Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Questionable entries in FRST log among other things


  • This topic is locked This topic is locked
16 replies to this topic

#1 Q-Bertha

Q-Bertha

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 12 December 2016 - 04:51 PM

I was wondering if you could take a look at this and advise me if it looks like I have an infection.

Netstat shows multiple intermittent TCP connections to remote IPv6 addresses on ports 80 and 443 from explorer.exe when browsers are closed (this was noticed after visiting site with invalid security certificate).
CCleaner's cookie manager only shows Edge cookies, no IE ones (even if they should be present) on one account; aboutads.info shows opt-out cookies present for IE, regardless of whether cookies are enabled or not.

Some HD videos on YouTube seem to be jittery, or have horizontal lines when there is quick movement in them.
Web mail inbox contained different "From" address than real one in email, which reverted back after a page refresh.
Was prompted with, "An unknown program wants to change your homepage to about:tabs." (which it was already set to) upon every launch of Internet Explorer for a while..
Folder settings (such as sort order) and file save location continually change by themselves.
Sometimes keys need a second press.
Some text under Processes in Task Manager has been garbled.
Computer/monitor sometimes wake on their own.
Web sites are sometimes unavailable when they are available on other devices.
Computer sometimes stays unlocked when on sign-in screen.
Internet access was unavailable before disconnecting Ethernet cable for period of time, same thing happened twice..

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 05-12-2016
Ran by Susan (ATTENTION: The user is not administrator) on DESKTOP-5OSS0UM (06-12-2016 01:55:19)
Running from C:\Users\Susan\Desktop
Loaded Profiles: Susan (Available Profiles: Susan & Sheldon & Sheldon (2) & SheldonAdministrator)
Platform: Microsoft Windows 10 Home Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> winlogon.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> atiesrxx.exe
Failed to access process -> atieclxx.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> sched.exe
Failed to access process -> avguard.exe
Failed to access process -> armsvc.exe
Failed to access process -> svchost.exe
Failed to access process -> Avira.ServiceHost.exe
Failed to access process -> svchost.exe
Failed to access process -> avshadow.exe
Failed to access process -> SearchIndexer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.9.261.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
Failed to access process -> svchost.exe
Failed to access process -> fontdrvhost.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
Failed to access process -> WmiPrvSE.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.10.0_x86__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [916072 2016-10-27] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6854360 2016-08-05] (Piriform Ltd)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{daa20c35-45d5-41b2-bb87-3400740b8b44}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> DefaultScope {E6293044-5C49-48D3-9790-9FC761004AA3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSS&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> {E6293044-5C49-48D3-9790-9FC761004AA3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
Toolbar: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File

FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1089088 2016-10-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [475232 2016-10-27] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [475232 2016-10-27] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1488240 2016-10-27] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [349512 2016-11-15] (Avira Operations GmbH & Co. KG)
R3 lmhosts; C:\WINDOWS\System32\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [126064 2016-10-27] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [151784 2016-10-06] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44208 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [66872 2016-08-18] (Avira Operations GmbH & Co. KG)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-06 01:55 - 2016-12-06 01:55 - 00008409 _____ C:\Users\Susan\Desktop\FRST.txt
2016-12-06 01:54 - 2016-12-06 01:55 - 00000000 ____D C:\FRST
2016-12-06 01:44 - 2016-12-06 01:53 - 01761792 _____ (Farbar) C:\Users\Susan\Desktop\FRST.exe
2016-11-28 17:37 - 2016-11-28 17:37 - 00000000 ____D C:\Users\Public\Documents\Call Logs
2016-11-24 05:29 - 2016-11-24 05:29 - 00000207 _____ C:\Users\Public\Documents\sl.txt
2016-11-23 21:48 - 2016-11-23 22:09 - 00000000 ____D C:\Users\Public\Documents\New folder
2016-11-22 14:21 - 2016-11-22 14:21 - 00001163 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2016-11-12 23:41 - 2016-11-12 23:41 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2016-11-09 07:45 - 2016-11-02 06:01 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-11-09 07:45 - 2016-11-02 06:01 - 00315744 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-11-09 07:45 - 2016-11-02 05:24 - 00890984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-11-09 07:45 - 2016-11-02 05:24 - 00783552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-11-09 07:45 - 2016-11-02 05:23 - 00945760 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-11-09 07:45 - 2016-11-02 05:22 - 06020448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-11-09 07:45 - 2016-11-02 05:22 - 00601712 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleaut32.dll
2016-11-09 07:45 - 2016-11-02 05:21 - 00570720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-11-09 07:45 - 2016-11-02 05:21 - 00276320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-11-09 07:45 - 2016-11-02 05:12 - 00341344 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-11-09 07:45 - 2016-11-02 05:09 - 02257104 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-11-09 07:45 - 2016-11-02 05:09 - 00544088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhdmp.sys
2016-11-09 07:45 - 2016-11-02 05:06 - 00080224 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll
2016-11-09 07:45 - 2016-11-02 05:05 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-11-09 07:45 - 2016-11-02 05:05 - 06657176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-11-09 07:45 - 2016-11-02 05:05 - 03892352 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-11-09 07:45 - 2016-11-02 05:05 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-11-09 07:45 - 2016-11-02 05:05 - 00951904 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-11-09 07:45 - 2016-11-02 05:05 - 00313088 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-11-09 07:45 - 2016-11-02 05:01 - 01425000 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2016-11-09 07:45 - 2016-11-02 05:01 - 01413664 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-11-09 07:45 - 2016-11-02 05:01 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-11-09 07:45 - 2016-11-02 05:01 - 00545936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-11-09 07:45 - 2016-11-02 05:01 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\input.dll
2016-11-09 07:45 - 2016-11-02 05:00 - 00042336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\iorate.sys
2016-11-09 07:45 - 2016-11-02 04:51 - 00327168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-11-09 07:45 - 2016-11-02 04:49 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-11-09 07:45 - 2016-11-02 04:49 - 00037376 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-11-09 07:45 - 2016-11-02 04:48 - 00095232 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSpkg.dll
2016-11-09 07:45 - 2016-11-02 04:47 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-11-09 07:45 - 2016-11-02 04:46 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-11-09 07:45 - 2016-11-02 04:46 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-11-09 07:45 - 2016-11-02 04:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsensorgroup.dll
2016-11-09 07:45 - 2016-11-02 04:45 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcTok.exe
2016-11-09 07:45 - 2016-11-02 04:45 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dab.dll
2016-11-09 07:45 - 2016-11-02 04:45 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-11-09 07:45 - 2016-11-02 04:44 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-11-09 07:45 - 2016-11-02 04:44 - 00222720 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkBindingEngineMigPlugin.dll
2016-11-09 07:45 - 2016-11-02 04:44 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-11-09 07:45 - 2016-11-02 04:43 - 00731136 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d8.dll
2016-11-09 07:45 - 2016-11-02 04:43 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-11-09 07:45 - 2016-11-02 04:43 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-11-09 07:45 - 2016-11-02 04:43 - 00270336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll
2016-11-09 07:45 - 2016-11-02 04:43 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\FSClient.dll
2016-11-09 07:45 - 2016-11-02 04:42 - 00866816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2016-11-09 07:45 - 2016-11-02 04:42 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-11-09 07:45 - 2016-11-02 04:42 - 00549376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenterCPL.dll
2016-11-09 07:45 - 2016-11-02 04:42 - 00322560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpAXHolder.dll
2016-11-09 07:45 - 2016-11-02 04:42 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-11-09 07:45 - 2016-11-02 04:42 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-11-09 07:45 - 2016-11-02 04:42 - 00202752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.HumanInterfaceDevice.dll
2016-11-09 07:45 - 2016-11-02 04:42 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkUXBroker.dll
2016-11-09 07:45 - 2016-11-02 04:41 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\FlightSettings.dll
2016-11-09 07:45 - 2016-11-02 04:41 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ubpm.dll
2016-11-09 07:45 - 2016-11-02 04:41 - 00136704 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockScreenContent.dll
2016-11-09 07:45 - 2016-11-02 04:40 - 01375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-11-09 07:45 - 2016-11-02 04:40 - 00548352 _____ (Microsoft Corporation) C:\WINDOWS\system32\ddraw.dll
2016-11-09 07:45 - 2016-11-02 04:40 - 00493056 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2016-11-09 07:45 - 2016-11-02 04:40 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.UserAccountsHandlers.dll
2016-11-09 07:45 - 2016-11-02 04:40 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-11-09 07:45 - 2016-11-02 04:39 - 00482304 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-11-09 07:45 - 2016-11-02 04:39 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2016-11-09 07:45 - 2016-11-02 04:39 - 00236544 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAnimation.dll
2016-11-09 07:45 - 2016-11-02 04:38 - 01013248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-11-09 07:45 - 2016-11-02 04:38 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-11-09 07:45 - 2016-11-02 04:37 - 19415040 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-11-09 07:45 - 2016-11-02 04:37 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-11-09 07:45 - 2016-11-02 04:36 - 19415552 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-11-09 07:45 - 2016-11-02 04:36 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-11-09 07:45 - 2016-11-02 04:36 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bowser.sys
2016-11-09 07:45 - 2016-11-02 04:36 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetailsUpdate.dll
2016-11-09 07:45 - 2016-11-02 04:33 - 12349952 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-11-09 07:45 - 2016-11-02 04:33 - 03307520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-11-09 07:45 - 2016-11-02 04:33 - 00598528 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcRefreshTask.dll
2016-11-09 07:45 - 2016-11-02 04:32 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-11-09 07:45 - 2016-11-02 04:31 - 03196416 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-11-09 07:45 - 2016-11-02 04:31 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-11-09 07:45 - 2016-11-02 04:31 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\olepro32.dll
2016-11-09 07:45 - 2016-11-02 04:30 - 12175360 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-11-09 07:45 - 2016-11-02 04:30 - 00134144 _____ (Microsoft Corporation) C:\WINDOWS\system32\ErrorDetails.dll
2016-11-09 07:45 - 2016-11-02 04:29 - 07469056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-11-09 07:45 - 2016-11-02 04:29 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-11-09 07:45 - 2016-11-02 04:29 - 01247232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Globalization.dll
2016-11-09 07:45 - 2016-11-02 04:29 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\FrameServer.dll
2016-11-09 07:45 - 2016-11-02 04:29 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\NPSM.dll
2016-11-09 07:45 - 2016-11-02 04:28 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-11-09 07:45 - 2016-11-02 04:28 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-11-09 07:45 - 2016-11-02 04:28 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-11-09 07:45 - 2016-11-02 04:27 - 01056768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-11-09 07:45 - 2016-11-02 04:27 - 00580608 _____ (Microsoft Corporation) C:\WINDOWS\system32\hgcpl.dll
2016-11-09 07:45 - 2016-11-02 04:26 - 02747392 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcore.dll
2016-11-09 07:45 - 2016-11-02 04:26 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-11-09 07:45 - 2016-11-02 04:26 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-11-09 07:45 - 2016-11-02 04:26 - 01509376 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll
2016-11-09 07:45 - 2016-11-02 04:26 - 01235968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-11-09 07:45 - 2016-11-02 04:26 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-11-09 07:45 - 2016-11-02 04:26 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2016-11-09 07:45 - 2016-11-02 04:26 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-11-09 07:45 - 2016-11-02 04:25 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-11-09 07:45 - 2016-11-02 04:25 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-11-09 07:45 - 2016-11-02 04:25 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-11-09 07:45 - 2016-11-02 04:23 - 03106304 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstsc.exe
2016-11-09 07:45 - 2016-11-02 04:23 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\GlobCollationHost.dll
2016-11-09 07:45 - 2016-11-02 03:11 - 00788624 _____ C:\WINDOWS\system32\locale.nls
2016-11-09 07:45 - 2016-10-27 21:11 - 00446896 _____ C:\WINDOWS\system32\ApnDatabase.xml
2016-11-09 07:44 - 2016-11-02 05:23 - 01073816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-11-09 07:44 - 2016-11-02 05:22 - 01583112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-11-09 07:44 - 2016-11-02 05:21 - 01957216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-11-09 07:44 - 2016-11-02 05:10 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-11-09 07:44 - 2016-11-02 05:08 - 00602464 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-11-09 07:44 - 2016-11-02 05:08 - 00111968 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2016-11-09 07:44 - 2016-11-02 05:04 - 04312248 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-11-09 07:44 - 2016-11-02 05:04 - 00596832 _____ (Microsoft Corporation) C:\WINDOWS\system32\comctl32.dll
2016-11-09 07:44 - 2016-11-02 04:50 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-11-09 07:44 - 2016-11-02 04:47 - 00285184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2016-11-09 07:44 - 2016-11-02 04:47 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-11-09 07:44 - 2016-11-02 04:46 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkDesktopSettings.dll
2016-11-09 07:44 - 2016-11-02 04:46 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-11-09 07:44 - 2016-11-02 04:45 - 00492032 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-11-09 07:44 - 2016-11-02 04:45 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2016-11-09 07:44 - 2016-11-02 04:44 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthExt.dll
2016-11-09 07:44 - 2016-11-02 04:43 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll
2016-11-09 07:44 - 2016-11-02 04:42 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-11-09 07:44 - 2016-11-02 04:42 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-11-09 07:44 - 2016-11-02 04:41 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-11-09 07:44 - 2016-11-02 04:40 - 00896512 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontext.dll
2016-11-09 07:44 - 2016-11-02 04:38 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\appwiz.cpl
2016-11-09 07:44 - 2016-11-02 04:36 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-11-09 07:44 - 2016-11-02 04:32 - 03776000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-11-09 07:44 - 2016-11-02 04:28 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-11-09 07:44 - 2016-11-02 04:27 - 02458112 _____ (Microsoft Corporation) C:\WINDOWS\system32\themecpl.dll
2016-11-09 07:44 - 2016-11-02 04:27 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.dll
2016-11-09 07:44 - 2016-11-02 04:26 - 03595776 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll
2016-11-09 07:44 - 2016-11-02 04:26 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-11-09 07:44 - 2016-11-02 04:26 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-11-09 07:44 - 2016-11-02 04:26 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-11-09 07:44 - 2016-11-02 04:23 - 02356736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSVidCtl.dll
2016-11-09 07:44 - 2016-08-01 22:30 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-06 00:52 - 2016-06-06 04:40 - 00979530 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-06 00:48 - 2016-09-14 07:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-06 00:48 - 2016-09-14 07:35 - 00000000 ____D C:\Users\Susan
2016-12-06 00:46 - 2016-09-30 04:51 - 00000682 _____ C:\Users\Public\Documents\4.txt
2016-12-06 00:39 - 2016-09-14 07:35 - 00000000 ____D C:\Users\Sheldon
2016-12-05 20:24 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-05 15:54 - 2016-08-03 17:11 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-04 18:16 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-03 18:38 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-03 17:36 - 2016-07-16 02:29 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-02 15:35 - 2016-06-06 04:41 - 00000000 ____D C:\Users\Susan\AppData\Local\Packages
2016-11-30 01:53 - 2016-08-17 23:10 - 00001351 _____ C:\Users\Susan\Desktop\PC Problems.txt
2016-11-28 17:52 - 2016-09-02 18:07 - 00000233 _____ C:\Users\Public\Documents\Wrong Numbers.txt
2016-11-22 14:21 - 2016-08-25 01:24 - 00000000 ____D C:\ProgramData\Package Cache
2016-11-22 14:21 - 2016-08-25 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-11-12 23:41 - 2016-07-16 02:28 - 00000000 ____D C:\WINDOWS\INF
2016-11-12 00:16 - 2016-09-14 07:35 - 00000000 ____D C:\Users\Sheldon (2)
2016-11-10 08:11 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\rescache
2016-11-10 01:13 - 2016-04-26 22:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-11-09 09:44 - 2016-09-14 07:29 - 00192880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-11-09 09:43 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-11-09 09:43 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-11-09 09:43 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-11-09 09:42 - 2016-07-16 02:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-11-09 09:42 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-11-09 09:42 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-11-09 07:57 - 2016-07-16 02:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-11-09 07:56 - 2016-06-06 05:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-11-09 07:52 - 2016-06-06 05:44 - 138444440 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

Attached Files



BC AdBot (Login to Remove)

 


#2 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,733 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:01:53 AM

Posted 17 December 2016 - 04:55 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/634660 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#3 Q-Bertha

Q-Bertha
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 17 December 2016 - 07:26 PM

I forgot to mention:
Files/Folders move to Recycle Bin when deleted, without being prompted.
YouTube search results seem to be modified.
Also, Windows Store icon on taskbar disappeared from one user account after backing up to external hard drive since original post; restored it by pinning to taskbar again.

I have scanned with Avira and Malwarebytes Anti-Malware and didn't find anything.
Have original Windows 7 disc available (but I upgraded to Windows 10).

 

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2016
Ran by Susan (ATTENTION: The user is not administrator) on DESKTOP-5OSS0UM (17-12-2016 17:39:23)
Running from C:\Users\Susan\Desktop
Loaded Profiles: Susan & Sheldon (Available Profiles: Susan & Sheldon & Sheldon (2) & SheldonAdministrator)
Platform: Microsoft Windows 10 Home Version 1607 (X86) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

Failed to access process -> smss.exe
Failed to access process -> csrss.exe
Failed to access process -> wininit.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> services.exe
Failed to access process -> lsass.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> dwm.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> atiesrxx.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> svchost.exe
Failed to access process -> spoolsv.exe
Failed to access process -> sched.exe
Failed to access process -> armsvc.exe
Failed to access process -> avguard.exe
Failed to access process -> svchost.exe
Failed to access process -> Avira.ServiceHost.exe
Failed to access process -> svchost.exe
Failed to access process -> avshadow.exe
Failed to access process -> atieclxx.exe
Failed to access process -> svchost.exe
Failed to access process -> SearchIndexer.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe
(Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe
Failed to access process -> fontdrvhost.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
Failed to access process -> csrss.exe
Failed to access process -> winlogon.exe
Failed to access process -> dwm.exe
Failed to access process -> atieclxx.exe
Failed to access process -> svchost.exe
Failed to access process -> sihost.exe
Failed to access process -> taskhostw.exe
Failed to access process -> explorer.exe
Failed to access process -> RuntimeBroker.exe
Failed to access process -> ShellExperienceHost.exe
Failed to access process -> SystemSettingsBroker.exe
Failed to access process -> avgnt.exe
Failed to access process -> OneDrive.exe
Failed to access process -> Avira.Systray.exe
Failed to access process -> ApplicationFrameHost.exe
Failed to access process -> fontdrvhost.exe
Failed to access process -> dllhost.exe
Failed to access process -> svchost.exe
Failed to access process -> MicrosoftEdge.exe
Failed to access process -> browser_broker.exe
Failed to access process -> InstallAgent.exe
Failed to access process -> smartscreen.exe
Failed to access process -> MicrosoftEdgeCP.exe
Failed to access process -> MicrosoftEdgeCP.exe
Failed to access process -> MicrosoftEdgeCP.exe
Failed to access process -> SystemSettings.exe
Failed to access process -> SearchUI.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.10211.0_x86__8wekyb3d8bbwe\Music.UI.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
Failed to access process -> taskhostw.exe
Failed to access process -> SettingSyncHost.exe
Failed to access process -> LogonUI.exe
Failed to access process -> LockAppHost.exe
Failed to access process -> LockApp.exe
Failed to access process -> WinStore.App.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x86__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
Failed to access process -> SearchProtocolHost.exe
Failed to access process -> SearchFilterHost.exe
Failed to access process -> WmiPrvSE.exe

==================== Registry (Whitelisted) ====================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [917576 2016-12-14] (Avira Operations GmbH & Co. KG)
HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG)
HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [6854360 2016-08-05] (Piriform Ltd)
HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\...\RunOnce: [Uninstall 17.3.6517.0809_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1"

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{daa20c35-45d5-41b2-bb87-3400740b8b44}: [DhcpNameServer] 192.168.1.1

Internet Explorer:
==================
HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs
URLSearchHook: [S-1-5-21-2205677902-1374044427-3654136016-1002] ATTENTION => Default URLSearchHook is missing
SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> DefaultScope {E6293044-5C49-48D3-9790-9FC761004AA3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSS&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869
SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> {E6293044-5C49-48D3-9790-9FC761004AA3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}
Toolbar: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} -  No File

FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN)
FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.)

