR64.dll
2016-08-06 10:24 - 2009-03-03 01:47 - 00090624 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AESTCo64.dll
2016-08-06 10:23 - 2016-08-09 19:36 - 00000000 ____D C:\Program Files\AMD
2016-08-06 10:23 - 2016-08-06 10:23 - 00000000 _____ C:\WINDOWS\ativpsrm.bin
2016-08-06 10:21 - 2016-08-23 15:24 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-08-06 10:21 - 2016-08-09 19:34 - 00202608 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-08-02 12:44 - 2016-06-30 21:43 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost - Copy.exe
2016-07-30 21:57 - 2016-07-30 21:57 - 00000000 ____D C:\Users\mjben\AppData\Local\Macromedia
2016-07-30 21:56 - 2016-07-30 21:56 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-07-29 23:17 - 2016-08-23 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\McAfee
2016-07-29 23:15 - 2016-08-13 06:40 - 00000000 ____D C:\Program Files\McAfee
2016-07-29 23:14 - 2016-08-19 21:14 - 00000000 ____D C:\Program Files (x86)\McAfee
2016-07-29 23:10 - 2016-08-14 21:42 - 00000000 ____D C:\Program Files\Common Files\McAfee
2016-07-29 23:10 - 2016-08-14 21:41 - 00000000 ____D C:\ProgramData\McAfee
2016-07-29 21:17 - 2016-07-29 21:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2016-07-28 12:24 - 2016-07-28 12:24 - 00000000 ____D C:\Users\mjben\AppData\Roaming\ESET
2016-07-28 11:52 - 2016-07-28 11:52 - 01164000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfprintpthelper.dll
2016-07-28 11:52 - 2016-07-28 11:52 - 00445584 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfprint.dll
2016-07-28 11:52 - 2016-07-28 11:52 - 00419616 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfbasics.dll
2016-07-28 11:52 - 2016-07-28 11:52 - 00282528 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfluapriv.dll
2016-07-28 11:52 - 2016-07-28 11:52 - 00197760 _____ (Microsoft Corporation) C:\WINDOWS\system32\vrfcore.dll
2016-07-28 11:52 - 2016-07-28 11:52 - 00149480 _____ (Microsoft Corporation) C:\WINDOWS\system32\appverif.exe
2016-07-28 11:52 - 2016-07-28 11:52 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfnet.dll
2016-07-28 11:52 - 2016-07-28 11:52 - 00108432 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfrdvcompat.dll
2016-07-28 11:52 - 2016-07-28 11:52 - 00088672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfcompat.dll
2016-07-28 11:52 - 2016-07-28 11:52 - 00087136 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfnws.dll
2016-07-28 11:52 - 2016-07-28 11:52 - 00048712 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfcuzz.dll
2016-07-28 11:52 - 2016-07-28 11:52 - 00048136 _____ (Microsoft Corporation) C:\WINDOWS\system32\vfntlmless.dll
2016-07-28 11:52 - 2016-07-28 11:52 - 00024344 _____ (Microsoft Corporation) C:\WINDOWS\system32\cuzzapi.dll
2016-07-28 11:45 - 2016-07-28 11:45 - 00030912 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft.windows.softwarelogo.showdesktop.exe
2016-07-28 11:44 - 2016-07-28 11:44 - 01821376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ucrtbased.dll
2016-07-28 11:44 - 2016-07-28 11:44 - 00771776 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11ref.dll
2016-07-28 11:44 - 2016-07-28 11:44 - 00639680 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10sdklayers.dll
2016-07-28 11:44 - 2016-07-28 11:44 - 00464576 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10ref.dll
2016-07-28 11:44 - 2016-07-28 11:44 - 00082624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VSD3DRefDebug.dll
2016-07-28 08:08 - 2016-07-28 08:08 - 00636240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfprintpthelper.dll
2016-07-28 08:08 - 2016-07-28 08:08 - 00374928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfbasics.dll
2016-07-28 08:08 - 2016-07-28 08:08 - 00342184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfprint.dll
2016-07-28 08:08 - 2016-07-28 08:08 - 00250248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfluapriv.dll
2016-07-28 08:08 - 2016-07-28 08:08 - 00177944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vrfcore.dll
2016-07-28 08:08 - 2016-07-28 08:08 - 00121416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appverif.exe
2016-07-28 08:08 - 2016-07-28 08:08 - 00100576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfrdvcompat.dll
2016-07-28 08:08 - 2016-07-28 08:08 - 00094880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfnet.dll
2016-07-28 08:08 - 2016-07-28 08:08 - 00083888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfcompat.dll
2016-07-28 08:08 - 2016-07-28 08:08 - 00072504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfnws.dll
2016-07-28 08:08 - 2016-07-28 08:08 - 00046032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfcuzz.dll
2016-07-28 08:08 - 2016-07-28 08:08 - 00043472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vfntlmless.dll
2016-07-28 08:08 - 2016-07-28 08:08 - 00022232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cuzzapi.dll
2016-07-28 08:00 - 2016-07-28 08:00 - 01526976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ucrtbased.dll
2016-07-28 08:00 - 2016-07-28 08:00 - 00650432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11ref.dll
2016-07-28 08:00 - 2016-07-28 08:00 - 00489664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10sdklayers.dll
2016-07-28 08:00 - 2016-07-28 08:00 - 00366776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10ref.dll
2016-07-28 08:00 - 2016-07-28 08:00 - 00064704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VSD3DRefDebug.dll
2016-07-28 03:48 - 2016-07-28 03:48 - 00000218 _____ C:\Users\mjben\AppData\Local\recently-used.xbel
2016-07-28 02:55 - 2016-07-28 02:57 - 00000000 ____D C:\Users\mjben\Documents\ip rtr
2016-07-27 22:44 - 2016-07-27 22:44 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dref9.dll
2016-07-27 22:36 - 2016-07-27 22:36 - 00382976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dref9.dll
2016-07-27 22:31 - 2016-07-27 22:31 - 00131376 _____ C:\WINDOWS\system32\appverifUI.dll
