Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

possible keylogger, rootkit and things get redirected to OneNote


  • Please log in to reply
8 replies to this topic

#1 snowyday

snowyday

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 03 January 2017 - 05:10 PM

 Hello,

 

I think I have a keylogger and a google redirect issue but also a bad rootkit (Windows 10). Also, sometimes tab in (browser is changed and shows  error - Bleeping Computer .  It is not a site but a appears to be a picture of the site directed to OneNote.  

 

 This happened when I tried to upload Addition.txt and click post new topic.  

 

I am posting this from a different PC and had to move it onto a flash drive.  (more description at end of post)

 

I tried running a few malware apps that showed errors installing and after running showed some registry or other errors or but didn’t fix anything (except for redirect link in Hijackthis for a redirect link.)  I know a little but enough to not fix anything.  Not sure if this was when going to a site on my browser (tried chrome and edge).   Was originally running Webroot instead of Kaspersky (my usual) on this new machine.

 

Dell Inspiron with touchscreen

Windows 10 (64 bit)

 

Spybot Search & Destroy 2 (2.4)  (Teamspybot

Malware bytes (originally ran free 2.x version)

 

Symptoms or strange things:

1)      Saw my cursor move on its own, or the screen would blink when trying to click then type, wasn’t allowed to go to certain sites.  Or clicking certain items including Malwarebytes drives to scan for (rootkits). Sometimes the touch screen would work.

2)      So I first ran HijackThis (first showed error that it cannot access the hosts file, then  that could not be fixed (by me). (search)

3)      Then tried spybot2.4 and it also showed some errors things missing but will be on install and created Teamspybot2016….. cab files and other strange directories like $SysReset and $RecycleBin. 

4)      Tried MalwareBytes and it too had an error error with the install but also found some errors in the registry.  Also for the rootkit scan the mouse click (touchpad) would not let me select any directories but the touch screen did sometimes.

5)      The firewall rules had several things changed to Public and some entries like @{Microsoft Cloud experience…)

6)      My OneNote directory showed a duplicate OneNoteTemp directory

7)      A directory on Onedrive that originally had word files had pictures and java script files (directory renamed with 562 words appended to the name).

8)      Process list with blank names or of task manager show ?  filesname/PID owner, path etc.

Probably, too much info but I saved logs from HijackThis and Malwarebytpes, firewall list and screen capture of things like the process list, etc.

 

I REALLY appreciate your help with this. 

 

Below is the output from the FARBAR tool files:

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 01-01-2017
Ran by arose (administrator) on DESKTOP-HJKAOCL (03-01-2017 14:00:40)
Running from C:\Users\arose\Desktop
Loaded Profiles: arose (Available Profiles: arose)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.1.40.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgentUserBroker.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Trend Micro Inc.) C:\Users\arose\Downloads\HijackThis.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFS.Common.Agent.exe
(Microsoft Corporation) C:\Windows\System32\smartscreen.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
(Microsoft Corporation) C:\Users\arose\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\FileCoAuth.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
() C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1612.3341.0_x64__8wekyb3d8bbwe\Calculator.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_11610.1001.23.0_x64__8wekyb3d8bbwe\WinStore.App.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8850688 2016-02-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-02-26] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3885616 2016-03-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES/MALWAREBYTES/ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\Run: [RESTART_STICKY_NOTES] => C:\Windows\system32\StikyNot.exe
HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\Run: [HijackThis startup scan] => C:\Users\arose\Downloads\HijackThis.exe [388608 2016-12-27] (Trend Micro Inc.)
HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2016-12-28]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.)
Startup: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2016-12-16]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{527f76e7-5ae5-4321-b6ca-06e0ab9380c1}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1860959292-1840385675-445126456-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-1860959292-1840385675-445126456-1001 -> DefaultScope {18742D42-B55E-4816-90CB-A471EFB36AFB} URL = 
SearchScopes: HKU\S-1-5-21-1860959292-1840385675-445126456-1001 -> {18742D42-B55E-4816-90CB-A471EFB36AFB} URL = 
SearchScopes: HKU\S-1-5-21-1860959292-1840385675-445126456-1001 -> {DBD9A388-AC99-4F1C-A633-1B6C2A0563B0} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-03] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-03] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-03] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-06] (Oracle Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-03] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-06] (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-03] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-1860959292-1840385675-445126456-1001 -> hxxp://www.bing.com/
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-03] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-03] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.malwarebytes.com/","view-source:chrome://chrome/settings/","hxxps://www.google.com.mx/"
CHR DefaultSearchURL: Default -> hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_chr_syc_oracle&type=default
CHR DefaultSearchKeyword: Default -> Yahoo
CHR DefaultSuggestURL: Default -> hxxps://search.yahoo.com/sugg/ie?output=fxjson&command={searchTerms}&nResults=10
CHR Profile: C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default [2017-01-03]
CHR Extension: (Google Slides) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-19]
CHR Extension: (Google Docs) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-20]
CHR Extension: (Google Drive) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-20]
CHR Extension: (YouTube) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-20]
CHR Extension: (Google Sheets) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-19]
CHR Extension: (Google Docs Offline) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-20]
CHR Extension: (Webroot Password Manager) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ngkhgikojglcgnckopipfdajaifmmnnc [2016-12-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-19]
CHR Extension: (Gmail) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-20]
CHR Extension: (Chrome Media Router) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eoalfhodgifhbkgmbbdafcihjpdldpll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESMService; c:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3715208 2015-09-30] (Intel Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3698888 2016-12-04] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [603256 2016-03-07] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-09] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2016-11-30] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [78672 2016-09-13] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [228216 2016-01-21] (Dell Inc.)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19424 2015-11-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [354936 2016-03-07] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
R3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-07-06] (Intel Corporation) [File not signed]
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
S2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-07-06] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2016-01-21] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-06-23] ()
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-26] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-06-23] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-05] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation)
R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77408 2017-01-03] ()
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54272 2015-09-21] (Intel Corporation)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [47928 2015-11-04] (Intel)
S3 iaLPSS2_SPI; C:\WINDOWS\System32\drivers\iaLPSS2_SPI.sys [152376 2016-01-22] (Intel Corporation)
S3 iaLPSS2_UART2; C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [281400 2016-01-22] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [201808 2016-02-11] (Intel® Corporation)
R3 IntcOED; C:\WINDOWS\System32\drivers\IntcOED.sys [623184 2016-02-11] (Intel® Corporation)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [135992 2015-11-04] (Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [71992 2015-11-09] (Intel)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2016-12-30] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-01-03] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-03] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-03] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-03] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6722320 2016-01-11] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7235344 2016-07-18] (Intel Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)
R3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3093760 2015-12-17] (Realtek Semiconductor Corp.)
S3 rtux64w10; C:\WINDOWS\System32\drivers\rtux64w10.sys [343808 2015-12-22] (Realtek                                                                )
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [31280 2015-04-14] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-03 14:00 - 2017-01-03 14:00 - 00024671 _____ C:\Users\arose\Desktop\FRST.txt
2017-01-03 14:00 - 2017-01-03 14:00 - 00000000 ____D C:\FRST
2017-01-03 13:59 - 2017-01-03 13:59 - 02418176 _____ (Farbar) C:\Users\arose\Desktop\FRST64.exe
2017-01-03 13:56 - 2017-01-03 13:56 - 02418176 _____ (Farbar) C:\Users\arose\Downloads\FRST64.exe
2017-01-02 17:12 - 2017-01-02 17:12 - 00060627 _____ C:\Users\arose\OneDrive\Documents\listofservices.txt
2017-01-02 15:33 - 2017-01-02 15:33 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-12-30 13:53 - 2017-01-03 11:29 - 00000000 ____D C:\WINDOWS\pss
2016-12-30 13:53 - 2017-01-02 15:29 - 06024406 _____ C:\WINDOWS\ntbtlog.txt
2016-12-30 13:26 - 2016-12-30 13:26 - 00001539 _____ C:\Users\arose\Desktop\pot.txt
2016-12-30 12:31 - 2017-01-03 12:42 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-30 12:31 - 2017-01-03 12:42 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-30 12:31 - 2017-01-03 12:42 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-30 12:31 - 2016-12-30 12:31 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-30 12:31 - 2016-12-30 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-30 12:30 - 2017-01-03 12:41 - 00077408 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-30 12:30 - 2016-12-30 12:30 - 54199488 _____ (Malwarebytes ) C:\Users\arose\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-29 18:35 - 2017-01-03 12:42 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-29 18:35 - 2016-12-30 12:31 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-12-29 18:35 - 2016-12-30 12:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-29 18:35 - 2016-12-30 12:22 - 00000000 ____D C:\Users\arose\Desktop\mbar
2016-12-29 18:35 - 2016-12-30 12:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-29 18:34 - 2016-12-29 18:35 - 16563352 _____ (Malwarebytes Corp.) C:\Users\arose\Downloads\mbar-1.09.3.1001.exe
2016-12-29 18:30 - 2016-12-29 18:30 - 01472131 _____ C:\Users\arose\Downloads\vba32arkit.zip
2016-12-29 18:30 - 2016-12-29 18:30 - 00000000 ____D C:\Users\arose\Downloads\vba32arkit
2016-12-29 18:28 - 2016-12-29 18:29 - 05659917 _____ (Swearware) C:\Users\arose\Downloads\ComboFix.exe
2016-12-29 18:18 - 2016-12-29 18:18 - 00001462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-12-29 18:18 - 2016-12-29 18:18 - 00001450 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-12-29 18:18 - 2016-12-29 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-12-29 18:18 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-12-29 18:17 - 2016-12-29 18:18 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\arose\Downloads\spybot-2.4.exe
2016-12-29 18:16 - 2016-12-29 18:16 - 07617712 _____ C:\Users\arose\Downloads\spybotsd_includes.exe
2016-12-29 17:56 - 2016-12-29 17:56 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-12-29 17:24 - 2015-10-30 02:21 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20161229-172415.backup
2016-12-29 17:02 - 2016-12-29 17:02 - 00000000 ____D C:\Users\arose\AppData\Local\lptmp482903920
2016-12-29 17:02 - 2016-12-29 17:02 - 00000000 ____D C:\Users\arose\AppData\Local\lptmp407641572
2016-12-29 17:00 - 2015-10-30 02:21 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20161229-170020.backup
2016-12-29 16:18 - 2016-12-29 16:18 - 00322762 _____ C:\Users\arose\Desktop\TeamSpybot-20161229-161858.cab
2016-12-29 16:10 - 2016-12-29 16:10 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-29 16:10 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-12-29 16:06 - 2016-12-29 14:54 - 00041895 _____ C:\Users\arose\OneDrive\Documents\spybotloginfo.txt
2016-12-29 16:06 - 2016-12-29 05:24 - 00000136 _____ C:\Users\arose\OneDrive\Documents\Rootkits.161229-0524.log
2016-12-29 16:06 - 2016-12-29 05:22 - 00041895 _____ C:\Users\arose\OneDrive\Documents\Updates.log
2016-12-29 16:06 - 2016-12-29 05:20 - 00122409 _____ C:\Users\arose\OneDrive\Documents\Scanner.log
2016-12-29 16:06 - 2016-12-29 05:19 - 00001012 _____ C:\Users\arose\OneDrive\Documents\RootkitQuickScan.log
2016-12-29 16:06 - 2016-12-29 05:17 - 00000310 _____ C:\Users\arose\OneDrive\Documents\Firewall.log
2016-12-29 16:05 - 2016-12-29 16:05 - 00255773 _____ C:\Users\arose\Desktop\TeamSpybot-20161229-160459.cab
2016-12-29 15:19 - 2016-12-29 15:19 - 02183459 _____ C:\Users\arose\OneDrive\Documents\systatetoreg.reg
2016-12-29 15:16 - 2016-12-29 15:16 - 00077336 _____ C:\Users\arose\OneDrive\Documents\htjlog.txt
2016-12-29 15:14 - 2016-12-29 15:14 - 00438736 _____ C:\Users\arose\OneDrive\Documents\spyd2bot.txt
2016-12-29 05:19 - 2016-12-29 05:19 - 00000000 ____D C:\Users\arose\OneDrive\Documents\ProcAlyzer Dumps
2016-12-29 05:17 - 2016-12-29 18:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-12-29 05:17 - 2016-12-29 18:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-12-29 05:17 - 2016-12-29 05:17 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-12-29 04:55 - 2016-12-29 04:55 - 00001253 _____ C:\Users\arose\OneDrive\Documents\Keyloggerresults1229.htm
2016-12-29 04:50 - 2016-12-29 04:50 - 00613868 _____ C:\Users\arose\Downloads\inst_antispy.exe
2016-12-29 03:06 - 2016-12-29 17:41 - 00075604 _____ C:\Users\arose\Downloads\startuplist.txt
2016-12-29 02:59 - 2016-12-29 02:59 - 00013731 _____ C:\Users\arose\Downloads\hijackthis2
2016-12-29 01:37 - 2016-12-29 01:37 - 01227938 _____ C:\Users\arose\OneDrive\Documents\motoradiosol.docx
2016-12-29 01:36 - 2016-12-29 01:37 - 01227936 _____ C:\Users\arose\OneDrive\Documents\http.docx
2016-12-29 00:50 - 2016-12-29 00:50 - 00001212 _____ C:\Users\arose\Desktop\third.txt
2016-12-29 00:48 - 2016-12-29 00:48 - 00001203 _____ C:\Users\arose\Desktop\second.txt
2016-12-29 00:46 - 2016-12-29 00:46 - 00001043 _____ C:\Users\arose\Desktop\2ndtimembam.txt
2016-12-29 00:36 - 2016-12-29 00:36 - 00000000 ____D C:\Users\arose\AppData\Local\Programs
2016-12-29 00:36 - 2016-12-29 00:36 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-29 00:30 - 2016-12-29 00:30 - 00000000 ____D C:\Users\arose\OneDrive\Documents\ARresume
2016-12-28 18:28 - 2016-12-28 18:25 - 00034406 _____ C:\Users\arose\Audrey_Rosenthal1228.docx
2016-12-27 15:17 - 2016-12-27 15:17 - 00000000 ____D C:\ProgramData\PC-Doctor, Inc
2016-12-27 12:17 - 2016-12-27 12:17 - 00014795 _____ C:\Users\arose\Downloads\Passbook.pkpass
2016-12-27 06:20 - 2017-01-03 11:31 - 00000000 ____D C:\Users\arose\Downloads\backups
2016-12-27 05:42 - 2016-12-29 03:11 - 00013829 _____ C:\Users\arose\Downloads\hijackthis.log
2016-12-27 05:42 - 2016-12-27 05:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\arose\Downloads\HijackThis.exe
2016-12-27 04:54 - 2016-12-27 05:11 - 00000000 ____D C:\Users\arose\AppData\Roaming\Apple Computer
2016-12-27 04:54 - 2016-12-27 04:54 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-27 04:54 - 2016-12-27 04:54 - 00000000 ____D C:\Users\arose\AppData\Local\Apple Computer
2016-12-27 04:54 - 2016-12-27 04:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-27 04:54 - 2016-12-27 04:54 - 00000000 ____D C:\ProgramData\Apple Computer
2016-12-27 04:54 - 2016-12-27 04:54 - 00000000 ____D C:\Program Files\iTunes
2016-12-27 04:54 - 2016-12-27 04:54 - 00000000 ____D C:\Program Files\iPod
2016-12-26 23:18 - 2016-12-26 23:18 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-12-26 23:18 - 2016-12-26 23:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-12-26 23:18 - 2016-12-26 23:18 - 00000000 ____D C:\Users\arose\AppData\Local\Apple
2016-12-26 23:18 - 2016-12-26 23:18 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-12-26 23:17 - 2016-12-27 04:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-26 23:17 - 2016-12-26 23:18 - 00000000 ____D C:\ProgramData\Apple
2016-12-26 23:17 - 2016-12-26 23:17 - 00000000 ____D C:\Program Files\Bonjour
2016-12-26 23:17 - 2016-12-26 23:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-12-26 23:16 - 2016-12-26 23:16 - 177044296 _____ (Apple Inc.) C:\Users\arose\Downloads\iTunes6464Setup.exe
2016-12-26 16:15 - 2016-12-26 16:15 - 00085651 _____ C:\Users\arose\Downloads\Nov10citation.pdf
2016-12-25 13:30 - 2016-12-25 13:30 - 01129066 _____ C:\Users\arose\Downloads\football.jpg
2016-12-25 13:29 - 2016-12-25 13:29 - 00217134 _____ C:\Users\arose\Downloads\hockey.jpg
2016-12-25 13:18 - 2016-12-25 13:18 - 00420777 _____ C:\Users\arose\Downloads\IMG_0828.JPG
2016-12-25 13:17 - 2016-12-25 13:17 - 02245151 _____ C:\Users\arose\Downloads\IMG_1464.JPG
2016-12-25 13:16 - 2016-12-25 13:16 - 00247534 _____ C:\Users\arose\Downloads\IMG_1583.JPG
2016-12-25 12:59 - 2016-12-25 12:59 - 00409663 _____ C:\Users\arose\Downloads\boat.JPG
2016-12-25 12:43 - 2016-12-25 12:43 - 00447272 _____ C:\Users\arose\Downloads\IMG_3656.JPG
2016-12-24 03:40 - 2016-12-24 03:40 - 00060533 _____ C:\Users\arose\OneDrive\Documents\stuffandlist.txt
2016-12-24 02:56 - 2016-12-24 02:56 - 00990464 _____ (Webroot) C:\Users\arose\Downloads\wsabbs2 (2).exe
2016-12-23 00:48 - 2016-12-23 00:48 - 00114667 _____ C:\Users\arose\Downloads\securedoc_20161222T225739.html
2016-12-21 12:44 - 2016-12-21 12:44 - 02130825 _____ C:\Users\arose\Downloads\US8126494.pdf
2016-12-21 12:27 - 2016-12-21 12:27 - 00588755 _____ C:\Users\arose\Downloads\Tenor_Call_Routing.pdf
2016-12-19 22:37 - 2016-12-19 22:37 - 00209974 _____ C:\Users\arose\Downloads\CEE_ResidentialClothesWasherSpec_07Mar2015.pdf
2016-12-19 20:44 - 2016-12-19 20:44 - 00024765 _____ C:\Users\arose\Downloads\histanlum1.xls
2016-12-19 20:33 - 2016-12-19 20:33 - 00024765 _____ C:\Users\arose\Downloads\histanlum.xls
2016-12-19 16:47 - 2016-12-29 17:02 - 00000000 ____D C:\Users\arose\AppData\Local\lptmp
2016-12-19 16:47 - 2016-12-28 18:19 - 00000000 ____D C:\Users\arose\AppData\LocalLow\LastPass
2016-12-19 16:45 - 2016-12-19 16:45 - 00000000 ____D C:\Program Files (x86)\wes
2016-12-19 16:37 - 2016-12-19 16:37 - 00990464 _____ (Webroot) C:\Users\arose\Downloads\wsabbs2 (1).exe
2016-12-19 16:36 - 2016-12-29 17:02 - 00000000 ____D C:\ProgramData\WRData
2016-12-19 16:35 - 2016-12-19 16:36 - 00990464 _____ (Webroot) C:\Users\arose\Downloads\wsabbs2.exe
2016-12-19 14:45 - 2016-12-19 14:45 - 1122733881 _____ C:\WINDOWS\MEMORY.DMP
2016-12-19 14:45 - 2016-12-19 14:45 - 00417636 _____ C:\WINDOWS\Minidump\121916-5328-01.dmp
2016-12-19 13:12 - 2016-12-19 14:09 - 00045568 _____ C:\Users\arose\Downloads\Secured Promissory Note (2).DOC
2016-12-18 22:04 - 2016-12-18 22:04 - 00058709 _____ C:\Users\arose\Downloads\holocaust-memorial.jpg
2016-12-18 21:58 - 2016-12-18 21:58 - 00193774 _____ C:\Users\arose\Downloads\holocaust-memorial-adela-.jpg
2016-12-17 13:53 - 2016-12-17 13:53 - 00805348 _____ C:\Users\arose\Downloads\EN-05-10064.pdf
2016-12-17 13:51 - 2016-12-17 13:51 - 00682687 _____ C:\Users\arose\Downloads\SSA-7004.pdf
2016-12-16 17:32 - 2016-12-16 17:32 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-16 17:32 - 2016-12-16 17:32 - 00000000 ___HD C:\OneDriveTemp
2016-12-16 17:08 - 2016-12-16 17:08 - 00096768 _____ C:\Users\arose\Downloads\2012febcv-felicia_waldman-english-website-march-2012.doc
2016-12-16 00:55 - 2016-12-16 00:55 - 00000487 _____ C:\Users\arose\Downloads\PGP.sig
2016-12-16 00:54 - 2016-12-16 00:54 - 00126971 _____ C:\Users\arose\OneDrive\Documents\Jacob Pearlman MCSP Essay.docx
2016-12-16 00:37 - 2016-12-16 00:37 - 00000000 ____D C:\Users\arose\OneDrive\Documents\OneNote Notebooks
2016-12-15 22:10 - 2016-12-11 18:56 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-15 22:10 - 2016-12-11 18:56 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-15 20:34 - 2016-12-15 20:34 - 00114666 _____ C:\Users\arose\Downloads\securedoc_20161214T225153.html
2016-12-14 11:43 - 2016-12-09 04:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 11:42 - 2016-12-09 05:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 11:42 - 2016-12-09 05:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 11:42 - 2016-12-09 05:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 11:42 - 2016-12-09 05:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 11:42 - 2016-12-09 05:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 11:42 - 2016-12-09 04:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 11:42 - 2016-12-09 04:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 11:42 - 2016-12-09 04:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 11:42 - 2016-12-09 04:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-14 11:42 - 2016-12-09 04:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 11:42 - 2016-12-09 04:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 11:42 - 2016-12-09 04:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 11:42 - 2016-12-09 04:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 11:42 - 2016-12-09 04:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 11:42 - 2016-12-09 04:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-14 11:42 - 2016-12-09 04:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 11:42 - 2016-12-09 04:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-14 11:42 - 2016-12-09 04:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 11:42 - 2016-12-09 04:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 11:42 - 2016-12-09 04:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 11:42 - 2016-12-09 04:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 11:42 - 2016-12-09 04:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-14 11:42 - 2016-12-09 04:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 11:42 - 2016-12-09 04:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-14 11:42 - 2016-12-09 04:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 11:42 - 2016-12-09 04:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 11:42 - 2016-12-09 04:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 11:42 - 2016-12-09 04:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 11:42 - 2016-12-09 04:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 11:42 - 2016-12-09 04:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 11:42 - 2016-12-09 04:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 11:42 - 2016-12-09 04:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-14 11:42 - 2016-12-09 04:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 11:42 - 2016-12-09 04:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-14 11:42 - 2016-12-09 04:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-14 11:42 - 2016-12-09 04:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 11:42 - 2016-12-09 04:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 11:42 - 2016-12-09 04:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 11:42 - 2016-12-09 04:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 11:42 - 2016-12-09 03:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 11:36 - 2016-12-09 05:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 11:36 - 2016-12-09 05:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 11:36 - 2016-12-09 05:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 11:36 - 2016-12-09 05:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 11:36 - 2016-12-09 05:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 11:36 - 2016-12-09 05:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 11:36 - 2016-12-09 04:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 11:36 - 2016-12-09 04:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 11:36 - 2016-12-09 04:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 11:36 - 2016-12-09 04:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 11:36 - 2016-12-09 04:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 11:36 - 2016-12-09 04:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 11:36 - 2016-12-09 04:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 11:36 - 2016-12-09 04:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 11:36 - 2016-12-09 04:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 11:36 - 2016-12-09 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 11:36 - 2016-12-09 04:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 11:36 - 2016-12-09 04:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 11:36 - 2016-12-09 04:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 11:36 - 2016-12-09 04:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 11:35 - 2016-12-09 05:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 11:35 - 2016-12-09 05:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 11:35 - 2016-12-09 05:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 11:35 - 2016-12-09 05:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 11:35 - 2016-12-09 05:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 11:35 - 2016-12-09 05:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 11:35 - 2016-12-09 05:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 11:35 - 2016-12-09 05:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 11:35 - 2016-12-09 05:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 11:35 - 2016-12-09 05:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 11:35 - 2016-12-09 05:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 11:35 - 2016-12-09 05:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 11:35 - 2016-12-09 05:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 11:35 - 2016-12-09 05:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 11:35 - 2016-12-09 05:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 11:35 - 2016-12-09 05:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 11:35 - 2016-12-09 05:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 11:35 - 2016-12-09 05:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 11:35 - 2016-12-09 05:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 11:35 - 2016-12-09 05:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 11:35 - 2016-12-09 05:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 11:35 - 2016-12-09 05:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 11:35 - 2016-12-09 05:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 11:35 - 2016-12-09 05:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 11:35 - 2016-12-09 05:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 11:35 - 2016-12-09 05:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-14 11:35 - 2016-12-09 04:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 11:35 - 2016-12-09 04:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 11:35 - 2016-12-09 04:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 11:35 - 2016-12-09 04:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 11:35 - 2016-12-09 04:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 11:35 - 2016-12-09 04:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 11:35 - 2016-12-09 04:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 11:35 - 2016-12-09 04:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 11:35 - 2016-12-09 04:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 11:35 - 2016-12-09 04:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 11:35 - 2016-12-09 04:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 11:35 - 2016-12-09 04:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 11:35 - 2016-12-09 04:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 11:35 - 2016-12-09 04:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 11:35 - 2016-12-09 04:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 11:35 - 2016-12-09 04:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 11:35 - 2016-12-09 04:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 11:35 - 2016-12-09 04:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 11:35 - 2016-12-09 04:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 11:35 - 2016-12-09 04:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 11:35 - 2016-12-09 04:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 11:35 - 2016-12-09 04:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 11:35 - 2016-12-09 04:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 11:35 - 2016-12-09 04:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 11:35 - 2016-12-09 04:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 11:35 - 2016-12-09 04:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-13 23:31 - 2016-12-13 23:31 - 00172750 _____ C:\Users\arose\Downloads\prr-reforms-memo-final.pdf
2016-12-13 23:24 - 2016-12-13 23:25 - 00452252 _____ C:\Users\arose\Downloads\FAQs_for_HCSB_Site.pdf
2016-12-13 22:33 - 2016-12-13 22:33 - 01590661 _____ C:\Users\arose\Downloads\UImanual.pdf
2016-12-13 22:31 - 2016-12-13 22:33 - 00388324 _____ C:\Users\arose\Downloads\UI Online - Doc_20161213223054.pdf
2016-12-13 22:31 - 2016-12-13 22:31 - 00049133 _____ C:\Users\arose\Downloads\UI Online - Doc_20161213223114.pdf
2016-12-12 21:38 - 2016-12-12 21:38 - 00074584 _____ C:\Users\arose\Downloads\untitled.pdf
2016-12-12 19:30 - 2016-12-12 19:30 - 04663534 _____ C:\Users\arose\Downloads\NY65-74_CR_027_0704.pdf
2016-12-12 18:56 - 2016-12-12 18:56 - 00053808 _____ C:\Users\arose\Downloads\Elie%20Wiesel%209.jpg
2016-12-12 15:11 - 2016-12-12 15:11 - 00621544 _____ C:\Users\arose\Downloads\1016000A.rtf
2016-12-12 15:08 - 2016-12-12 15:08 - 00461312 _____ C:\Users\arose\Downloads\Family Tree Dec 2007.vsd
2016-12-12 14:47 - 2016-12-12 14:47 - 00016887 _____ C:\Users\arose\OneDrive\Documents\technol.docx
2016-12-12 13:10 - 2016-12-12 13:10 - 00151129 _____ C:\Users\arose\Downloads\ea-12-16.xlsx
2016-12-12 13:10 - 2016-12-12 13:10 - 00122368 _____ C:\Users\arose\Downloads\ur-applicaton-and-affidavit-of-compliance.doc
2016-12-12 13:07 - 2016-12-12 13:07 - 00681984 _____ C:\Users\arose\Downloads\rpa-and-lea (3).xls
2016-12-12 13:07 - 2016-12-12 13:07 - 00681984 _____ C:\Users\arose\Downloads\rpa-and-lea (2).xls
2016-12-12 13:03 - 2016-12-12 13:03 - 00681984 _____ C:\Users\arose\Downloads\rpa-and-lea (1).xls
2016-12-12 13:03 - 2016-12-12 13:03 - 00029184 _____ C:\Users\arose\Downloads\a.doc
2016-12-12 12:43 - 2016-12-12 12:43 - 00681984 _____ C:\Users\arose\Downloads\rpa-and-lea.xls
2016-12-12 07:41 - 2016-12-12 07:41 - 00324096 _____ C:\Users\arose\Downloads\Aarti-SIP.ppt
2016-12-10 02:06 - 2016-11-11 05:22 - 00590960 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-12-10 02:06 - 2016-11-11 05:15 - 00198856 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
2016-12-10 02:06 - 2016-11-11 05:15 - 00101216 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceReactivation.dll
2016-12-10 02:06 - 2016-11-11 05:14 - 02482280 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2016-12-10 02:06 - 2016-11-11 05:14 - 02186896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2016-12-10 02:06 - 2016-11-11 05:14 - 00603488 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2016-12-10 02:06 - 2016-11-11 05:13 - 02213760 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-12-10 02:06 - 2016-11-11 05:13 - 01886344 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-12-10 02:06 - 2016-11-11 05:13 - 00352096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2016-12-10 02:06 - 2016-11-11 05:12 - 00128352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\partmgr.sys
2016-12-10 02:06 - 2016-11-11 05:08 - 00142176 _____ (Microsoft Corporation) C:\WINDOWS\system32\migisol.dll
2016-12-10 02:06 - 2016-11-11 05:03 - 01069720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2016-12-10 02:06 - 2016-11-11 05:03 - 00328008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Storage.ApplicationData.dll
2016-12-10 02:06 - 2016-11-11 05:03 - 00266544 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2016-12-10 02:06 - 2016-11-11 05:02 - 02828376 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-12-10 02:06 - 2016-11-11 05:02 - 00360040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe
2016-12-10 02:06 - 2016-11-11 05:01 - 07219672 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-12-10 02:06 - 2016-11-11 05:01 - 01859264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-12-10 02:06 - 2016-11-11 05:01 - 00637400 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-12-10 02:06 - 2016-11-11 05:00 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2016-12-10 02:06 - 2016-11-11 05:00 - 00223584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys
2016-12-10 02:06 - 2016-11-11 05:00 - 00219488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tpm.sys
2016-12-10 02:06 - 2016-11-11 04:57 - 22224480 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-12-10 02:06 - 2016-11-11 04:57 - 04130432 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-12-10 02:06 - 2016-11-11 04:57 - 01473048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2016-12-10 02:06 - 2016-11-11 04:56 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-12-10 02:06 - 2016-11-11 04:56 - 00534096 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2016-12-10 02:06 - 2016-11-11 04:56 - 00424616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2016-12-10 02:06 - 2016-11-11 04:56 - 00418952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-12-10 02:06 - 2016-11-11 04:56 - 00187520 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudStorageWizard.exe
2016-12-10 02:06 - 2016-11-11 04:56 - 00163752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RTWorkQ.dll
2016-12-10 02:06 - 2016-11-11 04:56 - 00126568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfaudiocnv.dll
2016-12-10 02:06 - 2016-11-11 04:55 - 01600624 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppobjs.dll
2016-12-10 02:06 - 2016-11-11 04:55 - 00882680 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2016-12-10 02:06 - 2016-11-11 04:55 - 00743224 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppwinob.dll
2016-12-10 02:06 - 2016-11-11 04:54 - 01418312 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
2016-12-10 02:06 - 2016-11-11 04:51 - 00454592 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2016-12-10 02:06 - 2016-11-11 04:31 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll
2016-12-10 02:06 - 2016-11-11 04:29 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2016-12-10 02:06 - 2016-11-11 04:27 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpremove.exe
2016-12-10 02:06 - 2016-11-11 04:26 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-12-10 02:06 - 2016-11-11 04:26 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2016-12-10 02:06 - 2016-11-11 04:26 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReportingCSP.dll
2016-12-10 02:06 - 2016-11-11 04:26 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\modem.sys
2016-12-10 02:06 - 2016-11-11 04:26 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2016-12-10 02:06 - 2016-11-11 04:25 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\system32\BcastDVRHelper.dll
2016-12-10 02:06 - 2016-11-11 04:25 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-12-10 02:06 - 2016-11-11 04:25 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2016-12-10 02:06 - 2016-11-11 04:25 - 00081408 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2016-12-10 02:06 - 2016-11-11 04:25 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryBroker.dll
2016-12-10 02:06 - 2016-11-11 04:24 - 00170496 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-12-10 02:06 - 2016-11-11 04:24 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2016-12-10 02:06 - 2016-11-11 04:24 - 00158720 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2016-12-10 02:06 - 2016-11-11 04:24 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepositoryClient.dll