==================== Services (Whitelisted) ====================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1089592 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG)
S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1490296 2016-12-14] (Avira Operations GmbH & Co. KG)
R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG)
R3 lmhosts; C:\WINDOWS\System32\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 NlaSvc; C:\WINDOWS\System32\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
R2 nsi; C:\WINDOWS\system32\svchost.exe [38792 2016-07-16] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation)

===================== Drivers (Whitelisted) ======================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [124552 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [152816 2016-12-14] (Avira Operations GmbH & Co. KG)
R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44208 2016-08-18] (Avira Operations GmbH & Co. KG)
R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [66872 2016-08-18] (Avira Operations GmbH & Co. KG)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] ()
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-17 17:39 - 2016-12-17 17:39 - 00000000 ____D C:\Users\Susan\Desktop\FRST-OlderVersion
2016-12-15 18:01 - 2016-10-17 01:44 - 31343344 _____ (Open Media LLC ) C:\Users\Public\Documents\4kvideodownloader_4.1 (1).exe
2016-12-15 18:01 - 2016-08-10 23:49 - 30261168 _____ (Symantec Corporation) C:\Users\Public\Documents\NortonIdentitySafe-EN-v1.exe
2016-12-15 18:01 - 2016-07-30 01:08 - 28446216 _____ (Open Media LLC ) C:\Users\Public\Documents\4kvideodownloader_4.1.exe
2016-12-15 18:01 - 2016-07-25 22:39 - 15258736 _____ (Sling Media Inc.) C:\Users\Public\Documents\WBSP_IE_Setup.exe
2016-12-14 19:45 - 2016-12-09 04:14 - 06019936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 19:45 - 2016-12-09 04:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 19:45 - 2016-12-09 03:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 19:45 - 2016-12-09 03:52 - 01344992 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 19:45 - 2016-12-09 03:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 19:45 - 2016-12-09 03:37 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 19:45 - 2016-12-09 03:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-12-14 19:45 - 2016-12-09 03:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll
2016-12-14 19:45 - 2016-12-09 03:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 19:45 - 2016-12-09 03:22 - 03776000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 19:45 - 2016-12-09 03:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 19:45 - 2016-12-09 03:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 19:45 - 2016-12-09 03:18 - 01235456 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 19:45 - 2016-12-09 03:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 19:45 - 2016-12-09 03:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 19:45 - 2016-12-09 03:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 19:45 - 2016-12-09 03:16 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 19:45 - 2016-09-15 10:53 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2016-12-14 19:44 - 2016-12-09 04:54 - 01415520 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 19:44 - 2016-12-09 04:54 - 00115552 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 19:44 - 2016-12-09 04:16 - 00890984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 19:44 - 2016-12-09 04:16 - 00784064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 19:44 - 2016-12-09 04:12 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 19:44 - 2016-12-09 04:11 - 02048496 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 19:44 - 2016-12-09 04:10 - 00583136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 19:44 - 2016-12-09 04:09 - 00133296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 19:44 - 2016-12-09 04:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 19:44 - 2016-12-09 04:01 - 01897824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 19:44 - 2016-12-09 04:01 - 00551264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 19:44 - 2016-12-09 04:01 - 00342880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 19:44 - 2016-12-09 04:00 - 00523784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 19:44 - 2016-12-09 04:00 - 00117720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 19:44 - 2016-12-09 03:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 19:44 - 2016-12-09 03:55 - 00198496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 19:44 - 2016-12-09 03:52 - 01413664 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 19:44 - 2016-12-09 03:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 19:44 - 2016-12-09 03:37 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 19:44 - 2016-12-09 03:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 19:44 - 2016-12-09 03:35 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 19:44 - 2016-12-09 03:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 19:44 - 2016-12-09 03:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 19:44 - 2016-12-09 03:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 19:44 - 2016-12-09 03:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 19:44 - 2016-12-09 03:28 - 01284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 19:44 - 2016-12-09 03:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 19:44 - 2016-12-09 03:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 19:44 - 2016-12-09 03:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 19:44 - 2016-12-09 03:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 19:44 - 2016-12-09 03:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 19:44 - 2016-12-09 03:17 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 19:44 - 2016-12-09 03:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 19:44 - 2016-12-09 03:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 19:44 - 2016-12-09 03:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 19:44 - 2016-12-09 03:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 19:44 - 2016-12-09 03:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-13 19:54 - 2016-12-13 19:54 - 00000043 _____ C:\Users\Public\Documents\cy.txt
2016-12-13 17:20 - 2016-12-13 17:20 - 00000212 _____ C:\Users\Public\Documents\game.txt
2016-12-10 02:10 - 2016-11-11 01:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-10 02:10 - 2016-11-11 01:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-10 02:10 - 2016-11-11 01:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-10 02:10 - 2016-11-11 01:42 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-10 02:10 - 2016-11-11 01:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-10 02:10 - 2016-11-11 01:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-10 02:10 - 2016-11-11 01:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-10 02:10 - 2016-11-11 01:15 - 01722368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-10 02:10 - 2016-11-11 01:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-10 02:10 - 2016-11-11 01:15 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-10 02:10 - 2016-11-11 01:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-10 02:10 - 2016-11-11 01:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-10 02:09 - 2016-11-11 02:07 - 00448864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-10 02:09 - 2016-11-11 02:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-10 02:09 - 2016-11-11 02:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-10 02:09 - 2016-11-11 01:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-10 02:09 - 2016-11-11 01:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-10 02:09 - 2016-11-11 01:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-10 02:09 - 2016-11-11 01:45 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-10 02:09 - 2016-11-11 01:45 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-10 02:09 - 2016-11-11 01:45 - 00261984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-10 02:09 - 2016-11-11 01:45 - 00175968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-10 02:09 - 2016-11-11 01:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-10 02:09 - 2016-11-11 01:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-10 02:09 - 2016-11-11 01:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-10 02:09 - 2016-11-11 01:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-10 02:09 - 2016-11-11 01:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-10 02:09 - 2016-11-11 01:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-10 02:09 - 2016-11-11 01:27 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-10 02:09 - 2016-11-11 01:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-10 02:09 - 2016-11-11 01:26 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-10 02:09 - 2016-11-11 01:25 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-10 02:09 - 2016-11-11 01:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-10 02:09 - 2016-11-11 01:25 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-10 02:09 - 2016-11-11 01:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-10 02:09 - 2016-11-11 01:24 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-10 02:09 - 2016-11-11 01:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-10 02:09 - 2016-11-11 01:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-10 02:09 - 2016-11-11 01:24 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-10 02:09 - 2016-11-11 01:24 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-10 02:09 - 2016-11-11 01:23 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-10 02:09 - 2016-11-11 01:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-10 02:09 - 2016-11-11 01:23 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-10 02:09 - 2016-11-11 01:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-10 02:09 - 2016-11-11 01:22 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-10 02:09 - 2016-11-11 01:22 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-10 02:09 - 2016-11-11 01:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-10 02:09 - 2016-11-11 01:21 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-10 02:09 - 2016-11-11 01:21 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-10 02:09 - 2016-11-11 01:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-10 02:09 - 2016-11-11 01:20 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-10 02:09 - 2016-11-11 01:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-10 02:09 - 2016-11-11 01:19 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-10 02:09 - 2016-11-11 01:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-10 02:09 - 2016-11-11 01:18 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-10 02:09 - 2016-11-11 01:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-10 02:09 - 2016-11-11 01:18 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-10 02:09 - 2016-11-11 01:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-10 02:09 - 2016-11-11 01:17 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-10 02:09 - 2016-11-11 01:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-10 02:09 - 2016-11-11 01:15 - 00561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-10 02:09 - 2016-11-11 01:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-10 02:09 - 2016-11-11 01:15 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-10 02:09 - 2016-11-11 01:14 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-10 02:09 - 2016-11-11 01:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-10 02:09 - 2016-11-11 01:13 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-10 02:09 - 2016-11-11 01:13 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-10 02:09 - 2016-11-11 01:12 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-10 02:09 - 2016-11-11 01:12 - 00529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-10 02:09 - 2016-11-11 01:12 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-10 02:09 - 2016-11-11 01:11 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-10 02:09 - 2016-11-11 01:11 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-10 02:09 - 2016-11-11 01:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-10 02:09 - 2016-11-11 01:10 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-10 02:09 - 2016-11-11 01:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-10 02:09 - 2016-11-11 01:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-10 02:09 - 2016-11-11 01:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-10 02:09 - 2016-11-11 01:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-10 02:09 - 2016-11-11 01:04 - 01887232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-10 02:09 - 2016-11-11 01:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-10 02:09 - 2016-11-11 01:04 - 00920576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-10 02:09 - 2016-11-11 01:04 - 00818176 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-10 02:09 - 2016-11-11 01:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-10 02:09 - 2016-11-11 01:04 - 00706048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-10 02:09 - 2016-11-11 01:04 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-10 02:09 - 2016-11-11 01:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-10 02:09 - 2016-11-11 01:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-10 02:09 - 2016-11-11 01:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-10 02:08 - 2016-11-11 02:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-10 02:08 - 2016-11-11 02:07 - 00081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-10 02:08 - 2016-11-11 02:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-10 02:08 - 2016-11-11 02:00 - 01725136 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-10 02:08 - 2016-11-11 01:59 - 01586736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-10 02:08 - 2016-11-11 01:59 - 00292192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-10 02:08 - 2016-11-11 01:59 - 00106336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-10 02:08 - 2016-11-11 01:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-10 02:08 - 2016-11-11 01:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-10 02:08 - 2016-11-11 01:47 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-10 02:08 - 2016-11-11 01:46 - 00186720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-10 02:08 - 2016-11-11 01:45 - 00355680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-10 02:08 - 2016-11-11 01:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-10 02:08 - 2016-11-11 01:42 - 00313088 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-12-10 02:08 - 2016-11-11 01:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-10 02:08 - 2016-11-11 01:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-10 02:08 - 2016-11-11 01:41 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-10 02:08 - 2016-11-11 01:41 - 00802608 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-10 02:08 - 2016-11-11 01:41 - 00675568 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-10 02:08 - 2016-11-11 01:37 - 00381720 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-10 02:08 - 2016-11-11 01:30 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-10 02:08 - 2016-11-11 01:29 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-10 02:08 - 2016-11-11 01:27 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-10 02:08 - 2016-11-11 01:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-10 02:08 - 2016-11-11 01:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-10 02:08 - 2016-11-11 01:25 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-10 02:08 - 2016-11-11 01:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-10 02:08 - 2016-11-11 01:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-10 02:08 - 2016-11-11 01:22 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-10 02:08 - 2016-11-11 01:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-10 02:08 - 2016-11-11 01:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-10 02:08 - 2016-11-11 01:22 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-10 02:08 - 2016-11-11 01:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-10 02:08 - 2016-11-11 01:21 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-10 02:08 - 2016-11-11 01:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 02:08 - 2016-11-11 01:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-10 02:08 - 2016-11-11 01:20 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-10 02:08 - 2016-11-11 01:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-10 02:08 - 2016-11-11 01:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-10 02:08 - 2016-11-11 01:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-10 02:08 - 2016-11-11 01:19 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-10 02:08 - 2016-11-11 01:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-10 02:08 - 2016-11-11 01:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-10 02:08 - 2016-11-11 01:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-10 02:08 - 2016-11-11 01:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-10 02:08 - 2016-11-11 01:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-10 02:08 - 2016-11-11 01:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-10 02:08 - 2016-11-11 01:18 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll
2016-12-10 02:08 - 2016-11-11 01:18 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-10 02:08 - 2016-11-11 01:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-10 02:08 - 2016-11-11 01:18 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-10 02:08 - 2016-11-11 01:17 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll
2016-12-10 02:08 - 2016-11-11 01:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-10 02:08 - 2016-11-11 01:16 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-10 02:08 - 2016-11-11 01:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 02:08 - 2016-11-11 01:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-10 02:08 - 2016-11-11 01:14 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-10 02:08 - 2016-11-11 01:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-10 02:08 - 2016-11-11 01:13 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-10 02:08 - 2016-11-11 01:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-10 02:08 - 2016-11-11 01:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-10 02:08 - 2016-11-11 01:09 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-10 02:08 - 2016-11-11 01:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll
2016-12-10 02:08 - 2016-11-11 01:07 - 01948160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-10 02:08 - 2016-11-11 01:07 - 01136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-10 02:08 - 2016-11-11 01:07 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-10 02:08 - 2016-11-11 01:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-10 02:08 - 2016-11-11 01:06 - 01602048 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-10 02:08 - 2016-11-11 01:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-10 02:08 - 2016-11-11 01:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxclu.dll
2016-12-10 02:08 - 2016-11-11 01:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-10 02:08 - 2016-11-11 01:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-10 02:08 - 2016-11-11 01:05 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-10 02:08 - 2016-11-11 01:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-10 02:08 - 2016-11-11 01:04 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-10 02:08 - 2016-11-11 01:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-10 02:08 - 2016-11-11 01:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-10 02:08 - 2016-11-11 01:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-10 02:08 - 2016-11-11 01:02 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-09 10:12 - 2016-12-09 10:12 - 00001163 _____ C:\Users\Public\Desktop\Avira Connect.lnk
2016-12-06 01:56 - 2016-12-06 01:56 - 00020955 _____ C:\Users\Susan\Desktop\Addition.txt
2016-12-06 01:55 - 2016-12-17 17:39 - 00010146 _____ C:\Users\Susan\Desktop\FRST.txt
2016-12-06 01:54 - 2016-12-17 17:39 - 00000000 ____D C:\FRST
2016-12-06 01:44 - 2016-12-17 17:39 - 01762304 _____ (Farbar) C:\Users\Susan\Desktop\FRST.exe
2016-11-28 17:37 - 2016-11-28 17:37 - 00000000 ____D C:\Users\Public\Documents\Call Logs
2016-11-24 05:29 - 2016-11-24 05:29 - 00000207 _____ C:\Users\Public\Documents\sl.txt

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-12-17 17:38 - 2016-08-17 23:10 - 00001763 _____ C:\Users\Susan\Desktop\PC Problems.txt
2016-12-17 17:13 - 2016-09-14 07:30 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-12-17 14:59 - 2016-09-14 07:35 - 00000000 ____D C:\Users\Susan
2016-12-17 08:59 - 2016-07-16 02:29 - 00000000 ___HD C:\Program Files\WindowsApps
2016-12-17 08:59 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-12-16 10:04 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\rescache
2016-12-15 18:21 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-15 18:10 - 2016-06-06 04:44 - 00002367 _____ C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-15 18:10 - 2016-06-06 04:44 - 00000000 ___RD C:\Users\Susan\OneDrive
2016-12-15 09:50 - 2016-06-06 04:40 - 01050386 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-12-15 09:46 - 2016-09-14 07:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-12-15 09:46 - 2016-09-14 07:29 - 00192880 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-15 09:45 - 2016-09-14 07:35 - 00000000 ____D C:\Users\Sheldon
2016-12-15 09:44 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-15 00:36 - 2016-07-16 02:19 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-14 08:21 - 2016-08-25 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira
2016-12-14 08:18 - 2016-10-06 12:29 - 00024640 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys
2016-12-14 08:18 - 2016-08-25 01:19 - 00152816 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys
2016-12-14 08:18 - 2016-08-25 01:19 - 00124552 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys
2016-12-14 03:49 - 2016-08-03 17:11 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-13 17:02 - 2016-06-06 04:41 - 00000000 ____D C:\Users\Susan\AppData\Local\Packages
2016-12-13 15:04 - 2016-06-06 05:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-13 15:02 - 2016-06-06 05:44 - 133430776 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-11 20:03 - 2016-09-14 07:35 - 00000000 ____D C:\Users\Sheldon (2)
2016-12-11 17:56 - 2016-10-28 11:14 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe
2016-12-11 17:56 - 2016-10-28 11:14 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl
2016-12-10 23:12 - 2016-04-26 22:36 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-10 09:48 - 2016-07-16 02:28 - 00000000 ____D C:\WINDOWS\INF
2016-12-10 09:45 - 2016-07-16 02:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-10 09:45 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-10 09:45 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-10 09:45 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-10 09:45 - 2016-07-15 20:22 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-10 09:45 - 2016-07-15 20:22 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-10 09:45 - 2016-07-15 20:22 - 00000000 ____D C:\WINDOWS\servicing
2016-12-10 02:08 - 2016-09-30 04:51 - 00000464 _____ C:\Users\Public\Documents\4.txt
2016-12-09 10:12 - 2016-08-25 01:24 - 00000000 ____D C:\ProgramData\Package Cache
2016-12-05 20:24 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-11-28 17:52 - 2016-09-02 18:07 - 00000233 _____ C:\Users\Public\Documents\Wrong Numbers.txt

==================== Bamital & volsnap ======================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

ATTENTION: ==> Could not access BCD. The user is not administrator

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2016
Ran by Susan (17-12-2016 17:40:27)
Running from C:\Users\Susan\Desktop
Microsoft Windows 10 Home Version 1607 (X86) (2016-09-14 13:59:06)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2205677902-1374044427-3654136016-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2205677902-1374044427-3654136016-503 - Limited - Disabled)
Guest (S-1-5-21-2205677902-1374044427-3654136016-501 - Limited - Disabled)
Sheldon (S-1-5-21-2205677902-1374044427-3654136016-1002 - Limited - Enabled) => C:\Users\Sheldon
Sheldon (2) (S-1-5-21-2205677902-1374044427-3654136016-1003 - Limited - Enabled) => C:\Users\Sheldon (2)
SheldonAdministrator (S-1-5-21-2205677902-1374044427-3654136016-1004 - Administrator - Enabled) => C:\Users\SheldonAdministrator
Susan (S-1-5-21-2205677902-1374044427-3654136016-1001 - Limited - Enabled) => C:\Users\Susan

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859}
AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4}
AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

4K Video Downloader 4.1 (HKLM\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC)
Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated)
Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG)
Avira Connect (HKLM\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG)
Avira Connect (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.21 - Piriform)
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft OneDrive (HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software)
SlingPlayer for Web (HKLM\...\{96FA02A8-21F1-439F-8ADB-2B5F1BC4AC9D}) (Version: 2.4.0157 - Sling Media)
Strawberry Perl (HKLM\...\{A9F555F9-7368-1014-A275-8A8131843670}) (Version: 5.24.1 - strawberryperl.com project)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2016-12-14 19:44 - 2016-12-09 04:11 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 19:44 - 2016-12-09 04:11 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-09-14 08:22 - 2016-09-14 08:22 - 01383616 _____ () C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll
2016-07-16 02:25 - 2016-07-16 02:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-14 19:45 - 2016-12-09 03:36 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-11-09 07:45 - 2016-11-02 04:31 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-09 07:45 - 2016-11-02 04:24 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-09-14 10:24 - 2016-09-14 10:24 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-09 07:45 - 2016-11-02 04:24 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-09 07:45 - 2016-11-02 04:24 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-09 07:45 - 2016-11-02 04:26 - 03158528 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-13 23:54 - 2016-12-13 23:55 - 00062464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeHost.exe
2016-12-13 23:54 - 2016-12-13 23:55 - 00153088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-13 23:54 - 2016-12-13 23:55 - 30359552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkyWrap.dll
2016-12-13 23:54 - 2016-12-13 23:55 - 01733120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\roottools.dll
2016-12-15 18:06 - 2016-12-15 18:06 - 01244376 _____ () C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
2016-11-22 14:08 - 2016-11-22 14:08 - 00019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe
2016-11-22 14:08 - 2016-11-22 14:08 - 16815104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll
2016-06-06 05:59 - 2016-06-06 05:59 - 00541696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.DesignCore.dll
2016-11-22 14:08 - 2016-11-22 14:08 - 00644096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Sharing.dll
2016-11-22 14:08 - 2016-11-22 14:08 - 00227840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Photos.Inking.dll
2016-07-16 04:20 - 2016-07-16 04:20 - 00180224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.)