2016-07-27 22:22 - 2016-07-27 22:22 - 00105776 _____ C:\WINDOWS\SysWOW64\appverifUI.dll
2016-07-26 03:22 - 2016-07-26 03:22 - 00000000 ____D C:\Users\mjben\AppData\LocalLow\YFCgames
2016-07-25 21:50 - 2016-07-25 21:50 - 00000000 ____D C:\Users\mjben\AppData\Roaming\Rainbow
2016-07-25 17:36 - 2016-07-26 14:59 - 00000000 ____D C:\Users\mjben\AppData\Roaming\Total Eclipse
2016-07-24 17:16 - 2016-08-22 09:13 - 00000000 ____D C:\ProgramData\Google
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-08-23 14:01 - 2016-07-16 05:47 - 00000000 ___HD C:\Program Files\WindowsApps
2016-08-23 14:01 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-08-22 22:47 - 2016-05-27 16:05 - 00000000 ____D C:\Program Files (x86)\Steam
2016-08-22 20:12 - 2016-07-16 00:04 - 00524288 _____ C:\WINDOWS\system32\config\BBI
2016-08-22 19:05 - 2016-05-27 15:49 - 00000000 ____D C:\Users\mjben\AppData\Local\Packages
2016-08-22 16:02 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-08-21 22:32 - 2015-10-30 01:24 - 00000176 _____ C:\WINDOWS\win.ini
2016-08-21 22:21 - 2016-06-02 00:30 - 00000000 ____D C:\Users\mjben\AppData\Local\ElevatedDiagnostics
2016-08-21 03:03 - 2016-05-27 16:13 - 00000000 ____D C:\Program Files (x86)\Google
2016-08-20 23:01 - 2016-07-16 00:04 - 00008192 _____ C:\WINDOWS\system32\config\ELAM
2016-08-20 06:36 - 2016-07-10 19:10 - 00000000 ____D C:\Program Files\Common Files\AV
2016-08-20 06:22 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\Registration
2016-08-20 05:35 - 2016-05-27 15:52 - 00000000 ___RD C:\Users\mjben\OneDrive
2016-08-20 00:28 - 2016-07-16 05:45 - 00000000 ____D C:\WINDOWS\INF
2016-08-19 17:41 - 2016-05-27 16:09 - 00000000 ____D C:\Users\mjben\AppData\Local\PackageStaging
2016-08-17 21:52 - 2016-07-16 05:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-08-17 03:47 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\rescache
2016-08-16 23:12 - 2016-05-27 15:46 - 01556244 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-08-15 23:16 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-08-15 22:30 - 2016-07-16 05:47 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-08-14 22:31 - 2016-06-04 16:50 - 00000000 ____D C:\ProgramData\Auslogics
2016-08-14 21:27 - 2016-06-26 08:24 - 00000000 ____D C:\Program Files\Wireshark
2016-08-14 21:27 - 2016-06-26 04:59 - 00000000 ____D C:\Users\mjben\AppData\Roaming\Wireshark
2016-08-14 21:26 - 2016-06-16 23:38 - 00000000 ____D C:\Program Files (x86)\Nmap
2016-08-13 06:39 - 2016-07-16 05:47 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2016-08-12 21:29 - 2015-10-30 01:24 - 00000880 _____ C:\WINDOWS\system32\Drivers\etc\hosts_PTBackup.bak
2016-08-10 22:12 - 2015-10-30 01:24 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2016-08-09 23:16 - 2015-10-30 00:28 - 00000000 ____D C:\Users\Default.migrated
2016-08-09 19:36 - 2016-05-27 15:56 - 00000000 ____D C:\AMD
2016-08-09 19:36 - 2016-02-13 07:22 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-08-09 19:32 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-08-09 19:32 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2016-08-09 19:32 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2016-08-09 19:32 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\et-EE
2016-08-09 19:32 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\es-MX
2016-08-09 19:32 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\en-GB
2016-08-09 19:32 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-08-09 19:32 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-08-09 19:10 - 2016-05-27 19:19 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-08-09 19:01 - 2016-05-27 19:19 - 147640136 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-08-08 18:34 - 2016-05-27 16:15 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-08-08 08:30 - 2002-02-13 07:29 - 00005453 _____ C:\Users\mjben\Documents\license.txt
2016-08-08 01:36 - 2016-07-09 15:19 - 00000218 _____ C:\Users\mjben\advanced_ip_scanner_Favorites.bin
2016-08-08 01:36 - 2016-06-25 20:12 - 00000858 _____ C:\Users\mjben\advanced_ip_scanner_MAC.bin
2016-08-06 12:19 - 2016-07-16 05:47 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-08-06 11:08 - 2016-05-27 15:52 - 00002402 _____ C:\Users\mjben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-08-06 11:04 - 2016-07-16 05:47 - 00000000 ____D C:\ProgramData\USOPrivate
2016-08-06 10:57 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-08-06 10:57 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\Tasks_Migrated
2016-08-06 10:44 - 2016-07-16 05:47 - 00000000 __RHD C:\Users\Public\Libraries
2016-08-06 10:36 - 2016-05-27 17:52 - 00000000 ____D C:\Users\mjben\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-06 10:36 - 2016-05-27 16:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-08-06 10:34 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-08-06 10:34 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\spool
2016-08-06 10:34 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-08-06 10:29 - 2016-07-16 00:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-08-06 10:26 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-08-06 10:26 - 2016-07-16 05:47 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-08-06 10:25 - 2016-07-16 05:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-08-06 09:42 - 2016-05-27 16:13 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-08-06 01:30 - 2016-05-27 16:13 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-07-28 03:51 - 2016-06-16 23:48 - 00000000 ____D C:\Users\mjben\.zenmap
2016-07-28 02:37 - 2016-05-27 15:50 - 00000000 ____D C:\Users\mjben\AppData\Local\Publishers
2016-07-26 12:26 - 2016-05-27 16:11 - 00000000 ____D C:\ProgramData\Avira
2016-07-24 01:10 - 2016-07-23 23:04 - 00000000 ____D C:\Users\mjben\AppData\Local\ESET
2016-07-24 01:01 - 2016-07-10 18:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
 