2016-12-10 02:06 - 2016-11-11 04:24 - 00110080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 02:06 - 2016-11-11 04:24 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2016-12-10 02:06 - 2016-11-11 04:24 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2016-12-10 02:06 - 2016-11-11 04:23 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll
2016-12-10 02:06 - 2016-11-11 04:23 - 00058880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Shell.Search.UriHandler.dll
2016-12-10 02:06 - 2016-11-11 04:23 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\system32\EAMProgressHandler.dll
2016-12-10 02:06 - 2016-11-11 04:22 - 00211968 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-12-10 02:06 - 2016-11-11 04:22 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\EDPCleanup.exe
2016-12-10 02:06 - 2016-11-11 04:21 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2016-12-10 02:06 - 2016-11-11 04:21 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepsync.dll
2016-12-10 02:06 - 2016-11-11 04:21 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-12-10 02:06 - 2016-11-11 04:20 - 00641024 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2016-12-10 02:06 - 2016-11-11 04:20 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_StorageSense.dll
2016-12-10 02:06 - 2016-11-11 04:20 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2016-12-10 02:06 - 2016-11-11 04:20 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2016-12-10 02:06 - 2016-11-11 04:20 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpusersvc.dll
2016-12-10 02:06 - 2016-11-11 04:20 - 00260608 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgentUserBroker.exe
2016-12-10 02:06 - 2016-11-11 04:20 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\apprepapi.dll
2016-12-10 02:06 - 2016-11-11 04:19 - 00620544 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-12-10 02:06 - 2016-11-11 04:19 - 00495104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2016-12-10 02:06 - 2016-11-11 04:19 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdpsvc.dll
2016-12-10 02:06 - 2016-11-11 04:19 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll
2016-12-10 02:06 - 2016-11-11 04:19 - 00366080 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2016-12-10 02:06 - 2016-11-11 04:19 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 02:06 - 2016-11-11 04:19 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtSvc.dll
2016-12-10 02:06 - 2016-11-11 04:19 - 00198144 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpapisrv.dll
2016-12-10 02:06 - 2016-11-11 04:18 - 17188352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2016-12-10 02:06 - 2016-11-11 04:18 - 02084352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceFlows.DataModel.dll
2016-12-10 02:06 - 2016-11-11 04:18 - 00967168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-12-10 02:06 - 2016-11-11 04:18 - 00278016 _____ (Microsoft Corporation) C:\WINDOWS\system32\netplwiz.dll
2016-12-10 02:06 - 2016-11-11 04:17 - 01220096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscui.cpl
2016-12-10 02:06 - 2016-11-11 04:17 - 01002496 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-12-10 02:06 - 2016-11-11 04:17 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvSysprep.dll
2016-12-10 02:06 - 2016-11-11 04:16 - 01477632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsecedit.dll
2016-12-10 02:06 - 2016-11-11 04:16 - 00560128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppReadiness.dll
2016-12-10 02:06 - 2016-11-11 04:16 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
2016-12-10 02:06 - 2016-11-11 04:16 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditionUpgradeHelper.dll
2016-12-10 02:06 - 2016-11-11 04:16 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\system32\RjvMDMConfig.dll
2016-12-10 02:06 - 2016-11-11 04:15 - 00282624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-12-10 02:06 - 2016-11-11 04:15 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscinterop.dll
2016-12-10 02:06 - 2016-11-11 04:14 - 02104320 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2016-12-10 02:06 - 2016-11-11 04:14 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys
2016-12-10 02:06 - 2016-11-11 04:14 - 00615424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnprv.dll
2016-12-10 02:06 - 2016-11-11 04:14 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppnp.dll
2016-12-10 02:06 - 2016-11-11 04:13 - 00396800 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-12-10 02:06 - 2016-11-11 04:13 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcuiu.dll
2016-12-10 02:06 - 2016-11-11 04:12 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcprx.dll
2016-12-10 02:06 - 2016-11-11 04:11 - 00942080 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-12-10 02:06 - 2016-11-11 04:11 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-12-10 02:06 - 2016-11-11 04:11 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-12-10 02:06 - 2016-11-11 04:09 - 01366016 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2016-12-10 02:06 - 2016-11-11 04:09 - 00164352 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2016-12-10 02:06 - 2016-11-11 04:08 - 00539136 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2016-12-10 02:06 - 2016-11-11 04:07 - 02510848 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2016-12-10 02:06 - 2016-11-11 04:07 - 02009600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-12-10 02:06 - 2016-11-11 04:07 - 01691136 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2016-12-10 02:06 - 2016-11-11 04:07 - 00991232 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2016-12-10 02:06 - 2016-11-11 04:07 - 00347648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rascustom.dll
2016-12-10 02:06 - 2016-11-11 04:06 - 00960000 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-12-10 02:06 - 2016-11-11 04:06 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2016-12-10 02:06 - 2016-11-11 04:05 - 04136448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2016-12-10 02:06 - 2016-11-11 04:05 - 02852864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll
2016-12-10 02:06 - 2016-11-11 04:05 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2016-12-10 02:06 - 2016-11-11 04:04 - 06664192 _____ (Microsoft Corporation) C:\WINDOWS\system32\mspaint.exe
2016-12-10 02:06 - 2016-11-11 04:04 - 02800128 _____ (Microsoft Corporation) C:\WINDOWS\system32\netshell.dll
2016-12-10 02:06 - 2016-11-11 04:04 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\usercpl.dll
2016-12-10 02:06 - 2016-11-11 04:04 - 01232384 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-12-10 02:06 - 2016-11-11 04:04 - 00909312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2016-12-10 02:06 - 2016-11-11 04:04 - 00691712 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsm.dll
2016-12-10 02:06 - 2016-11-11 04:04 - 00455168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2016-12-10 02:06 - 2016-11-11 04:04 - 00389632 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2016-12-10 02:06 - 2016-11-11 04:03 - 04708864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-12-10 02:06 - 2016-11-11 04:03 - 02287616 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-12-10 02:06 - 2016-11-11 04:03 - 00842240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2016-12-10 02:06 - 2016-11-11 04:03 - 00717824 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2016-12-10 02:06 - 2016-11-11 04:03 - 00391168 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-12-10 02:06 - 2016-11-11 04:03 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkssvc.dll
2016-12-10 02:06 - 2016-11-11 04:02 - 03542016 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2016-12-10 02:06 - 2016-11-11 04:02 - 01726976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2016-12-10 02:06 - 2016-11-11 03:39 - 00484584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2016-12-10 02:06 - 2016-11-11 03:00 - 01706488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-12-10 02:06 - 2016-11-11 02:59 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-12-10 02:06 - 2016-11-11 02:54 - 00122208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\migisol.dll
2016-12-10 02:06 - 2016-11-11 02:49 - 00869848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2016-12-10 02:06 - 2016-11-11 02:49 - 00263472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Storage.ApplicationData.dll
2016-12-10 02:06 - 2016-11-11 02:49 - 00248480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2016-12-10 02:06 - 2016-11-11 02:48 - 02277248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-12-10 02:06 - 2016-11-11 02:47 - 05722832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-12-10 02:06 - 2016-11-11 02:47 - 01430720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-12-10 02:06 - 2016-11-11 02:47 - 00527880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-12-10 02:06 - 2016-11-11 02:42 - 03892864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-12-10 02:06 - 2016-11-11 02:42 - 01123912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2016-12-10 02:06 - 2016-11-11 02:42 - 00952416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-12-10 02:06 - 2016-11-11 02:42 - 00382784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2016-12-10 02:06 - 2016-11-11 02:42 - 00374448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2016-12-10 02:06 - 2016-11-11 02:42 - 00152416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RTWorkQ.dll
2016-12-10 02:06 - 2016-11-11 02:42 - 00091936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfaudiocnv.dll
2016-12-10 02:06 - 2016-11-11 02:41 - 04311736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-12-10 02:06 - 2016-11-11 02:41 - 00157536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CloudStorageWizard.exe
2016-12-10 02:06 - 2016-11-11 02:38 - 01263856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
2016-12-10 02:06 - 2016-11-11 02:28 - 01631232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2016-12-10 02:06 - 2016-11-11 02:27 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-12-10 02:06 - 2016-11-11 02:25 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2016-12-10 02:06 - 2016-11-11 02:25 - 00071168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2016-12-10 02:06 - 2016-11-11 02:24 - 00519168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ngccredprov.dll
2016-12-10 02:06 - 2016-11-11 02:24 - 00156672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BcastDVRHelper.dll
2016-12-10 02:06 - 2016-11-11 02:24 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-12-10 02:06 - 2016-11-11 02:24 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Shell.Search.UriHandler.dll
2016-12-10 02:06 - 2016-11-11 02:23 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2016-12-10 02:06 - 2016-11-11 02:23 - 00094208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepositoryClient.dll
2016-12-10 02:06 - 2016-11-11 02:22 - 00505856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2016-12-10 02:06 - 2016-11-11 02:22 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2016-12-10 02:06 - 2016-11-11 02:21 - 00332288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2016-12-10 02:06 - 2016-11-11 02:21 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-12-10 02:06 - 2016-11-11 02:21 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.BackgroundManagerPolicy.dll
2016-12-10 02:06 - 2016-11-11 02:20 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2016-12-10 02:06 - 2016-11-11 02:20 - 00306176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2016-12-10 02:06 - 2016-11-11 02:20 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgentUserBroker.exe
2016-12-10 02:06 - 2016-11-11 02:19 - 13868544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2016-12-10 02:06 - 2016-11-11 02:19 - 01755136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DeviceFlows.DataModel.dll
2016-12-10 02:06 - 2016-11-11 02:19 - 00506880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DevicePairing.dll
2016-12-10 02:06 - 2016-11-11 02:19 - 00298496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2016-12-10 02:06 - 2016-11-11 02:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepsync.dll
2016-12-10 02:06 - 2016-11-11 02:19 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\apprepapi.dll
2016-12-10 02:06 - 2016-11-11 02:18 - 02333184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WsmSvc.dll
2016-12-10 02:06 - 2016-11-11 02:18 - 01336320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsecedit.dll
2016-12-10 02:06 - 2016-11-11 02:18 - 00431616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efswrt.dll
2016-12-10 02:06 - 2016-11-11 02:18 - 00318464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2016-12-10 02:06 - 2016-11-11 02:17 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActivationManager.dll
2016-12-10 02:06 - 2016-11-11 02:17 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSManHTTPConfig.exe
2016-12-10 02:06 - 2016-11-11 02:15 - 07626752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-12-10 02:06 - 2016-11-11 02:15 - 01357824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2016-12-10 02:06 - 2016-11-11 02:15 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2016-12-10 02:06 - 2016-11-11 02:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\zipfldr.dll
2016-12-10 02:06 - 2016-11-11 02:15 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2016-12-10 02:06 - 2016-11-11 02:14 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dmenrollengine.dll
2016-12-10 02:06 - 2016-11-11 02:13 - 00499200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2016-12-10 02:06 - 2016-11-11 02:12 - 00259584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcuiu.dll
2016-12-10 02:06 - 2016-11-11 02:10 - 06109184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2016-12-10 02:06 - 2016-11-11 02:10 - 00746496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdtcprx.dll
2016-12-10 02:06 - 2016-11-11 02:09 - 05380608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2016-12-10 02:06 - 2016-11-11 02:09 - 00545280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-12-10 02:06 - 2016-11-11 02:08 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\xolehlp.dll
2016-12-10 02:06 - 2016-11-11 02:06 - 06474752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mspaint.exe
2016-12-10 02:06 - 2016-11-11 02:06 - 02362880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapRouter.dll
2016-12-10 02:06 - 2016-11-11 02:06 - 02109952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapGeocoder.dll
2016-12-10 02:06 - 2016-11-11 02:06 - 01228288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usercpl.dll
2016-12-10 02:06 - 2016-11-11 02:06 - 00400384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2016-12-10 02:06 - 2016-11-11 02:06 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxclu.dll
2016-12-10 02:06 - 2016-11-11 02:05 - 04423680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-12-10 02:06 - 2016-11-11 02:05 - 03370496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2016-12-10 02:06 - 2016-11-11 02:04 - 02682880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netshell.dll
2016-12-10 02:06 - 2016-11-11 02:04 - 01992704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-12-10 02:06 - 2016-11-11 02:04 - 01595392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-12-10 02:06 - 2016-11-11 02:04 - 00912896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2016-12-10 02:06 - 2016-11-11 02:04 - 00715264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2016-12-10 02:06 - 2016-11-11 02:04 - 00358912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2016-12-10 02:06 - 2016-11-11 02:03 - 02484736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gameux.dll
2016-12-10 02:06 - 2016-11-11 02:03 - 02256384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-12-10 02:06 - 2016-11-11 02:03 - 01576448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2016-12-10 02:06 - 2016-11-11 02:03 - 01556480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2016-12-10 02:06 - 2016-11-11 02:03 - 00760832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2016-12-10 02:06 - 2016-11-11 02:03 - 00565248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
2016-12-10 02:06 - 2016-11-11 02:02 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2016-12-10 02:05 - 2016-11-11 04:59 - 00433504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdbss.sys
2016-12-10 02:05 - 2016-11-11 04:56 - 04673304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-12-10 02:05 - 2016-11-11 04:28 - 00043008 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-12-10 02:05 - 2016-11-11 04:28 - 00040960 _____ (Microsoft Corporation) C:\WINDOWS\system32\CbtBackgroundManagerPolicy.dll
2016-12-10 02:05 - 2016-11-11 04:27 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe
2016-12-10 02:05 - 2016-11-11 04:25 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2016-12-10 02:05 - 2016-11-11 04:25 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2016-12-10 02:05 - 2016-11-11 04:24 - 00136192 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2016-12-10 02:05 - 2016-11-11 04:23 - 00567296 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicePairing.dll
2016-12-10 02:05 - 2016-11-11 04:22 - 00489472 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-12-10 02:05 - 2016-11-11 04:22 - 00082944 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2016-12-10 02:05 - 2016-11-11 04:21 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2016-12-10 02:05 - 2016-11-11 04:21 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\vpnike.dll
2016-12-10 02:05 - 2016-11-11 04:21 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2016-12-10 02:05 - 2016-11-11 04:20 - 00657920 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasmans.dll
2016-12-10 02:05 - 2016-11-11 04:20 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\efswrt.dll
2016-12-10 02:05 - 2016-11-11 04:20 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2016-12-10 02:05 - 2016-11-11 04:20 - 00125952 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupugc.exe
2016-12-10 02:05 - 2016-11-11 04:20 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\IdCtrls.dll
2016-12-10 02:05 - 2016-11-11 04:19 - 09131008 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-12-10 02:05 - 2016-11-11 04:19 - 00388096 _____ (Microsoft Corporation) C:\WINDOWS\system32\zipfldr.dll
2016-12-10 02:05 - 2016-11-11 04:16 - 02716672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmSvc.dll
2016-12-10 02:05 - 2016-11-11 04:15 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSManHTTPConfig.exe
2016-12-10 02:05 - 2016-11-11 04:14 - 07654400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2016-12-10 02:05 - 2016-11-11 04:13 - 07812096 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2016-12-10 02:05 - 2016-11-11 04:11 - 00096256 _____ (Microsoft Corporation) C:\WINDOWS\system32\umpoext.dll
2016-12-10 02:05 - 2016-11-11 04:07 - 03441152 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapRouter.dll
2016-12-10 02:05 - 2016-11-11 04:07 - 02953216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapGeocoder.dll
2016-12-10 02:05 - 2016-11-11 04:07 - 01060864 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2016-12-10 02:05 - 2016-11-11 04:06 - 03400192 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncCenter.dll
2016-12-10 02:05 - 2016-11-11 04:05 - 01779712 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-12-10 02:05 - 2016-11-11 04:05 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2016-12-10 02:05 - 2016-11-11 04:04 - 02611200 _____ (Microsoft Corporation) C:\WINDOWS\system32\gameux.dll
2016-12-10 02:05 - 2016-11-11 04:04 - 02317312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-12-10 02:05 - 2016-11-11 04:04 - 01709056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2016-12-10 02:05 - 2016-11-11 04:03 - 02669056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-12-10 02:05 - 2016-11-11 04:03 - 00905216 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2016-12-10 02:05 - 2016-11-11 04:03 - 00632320 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
2016-12-10 02:05 - 2016-11-11 04:02 - 00936448 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2016-12-10 02:05 - 2016-11-11 03:01 - 02206496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2016-12-10 02:05 - 2016-11-11 03:01 - 01969912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2016-12-10 02:05 - 2016-11-11 03:01 - 00167848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscapi.dll
2016-12-10 02:05 - 2016-11-11 02:42 - 20969928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-12-10 02:05 - 2016-11-11 02:27 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetCfgNotifyObjectHost.exe
2016-12-10 02:05 - 2016-11-11 02:26 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgentc.exe
2016-12-10 02:05 - 2016-11-11 02:19 - 00364544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-12-10 02:05 - 2016-11-11 02:19 - 00114176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\setupugc.exe
2016-12-10 02:05 - 2016-11-11 02:18 - 01196544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscui.cpl
2016-12-10 02:05 - 2016-11-11 02:18 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wscinterop.dll
2016-12-10 02:05 - 2016-11-11 02:16 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-12-10 02:05 - 2016-11-11 02:03 - 00772608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2016-12-09 16:19 - 2016-12-09 16:19 - 00095699 _____ C:\Users\arose\Downloads\ROSENTHAL - 1624682 REVISED DEED (2).pdf
2016-12-09 16:18 - 2016-12-09 16:18 - 00095699 _____ C:\Users\arose\Downloads\ROSENTHAL - 1624682 REVISED DEED.pdf
2016-12-09 16:18 - 2016-12-09 16:18 - 00095699 _____ C:\Users\arose\Downloads\ROSENTHAL - 1624682 REVISED DEED (1).pdf
2016-12-09 12:55 - 2016-12-09 12:55 - 00018102 _____ C:\Users\arose\Downloads\DisclosureStatement (3).pdf
2016-12-09 12:53 - 2016-12-09 12:53 - 00018102 _____ C:\Users\arose\Downloads\DisclosureStatement (2).pdf
2016-12-09 12:52 - 2016-12-09 12:52 - 00018115 _____ C:\Users\arose\Downloads\DisclosureStatement (1).pdf
2016-12-09 12:52 - 2016-12-09 12:52 - 00018102 _____ C:\Users\arose\Downloads\DisclosureStatement.pdf
2016-12-09 12:49 - 2016-12-09 12:49 - 00300362 _____ C:\Users\arose\Downloads\71682649.pdf
2016-12-09 11:04 - 2016-12-09 11:04 - 00042465 _____ C:\Users\arose\Downloads\ChildSupport20161205.pdf
2016-12-09 10:36 - 2016-12-09 10:36 - 02236044 _____ C:\Users\arose\Downloads\Stipulation on Temp Orders signed 7-19-16 (3).pdf
2016-12-09 10:30 - 2016-12-09 10:30 - 01892559 _____ C:\Users\arose\Downloads\Letter to client encl. 7-28-16 (1).pdf
2016-12-09 01:13 - 2016-12-09 01:13 - 00088281 _____ C:\Users\arose\Downloads\IT-Support-Engineer-WashingtonDC.docx
2016-12-08 17:10 - 2016-12-08 17:10 - 00024533 _____ C:\Users\arose\Downloads\ps (5).xls
2016-12-08 17:10 - 2016-12-08 17:10 - 00024533 _____ C:\Users\arose\Downloads\ps (4).xls
2016-12-08 17:09 - 2016-12-08 17:09 - 00024533 _____ C:\Users\arose\Downloads\ps (3).xls
2016-12-08 16:57 - 2016-12-08 16:57 - 00024533 _____ C:\Users\arose\Downloads\ps (2).xls
2016-12-08 16:56 - 2016-12-08 16:56 - 00024533 _____ C:\Users\arose\Downloads\ps (1).xls
2016-12-06 04:55 - 2016-12-06 04:55 - 00065177 _____ C:\Users\arose\Downloads\GPSupp.pdf
2016-12-06 04:50 - 2016-12-06 04:50 - 00047536 _____ C:\Users\arose\Downloads\GPStockfiling.pdf
2016-12-06 04:40 - 2016-12-06 04:40 - 00032940 _____ C:\Users\arose\Downloads\GPannual.pdf
2016-12-06 04:33 - 2016-12-06 04:33 - 00143376 _____ C:\Users\arose\Downloads\UCC1_5_02.pdf
2016-12-06 04:29 - 2016-12-06 04:29 - 00116386 _____ C:\Users\arose\Downloads\tdrcorp.pdf
2016-12-06 04:26 - 2016-12-06 04:26 - 00017913 _____ C:\Users\arose\Downloads\201296116400_2.pdf
2016-12-06 04:25 - 2016-12-06 04:25 - 00017913 _____ C:\Users\arose\Downloads\201296116400_1.pdf
2016-12-06 04:14 - 2016-12-06 04:14 - 00088416 _____ C:\Users\arose\Downloads\LExus.pdf
2016-12-06 04:06 - 2016-12-06 04:06 - 00000000 ____D C:\Users\arose\AppData\Local\YSearchUtil
2016-12-06 04:04 - 2016-12-06 04:04 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2016-12-06 04:04 - 2016-12-06 04:04 - 00000000 ____D C:\Users\arose\AppData\Roaming\Sun
2016-12-06 04:04 - 2016-12-06 04:04 - 00000000 ____D C:\Users\arose\AppData\LocalLow\Sun
2016-12-06 04:04 - 2016-12-06 04:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-12-06 04:03 - 2016-12-06 04:43 - 00000000 ____D C:\ProgramData\Oracle
2016-12-06 04:03 - 2016-12-06 04:03 - 00000000 ____D C:\Program Files (x86)\Java
2016-12-06 03:54 - 2016-12-06 03:54 - 00737344 _____ (Oracle Corporation) C:\Users\arose\Downloads\JavaSetup8u111 (2).exe
2016-12-06 03:53 - 2016-12-06 04:00 - 00737344 _____ (Oracle Corporation) C:\Users\arose\Downloads\JavaSetup8u111.exe
2016-12-06 03:53 - 2016-12-06 03:54 - 00737344 _____ (Oracle Corporation) C:\Users\arose\Downloads\JavaSetup8u111 (1).exe
2016-12-05 21:14 - 2016-12-05 21:14 - 00024424 _____ C:\Users\arose\Downloads\RPTT Declaration of Value.pdf
2016-12-05 02:27 - 2016-12-05 02:27 - 00129331 _____ C:\Users\arose\Downloads\Causes_of_Hair_Loss__Alopecia__in_Cats.pdf
2016-12-05 00:16 - 2016-12-05 00:16 - 00190783 _____ C:\Users\arose\Downloads\tg862g_ts_r1_1.pdf
2016-12-05 00:00 - 2016-12-05 00:00 - 00000000 ____D C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-04 23:59 - 2016-12-05 00:00 - 00000000 ____D C:\Users\arose\AppData\Local\Deployment
2016-12-04 23:59 - 2016-12-04 23:59 - 00013560 _____ C:\Users\arose\Downloads\DellSystemDetectLauncher.Application
2016-12-04 23:59 - 2016-12-04 23:59 - 00000000 ____D C:\Users\arose\AppData\Local\Apps\2.0
2016-12-04 23:59 - 2016-12-04 23:59 - 00000000 ____D C:\Users\arose\AppData\Local\Apps
2016-12-04 23:06 - 2016-12-04 23:06 - 00133673 _____ C:\Users\arose\Downloads\contract.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-03 13:49 - 2016-09-26 13:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-03 12:40 - 2016-05-05 14:58 - 01548070 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-03 11:34 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-03 11:34 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-03 11:33 - 2016-11-29 06:13 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1DF9318F-08FA-4EF5-A914-221DFB179837}
2017-01-03 11:30 - 2016-09-26 13:58 - 00000000 ____D C:\Users\arose
2017-01-03 11:30 - 2016-09-26 13:57 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-03 11:30 - 2016-08-07 16:49 - 00000000 ___RD C:\Users\arose\OneDrive
2017-01-03 11:30 - 2016-08-07 16:47 - 00000000 __SHD C:\Users\arose\IntelGraphicsProfiles
2017-01-03 11:29 - 2016-09-26 14:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-03 11:29 - 2016-07-16 01:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-02 17:35 - 2016-09-04 19:06 - 00000000 ____D C:\Users\arose\AppData\Local\ElevatedDiagnostics
2016-12-30 13:53 - 2016-09-26 13:58 - 00524288 ___SH C:\Users\arose\NTUSER.DAT{50c0fc4b-8423-11e6-8a7a-9661312e1fe1}.TMContainer00000000000000000002.regtrans-ms
2016-12-30 13:53 - 2016-09-26 13:58 - 00065536 ___SH C:\Users\arose\NTUSER.DAT{50c0fc4b-8423-11e6-8a7a-9661312e1fe1}.TM.blf
2016-12-30 12:31 - 2016-07-16 06:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs
2016-12-30 12:31 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\drivers
2016-12-30 12:31 - 2015-10-30 02:24 - 00000000 __RHD C:\Users\Public\Desktop
2016-12-29 18:35 - 2016-07-16 06:47 - 00000000 ___HD C:\ProgramData
2016-12-29 18:33 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\drivers
2016-12-29 18:18 - 2016-07-16 06:47 - 00000000 ___SD C:\ProgramData\Microsoft
2016-12-29 17:58 - 2016-07-16 01:04 - 00000000 ___RD C:\Program Files
2016-12-29 17:57 - 2016-09-27 10:22 - 00037482 _____ C:\WINDOWS\PFRO.log
2016-12-29 17:38 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-12-29 17:38 - 2016-07-16 01:04 - 00000000 ____D C:\Program Files\Common Files
2016-12-29 17:38 - 2016-07-16 01:04 - 00000000 ____D C:\Program Files (x86)\Common Files
2016-12-29 17:24 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Drivers\etc
2016-12-29 17:24 - 2015-10-30 02:24 - 00453848 ____R C:\WINDOWS\system32\Drivers\etc\hosts
2016-12-29 17:07 - 2016-07-16 01:04 - 00000000 ___RD C:\Program Files (x86)
2016-12-29 17:02 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64
2016-12-29 16:19 - 2016-08-07 16:46 - 00000000 ___RD C:\Users\arose\Music
2016-12-29 05:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Tasks
2016-12-29 05:17 - 2016-07-16 01:04 - 45088768 _____ C:\WINDOWS\system32\config\COMPONENTS
2016-12-29 03:33 - 2016-07-16 06:47 - 00000000 __SHD C:\WINDOWS\Installer
2016-12-29 03:33 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-29 03:33 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-12-29 03:33 - 2016-05-05 14:58 - 00000000 __SHD C:\Config.Msi
2016-12-29 03:32 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\Microsoft.NET
2016-12-29 03:30 - 2016-05-05 15:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-12-29 00:42 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\CatRoot
2016-12-28 18:19 - 2016-07-16 06:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp
2016-12-28 12:34 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\config\RegBack
2016-12-27 12:29 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\config
2016-12-27 06:15 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-27 05:42 - 2016-08-07 16:47 - 00000000 ____D C:\Users\arose\AppData\Local\VirtualStore
2016-12-26 23:19 - 2016-09-26 13:58 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-26 23:19 - 2016-09-26 13:58 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-26 23:19 - 2016-09-26 13:58 - 00065536 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-26 23:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\catroot2
2016-12-26 23:18 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-26 23:18 - 2016-05-05 14:53 - 00000000 __SHD C:\System Volume Information
2016-12-26 23:17 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\WinSxS
2016-12-25 15:45 - 2016-09-26 13:57 - 00014186 _____ C:\WINDOWS\setupact.log
2016-12-24 04:46 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-24 04:39 - 2016-08-18 13:22 - 00000000 ____D C:\Users\arose\AppData\Local\Diagnostics
2016-12-24 04:03 - 2016-08-08 02:26 - 00007613 _____ C:\Users\arose\AppData\Local\Resmon.ResmonCfg
2016-12-19 20:33 - 2016-08-07 16:47 - 00000000 ____D C:\Users\arose\AppData\Local\Packages
2016-12-19 16:47 - 2016-08-07 16:46 - 00000000 ____D C:\Users\arose\AppData\LocalLow
2016-12-19 14:55 - 2016-05-05 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-19 14:55 - 2016-05-05 14:56 - 00000000 ____D C:\Program Files\Dell
2016-12-19 14:45 - 2016-09-27 10:22 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-17 00:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-16 22:08 - 2016-09-26 14:02 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 22:08 - 2016-09-26 14:02 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 17:32 - 2016-09-26 13:58 - 00000000 ___RD C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs
2016-12-16 17:32 - 2016-08-07 16:49 - 00002365 _____ C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-16 03:33 - 2016-07-16 06:47 - 00000000 __RSD C:\WINDOWS\assembly
2016-12-16 00:38 - 2016-08-07 16:47 - 00000000 ___RD C:\Users\arose\Searches
2016-12-16 00:37 - 2016-09-26 13:58 - 00000000 ___SD C:\Users\arose\AppData\Roaming\Microsoft
2016-12-16 00:37 - 2016-09-26 13:58 - 00000000 ____D C:\Users\arose\AppData\Local\Microsoft
2016-12-16 00:37 - 2016-08-07 16:47 - 00000000 ___RD C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup
2016-12-15 22:15 - 2016-09-26 14:02 - 00003834 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2016-12-15 22:10 - 2016-09-26 14:04 - 00000174 ___SH C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-15 22:10 - 2016-08-07 16:50 - 00000402 ___SH C:\Users\arose\OneDrive\Documents\desktop.ini
2016-12-15 22:10 - 2016-08-07 16:47 - 00000282 ___SH C:\Users\arose\Downloads\desktop.ini
2016-12-15 22:10 - 2016-08-07 16:47 - 00000282 ___SH C:\Users\arose\Desktop\desktop.ini
2016-12-15 22:10 - 2016-08-07 16:47 - 00000174 ___SH C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-15 22:10 - 2016-08-07 16:47 - 00000000 ___RD C:\Users\arose\Contacts
2016-12-15 22:10 - 2016-08-07 16:47 - 00000000 ___RD C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-15 22:10 - 2016-08-07 16:46 - 00000000 ___RD C:\Users\arose\Videos
2016-12-15 22:10 - 2016-08-07 16:46 - 00000000 ___RD C:\Users\arose\Saved Games
2016-12-15 22:10 - 2016-08-07 16:46 - 00000000 ___RD C:\Users\arose\Favorites
2016-12-15 22:10 - 2016-07-16 01:04 - 00262144 _____ C:\Users\Default\NTUSER.DAT
2016-12-15 22:10 - 2016-05-05 15:11 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-15 22:09 - 2016-09-26 13:56 - 00337064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-15 22:08 - 2016-09-26 13:56 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-15 22:08 - 2016-09-26 13:56 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\wbem
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-15 22:08 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-15 22:08 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-15 22:08 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-15 22:08 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-15 22:07 - 2016-07-16 06:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-15 22:04 - 2016-05-05 15:02 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-15 22:04 - 2016-05-05 15:02 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-14 18:46 - 2016-08-19 17:35 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 18:46 - 2016-08-19 17:35 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 14:00 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-14 13:57 - 2016-08-07 17:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 13:56 - 2016-08-07 17:08 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-12-10 01:55 - 2016-07-16 06:42 - 00180224 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2016-12-09 09:55 - 2016-12-01 11:07 - 00000000 ____D C:\Users\arose\OneDrive\Documents\ArchDocs
2016-12-08 17:15 - 2016-11-17 09:55 - 00041690 _____ C:\Users\arose\OneDrive\Documents\Collegetution201617.xlsx
2016-12-05 00:05 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\LogFiles
 