==================== Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-29 23:48 - 2016-06-06 15:09 - 00505665 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost
0.0.0.0 m.fr.a2dfp.net
0.0.0.0 mfr.a2dfp.net
0.0.0.0 ad.a8.net
0.0.0.0 asy.a8ww.net
0.0.0.0 static.a-ads.com
0.0.0.0 atlas.aamedia.ro
0.0.0.0 abcstats.com
0.0.0.0 ad4.abradio.cz
0.0.0.0 a.abv.bg
0.0.0.0 adserver.abv.bg
0.0.0.0 adv.abv.bg
0.0.0.0 bimg.abv.bg
0.0.0.0 ca.abv.bg
0.0.0.0 track.acclaimnetwork.com
0.0.0.0 accuserveadsystem.com
0.0.0.0 www.accuserveadsystem.com
0.0.0.0 achmedia.com
0.0.0.0 csh.actiondesk.com
0.0.0.0 ads.activepower.net
0.0.0.0 app.activetrail.com
0.0.0.0 stat.active24stats.nl #[Tracking.Cookie]
0.0.0.0 traffic.acwebconnecting.com
0.0.0.0 office.ad1.ru
0.0.0.0 cms.ad2click.nl
0.0.0.0 ad2games.com
0.0.0.0 ads.ad2games.com
0.0.0.0 content.ad20.net
0.0.0.0 core.ad20.net
0.0.0.0 banner.ad.nu

There are 11954 more lines.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [UDP Query User{65F46010-3C47-4DBF-9C92-22554DE955FB}C:\program files\internet explorer\iexplore.exe] => C:\program files\internet explorer\iexplore.exe
FirewallRules: [TCP Query User{B4DFACE7-7A41-4660-884C-81480803BDE0}C:\program files\internet explorer\iexplore.exe] => C:\program files\internet explorer\iexplore.exe
FirewallRules: [UDP Query User{0BB0C9C4-CEF1-4C85-B47A-274E097EA548}C:\users\sheldon (2)\downloads\rtmpexplorer\rtmpsrv.exe] => C:\users\sheldon (2)\downloads\rtmpexplorer\rtmpsrv.exe
FirewallRules: [TCP Query User{FBBB5A64-AE74-41A5-A8B0-1C225414DA0A}C:\users\sheldon (2)\downloads\rtmpexplorer\rtmpsrv.exe] => C:\users\sheldon (2)\downloads\rtmpexplorer\rtmpsrv.exe
FirewallRules: [UDP Query User{4A13C432-752E-45A5-8829-EA951663CF60}C:\users\sheldon (2)\desktop\rtmpexplorer\rtmpsrv.exe] => C:\users\sheldon (2)\desktop\rtmpexplorer\rtmpsrv.exe
FirewallRules: [TCP Query User{5292E819-D97F-405E-AD62-B10BA12A9CBB}C:\users\sheldon (2)\desktop\rtmpexplorer\rtmpsrv.exe] => C:\users\sheldon (2)\desktop\rtmpexplorer\rtmpsrv.exe

==================== Restore Points =========================

ATTENTION: System Restore is disabled
Check "winmgmt" service or repair WMI.

==================== Faulty Device Manager Devices =============

Name: Standard PS/2 Keyboard
Description: Standard PS/2 Keyboard
Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318}
Manufacturer: (Standard keyboards)
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

Name: PS/2 Compatible Mouse
Description: PS/2 Compatible Mouse
Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: i8042prt
Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24)
Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed.
Devices stay in this state if they have been prepared for removal.
After you remove the device, this error disappears.Remove the device, and this error should be resolved.

==================== Event log errors: =========================

Application errors:
==================
Error: (12/15/2016 03:24:29 PM) (Source: Windows Search Service) (EventID: 3104) (User: )
Description: Enumerating user sessions to generate filter pools failed.

Details:
 (HRESULT : 0x80040210) (0x80040210)

Error: (12/15/2016 09:36:59 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Avira Antivirus status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (12/15/2016 09:36:59 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Avira Antivirus status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (12/15/2016 09:15:14 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Avira Antivirus status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (12/15/2016 09:15:14 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Avira Antivirus status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (12/15/2016 09:05:14 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Avira Antivirus status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (12/15/2016 09:05:14 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Avira Antivirus status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (12/15/2016 08:55:14 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Avira Antivirus status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (12/15/2016 08:55:14 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Avira Antivirus status to SECURITY_PRODUCT_STATE_ON (error %3).

Error: (12/15/2016 08:45:14 AM) (Source: SecurityCenter) (EventID: 16) (User: )
Description: Error while updating Avira Antivirus status to SECURITY_PRODUCT_STATE_ON (error %3).

System errors:
=============
Error: (12/17/2016 04:12:32 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/17/2016 04:12:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/17/2016 03:59:36 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/17/2016 01:40:42 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/17/2016 10:48:21 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/17/2016 08:59:17 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5OSS0UM)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user DESKTOP-5OSS0UM\Sheldon SID (S-1-5-21-2205677902-1374044427-3654136016-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/17/2016 08:58:15 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/17/2016 03:30:28 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/17/2016 03:04:45 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

Error: (12/17/2016 02:58:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.

==================== Memory info ===========================

Processor: AMD Athlon™ Dual Core Processor 4450B
Percentage of memory in use: 56%
Total physical RAM: 3311.32 MB
Available physical RAM: 1424.28 MB
Total Virtual: 7233.5 MB
Available Virtual: 3578.64 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:74.04 GB) (Free:8.69 GB) NTFS

==================== MBR & Partition Table ==================

==================== End of Addition.txt ============================



#4 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 AM

Posted 19 December 2016 - 10:40 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

The Farbar program must be run by an Administrator.

Ask the Administrator

SheldonAdministrator (S-1-5-21-2205677902-1374044427-3654136016-1004 - Administrator - Enabled) =>

Please post fresh FRST and Addition.txt files for my review.