==================== Files in the root of some directories =======
 
2016-08-14 22:14 - 2016-08-14 22:14 - 0000022 ___SH () C:\Users\mjben\AppData\Roaming\0BF913075E33065.xrd
2016-08-14 22:14 - 2016-08-14 22:14 - 0000022 ___SH () C:\Users\mjben\AppData\Roaming\App1755 Conf_DB.ind
2016-07-28 03:48 - 2016-07-28 03:48 - 0000218 _____ () C:\Users\mjben\AppData\Local\recently-used.xbel
2016-08-13 21:47 - 2016-08-15 18:58 - 0007670 _____ () C:\Users\mjben\AppData\Local\Resmon.ResmonCfg
2016-07-16 20:31 - 2016-05-17 20:31 - 0000032 ____R () C:\ProgramData\hash.dat
 
Files to move or delete:
====================
C:\ProgramData\hash.dat
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-08-22 16:11
 
==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version: 21-08-2016 01
Ran by mjben (23-08-2016 18:33:55)
Running from C:\Users\mjben\Downloads
Windows 10 Pro Version 1607 (X64) (2016-08-06 17:02:57)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-272622730-2409571262-2050676497-500 - Administrator - Disabled)
benne (S-1-5-21-272622730-2409571262-2050676497-1003 - Limited - Disabled)
DefaultAccount (S-1-5-21-272622730-2409571262-2050676497-503 - Limited - Disabled)
Guest (S-1-5-21-272622730-2409571262-2050676497-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-272622730-2409571262-2050676497-1013 - Limited - Enabled)
mjben (S-1-5-21-272622730-2409571262-2050676497-1001 - Administrator - Enabled) => C:\Users\mjben
tkdan (S-1-5-21-272622730-2409571262-2050676497-1004 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {DA9F8ED0-D0DE-39CC-F55A-51AB4CC1B556}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: McAfee Anti-Virus and Anti-Spyware (Enabled - Up to date) {61FE6F34-F6E4-3642-CFEA-6AD93746FFEB}
FW: McAfee Firewall (Enabled) {E2A40FF5-9AB1-3894-DE05-F89EB212F22D}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Application Insights Tools for Visual Studio 2015 (HKLM-x32\...\{0E4C791E-B78E-477D-BD5A-CDD0985BA6EC}) (Version: 7.0.20622.1 - Microsoft Corporation)
Appman Sequencer on amd64 (Version: 10.1.14393.0 - Microsoft) Hidden
Assessments on Client (x32 Version: 10.1.14393.0 - Microsoft) Hidden
Azure AD Authentication Connected Service (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
AzureTools.Notifications (x32 Version: 2.7.30611.1601 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.51210.80 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Build Tools for Windows 10 - ENU (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
Build Tools for Windows 10 (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
Chrome Remote Desktop Host (HKLM-x32\...\{159AA592-31AA-4EAC-A6CB-B47AB2CB1476}) (Version: 52.0.2743.48 - Google Inc.)
CodedUITestUAP (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
Don't Starve (HKLM\...\Steam App 219740) (Version: - Klei Entertainment)
Dotfuscator and Analytics Community Edition 5.22.0 (x32 Version: 5.22.0.3788 - PreEmptive Solutions) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 52.0.2743.116 - Google Inc.)
Google Update Helper (x32 Version: 1.3.31.5 - Google Inc.) Hidden
HP 3D DriveGuard (HKLM\...\{5601F151-A69F-4E30-8C60-37928124CD07}) (Version: 4.1.9.1 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{CE7447C2-EF12-4EF3-BE51-BFC3B049C0F6}) (Version: 12.5.26.37 - HP)
IDE Tools for Windows 10 - ENU (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
IDE Tools for Windows 10 (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
IDT Audio (HKLM-x32\...\{E3A5A8AB-58F6-45FF-AFCB-C9AE18C05001}) (Version: 1.0.6330.0 - IDT)
Imaging And Configuration Designer (x32 Version: 10.1.14393.0 - Microsoft) Hidden
Imaging Designer (x32 Version: 10.1.14393.0 - Microsoft) Hidden
Imaging Tools Support (x32 Version: 10.1.14393.0 - Microsoft) Hidden
Intellisense Lang Pack Mobile Extension SDK 10.0.14393.0 (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
jv16 PowerTools X (HKLM-x32\...\jv16 PowerTools X) (Version: - Macecraft Software)
Kits Configuration Installer (x32 Version: 10.1.14393.33 - Microsoft) Hidden
McAfee Security Scan Plus (HKLM\...\McAfee Security Scan) (Version: 3.11.376.2 - McAfee, Inc.)