==================== Files in the root of some directories =======
 
2016-12-19 16:47 - 2016-12-28 18:19 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2016-08-08 02:26 - 2016-12-24 04:03 - 0007613 _____ () C:\Users\arose\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2016-12-28 12:34
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 01-01-2017
Ran by arose (03-01-2017 14:01:15)
Running from C:\Users\arose\Desktop
Windows 10 Home Version 1607 (X64) (2016-09-26 19:03:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1860959292-1840385675-445126456-500 - Administrator - Disabled)
arose (S-1-5-21-1860959292-1840385675-445126456-1001 - Administrator - Enabled) => C:\Users\arose
DefaultAccount (S-1-5-21-1860959292-1840385675-445126456-503 - Limited - Disabled)
Guest (S-1-5-21-1860959292-1840385675-445126456-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Up to date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Up to date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version:  - )
Canon MP600 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600) (Version:  - )
Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F127834}) (Version: 3.4.15000.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.)
Dell Help & Support (Version: 2.3.22.0 - Dell Inc.) Hidden
Dell Product Registration (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell System Detect (HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Dell Update (HKLM-x32\...\{2BE9948C-FD9C-40B0-AC04-EE2AAB4C19D4}) (Version: 1.8.1114.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.311 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1178 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® WiDi (HKLM\...\{E8A2DA8A-CA1A-4F5A-B113-6C34FCC4B6D4}) (Version: 6.0.62.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{755abcd0-2942-482b-a27d-22921a5849f0}) (Version: 3.0.14.3056 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{cf83f42d-16f2-4158-9670-e446c18f758d}) (Version: 19.1.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{3D45BD48-F215-4C69-B23F-256C83D1D7F0}) (Version: 1.0.0.534 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM\...\{D6CE0772-080E-45D4-8CB0-AB2AB9710DFE}) (Version: 1.1.28151.80 - Intel Corporation)
ISS_Drivers_x64 (Version: 3.0.14.3056 - Intel Corporation) Hidden
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7571.2075 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2075 - Microsoft Corporation) Hidden
Product Registration (Version: 3.0.123.0 - Dell Inc.) Hidden
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.35 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7751 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10240.11160 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01462C63-714C-453D-9660-B5EB07549796} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-19] (Google Inc.)
Task: {02504A27-8D43-4938-8248-F4DD43896D4A} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {0845AC6F-34D4-41F3-8FB2-F66F509409C9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {0A93B7DB-FA7D-4168-A7A0-D103554AC83D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {28DCC63A-96F0-4984-9364-F294484FAB6F} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-04] (Microsoft Corporation)
Task: {2BA73575-1006-4AC7-84B6-DD30328A921C} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
Task: {33A171B0-094E-494A-AF4B-E225294019F7} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {37B015A9-1A09-4117-9E64-ADFB272E3998} - System32\Tasks\WRU => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [2016-02-24] ()
Task: {44F6D210-2874-47EE-8D19-70D9889F9430} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {57C3AB13-8B7A-41CD-84B4-3117F1D99774} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {5C5CB8D1-F660-4554-A7EB-A6D9D9F8FF22} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {66787C2C-16F7-486C-9A65-74C1B66DCB72} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {681A0FCE-A920-4784-8EBF-4AFDCF78F8C2} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-04] (Microsoft Corporation)
Task: {7917B69E-984A-49F7-9BD1-84A143B721ED} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {83BDF2E5-01E3-4129-9808-77D13A87CECA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {8B59D9B8-02FA-427F-9F46-8CA135C32128} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-19] (Google Inc.)
Task: {9068DED5-D589-44A9-A5A6-7CA9E9FA5D47} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\arose\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {968E849C-DD24-405F-8BED-7EEDADE21BDB} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {9E707D9A-97D7-410A-A02C-2B379D9E8753} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {AEED100F-0FB1-453F-9C3D-39C58C9A3ECE} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-08] (Dropbox, Inc.)
Task: {BF397469-CBD8-470B-9756-5E513C7020B0} - System32\Tasks\WRUStartup => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [2016-02-24] ()
Task: {C21FED51-796E-4FCA-B619-5FFD760281CF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-08] (Dropbox, Inc.)
Task: {CC47158E-0D00-4C5C-9046-CE361B60B2F3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {CE94B496-E9F2-4743-AF4D-89F49BBA4D26} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-26] (Realtek Semiconductor)
Task: {CEA9FFE4-532A-4843-BC68-1FC09D2B94A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D2DEA874-3C76-454D-9B2A-4DA665D8BEA3} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-04] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 11:35 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-12-30 12:30 - 2017-01-03 12:41 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-12-30 12:30 - 2017-01-03 12:41 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-30 12:30 - 2017-01-03 12:41 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-12-14 11:35 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-16 17:31 - 2016-12-16 17:31 - 01678560 _____ () C:\Users\arose\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2016-08-12 11:38 - 2016-12-03 22:04 - 08924872 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-05-05 15:32 - 2016-03-07 07:11 - 00384120 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-26 17:54 - 2016-09-26 17:54 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-14 11:36 - 2016-12-09 04:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-09-26 14:36 - 2016-09-26 14:36 - 01573584 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.1.40.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2016-09-29 16:48 - 2016-09-29 16:51 - 00366080 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.1.40.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2016-11-10 16:46 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 16:46 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 16:53 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-10 16:54 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-10 16:53 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 16:53 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-12-14 11:45 - 2016-12-14 11:45 - 00072192 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeHost.exe
2016-12-14 11:45 - 2016-12-14 11:45 - 00179712 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkypeBackgroundTasks.dll
2016-12-14 11:45 - 2016-12-14 11:45 - 42130432 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\SkyWrap.dll
2016-12-14 11:45 - 2016-12-14 11:45 - 02216448 _____ () C:\Program Files\WindowsApps\Microsoft.SkypeApp_11.10.145.0_x64__kzf8qxf38zg5c\roottools.dll
2016-12-13 11:37 - 2016-12-13 11:37 - 03810816 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1612.3341.0_x64__8wekyb3d8bbwe\Calculator.exe
2016-12-29 18:18 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-12-29 18:18 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-12-29 18:18 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-12-29 18:18 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-12-29 18:18 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-12-16 17:31 - 2016-12-16 17:31 - 01244376 _____ () C:\Users\arose\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\ClientTelemetry.dll
2016-09-09 07:32 - 2016-09-09 07:32 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-23 18:26 - 2015-06-23 18:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2016-01-21 02:12 - 2016-01-21 02:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
2016-08-12 11:33 - 2016-12-28 18:34 - 00254152 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\IEAWSDC.DLL
2016-08-12 11:38 - 2016-12-03 20:44 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\1033\GrooveIntlResource.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7924 more sites.
 