#5 Q-Bertha

Q-Bertha
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 20 December 2016 - 06:31 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2016 Ran by SheldonAdministrator (administrator) on DESKTOP-5OSS0UM (20-12-2016 17:12:19) Running from C:\Users\Susan\Desktop Loaded Profiles: Susan & Sheldon & SheldonAdministrator (Available Profiles: Susan & Sheldon & Sheldon (2) & SheldonAdministrator) Platform: Microsoft Windows 10 Home Version 1607 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.10211.0_x86__8wekyb3d8bbwe\Music.UI.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x86__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x86__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [917576 2016-12-14] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\...\RunOnce: [Uninstall 17.3.6517.0809_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1" HKU\S-1-5-21-2205677902-1374044427-3654136016-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-2205677902-1374044427-3654136016-1004\...\RunOnce: [Uninstall C:\Users\SheldonAdministrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SheldonAdministrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509" ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{daa20c35-45d5-41b2-bb87-3400740b8b44}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs HKU\S-1-5-21-2205677902-1374044427-3654136016-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> DefaultScope {E6293044-5C49-48D3-9790-9FC761004AA3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSS&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869 SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> {E6293044-5C49-48D3-9790-9FC761004AA3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1002 -> DefaultScope {3B87FD8E-2BCE-418F-926A-5EBCA0E40544} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1002 -> {3B87FD8E-2BCE-418F-926A-5EBCA0E40544} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSS&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869 Toolbar: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File Toolbar: HKU\S-1-5-21-2205677902-1374044427-3654136016-1002 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File FireFox: ======== FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default [2016-12-18] CHR Extension: (Google Slides) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-18] CHR Extension: (Google Docs) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-18] CHR Extension: (Google Drive) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-18] CHR Extension: (YouTube) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-18] CHR Extension: (Google Sheets) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-18] CHR Extension: (Google Docs Offline) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-18] CHR Extension: (Gmail) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-18] CHR Extension: (Chrome Media Router) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1089592 2016-12-14] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1490296 2016-12-14] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [124552 2016-12-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [152816 2016-12-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44208 2016-08-18] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [66872 2016-08-18] (Avira Operations GmbH & Co. KG) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] () S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-20 17:12 - 2016-12-20 17:12 - 00001329 _____ C:\Users\Susan\Desktop\Chili's Complaint.txt 2016-12-20 17:10 - 2016-12-20 17:10 - 00000000 ____D C:\Users\Sheldon (2)\Desktop\New folder (2) 2016-12-20 17:01 - 2016-12-20 17:02 - 01762304 _____ (Farbar) C:\Users\Susan\Desktop\FRST.exe 2016-12-18 18:34 - 2016-12-18 18:34 - 00000000 ____D C:\Users\Sheldon (2)\AppData\Local\Google 2016-12-18 02:07 - 2016-12-18 02:07 - 00002294 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-18 02:07 - 2016-12-18 02:07 - 00002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-12-18 02:06 - 2016-12-18 02:10 - 00000000 ____D C:\Users\SheldonAdministrator\AppData\Local\Google 2016-12-18 02:06 - 2016-12-18 02:07 - 00000000 ____D C:\Program Files\Google 2016-12-17 17:39 - 2016-12-17 17:39 - 00000000 ____D C:\Users\Susan\Desktop\FRST-OlderVersion 2016-12-15 18:01 - 2016-10-17 01:44 - 31343344 _____ (Open Media LLC ) C:\Users\Public\Documents\4kvideodownloader_4.1 (1).exe 2016-12-15 18:01 - 2016-08-10 23:49 - 30261168 _____ (Symantec Corporation) C:\Users\Public\Documents\NortonIdentitySafe-EN-v1.exe 2016-12-15 18:01 - 2016-07-30 01:08 - 28446216 _____ (Open Media LLC ) C:\Users\Public\Documents\4kvideodownloader_4.1.exe 2016-12-15 18:01 - 2016-07-25 22:39 - 15258736 _____ (Sling Media Inc.) C:\Users\Public\Documents\WBSP_IE_Setup.exe 2016-12-15 17:57 - 2016-12-18 02:05 - 08803648 _____ (Piriform Ltd) C:\Users\Public\Documents\ccsetup525.exe 2016-12-14 19:45 - 2016-12-09 04:14 - 06019936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-12-14 19:45 - 2016-12-09 04:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-12-14 19:45 - 2016-12-09 03:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-12-14 19:45 - 2016-12-09 03:52 - 01344992 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-12-14 19:45 - 2016-12-09 03:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-12-14 19:45 - 2016-12-09 03:37 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2016-12-14 19:45 - 2016-12-09 03:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-12-14 19:45 - 2016-12-09 03:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2016-12-14 19:45 - 2016-12-09 03:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-12-14 19:45 - 2016-12-09 03:22 - 03776000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-12-14 19:45 - 2016-12-09 03:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-12-14 19:45 - 2016-12-09 03:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-12-14 19:45 - 2016-12-09 03:18 - 01235456 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-12-14 19:45 - 2016-12-09 03:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2016-12-14 19:45 - 2016-12-09 03:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-12-14 19:45 - 2016-12-09 03:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-12-14 19:45 - 2016-12-09 03:16 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-12-14 19:45 - 2016-09-15 10:53 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-12-14 19:44 - 2016-12-09 04:54 - 01415520 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-12-14 19:44 - 2016-12-09 04:54 - 00115552 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-12-14 19:44 - 2016-12-09 04:16 - 00890984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-12-14 19:44 - 2016-12-09 04:16 - 00784064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-12-14 19:44 - 2016-12-09 04:12 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2016-12-14 19:44 - 2016-12-09 04:11 - 02048496 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-14 19:44 - 2016-12-09 04:10 - 00583136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2016-12-14 19:44 - 2016-12-09 04:09 - 00133296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2016-12-14 19:44 - 2016-12-09 04:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2016-12-14 19:44 - 2016-12-09 04:01 - 01897824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-12-14 19:44 - 2016-12-09 04:01 - 00551264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-12-14 19:44 - 2016-12-09 04:01 - 00342880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-12-14 19:44 - 2016-12-09 04:00 - 00523784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-12-14 19:44 - 2016-12-09 04:00 - 00117720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2016-12-14 19:44 - 2016-12-09 03:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2016-12-14 19:44 - 2016-12-09 03:55 - 00198496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2016-12-14 19:44 - 2016-12-09 03:52 - 01413664 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2016-12-14 19:44 - 2016-12-09 03:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll 2016-12-14 19:44 - 2016-12-09 03:37 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-12-14 19:44 - 2016-12-09 03:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2016-12-14 19:44 - 2016-12-09 03:35 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2016-12-14 19:44 - 2016-12-09 03:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2016-12-14 19:44 - 2016-12-09 03:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2016-12-14 19:44 - 2016-12-09 03:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2016-12-14 19:44 - 2016-12-09 03:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-12-14 19:44 - 2016-12-09 03:28 - 01284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll 2016-12-14 19:44 - 2016-12-09 03:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-12-14 19:44 - 2016-12-09 03:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-12-14 19:44 - 2016-12-09 03:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2016-12-14 19:44 - 2016-12-09 03:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-12-14 19:44 - 2016-12-09 03:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2016-12-14 19:44 - 2016-12-09 03:17 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-12-14 19:44 - 2016-12-09 03:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll 2016-12-14 19:44 - 2016-12-09 03:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2016-12-14 19:44 - 2016-12-09 03:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2016-12-14 19:44 - 2016-12-09 03:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2016-12-14 19:44 - 2016-12-09 03:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll 2016-12-14 00:51 - 2016-12-18 19:43 - 00000000 ____D C:\Users\Sheldon (2)\Desktop\New folder 2016-12-13 19:54 - 2016-12-13 19:54 - 00000043 _____ C:\Users\Public\Documents\cy.txt 2016-12-13 17:20 - 2016-12-13 17:20 - 00000212 _____ C:\Users\Public\Documents\game.txt 2016-12-10 02:10 - 2016-11-11 01:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2016-12-10 02:10 - 2016-11-11 01:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2016-12-10 02:10 - 2016-11-11 01:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2016-12-10 02:10 - 2016-11-11 01:42 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-12-10 02:10 - 2016-11-11 01:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-12-10 02:10 - 2016-11-11 01:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2016-12-10 02:10 - 2016-11-11 01:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2016-12-10 02:10 - 2016-11-11 01:15 - 01722368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2016-12-10 02:10 - 2016-11-11 01:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2016-12-10 02:10 - 2016-11-11 01:15 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2016-12-10 02:10 - 2016-11-11 01:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2016-12-10 02:10 - 2016-11-11 01:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-12-10 02:09 - 2016-11-11 02:07 - 00448864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll 2016-12-10 02:09 - 2016-11-11 02:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2016-12-10 02:09 - 2016-11-11 02:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll 2016-12-10 02:09 - 2016-11-11 01:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2016-12-10 02:09 - 2016-11-11 01:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2016-12-10 02:09 - 2016-11-11 01:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-12-10 02:09 - 2016-11-11 01:45 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-12-10 02:09 - 2016-11-11 01:45 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-12-10 02:09 - 2016-11-11 01:45 - 00261984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-12-10 02:09 - 2016-11-11 01:45 - 00175968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2016-12-10 02:09 - 2016-11-11 01:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-12-10 02:09 - 2016-11-11 01:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-12-10 02:09 - 2016-11-11 01:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2016-12-10 02:09 - 2016-11-11 01:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-12-10 02:09 - 2016-11-11 01:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll 2016-12-10 02:09 - 2016-11-11 01:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2016-12-10 02:09 - 2016-11-11 01:27 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll 2016-12-10 02:09 - 2016-11-11 01:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe 2016-12-10 02:09 - 2016-11-11 01:26 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys 2016-12-10 02:09 - 2016-11-11 01:25 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll 2016-12-10 02:09 - 2016-11-11 01:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-12-10 02:09 - 2016-11-11 01:25 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2016-12-10 02:09 - 2016-11-11 01:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-12-10 02:09 - 2016-11-11 01:24 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2016-12-10 02:09 - 2016-11-11 01:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll 2016-12-10 02:09 - 2016-11-11 01:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll 2016-12-10 02:09 - 2016-11-11 01:24 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2016-12-10 02:09 - 2016-11-11 01:24 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-12-10 02:09 - 2016-11-11 01:23 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll 2016-12-10 02:09 - 2016-11-11 01:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-12-10 02:09 - 2016-11-11 01:23 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll 2016-12-10 02:09 - 2016-11-11 01:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-12-10 02:09 - 2016-11-11 01:22 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll 2016-12-10 02:09 - 2016-11-11 01:22 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll 2016-12-10 02:09 - 2016-11-11 01:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-12-10 02:09 - 2016-11-11 01:21 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll 2016-12-10 02:09 - 2016-11-11 01:21 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-12-10 02:09 - 2016-11-11 01:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2016-12-10 02:09 - 2016-11-11 01:20 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe 2016-12-10 02:09 - 2016-11-11 01:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-12-10 02:09 - 2016-11-11 01:19 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll 2016-12-10 02:09 - 2016-11-11 01:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2016-12-10 02:09 - 2016-11-11 01:18 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-12-10 02:09 - 2016-11-11 01:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll 2016-12-10 02:09 - 2016-11-11 01:18 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll 2016-12-10 02:09 - 2016-11-11 01:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll 2016-12-10 02:09 - 2016-11-11 01:17 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2016-12-10 02:09 - 2016-11-11 01:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-12-10 02:09 - 2016-11-11 01:15 - 00561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2016-12-10 02:09 - 2016-11-11 01:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll 2016-12-10 02:09 - 2016-11-11 01:15 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2016-12-10 02:09 - 2016-11-11 01:14 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2016-12-10 02:09 - 2016-11-11 01:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2016-12-10 02:09 - 2016-11-11 01:13 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2016-12-10 02:09 - 2016-11-11 01:13 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2016-12-10 02:09 - 2016-11-11 01:12 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2016-12-10 02:09 - 2016-11-11 01:12 - 00529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll 2016-12-10 02:09 - 2016-11-11 01:12 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll 2016-12-10 02:09 - 2016-11-11 01:11 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-12-10 02:09 - 2016-11-11 01:11 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-12-10 02:09 - 2016-11-11 01:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-12-10 02:09 - 2016-11-11 01:10 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll 2016-12-10 02:09 - 2016-11-11 01:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-12-10 02:09 - 2016-11-11 01:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll 2016-12-10 02:09 - 2016-11-11 01:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll 2016-12-10 02:09 - 2016-11-11 01:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 01887232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 00920576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 00818176 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 00706048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll 2016-12-10 02:09 - 2016-11-11 01:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-12-10 02:09 - 2016-11-11 01:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-12-10 02:09 - 2016-11-11 01:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2016-12-10 02:08 - 2016-11-11 02:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-12-10 02:08 - 2016-11-11 02:07 - 00081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll 2016-12-10 02:08 - 2016-11-11 02:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll 2016-12-10 02:08 - 2016-11-11 02:00 - 01725136 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-12-10 02:08 - 2016-11-11 01:59 - 01586736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-12-10 02:08 - 2016-11-11 01:59 - 00292192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2016-12-10 02:08 - 2016-11-11 01:59 - 00106336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2016-12-10 02:08 - 2016-11-11 01:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll 2016-12-10 02:08 - 2016-11-11 01:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-12-10 02:08 - 2016-11-11 01:47 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-12-10 02:08 - 2016-11-11 01:46 - 00186720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-12-10 02:08 - 2016-11-11 01:45 - 00355680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-12-10 02:08 - 2016-11-11 01:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2016-12-10 02:08 - 2016-11-11 01:42 - 00313088 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2016-12-10 02:08 - 2016-11-11 01:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll 2016-12-10 02:08 - 2016-11-11 01:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-12-10 02:08 - 2016-11-11 01:41 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2016-12-10 02:08 - 2016-11-11 01:41 - 00802608 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2016-12-10 02:08 - 2016-11-11 01:41 - 00675568 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2016-12-10 02:08 - 2016-11-11 01:37 - 00381720 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2016-12-10 02:08 - 2016-11-11 01:30 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2016-12-10 02:08 - 2016-11-11 01:29 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll 2016-12-10 02:08 - 2016-11-11 01:27 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll 2016-12-10 02:08 - 2016-11-11 01:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2016-12-10 02:08 - 2016-11-11 01:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe 2016-12-10 02:08 - 2016-11-11 01:25 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys 2016-12-10 02:08 - 2016-11-11 01:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2016-12-10 02:08 - 2016-11-11 01:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2016-12-10 02:08 - 2016-11-11 01:22 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2016-12-10 02:08 - 2016-11-11 01:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll 2016-12-10 02:08 - 2016-11-11 01:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2016-12-10 02:08 - 2016-11-11 01:22 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe 2016-12-10 02:08 - 2016-11-11 01:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-12-10 02:08 - 2016-11-11 01:21 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2016-12-10 02:08 - 2016-11-11 01:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll 2016-12-10 02:08 - 2016-11-11 01:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-12-10 02:08 - 2016-11-11 01:20 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2016-12-10 02:08 - 2016-11-11 01:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2016-12-10 02:08 - 2016-11-11 01:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll 2016-12-10 02:08 - 2016-11-11 01:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2016-12-10 02:08 - 2016-11-11 01:19 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-12-10 02:08 - 2016-11-11 01:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll 2016-12-10 02:08 - 2016-11-11 01:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll 2016-12-10 02:08 - 2016-11-11 01:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe 2016-12-10 02:08 - 2016-11-11 01:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll 2016-12-10 02:08 - 2016-11-11 01:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll 2016-12-10 02:08 - 2016-11-11 01:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2016-12-10 02:08 - 2016-11-11 01:18 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2016-12-10 02:08 - 2016-11-11 01:18 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-12-10 02:08 - 2016-11-11 01:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll 2016-12-10 02:08 - 2016-11-11 01:18 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll 2016-12-10 02:08 - 2016-11-11 01:17 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2016-12-10 02:08 - 2016-11-11 01:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe 2016-12-10 02:08 - 2016-11-11 01:16 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2016-12-10 02:08 - 2016-11-11 01:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-12-10 02:08 - 2016-11-11 01:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-12-10 02:08 - 2016-11-11 01:14 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2016-12-10 02:08 - 2016-11-11 01:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-12-10 02:08 - 2016-11-11 01:13 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-12-10 02:08 - 2016-11-11 01:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll 2016-12-10 02:08 - 2016-11-11 01:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll 2016-12-10 02:08 - 2016-11-11 01:09 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-12-10 02:08 - 2016-11-11 01:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll 2016-12-10 02:08 - 2016-11-11 01:07 - 01948160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-12-10 02:08 - 2016-11-11 01:07 - 01136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2016-12-10 02:08 - 2016-11-11 01:07 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll 2016-12-10 02:08 - 2016-11-11 01:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2016-12-10 02:08 - 2016-11-11 01:06 - 01602048 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2016-12-10 02:08 - 2016-11-11 01:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll 2016-12-10 02:08 - 2016-11-11 01:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxclu.dll 2016-12-10 02:08 - 2016-11-11 01:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2016-12-10 02:08 - 2016-11-11 01:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2016-12-10 02:08 - 2016-11-11 01:05 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-12-10 02:08 - 2016-11-11 01:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll 2016-12-10 02:08 - 2016-11-11 01:04 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-12-10 02:08 - 2016-11-11 01:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll 2016-12-10 02:08 - 2016-11-11 01:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2016-12-10 02:08 - 2016-11-11 01:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll 2016-12-10 02:08 - 2016-11-11 01:02 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll 2016-12-10 01:15 - 2016-12-10 01:16 - 00000000 ____D C:\Users\Sheldon\Desktop\Ads 2016-12-09 10:12 - 2016-12-09 10:12 - 00001163 _____ C:\Users\Public\Desktop\Avira Connect.lnk 2016-12-06 01:56 - 2016-12-20 17:05 - 00024241 _____ C:\Users\Susan\Desktop\Addition.txt 2016-12-06 01:55 - 2016-12-20 17:12 - 00011982 _____ C:\Users\Susan\Desktop\FRST.txt 2016-12-06 01:54 - 2016-12-20 17:12 - 00000000 ____D C:\FRST 2016-12-06 00:28 - 2016-12-19 00:48 - 00000454 _____ C:\Users\Sheldon\Desktop\gg.txt 2016-12-03 05:19 - 2016-12-03 05:19 - 00000413 _____ C:\Users\Sheldon\Desktop\Sale.txt 2016-11-29 16:36 - 2016-11-29 16:46 - 00000148 _____ C:\Users\Sheldon\Desktop\Amiibo.txt 2016-11-28 17:37 - 2016-11-28 17:37 - 00000000 ____D C:\Users\Public\Documents\Call Logs 2016-11-24 05:29 - 2016-11-24 05:29 - 00000207 _____ C:\Users\Public\Documents\sl.txt 2016-11-22 00:12 - 2016-12-20 05:27 - 00000100 _____ C:\Users\Sheldon\Desktop\table.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-20 17:09 - 2016-09-14 07:30 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-12-19 16:44 - 2016-07-20 04:21 - 00000000 ____D C:\Users\Sheldon (2)\AppData\Roaming\vlc 2016-12-18 18:56 - 2016-08-07 17:12 - 00000000 ____D C:\Users\Sheldon (2)\Downloads\rtmpexplorer 2016-12-18 09:44 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-12-18 02:12 - 2016-06-17 13:55 - 00006223 _____ C:\Users\Sheldon\Desktop\Pre-Orders.txt 2016-12-18 02:07 - 2016-08-30 00:37 - 00001038 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-12-17 20:20 - 2016-08-17 23:10 - 00001784 _____ C:\Users\Susan\Desktop\PC Problems.txt 2016-12-17 14:59 - 2016-09-14 07:35 - 00000000 ____D C:\Users\Susan 2016-12-17 08:59 - 2016-07-16 02:29 - 00000000 ___HD C:\Program Files\WindowsApps 2016-12-16 10:04 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\rescache 2016-12-16 02:46 - 2016-10-14 00:05 - 00000000 ____D C:\Users\Sheldon (2)\Desktop\Unknown 2016-12-15 18:21 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-12-15 18:10 - 2016-06-06 04:44 - 00002367 _____ C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-12-15 18:10 - 2016-06-06 04:44 - 00000000 ___RD C:\Users\Susan\OneDrive 2016-12-15 17:55 - 2016-07-20 03:08 - 00002385 _____ C:\Users\Sheldon (2)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-12-15 17:55 - 2016-07-20 03:08 - 00000000 ___RD C:\Users\Sheldon (2)\OneDrive 2016-12-15 09:50 - 2016-06-06 04:40 - 01050386 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-12-15 09:46 - 2016-09-14 07:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-12-15 09:46 - 2016-09-14 07:29 - 00192880 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-12-15 09:45 - 2016-09-14 07:35 - 00000000 ____D C:\Users\Sheldon 2016-12-15 09:45 - 2016-07-15 20:22 - 01572864 _____ C:\WINDOWS\system32\config\BBI 2016-12-15 09:44 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\ShellExperiences 2016-12-15 00:58 - 2016-06-06 14:49 - 00002373 _____ C:\Users\Sheldon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-12-15 00:58 - 2016-06-06 14:49 - 00000000 ___RD C:\Users\Sheldon\OneDrive 2016-12-15 00:36 - 2016-07-16 02:19 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-12-14 08:21 - 2016-08-25 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-12-14 08:18 - 2016-10-06 12:29 - 00024640 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys 2016-12-14 08:18 - 2016-08-25 01:19 - 00152816 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2016-12-14 08:18 - 2016-08-25 01:19 - 00124552 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2016-12-14 03:49 - 2016-08-03 17:11 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-12-13 17:02 - 2016-06-06 04:41 - 00000000 ____D C:\Users\Susan\AppData\Local\Packages 2016-12-13 15:04 - 2016-06-06 05:44 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-12-13 15:02 - 2016-06-06 05:44 - 133430776 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-12-12 00:06 - 2016-06-15 16:48 - 00002817 _____ C:\Users\Sheldon\Desktop\Games.txt 2016-12-11 20:03 - 2016-09-14 07:35 - 00000000 ____D C:\Users\Sheldon (2) 2016-12-11 17:56 - 2016-10-28 11:14 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-12-11 17:56 - 2016-10-28 11:14 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-12-10 23:12 - 2016-04-26 22:36 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-12-10 09:48 - 2016-07-16 02:28 - 00000000 ____D C:\WINDOWS\INF 2016-12-10 09:45 - 2016-07-16 02:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-12-10 09:45 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-12-10 09:45 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-12-10 09:45 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-12-10 09:45 - 2016-07-15 20:22 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-12-10 09:45 - 2016-07-15 20:22 - 00000000 ____D C:\WINDOWS\system32\Dism 2016-12-10 09:45 - 2016-07-15 20:22 - 00000000 ____D C:\WINDOWS\servicing 2016-12-10 02:08 - 2016-09-30 04:51 - 00000464 _____ C:\Users\Public\Documents\4.txt 2016-12-10 02:08 - 2016-06-26 03:31 - 00002441 _____ C:\Users\Sheldon\Desktop\Google Play.txt 2016-12-09 10:12 - 2016-08-25 01:24 - 00000000 ____D C:\ProgramData\Package Cache 2016-12-08 18:21 - 2016-07-20 03:06 - 00000000 ____D C:\Users\Sheldon (2)\AppData\Local\Packages 2016-12-07 00:25 - 2016-08-07 16:44 - 00000242 _____ C:\Users\Sheldon (2)\.swfinfo 2016-12-05 20:24 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-12-02 15:34 - 2016-06-06 14:47 - 00000000 ____D C:\Users\Sheldon\AppData\Local\Packages 2016-11-28 17:52 - 2016-09-02 18:07 - 00000233 _____ C:\Users\Public\Documents\Wrong Numbers.txt Some files in TEMP: ==================== C:\Users\SheldonAdministrator\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-12-12 08:52 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2016 Ran by SheldonAdministrator (20-12-2016 17:13:06) Running from C:\Users\Susan\Desktop Microsoft Windows 10 Home Version 1607 (X86) (2016-09-14 13:59:06) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2205677902-1374044427-3654136016-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2205677902-1374044427-3654136016-503 - Limited - Disabled) Guest (S-1-5-21-2205677902-1374044427-3654136016-501 - Limited - Disabled) Sheldon (S-1-5-21-2205677902-1374044427-3654136016-1002 - Limited - Enabled) => C:\Users\Sheldon Sheldon (2) (S-1-5-21-2205677902-1374044427-3654136016-1003 - Limited - Enabled) => C:\Users\Sheldon (2) SheldonAdministrator (S-1-5-21-2205677902-1374044427-3654136016-1004 - Administrator - Enabled) => C:\Users\SheldonAdministrator Susan (S-1-5-21-2205677902-1374044427-3654136016-1001 - Limited - Enabled) => C:\Users\Susan ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4K Video Downloader 4.1 (HKLM\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG) Avira Connect (HKLM\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Avira Connect (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform) Google Chrome (HKLM\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft OneDrive (HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2205677902-1374044427-3654136016-1002\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation) RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software) SlingPlayer for Web (HKLM\...\{96FA02A8-21F1-439F-8ADB-2B5F1BC4AC9D}) (Version: 2.4.0157 - Sling Media) Strawberry Perl (HKLM\...\{A9F555F9-7368-1014-A275-8A8131843670}) (Version: 5.24.1 - strawberryperl.com project) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06E77772-CF2D-4305-AAAF-10B275361EF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-18] (Google Inc.) Task: {3DCFDBFB-04FD-48EA-9772-698C0B0F8CD9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated) Task: {5C665993-5185-4411-87F3-A616FCBA2C31} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd) Task: {64F21F52-84CE-4DB6-916F-D4D049876804} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-18] (Google Inc.) Task: {707E7437-1A7B-41BE-A5FB-6065BE43EC81} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Sheldon\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {8705294D-AB18-41E2-AA68-798FBAC92408} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\SheldonAdministrator\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {8B92A53E-5C64-4F63-89DE-EEFA71BCDB91} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 02:25 - 2016-07-16 02:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 19:44 - 2016-12-09 04:11 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-14 19:44 - 2016-12-09 04:11 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-14 08:22 - 2016-09-14 08:22 - 01383616 _____ () C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll 2016-07-16 02:25 - 2016-07-16 02:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-12-14 19:45 - 2016-12-09 03:36 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-11-09 07:45 - 2016-11-02 04:31 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-09 07:45 - 2016-11-02 04:24 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-09-14 10:24 - 2016-09-14 10:24 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-11-09 07:45 - 2016-11-02 04:24 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-11-09 07:45 - 2016-11-02 04:24 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-09 07:45 - 2016-11-02 04:26 - 03158528 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-12-13 23:54 - 2016-12-13 23:55 - 00062464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeHost.exe 2016-12-13 23:54 - 2016-12-13 23:55 - 00153088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-12-13 23:54 - 2016-12-13 23:55 - 30359552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkyWrap.dll 2016-12-13 23:54 - 2016-12-13 23:55 - 01733120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\roottools.dll 2016-12-15 18:06 - 2016-12-15 18:06 - 01244376 _____ () C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll 2016-12-15 00:57 - 2016-12-15 00:57 - 01244376 _____ () C:\Users\Sheldon\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll 2016-11-22 14:08 - 2016-11-22 14:08 - 00019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-11-22 14:08 - 2016-11-22 14:08 - 16815104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-06-06 05:59 - 2016-06-06 05:59 - 00541696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2016-11-22 14:08 - 2016-11-22 14:08 - 00644096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Sharing.dll 2016-11-22 14:08 - 2016-11-22 14:08 - 00227840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Photos.Inking.dll 2016-07-16 04:20 - 2016-07-16 04:20 - 00180224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-29 23:48 - 2016-06-06 15:09 - 00505665 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 m.fr.a2dfp.net 0.0.0.0 mfr.a2dfp.net 0.0.0.0 ad.a8.net 0.0.0.0 asy.a8ww.net 0.0.0.0 static.a-ads.com 0.0.0.0 atlas.aamedia.ro 0.0.0.0 abcstats.com 0.0.0.0 ad4.abradio.cz 0.0.0.0 a.abv.bg 0.0.0.0 adserver.abv.bg 0.0.0.0 adv.abv.bg 0.0.0.0 bimg.abv.bg 0.0.0.0 ca.abv.bg 0.0.0.0 track.acclaimnetwork.com 0.0.0.0 accuserveadsystem.com 0.0.0.0 www.accuserveadsystem.com 0.0.0.0 achmedia.com 0.0.0.0 csh.actiondesk.com 0.0.0.0 ads.activepower.net 0.0.0.0 app.activetrail.com 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie] 0.0.0.0 traffic.acwebconnecting.com 0.0.0.0 office.ad1.ru 0.0.0.0 cms.ad2click.nl 0.0.0.0 ad2games.com 0.0.0.0 ads.ad2games.com 0.0.0.0 content.ad20.net 0.0.0.0 core.ad20.net 0.0.0.0 banner.ad.nu There are 11954 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-2205677902-1374044427-3654136016-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-2205677902-1374044427-3654136016-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [UDP Query User{65F46010-3C47-4DBF-9C92-22554DE955FB}C:\program files\internet explorer\iexplore.exe] => C:\program files\internet explorer\iexplore.exe FirewallRules: [TCP Query User{B4DFACE7-7A41-4660-884C-81480803BDE0}C:\program files\internet explorer\iexplore.exe] => C:\program files\internet explorer\iexplore.exe FirewallRules: [UDP Query User{0BB0C9C4-CEF1-4C85-B47A-274E097EA548}C:\users\sheldon (2)\downloads\rtmpexplorer\rtmpsrv.exe] => C:\users\sheldon (2)\downloads\rtmpexplorer\rtmpsrv.exe FirewallRules: [TCP Query User{FBBB5A64-AE74-41A5-A8B0-1C225414DA0A}C:\users\sheldon (2)\downloads\rtmpexplorer\rtmpsrv.exe] => C:\users\sheldon (2)\downloads\rtmpexplorer\rtmpsrv.exe FirewallRules: [UDP Query User{4A13C432-752E-45A5-8829-EA951663CF60}C:\users\sheldon (2)\desktop\rtmpexplorer\rtmpsrv.exe] => C:\users\sheldon (2)\desktop\rtmpexplorer\rtmpsrv.exe FirewallRules: [TCP Query User{5292E819-D97F-405E-AD62-B10BA12A9CBB}C:\users\sheldon (2)\desktop\rtmpexplorer\rtmpsrv.exe] => C:\users\sheldon (2)\desktop\rtmpexplorer\rtmpsrv.exe FirewallRules: [{884B2E8E-9DA6-416F-88F6-E58510DFAF06}] => C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (12/20/2016 12:21:50 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Microsoft.Photos.exe version 1.0.1611.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1d68 Start Time: 01d25a049ad9713e Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe Report Id: 8f95b80e-c67c-11e6-b171-0024217c1d99 Faulting package full name: Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe Faulting package-relative application ID: App Error: (12/20/2016 12:21:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-5OSS0UM) Description: Package Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (12/19/2016 03:55:11 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program 4kvideodownloader.exe version 4.1.2.2075 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1338 Start Time: 01d25a424bbf3a8d Termination Time: 6 Application Path: C:\Program Files\4KDownload\4kvideodownloader\4kvideodownloader.exe Report Id: ca366eee-c635-11e6-b171-0024217c1d99 Faulting package full name: Faulting package-relative application ID: Error: (12/19/2016 12:50:11 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 21c0 Start Time: 01d25a27f31259f2 Termination Time: 20 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: f7258424-c61b-11e6-b171-0024217c1d99 Faulting package full name: Faulting package-relative application ID: Error: (12/19/2016 07:51:19 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5OSS0UM) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (12/19/2016 02:41:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-5OSS0UM) Description: Package Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (12/15/2016 03:24:29 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/15/2016 09:36:59 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Avira Antivirus status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (12/15/2016 09:36:59 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Avira Antivirus status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (12/15/2016 09:15:14 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Avira Antivirus status to SECURITY_PRODUCT_STATE_ON (error %3). System errors: ============= Error: (12/20/2016 05:09:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 11:02:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 09:57:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 09:04:50 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5OSS0UM) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-5OSS0UM\Sheldon SID (S-1-5-21-2205677902-1374044427-3654136016-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 08:28:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 07:29:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 05:59:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 04:18:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 01:51:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 12:25:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. ==================== Memory info =========================== Processor: AMD Athlon™ Dual Core Processor 4450B Percentage of memory in use: 58% Total physical RAM: 3311.32 MB Available physical RAM: 1367.75 MB Total Virtual: 7812.4 MB Available Virtual: 3742.06 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.04 GB) (Free:15.88 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: D9C84E29) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================

#6 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 AM

Posted 21 December 2016 - 08:01 AM

That looks ok but unfortunately I cannot read it.

Please run the Farbar tool again.
Save the FRST log with Notepad. Make sure the the WordWrap is set so that each line is terminated by a Carriage Return and Line feed.

The stetting is under the Format Menu.