McAfee Virtual Technician (HKLM-x32\...\McAfee Virtual Technician) (Version: 8.1.0.174 - McAfee, Inc.)
McAfee WebAdvisor (HKLM-x32\...\{35ED3F83-4BDC-4c44-8EC6-6A8301C7413A}) (Version: 4.0.233 - McAfee, Inc.)
McAfee® Total Protection (HKLM-x32\...\MSC) (Version: 15.0.166 - McAfee, Inc.)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (ENU) (HKLM-x32\...\{290FC320-2F5A-329E-8840-C4193BD7A9EE}) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft .NET Framework 4.5.2 Multi-Targeting Pack (HKLM-x32\...\{19E8AE59-4D4A-3534-B567-6CC08FA4102E}) (Version: 4.5.51651 - Microsoft Corporation)
Microsoft .NET Framework 4.6 SDK (HKLM-x32\...\{B5915D37-0637-4A26-A3AA-C5DC9F856370}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (ENU) (HKLM-x32\...\{034547E9-D8FA-49E7-8B9C-4C9861FB9146}) (Version: 4.6.00127 - Microsoft Corporation)
Microsoft .NET Framework 4.6 Targeting Pack (HKLM-x32\...\{2CC6A4A7-AAC2-46C9-9DBB-3727B5954F65}) (Version: 4.6.00081 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 SDK (HKLM-x32\...\{2F0ECC80-B9E4-4485-8083-CD32F22ABD92}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (ENU) (HKLM-x32\...\{8EEB28EE-5141-411C-9CF0-9952264FE4AF}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 Targeting Pack (HKLM-x32\...\{8BC3EEC9-090F-4C53-A8DA-1BEC913040F9}) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Help Viewer 2.2 (HKLM-x32\...\Microsoft Help Viewer 2.2) (Version: 2.2.25420 - Microsoft Corporation)
Microsoft Silverlight (HKLM-x32\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.20513.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{FC3BB979-AA54-4B60-BBA3-2C4DA6E08D80}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{091CE6AA-2753-4F6E-AD1C-0E875744EB54}) (Version: 12.0.2402.29 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x64) - 14.0.24212 (HKLM-x32\...\{323dad84-0974-4d90-a1c1-e006c7fdbb7d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual C++ 2015 Redistributable (x86) - 14.0.24212 (HKLM-x32\...\{462f63a8-6347-4894-a1b3-dbfe3a4c981d}) (Version: 14.0.24212.0 - Microsoft Corporation)
Microsoft Visual Studio Professional 2015 with Updates (HKLM-x32\...\{68432bbb-c9a5-4a7b-bab3-ae5a49b28303}) (Version: 14.0.25420.1 - Microsoft Corporation)
Microsoft Web Deploy 3.6 (HKLM\...\{94E1227C-08A9-4962-B388-1F05D89AEA75}) (Version: 3.1238.1962 - Microsoft Corporation)
MSBuild/NuGet Integration 14.0 (x86) (x32 Version: 14.0.25420 - Microsoft Corporation) Hidden
Multi-Device Hybrid Apps using C# - Templates - ENU (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Pinball FX2 (HKLM\...\Steam App 226980) (Version: - Zen Studios)
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.5134.1 - PreEmptive Solutions) Hidden
Premium Pool (HKLM\...\Steam App 434110) (Version: - Iceflake Studios)
Project and Item Templates for Visual Studio Express 2015 for Windows 10 - ENU (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
Project and Item Templates for Visual Studio Professionald 2015 - ENU (x32 Version: 14.0.25527 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Roslyn Language Services - x86 (x32 Version: 14.0.25425 - Microsoft Corporation) Hidden
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.98 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2015 Update 3.1 (x32 Version: 14.102.25521 - Microsoft) Hidden
Test Tools for Microsoft Visual Studio 2015 (x32 Version: 14.0.23107 - Microsoft Corporation) Hidden
Toolkit Documentation (x32 Version: 10.1.14393.0 - Microsoft) Hidden
TypeScript Power Tool (x32 Version: 1.8.34.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2015 (x32 Version: 1.8.36.0 - Microsoft Corporation) Hidden
UEV Tools on amd64 (Version: 10.1.14393.0 - Microsoft) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Extension SDK (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.10150 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.0.26624 - Microsoft Corporation) Hidden