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\123simsen.com -> www.123simsen.com
 
There are 7924 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2016-12-29 17:24 - 00453848 ____R C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15574 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1860959292-1840385675-445126456-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\arose\Desktop\wallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{F2189CC4-2B09-4B74-A9E9-8543F34D0C42}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{BB1B704B-B2C8-4485-B00C-72B65CD3C985}] => C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{BE3A050C-F3A5-4EFC-A392-CBB32401C36C}] => C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{7B082046-3446-4D08-AA07-7363A4D3B688}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{9CC0992A-0C42-46C6-B402-75CB21ECE092}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{F7933A62-770E-4FF7-9F4F-775F68E4E8DC}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{370BE607-0F16-4FAF-BC17-6C9255B77305}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BB84A170-EE1B-4989-8789-21E105ADA764}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{625E46A4-4BBC-41F8-B024-ECB06BC48267}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B400DA4F-A3DB-43DE-B3F9-9EF132C1AB70}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1DD4413D-73CD-4916-A7B3-690F34AFB1D6}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{37D9D5D8-F274-4063-9E7C-4C510EF5277D}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{46FB9571-A40A-4B16-B141-408EF2652427}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{07E49B1E-29D7-4F6E-A4E9-2E84D398B195}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2EB2EC31-D22C-4748-A07D-D0FD6DDF0747}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{C25A51B8-3CFF-47F0-976D-C1E7FF12C7E5}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
09-12-2016 03:21:39 Scheduled Checkpoint
14-12-2016 13:56:34 Windows Update
21-12-2016 16:34:17 Scheduled Checkpoint
26-12-2016 23:18:04 Installed iTunes
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/03/2017 01:54:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x23d4
Faulting application start time: 0x01d265f2cfecb80f
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 791ab5d1-9c9c-4a19-92f4-2bb558e861a0
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
Error: (01/03/2017 01:54:46 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x23d4
Faulting application start time: 0x01d265f2cfecb80f
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: bb740bb2-efcb-4987-8614-a7fc569b95f6
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
Error: (01/03/2017 01:54:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x23d4
Faulting application start time: 0x01d265f2cfecb80f
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 58285b1e-199c-4e10-8bac-56594919d302
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
Error: (01/03/2017 01:54:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x23d4
Faulting application start time: 0x01d265f2cfecb80f
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 56fc3ad9-208c-4d8f-bce9-456f0e88e3f5
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
Error: (01/03/2017 01:54:41 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x23d4
Faulting application start time: 0x01d265f2cfecb80f
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: fc00ec72-a85f-4ea6-ba47-cf6ffcf1b765
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
Error: (01/03/2017 01:54:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x23d4
Faulting application start time: 0x01d265f2cfecb80f
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 1fea438e-972c-4594-926b-b8b52c4242fd
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
Error: (01/03/2017 01:54:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x23d4
Faulting application start time: 0x01d265f2cfecb80f
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 2857d511-e9a1-4df8-995e-f11593cd930c
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
Error: (01/03/2017 01:54:38 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x23d4
Faulting application start time: 0x01d265f2cfecb80f
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 6430277a-05c1-4b65-a1fd-6165c958c110
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
Error: (01/03/2017 01:54:36 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x23d4
Faulting application start time: 0x01d265f2cfecb80f
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 524fac47-fd30-4275-9b2c-e8ced990f251
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
Error: (01/03/2017 01:54:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: microsoftedgecp.exe, version: 11.0.14393.82, time stamp: 0x57a55786
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000604
Fault offset: 0x0000000000000000
Faulting process id: 0x23d4
Faulting application start time: 0x01d265f2cfecb80f
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
Faulting module path: unknown
Report Id: 8dba7338-43cc-4e08-b924-92e9dac28d30
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
 
System errors:
=============
Error: (01/03/2017 01:29:12 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/03/2017 12:32:13 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/03/2017 12:20:35 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/03/2017 11:34:18 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: Microsoft Sticky Notes.
 
Error: (01/03/2017 11:31:00 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80073d02: Microsoft Sticky Notes.
 
Error: (01/03/2017 11:30:07 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/03/2017 11:29:16 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (01/03/2017 11:29:16 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (01/03/2017 11:29:16 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
Error: (01/03/2017 11:29:16 AM) (Source: DCOM) (EventID: 10005) (User: NT AUTHORITY)
Description: DCOM got error "1084" attempting to start the service dps with arguments "Unavailable" in order to run the server:
{DDCFD26B-FEED-44CD-B71D-79487D2E5E5A}
 
 
CodeIntegrity:
===================================
  Date: 2017-01-03 12:42:27.625
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-03 12:42:27.624
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-03 12:42:27.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-30 12:31:12.629
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-30 12:31:12.627
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-30 12:31:12.603
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-29 00:37:22.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-29 00:37:22.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-29 00:37:22.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-29 00:37:22.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 36%
Total physical RAM: 12147.63 MB
Available physical RAM: 7670.66 MB
Total Virtual: 36723.63 MB
Available Virtual: 32034.08 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:466.05 GB) (Free:387.03 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 3EF6AA17)
 
Partition: GPT.
 
==================== End of Addition.txt ============================

 

The last thing is when I tried to click Post this topic, (in Edge) the tab now showed it as OneNote (purple tab and toolbar) and just displayed a picture the login screen from bleepingcomputer and black background.

 

Note:This post on the other PC in the upload screen only show the option to Browse for the file (Not choose file and I got an error trying to upload the file.



BC AdBot (Login to Remove)

 


#2 snowyday

snowyday
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 04 January 2017 - 12:43 AM

I am the original poster of the topic.   **** The issue is way more serious and scary than I thought- It made a duplicate of my OneDrive from my Hotmail account!!!  

 

Hopefully someone from the expert team can respond soon.

 

I have a lot of emails and files stored there  and I am very concerned about what could be done with it not to mention I could lose it.

 

 

 



#3 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 AM

Posted 08 January 2017 - 05:15 PM

Hello and welcome to Bleeping Computer!

I am HelpBot: an automated program designed to help the Bleeping Computer Staff better assist you! This message contains very important information, so please read through all of it before doing anything.

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

To help Bleeping Computer better assist you please perform the following steps:

***************************************************

step1.gif In order to continue receiving help at BleepingComputer.com, YOU MUST tell me if you still need help or if your issue has already been resolved on your own or through another resource! To tell me this, please click on the following link and follow the instructions there.

CLICK THIS LINK >>> https://www.bleepingcomputer.com/logreply/636406 <<< CLICK THIS LINK



If you no longer need help, then all you needed to do was the previous instructions of telling me so. You can skip the rest of this post. If you do need help please continue with Step 2 below.

***************************************************

step2.gifIf you still need help, I would like you to post a Reply to this topic (click the "Add Reply" button in the lower right hand of this page). In that reply, please include the following information:

  • If you have not done so already, include a clear description of the problems you're having, along with any steps you may have performed so far.
  • A new FRST log. For your convenience, you will find the instructions for generating these logs repeated at the bottom of this post.
    • Please do this even if you have previously posted logs for us.
    • If you were unable to produce the logs originally please try once more.
    • If you are unable to create a log please provide detailed information about your installed Windows Operating System including the Version, Edition and if it is a 32bit or a 64bit system.
    • If you are unsure about any of these characteristics just post what you can and we will guide you.
  • Please tell us if you have your original Windows CD/DVD available.
  • Upon completing the above steps and posting a reply, another staff member will review your topic and do their best to resolve your issues.

Thank you for your patience, and again sorry for the delay.

***************************************************

We need to see some information about what is happening in your machine. Please perform the following scan again:

  • Download FRST by Farbar from the following link if you no longer have it available and save it to your destop.

    FRST Download Link

  • When you go to the above page, there will be 32-bit and 64-bit downloads available. Please click on the appropriate one for your version of Windows. If you are unsure as to whether your Windows is 32-bit or 64-bit, please see this tutorial.
  • Double click on the FRST icon and allow it to run.
  • Agree to the usage agreement and FRST will open. Do not make any changes and click on the Scan button.
  • Notepad will open with the results.
  • Post the new logs as explained in the prep guide.
  • Close the program window, and delete the program from your desktop.


As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#4 HelpBot

HelpBot

    Bleepin' Binary Bot


  • Bots
  • 12,729 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:10:16 AM

Posted 09 January 2017 - 09:24 PM

You have stated that you no longer need help with this issue, therefore I am closing this topic. If that is not the case and you need or wish to continue with this topic, please send any Moderator a Personal Message (PM) that you would like this topic re-opened.

As I am just a silly little program running on the BleepingComputer.com servers, please do not send me private messages as I do not know how to read and reply to them! Thanks!

#5 snowyday

snowyday
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 11 January 2017 - 09:13 PM

Hi Roger-thank you for reopening it.

Please- First can you answer this question first? I want to make sure to not screw myself.

I'm running windows 10 and somehow my login is now my email. If I change my email password well I no longer be able to login to my PC? I no longer seem to have full admin privileges. Also I'm doing this from my phone because now I have two computers is infected .

I am new to windows 10 but it has my OnrDRive drive associated with my email account.

I have never seen anything like this malware

Thank you so much. I am going to post the details now there's a lot not sure if I should put some of it and attachment

Edited by snowyday, 11 January 2017 - 09:30 PM.


#6 snowyday

snowyday
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 11 January 2017 - 09:23 PM

Hello
-Thank you for unlocking the topic.

Please Can you answer this question first?

The malware has hacked into my email. So I decided to reset my password( "I think I have been hacked reason) - but I wasn't sure if I am going to screw myself by doing this.

I am running Windows 10 and my account name is somehow now my email address. If I change the password will I not be able to login again?

Note I do not have complete admin privilege anymore.

I am doing this from my phone as I joe have two computers infected. I currently have wifi turned off on the PCs.

This malware is pretty nasty and seems to "learn" what I am doing then changes paths permissions etc. and I can no longer access things.

i am in the "please enter new password screen"

I have a PIN also but discovered that in safe mode it will only passwords are accepted not a PiN.

Thank you.
I will add another reply from the laptop.

#7 snowyday

snowyday
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 11 January 2017 - 09:25 PM

Hello
-Thank you for unlocking the topic.

Please Can you answer this question first?

The malware has hacked into my email. So I decided to reset my password( "I think I have been hacked reason) - but I wasn't sure if I am going to screw myself by doing this.

I am running Windows 10 and my account name is somehow now my email address. If I change the password will I not be able to login again?

Note I do not have complete admin privilege anymore.

I am doing this from my phone as I joe have two computers infected. I currently have wifi turned off on the PCs.

This malware is pretty nasty and seems to "learn" what I am doing then changes paths permissions etc. and I can no longer access things.

i am in the "please enter new password screen"

I have a PIN also but discovered that in safe mode it will only passwords are accepted not a PiN.

Thank you.
I will add another reply from the laptop.

#8 snowyday

snowyday
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 12 January 2017 - 05:05 AM

Hello -

 

Originally, this appeared just to be a keylogger and a Google redirect.  But these types of things began happening and then I looked around and saw a bunch of things (explained below).

 

* The instructions said as much info as possible.***  I put in a lot of detail - hopefully it's helpful and not annoying. (Symptoms abd nany Observations).

Symptoms:

 

1)Cursor sometimes moved on own or it did not allow me to check things or double click did not work. 

2)Screen would get repainted sometimes after clicking on a file or kick me out of things.  When screen was repainted sometimes didn't look right. I realized some of the error messages were just a picture. I could x out and continue installing

3) Discovered some emails messages (financial mostly) were being sent to ONeNote and kept in a OneNote Notebook with my name on OneDrive.

     Opened Microsoft Edge and clicked on the Square icon and saw it was OneNote.

 

4)Changed folder view to see hidden folders, when I started looking around, eventually I got "denied access to some folders". Also noticed it would keep copies of any files I opened, or in a SearchIndex file.

 

5) When I scanned in a document normally the MP Navigator sw came up now only Omnipage.  Couldn't pick the normal printer. Looked and found there was a ROOT print queue.

6) Windows UpdateFailed. Running Diagnostic  Troubleshooter (run as admin could not fix things (showed no problem unless I opened details) 

                  Date and Time were wrong

 

 

 

No anti malware software either didn't allow checking rootkit or it found nothing.

 

Eventually HiJackThis found a bunch of stuff but could not correct it.  First was:  Browser redirect

 

1)  Host file was changed and could not be accessed by HJT.

2) HJT complained of this in red above but it was not in the log file.

 

http://o15.officeredir.microsoft.com/r/rlidMSTrustworthyComputing14?ver=16&app=onenote.exe&clid=1033&lidhelp=0409&liduser=0409&lidui=0409-1-5-21-1860959292-1840385675-445126456-1001

 

Even had trouble running FARBAR tool.  Complained incompatible or something.  Finnally got around it.

 

Maybe I took the wrong one? s FRST64.exe and another time FRST.exe and wouldn't run just stayed open. Eventually I reinstalled it and ran it. I ran the one stored in the FRST_oldone directory.

Taskbar possible icons showed a few instances and processes.-

 Farbar Tool (blue cube) no real icon  FRST.exe, FRST64.exe, mod_frst.exe. FRST(1).exe

 

Observation:  (not sure if this is helpful)

This is a 64 bit machine (Intel processors) but under System-> Hardware properties it shows  AMD64

2) Most programs are running in 32 bit mode or a 32 bit version.

    Some of them (Word, Excel, Outlook,, OneNote, Intel SecuriMalwareBytes, GoogleCrash Handler, Google Installer, Intel security Assist, Intel Local Management Engine, distnoted. Send to OneNote Tool,  Microsoft OneDriver Co-Authoring Executable, Spybot S&D 2, Dell Update Windows Service, etc.)

 

3)Hidden devices , Realtek Microphone, Intel , Root printer/print queues

4)Some "new" Intel devices/programs hidden under other names or devices

             Intel Virtual Buttons, Intel Widi, Intel Rapid Storage, etc....) ? Microsoft Click-to-Run, PC_Doctor, PC Dr (Programs i never installed)

5)Directories $SYSRESET, $RECYCLE BIN

 

6)Admin Event Logger - sometimes after looking at som - it locked me out of look at events

Default file types ~600 

 

Under Associate a File with an App -

            Protocols -(All CAPITALS)  130 of them , 80 of them showed with URL:

           

MS-VOIP-CALL  URL:ms-voip-call

MS-IPMESSAGING 

MICROSOFT-CAMERA-PICKER    URL: microsoft.windows.camera.picker

 

 

Initally users were: arose Default and Public

Later saw              All Users, Default User, Public, Default , Default Migrated (hidden), arose (some file rights SYSTEM or CREATOR/ Guest)



#9 snowyday

snowyday
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:16 AM

Posted 12 January 2017 - 05:37 AM

Oops forgot to include the files.

 

 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 08-01-2017
Ran by arose (administrator) on DESKTOP-HJKAOCL (10-01-2017 01:39:16)
Running from C:\Users\arose\Downloads
Loaded Profiles: arose (Available Profiles: arose)
Platform: Windows 10 Home Version 1607 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.1.40.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(Intel Corporation) C:\Windows\System32\ibtsiva.exe
() C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\MBAMService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Intel Corporation) C:\Windows\SysWOW64\esif_uf.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Intel Corporation) C:\Windows\Temp\DPTF\esif_assist_64.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files\Malwarebytes\Anti-Malware\mbamtray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.32.7\GoogleCrashHandler64.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Waves Audio Ltd.) C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe
(Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MSASCuiL.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Trend Micro Inc.) C:\Users\arose\Downloads\HijackThis.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Intel Corporation) C:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
(Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
(Dell) C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
(Dell Inc.) C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
(Dell Products, LP.) C:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
(Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Dell) C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
(Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
(Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\arose\Downloads\FRST64 (1).exe
 
==================== Registry (Whitelisted) ====================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8850688 2016-02-26] (Realtek Semiconductor)
HKLM\...\Run: [RtHDVBg_MAXX6] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1419008 2016-02-26] (Realtek Semiconductor)
HKLM\...\Run: [WavesSvc] => C:\Program Files\Waves\MaxxAudio\WavesSvc64.exe [718256 2015-12-22] (Waves Audio Ltd.)
HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3885616 2016-03-03] (Dell Inc.)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [323040 2015-11-17] (Intel Corporation)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176440 2016-12-06] (Apple Inc.)
HKLM\...\Run: [Malwarebytes TrayApp] => C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\mbamtray.exe [2776528 2016-12-14] (Malwarebytes)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [587288 2016-09-22] (Oracle Corporation)
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\Run: [HijackThis startup scan] => C:\Users\arose\Downloads\HijackThis.exe [388608 2016-12-27] (Trend Micro Inc.)
Startup: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk [2017-01-09]
ShortcutTarget: Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation)
BootExecute: autocheck autochk * sdnclean64.exe
CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{527f76e7-5ae5-4321-b6ca-06e0ab9380c1}: [DhcpNameServer] 75.75.75.75 75.75.76.76
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.google.com
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Search_URL = hxxp://www.google.com
HKU\S-1-5-21-1860959292-1840385675-445126456-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.msn.com/
SearchScopes: HKU\S-1-5-21-1860959292-1840385675-445126456-1001 -> DefaultScope {18742D42-B55E-4816-90CB-A471EFB36AFB} URL = 
SearchScopes: HKU\S-1-5-21-1860959292-1840385675-445126456-1001 -> {18742D42-B55E-4816-90CB-A471EFB36AFB} URL = 
SearchScopes: HKU\S-1-5-21-1860959292-1840385675-445126456-1001 -> {DBD9A388-AC99-4F1C-A633-1B6C2A0563B0} URL = hxxps://search.yahoo.com/search?p={searchTerms}&fr=yset_ie_syc_oracle&type=orcl_default
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar64.dll => No File
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll [2016-12-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll [2016-12-06] (Oracle Corporation)
BHO-x32: Webroot Vault -> {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} -> C:\ProgramData\WRData\pkg\LPBar.dll => No File
BHO-x32: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL [2016-12-28] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll [2016-12-06] (Oracle Corporation)
Toolbar: HKLM - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar64.dll No File
Toolbar: HKLM-x32 - Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll No File
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-12-28] (Microsoft Corporation)
 
Edge: 
======
Edge HomeButtonPage: HKU\S-1-5-21-1860959292-1840385675-445126456-1001 -> hxxp://www.bing.com/
 
FireFox:
========
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.68 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2015-08-24] (Intel Corporation)
FF Plugin-x32: @java.com/DTPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\dtplugin\npDeployJava1.dll [2016-12-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.111.2 -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\plugin2\npjp2.dll [2016-12-06] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-12-28] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.32.7\npGoogleUpdate3.dll [2016-12-16] (Google Inc.)
 