#7 Q-Bertha

Q-Bertha
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 21 December 2016 - 07:54 PM

Sorry about that, I probably should have previewed before I posted. Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 17-12-2016 Ran by SheldonAdministrator (administrator) on DESKTOP-5OSS0UM (20-12-2016 17:12:19) Running from C:\Users\Susan\Desktop Loaded Profiles: Susan & Sheldon & SheldonAdministrator (Available Profiles: Susan & Sheldon & Sheldon (2) & SheldonAdministrator) Platform: Microsoft Windows 10 Home Version 1607 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.10211.0_x86__8wekyb3d8bbwe\Music.UI.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x86__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x86__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [917576 2016-12-14] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\...\RunOnce: [Uninstall 17.3.6517.0809_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1" HKU\S-1-5-21-2205677902-1374044427-3654136016-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-2205677902-1374044427-3654136016-1004\...\RunOnce: [Uninstall C:\Users\SheldonAdministrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SheldonAdministrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509" ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{daa20c35-45d5-41b2-bb87-3400740b8b44}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs HKU\S-1-5-21-2205677902-1374044427-3654136016-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> DefaultScope {E6293044-5C49-48D3-9790-9FC761004AA3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSS&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869 SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> {E6293044-5C49-48D3-9790-9FC761004AA3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1002 -> DefaultScope {3B87FD8E-2BCE-418F-926A-5EBCA0E40544} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1002 -> {3B87FD8E-2BCE-418F-926A-5EBCA0E40544} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSS&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869 Toolbar: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File Toolbar: HKU\S-1-5-21-2205677902-1374044427-3654136016-1002 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File FireFox: ======== FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default [2016-12-18] CHR Extension: (Google Slides) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-18] CHR Extension: (Google Docs) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-18] CHR Extension: (Google Drive) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-18] CHR Extension: (YouTube) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-18] CHR Extension: (Google Sheets) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-18] CHR Extension: (Google Docs Offline) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-18] CHR Extension: (Gmail) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-18] CHR Extension: (Chrome Media Router) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1089592 2016-12-14] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1490296 2016-12-14] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [124552 2016-12-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [152816 2016-12-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44208 2016-08-18] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [66872 2016-08-18] (Avira Operations GmbH & Co. KG) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] () S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-20 17:12 - 2016-12-20 17:12 - 00001329 _____ C:\Users\Susan\Desktop\Chili's Complaint.txt 2016-12-20 17:10 - 2016-12-20 17:10 - 00000000 ____D C:\Users\Sheldon (2)\Desktop\New folder (2) 2016-12-20 17:01 - 2016-12-20 17:02 - 01762304 _____ (Farbar) C:\Users\Susan\Desktop\FRST.exe 2016-12-18 18:34 - 2016-12-18 18:34 - 00000000 ____D C:\Users\Sheldon (2)\AppData\Local\Google 2016-12-18 02:07 - 2016-12-18 02:07 - 00002294 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-18 02:07 - 2016-12-18 02:07 - 00002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-12-18 02:06 - 2016-12-18 02:10 - 00000000 ____D C:\Users\SheldonAdministrator\AppData\Local\Google 2016-12-18 02:06 - 2016-12-18 02:07 - 00000000 ____D C:\Program Files\Google 2016-12-17 17:39 - 2016-12-17 17:39 - 00000000 ____D C:\Users\Susan\Desktop\FRST-OlderVersion 2016-12-15 18:01 - 2016-10-17 01:44 - 31343344 _____ (Open Media LLC ) C:\Users\Public\Documents\4kvideodownloader_4.1 (1).exe 2016-12-15 18:01 - 2016-08-10 23:49 - 30261168 _____ (Symantec Corporation) C:\Users\Public\Documents\NortonIdentitySafe-EN-v1.exe 2016-12-15 18:01 - 2016-07-30 01:08 - 28446216 _____ (Open Media LLC ) C:\Users\Public\Documents\4kvideodownloader_4.1.exe 2016-12-15 18:01 - 2016-07-25 22:39 - 15258736 _____ (Sling Media Inc.) C:\Users\Public\Documents\WBSP_IE_Setup.exe 2016-12-15 17:57 - 2016-12-18 02:05 - 08803648 _____ (Piriform Ltd) C:\Users\Public\Documents\ccsetup525.exe 2016-12-14 19:45 - 2016-12-09 04:14 - 06019936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-12-14 19:45 - 2016-12-09 04:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-12-14 19:45 - 2016-12-09 03:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-12-14 19:45 - 2016-12-09 03:52 - 01344992 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-12-14 19:45 - 2016-12-09 03:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-12-14 19:45 - 2016-12-09 03:37 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2016-12-14 19:45 - 2016-12-09 03:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-12-14 19:45 - 2016-12-09 03:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2016-12-14 19:45 - 2016-12-09 03:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-12-14 19:45 - 2016-12-09 03:22 - 03776000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-12-14 19:45 - 2016-12-09 03:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-12-14 19:45 - 2016-12-09 03:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-12-14 19:45 - 2016-12-09 03:18 - 01235456 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-12-14 19:45 - 2016-12-09 03:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2016-12-14 19:45 - 2016-12-09 03:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-12-14 19:45 - 2016-12-09 03:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-12-14 19:45 - 2016-12-09 03:16 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-12-14 19:45 - 2016-09-15 10:53 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-12-14 19:44 - 2016-12-09 04:54 - 01415520 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-12-14 19:44 - 2016-12-09 04:54 - 00115552 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-12-14 19:44 - 2016-12-09 04:16 - 00890984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-12-14 19:44 - 2016-12-09 04:16 - 00784064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-12-14 19:44 - 2016-12-09 04:12 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2016-12-14 19:44 - 2016-12-09 04:11 - 02048496 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-14 19:44 - 2016-12-09 04:10 - 00583136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2016-12-14 19:44 - 2016-12-09 04:09 - 00133296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2016-12-14 19:44 - 2016-12-09 04:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2016-12-14 19:44 - 2016-12-09 04:01 - 01897824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-12-14 19:44 - 2016-12-09 04:01 - 00551264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-12-14 19:44 - 2016-12-09 04:01 - 00342880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-12-14 19:44 - 2016-12-09 04:00 - 00523784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-12-14 19:44 - 2016-12-09 04:00 - 00117720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2016-12-14 19:44 - 2016-12-09 03:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2016-12-14 19:44 - 2016-12-09 03:55 - 00198496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2016-12-14 19:44 - 2016-12-09 03:52 - 01413664 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2016-12-14 19:44 - 2016-12-09 03:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll 2016-12-14 19:44 - 2016-12-09 03:37 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-12-14 19:44 - 2016-12-09 03:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2016-12-14 19:44 - 2016-12-09 03:35 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2016-12-14 19:44 - 2016-12-09 03:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2016-12-14 19:44 - 2016-12-09 03:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2016-12-14 19:44 - 2016-12-09 03:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2016-12-14 19:44 - 2016-12-09 03:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-12-14 19:44 - 2016-12-09 03:28 - 01284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll 2016-12-14 19:44 - 2016-12-09 03:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-12-14 19:44 - 2016-12-09 03:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-12-14 19:44 - 2016-12-09 03:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2016-12-14 19:44 - 2016-12-09 03:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-12-14 19:44 - 2016-12-09 03:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2016-12-14 19:44 - 2016-12-09 03:17 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-12-14 19:44 - 2016-12-09 03:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll 2016-12-14 19:44 - 2016-12-09 03:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2016-12-14 19:44 - 2016-12-09 03:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2016-12-14 19:44 - 2016-12-09 03:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2016-12-14 19:44 - 2016-12-09 03:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll 2016-12-14 00:51 - 2016-12-18 19:43 - 00000000 ____D C:\Users\Sheldon (2)\Desktop\New folder 2016-12-13 19:54 - 2016-12-13 19:54 - 00000043 _____ C:\Users\Public\Documents\cy.txt 2016-12-13 17:20 - 2016-12-13 17:20 - 00000212 _____ C:\Users\Public\Documents\game.txt 2016-12-10 02:10 - 2016-11-11 01:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2016-12-10 02:10 - 2016-11-11 01:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2016-12-10 02:10 - 2016-11-11 01:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2016-12-10 02:10 - 2016-11-11 01:42 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-12-10 02:10 - 2016-11-11 01:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-12-10 02:10 - 2016-11-11 01:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2016-12-10 02:10 - 2016-11-11 01:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2016-12-10 02:10 - 2016-11-11 01:15 - 01722368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2016-12-10 02:10 - 2016-11-11 01:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2016-12-10 02:10 - 2016-11-11 01:15 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2016-12-10 02:10 - 2016-11-11 01:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2016-12-10 02:10 - 2016-11-11 01:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-12-10 02:09 - 2016-11-11 02:07 - 00448864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll 2016-12-10 02:09 - 2016-11-11 02:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2016-12-10 02:09 - 2016-11-11 02:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll 2016-12-10 02:09 - 2016-11-11 01:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2016-12-10 02:09 - 2016-11-11 01:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2016-12-10 02:09 - 2016-11-11 01:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-12-10 02:09 - 2016-11-11 01:45 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-12-10 02:09 - 2016-11-11 01:45 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-12-10 02:09 - 2016-11-11 01:45 - 00261984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-12-10 02:09 - 2016-11-11 01:45 - 00175968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2016-12-10 02:09 - 2016-11-11 01:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-12-10 02:09 - 2016-11-11 01:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-12-10 02:09 - 2016-11-11 01:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2016-12-10 02:09 - 2016-11-11 01:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-12-10 02:09 - 2016-11-11 01:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll 2016-12-10 02:09 - 2016-11-11 01:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2016-12-10 02:09 - 2016-11-11 01:27 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll 2016-12-10 02:09 - 2016-11-11 01:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe 2016-12-10 02:09 - 2016-11-11 01:26 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys 2016-12-10 02:09 - 2016-11-11 01:25 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll 2016-12-10 02:09 - 2016-11-11 01:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-12-10 02:09 - 2016-11-11 01:25 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2016-12-10 02:09 - 2016-11-11 01:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-12-10 02:09 - 2016-11-11 01:24 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2016-12-10 02:09 - 2016-11-11 01:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll 2016-12-10 02:09 - 2016-11-11 01:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll 2016-12-10 02:09 - 2016-11-11 01:24 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2016-12-10 02:09 - 2016-11-11 01:24 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-12-10 02:09 - 2016-11-11 01:23 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll 2016-12-10 02:09 - 2016-11-11 01:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-12-10 02:09 - 2016-11-11 01:23 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll 2016-12-10 02:09 - 2016-11-11 01:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-12-10 02:09 - 2016-11-11 01:22 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll 2016-12-10 02:09 - 2016-11-11 01:22 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll 2016-12-10 02:09 - 2016-11-11 01:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-12-10 02:09 - 2016-11-11 01:21 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll 2016-12-10 02:09 - 2016-11-11 01:21 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-12-10 02:09 - 2016-11-11 01:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2016-12-10 02:09 - 2016-11-11 01:20 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe 2016-12-10 02:09 - 2016-11-11 01:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-12-10 02:09 - 2016-11-11 01:19 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll 2016-12-10 02:09 - 2016-11-11 01:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2016-12-10 02:09 - 2016-11-11 01:18 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-12-10 02:09 - 2016-11-11 01:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll 2016-12-10 02:09 - 2016-11-11 01:18 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll 2016-12-10 02:09 - 2016-11-11 01:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll 2016-12-10 02:09 - 2016-11-11 01:17 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2016-12-10 02:09 - 2016-11-11 01:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-12-10 02:09 - 2016-11-11 01:15 - 00561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2016-12-10 02:09 - 2016-11-11 01:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll 2016-12-10 02:09 - 2016-11-11 01:15 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2016-12-10 02:09 - 2016-11-11 01:14 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2016-12-10 02:09 - 2016-11-11 01:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2016-12-10 02:09 - 2016-11-11 01:13 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2016-12-10 02:09 - 2016-11-11 01:13 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2016-12-10 02:09 - 2016-11-11 01:12 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2016-12-10 02:09 - 2016-11-11 01:12 - 00529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll 2016-12-10 02:09 - 2016-11-11 01:12 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll 2016-12-10 02:09 - 2016-11-11 01:11 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-12-10 02:09 - 2016-11-11 01:11 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-12-10 02:09 - 2016-11-11 01:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-12-10 02:09 - 2016-11-11 01:10 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll 2016-12-10 02:09 - 2016-11-11 01:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-12-10 02:09 - 2016-11-11 01:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll 2016-12-10 02:09 - 2016-11-11 01:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll 2016-12-10 02:09 - 2016-11-11 01:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 01887232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 00920576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 00818176 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 00706048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll 2016-12-10 02:09 - 2016-11-11 01:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-12-10 02:09 - 2016-11-11 01:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-12-10 02:09 - 2016-11-11 01:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2016-12-10 02:08 - 2016-11-11 02:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-12-10 02:08 - 2016-11-11 02:07 - 00081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll 2016-12-10 02:08 - 2016-11-11 02:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll 2016-12-10 02:08 - 2016-11-11 02:00 - 01725136 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-12-10 02:08 - 2016-11-11 01:59 - 01586736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-12-10 02:08 - 2016-11-11 01:59 - 00292192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2016-12-10 02:08 - 2016-11-11 01:59 - 00106336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2016-12-10 02:08 - 2016-11-11 01:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll 2016-12-10 02:08 - 2016-11-11 01:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-12-10 02:08 - 2016-11-11 01:47 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-12-10 02:08 - 2016-11-11 01:46 - 00186720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-12-10 02:08 - 2016-11-11 01:45 - 00355680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-12-10 02:08 - 2016-11-11 01:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2016-12-10 02:08 - 2016-11-11 01:42 - 00313088 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2016-12-10 02:08 - 2016-11-11 01:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll 2016-12-10 02:08 - 2016-11-11 01:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-12-10 02:08 - 2016-11-11 01:41 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2016-12-10 02:08 - 2016-11-11 01:41 - 00802608 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2016-12-10 02:08 - 2016-11-11 01:41 - 00675568 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2016-12-10 02:08 - 2016-11-11 01:37 - 00381720 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2016-12-10 02:08 - 2016-11-11 01:30 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2016-12-10 02:08 - 2016-11-11 01:29 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll 2016-12-10 02:08 - 2016-11-11 01:27 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll 2016-12-10 02:08 - 2016-11-11 01:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2016-12-10 02:08 - 2016-11-11 01:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe 2016-12-10 02:08 - 2016-11-11 01:25 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys 2016-12-10 02:08 - 2016-11-11 01:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2016-12-10 02:08 - 2016-11-11 01:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2016-12-10 02:08 - 2016-11-11 01:22 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2016-12-10 02:08 - 2016-11-11 01:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll 2016-12-10 02:08 - 2016-11-11 01:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2016-12-10 02:08 - 2016-11-11 01:22 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe 2016-12-10 02:08 - 2016-11-11 01:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-12-10 02:08 - 2016-11-11 01:21 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2016-12-10 02:08 - 2016-11-11 01:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll 2016-12-10 02:08 - 2016-11-11 01:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-12-10 02:08 - 2016-11-11 01:20 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2016-12-10 02:08 - 2016-11-11 01:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2016-12-10 02:08 - 2016-11-11 01:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll 2016-12-10 02:08 - 2016-11-11 01:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2016-12-10 02:08 - 2016-11-11 01:19 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-12-10 02:08 - 2016-11-11 01:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll 2016-12-10 02:08 - 2016-11-11 01:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll 2016-12-10 02:08 - 2016-11-11 01:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe 2016-12-10 02:08 - 2016-11-11 01:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll 2016-12-10 02:08 - 2016-11-11 01:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll 2016-12-10 02:08 - 2016-11-11 01:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2016-12-10 02:08 - 2016-11-11 01:18 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2016-12-10 02:08 - 2016-11-11 01:18 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-12-10 02:08 - 2016-11-11 01:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll 2016-12-10 02:08 - 2016-11-11 01:18 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll 2016-12-10 02:08 - 2016-11-11 01:17 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2016-12-10 02:08 - 2016-11-11 01:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe 2016-12-10 02:08 - 2016-11-11 01:16 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2016-12-10 02:08 - 2016-11-11 01:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-12-10 02:08 - 2016-11-11 01:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-12-10 02:08 - 2016-11-11 01:14 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2016-12-10 02:08 - 2016-11-11 01:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-12-10 02:08 - 2016-11-11 01:13 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-12-10 02:08 - 2016-11-11 01:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll 2016-12-10 02:08 - 2016-11-11 01:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll 2016-12-10 02:08 - 2016-11-11 01:09 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-12-10 02:08 - 2016-11-11 01:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll 2016-12-10 02:08 - 2016-11-11 01:07 - 01948160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-12-10 02:08 - 2016-11-11 01:07 - 01136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2016-12-10 02:08 - 2016-11-11 01:07 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll 2016-12-10 02:08 - 2016-11-11 01:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2016-12-10 02:08 - 2016-11-11 01:06 - 01602048 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2016-12-10 02:08 - 2016-11-11 01:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll 2016-12-10 02:08 - 2016-11-11 01:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxclu.dll 2016-12-10 02:08 - 2016-11-11 01:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2016-12-10 02:08 - 2016-11-11 01:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2016-12-10 02:08 - 2016-11-11 01:05 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-12-10 02:08 - 2016-11-11 01:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll 2016-12-10 02:08 - 2016-11-11 01:04 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-12-10 02:08 - 2016-11-11 01:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll 2016-12-10 02:08 - 2016-11-11 01:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2016-12-10 02:08 - 2016-11-11 01:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll 2016-12-10 02:08 - 2016-11-11 01:02 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll 2016-12-10 01:15 - 2016-12-10 01:16 - 00000000 ____D C:\Users\Sheldon\Desktop\Ads 2016-12-09 10:12 - 2016-12-09 10:12 - 00001163 _____ C:\Users\Public\Desktop\Avira Connect.lnk 2016-12-06 01:56 - 2016-12-20 17:05 - 00024241 _____ C:\Users\Susan\Desktop\Addition.txt 2016-12-06 01:55 - 2016-12-20 17:12 - 00011982 _____ C:\Users\Susan\Desktop\FRST.txt 2016-12-06 01:54 - 2016-12-20 17:12 - 00000000 ____D C:\FRST 2016-12-06 00:28 - 2016-12-19 00:48 - 00000454 _____ C:\Users\Sheldon\Desktop\gg.txt 2016-12-03 05:19 - 2016-12-03 05:19 - 00000413 _____ C:\Users\Sheldon\Desktop\Sale.txt 2016-11-29 16:36 - 2016-11-29 16:46 - 00000148 _____ C:\Users\Sheldon\Desktop\Amiibo.txt 2016-11-28 17:37 - 2016-11-28 17:37 - 00000000 ____D C:\Users\Public\Documents\Call Logs 2016-11-24 05:29 - 2016-11-24 05:29 - 00000207 _____ C:\Users\Public\Documents\sl.txt 2016-11-22 00:12 - 2016-12-20 05:27 - 00000100 _____ C:\Users\Sheldon\Desktop\table.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-20 17:09 - 2016-09-14 07:30 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-12-19 16:44 - 2016-07-20 04:21 - 00000000 ____D C:\Users\Sheldon (2)\AppData\Roaming\vlc 2016-12-18 18:56 - 2016-08-07 17:12 - 00000000 ____D C:\Users\Sheldon (2)\Downloads\rtmpexplorer 2016-12-18 09:44 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-12-18 02:12 - 2016-06-17 13:55 - 00006223 _____ C:\Users\Sheldon\Desktop\Pre-Orders.txt 2016-12-18 02:07 - 2016-08-30 00:37 - 00001038 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-12-17 20:20 - 2016-08-17 23:10 - 00001784 _____ C:\Users\Susan\Desktop\PC Problems.txt 2016-12-17 14:59 - 2016-09-14 07:35 - 00000000 ____D C:\Users\Susan 2016-12-17 08:59 - 2016-07-16 02:29 - 00000000 ___HD C:\Program Files\WindowsApps 2016-12-16 10:04 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\rescache 2016-12-16 02:46 - 2016-10-14 00:05 - 00000000 ____D C:\Users\Sheldon (2)\Desktop\Unknown 2016-12-15 18:21 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-12-15 18:10 - 2016-06-06 04:44 - 00002367 _____ C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-12-15 18:10 - 2016-06-06 04:44 - 00000000 ___RD C:\Users\Susan\OneDrive 2016-12-15 17:55 - 2016-07-20 03:08 - 00002385 _____ C:\Users\Sheldon (2)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-12-15 17:55 - 2016-07-20 03:08 - 00000000 ___RD C:\Users\Sheldon (2)\OneDrive 2016-12-15 09:50 - 2016-06-06 04:40 - 01050386 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-12-15 09:46 - 2016-09-14 07:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-12-15 09:46 - 2016-09-14 07:29 - 00192880 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-12-15 09:45 - 2016-09-14 07:35 - 00000000 ____D C:\Users\Sheldon 2016-12-15 09:45 - 2016-07-15 20:22 - 01572864 _____ C:\WINDOWS\system32\config\BBI 2016-12-15 09:44 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\ShellExperiences 2016-12-15 00:58 - 2016-06-06 14:49 - 00002373 _____ C:\Users\Sheldon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-12-15 00:58 - 2016-06-06 14:49 - 00000000 ___RD C:\Users\Sheldon\OneDrive 2016-12-15 00:36 - 2016-07-16 02:19 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-12-14 08:21 - 2016-08-25 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-12-14 08:18 - 2016-10-06 12:29 - 00024640 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys 2016-12-14 08:18 - 2016-08-25 01:19 - 00152816 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2016-12-14 08:18 - 2016-08-25 01:19 - 00124552 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2016-12-14 03:49 - 2016-08-03 17:11 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-12-13 17:02 - 2016-06-06 04:41 - 00000000 ____D C:\Users\Susan\AppData\Local\Packages 2016-12-13 15:04 - 2016-06-06 05:44 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-12-13 15:02 - 2016-06-06 05:44 - 133430776 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-12-12 00:06 - 2016-06-15 16:48 - 00002817 _____ C:\Users\Sheldon\Desktop\Games.txt 2016-12-11 20:03 - 2016-09-14 07:35 - 00000000 ____D C:\Users\Sheldon (2) 2016-12-11 17:56 - 2016-10-28 11:14 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-12-11 17:56 - 2016-10-28 11:14 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-12-10 23:12 - 2016-04-26 22:36 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-12-10 09:48 - 2016-07-16 02:28 - 00000000 ____D C:\WINDOWS\INF 2016-12-10 09:45 - 2016-07-16 02:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-12-10 09:45 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-12-10 09:45 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-12-10 09:45 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-12-10 09:45 - 2016-07-15 20:22 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-12-10 09:45 - 2016-07-15 20:22 - 00000000 ____D C:\WINDOWS\system32\Dism 2016-12-10 09:45 - 2016-07-15 20:22 - 00000000 ____D C:\WINDOWS\servicing 2016-12-10 02:08 - 2016-09-30 04:51 - 00000464 _____ C:\Users\Public\Documents\4.txt 2016-12-10 02:08 - 2016-06-26 03:31 - 00002441 _____ C:\Users\Sheldon\Desktop\Google Play.txt 2016-12-09 10:12 - 2016-08-25 01:24 - 00000000 ____D C:\ProgramData\Package Cache 2016-12-08 18:21 - 2016-07-20 03:06 - 00000000 ____D C:\Users\Sheldon (2)\AppData\Local\Packages 2016-12-07 00:25 - 2016-08-07 16:44 - 00000242 _____ C:\Users\Sheldon (2)\.swfinfo 2016-12-05 20:24 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-12-02 15:34 - 2016-06-06 14:47 - 00000000 ____D C:\Users\Sheldon\AppData\Local\Packages 2016-11-28 17:52 - 2016-09-02 18:07 - 00000233 _____ C:\Users\Public\Documents\Wrong Numbers.txt Some files in TEMP: ==================== C:\Users\SheldonAdministrator\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-12-12 08:52 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 17-12-2016 Ran by SheldonAdministrator (20-12-2016 17:13:06) Running from C:\Users\Susan\Desktop Microsoft Windows 10 Home Version 1607 (X86) (2016-09-14 13:59:06) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2205677902-1374044427-3654136016-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2205677902-1374044427-3654136016-503 - Limited - Disabled) Guest (S-1-5-21-2205677902-1374044427-3654136016-501 - Limited - Disabled) Sheldon (S-1-5-21-2205677902-1374044427-3654136016-1002 - Limited - Enabled) => C:\Users\Sheldon Sheldon (2) (S-1-5-21-2205677902-1374044427-3654136016-1003 - Limited - Enabled) => C:\Users\Sheldon (2) SheldonAdministrator (S-1-5-21-2205677902-1374044427-3654136016-1004 - Administrator - Enabled) => C:\Users\SheldonAdministrator Susan (S-1-5-21-2205677902-1374044427-3654136016-1001 - Limited - Enabled) => C:\Users\Susan ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4K Video Downloader 4.1 (HKLM\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG) Avira Connect (HKLM\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Avira Connect (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform) Google Chrome (HKLM\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft OneDrive (HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2205677902-1374044427-3654136016-1002\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation) RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software) SlingPlayer for Web (HKLM\...\{96FA02A8-21F1-439F-8ADB-2B5F1BC4AC9D}) (Version: 2.4.0157 - Sling Media) Strawberry Perl (HKLM\...\{A9F555F9-7368-1014-A275-8A8131843670}) (Version: 5.24.1 - strawberryperl.com project) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06E77772-CF2D-4305-AAAF-10B275361EF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-18] (Google Inc.) Task: {3DCFDBFB-04FD-48EA-9772-698C0B0F8CD9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated) Task: {5C665993-5185-4411-87F3-A616FCBA2C31} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd) Task: {64F21F52-84CE-4DB6-916F-D4D049876804} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-18] (Google Inc.) Task: {707E7437-1A7B-41BE-A5FB-6065BE43EC81} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Sheldon\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {8705294D-AB18-41E2-AA68-798FBAC92408} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\SheldonAdministrator\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {8B92A53E-5C64-4F63-89DE-EEFA71BCDB91} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 02:25 - 2016-07-16 02:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 19:44 - 2016-12-09 04:11 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-14 19:44 - 2016-12-09 04:11 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-14 08:22 - 2016-09-14 08:22 - 01383616 _____ () C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll 2016-07-16 02:25 - 2016-07-16 02:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-12-14 19:45 - 2016-12-09 03:36 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-11-09 07:45 - 2016-11-02 04:31 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-09 07:45 - 2016-11-02 04:24 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-09-14 10:24 - 2016-09-14 10:24 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-11-09 07:45 - 2016-11-02 04:24 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-11-09 07:45 - 2016-11-02 04:24 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-09 07:45 - 2016-11-02 04:26 - 03158528 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-12-13 23:54 - 2016-12-13 23:55 - 00062464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeHost.exe 2016-12-13 23:54 - 2016-12-13 23:55 - 00153088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-12-13 23:54 - 2016-12-13 23:55 - 30359552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkyWrap.dll 2016-12-13 23:54 - 2016-12-13 23:55 - 01733120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\roottools.dll 2016-12-15 18:06 - 2016-12-15 18:06 - 01244376 _____ () C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll 2016-12-15 00:57 - 2016-12-15 00:57 - 01244376 _____ () C:\Users\Sheldon\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll 2016-11-22 14:08 - 2016-11-22 14:08 - 00019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-11-22 14:08 - 2016-11-22 14:08 - 16815104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-06-06 05:59 - 2016-06-06 05:59 - 00541696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2016-11-22 14:08 - 2016-11-22 14:08 - 00644096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Sharing.dll 2016-11-22 14:08 - 2016-11-22 14:08 - 00227840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Photos.Inking.dll 2016-07-16 04:20 - 2016-07-16 04:20 - 00180224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-29 23:48 - 2016-06-06 15:09 - 00505665 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 m.fr.a2dfp.net 0.0.0.0 mfr.a2dfp.net 0.0.0.0 ad.a8.net 0.0.0.0 asy.a8ww.net 0.0.0.0 static.a-ads.com 0.0.0.0 atlas.aamedia.ro 0.0.0.0 abcstats.com 0.0.0.0 ad4.abradio.cz 0.0.0.0 a.abv.bg 0.0.0.0 adserver.abv.bg 0.0.0.0 adv.abv.bg 0.0.0.0 bimg.abv.bg 0.0.0.0 ca.abv.bg 0.0.0.0 track.acclaimnetwork.com 0.0.0.0 accuserveadsystem.com 0.0.0.0 www.accuserveadsystem.com 0.0.0.0 achmedia.com 0.0.0.0 csh.actiondesk.com 0.0.0.0 ads.activepower.net 0.0.0.0 app.activetrail.com 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie] 0.0.0.0 traffic.acwebconnecting.com 0.0.0.0 office.ad1.ru 0.0.0.0 cms.ad2click.nl 0.0.0.0 ad2games.com 0.0.0.0 ads.ad2games.com 0.0.0.0 content.ad20.net 0.0.0.0 core.ad20.net 0.0.0.0 banner.ad.nu There are 11954 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-2205677902-1374044427-3654136016-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-2205677902-1374044427-3654136016-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [UDP Query User{65F46010-3C47-4DBF-9C92-22554DE955FB}C:\program files\internet explorer\iexplore.exe] => C:\program files\internet explorer\iexplore.exe FirewallRules: [TCP Query User{B4DFACE7-7A41-4660-884C-81480803BDE0}C:\program files\internet explorer\iexplore.exe] => C:\program files\internet explorer\iexplore.exe FirewallRules: [UDP Query User{0BB0C9C4-CEF1-4C85-B47A-274E097EA548}C:\users\sheldon (2)\downloads\rtmpexplorer\rtmpsrv.exe] => C:\users\sheldon (2)\downloads\rtmpexplorer\rtmpsrv.exe FirewallRules: [TCP Query User{FBBB5A64-AE74-41A5-A8B0-1C225414DA0A}C:\users\sheldon (2)\downloads\rtmpexplorer\rtmpsrv.exe] => C:\users\sheldon (2)\downloads\rtmpexplorer\rtmpsrv.exe FirewallRules: [UDP Query User{4A13C432-752E-45A5-8829-EA951663CF60}C:\users\sheldon (2)\desktop\rtmpexplorer\rtmpsrv.exe] => C:\users\sheldon (2)\desktop\rtmpexplorer\rtmpsrv.exe FirewallRules: [TCP Query User{5292E819-D97F-405E-AD62-B10BA12A9CBB}C:\users\sheldon (2)\desktop\rtmpexplorer\rtmpsrv.exe] => C:\users\sheldon (2)\desktop\rtmpexplorer\rtmpsrv.exe FirewallRules: [{884B2E8E-9DA6-416F-88F6-E58510DFAF06}] => C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (12/20/2016 12:21:50 AM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program Microsoft.Photos.exe version 1.0.1611.18000 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1d68 Start Time: 01d25a049ad9713e Termination Time: 4294967295 Application Path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe Report Id: 8f95b80e-c67c-11e6-b171-0024217c1d99 Faulting package full name: Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe Faulting package-relative application ID: App Error: (12/20/2016 12:21:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-5OSS0UM) Description: Package Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (12/19/2016 03:55:11 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program 4kvideodownloader.exe version 4.1.2.2075 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 1338 Start Time: 01d25a424bbf3a8d Termination Time: 6 Application Path: C:\Program Files\4KDownload\4kvideodownloader\4kvideodownloader.exe Report Id: ca366eee-c635-11e6-b171-0024217c1d99 Faulting package full name: Faulting package-relative application ID: Error: (12/19/2016 12:50:11 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 21c0 Start Time: 01d25a27f31259f2 Termination Time: 20 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: f7258424-c61b-11e6-b171-0024217c1d99 Faulting package full name: Faulting package-relative application ID: Error: (12/19/2016 07:51:19 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5OSS0UM) Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (12/19/2016 02:41:41 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-5OSS0UM) Description: Package Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (12/15/2016 03:24:29 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/15/2016 09:36:59 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Avira Antivirus status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (12/15/2016 09:36:59 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Avira Antivirus status to SECURITY_PRODUCT_STATE_ON (error %3). Error: (12/15/2016 09:15:14 AM) (Source: SecurityCenter) (EventID: 16) (User: ) Description: Error while updating Avira Antivirus status to SECURITY_PRODUCT_STATE_ON (error %3). System errors: ============= Error: (12/20/2016 05:09:57 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 11:02:34 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 09:57:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 09:04:50 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5OSS0UM) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-5OSS0UM\Sheldon SID (S-1-5-21-2205677902-1374044427-3654136016-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 08:28:20 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 07:29:29 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 05:59:04 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 04:18:22 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 01:51:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/20/2016 12:25:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. ==================== Memory info =========================== Processor: AMD Athlon™ Dual Core Processor 4450B Percentage of memory in use: 58% Total physical RAM: 3311.32 MB Available physical RAM: 1367.75 MB Total Virtual: 7812.4 MB Available Virtual: 3742.06 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.04 GB) (Free:15.88 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: D9C84E29) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================