Universal CRT Headers Libraries and Sources (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Redistributable (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x64 (Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal CRT Tools x86 (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Universal General MIDI DLS Extension SDK (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Update for (KB2504637) (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}.KB2504637) (Version: 1 - Microsoft Corporation)
User State Migration Tool (x32 Version: 10.1.14393.0 - Microsoft) Hidden
Visual Studio 2015 Update 3 (KB3022398) (HKLM-x32\...\{7a68448b-9cf2-4049-bd73-5875f1aa7ba2}) (Version: 14.0.25420 - Microsoft Corporation)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.4 - VideoLAN)
VS Update core components (x32 Version: 14.0.25425 - Microsoft Corporation) Hidden
vs_update3notification (x32 Version: 14.0.25425 - Microsoft Corporation) Hidden
WCF Data Services 5.6.4 Runtime (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2015 (x32 Version: 5.6.62175.4 - Microsoft Corporation) Hidden
WinAppDeploy (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
Windows 10 Upgrade Assistant (HKLM-x32\...\{D5C69738-B486-402E-85AC-2456D98A64E4}) (Version: 1.4.9200.17350 - Microsoft Corporation)
Windows Assessment and Deployment Kit - Windows 10 (HKLM-x32\...\{39ebb79f-797c-418f-b329-97cfdf92b7ab}) (Version: 10.1.14393.0 - Microsoft Corporation)
Windows SDK AddOn (HKLM-x32\...\{45D392D2-5956-4646-9CA6-83CBF67507B6}) (Version: 10.1.0.0 - Microsoft Corporation)
Windows Software Development Kit - Windows 10.0.14393.33 (HKLM-x32\...\{f23f94c5-8bba-4202-85ad-c83d4402cdc1}) (Version: 10.1.14393.33 - Microsoft Corporation)
WinRT Intellisense Desktop - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense Desktop - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense IoT - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense PPI - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - en-us (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WinRT Intellisense UAP - Other Languages (x32 Version: 10.1.14393.33 - Microsoft Corporation) Hidden
WPT Redistributables (x32 Version: 10.1.14393.0 - Microsoft) Hidden
WPTx64 (x32 Version: 10.1.14393.0 - Microsoft) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-272622730-2409571262-2050676497-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\mjben\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0972A74C-0E06-4DA6-8426-182F0388E41C} - System32\Tasks\Intel Security DAT Reputation (AMCore) Post DAT update endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {1E3DFD9E-A4AF-45C8-9551-2718F91E47A3} - System32\Tasks\Intel Security DAT Reputation (AMCore) periodic endpoint safety pulse => C:\Program Files\Common Files\McAfee\AMContent\scanners\x86_64\datrep\54.0\mcdatrep.exe [2016-01-27] (McAfee, Inc.)
Task: {3EBBC17B-8C97-45EA-83B9-3B2240FC4EC2} - System32\Tasks\McAfeeLogon => C:\Program Files\Common Files\McAfee\Platform\McUICnt.exe [2016-07-07] (McAfee, Inc.)
Task: {438EA399-1E0C-4F14-B36E-EC8599DADDEF} - System32\Tasks\McAfee\McAfee Auto Maintenance Task Agent
Task: {442A2B04-3194-4A75-A9DD-78C93F1F7167} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2016-08-03] (HP Inc.)
Task: {748DB8A7-20E1-49D1-B3A0-F985803430EF} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {749FE3FE-E533-4C93-81C3-DA3DE1FB465B} - System32\Tasks\McAfee\McAfee Idle Detection Task
Task: {9B88543D-47E7-4A4B-858B-C94D78E3F8A9} - System32\Tasks\Microsoft\VisualStudio\VSIX Auto Update 14 => C:\Program Files (x86)\Microsoft Visual Studio 14.0\Common7\IDE\VSIXAutoUpdate.exe [2016-06-20] (Microsoft Corporation)
Task: {C9716E42-B735-429E-A8C9-4304AC98377B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-05-27] (Google Inc.)
Task: {D8EF9A85-7D38-4A4A-A076-E95B57A63D63} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Report => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSFReport.exe [2016-05-09] (Hewlett-Packard)
Task: {DA632EE7-DB73-4D68-9653-0845D0D50B87} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\mjben\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\ImplicitAppShortcuts\225bb61db2f318c1\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) -> --profile-directory="Profile 3"