Chrome: 
=======
CHR StartupUrls: Default -> "hxxps://www.google.com/"
CHR Profile: C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default [2017-01-10]
CHR Extension: (Google Slides) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2016-08-19]
CHR Extension: (Google Docs) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2016-08-20]
CHR Extension: (Google Drive) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-08-20]
CHR Extension: (YouTube) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-08-20]
CHR Extension: (Google Sheets) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2016-08-19]
CHR Extension: (Google Docs Offline) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-08-20]
CHR Extension: (Chrome Web Store Payments) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-08-19]
CHR Extension: (Gmail) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-08-20]
CHR Extension: (Chrome Media Router) - C:\Users\arose\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkedcjkdefgpdelpbcmbmeomcjbeemfm [2016-12-17]
CHR HKLM\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [eoalfhodgifhbkgmbbdafcihjpdldpll] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [ngkhgikojglcgnckopipfdajaifmmnnc] - hxxp://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ====================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 AESMService; c:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe [3715208 2015-09-30] (Intel Corporation)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-09-22] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [3699904 2016-12-28] (Microsoft Corporation)
S3 cplspcon; C:\WINDOWS\system32\IntelCpHDCPSvc.exe [603256 2016-03-07] (Intel Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [143144 2016-11-08] (Dropbox, Inc.)
R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [132472 2016-09-09] (Dell Inc.)
R2 Dell Foundation Services; C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe [97616 2016-11-30] (Dell)
R2 Dell Help & Support; C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe [78672 2016-09-13] (Dell Inc.)
R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-06-23] (Dell Inc.)
R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-06-23] (Dell Inc.)
R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [228216 2016-01-21] (Dell Inc.)
R2 esifsvc; C:\WINDOWS\SysWoW64\esif_uf.exe [1392792 2015-10-30] (Intel Corporation)
R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [19424 2015-11-17] (Intel Corporation)
R2 igfxCUIService2.0.0.0; C:\WINDOWS\system32\igfxCUIService.exe [354936 2016-03-07] (Intel Corporation)
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [881152 2015-05-22] (Intel® Corporation)
S3 Intel® Security Assist; C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe [335872 2015-07-06] (Intel Corporation) [File not signed]
S3 Intel® WiDi SAM; C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [19088 2015-09-17] (Intel Corporation)
R2 isaHelperSvc; C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe [7680 2015-07-06] () [File not signed]
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [207648 2016-01-21] (Intel Corporation)
R2 MBAMService; C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe [4317648 2016-12-14] (Malwarebytes)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [268704 2016-06-23] ()
R2 Product Registration; C:\Program Files\Dell\Dell Product Registration\PRSvc.exe [80208 2016-09-22] (Dell)
R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [310016 2016-02-26] (Realtek Semiconductor)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31704 2016-09-09] (Dell Inc.)
R2 WavesSysSvc; C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe [613296 2015-12-22] (Waves Audio Ltd.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [347328 2016-07-16] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [103720 2016-07-16] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [3732896 2016-06-23] (Intel® Corporation)
R2 ibtsiva; %SystemRoot%\system32\ibtsiva [X]
 
===================== Drivers (Whitelisted) ======================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 DDDriver; C:\WINDOWS\system32\drivers\DDDriver64Dcsa.sys [32464 2016-01-05] (Dell Computer Corporation)
R3 DellProf; C:\WINDOWS\system32\drivers\DellProf.sys [24240 2016-01-05] (Dell Computer Corporation)
R2 DpmLiteDrv; c:\Program Files\Dell\QuickSet\DpmLiteDrv64.sys [15080 2014-10-15] (Wistron Corp.)
R3 dptf_acpi; C:\WINDOWS\System32\drivers\dptf_acpi.sys [55784 2015-10-30] (Intel Corporation)
R3 dptf_cpu; C:\WINDOWS\System32\drivers\dptf_cpu.sys [52200 2015-10-30] (Intel Corporation)
R3 esif_lf; C:\WINDOWS\system32\DRIVERS\esif_lf.sys [260072 2015-10-30] (Intel Corporation)
R1 ESProtectionDriver; C:\WINDOWS\system32\drivers\mbae64.sys [77416 2016-12-14] ()
R3 HidEventFilter; C:\WINDOWS\System32\drivers\HidEventFilter.sys [54272 2015-09-21] (Intel Corporation)
R3 HID_PCI; C:\WINDOWS\System32\drivers\HID_PCI.sys [47928 2015-11-04] (Intel)
S3 iaLPSS2_SPI; C:\WINDOWS\System32\drivers\iaLPSS2_SPI.sys [152376 2016-01-22] (Intel Corporation)
S3 iaLPSS2_UART2; C:\WINDOWS\System32\drivers\iaLPSS2_UART2.sys [281400 2016-01-22] (Intel Corporation)
R3 ibtusb; C:\WINDOWS\system32\DRIVERS\ibtusb.sys [349960 2016-07-12] (Intel Corporation)
R3 IntcAudioBus; C:\WINDOWS\System32\drivers\IntcAudioBus.sys [201808 2016-02-11] (Intel® Corporation)
R3 IntcOED; C:\WINDOWS\System32\drivers\IntcOED.sys [623184 2016-02-11] (Intel® Corporation)
R3 ISH; C:\WINDOWS\System32\drivers\ISH.sys [135992 2015-11-04] (Intel)
R3 ISH_BusDriver; C:\WINDOWS\System32\drivers\ISH_BusDriver.sys [71992 2015-11-09] (Intel)
R2 MBAMChameleon; C:\WINDOWS\system32\drivers\MBAMChameleon.sys [176064 2016-12-30] (Malwarebytes)
R3 MBAMFarflt; C:\WINDOWS\system32\drivers\farflt.sys [102856 2017-01-10] (Malwarebytes)
R3 MBAMProtection; C:\WINDOWS\system32\drivers\mbam.sys [43968 2017-01-10] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [250816 2017-01-10] (Malwarebytes)
R3 MBAMWebProtection; C:\WINDOWS\system32\drivers\mwac.sys [91584 2017-01-10] (Malwarebytes)
S3 NetAdapterCx; C:\WINDOWS\System32\drivers\NetAdapterCx.sys [90624 2016-07-16] ()
U5 Netwtw02; C:\Windows\System32\Drivers\Netwtw02.sys [6722320 2016-01-11] (Intel Corporation)
R3 Netwtw04; C:\WINDOWS\System32\drivers\Netwtw04.sys [7235344 2016-07-18] (Intel Corporation)
S3 RTSUER; C:\WINDOWS\system32\Drivers\RtsUer.sys [413912 2015-12-22] (Realsil Semiconductor Corporation)
S3 rtsuvc; C:\WINDOWS\system32\DRIVERS\rtsuvc.sys [3093760 2015-12-17] (Realtek Semiconductor Corp.)
S3 rtux64w10; C:\WINDOWS\System32\drivers\rtux64w10.sys [343808 2015-12-22] (Realtek                                                                )
R3 VirtualButtons; C:\WINDOWS\System32\drivers\VirtualButtons.sys [31280 2015-04-14] (Intel Corporation)
S3 WdBoot; C:\WINDOWS\system32\drivers\WdBoot.sys [44056 2016-07-16] (Microsoft Corporation)
S3 WdFilter; C:\WINDOWS\system32\drivers\WdFilter.sys [290144 2016-07-16] (Microsoft Corporation)
S3 WdNisDrv; C:\WINDOWS\System32\Drivers\WdNisDrv.sys [123232 2016-07-16] (Microsoft Corporation)
S3 PCDSRVC{3B54B31B-D06B6431-06020200}_0; \??\c:\program files\dell\supportassist\pcdsrvc_x64.pkms [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-10 01:38 - 2017-01-10 01:38 - 02419200 _____ (Farbar) C:\Users\arose\Downloads\FRST64 (1).exe
2017-01-10 01:36 - 2017-01-10 01:36 - 02419200 _____ (Farbar) C:\Users\arose\Desktop\FRST64 (1).exe
2017-01-10 01:14 - 2017-01-10 01:14 - 01761280 _____ (Farbar) C:\Users\arose\Downloads\FRST (1).exe
2017-01-10 01:12 - 2017-01-10 01:13 - 01761280 _____ (Farbar) C:\Users\arose\Downloads\FRST.exe
2017-01-09 19:00 - 2017-01-09 19:00 - 00092219 _____ C:\Users\arose\Downloads\adsspy.txt
2017-01-09 16:03 - 2017-01-09 16:03 - 00001475 _____ C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\mbamtray.lnk
2017-01-09 15:55 - 2017-01-09 15:55 - 00000799 _____ C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HijackThis.lnk
2017-01-09 15:49 - 2017-01-09 15:49 - 00007044 _____ C:\Users\arose\Downloads\processlist.txt
2017-01-09 15:40 - 2017-01-09 15:40 - 00001092 _____ C:\Users\arose\Downloads\uninstall_list2.txt
2017-01-09 15:04 - 2017-01-09 15:04 - 00001092 _____ C:\Users\arose\Downloads\uninstall_list.txt
2017-01-09 14:17 - 2016-12-29 17:24 - 00453848 ____R C:\WINDOWS\system32\Drivers\etc\hosts.20170109-141724.backup
2017-01-09 14:09 - 2017-01-09 14:09 - 00306465 _____ C:\Users\arose\Desktop\TeamSpybot-20170109-140910.cab
2017-01-09 13:09 - 2017-01-09 13:09 - 00069632 _____ C:\Users\arose\OneDrive\Documents\audiosavedevent.evtx
2017-01-09 13:09 - 2017-01-09 13:09 - 00000000 ____D C:\Users\arose\OneDrive\Documents\LocaleMetaData
2017-01-09 04:53 - 2017-01-09 04:53 - 00045907 _____ C:\Users\arose\Downloads\Shortcut.txt
2017-01-08 22:38 - 2017-01-09 04:53 - 00040208 _____ C:\Users\arose\Downloads\Addition.txt
2017-01-08 22:37 - 2017-01-10 01:39 - 00022418 _____ C:\Users\arose\Downloads\FRST.txt
2017-01-08 22:37 - 2017-01-08 22:37 - 00000000 ____D C:\Users\arose\Downloads\FRST-OlderVersion
2017-01-06 10:13 - 2017-01-06 10:13 - 00000000 ____D C:\Users\arose\newpics
2017-01-06 09:31 - 2017-01-06 09:31 - 00000000 ____D C:\Users\arose\resumes
2017-01-06 09:29 - 2017-01-06 09:52 - 00000000 ____D C:\Users\arose\Tutorials
2017-01-05 17:07 - 2016-10-03 16:54 - 00703925 _____ C:\Users\arose\Desktop\BBSTExploring.pdf
2017-01-05 16:14 - 2017-01-05 16:14 - 02338092 _____ C:\Users\arose\Downloads\JLG ICER Brochure Q4 2012e.pdf
2017-01-05 16:13 - 2017-01-05 16:13 - 00241855 _____ C:\Users\arose\Downloads\GenRocketBrochure-Final (1).pdf
2017-01-05 02:54 - 2017-01-05 02:54 - 00007894 _____ C:\Users\arose\Desktop\M8J8PLQ2.htm
2017-01-03 22:28 - 2017-01-03 22:28 - 00241855 _____ C:\Users\arose\Downloads\GenRocketBrochure-Final.pdf
2017-01-03 14:01 - 2017-01-03 14:02 - 00043587 _____ C:\Users\arose\Desktop\Addition.txt
2017-01-03 14:00 - 2017-01-10 01:39 - 00000000 ____D C:\FRST
2017-01-03 14:00 - 2017-01-03 14:02 - 00100217 _____ C:\Users\arose\Desktop\FRST.txt
2017-01-03 13:59 - 2017-01-03 13:59 - 02418176 _____ (Farbar) C:\Users\arose\Desktop\FRST64.exe
2017-01-03 13:56 - 2017-01-08 22:37 - 02419200 _____ (Farbar) C:\Users\arose\Downloads\FRST64.exe
2017-01-02 17:12 - 2017-01-02 17:12 - 00060627 _____ C:\Users\arose\OneDrive\Documents\listofservices.txt
2017-01-02 15:33 - 2017-01-02 15:33 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-12-30 13:53 - 2017-01-03 11:29 - 00000000 ____D C:\WINDOWS\pss
2016-12-30 13:53 - 2017-01-02 15:29 - 06024406 _____ C:\WINDOWS\ntbtlog.txt
2016-12-30 13:26 - 2016-12-30 13:26 - 00001539 _____ C:\Users\arose\Desktop\pot.txt
2016-12-30 12:31 - 2017-01-10 01:35 - 00102856 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\farflt.sys
2016-12-30 12:31 - 2017-01-10 01:35 - 00091584 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mwac.sys
2016-12-30 12:31 - 2017-01-10 01:35 - 00043968 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-12-30 12:31 - 2017-01-09 15:59 - 00001914 _____ C:\Users\Public\Desktop\Malwarebytes.lnk
2016-12-30 12:31 - 2017-01-09 15:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes
2016-12-30 12:30 - 2016-12-30 12:30 - 54199488 _____ (Malwarebytes ) C:\Users\arose\Downloads\mb3-setup-consumer-3.0.5.1299.exe
2016-12-30 12:30 - 2016-12-14 12:55 - 00077416 _____ C:\WINDOWS\system32\Drivers\mbae64.sys
2016-12-29 18:35 - 2017-01-10 01:35 - 00250816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-12-29 18:35 - 2017-01-09 17:22 - 00000000 ____D C:\Users\arose\Desktop\mbar
2016-12-29 18:35 - 2017-01-09 17:22 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-12-29 18:35 - 2016-12-30 12:31 - 00176064 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-12-29 18:35 - 2016-12-30 12:30 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-12-29 18:34 - 2016-12-29 18:35 - 16563352 _____ (Malwarebytes Corp.) C:\Users\arose\Downloads\mbar-1.09.3.1001.exe
2016-12-29 18:30 - 2016-12-29 18:30 - 01472131 _____ C:\Users\arose\Downloads\vba32arkit.zip
2016-12-29 18:28 - 2016-12-29 18:29 - 05659917 _____ (Swearware) C:\Users\arose\Downloads\ComboFix.exe
2016-12-29 18:18 - 2016-12-29 18:18 - 00001462 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
2016-12-29 18:18 - 2016-12-29 18:18 - 00001450 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
2016-12-29 18:18 - 2016-12-29 18:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
2016-12-29 18:18 - 2013-09-20 10:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
2016-12-29 18:17 - 2016-12-29 18:18 - 46525608 _____ (Safer-Networking Ltd. ) C:\Users\arose\Downloads\spybot-2.4.exe
2016-12-29 18:16 - 2016-12-29 18:16 - 07617712 _____ C:\Users\arose\Downloads\spybotsd_includes.exe
2016-12-29 17:56 - 2016-12-29 17:56 - 00000085 _____ C:\WINDOWS\wininit.ini
2016-12-29 17:24 - 2015-10-30 02:21 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20161229-172415.backup
2016-12-29 17:02 - 2016-12-29 17:02 - 00000000 ____D C:\Users\arose\AppData\Local\lptmp482903920
2016-12-29 17:02 - 2016-12-29 17:02 - 00000000 ____D C:\Users\arose\AppData\Local\lptmp407641572
2016-12-29 17:00 - 2015-10-30 02:21 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts.20161229-170020.backup
2016-12-29 16:18 - 2016-12-29 16:18 - 00322762 _____ C:\Users\arose\Desktop\TeamSpybot-20161229-161858.cab
2016-12-29 16:10 - 2016-12-29 16:10 - 00000000 ____D C:\Program Files\Common Files\AV
2016-12-29 16:10 - 2015-07-28 17:52 - 00821920 _____ (Safer-Networking Ltd. ) C:\Users\Public\Desktop\Post Win10 Spybot-install.exe
2016-12-29 16:06 - 2016-12-29 14:54 - 00041895 _____ C:\Users\arose\OneDrive\Documents\spybotloginfo.txt
2016-12-29 16:06 - 2016-12-29 05:24 - 00000136 _____ C:\Users\arose\OneDrive\Documents\Rootkits.161229-0524.log
2016-12-29 16:06 - 2016-12-29 05:22 - 00041895 _____ C:\Users\arose\OneDrive\Documents\Updates.log
2016-12-29 16:06 - 2016-12-29 05:20 - 00122409 _____ C:\Users\arose\OneDrive\Documents\Scanner.log
2016-12-29 16:06 - 2016-12-29 05:19 - 00001012 _____ C:\Users\arose\OneDrive\Documents\RootkitQuickScan.log
2016-12-29 16:06 - 2016-12-29 05:17 - 00000310 _____ C:\Users\arose\OneDrive\Documents\Firewall.log
2016-12-29 16:05 - 2016-12-29 16:05 - 00255773 _____ C:\Users\arose\Desktop\TeamSpybot-20161229-160459.cab
2016-12-29 15:19 - 2016-12-29 15:19 - 02183459 _____ C:\Users\arose\OneDrive\Documents\systatetoreg.reg
2016-12-29 15:16 - 2016-12-29 15:16 - 00077336 _____ C:\Users\arose\OneDrive\Documents\htjlog.txt
2016-12-29 15:14 - 2016-12-29 15:14 - 00438736 _____ C:\Users\arose\OneDrive\Documents\spyd2bot.txt
2016-12-29 05:19 - 2016-12-29 05:19 - 00000000 ____D C:\Users\arose\OneDrive\Documents\ProcAlyzer Dumps
2016-12-29 05:17 - 2016-12-29 18:20 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2016-12-29 05:17 - 2016-12-29 18:18 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2016-12-29 05:17 - 2016-12-29 05:17 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
2016-12-29 04:55 - 2016-12-29 04:55 - 00001253 _____ C:\Users\arose\OneDrive\Documents\Keyloggerresults1229.htm
2016-12-29 04:50 - 2016-12-29 04:50 - 00613868 _____ C:\Users\arose\Downloads\inst_antispy.exe
2016-12-29 04:01 - 2015-10-30 02:21 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts - Copy
2016-12-29 03:06 - 2017-01-09 15:56 - 00074947 _____ C:\Users\arose\Downloads\startuplist.txt
2016-12-29 02:59 - 2016-12-29 02:59 - 00013731 _____ C:\Users\arose\Downloads\hijackthis2
2016-12-29 01:37 - 2016-12-29 01:37 - 01227938 _____ C:\Users\arose\OneDrive\Documents\motoradiosol.docx
2016-12-29 01:36 - 2016-12-29 01:37 - 01227936 _____ C:\Users\arose\OneDrive\Documents\http.docx
2016-12-29 00:50 - 2016-12-29 00:50 - 00001212 _____ C:\Users\arose\Desktop\third.txt
2016-12-29 00:48 - 2016-12-29 00:48 - 00001203 _____ C:\Users\arose\Desktop\second.txt
2016-12-29 00:46 - 2016-12-29 00:46 - 00001043 _____ C:\Users\arose\Desktop\2ndtimembam.txt
2016-12-29 00:36 - 2016-12-29 00:36 - 00000000 ____D C:\Users\arose\AppData\Local\Programs
2016-12-29 00:36 - 2016-12-29 00:36 - 00000000 ____D C:\Program Files\Malwarebytes
2016-12-29 00:30 - 2016-12-29 00:30 - 00000000 ____D C:\Users\arose\OneDrive\Documents\ARresume
2016-12-28 18:28 - 2016-12-28 18:25 - 00034406 _____ C:\Users\arose\Audrey_Rosenthal1228.docx
2016-12-27 15:17 - 2016-12-27 15:17 - 00000000 ____D C:\ProgramData\PC-Doctor, Inc
2016-12-27 12:17 - 2016-12-27 12:17 - 00014795 _____ C:\Users\arose\Downloads\Passbook.pkpass
2016-12-27 06:20 - 2017-01-09 15:42 - 00000000 ____D C:\Users\arose\Downloads\backups
2016-12-27 05:42 - 2017-01-09 19:41 - 00012710 _____ C:\Users\arose\Downloads\hijackthis.log
2016-12-27 05:42 - 2016-12-27 05:42 - 00388608 _____ (Trend Micro Inc.) C:\Users\arose\Downloads\HijackThis.exe
2016-12-27 04:54 - 2016-12-27 05:11 - 00000000 ____D C:\Users\arose\AppData\Roaming\Apple Computer
2016-12-27 04:54 - 2016-12-27 04:54 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-12-27 04:54 - 2016-12-27 04:54 - 00000000 ____D C:\Users\arose\AppData\Local\Apple Computer
2016-12-27 04:54 - 2016-12-27 04:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-12-27 04:54 - 2016-12-27 04:54 - 00000000 ____D C:\ProgramData\Apple Computer
2016-12-27 04:54 - 2016-12-27 04:54 - 00000000 ____D C:\Program Files\iTunes
2016-12-27 04:54 - 2016-12-27 04:54 - 00000000 ____D C:\Program Files\iPod
2016-12-26 23:18 - 2016-12-26 23:18 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-12-26 23:18 - 2016-12-26 23:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-12-26 23:18 - 2016-12-26 23:18 - 00000000 ____D C:\Users\arose\AppData\Local\Apple
2016-12-26 23:18 - 2016-12-26 23:18 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-12-26 23:17 - 2016-12-27 04:54 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-12-26 23:17 - 2016-12-26 23:18 - 00000000 ____D C:\ProgramData\Apple
2016-12-26 23:17 - 2016-12-26 23:17 - 00000000 ____D C:\Program Files\Bonjour
2016-12-26 23:17 - 2016-12-26 23:17 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-12-26 23:16 - 2016-12-26 23:16 - 177044296 _____ (Apple Inc.) C:\Users\arose\Downloads\iTunes6464Setup.exe
2016-12-25 13:30 - 2016-12-25 13:30 - 01129066 _____ C:\Users\arose\Downloads\football.jpg
2016-12-25 13:29 - 2016-12-25 13:29 - 00217134 _____ C:\Users\arose\Downloads\hockey.jpg
2016-12-25 13:18 - 2016-12-25 13:18 - 00420777 _____ C:\Users\arose\Downloads\IMG_0828.JPG
2016-12-25 13:17 - 2016-12-25 13:17 - 02245151 _____ C:\Users\arose\Downloads\IMG_1464.JPG
2016-12-25 13:16 - 2016-12-25 13:16 - 00247534 _____ C:\Users\arose\Downloads\IMG_1583.JPG
2016-12-25 12:59 - 2016-12-25 12:59 - 00409663 _____ C:\Users\arose\Downloads\boat.JPG
2016-12-25 12:43 - 2016-12-25 12:43 - 00447272 _____ C:\Users\arose\Downloads\IMG_3656.JPG
2016-12-24 03:40 - 2016-12-24 03:40 - 00060533 _____ C:\Users\arose\OneDrive\Documents\stuffandlist.txt
2016-12-23 00:48 - 2016-12-23 00:48 - 00114667 _____ C:\Users\arose\Downloads\securedoc_20161222T225739.html
2016-12-19 22:37 - 2016-12-19 22:37 - 00209974 _____ C:\Users\arose\Downloads\CEE_ResidentialClothesWasherSpec_07Mar2015.pdf
2016-12-19 20:44 - 2016-12-19 20:44 - 00024765 _____ C:\Users\arose\Downloads\histanlum1.xls
2016-12-19 20:33 - 2016-12-19 20:33 - 00024765 _____ C:\Users\arose\Downloads\histanlum.xls
2016-12-19 16:47 - 2016-12-29 17:02 - 00000000 ____D C:\Users\arose\AppData\Local\lptmp
2016-12-19 16:47 - 2016-12-28 18:19 - 00000000 ____D C:\Users\arose\AppData\LocalLow\LastPass
2016-12-19 16:45 - 2016-12-19 16:45 - 00000000 ____D C:\Program Files (x86)\wes
2016-12-19 16:36 - 2016-12-29 17:02 - 00000000 ____D C:\ProgramData\WRData
2016-12-19 16:35 - 2016-12-19 16:36 - 00990464 _____ (Webroot) C:\Users\arose\Downloads\wsabbs2.exe
2016-12-19 14:45 - 2016-12-19 14:45 - 1122733881 _____ C:\WINDOWS\MEMORY.DMP
2016-12-19 14:45 - 2016-12-19 14:45 - 00417636 _____ C:\WINDOWS\Minidump\121916-5328-01.dmp
2016-12-19 13:12 - 2016-12-19 14:09 - 00045568 _____ C:\Users\arose\Downloads\Secured Promissory Note (2).DOC
2016-12-18 22:04 - 2016-12-18 22:04 - 00058709 _____ C:\Users\arose\Downloads\holocaust-memorial.jpg
2016-12-18 21:58 - 2016-12-18 21:58 - 00193774 _____ C:\Users\arose\Downloads\holocaust-memorial-adela-.jpg
2016-12-17 13:53 - 2016-12-17 13:53 - 00805348 _____ C:\Users\arose\Downloads\EN-05-10064.pdf
2016-12-17 13:51 - 2016-12-17 13:51 - 00682687 _____ C:\Users\arose\Downloads\SSA-7004.pdf
2016-12-16 17:32 - 2016-12-16 17:32 - 00003290 _____ C:\WINDOWS\System32\Tasks\OneDrive Standalone Update Task v2
2016-12-16 17:32 - 2016-12-16 17:32 - 00000000 ___HD C:\OneDriveTemp
2016-12-16 17:08 - 2016-12-16 17:08 - 00096768 _____ C:\Users\arose\Downloads\2012febcv-felicia_waldman-english-website-march-2012.doc
2016-12-16 00:55 - 2016-12-16 00:55 - 00000487 _____ C:\Users\arose\Downloads\PGP.sig
2016-12-16 00:54 - 2016-12-16 00:54 - 00126971 _____ C:\Users\arose\OneDrive\Documents\Jacob Pearlman MCSP Essay.docx
2016-12-16 00:37 - 2017-01-09 02:37 - 00000000 ____D C:\Users\arose\OneDrive\Documents\OneNote Notebooks
2016-12-15 22:10 - 2016-12-11 18:56 - 00835576 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-12-15 22:10 - 2016-12-11 18:56 - 00177656 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-12-15 20:34 - 2016-12-15 20:34 - 00114666 _____ C:\Users\arose\Downloads\securedoc_20161214T225153.html
2016-12-14 11:43 - 2016-12-09 04:18 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2016-12-14 11:42 - 2016-12-09 05:11 - 02048496 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-12-14 11:42 - 2016-12-09 05:01 - 02323728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10warp.dll
2016-12-14 11:42 - 2016-12-09 05:01 - 01503544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll
2016-12-14 11:42 - 2016-12-09 05:01 - 00861024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2016-12-14 11:42 - 2016-12-09 05:00 - 00106896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcrypt.dll
2016-12-14 11:42 - 2016-12-09 04:59 - 02166752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-12-14 11:42 - 2016-12-09 04:59 - 00846560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-12-14 11:42 - 2016-12-09 04:57 - 06668040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-12-14 11:42 - 2016-12-09 04:57 - 01852720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-12-14 11:42 - 2016-12-09 04:56 - 00959112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-12-14 11:42 - 2016-12-09 04:52 - 01435896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2016-12-14 11:42 - 2016-12-09 04:52 - 01415752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32full.dll
2016-12-14 11:42 - 2016-12-09 04:51 - 00117240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sspicli.dll
2016-12-14 11:42 - 2016-12-09 04:41 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2016-12-14 11:42 - 2016-12-09 04:40 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32k.sys
2016-12-14 11:42 - 2016-12-09 04:36 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2016-12-14 11:42 - 2016-12-09 04:34 - 00822784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2016-12-14 11:42 - 2016-12-09 04:34 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll
2016-12-14 11:42 - 2016-12-09 04:32 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9diag.dll
2016-12-14 11:42 - 2016-12-09 04:31 - 03689984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2016-12-14 11:42 - 2016-12-09 04:31 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-12-14 11:42 - 2016-12-09 04:31 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\indexeddbserver.dll
2016-12-14 11:42 - 2016-12-09 04:30 - 19413504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-12-14 11:42 - 2016-12-09 04:30 - 04612608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-12-14 11:42 - 2016-12-09 04:28 - 03306496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-12-14 11:42 - 2016-12-09 04:27 - 19417088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-12-14 11:42 - 2016-12-09 04:23 - 12177920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-12-14 11:42 - 2016-12-09 04:20 - 06044160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-12-14 11:42 - 2016-12-09 04:20 - 03198464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2016-12-14 11:42 - 2016-12-09 04:18 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-12-14 11:42 - 2016-12-09 04:18 - 02138112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-12-14 11:42 - 2016-12-09 04:17 - 00886272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\aadtb.dll
2016-12-14 11:42 - 2016-12-09 04:17 - 00566784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ShareHost.dll
2016-12-14 11:42 - 2016-12-09 04:16 - 02998272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\win32kfull.sys
2016-12-14 11:42 - 2016-12-09 04:16 - 01880576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-12-14 11:42 - 2016-12-09 04:16 - 00353280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-12-14 11:42 - 2016-12-09 04:15 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-12-14 11:42 - 2016-12-09 04:15 - 00092672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-12-14 11:42 - 2016-12-09 04:15 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2016-12-14 11:42 - 2016-12-09 03:54 - 00483840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2016-12-14 11:36 - 2016-12-09 05:32 - 07816032 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-12-14 11:36 - 2016-12-09 05:20 - 01738560 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll
2016-12-14 11:36 - 2016-12-09 05:19 - 01293152 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2016-12-14 11:36 - 2016-12-09 05:15 - 08168000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-12-14 11:36 - 2016-12-09 05:15 - 01988560 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-12-14 11:36 - 2016-12-09 05:10 - 01461200 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2016-12-14 11:36 - 2016-12-09 04:45 - 00206848 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-12-14 11:36 - 2016-12-09 04:37 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-12-14 11:36 - 2016-12-09 04:36 - 06285312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-12-14 11:36 - 2016-12-09 04:36 - 00425984 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadcloudap.dll
2016-12-14 11:36 - 2016-12-09 04:29 - 04749312 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2016-12-14 11:36 - 2016-12-09 04:27 - 00981504 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.OnlineId.dll
2016-12-14 11:36 - 2016-12-09 04:26 - 08129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-12-14 11:36 - 2016-12-09 04:22 - 02688512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-12-14 11:36 - 2016-12-09 04:21 - 04746752 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-12-14 11:36 - 2016-12-09 04:21 - 03616768 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-12-14 11:36 - 2016-12-09 04:21 - 01512960 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-12-14 11:36 - 2016-12-09 04:20 - 00730624 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2016-12-14 11:36 - 2016-12-09 04:20 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2016-12-14 11:36 - 2016-12-09 04:19 - 01121280 _____ (Microsoft Corporation) C:\WINDOWS\system32\aadtb.dll
2016-12-14 11:35 - 2016-12-09 05:42 - 01637728 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
2016-12-14 11:35 - 2016-12-09 05:42 - 00137568 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2016-12-14 11:35 - 2016-12-09 05:34 - 01051112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-12-14 11:35 - 2016-12-09 05:34 - 00894096 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-12-14 11:35 - 2016-12-09 05:33 - 01354320 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-12-14 11:35 - 2016-12-09 05:33 - 01173496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-12-14 11:35 - 2016-12-09 05:30 - 00377184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\clfs.sys
2016-12-14 11:35 - 2016-12-09 05:29 - 02681200 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 11:35 - 2016-12-09 05:28 - 00764392 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2016-12-14 11:35 - 2016-12-09 05:27 - 00172528 _____ (Microsoft Corporation) C:\WINDOWS\system32\sspicli.dll
2016-12-14 11:35 - 2016-12-09 05:20 - 02677544 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10warp.dll
2016-12-14 11:35 - 2016-12-09 05:20 - 02189664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-12-14 11:35 - 2016-12-09 05:20 - 00658784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-12-14 11:35 - 2016-12-09 05:20 - 00402272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-12-14 11:35 - 2016-12-09 05:19 - 00168424 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcrypt.dll
2016-12-14 11:35 - 2016-12-09 05:18 - 02913144 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-12-14 11:35 - 2016-12-09 05:18 - 01267512 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-12-14 11:35 - 2016-12-09 05:18 - 01100128 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvix64.exe
2016-12-14 11:35 - 2016-12-09 05:18 - 00989024 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvax64.exe
2016-12-14 11:35 - 2016-12-09 05:18 - 00947552 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.efi
2016-12-14 11:35 - 2016-12-09 05:18 - 00811872 _____ (Microsoft Corporation) C:\WINDOWS\system32\hvloader.exe
2016-12-14 11:35 - 2016-12-09 05:18 - 00624048 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-12-14 11:35 - 2016-12-09 05:14 - 01274712 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-12-14 11:35 - 2016-12-09 05:14 - 00241504 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudExperienceHost.dll
2016-12-14 11:35 - 2016-12-09 05:10 - 01572768 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32full.dll
2016-12-14 11:35 - 2016-12-09 05:09 - 00455520 _____ (Microsoft Corporation) C:\WINDOWS\system32\securekernel.exe
2016-12-14 11:35 - 2016-12-09 04:47 - 22563328 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-12-14 11:35 - 2016-12-09 04:45 - 00040448 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2016-12-14 11:35 - 2016-12-09 04:42 - 00227328 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdd.dll
2016-12-14 11:35 - 2016-12-09 04:41 - 00380928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wincorlib.dll
2016-12-14 11:35 - 2016-12-09 04:38 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2016-12-14 11:35 - 2016-12-09 04:37 - 00411136 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
2016-12-14 11:35 - 2016-12-09 04:37 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\system32\indexeddbserver.dll
2016-12-14 11:35 - 2016-12-09 04:36 - 03059200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2016-12-14 11:35 - 2016-12-09 04:36 - 00410112 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-12-14 11:35 - 2016-12-09 04:33 - 03777536 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-12-14 11:35 - 2016-12-09 04:33 - 01589760 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtctm.dll
2016-12-14 11:35 - 2016-12-09 04:30 - 23677952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-12-14 11:35 - 2016-12-09 04:28 - 01004544 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-12-14 11:35 - 2016-12-09 04:27 - 13084160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-12-14 11:35 - 2016-12-09 04:27 - 05114368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2016-12-14 11:35 - 2016-12-09 04:26 - 01692672 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.onecore.dll
2016-12-14 11:35 - 2016-12-09 04:25 - 00376832 _____ (Microsoft Corporation) C:\WINDOWS\system32\CryptoWinRT.dll
2016-12-14 11:35 - 2016-12-09 04:24 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-12-14 11:35 - 2016-12-09 04:22 - 02820096 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-12-14 11:35 - 2016-12-09 04:22 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-12-14 11:35 - 2016-12-09 04:21 - 00716800 _____ (Microsoft Corporation) C:\WINDOWS\system32\ShareHost.dll
2016-12-14 11:35 - 2016-12-09 04:20 - 00172544 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-12-14 11:35 - 2016-12-09 04:19 - 00433664 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-12-14 11:35 - 2016-12-09 04:19 - 00261120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-12-14 11:35 - 2016-12-09 04:19 - 00119296 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-12-14 11:35 - 2016-12-09 04:19 - 00085504 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2016-12-13 23:31 - 2016-12-13 23:31 - 00172750 _____ C:\Users\arose\Downloads\prr-reforms-memo-final.pdf
2016-12-13 23:24 - 2016-12-13 23:25 - 00452252 _____ C:\Users\arose\Downloads\FAQs_for_HCSB_Site.pdf
2016-12-13 22:33 - 2016-12-13 22:33 - 01590661 _____ C:\Users\arose\Downloads\UImanual.pdf
2016-12-12 19:30 - 2016-12-12 19:30 - 04663534 _____ C:\Users\arose\Downloads\NY65-74_CR_027_0704.pdf
2016-12-12 18:56 - 2016-12-12 18:56 - 00053808 _____ C:\Users\arose\Downloads\Elie%20Wiesel%209.jpg
2016-12-12 15:11 - 2016-12-12 15:11 - 00621544 _____ C:\Users\arose\Downloads\1016000A.rtf
2016-12-12 15:08 - 2016-12-12 15:08 - 00461312 _____ C:\Users\arose\Downloads\Family Tree Dec 2007.vsd
2016-12-12 14:47 - 2016-12-12 14:47 - 00016887 _____ C:\Users\arose\OneDrive\Documents\technol.docx
2016-12-12 13:10 - 2016-12-12 13:10 - 00151129 _____ C:\Users\arose\Downloads\ea-12-16.xlsx
2016-12-12 13:03 - 2016-12-12 13:03 - 00029184 _____ C:\Users\arose\Downloads\a.doc
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2017-01-10 01:39 - 2016-05-05 14:58 - 01655800 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2017-01-10 01:34 - 2016-09-26 14:02 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2017-01-10 01:34 - 2016-09-26 13:58 - 00000000 ____D C:\Users\arose
2017-01-10 01:34 - 2016-09-26 13:57 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2017-01-10 01:34 - 2016-08-07 16:47 - 00000000 __SHD C:\Users\arose\IntelGraphicsProfiles
2017-01-10 01:34 - 2016-07-16 01:04 - 01048576 _____ C:\WINDOWS\system32\config\BBI
2017-01-10 01:26 - 2016-07-16 06:47 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2017-01-10 01:24 - 2016-05-05 15:03 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2017-01-10 01:06 - 2016-07-16 06:47 - 00000000 ___HD C:\Program Files\WindowsApps
2017-01-10 01:06 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppReadiness
2017-01-10 00:19 - 2016-09-26 13:56 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2017-01-09 17:07 - 2016-09-04 19:06 - 00000000 ____D C:\Users\arose\AppData\Local\ElevatedDiagnostics
2017-01-09 15:11 - 2016-08-07 16:49 - 00000000 ___RD C:\Users\arose\OneDrive
2017-01-09 15:10 - 2016-08-08 02:26 - 00007599 _____ C:\Users\arose\AppData\Local\Resmon.ResmonCfg
2017-01-09 04:25 - 2016-08-07 16:47 - 00000000 ____D C:\Users\arose\AppData\Local\Packages
2017-01-09 04:24 - 2016-10-12 22:20 - 00000000 ____D C:\Users\arose\OneDrive\Documents\ADHD Success Plan For Women Transcripts
2017-01-08 22:38 - 2016-11-29 06:13 - 00004166 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{1DF9318F-08FA-4EF5-A914-221DFB179837}
2016-12-30 12:31 - 2016-07-16 06:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs
2016-12-29 18:35 - 2016-07-16 06:47 - 00000000 ___HD C:\ProgramData
2016-12-29 18:33 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\drivers
2016-12-29 18:18 - 2016-07-16 06:47 - 00000000 ___SD C:\ProgramData\Microsoft
2016-12-29 17:58 - 2016-07-16 01:04 - 00000000 ___RD C:\Program Files
2016-12-29 17:38 - 2016-07-16 01:04 - 00032768 _____ C:\WINDOWS\system32\config\ELAM
2016-12-29 17:38 - 2016-07-16 01:04 - 00000000 ____D C:\Program Files\Common Files
2016-12-29 17:02 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64
2016-12-29 16:19 - 2016-08-07 16:46 - 00000000 ___RD C:\Users\arose\Music
2016-12-29 05:17 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Tasks
2016-12-29 03:33 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-12-29 00:42 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\CatRoot
2016-12-27 06:15 - 2016-07-16 06:45 - 00000000 ____D C:\WINDOWS\INF
2016-12-27 05:42 - 2016-08-07 16:47 - 00000000 ____D C:\Users\arose\AppData\Local\VirtualStore
2016-12-26 23:19 - 2016-09-26 13:58 - 00524288 ___SH C:\WINDOWS\system32\config\COMPONENTS{f5b135e6-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000002.regtrans-ms
2016-12-26 23:18 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\catroot2
2016-12-26 23:18 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\DriverStore
2016-12-26 23:17 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\WinSxS
2016-12-24 04:46 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-12-19 16:47 - 2016-08-07 16:46 - 00000000 ____D C:\Users\arose\AppData\LocalLow
2016-12-19 14:55 - 2016-05-05 14:56 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
2016-12-19 14:55 - 2016-05-05 14:56 - 00000000 ____D C:\Program Files\Dell
2016-12-19 14:45 - 2016-09-27 10:22 - 00000000 ____D C:\WINDOWS\Minidump
2016-12-17 00:02 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\rescache
2016-12-16 22:08 - 2016-09-26 14:02 - 00003416 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2016-12-16 22:08 - 2016-09-26 14:02 - 00003292 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2016-12-16 17:32 - 2016-08-07 16:49 - 00002365 _____ C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-12-16 03:33 - 2016-07-16 06:47 - 00000000 __RSD C:\WINDOWS\assembly
2016-12-16 00:38 - 2016-08-07 16:47 - 00000000 ___RD C:\Users\arose\Searches
2016-12-15 22:15 - 2016-09-26 14:02 - 00003834 _____ C:\WINDOWS\System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473
2016-12-15 22:10 - 2016-08-07 16:50 - 00000402 ___SH C:\Users\arose\OneDrive\Documents\desktop.ini
2016-12-15 22:10 - 2016-08-07 16:47 - 00000282 ___SH C:\Users\arose\Downloads\desktop.ini
2016-12-15 22:10 - 2016-08-07 16:47 - 00000282 ___SH C:\Users\arose\Desktop\desktop.ini
2016-12-15 22:10 - 2016-08-07 16:47 - 00000174 ___SH C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\desktop.ini
2016-12-15 22:10 - 2016-08-07 16:47 - 00000000 ___RD C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Administrative Tools
2016-12-15 22:10 - 2016-08-07 16:46 - 00000000 ___RD C:\Users\arose\Saved Games
2016-12-15 22:10 - 2016-08-07 16:46 - 00000000 ___RD C:\Users\arose\Favorites
2016-12-15 22:10 - 2016-07-16 01:04 - 00262144 _____ C:\Users\Default\NTUSER.DAT
2016-12-15 22:10 - 2016-05-05 15:11 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-12-15 22:09 - 2016-09-26 13:56 - 00337064 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-12-15 22:08 - 2016-09-26 13:56 - 00524288 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TMContainer00000000000000000001.regtrans-ms
2016-12-15 22:08 - 2016-09-26 13:56 - 00065536 ___SH C:\WINDOWS\system32\config\DRIVERS{f5b135f1-4b48-11e6-80cb-e41d2d012050}.TM.blf
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\SysWOW64\en-US
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\wbem
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\en-US
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\system32\Boot
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\ShellExperiences
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\WINDOWS\AppPatch
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files\Internet Explorer
2016-12-15 22:08 - 2016-07-16 06:47 - 00000000 ____D C:\Program Files (x86)\Internet Explorer
2016-12-15 22:08 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-12-15 22:08 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-12-15 22:08 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-12-15 22:08 - 2016-07-16 01:04 - 00000000 ____D C:\WINDOWS\servicing
2016-12-15 22:07 - 2016-07-16 06:47 - 00000796 ___SH C:\ProgramData\Microsoft\Windows\Start Menu\Programs\desktop.ini
2016-12-15 22:04 - 2016-05-05 15:02 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-12-15 22:04 - 2016-05-05 15:02 - 00000930 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-12-14 18:46 - 2016-08-19 17:35 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-12-14 18:46 - 2016-08-19 17:35 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-12-14 14:00 - 2016-07-16 06:36 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-12-14 13:57 - 2016-08-07 17:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-12-14 13:56 - 2016-08-07 17:08 - 135632432 ____C (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
 