#8 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 AM

Posted 22 December 2016 - 08:32 AM

Still the same.

Try again.

copy your log to the REPLY to this topic box.

Click the More Reply Button. You will wee how your log is formatted.

If each entry has his own line the click the Post button.

p.s.
You may have to delete the FRST.TXT log.

Set notepad to the WordWrap function.

Run the Farbar tool a new log will be created.

Post it.

#9 Q-Bertha

Q-Bertha
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 22 December 2016 - 07:25 PM

Scan result of Farbar Recovery Scan Tool (FRST) (x86) Version: 21-12-2016 Ran by SheldonAdministrator (administrator) on DESKTOP-5OSS0UM (22-12-2016 18:04:51) Running from C:\Users\Susan\Desktop Loaded Profiles: Susan & Sheldon & SheldonAdministrator (Available Profiles: Susan & Sheldon & Sheldon (2) & SheldonAdministrator) Platform: Microsoft Windows 10 Home Version 1607 (X86) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (AMD) C:\Windows\System32\atiesrxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\sched.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avguard.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avshadow.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeHost.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (AMD) C:\Windows\System32\atieclxx.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Antivirus\avgnt.exe (Avira Operations GmbH & Co. KG) C:\Program Files\Avira\Launcher\Avira.Systray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe (Microsoft Corporation) C:\Windows\System32\browser_broker.exe (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_10.16112.10211.0_x86__8wekyb3d8bbwe\Music.UI.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x86__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x86__8wekyb3d8bbwe\WinStore.App.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Windows\System32\smartscreen.exe (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe ==================== Registry (Whitelisted) ==================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [avgnt] => C:\Program Files\Avira\Antivirus\avgnt.exe [917576 2016-12-14] (Avira Operations GmbH & Co. KG) HKLM\...\Run: [Avira SystrayStartTrigger] => C:\Program Files\Avira\Launcher\Avira.SystrayStartTrigger.exe [60136 2016-11-15] (Avira Operations GmbH & Co. KG) HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\...\RunOnce: [Uninstall 17.3.6517.0809_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1" HKU\S-1-5-21-2205677902-1374044427-3654136016-1002\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner.exe [7175384 2016-12-06] (Piriform Ltd) HKU\S-1-5-21-2205677902-1374044427-3654136016-1004\...\RunOnce: [Uninstall C:\Users\SheldonAdministrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\SheldonAdministrator\AppData\Local\Microsoft\OneDrive\17.3.6390.0509" ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.1.1 Tcpip\..\Interfaces\{daa20c35-45d5-41b2-bb87-3400740b8b44}: [DhcpNameServer] 192.168.1.1 Internet Explorer: ================== HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs HKU\S-1-5-21-2205677902-1374044427-3654136016-1002\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> DefaultScope {E6293044-5C49-48D3-9790-9FC761004AA3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSS&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869 SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> {E6293044-5C49-48D3-9790-9FC761004AA3} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1002 -> DefaultScope {3B87FD8E-2BCE-418F-926A-5EBCA0E40544} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1002 -> {3B87FD8E-2BCE-418F-926A-5EBCA0E40544} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-2205677902-1374044427-3654136016-1002 -> {AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} URL = hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSS&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869 Toolbar: HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File Toolbar: HKU\S-1-5-21-2205677902-1374044427-3654136016-1002 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File FireFox: ======== FF Plugin: @tools.google.com/Google Update;version=3 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin: @tools.google.com/Google Update;version=9 -> C:\Program Files\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-18] (Google Inc.) FF Plugin: @videolan.org/vlc,version=2.2.4 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-06-01] (VideoLAN) FF Plugin: Adobe Reader -> C:\Program Files\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-09-30] (Adobe Systems Inc.) Chrome: ======= CHR Profile: C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default [2016-12-18] CHR Extension: (Google Slides) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-12-18] CHR Extension: (Google Docs) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-12-18] CHR Extension: (Google Drive) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-12-18] CHR Extension: (YouTube) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-12-18] CHR Extension: (Google Sheets) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-12-18] CHR Extension: (Google Docs Offline) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-12-18] CHR Extension: (Chrome Web Store Payments) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-12-18] CHR Extension: (Gmail) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-12-18] CHR Extension: (Chrome Media Router) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-18] ==================== Services (Whitelisted) ==================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 AntiVirMailService; C:\Program Files\Avira\Antivirus\avmailc7.exe [1089592 2016-12-14] (Avira Operations GmbH & Co. KG) R2 AntiVirSchedulerService; C:\Program Files\Avira\Antivirus\sched.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG) R2 AntiVirService; C:\Program Files\Avira\Antivirus\avguard.exe [476736 2016-12-14] (Avira Operations GmbH & Co. KG) S2 AntiVirWebService; C:\Program Files\Avira\Antivirus\avwebg7.exe [1490296 2016-12-14] (Avira Operations GmbH & Co. KG) R2 Avira.ServiceHost; C:\Program Files\Avira\Launcher\Avira.ServiceHost.exe [350528 2016-11-24] (Avira Operations GmbH & Co. KG) S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [271496 2016-07-16] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [84928 2016-07-16] (Microsoft Corporation) ===================== Drivers (Whitelisted) ====================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 avgntflt; C:\WINDOWS\System32\DRIVERS\avgntflt.sys [124552 2016-12-14] (Avira Operations GmbH & Co. KG) R1 avipbb; C:\WINDOWS\system32\DRIVERS\avipbb.sys [152816 2016-12-14] (Avira Operations GmbH & Co. KG) R1 avkmgr; C:\WINDOWS\system32\DRIVERS\avkmgr.sys [44208 2016-08-18] (Avira Operations GmbH & Co. KG) R2 avnetflt; C:\WINDOWS\system32\DRIVERS\avnetflt.sys [66872 2016-08-18] (Avira Operations GmbH & Co. KG) S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [62976 2016-07-16] () S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [37912 2016-07-16] (Microsoft Corporation) S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [244576 2016-07-16] (Microsoft Corporation) S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [100192 2016-07-16] (Microsoft Corporation) ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-20 17:12 - 2016-12-20 17:12 - 00001329 _____ C:\Users\Susan\Desktop\Chili's Complaint.txt 2016-12-20 17:10 - 2016-12-20 17:10 - 00000000 ____D C:\Users\Sheldon (2)\Desktop\New folder (2) 2016-12-20 17:01 - 2016-12-22 18:04 - 01762816 _____ (Farbar) C:\Users\Susan\Desktop\FRST.exe 2016-12-18 18:34 - 2016-12-18 18:34 - 00000000 ____D C:\Users\Sheldon (2)\AppData\Local\Google 2016-12-18 02:07 - 2016-12-18 02:07 - 00002294 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-12-18 02:07 - 2016-12-18 02:07 - 00002282 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-12-18 02:06 - 2016-12-18 02:10 - 00000000 ____D C:\Users\SheldonAdministrator\AppData\Local\Google 2016-12-18 02:06 - 2016-12-18 02:07 - 00000000 ____D C:\Program Files\Google 2016-12-17 17:39 - 2016-12-22 18:04 - 00000000 ____D C:\Users\Susan\Desktop\FRST-OlderVersion 2016-12-15 18:01 - 2016-10-17 01:44 - 31343344 _____ (Open Media LLC ) C:\Users\Public\Documents\4kvideodownloader_4.1 (1).exe 2016-12-15 18:01 - 2016-08-10 23:49 - 30261168 _____ (Symantec Corporation) C:\Users\Public\Documents\NortonIdentitySafe-EN-v1.exe 2016-12-15 18:01 - 2016-07-30 01:08 - 28446216 _____ (Open Media LLC ) C:\Users\Public\Documents\4kvideodownloader_4.1.exe 2016-12-15 18:01 - 2016-07-25 22:39 - 15258736 _____ (Sling Media Inc.) C:\Users\Public\Documents\WBSP_IE_Setup.exe 2016-12-15 17:57 - 2016-12-18 02:05 - 08803648 _____ (Piriform Ltd) C:\Users\Public\Documents\ccsetup525.exe 2016-12-14 19:45 - 2016-12-09 04:14 - 06019936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-12-14 19:45 - 2016-12-09 04:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-12-14 19:45 - 2016-12-09 03:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll 2016-12-14 19:45 - 2016-12-09 03:52 - 01344992 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-12-14 19:45 - 2016-12-09 03:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-12-14 19:45 - 2016-12-09 03:37 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll 2016-12-14 19:45 - 2016-12-09 03:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-12-14 19:45 - 2016-12-09 03:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9diag.dll 2016-12-14 19:45 - 2016-12-09 03:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-12-14 19:45 - 2016-12-09 03:22 - 03776000 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-12-14 19:45 - 2016-12-09 03:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-12-14 19:45 - 2016-12-09 03:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-12-14 19:45 - 2016-12-09 03:18 - 01235456 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-12-14 19:45 - 2016-12-09 03:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll 2016-12-14 19:45 - 2016-12-09 03:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-12-14 19:45 - 2016-12-09 03:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-12-14 19:45 - 2016-12-09 03:16 - 00586240 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-12-14 19:45 - 2016-09-15 10:53 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-12-14 19:44 - 2016-12-09 04:54 - 01415520 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-12-14 19:44 - 2016-12-09 04:54 - 00115552 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-12-14 19:44 - 2016-12-09 04:16 - 00890984 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-12-14 19:44 - 2016-12-09 04:16 - 00784064 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-12-14 19:44 - 2016-12-09 04:12 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys 2016-12-14 19:44 - 2016-12-09 04:11 - 02048496 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-14 19:44 - 2016-12-09 04:10 - 00583136 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2016-12-14 19:44 - 2016-12-09 04:09 - 00133296 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll 2016-12-14 19:44 - 2016-12-09 04:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll 2016-12-14 19:44 - 2016-12-09 04:01 - 01897824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-12-14 19:44 - 2016-12-09 04:01 - 00551264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-12-14 19:44 - 2016-12-09 04:01 - 00342880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-12-14 19:44 - 2016-12-09 04:00 - 00523784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-12-14 19:44 - 2016-12-09 04:00 - 00117720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll 2016-12-14 19:44 - 2016-12-09 03:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll 2016-12-14 19:44 - 2016-12-09 03:55 - 00198496 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll 2016-12-14 19:44 - 2016-12-09 03:52 - 01413664 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll 2016-12-14 19:44 - 2016-12-09 03:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll 2016-12-14 19:44 - 2016-12-09 03:37 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll 2016-12-14 19:44 - 2016-12-09 03:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll 2016-12-14 19:44 - 2016-12-09 03:35 - 00359424 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll 2016-12-14 19:44 - 2016-12-09 03:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2016-12-14 19:44 - 2016-12-09 03:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2016-12-14 19:44 - 2016-12-09 03:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll 2016-12-14 19:44 - 2016-12-09 03:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-12-14 19:44 - 2016-12-09 03:28 - 01284096 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll 2016-12-14 19:44 - 2016-12-09 03:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-12-14 19:44 - 2016-12-09 03:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-12-14 19:44 - 2016-12-09 03:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll 2016-12-14 19:44 - 2016-12-09 03:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-12-14 19:44 - 2016-12-09 03:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2016-12-14 19:44 - 2016-12-09 03:17 - 01120768 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-12-14 19:44 - 2016-12-09 03:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll 2016-12-14 19:44 - 2016-12-09 03:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2016-12-14 19:44 - 2016-12-09 03:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2016-12-14 19:44 - 2016-12-09 03:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2016-12-14 19:44 - 2016-12-09 03:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll 2016-12-14 00:51 - 2016-12-18 19:43 - 00000000 ____D C:\Users\Sheldon (2)\Desktop\New folder 2016-12-13 19:54 - 2016-12-13 19:54 - 00000043 _____ C:\Users\Public\Documents\cy.txt 2016-12-13 17:20 - 2016-12-13 17:20 - 00000212 _____ C:\Users\Public\Documents\game.txt 2016-12-10 02:10 - 2016-11-11 01:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll 2016-12-10 02:10 - 2016-11-11 01:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll 2016-12-10 02:10 - 2016-11-11 01:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2016-12-10 02:10 - 2016-11-11 01:42 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-12-10 02:10 - 2016-11-11 01:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll 2016-12-10 02:10 - 2016-11-11 01:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2016-12-10 02:10 - 2016-11-11 01:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2016-12-10 02:10 - 2016-11-11 01:15 - 01722368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2016-12-10 02:10 - 2016-11-11 01:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2016-12-10 02:10 - 2016-11-11 01:15 - 00441856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll 2016-12-10 02:10 - 2016-11-11 01:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll 2016-12-10 02:10 - 2016-11-11 01:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-12-10 02:09 - 2016-11-11 02:07 - 00448864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll 2016-12-10 02:09 - 2016-11-11 02:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll 2016-12-10 02:09 - 2016-11-11 02:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll 2016-12-10 02:09 - 2016-11-11 01:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll 2016-12-10 02:09 - 2016-11-11 01:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2016-12-10 02:09 - 2016-11-11 01:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-12-10 02:09 - 2016-11-11 01:45 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-12-10 02:09 - 2016-11-11 01:45 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-12-10 02:09 - 2016-11-11 01:45 - 00261984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-12-10 02:09 - 2016-11-11 01:45 - 00175968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys 2016-12-10 02:09 - 2016-11-11 01:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-12-10 02:09 - 2016-11-11 01:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-12-10 02:09 - 2016-11-11 01:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2016-12-10 02:09 - 2016-11-11 01:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-12-10 02:09 - 2016-11-11 01:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll 2016-12-10 02:09 - 2016-11-11 01:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll 2016-12-10 02:09 - 2016-11-11 01:27 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll 2016-12-10 02:09 - 2016-11-11 01:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe 2016-12-10 02:09 - 2016-11-11 01:26 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys 2016-12-10 02:09 - 2016-11-11 01:25 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll 2016-12-10 02:09 - 2016-11-11 01:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-12-10 02:09 - 2016-11-11 01:25 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe 2016-12-10 02:09 - 2016-11-11 01:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-12-10 02:09 - 2016-11-11 01:24 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll 2016-12-10 02:09 - 2016-11-11 01:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll 2016-12-10 02:09 - 2016-11-11 01:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll 2016-12-10 02:09 - 2016-11-11 01:24 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2016-12-10 02:09 - 2016-11-11 01:24 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-12-10 02:09 - 2016-11-11 01:23 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll 2016-12-10 02:09 - 2016-11-11 01:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-12-10 02:09 - 2016-11-11 01:23 - 00132096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll 2016-12-10 02:09 - 2016-11-11 01:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-12-10 02:09 - 2016-11-11 01:22 - 00062976 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll 2016-12-10 02:09 - 2016-11-11 01:22 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll 2016-12-10 02:09 - 2016-11-11 01:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-12-10 02:09 - 2016-11-11 01:21 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll 2016-12-10 02:09 - 2016-11-11 01:21 - 00240128 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-12-10 02:09 - 2016-11-11 01:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2016-12-10 02:09 - 2016-11-11 01:20 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe 2016-12-10 02:09 - 2016-11-11 01:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-12-10 02:09 - 2016-11-11 01:19 - 00447488 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll 2016-12-10 02:09 - 2016-11-11 01:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll 2016-12-10 02:09 - 2016-11-11 01:18 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-12-10 02:09 - 2016-11-11 01:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll 2016-12-10 02:09 - 2016-11-11 01:18 - 00294400 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll 2016-12-10 02:09 - 2016-11-11 01:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll 2016-12-10 02:09 - 2016-11-11 01:17 - 00247296 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll 2016-12-10 02:09 - 2016-11-11 01:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-12-10 02:09 - 2016-11-11 01:15 - 00561152 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll 2016-12-10 02:09 - 2016-11-11 01:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll 2016-12-10 02:09 - 2016-11-11 01:15 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll 2016-12-10 02:09 - 2016-11-11 01:14 - 00473600 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2016-12-10 02:09 - 2016-11-11 01:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2016-12-10 02:09 - 2016-11-11 01:13 - 00626688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2016-12-10 02:09 - 2016-11-11 01:13 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe 2016-12-10 02:09 - 2016-11-11 01:12 - 01584128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll 2016-12-10 02:09 - 2016-11-11 01:12 - 00529408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll 2016-12-10 02:09 - 2016-11-11 01:12 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll 2016-12-10 02:09 - 2016-11-11 01:11 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-12-10 02:09 - 2016-11-11 01:11 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-12-10 02:09 - 2016-11-11 01:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-12-10 02:09 - 2016-11-11 01:10 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll 2016-12-10 02:09 - 2016-11-11 01:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-12-10 02:09 - 2016-11-11 01:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll 2016-12-10 02:09 - 2016-11-11 01:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll 2016-12-10 02:09 - 2016-11-11 01:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 01887232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 00920576 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 00818176 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 00706048 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-12-10 02:09 - 2016-11-11 01:04 - 00241152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll 2016-12-10 02:09 - 2016-11-11 01:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-12-10 02:09 - 2016-11-11 01:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-12-10 02:09 - 2016-11-11 01:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll 2016-12-10 02:08 - 2016-11-11 02:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll 2016-12-10 02:08 - 2016-11-11 02:07 - 00081760 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll 2016-12-10 02:08 - 2016-11-11 02:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll 2016-12-10 02:08 - 2016-11-11 02:00 - 01725136 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-12-10 02:08 - 2016-11-11 01:59 - 01586736 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-12-10 02:08 - 2016-11-11 01:59 - 00292192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2016-12-10 02:08 - 2016-11-11 01:59 - 00106336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys 2016-12-10 02:08 - 2016-11-11 01:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll 2016-12-10 02:08 - 2016-11-11 01:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-12-10 02:08 - 2016-11-11 01:47 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-12-10 02:08 - 2016-11-11 01:46 - 00186720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-12-10 02:08 - 2016-11-11 01:45 - 00355680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys 2016-12-10 02:08 - 2016-11-11 01:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll 2016-12-10 02:08 - 2016-11-11 01:42 - 00313088 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2016-12-10 02:08 - 2016-11-11 01:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll 2016-12-10 02:08 - 2016-11-11 01:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-12-10 02:08 - 2016-11-11 01:41 - 01384704 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll 2016-12-10 02:08 - 2016-11-11 01:41 - 00802608 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll 2016-12-10 02:08 - 2016-11-11 01:41 - 00675568 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll 2016-12-10 02:08 - 2016-11-11 01:37 - 00381720 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe 2016-12-10 02:08 - 2016-11-11 01:30 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2016-12-10 02:08 - 2016-11-11 01:29 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll 2016-12-10 02:08 - 2016-11-11 01:27 - 00090624 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll 2016-12-10 02:08 - 2016-11-11 01:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe 2016-12-10 02:08 - 2016-11-11 01:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe 2016-12-10 02:08 - 2016-11-11 01:25 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys 2016-12-10 02:08 - 2016-11-11 01:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2016-12-10 02:08 - 2016-11-11 01:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll 2016-12-10 02:08 - 2016-11-11 01:22 - 00299520 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2016-12-10 02:08 - 2016-11-11 01:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll 2016-12-10 02:08 - 2016-11-11 01:22 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2016-12-10 02:08 - 2016-11-11 01:22 - 00054784 