==================== Loaded Modules (Whitelisted) ==============

2015-08-21 22:09 - 2015-08-21 22:09 - 00214528 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.PerformanceTuning.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 03650560 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Platform.dll
2014-02-11 07:08 - 2014-02-11 07:08 - 00817152 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Device.dll
2015-08-21 22:09 - 2015-08-21 22:09 - 00127488 _____ () C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Container.Wlan.dll
2016-07-16 05:42 - 2016-07-16 05:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-07-16 05:42 - 2016-07-16 05:42 - 02681200 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-07-16 05:42 - 2016-07-16 05:42 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-07-16 05:42 - 2016-07-16 05:42 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-08-06 11:08 - 2016-08-06 11:08 - 00959168 _____ () C:\Users\mjben\AppData\Local\Microsoft\OneDrive\17.3.6390.0509_1\amd64\ClientTelemetry.dll
2016-07-16 05:42 - 2016-07-16 05:42 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-08-09 17:20 - 2016-08-02 02:15 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-08-09 17:21 - 2016-08-02 02:01 - 09761280 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-08-09 17:21 - 2016-08-02 01:53 - 01401344 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-08-09 17:21 - 2016-08-02 01:53 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-08-09 17:21 - 2016-08-02 01:54 - 01033728 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-08-09 17:21 - 2016-08-02 01:54 - 02438144 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-08-09 17:21 - 2016-08-02 01:56 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-08-08 18:34 - 2016-08-02 17:41 - 02366280 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libglesv2.dll
2016-08-08 18:34 - 2016-08-02 17:40 - 00107848 _____ () C:\Program Files (x86)\Google\Chrome\Application\52.0.2743.116\libegl.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcapexe => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McMPFSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\McNaiAnn => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MCODS => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mcpltsvc => ""=""
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeaack.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfeavfk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefire => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfefirek.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfehidk.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfemms => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfetdi2k.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\mfevtp => ""="Service"

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\123simsen.com -> www.123simsen.com

There are 7910 more sites.


==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-30 01:24 - 2016-08-15 14:51 - 00480111 ___RA C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.winaproduct.com
127.0.0.1 www.winadiscount.com #[Dr.Web.Adware.Xbarre]
127.0.0.1 www.stickylogic.com
127.0.0.1 rt.udmserve.net
127.0.0.1 adunit.namiflow.com
127.0.0.1 ads.namiflow.com
127.0.0.1 c7.zxxds.net
127.0.0.1 c1.zxxds.net #[g1.panthercdn.com]
127.0.0.1 www.zedo.com #[Adware.RaxSearch]
127.0.0.1 yads.zedo.com
127.0.0.1 xads.zedo.com
127.0.0.1 ss7.zedo.com
127.0.0.1 ss2.zedo.com
127.0.0.1 ss1.zedo.com
127.0.0.1 simg.zedo.com
127.0.0.1 r1.zedo.com
127.0.0.1 l8.zedo.com
127.0.0.1 l6.zedo.com #[a515.g.akamai.net]
127.0.0.1 l5.zedo.com
127.0.0.1 l4.zedo.com
127.0.0.1 l3.zedo.com
127.0.0.1 l2.zedo.com
127.0.0.1 l1.zedo.com #[a1101.g.akamai.net]
127.0.0.1 h.zedo.com
127.0.0.1 gw.zedo.com
127.0.0.1 g.zedo.com #[zedo.live365.com]
127.0.0.1 freeze.zedo.com
127.0.0.1 d8.zedo.com
127.0.0.1 d7.zedo.com
127.0.0.1 d3.zedo.com

There are 13863 more lines.