==================== Files in the root of some directories =======
 
2016-12-19 16:47 - 2016-12-28 18:19 - 12964920 _____ (Webroot Software, Inc.) C:\Program Files (x86)\Common Files\wruninstall.exe
2016-08-08 02:26 - 2017-01-09 15:10 - 0007599 _____ () C:\Users\arose\AppData\Local\Resmon.ResmonCfg
 
==================== Bamital & volsnap ======================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 
LastRegBack: 2017-01-09 18:09
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version: 08-01-2017
Ran by arose (10-01-2017 01:39:48)
Running from C:\Users\arose\Downloads
Windows 10 Home Version 1607 (X64) (2016-09-26 19:03:13)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-1860959292-1840385675-445126456-500 - Administrator - Disabled)
arose (S-1-5-21-1860959292-1840385675-445126456-1001 - Administrator - Enabled) => C:\Users\arose
DefaultAccount (S-1-5-21-1860959292-1840385675-445126456-503 - Limited - Disabled)
Guest (S-1-5-21-1860959292-1840385675-445126456-501 - Limited - Disabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Malwarebytes (Enabled - Out of date) {23007AD3-69FE-687C-2629-D584AFFAF72B}
AS: Malwarebytes (Enabled - Out of date) {98619B37-4FC4-67F2-1C99-EEF6D47DBD96}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Apple Application Support (32-bit) (HKLM-x32\...\{D079CAAD-0C31-47A2-9AF5-A82F9CD9B221}) (Version: 5.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{64E6007B-1DA9-42CD-BBE4-D5FA67A7C71D}) (Version: 5.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{55BB2110-FB43-49B3-93F4-945A0CFB0A6C}) (Version: 10.0.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Canon MP Navigator 3.0 (HKLM-x32\...\MP Navigator 3.0) (Version:  - )
Canon MP600 (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600) (Version:  - )
Dell Customer Connect (HKLM-x32\...\{35BEC446-269E-42E4-8EED-191A38CCFF3D}) (Version: 1.4.10.0 - Dell Inc.)
Dell Data Vault (Version: 4.3.9.0 - Dell Inc.) Hidden
Dell Digital Delivery (HKLM-x32\...\{AB7F2792-2ED1-4C5C-9F28-680E5110BF72}) (Version: 3.1.1018.0 - Dell Products, LP)
Dell Foundation Services (HKLM\...\{BDB50421-E961-42F3-B803-6DAC6F127834}) (Version: 3.4.15000.0 - Dell Inc.)
Dell Help & Support (HKLM-x32\...\InstallShield_{7E780845-303D-4B46-9746-9D49D94D16AB}) (Version: 2.3.22.0 - Dell Inc.)
Dell Help & Support (Version: 2.3.22.0 - Dell Inc.) Hidden
Dell Product Registration (HKLM-x32\...\InstallShield_{85B14AE3-1624-45BE-942B-A528DF6F1CCE}) (Version: 3.0.123.0 - Dell Inc.)
Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.3.6855.61 - Dell)
Dell SupportAssistAgent (HKLM-x32\...\{27130E51-9555-408B-8134-7BFF54EDE27B}) (Version: 1.3.0.72 - Dell)
Dell System Detect (HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\58d94f3ce2c27db0) (Version: 7.11.0.6 - Dell)
Dell Update (HKLM-x32\...\{2BE9948C-FD9C-40B0-AC04-EE2AAB4C19D4}) (Version: 1.8.1114.0 - Dell Inc.)
Dropbox 20 GB (HKLM-x32\...\{736A97C6-8766-3699-84A9-71736C5E0CE3}) (Version: 3.1.11.0 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.59.1 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 55.0.2883.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.32.7 - Google Inc.) Hidden
Intel® Chipset Device Software (x32 Version: 10.1.1.13 - Intel® Corporation) Hidden
Intel® Dynamic Platform and Thermal Framework (HKLM-x32\...\{654EE65D-FAA4-4EA6-8C07-DC94E6A304D4}) (Version: 8.1.10605.221 - Intel Corporation)
Intel® HID Event Filter (HKLM-x32\...\3FB06EEC-013D-4366-9918-71B97DFB84EB) (Version: 1.1.0.311 - Intel Corporation)
Intel® Management Engine Components (HKLM\...\{1CEAC85D-2590-4760-800F-8DE5E91F3700}) (Version: 11.0.0.1178 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4390 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 14.8.1.1043 - Intel Corporation)
Intel® Virtual Buttons (HKLM-x32\...\1992736F-C90A-481C-B21B-EE34CAD07387) (Version: 1.1.0.21 - Intel Corporation)
Intel® WiDi (HKLM\...\{E8A2DA8A-CA1A-4F5A-B113-6C34FCC4B6D4}) (Version: 6.0.62.0 - Intel Corporation)
Intel® WiDi Software Asset Manager (x32 Version: 3.2.1184 - Intel Corporation) Hidden
Intel® Wireless Bluetooth® (HKLM-x32\...\{4DA9DC19-4E1D-4B10-A726-A5F2A1BC7265}) (Version: 18.1.1546.2762 - Intel Corporation)
Intel® Integrated Sensor Solution (HKLM-x32\...\{755abcd0-2942-482b-a27d-22921a5849f0}) (Version: 3.0.14.3056 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{cf83f42d-16f2-4158-9670-e446c18f758d}) (Version: 19.1.0 - Intel Corporation)
Intel® Security Assist (HKLM-x32\...\{3D45BD48-F215-4C69-B23F-256C83D1D7F0}) (Version: 1.0.0.534 - Intel Corporation)
Intel® Software Guard Extensions Platform Software (HKLM\...\{D6CE0772-080E-45D4-8CB0-AB2AB9710DFE}) (Version: 1.1.28151.80 - Intel Corporation)
ISS_Drivers_x64 (Version: 3.0.14.3056 - Intel Corporation) Hidden
iTunes (HKLM\...\{81C96689-EA5B-4B7D-A04F-16326EC51BC2}) (Version: 12.5.4.42 - Apple Inc.)
Java 8 Update 111 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F32180111F0}) (Version: 8.0.1110.14 - Oracle Corporation)
Malwarebytes version 3.0.5.1299 (HKLM\...\{35065F43-4BB2-439A-BFF7-0F1014F2E0CD}_is1) (Version: 3.0.5.1299 - Malwarebytes)
Maxx Audio Installer (x64) (Version: 2.6.8006.3 - Waves Audio Ltd.) Hidden
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft Office Professional Plus 2016 - en-us (HKLM\...\ProPlusRetail - en-us) (Version: 16.0.7571.2109 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\OneDriveSetup.exe) (Version: 17.3.6720.1207 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component 64-bit Registration (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.7571.2109 - Microsoft Corporation) Hidden
Product Registration (Version: 3.0.123.0 - Dell Inc.) Hidden
QuickSet64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.35 - Dell Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 10.0.10586.31222 - Realtek Semiconduct Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7751 - Realtek Semiconductor Corp.)
Realtek PC Camera Driver (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10240.11160 - Realtek Semiconductor Corp.)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {01462C63-714C-453D-9660-B5EB07549796} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-19] (Google Inc.)
Task: {02504A27-8D43-4938-8248-F4DD43896D4A} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {0845AC6F-34D4-41F3-8FB2-F66F509409C9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {0A93B7DB-FA7D-4168-A7A0-D103554AC83D} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {2BA73575-1006-4AC7-84B6-DD30328A921C} - System32\Tasks\DropboxOEM => C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe [2016-04-04] ()
Task: {37B015A9-1A09-4117-9E64-ADFB272E3998} - System32\Tasks\WRU => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [2016-02-24] ()
Task: {44F6D210-2874-47EE-8D19-70D9889F9430} - System32\Tasks\IUM-F1E24CA0-B63E-4F13-A9E3-4ADE3BFF3473 => C:\Program Files (x86)\Intel\Intel® Update Manager\bin\iumsvc.exe
Task: {57C3AB13-8B7A-41CD-84B4-3117F1D99774} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
Task: {5C5CB8D1-F660-4554-A7EB-A6D9D9F8FF22} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-09-13] (PC-Doctor, Inc.)
Task: {6243C203-5E9D-483C-8938-F5EEB9D2BD40} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
Task: {66787C2C-16F7-486C-9A65-74C1B66DCB72} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
Task: {7917B69E-984A-49F7-9BD1-84A143B721ED} - System32\Tasks\Intel\Intel Telemetry 2 => C:\Program Files\Intel\Telemetry 2.0\lrio.exe [2015-06-05] (Intel Corporation)
Task: {83BDF2E5-01E3-4129-9808-77D13A87CECA} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-09-09] (Dell Inc.)
Task: {8B59D9B8-02FA-427F-9F46-8CA135C32128} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-08-19] (Google Inc.)
Task: {9068DED5-D589-44A9-A5A6-7CA9E9FA5D47} - System32\Tasks\OneDrive Standalone Update Task => C:\Users\arose\AppData\Local\Microsoft\OneDrive\17.3.6517.0809\OneDriveStandaloneUpdater.exe
Task: {968E849C-DD24-405F-8BED-7EEDADE21BDB} - System32\Tasks\IntelWiDi-Upgrade-91ba0caa-28a7-4f47-8d08-f71b4b10fbec-Logon => C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe [2015-09-17] (Intel Corporation)
Task: {9E707D9A-97D7-410A-A02C-2B379D9E8753} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {A944872F-2A6E-449A-A858-E934B67C2434} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
Task: {AEED100F-0FB1-453F-9C3D-39C58C9A3ECE} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-08] (Dropbox, Inc.)
Task: {BF397469-CBD8-470B-9756-5E513C7020B0} - System32\Tasks\WRUStartup => C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe [2016-02-24] ()
Task: {C21FED51-796E-4FCA-B619-5FFD760281CF} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2016-11-08] (Dropbox, Inc.)
Task: {CC47158E-0D00-4C5C-9046-CE361B60B2F3} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {CE94B496-E9F2-4743-AF4D-89F49BBA4D26} - System32\Tasks\RtHDVBg_PushButton => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [2016-02-26] (Realtek Semiconductor)
Task: {CEA9FFE4-532A-4843-BC68-1FC09D2B94A4} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {D9FA1FCC-9C23-4AD7-A57F-FF8C264BBE9D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack2016 => C:\Program Files (x86)\Microsoft Office\root\Office16\msoia.exe [2016-12-28] (Microsoft Corporation)
Task: {ECCC2AE1-90B5-4AEF-9978-E1CF908F26E1} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-12-28] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2016-07-16 06:42 - 2016-07-16 06:42 - 00231424 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-12-14 11:35 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-12-14 11:35 - 2016-12-09 05:29 - 02681200 _____ () C:\WINDOWS\SYSTEM32\CoreUIComponents.dll
2016-12-16 17:31 - 2016-12-16 17:31 - 01678560 _____ () C:\Users\arose\AppData\Local\Microsoft\OneDrive\17.3.6720.1207\amd64\ClientTelemetry.dll
2016-08-12 11:38 - 2016-12-28 12:03 - 08924864 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-05-05 15:32 - 2016-03-07 07:11 - 00384120 _____ () C:\WINDOWS\system32\igfxTray.exe
2016-09-26 17:54 - 2016-09-26 17:54 - 00134656 _____ () C:\Windows\ShellExperiences\Windows.UI.Shell.SharedUtilities.dll
2016-12-14 11:36 - 2016-12-09 04:41 - 00474112 _____ () C:\Windows\ShellExperiences\QuickActions.dll
2016-09-26 14:36 - 2016-09-26 14:36 - 01573584 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.1.40.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2016-09-29 16:48 - 2016-09-29 16:51 - 00366080 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.1.40.0_x64__8wekyb3d8bbwe\Microsoft.Notes.Upgrade.dll
2016-11-10 16:46 - 2016-11-02 05:21 - 09760768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-11-10 16:46 - 2016-11-02 05:15 - 01401856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-11-10 16:53 - 2016-11-02 05:14 - 00757248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CSGSuggestLib.dll
2016-11-10 16:54 - 2016-11-02 05:15 - 01033216 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-11-10 16:53 - 2016-11-02 05:16 - 02424320 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-11-10 16:53 - 2016-11-02 05:17 - 04853760 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-11-17 01:28 - 2016-11-17 01:28 - 01353528 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-07-06 15:52 - 2015-07-06 15:52 - 00007680 _____ () C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
2016-12-30 12:30 - 2016-12-14 12:55 - 02259232 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\PoliciesControllerImpl.dll
2016-12-30 12:30 - 2017-01-03 12:41 - 02247632 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\MwacLib.dll
2016-12-30 12:30 - 2017-01-03 12:41 - 02813904 _____ () C:\PROGRAM FILES\MALWAREBYTES\ANTI-MALWARE\arwlib.dll
2016-12-14 18:46 - 2016-12-08 03:03 - 02412888 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libglesv2.dll
2016-12-14 18:46 - 2016-12-08 03:03 - 00099672 _____ () C:\Program Files (x86)\Google\Chrome\Application\55.0.2883.87\libegl.dll
2016-12-29 18:18 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2016-12-29 18:18 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2016-12-29 18:18 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2016-12-29 18:18 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2016-12-29 18:18 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2016-09-09 07:32 - 2016-09-09 07:32 - 00134008 _____ () C:\Program Files (x86)\Dell Customer Connect\ServiceTagPlusPlus.dll
2015-06-23 18:26 - 2015-06-23 18:26 - 00155888 _____ () c:\Program Files (x86)\Dell Digital Delivery\ServiceTagPlusPlus.dll
2016-01-21 02:12 - 2016-01-21 02:12 - 01243936 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\MBAMService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRkrn => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WRSVC => ""="Service"
 
==================== Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE restricted site: HKU\.DEFAULT\...\007guard.com -> install.007guard.com
IE restricted site: HKU\.DEFAULT\...\008i.com -> 008i.com
IE restricted site: HKU\.DEFAULT\...\008k.com -> www.008k.com
IE restricted site: HKU\.DEFAULT\...\00hq.com -> www.00hq.com
IE restricted site: HKU\.DEFAULT\...\010402.com -> 010402.com
IE restricted site: HKU\.DEFAULT\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\.DEFAULT\...\0scan.com -> www.0scan.com
IE restricted site: HKU\.DEFAULT\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\.DEFAULT\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\.DEFAULT\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\.DEFAULT\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\.DEFAULT\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\.DEFAULT\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\.DEFAULT\...\10sek.com -> www.10sek.com
IE restricted site: HKU\.DEFAULT\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\.DEFAULT\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\.DEFAULT\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\.DEFAULT\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\.DEFAULT\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\.DEFAULT\...\123simsen.com -> www.123simsen.com
 
There are 7924 more sites.
 
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\007guard.com -> install.007guard.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\008k.com -> www.008k.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\00hq.com -> www.00hq.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\010402.com -> 010402.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\0scan.com -> www.0scan.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\1-2005-search.com -> www.1-2005-search.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\1000gratisproben.com -> www.1000gratisproben.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\1001namen.com -> www.1001namen.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\100888290cs.com -> mir.100888290cs.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\100sexlinks.com -> www.100sexlinks.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\10sek.com -> www.10sek.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\12-26.net -> user1.12-26.net
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\12-27.net -> user1.12-27.net
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\123fporn.info -> www.123fporn.info
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\123moviedownload.com -> www.123moviedownload.com
IE restricted site: HKU\S-1-5-21-1860959292-1840385675-445126456-1001\...\123simsen.com -> www.123simsen.com
 
There are 7924 more sites.
 
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 02:24 - 2017-01-09 14:17 - 00453906 ____R C:\WINDOWS\system32\Drivers\etc\hosts
 
127.0.0.1 www.007guard.com
127.0.0.1 007guard.com
127.0.0.1 008i.com
127.0.0.1 www.008k.com
127.0.0.1 008k.com
127.0.0.1 www.00hq.com
127.0.0.1 00hq.com
127.0.0.1 010402.com
127.0.0.1 www.032439.com
127.0.0.1 032439.com
127.0.0.1 www.0scan.com
127.0.0.1 0scan.com
127.0.0.1 1000gratisproben.com
127.0.0.1 www.1000gratisproben.com
127.0.0.1 1001namen.com
127.0.0.1 www.1001namen.com
127.0.0.1 100888290cs.com
127.0.0.1 www.100888290cs.com
127.0.0.1 www.100sexlinks.com
127.0.0.1 100sexlinks.com
127.0.0.1 10sek.com
127.0.0.1 www.10sek.com
127.0.0.1 www.1-2005-search.com
127.0.0.1 1-2005-search.com
127.0.0.1 123fporn.info
127.0.0.1 www.123fporn.info
127.0.0.1 www.123haustiereundmehr.com
127.0.0.1 123haustiereundmehr.com
127.0.0.1 123moviedownload.com
127.0.0.1 www.123moviedownload.com
 
There are 15574 more lines.
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1860959292-1840385675-445126456-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\arose\Desktop\wallpaper.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 2) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
HKLM\...\StartupApproved\Run: => "Malwarebytes TrayApp"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => LPort=139
FirewallRules: [{F2189CC4-2B09-4B74-A9E9-8543F34D0C42}] => C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{BB1B704B-B2C8-4485-B00C-72B65CD3C985}] => C:\Program Files\Intel Corporation\Intel WiDi\SmartAgentTest.exe
FirewallRules: [{BE3A050C-F3A5-4EFC-A392-CBB32401C36C}] => C:\Program Files\Intel Corporation\Intel WiDi\Next\WirelessDisplay.exe
FirewallRules: [{7B082046-3446-4D08-AA07-7363A4D3B688}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiAppOld.exe
FirewallRules: [{9CC0992A-0C42-46C6-B402-75CB21ECE092}] => C:\Program Files\Intel Corporation\Intel WiDi\WiDiApp.exe
FirewallRules: [{F7933A62-770E-4FF7-9F4F-775F68E4E8DC}] => C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [{370BE607-0F16-4FAF-BC17-6C9255B77305}] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [{BB84A170-EE1B-4989-8789-21E105ADA764}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{625E46A4-4BBC-41F8-B024-ECB06BC48267}] => C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{B400DA4F-A3DB-43DE-B3F9-9EF132C1AB70}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{1DD4413D-73CD-4916-A7B3-690F34AFB1D6}] => C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{37D9D5D8-F274-4063-9E7C-4C510EF5277D}] => C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{46FB9571-A40A-4B16-B141-408EF2652427}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{07E49B1E-29D7-4F6E-A4E9-2E84D398B195}] => C:\Program Files (x86)\Microsoft Office\root\Office16\Lync.exe
FirewallRules: [{2EB2EC31-D22C-4748-A07D-D0FD6DDF0747}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
FirewallRules: [{C25A51B8-3CFF-47F0-976D-C1E7FF12C7E5}] => C:\Program Files (x86)\Microsoft Office\root\Office16\UcMapi.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
 
==================== Restore Points =========================
 
21-12-2016 16:34:17 Scheduled Checkpoint
26-12-2016 23:18:04 Installed iTunes
03-01-2017 17:24:51 Scheduled Checkpoint
 
==================== Faulty Device Manager Devices =============
 
Name: Integrated Webcam
Description: Integrated Webcam
Class Guid: {6bdd1fc6-810f-11d0-bec7-08002be2092f}
Manufacturer: CN0JCXG072487648A76SA00
Service: rtsuvc
Problem: : This device is disabled. (Code 22)
Resolution: In Device Manager, click "Action", and then click "Enable Device". This starts the Enable Device wizard. Follow the instructions.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (01/09/2017 06:15:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: MicrosoftEdge.exe, version: 11.0.14393.576, time stamp: 0x584a7815
Faulting module name: MicrosoftEdge.exe, version: 11.0.14393.576, time stamp: 0x584a7815
Exception code: 0xc0000005
Fault offset: 0x000000000012f430
Faulting process id: 0xe00
Faulting application start time: 0x01d26ace095c02b0
Faulting application path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Faulting module path: C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
Report Id: b42c5fa2-cd60-4304-9c89-66374a1de8ab
Faulting package full name: Microsoft.MicrosoftEdge_38.14393.0.0_neutral__8wekyb3d8bbwe
Faulting package-relative application ID: MicrosoftEdge
 
Error: (01/09/2017 05:58:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Microsoft.StickyNotes.exe, version: 1.1.40.0, time stamp: 0x57dc7326
Faulting module name: CoreUIComponents.dll, version: 0.0.0.0, time stamp: 0x584a72ab
Exception code: 0xc0000005
Fault offset: 0x0000000000072fda
Faulting process id: 0x14bc
Faulting application start time: 0x01d26ab6544d4be1
Faulting application path: C:\Program Files\WindowsApps\Microsoft.MicrosoftStickyNotes_1.1.40.0_x64__8wekyb3d8bbwe\Microsoft.StickyNotes.exe
Faulting module path: C:\WINDOWS\system32\CoreUIComponents.dll
Report Id: f508cbec-7d7d-4442-b103-60e9e35ce309
Faulting package full name: Microsoft.MicrosoftStickyNotes_1.1.40.0_x64__8wekyb3d8bbwe
Faulting package-relative application ID: App
 
Error: (01/09/2017 05:58:26 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Explorer.EXE, version: 10.0.14393.479, time stamp: 0x58258a90
Faulting module name: windows.storage.dll, version: 10.0.14393.479, time stamp: 0x58258b70
Exception code: 0xc0000005
Fault offset: 0x00000000000096f6
Faulting process id: 0x13ac
Faulting application start time: 0x01d26ab6536966be
Faulting application path: C:\WINDOWS\Explorer.EXE
Faulting module path: C:\WINDOWS\System32\windows.storage.dll
Report Id: a8469c9b-1b9e-43c7-ae84-d1dd32ab1a2d
Faulting package full name: 
Faulting package-relative application ID:
 
Error: (01/09/2017 05:04:58 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.14393.0, time stamp: 0x57899179
Faulting module name: MessagingNativeCore.dll, version: 2.19.1607.1001, time stamp: 0x5776e7d8
Exception code: 0xc0000005
Fault offset: 0x001043cf
Faulting process id: 0x2a74
Faulting application start time: 0x01d26ac46a82b1ff
Faulting application path: C:\WINDOWS\syswow64\backgroundTaskHost.exe
Faulting module path: C:\Program Files\WindowsApps\Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
Report Id: 6dd59855-7282-4b1d-8f8e-5c83f5cb3f0b
Faulting package full name: Microsoft.Messaging_3.19.1001.0_x86__8wekyb3d8bbwe
Faulting package-relative application ID: x27e26f40ye031y48a6yb130yd1f20388991ax
 
Error: (01/09/2017 04:02:24 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/09/2017 04:01:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-HJKAOCL)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/09/2017 04:00:57 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe.Manifest".Error in manifest or policy file "C:\Program Files (x86)\Microsoft Office\root\Office16\UccApi.DLL" on line 1.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="16.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="16.0.0.0".
Please use sxstrace.exe for detailed diagnosis.
 
Error: (01/09/2017 03:11:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-HJKAOCL)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2147024865 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/09/2017 03:11:48 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-HJKAOCL)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.
 
Error: (01/09/2017 02:30:30 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Task Scheduling Error: m->NextScheduledSPRetry 8437
 
 
System errors:
=============
Error: (01/10/2017 01:36:55 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
Error: (01/10/2017 01:35:42 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID 
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/10/2017 01:35:32 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{3185A766-B338-11E4-A71E-12E3F512A338}
 and APPID 
{7006698D-2974-4091-A424-85DD0B909E23}
 to the user NT AUTHORITY\NETWORK SERVICE SID (S-1-5-20) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/10/2017 01:34:55 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{8D8F4F83-3594-4F07-8369-FC3C3CAE4919}
 and APPID 
{F72671A9-012C-4725-9D2F-2A4D32D65169}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/10/2017 01:08:15 AM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HJKAOCL)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.
 
Error: (01/10/2017 01:06:15 AM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
Error: (01/09/2017 10:21:27 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
Error: (01/09/2017 10:07:05 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-HJKAOCL)
Description: The server {21F282D1-A881-49E1-9A3A-26E44E39B86C} did not register with DCOM within the required timeout.
 
Error: (01/09/2017 10:05:05 PM) (Source: Service Control Manager) (EventID: 7023) (User: )
Description: The Connected Devices Platform Service service terminated with the following error: 
Unspecified error
 
Error: (01/09/2017 09:27:44 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID 
{D63B10C5-BB46-4990-A94F-E40B9D520160}
 and APPID 
{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}
 to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
 
 
CodeIntegrity:
===================================
  Date: 2017-01-03 12:42:27.625
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-03 12:42:27.624
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2017-01-03 12:42:27.623
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-30 12:31:12.629
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-30 12:31:12.627
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-30 12:31:12.603
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-29 00:37:22.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-29 00:37:22.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-29 00:37:22.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
  Date: 2016-12-29 00:37:22.679
  Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe) attempted to load \Device\HarddiskVolume3\Program Files\Malwarebytes\Anti-Malware\mbae64.dll that did not meet the Store signing level requirements.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-6500U CPU @ 2.50GHz
Percentage of memory in use: 27%
Total physical RAM: 12147.63 MB
Available physical RAM: 8851.45 MB
Total Virtual: 35699.63 MB
Available Virtual: 32243.81 MB
 
==================== Drives ================================
 
Drive c: (OS) (Fixed) (Total:466.05 GB) (Free:388.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 3EF6AA17)
 
Partition: GPT.
 