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe 2016-12-10 02:08 - 2016-11-11 01:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-12-10 02:08 - 2016-11-11 01:21 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll 2016-12-10 02:08 - 2016-11-11 01:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll 2016-12-10 02:08 - 2016-11-11 01:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-12-10 02:08 - 2016-11-11 01:20 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll 2016-12-10 02:08 - 2016-11-11 01:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe 2016-12-10 02:08 - 2016-11-11 01:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll 2016-12-10 02:08 - 2016-11-11 01:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll 2016-12-10 02:08 - 2016-11-11 01:19 - 00384512 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-12-10 02:08 - 2016-11-11 01:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll 2016-12-10 02:08 - 2016-11-11 01:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll 2016-12-10 02:08 - 2016-11-11 01:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe 2016-12-10 02:08 - 2016-11-11 01:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll 2016-12-10 02:08 - 2016-11-11 01:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll 2016-12-10 02:08 - 2016-11-11 01:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl 2016-12-10 02:08 - 2016-11-11 01:18 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.desktop.dll 2016-12-10 02:08 - 2016-11-11 01:18 - 00142848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll 2016-12-10 02:08 - 2016-11-11 01:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll 2016-12-10 02:08 - 2016-11-11 01:18 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll 2016-12-10 02:08 - 2016-11-11 01:17 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXApplicabilityBlob.dll 2016-12-10 02:08 - 2016-11-11 01:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe 2016-12-10 02:08 - 2016-11-11 01:16 - 01377792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll 2016-12-10 02:08 - 2016-11-11 01:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-12-10 02:08 - 2016-11-11 01:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-12-10 02:08 - 2016-11-11 01:14 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll 2016-12-10 02:08 - 2016-11-11 01:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-12-10 02:08 - 2016-11-11 01:13 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-12-10 02:08 - 2016-11-11 01:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll 2016-12-10 02:08 - 2016-11-11 01:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll 2016-12-10 02:08 - 2016-11-11 01:09 - 00786432 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-12-10 02:08 - 2016-11-11 01:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\xolehlp.dll 2016-12-10 02:08 - 2016-11-11 01:07 - 01948160 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-12-10 02:08 - 2016-11-11 01:07 - 01136128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll 2016-12-10 02:08 - 2016-11-11 01:07 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll 2016-12-10 02:08 - 2016-11-11 01:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe 2016-12-10 02:08 - 2016-11-11 01:06 - 01602048 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe 2016-12-10 02:08 - 2016-11-11 01:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll 2016-12-10 02:08 - 2016-11-11 01:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxclu.dll 2016-12-10 02:08 - 2016-11-11 01:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll 2016-12-10 02:08 - 2016-11-11 01:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll 2016-12-10 02:08 - 2016-11-11 01:05 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-12-10 02:08 - 2016-11-11 01:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll 2016-12-10 02:08 - 2016-11-11 01:04 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll 2016-12-10 02:08 - 2016-11-11 01:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll 2016-12-10 02:08 - 2016-11-11 01:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2016-12-10 02:08 - 2016-11-11 01:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll 2016-12-10 02:08 - 2016-11-11 01:02 - 00612352 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll 2016-12-10 01:15 - 2016-12-10 01:16 - 00000000 ____D C:\Users\Sheldon\Desktop\Ads 2016-12-09 10:12 - 2016-12-09 10:12 - 00001163 _____ C:\Users\Public\Desktop\Avira Connect.lnk 2016-12-06 01:56 - 2016-12-20 17:14 - 00024242 _____ C:\Users\Susan\Desktop\Addition.txt 2016-12-06 01:55 - 2016-12-22 18:05 - 00012116 _____ C:\Users\Susan\Desktop\FRST.txt 2016-12-06 01:54 - 2016-12-22 18:04 - 00000000 ____D C:\FRST 2016-12-06 00:28 - 2016-12-19 00:48 - 00000454 _____ C:\Users\Sheldon\Desktop\gg.txt 2016-12-03 05:19 - 2016-12-03 05:19 - 00000413 _____ C:\Users\Sheldon\Desktop\Sale.txt 2016-11-29 16:36 - 2016-12-20 19:45 - 00000313 _____ C:\Users\Sheldon\Desktop\Amiibo.txt 2016-11-28 17:37 - 2016-11-28 17:37 - 00000000 ____D C:\Users\Public\Documents\Call Logs 2016-11-24 05:29 - 2016-11-24 05:29 - 00000207 _____ C:\Users\Public\Documents\sl.txt 2016-11-22 00:12 - 2016-12-20 05:27 - 00000100 _____ C:\Users\Sheldon\Desktop\table.txt ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-12-22 17:57 - 2016-09-14 07:30 - 00000000 ____D C:\WINDOWS\system32\SleepStudy 2016-12-22 17:55 - 2016-07-16 02:29 - 00000000 ___HD C:\Program Files\WindowsApps 2016-12-22 17:55 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-12-21 18:12 - 2016-07-20 04:21 - 00000000 ____D C:\Users\Sheldon (2)\AppData\Roaming\vlc 2016-12-18 18:56 - 2016-08-07 17:12 - 00000000 ____D C:\Users\Sheldon (2)\Downloads\rtmpexplorer 2016-12-18 02:12 - 2016-06-17 13:55 - 00006223 _____ C:\Users\Sheldon\Desktop\Pre-Orders.txt 2016-12-18 02:07 - 2016-08-30 00:37 - 00001038 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-12-17 20:20 - 2016-08-17 23:10 - 00001784 _____ C:\Users\Susan\Desktop\PC Problems.txt 2016-12-17 14:59 - 2016-09-14 07:35 - 00000000 ____D C:\Users\Susan 2016-12-16 10:04 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\rescache 2016-12-16 02:46 - 2016-10-14 00:05 - 00000000 ____D C:\Users\Sheldon (2)\Desktop\Unknown 2016-12-15 18:21 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\LiveKernelReports 2016-12-15 18:10 - 2016-06-06 04:44 - 00002367 _____ C:\Users\Susan\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-12-15 18:10 - 2016-06-06 04:44 - 00000000 ___RD C:\Users\Susan\OneDrive 2016-12-15 17:55 - 2016-07-20 03:08 - 00002385 _____ C:\Users\Sheldon (2)\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-12-15 17:55 - 2016-07-20 03:08 - 00000000 ___RD C:\Users\Sheldon (2)\OneDrive 2016-12-15 09:50 - 2016-06-06 04:40 - 01050386 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-12-15 09:46 - 2016-09-14 07:49 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-12-15 09:46 - 2016-09-14 07:29 - 00192880 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-12-15 09:45 - 2016-09-14 07:35 - 00000000 ____D C:\Users\Sheldon 2016-12-15 09:45 - 2016-07-15 20:22 - 01572864 _____ C:\WINDOWS\system32\config\BBI 2016-12-15 09:44 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\ShellExperiences 2016-12-15 00:58 - 2016-06-06 14:49 - 00002373 _____ C:\Users\Sheldon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-12-15 00:58 - 2016-06-06 14:49 - 00000000 ___RD C:\Users\Sheldon\OneDrive 2016-12-15 00:36 - 2016-07-16 02:19 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-12-14 08:21 - 2016-08-25 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avira 2016-12-14 08:18 - 2016-10-06 12:29 - 00024640 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avusbflt.sys 2016-12-14 08:18 - 2016-08-25 01:19 - 00152816 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avipbb.sys 2016-12-14 08:18 - 2016-08-25 01:19 - 00124552 _____ (Avira Operations GmbH & Co. KG) C:\WINDOWS\system32\Drivers\avgntflt.sys 2016-12-14 03:49 - 2016-08-03 17:11 - 00170200 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-12-13 17:02 - 2016-06-06 04:41 - 00000000 ____D C:\Users\Susan\AppData\Local\Packages 2016-12-13 15:04 - 2016-06-06 05:44 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-12-13 15:02 - 2016-06-06 05:44 - 133430776 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-12-12 00:06 - 2016-06-15 16:48 - 00002817 _____ C:\Users\Sheldon\Desktop\Games.txt 2016-12-11 20:03 - 2016-09-14 07:35 - 00000000 ____D C:\Users\Sheldon (2) 2016-12-11 17:56 - 2016-10-28 11:14 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerApp.exe 2016-12-11 17:56 - 2016-10-28 11:14 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\FlashPlayerCPLApp.cpl 2016-12-10 23:12 - 2016-04-26 22:36 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-12-10 09:48 - 2016-07-16 02:28 - 00000000 ____D C:\WINDOWS\INF 2016-12-10 09:45 - 2016-07-16 02:29 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel 2016-12-10 09:45 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-12-10 09:45 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-12-10 09:45 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-12-10 09:45 - 2016-07-15 20:22 - 00000000 ____D C:\WINDOWS\system32\Sysprep 2016-12-10 09:45 - 2016-07-15 20:22 - 00000000 ____D C:\WINDOWS\system32\Dism 2016-12-10 09:45 - 2016-07-15 20:22 - 00000000 ____D C:\WINDOWS\servicing 2016-12-10 02:08 - 2016-09-30 04:51 - 00000464 _____ C:\Users\Public\Documents\4.txt 2016-12-10 02:08 - 2016-06-26 03:31 - 00002441 _____ C:\Users\Sheldon\Desktop\Google Play.txt 2016-12-09 10:12 - 2016-08-25 01:24 - 00000000 ____D C:\ProgramData\Package Cache 2016-12-08 18:21 - 2016-07-20 03:06 - 00000000 ____D C:\Users\Sheldon (2)\AppData\Local\Packages 2016-12-07 00:25 - 2016-08-07 16:44 - 00000242 _____ C:\Users\Sheldon (2)\.swfinfo 2016-12-05 20:24 - 2016-07-16 02:29 - 00000000 ____D C:\WINDOWS\system32\NDF 2016-12-02 15:34 - 2016-06-06 14:47 - 00000000 ____D C:\Users\Sheldon\AppData\Local\Packages 2016-11-28 17:52 - 2016-09-02 18:07 - 00000233 _____ C:\Users\Public\Documents\Wrong Numbers.txt Some files in TEMP: ==================== C:\Users\SheldonAdministrator\AppData\Local\Temp\avgnt.exe ==================== Bamital & volsnap ====================== (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-12-22 09:01 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x86) Version: 21-12-2016 Ran by SheldonAdministrator (22-12-2016 18:06:15) Running from C:\Users\Susan\Desktop Microsoft Windows 10 Home Version 1607 (X86) (2016-09-14 13:59:06) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2205677902-1374044427-3654136016-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-2205677902-1374044427-3654136016-503 - Limited - Disabled) Guest (S-1-5-21-2205677902-1374044427-3654136016-501 - Limited - Disabled) Sheldon (S-1-5-21-2205677902-1374044427-3654136016-1002 - Limited - Enabled) => C:\Users\Sheldon Sheldon (2) (S-1-5-21-2205677902-1374044427-3654136016-1003 - Limited - Enabled) => C:\Users\Sheldon (2) SheldonAdministrator (S-1-5-21-2205677902-1374044427-3654136016-1004 - Administrator - Enabled) => C:\Users\SheldonAdministrator Susan (S-1-5-21-2205677902-1374044427-3654136016-1001 - Limited - Enabled) => C:\Users\Susan ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Avira Antivirus (Enabled - Up to date) {4D041356-F94D-285F-8768-AAE50FA36859} AV: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Avira Antivirus (Enabled - Up to date) {F665F2B2-DF77-27D1-BDD8-9197742422E4} AS: Windows Defender (Disabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4K Video Downloader 4.1 (HKLM\...\4K Video Downloader_is1) (Version: 4.1.2.2075 - Open Media LLC) Adobe Acrobat Reader DC (HKLM\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.020.20042 - Adobe Systems Incorporated) Avira Antivirus (HKLM\...\Avira Antivirus) (Version: 15.0.24.146 - Avira Operations GmbH & Co. KG) Avira Connect (HKLM\...\{707e8edf-9482-4417-ae39-c9b5fe605e87}) (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Avira Connect (Version: 1.2.76.27124 - Avira Operations GmbH & Co. KG) Hidden CCleaner (HKLM\...\CCleaner) (Version: 5.25 - Piriform) Google Chrome (HKLM\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.) Google Update Helper (Version: 1.3.21.169 - Google Inc.) Hidden Google Update Helper (Version: 1.3.32.7 - Google Inc.) Hidden Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft OneDrive (HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-2205677902-1374044427-3654136016-1002\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation) RogueKiller version 12 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 12 - Adlice Software) SlingPlayer for Web (HKLM\...\{96FA02A8-21F1-439F-8ADB-2B5F1BC4AC9D}) (Version: 2.4.0157 - Sling Media) Strawberry Perl (HKLM\...\{A9F555F9-7368-1014-A275-8A8131843670}) (Version: 5.24.1 - strawberryperl.com project) VLC media player (HKLM\...\VLC media player) (Version: 2.2.4 - VideoLAN) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {06E77772-CF2D-4305-AAAF-10B275361EF1} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-18] (Google Inc.) Task: {3DCFDBFB-04FD-48EA-9772-698C0B0F8CD9} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-10-21] (Adobe Systems Incorporated) Task: {5C665993-5185-4411-87F3-A616FCBA2C31} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-12-06] (Piriform Ltd) Task: {64F21F52-84CE-4DB6-916F-D4D049876804} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files\Google\Update\GoogleUpdate.exe [2016-12-18] (Google Inc.) Task: {707E7437-1A7B-41BE-A5FB-6065BE43EC81} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\Sheldon\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe Task: {8705294D-AB18-41E2-AA68-798FBAC92408} - System32\Tasks\OneDrive Standalone Update Task v2 => C:\Users\SheldonAdministrator\AppData\Local\Microsoft\OneDrive\OneDriveStandaloneUpdater.exe Task: {8B92A53E-5C64-4F63-89DE-EEFA71BCDB91} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2016-07-16 02:25 - 2016-07-16 02:25 - 00190976 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-12-14 19:44 - 2016-12-09 04:11 - 02048496 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-12-14 19:44 - 2016-12-09 04:11 - 02048496 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll 2016-09-14 08:22 - 2016-09-14 08:22 - 01383616 _____ () C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6517.0809_1\ClientTelemetry.dll 2016-07-16 02:25 - 2016-07-16 02:25 - 00108032 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll 2016-12-14 19:45 - 2016-12-09 03:36 - 00321536 _____ () C:\Windows\ShellExperiences\QuickActions.dll 2016-11-09 07:45 - 2016-11-02 04:31 - 06726656 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-11-09 07:45 - 2016-11-02 04:24 - 01150464 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-09-14 10:24 - 2016-09-14 10:24 - 00526848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll 2016-11-09 07:45 - 2016-11-02 04:24 - 00779776 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll 2016-11-09 07:45 - 2016-11-02 04:24 - 01724928 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-11-09 07:45 - 2016-11-02 04:26 - 03158528 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-12-13 23:54 - 2016-12-13 23:55 - 00062464 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeHost.exe 2016-12-13 23:54 - 2016-12-13 23:55 - 00153088 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkypeBackgroundTasks.dll 2016-12-13 23:54 - 2016-12-13 23:55 - 30359552 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\SkyWrap.dll 2016-12-13 23:54 - 2016-12-13 23:55 - 01733120 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x86__kzf8qxf38zg5c\roottools.dll 2016-12-15 18:06 - 2016-12-15 18:06 - 01244376 _____ () C:\Users\Susan\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll 2016-12-15 00:57 - 2016-12-15 00:57 - 01244376 _____ () C:\Users\Sheldon\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll 2016-11-22 14:08 - 2016-11-22 14:08 - 00019968 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe 2016-11-22 14:08 - 2016-11-22 14:08 - 16815104 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.dll 2016-06-06 05:59 - 2016-06-06 05:59 - 00541696 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.DesignCore.dll 2016-11-22 14:08 - 2016-11-22 14:08 - 00644096 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Sharing.dll 2016-11-22 14:08 - 2016-11-22 14:08 - 00227840 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Photos.Inking.dll 2016-07-16 04:20 - 2016-07-16 04:20 - 00180224 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\StoreRatingPromotion.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" value will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2015-10-29 23:48 - 2016-06-06 15:09 - 00505665 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 0.0.0.0 m.fr.a2dfp.net 0.0.0.0 mfr.a2dfp.net 0.0.0.0 ad.a8.net 0.0.0.0 asy.a8ww.net 0.0.0.0 static.a-ads.com 0.0.0.0 atlas.aamedia.ro 0.0.0.0 abcstats.com 0.0.0.0 ad4.abradio.cz 0.0.0.0 a.abv.bg 0.0.0.0 adserver.abv.bg 0.0.0.0 adv.abv.bg 0.0.0.0 bimg.abv.bg 0.0.0.0 ca.abv.bg 0.0.0.0 track.acclaimnetwork.com 0.0.0.0 accuserveadsystem.com 0.0.0.0 www.accuserveadsystem.com 0.0.0.0 achmedia.com 0.0.0.0 csh.actiondesk.com 0.0.0.0 ads.activepower.net 0.0.0.0 app.activetrail.com 0.0.0.0 stat.active24stats.nl #[Tracking.Cookie] 0.0.0.0 traffic.acwebconnecting.com 0.0.0.0 office.ad1.ru 0.0.0.0 cms.ad2click.nl 0.0.0.0 ad2games.com 0.0.0.0 ads.ad2games.com 0.0.0.0 content.ad20.net 0.0.0.0 core.ad20.net 0.0.0.0 banner.ad.nu There are 11954 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2205677902-1374044427-3654136016-1001\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-2205677902-1374044427-3654136016-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg HKU\S-1-5-21-2205677902-1374044427-3654136016-1004\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg DNS Servers: 192.168.1.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => LPort=139 FirewallRules: [UDP Query User{65F46010-3C47-4DBF-9C92-22554DE955FB}C:\program files\internet explorer\iexplore.exe] => C:\program files\internet explorer\iexplore.exe FirewallRules: [TCP Query User{B4DFACE7-7A41-4660-884C-81480803BDE0}C:\program files\internet explorer\iexplore.exe] => C:\program files\internet explorer\iexplore.exe FirewallRules: [UDP Query User{0BB0C9C4-CEF1-4C85-B47A-274E097EA548}C:\users\sheldon (2)\downloads\rtmpexplorer\rtmpsrv.exe] => C:\users\sheldon (2)\downloads\rtmpexplorer\rtmpsrv.exe FirewallRules: [TCP Query User{FBBB5A64-AE74-41A5-A8B0-1C225414DA0A}C:\users\sheldon (2)\downloads\rtmpexplorer\rtmpsrv.exe] => C:\users\sheldon (2)\downloads\rtmpexplorer\rtmpsrv.exe FirewallRules: [UDP Query User{4A13C432-752E-45A5-8829-EA951663CF60}C:\users\sheldon (2)\desktop\rtmpexplorer\rtmpsrv.exe] => C:\users\sheldon (2)\desktop\rtmpexplorer\rtmpsrv.exe FirewallRules: [TCP Query User{5292E819-D97F-405E-AD62-B10BA12A9CBB}C:\users\sheldon (2)\desktop\rtmpexplorer\rtmpsrv.exe] => C:\users\sheldon (2)\desktop\rtmpexplorer\rtmpsrv.exe FirewallRules: [{884B2E8E-9DA6-416F-88F6-E58510DFAF06}] => C:\Program Files\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= ATTENTION: System Restore is disabled ==================== Faulty Device Manager Devices ============= Name: Standard PS/2 Keyboard Description: Standard PS/2 Keyboard Class Guid: {4d36e96b-e325-11ce-bfc1-08002be10318} Manufacturer: (Standard keyboards) Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. Name: PS/2 Compatible Mouse Description: PS/2 Compatible Mouse Class Guid: {4d36e96f-e325-11ce-bfc1-08002be10318} Manufacturer: Microsoft Service: i8042prt Problem: : This device is not present, is not working properly, or does not have all its drivers installed. (Code 24) Resolution: The device is installed incorrectly. The problem could be a hardware failure, or a new driver might be needed. Devices stay in this state if they have been prepared for removal. After you remove the device, this error disappears.Remove the device, and this error should be resolved. ==================== Event log errors: ========================= Application errors: ================== Error: (12/22/2016 05:53:39 PM) (Source: Application Hang) (EventID: 1002) (User: ) Description: The program iexplore.exe version 11.0.14393.0 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel. Process ID: 6ec Start Time: 01d25cae3f0583f7 Termination Time: 0 Application Path: C:\Program Files\Internet Explorer\iexplore.exe Report Id: d3109469-c8a1-11e6-b171-0024217c1d99 Faulting package full name: Faulting package-relative application ID: Error: (12/22/2016 05:53:10 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5OSS0UM) Description: Activation of app Microsoft.Windows.CloudExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (12/22/2016 08:38:32 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-5OSS0UM) Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (12/22/2016 08:38:29 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: Microsoft.Photos.exe, version: 1.0.1611.18000, time stamp: 0x582fa234 Faulting module name: windows.storage.dll, version: 10.0.14393.479, time stamp: 0x58256eeb Exception code: 0xc0000005 Fault offset: 0x001cf647 Faulting process id: 0x3634 Faulting application start time: 0x01d25c610f7a6f58 Faulting application path: C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe\Microsoft.Photos.exe Faulting module path: C:\WINDOWS\System32\windows.storage.dll Report Id: 92b981d4-8f08-4632-bbe5-9ae8f2c124fa Faulting package full name: Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe Faulting package-relative application ID: App Error: (12/20/2016 08:41:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DESKTOP-5OSS0UM) Description: Package Microsoft.Windows.Photos_16.1118.10000.0_x86__8wekyb3d8bbwe+App was terminated because it took too long to suspend. Error: (12/20/2016 07:42:59 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/20/2016 06:42:58 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/20/2016 06:40:28 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/20/2016 06:39:58 PM) (Source: Windows Search Service) (EventID: 3104) (User: ) Description: Enumerating user sessions to generate filter pools failed. Details: (HRESULT : 0x80040210) (0x80040210) Error: (12/20/2016 06:39:16 PM) (Source: ESENT) (EventID: 413) (User: ) Description: taskhostw (3680) WebCacheLocal: Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032. System errors: ============= Error: (12/22/2016 05:55:45 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5OSS0UM) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-5OSS0UM\Sheldon SID (S-1-5-21-2205677902-1374044427-3654136016-1002) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/22/2016 05:55:45 PM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-5OSS0UM) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user DESKTOP-5OSS0UM\Susan SID (S-1-5-21-2205677902-1374044427-3654136016-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/22/2016 05:53:18 PM) (Source: DCOM) (EventID: 10001) (User: DESKTOP-5OSS0UM) Description: Unable to start a DCOM Server: Windows.Security.Authentication.Web.Core.BackgroundGetTokenTask.ClassId.WebAccountProvider as Unavailable/Unavailable. The error: "31" Happened while starting this command: "C:\WINDOWS\System32\BackgroundTaskHost.exe" -ServerName:BackgroundTaskHost.WebAccountProvider Error: (12/22/2016 05:50:17 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {8D8F4F83-3594-4F07-8369-FC3C3CAE4919} and APPID {F72671A9-012C-4725-9D2F-2A4D32D65169} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/22/2016 05:50:04 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/22/2016 04:56:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/22/2016 03:51:08 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/22/2016 03:41:23 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/22/2016 09:44:12 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. Error: (12/22/2016 08:09:10 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY) Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool. ==================== Memory info =========================== Processor: AMD Athlon™ Dual Core Processor 4450B Percentage of memory in use: 62% Total physical RAM: 3311.32 MB Available physical RAM: 1226.61 MB Total Virtual: 7812.4 MB Available Virtual: 3184.07 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:74.04 GB) (Free:14.74 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 74.5 GB) (Disk ID: D9C84E29) Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=74 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================