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-272622730-2409571262-2050676497-1001\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
DNS Servers: 10.253.194.49
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: AESTFilters => 2
MSCONFIG\Services: AMD External Events Utility => 2
MSCONFIG\Services: AMD FUEL Service => 2
MSCONFIG\Services: chromoting => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: HomeNetSvc => 2
MSCONFIG\Services: hpqwmiex => 3
MSCONFIG\Services: hpsrv => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: McAfee SiteAdvisor Service => 2
MSCONFIG\Services: McBootDelayStartSvc => 2
MSCONFIG\Services: mccspsvc => 2
MSCONFIG\Services: McNaiAnn => 2
MSCONFIG\Services: McODS => 3
MSCONFIG\Services: mcpltsvc => 2
MSCONFIG\Services: McProxy => 2
MSCONFIG\Services: ModuleCoreService => 2
MSCONFIG\Services: MSK80Service => 3
MSCONFIG\Services: PEFService => 2
MSCONFIG\Services: STacSV => 2
MSCONFIG\Services: Steam Client Service => 3
MSCONFIG\Services: SynTPEnhService => 2
MSCONFIG\Services: valWBFPolicyService => 2
HKLM\...\StartupApproved\Run: => "SynTPEnh"
HKLM\...\StartupApproved\Run: => "SysTrayApp"
HKLM\...\StartupApproved\Run32: => "StartCCC"
HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\StartupApproved\Run: => "Steam"
HKU\S-1-5-21-272622730-2409571262-2050676497-1001\...\StartupApproved\Run: => "BlueStacks Agent"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{82384E3B-126E-4DE3-A810-902BEE660F87}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{55EF1B1D-B4A0-410D-A245-B88B10791E7A}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{8E2A8E1A-4EDA-4DC3-8236-324F45C27DC6}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1A68624D-351F-4B81-A589-2AB97178390A}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{F16F342C-9269-41F5-BEF5-86289E1F7507}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Premium Pool\PremiumPool.exe
FirewallRules: [{EB949894-28B6-40A7-ADAD-090C1FE494F4}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Premium Pool\PremiumPool.exe

==================== Restore Points =========================

18-08-2016 11:29:32 Scheduled Checkpoint
20-08-2016 00:25:40 B4sftool
21-08-2016 01:55:23 Removed Chrome Remote Desktop Host

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/23/2016 06:32:26 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MIKESPC)
Description: Activation of app MediaMobileTechnologies.7zZIPRAR_pshwwm0bwg8de!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/23/2016 06:25:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/23/2016 06:24:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/23/2016 06:24:40 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/23/2016 06:24:04 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0"1".
Dependent Assembly Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/23/2016 06:24:03 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0"1".
Dependent Assembly Microsoft.Windows.Build.Appx.AppxSip.dll,version="0.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/23/2016 06:23:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm64",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/23/2016 06:23:44 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0"1".
Dependent Assembly Microsoft.Windows.Common-Controls,language="*",processorArchitecture="arm",publicKeyToken="6595b64144ccf1df",type="win32",version="6.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (08/23/2016 06:17:36 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MIKESPC)
Description: Activation of app MediaMobileTechnologies.7zZIPRAR_pshwwm0bwg8de!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (08/23/2016 06:02:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: MIKESPC)
Description: Activation of app MediaMobileTechnologies.7zZIPRAR_pshwwm0bwg8de!App failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.


System errors:
=============
Error: (08/23/2016 06:25:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/23/2016 06:25:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/23/2016 06:25:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/23/2016 06:25:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/23/2016 06:25:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/23/2016 06:25:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/23/2016 06:25:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/23/2016 06:25:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/23/2016 06:25:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.

Error: (08/23/2016 06:25:13 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
Description: The Computer Browser service depends on the Workstation service which failed to start because of the following error:
%%1058 = The service cannot be started, either because it is disabled or because it has no enabled devices associated with it.


CodeIntegrity:
===================================
Date: 2016-08-15 05:24:12.810
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-15 05:24:12.765
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-15 05:24:12.700
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.

Date: 2016-08-15 05:24:12.656
Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows.old\Windows\WinSxS\wow64_windows-devices-perception_31bf3856ad364e35_10.0.10586.0_none_5c4fdcd072d3b010\Windows.Devices.Perception.dll because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.


==================== Memory info ===========================

Processor: AMD A4-3300M APU with Radeon™ HD Graphics
Percentage of memory in use: 42%
Total physical RAM: 7658.9 MB
Available physical RAM: 4407.23 MB
Total Virtual: 9511.9 MB
Available Virtual: 6093.61 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:231.61 GB) (Free:135.11 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 232.9 GB) (Disk ID: E2FD43BB)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=231.6 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=798 MB) - (Type=27)

==================== End of Addition.txt ============================

Attached Files


Edited by Oh My!, 27 August 2016 - 08:06 PM.


BC AdBot (Login to Remove)

 


#2 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:36 PM

Posted 27 August 2016 - 07:50 PM

Greetings Help_Computers_Sick_ and :welcome: to BleepingComputer's Virus/Trojan/Spyware/Malware Removal forum.

My name is Oh My! and I am here to help you! Now that we are "friends" please call me Gary.

If you would allow me to call you by your first name I would prefer to do that.