#10 Q-Bertha

Q-Bertha
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 22 December 2016 - 07:39 PM

It looked right when I previewed it but didn't when I posted it.

#11 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 AM

Posted 23 December 2016 - 08:37 AM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Using a pure Text Editor I was able to see the Carriage Return after each line but NO Line Feed.
I edited the log and this is all I can suggest you remove with this fix.

p.s.
Are you using Notepad or some other Editor?
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSS&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869 SearchScopes:
hxxp://nortonsafe.search.ask.com/web?q={SEARCHTERMS}&o=APN10506&l=dis&prt=IDSS&chn=retail&geo=US&ver=2014&locale=en_US&gct=kwd&qsrc=2869 Toolbar:
HKU\S-1-5-21-2205677902-1374044427-3654136016-1001 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File Toolbar:
HKU\S-1-5-21-2205677902-1374044427-3654136016-1002 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File FireFox: ======== FF Plugin:
CHR Extension: (Chrome Web Store Payments) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda
CHR Extension: (Chrome Media Router) - C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm

Reboot:

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Run this cleaning tool.

Temporarily disable your AV program so it does not interfere.
Info on how to disable your security applications How To Temporarily Disable Your Anti-virus, Firewall And Anti-malware Programs - Security Mini-Guides.

Download Zoek tool from here

When the download appears, save to the Desktop.
On the Desktop, right-click the Zoek.exe file and select: Run as Administrator
(Give it a few seconds to appear.)

Next, copy/paste the entire script inside the code box below to the input field of Zoek:
createsrpoint;
autoclean;
emptyclsid;
emptyffcache;
FFdefaults;
emptyiecache;
iedefaults;
emptychrcache;
CHRdefaults;
emptyalltemp;
emptyfolderscheck;delete
ipconfig /flushdns;b
Now...
Close any open Browsers.
Click the Run script button, and wait. It takes a few minutes to run all the script.

When the tool finishes, the zoek-results.log is opened in Notepad.
The log is also found on the systemdrive, normally C:\
If a reboot is needed, the log is opened after the reboot.

Please attach the zoek-results.log in your reply.
===

Also, please provide an update on how the computer is behaving after running the above script.

#12 Q-Bertha

Q-Bertha
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 26 December 2016 - 09:58 PM

Zoek.exe v5.0.0.1 Updated 19-September-2016 Tool run by SheldonAdministrator on Mon 12/26/2016 at 19:53:57.90. Microsoft Windows 10 Home 10.0.14393 x86 Running in: Normal Mode Internet Access Detected Launched: C:\Users\Susan\Desktop\zoek.exe [Scan all users] [Script inserted] ==== System Restore Info ====================== 12/26/2016 8:04:57 PM Zoek.exe System Restore Point Created Successfully. ==== Reset Hosts File ====================== # Copyright © 1993-2006 Microsoft Corp. # # This is a sample HOSTS file used by Microsoft TCP/IP for Windows. # # This file contains the mappings of IP addresses to host names. Each # entry should be kept on an individual line. The IP address should # be placed in the first column followed by the corresponding host name. # The IP address and the host name should be separated by at least one # space. # # Additionally, comments (such as these) may be inserted on individual # lines or following the machine name denoted by a '#' symbol. # # For example: # # 102.54.94.97 rhino.acme.com # source server # 38.25.63.10 x.acme.com # x client host 127.0.0.1 localhost ==== Empty Folders Check ====================== C:\PROGRA~2\Comms deleted successfully C:\PROGRA~2\SoftwareDistribution deleted successfully C:\Users\Sheldon\AppData\Local\ActiveSync deleted successfully C:\Users\Sheldon (2)\AppData\Local\ActiveSync deleted successfully C:\Users\SheldonAdministrator\AppData\Local\ActiveSync deleted successfully C:\Users\SheldonAdministrator\AppData\Local\Adobe deleted successfully C:\Users\SheldonAdministrator\AppData\Local\VirtualStore deleted successfully C:\Users\Susan\AppData\Local\ActiveSync deleted successfully C:\Users\Susan\AppData\Local\VirtualStore deleted successfully ==== Deleting CLSID Registry Keys ====================== ==== Deleting CLSID Registry Values ====================== ==== Deleting Services ====================== ==== Batch Command(s) Run By Tool====================== ==== Deleting Files \ Folders ====================== C:\PROGRA~2\Package Cache deleted C:\Users\SheldonAdministrator\Desktop\4K Video Downloader.lnk deleted ==== Fake Chromium Profiles Check ====================== Fake profile C:\Users\Sheldon (2)\AppData\Local\Google\Chrome deleted ==== Chromium Look ====================== Chrome Media Router - Sheldon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm Chrome Media Router - SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm ==== Set IE to Default ====================== Old Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] No DefaultScope Set For HKCU New Values: [HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main] "Start Page"="http://go.microsoft.com/fwlink/p/?LinkId=255141" [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes] "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" ==== All HKLM and HKCU SearchScopes ====================== HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&FORM=IE8SRC HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}" HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms} HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC ==== Reset Google Chrome ====================== C:\Users\Sheldon\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Sheldon\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Preferences was reset successfully C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences was reset successfully C:\Users\Sheldon\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Sheldon\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Web Data was reset successfully C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Web Data-journal was reset successfully ==== Empty IE Cache ====================== C:\Users\Sheldon\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Sheldon\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\Sheldon (2)\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Sheldon (2)\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\Users\SheldonAdministrator\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Susan\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Susan\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully C:\Users\Sheldon\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Sheldon\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Users\Sheldon (2)\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Sheldon (2)\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\Users\SheldonAdministrator\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Susan\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully C:\Users\Susan\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully ==== Empty FireFox Cache ====================== No FireFox Profiles found ==== Empty Chrome Cache ====================== C:\Users\Sheldon\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\SheldonAdministrator\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully C:\Users\Susan\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully ==== Empty All Flash Cache ====================== No Flash Cache Found ==== Empty All Java Cache ====================== No Java Cache Found ==== C:\zoek_backup content ====================== C:\zoek_backup (files=20 folders=4 5128476 bytes) ==== Empty Temp Folders ====================== C:\WINDOWS\Temp will be emptied at reboot

#13 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 AM

Posted 27 December 2016 - 08:57 AM

How is the computer running now?

#14 Q-Bertha

Q-Bertha
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Local time:11:53 PM

Posted 30 December 2016 - 09:26 PM

After I ran the fixes , a lot of ads kept popping up and one website was extremely slow.  A gaming site I use malfunctioned miserably but now seems to be OK. The ads were showing up because all the entries in the host file  were deleted.   Do you want me to test all previous problems? When files or programs are deleted they go to the recycle bin automatically without a prompt.  When notepad asks you if you want to save a file it stays open after confirming.



#15 nasdaq

nasdaq

  • Malware Response Team
  • 39,955 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:01:53 AM

Posted 31 December 2016 - 09:37 AM



When files or programs are deleted they go to the recycle bin automatically without a prompt

This is the fix.
http://www.sevenforums.com/tutorials/60835-recycle-bin-delete-confirmation-turn-off.html

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users