===================================================

Ground Rules:
  • First, I would like to inform you that most of us here at Bleeping Computer offer our expert assistance out of the goodness of our hearts. Please try to match our commitment to you with your patience toward us. If this was easy we would never have met.
  • Please do not run any tools or take any steps other than those I will provide for you while we work on your computer together. I need to be certain about the state of your computer in order to provide appropriate and effective steps for you to take. Most often "well intentioned" (and usually panic driven!) independent efforts can make things much worse for both of us. If at any point you would prefer to take your own steps please let me know, I will not be offended. I would be happy to focus on the many others who are waiting in line for assistance.
  • Please perform all steps in the order they are listed in each set of instructions. Some steps may be a bit complicated. If things are not clear, be sure to stop and let me know. We need to work on this together with confidence.
  • Please copy and paste all logs into your post unless directed otherwise. Please do not re-run any programs I suggest. If you encounter problems simply stop and tell me.
  • When you post your reply, use the Replytopic.jpg button instead.
  • In the upper right hand corner of the topic you will see the Followtopic.jpg button. Click on this then choose Immediate E-Mail notification and then Proceed and you will be sent an email once I have posted a response.
  • If you do not reply to your topic after 5 days we assume it has been abandoned and I will close it.
  • When your computer is clean I will alert you of such. I will also provide for you detailed information about how you can combat future infections.
  • I would like to remind you to make no further changes to your computer unless I direct you to do so.
===================================================

Now that I am assisting you, you can expect that I will be very responsive to your situation. If you are able, I would request you check this thread at least once per day so that we can try to resolve your issues effectively and efficiently. If you are going to be delayed please be considerate and post that information so that I know you are still with me. Unfortunately, there are many people waiting to be assisted and not enough of us at BleepingComputer to go around. I appreciate your understanding and diligence.

Thank you for your patience thus far. Please allow me just a bit of time to review what you have posted.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#3 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:36 PM

Posted 27 August 2016 - 08:19 PM

Thank you again for your patience. Please do this.

===================================================

Uninstalling a Program using Add/Remove Program

--------------------

BleepingComputer does not recommend the use of registry cleaning programs. I recommend the uninstalling of the below listed program(s). If you desire to keep the program I would ask that you reinstall it following our efforts here.
  • Press windows key Windows_Logo_key.gif + r on your keyboard at the same time
  • Type appwiz.cpl and press Enter
  • A list of installed programs will be displayed
  • Uninstall the following by clicking on the program(s) below (and any other similar names) and selecting Remove or Uninstall

jv16 PowerTools

  • Reboot your computer
===================================================

Farbar's Recovery Scan Tool - Run Fix in Normal or Safe Mode

--------------------
  • Press the Windows key Windows_Logo_key.gif + r on your keyboard at the same time. Type in notepad and press Enter
  • Please copy and paste the contents of the below code box into the open notepad and save it as fixlist.txt in the same location/folder as FRST.exe (<<<Important)
CreateRestorePoint:
CloseProcesses:
GroupPolicyScripts: Restriction <======= ATTENTION
CHR Extension: (ShowIp) - C:\Users\mjben\AppData\Local\Google\Chrome\User Data\Backup Default\Extensions\agoljmemkbciolpigpabjfkagboolkcj [2016-06-04]
2016-08-08 05:25 - 2016-08-08 05:25 - 00000000 ____D C:\Users\mjben\mess ext
C:\ProgramData\hash.dat
2016-07-24 01:01 - 2016-07-10 18:44 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
S4 chromoting; "C:\Program Files (x86)\Google\Chrome Remote Desktop\52.0.2743.48\remoting_host.exe" --type=daemon --host-config="C:\ProgramData\Google\Chrome Remote Desktop\host.json"
C:\ProgramData\Google\Chrome Remote Desktop
2016-08-23 17:50 - 2016-08-23 18:23 - 00000000 ____D C:\Program Files\Plumbytes Software
2016-08-23 17:50 - 2016-08-23 18:22 - 00000000 ____D C:\Users\mjben\AppData\Local\{698D0BA5-6E4B-44BD-9F9A-AA32F2E98D9A}
2016-08-23 17:48 - 2016-08-23 17:49 - 00582416 _____ (Plumbytes Software) C:\Users\mjben\Downloads\antimalwaresetup.exe
Zip: C:\WINDOWS\Minidump
  • Right click on FRST.exe, select Run as administrator then press the Fix button
  • When completed he tool will create a log on the desktop called Fixlog.txt. Please copy and paste the contents of the file in your reply.
  • An Upload.zip file will be placed on your Desktop. Attach that file to your reply
===================================================

Things I would like to see in your next reply. Please be sure to copy and paste any requested log information unless you are asked to attach it. :thumbsup2:
  • Did jv16 PowerTools uninstall?
  • Fixlog
  • Attached Upload.zip file

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#4 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:36 PM

Posted 30 August 2016 - 09:38 AM

Greetings,

===================================================

Do You Still Need Help?

It has been 3 days since my last post.
  • Do you still need help with this?
  • If you have not replied within 48 hours I will assume you have abandoned the Topic and it will be closed.

Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."

#5 Oh My!

Oh My!

    Adware and Spyware and Malware.....


  • Malware Response Instructor
  • 37,033 posts
  • ONLINE
  •  
  • Gender:Male
  • Location:California
  • Local time:05:36 PM

Posted 01 September 2016 - 08:51 AM

Due to the lack of feedback, this topic is now closed.

In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days.

Please include a link to your topic in the Private Message. Thank you.
Gary
 
If I do not reply within 24 hours please send me a Personal Message.

"Lord, to whom would we go? You have the words that give eternal life. We believe, and we know you are the Holy One of God."




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users