==================== End of Addition.txt ============================
 
from the day before 
 
HJT log
 
Logfile of Trend Micro HijackThis v2.0.5
Scan saved at 11:57:56 PM, on 1/11/2017
Platform: Unknown Windows (WinNT 6.02.1008)
MSIE: Internet Explorer v11.0 (11.00.14393.0000)
 
 
Boot mode: Normal
 
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.google.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://www.google.com
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant = 
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch = 
O2 - BHO: Lync Click to Call BHO - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O2 - BHO: Java™ Plug-In SSV Helper - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\ssv.dll
O2 - BHO: Webroot Vault - {c8d5d964-2be8-4c5b-8cf5-6e975aa88504} - C:\ProgramData\WRData\pkg\LPBar.dll (file missing)
O2 - BHO: Microsoft OneDrive for Business Browser Helper - {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVEEX.DLL
O2 - BHO: Java™ Plug-In 2 SSV Helper - {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre1.8.0_111\bin\jp2ssv.dll
O3 - Toolbar: Webroot Toolbar - {97ab88ef-346b-4179-a0b1-7445896547a5} - C:\ProgramData\WRData\pkg\LPBar.dll (file missing)
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe"
O4 - HKLM\..\Run: [SDTray] "C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe"
O4 - HKCU\..\Run: [HijackThis startup scan] C:\Users\arose\Downloads\HijackThis.exe /startupscan
O4 - Startup: Send to OneNote.lnk = C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE
O6 - HKLM\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: Se&nd to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
O9 - Extra button: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra 'Tools' menuitem: Lync Click to Call - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\Office16\OCHelper.dll
O9 - Extra button: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll (file missing)
O9 - Extra 'Tools' menuitem: Webroot - {43699cd0-e34f-11de-8a39-0800200c9a66} - C:\ProgramData\WRData\pkg\LPBar.dll (file missing)
O9 - Extra button: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O9 - Extra 'Tools' menuitem: OneNote Lin&ked Notes - {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
O11 - Options group: [ACCELERATED_GRAPHICS] Accelerated graphics
O18 - Protocol: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
O18 - Protocol: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O18 - Protocol: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
O20 - Winlogon Notify: SDWinLogon - SDWinLogon.dll (file missing)
O23 - Service: Intel® SGX AESM (AESMService) - Intel Corporation - c:\Program Files\Intel\IntelSGXPSW\bin\x64\Release\aesm_service.exe
O23 - Service: @%SystemRoot%\system32\Alg.exe,-112 (ALG) - Unknown owner - C:\WINDOWS\System32\alg.exe (file missing)
O23 - Service: Apple Mobile Device Service - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Intel® Content Protection HECI Service (cphs) - Intel Corporation - C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
O23 - Service: Intel® Content Protection HDCP Service (cplspcon) - Unknown owner - C:\WINDOWS\system32\IntelCpHDCPSvc.exe (file missing)
O23 - Service: Dropbox Update Service (dbupdate) (dbupdate) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dropbox Update Service (dbupdatem) (dbupdatem) - Dropbox, Inc. - C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
O23 - Service: Dell Customer Connect - Dell Inc. - C:\Program Files (x86)\Dell Customer Connect\DCCService.exe
O23 - Service: Dell Foundation Services - Dell - C:\Program Files\Dell\Dell Foundation Services\DFSSvc.exe
O23 - Service: Dell Help & Support - Dell Inc. - C:\Program Files\Dell\Dell Help & Support\MDLCSvc.exe
O23 - Service: Dell Data Vault (DellDataVault) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVault.exe
O23 - Service: Dell Data Vault Wizard (DellDataVaultWiz) - Dell Inc. - C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe
O23 - Service: Dell Digital Delivery Service (DellDigitalDelivery) - Dell Products, LP. - c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe
O23 - Service: Dell Update Service (DellUpdate) - Dell Inc. - C:\Program Files (x86)\Dell Update\DellUpService.exe
O23 - Service: @%SystemRoot%\system32\DiagSvcs\DiagnosticsHub.StandardCollector.ServiceRes.dll,-1000 (diagnosticshub.standardcollector.service) - Unknown owner - C:\WINDOWS\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe (file missing)
O23 - Service: @%SystemRoot%\system32\efssvc.dll,-100 (EFS) - Unknown owner - C:\WINDOWS\System32\lsass.exe (file missing)
O23 - Service: @oem30.inf,%ServiceDisplayName%;ESIF Upper Framework Service (esifsvc) - Intel Corporation - C:\WINDOWS\SysWoW64\esif_uf.exe
O23 - Service: Intel® PROSet/Wireless Event Log (EvtEng) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\EvtEng.exe
O23 - Service: @%systemroot%\system32\fxsresm.dll,-118 (Fax) - Unknown owner - C:\WINDOWS\system32\fxssvc.exe (file missing)
O23 - Service: Google Update Service (gupdate) (gupdate) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Google Update Service (gupdatem) (gupdatem) - Google Inc. - C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
O23 - Service: Intel® Rapid Storage Technology (IAStorDataMgrSvc) - Intel Corporation - C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
O23 - Service: @oem44.inf,%SERVICE_NAME%;Intel Bluetooth Service (ibtsiva) - Unknown owner - C:\WINDOWS\system32\ibtsiva (file missing)
O23 - Service: Intel® HD Graphics Control Panel Service (igfxCUIService2.0.0.0) - Unknown owner - C:\WINDOWS\system32\igfxCUIService.exe (file missing)
O23 - Service: Intel® Capability Licensing Service TCP IP Interface - Intel® Corporation - C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe
O23 - Service: Intel® Security Assist - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Security Assist\isa.exe
O23 - Service: Intel® WiDi Software Asset Manager (Intel® WiDi SAM) - Intel Corporation - C:\Program Files (x86)\Intel Corporation\Intel WiDi\Intel® Software Asset Manager\bin\IntelSoftwareAssetManagerService.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Intel® Security Assist Helper (isaHelperSvc) - Unknown owner - C:\Program Files (x86)\Intel\Intel® Security Assist\isaHelperService.exe
O23 - Service: Intel® Dynamic Application Loader Host Interface Service (jhi_service) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
O23 - Service: @keyiso.dll,-100 (KeyIso) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Intel® Management and Security Application Local Management Service (LMS) - Intel Corporation - C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
O23 - Service: Malwarebytes Service (MBAMService) - Malwarebytes - C:\Program Files\Malwarebytes\Anti-Malware\mbamservice.exe
O23 - Service: @comres.dll,-2797 (MSDTC) - Unknown owner - C:\WINDOWS\System32\msdtc.exe (file missing)
O23 - Service: Wireless PAN DHCP Server (MyWiFiDHCPDNS) - Unknown owner - C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
O23 - Service: @%SystemRoot%\System32\netlogon.dll,-102 (Netlogon) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Product Registration - Dell - C:\Program Files\Dell\Dell Product Registration\PRSvc.exe
O23 - Service: Intel® PROSet/Wireless Registry Service (RegSrvc) - Intel® Corporation - C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
O23 - Service: @%systemroot%\system32\Locator.exe,-2 (RpcLocator) - Unknown owner - C:\WINDOWS\system32\locator.exe (file missing)
O23 - Service: Realtek Audio Service (RtkAudioService) - Realtek Semiconductor - C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe
O23 - Service: @%SystemRoot%\system32\samsrv.dll,-1 (SamSs) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: Spybot-S&D 2 Scanner Service (SDScannerService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
O23 - Service: Spybot-S&D 2 Updating Service (SDUpdateService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
O23 - Service: Spybot-S&D 2 Security Center Service (SDWSCService) - Safer-Networking Ltd. - C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
O23 - Service: @%SystemRoot%\system32\SensorDataService.exe,-101 (SensorDataService) - Unknown owner - C:\WINDOWS\System32\SensorDataService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\snmptrap.exe,-3 (SNMPTRAP) - Unknown owner - C:\WINDOWS\System32\snmptrap.exe (file missing)
O23 - Service: @%systemroot%\system32\spoolsv.exe,-1 (Spooler) - Unknown owner - C:\WINDOWS\System32\spoolsv.exe (file missing)
O23 - Service: @%SystemRoot%\system32\sppsvc.exe,-101 (sppsvc) - Unknown owner - C:\WINDOWS\system32\sppsvc.exe (file missing)
O23 - Service: Dell SupportAssist Agent (SupportAssistAgent) - Dell Inc. - C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
O23 - Service: @%SystemRoot%\system32\TieringEngineService.exe,-702 (TieringEngineService) - Unknown owner - C:\WINDOWS\system32\TieringEngineService.exe (file missing)
O23 - Service: @%SystemRoot%\system32\ui0detect.exe,-101 (UI0Detect) - Unknown owner - C:\WINDOWS\system32\UI0Detect.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vaultsvc.dll,-1003 (VaultSvc) - Unknown owner - C:\WINDOWS\system32\lsass.exe (file missing)
O23 - Service: @%SystemRoot%\system32\vds.exe,-100 (vds) - Unknown owner - C:\WINDOWS\System32\vds.exe (file missing)
O23 - Service: @%systemroot%\system32\vssvc.exe,-102 (VSS) - Unknown owner - C:\WINDOWS\system32\vssvc.exe (file missing)
O23 - Service: Waves Audio Services (WavesSysSvc) - Waves Audio Ltd. - C:\Program Files\Waves\MaxxAudio\WavesSysSvc64.exe
O23 - Service: @%systemroot%\system32\wbengine.exe,-104 (wbengine) - Unknown owner - C:\WINDOWS\system32\wbengine.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-320 (WdNisSvc) - Unknown owner - C:\Program Files (x86)\Windows Defender\NisSrv.exe (file missing)
O23 - Service: @%ProgramFiles%\Windows Defender\MpAsDesc.dll,-310 (WinDefend) - Unknown owner - C:\Program Files (x86)\Windows Defender\MsMpEng.exe (file missing)
O23 - Service: @%Systemroot%\system32\wbem\wmiapsrv.exe,-110 (wmiApSrv) - Unknown owner - C:\WINDOWS\system32\wbem\WmiApSrv.exe (file missing)
O23 - Service: @%PROGRAMFILES%\Windows Media Player\wmpnetwk.exe,-101 (WMPNetworkSvc) - Unknown owner - C:\Program Files (x86)\Windows Media Player\wmpnetwk.exe (file missing)
O23 - Service: Intel® PROSet/Wireless Zero Configuration Service (ZeroConfigService) - Intel® Corporation - C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
 
--
End of file - 12710 bytes
 
 
Users shortcut scan result (x64) Version: 08-01-2017
Ran by arose (09-01-2017 04:53:25)
Running from C:\Users\arose\Downloads
Boot Mode: Normal
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
 
 
 
 
Shortcut: C:\ProgramData\{A328A61B-C332-4C8C-A740-42F7F71DC398}\DDV.lnk -> 
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\01 - File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\03 - Documents.lnk -> C:\Users\arose\OneDrive\Documents ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\04 - Downloads.lnk -> C:\Users\arose\Downloads ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\05 - Music.lnk -> C:\Users\arose\Music ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\06 - Pictures.lnk -> C:\Users\arose\OneDrive\Pictures ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\07 - Videos.lnk -> C:\Users\arose\Videos ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\08 - Homegroup.lnk -> Microsoft.Windows.Homegroup
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\09 - Network.lnk -> Microsoft.Windows.Network
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu Places\10 - UserProfile.lnk -> C:\Users\arose ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSACCESS.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk -> C:\Windows\Installer\{56EC47AA-5813-4FF6-8E75-544026FBEA83}\AppleSoftwareUpdateIco.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\EXCEL.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Immersive Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel® HD Graphics Control Panel.lnk -> C:\Windows\System32\GfxUIEx.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MiracastView.lnk -> C:\Windows\MiracastView\MiracastView.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneDrive for Business.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\GROOVE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTE.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\POWERPNT.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PrintDialog.lnk -> C:\Windows\PrintDialog\PrintDialog.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\MSPUB.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype for Business 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\lync.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Create USB Recovery.lnk -> C:\Windows\System32\RecoveryDrive.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Windows Defender.lnk -> C:\Program Files\Windows Defender\MSASCui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Create System Report.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDLogReport.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\File Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFiles.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Immunization.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Rootkit Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDRootAlyzer.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Tray Icon (Live Protection).lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2\Uninstall Spybot-S&D.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Language Preferences.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\SETLANG.EXE (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Skype for Business Recording Manager.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OcPubMgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Dashboard for Office 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msotd.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Telemetry Log for Office 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\msoev.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes\Uninstall Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\unins000.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Configure Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\javacpl.exe (Oracle Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\About iTunes.lnk -> C:\Program Files\iTunes\iTunes.Resources\en.lproj\About iTunes.rtf ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Corporation\Intel® WiDi Receiver Updater.lnk -> C:\Program Files\Intel Corporation\Intel WiDi\WRU.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel\Intel® Rapid Storage Technology.lnk -> C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorUI.exe (Intel Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell Audio\Dell Audio.lnk -> C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Digital Delivery.lnk -> C:\Program Files (x86)\Dell Digital Delivery\DeliveryTray.exe (Dell Products, LP)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Product Registration.lnk -> C:\Program Files\Dell\Dell Product Registration\ProductRegistration.exe (Dell)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Update.lnk -> C:\Program Files (x86)\Dell Update\DellUpTray.exe (Dell Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Power Manager\Dell Power Manager Lite.lnk -> C:\Program Files\Dell\QuickSet\DpmLite.exe (Wistron Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Help & Support\Dell Help & Support.lnk -> C:\Program Files\Dell\Dell Help & Support\Dell Help & Support.exe (Dell Inc.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MP Navigator 3.0\MP Navigator 3.0.lnk -> C:\Program Files (x86)\Canon\MP Navigator 3.0\mpn30.exe (CANON INC.)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MP Navigator 3.0\MP Navigator Readme.lnk -> C:\Program Files (x86)\Canon\MP Navigator 3.0\Readme.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP600 Manual\MP600 On-screen Manual.lnk -> C:\Program Files (x86)\Canon\IJ Manual\MP600\English\Windows\Contents87.chm ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP600 Manual\Uninstall.lnk -> C:\Program Files (x86)\Canon\IJ Manual\MP600\uninstall.exe ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP600\Readme.lnk -> C:\Program Files\CanonBJ\IJPrinter\Canon MP600\readme_English.txt ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Component Services.lnk -> C:\Windows\System32\comexp.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\dfrgui.lnk -> C:\Windows\System32\dfrgui.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Disk Cleanup.lnk -> C:\Windows\System32\cleanmgr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\iSCSI Initiator.lnk -> C:\Windows\System32\iscsicpl.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Memory Diagnostics Tool.lnk -> C:\Windows\System32\MdSched.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (32-bit).lnk -> C:\Windows\SysWOW64\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\ODBC Data Sources (64-bit).lnk -> C:\Windows\System32\odbcad32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\services.lnk -> C:\Windows\System32\services.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Configuration.lnk -> C:\Windows\System32\msconfig.exe (Microsoft® Windows® Operating System)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\System Information.lnk -> C:\Windows\System32\msinfo32.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Windows Firewall with Advanced Security.lnk -> C:\Windows\System32\WF.msc ()
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Math Input Panel.lnk -> C:\Program Files\Common Files\Microsoft Shared\ink\mip.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Paint.lnk -> C:\Windows\System32\mspaint.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Quick Assist.lnk -> C:\Windows\System32\quickassist.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Remote Desktop Connection.lnk -> C:\Windows\System32\mstsc.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Steps Recorder.lnk -> C:\Windows\System32\psr.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Fax and Scan.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Wordpad.lnk -> C:\Program Files\Windows NT\Accessories\wordpad.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\XPS Viewer.lnk -> C:\Windows\System32\xpsrchvw.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\System Tools\Character Map.lnk -> C:\Windows\System32\charmap.exe (Microsoft Corporation)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
Shortcut: C:\ProgramData\Microsoft\Internet Explorer\Quick Launch\System Scan.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe (Safer-Networking Ltd.)
Shortcut: C:\Users\arose\Pictures\PixfromMaxtor\My_Picturesbig1\Dell Picture Studio.lnk -> C:\Program Files\Sierra Imaging\Image Expert 2000\launch.exe (No File)
Shortcut: C:\Users\arose\Pictures\PixfromMaxtor\My_Picturesbig1\Sample Pictures.lnk -> 0x4C0000000114020000000000C0000000000000468B00000011000000008F057AD96DC10100B094C29A6DC10100A08791D96DC101000000000000000001000000000000000000000000000000F00014001F50E04FD020EA3A6910A2D808002B30309D32002E000C00000000000000000000000000741A595E96DFD3488D671733BCEE28BA471A0359723FA74489C55595FE6B30EE5A003100000000006F2B936B11004D59504943547E310000420003000400EFBE6F2B936B6F2B003014002C004D0079002000500069006300740075007200650073000000407368656C6C33322E646C6C2C2D32383939370018004E003100000000006F2BB26B110053414D504C457E310000360003000400EFBE6F2B9D6B6F2B003014000000530061006D0070006C006500200050006900630074007500720065007300000018000000780000001C000000010000001C0000002D00000000000000770000001100000003000000F4176E171000000000433A5C446F63756D656E747320616E642053657474696E67735C416C6C2055736572735C446F63756D656E74735C4D792050696374757265735C53616D706C65205069637475726573000038002E002E005C002E002E005C002E002E005C0041006C006C002000550073006500720073005C0044006F00630075006D0065006E00740073005C004D0079002000500069006300740075007200650073005C00530061006D0070006C00650020005000690063007400750072006500730010000000050000A036000000A000000000000000
Shortcut: C:\Users\arose\Pictures\My_Picturesbig1\Dell Picture Studio.lnk -> C:\Program Files\Sierra Imaging\Image Expert 2000\launch.exe (No File)
Shortcut: C:\Users\arose\Pictures\My_Picturesbig1\Sample Pictures.lnk -> 0x4C0000000114020000000000C0000000000000468B00000011000000008F057AD96DC10100B094C29A6DC10100A08791D96DC101000000000000000001000000000000000000000000000000F00014001F50E04FD020EA3A6910A2D808002B30309D32002E000C00000000000000000000000000741A595E96DFD3488D671733BCEE28BA471A0359723FA74489C55595FE6B30EE5A003100000000006F2B936B11004D59504943547E310000420003000400EFBE6F2B936B6F2B003014002C004D0079002000500069006300740075007200650073000000407368656C6C33322E646C6C2C2D32383939370018004E003100000000006F2BB26B110053414D504C457E310000360003000400EFBE6F2B9D6B6F2B003014000000530061006D0070006C006500200050006900630074007500720065007300000018000000780000001C000000010000001C0000002D00000000000000770000001100000003000000F4176E171000000000433A5C446F63756D656E747320616E642053657474696E67735C416C6C2055736572735C446F63756D656E74735C4D792050696374757265735C53616D706C65205069637475726573000038002E002E005C002E002E005C002E002E005C0041006C006C002000550073006500720073005C0044006F00630075006D0065006E00740073005C004D0079002000500069006300740075007200650073005C00530061006D0070006C00650020005000690063007400750072006500730010000000050000A036000000A000000000000000
Shortcut: C:\Users\arose\OneDrive\Pictures\Links\Desktop.lnk -> C:\Users\arose\Desktop ()
Shortcut: C:\Users\arose\OneDrive\Pictures\Links\Downloads.lnk -> C:\Users\arose\Downloads ()
Shortcut: C:\Users\arose\OneDrive\Email attachments\VideosfromEmail\IMG_2857 1.MOV - Shortcut.lnk -> C:\Users\arose\OneDrive\Email attachments\IMG_2857 1.MOV ()
Shortcut: C:\Users\arose\Music\Downloads - Shortcut.lnk -> C:\Users\arose\Downloads ()
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk -> C:\Users\arose\AppData\Local\Microsoft\OneDrive\OneDrive.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Internet Explorer.lnk -> C:\Program Files\Internet Explorer\iexplore.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Windows\SendTo\Bluetooth File Transfer.LNK -> C:\Windows\System32\fsquirt.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\arose\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Snipping Tool.lnk -> C:\Windows\System32\SnippingTool.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Roaming\Canon\MP Navigator V30\history\sc\hstr_0001.lnk -> C:\Users\arose\OneDrive\Pictures\MP Navigator\2016_11_22\IMG.jpg (No File)
Shortcut: C:\Users\arose\AppData\Roaming\Canon\MP Navigator V30\history\sc\hstr_0002.lnk -> C:\Users\arose\OneDrive\Pictures\MP Navigator\2016_11_22\IMG_0001.jpg (No File)
Shortcut: C:\Users\arose\AppData\Roaming\Canon\MP Navigator V30\history\sc\hstr_0003.lnk -> C:\Users\arose\OneDrive\Pictures\MP Navigator\2016_11_22\IMG_0002.jpg (No File)
Shortcut: C:\Users\arose\AppData\Roaming\Canon\MP Navigator V30\history\sc\hstr_0004.lnk -> C:\Users\arose\OneDrive\Pictures\MP Navigator\2016_11_22\IMG_0003.jpg (No File)
Shortcut: C:\Users\arose\AppData\Roaming\Canon\MP Navigator V30\history\sc\hstr_0005.lnk -> C:\Users\arose\OneDrive\Pictures\MP Navigator\2016_11_22\IMG.jpg (No File)
Shortcut: C:\Users\arose\AppData\Roaming\Canon\MP Navigator V30\history\sc\hstr_0006.lnk -> C:\Users\arose\OneDrive\Pictures\MP Navigator\2016_11_22\IMG_0001.jpg (No File)
Shortcut: C:\Users\arose\AppData\Roaming\Canon\MP Navigator V30\history\sc\hstr_0007.lnk -> C:\Users\arose\OneDrive\Pictures\MP Navigator\2016_11_22\IMG_0004.jpg (No File)
Shortcut: C:\Users\arose\AppData\Roaming\Canon\MP Navigator V30\history\sc\hstr_0008.lnk -> C:\Users\arose\OneDrive\Pictures\MP Navigator\2016_11_22\IMG_0005.jpg (No File)
Shortcut: C:\Users\arose\AppData\Roaming\Canon\MP Navigator V30\history\sc\hstr_0009.lnk -> C:\Users\arose\OneDrive\Pictures\MP Navigator\2016_11_22\IMG_0006.jpg (No File)
Shortcut: C:\Users\arose\AppData\Roaming\Canon\MP Navigator V30\history\sc\hstr_0010.lnk -> C:\Users\arose\OneDrive\Pictures\MP Navigator\2016_11_22\IMG_0007.jpg (No File)
Shortcut: C:\Users\arose\AppData\Roaming\Canon\MP Navigator V30\history\sc\hstr_0011.lnk -> C:\Users\arose\OneDrive\Pictures\MP Navigator\2016_11_22\IMG_0008.jpg (No File)
Shortcut: C:\Users\arose\AppData\Roaming\Canon\MP Navigator V30\history\sc\hstr_0012.lnk -> C:\Users\arose\OneDrive\Pictures\MP Navigator\2016_11_22\IMG_0009.jpg ()
Shortcut: C:\Users\arose\AppData\Roaming\Canon\MP Navigator V30\history\sc\hstr_0013.lnk -> C:\Users\arose\OneDrive\Pictures\MP Navigator\2016_11_22\IMG.jpg (No File)
Shortcut: C:\Users\arose\AppData\Roaming\Canon\MP Navigator V30\history\sc\hstr_0014.lnk -> C:\Users\arose\OneDrive\Pictures\MP Navigator\2016_11_22\IMG.jpg (No File)
Shortcut: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE (x86).lnk -> C:\Windows\SysWOW64\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell ISE.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\PowerShell_ISE.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell\Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\computer.lnk -> C:\Windows\explorer.exe,-30
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Control Panel.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\File Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Run.lnk -> C:\Windows\System32\shell32.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories\Notepad.lnk -> C:\Windows\System32\notepad.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Magnify.lnk -> C:\Windows\System32\Magnify.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\Narrator.lnk -> C:\Windows\System32\Narrator.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility\On-Screen Keyboard.lnk -> C:\Windows\System32\osk.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Shows Desktop.lnk -> C:\Windows\System32\imageres.dll (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Window Switcher.lnk -> C:\Windows\explorer.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\01a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02 - Command Prompt.lnk -> C:\Windows\System32\cmd.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\02a - Windows PowerShell.lnk -> C:\Windows\System32\WindowsPowerShell\v1.0\powershell.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\03 - Computer Management.lnk -> C:\Windows\System32\compmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04 - Disk Management.lnk -> C:\Windows\System32\diskmgmt.msc ()
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\07 - Event Viewer.lnk -> C:\Windows\System32\eventvwr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\09 - Mobility Center.lnk -> C:\Windows\System32\mblctr.exe (Microsoft Corporation)
Shortcut: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\4 - Control Panel.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation)
Shortcut: C:\Users\Public\Desktop\Google Chrome.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.)
Shortcut: C:\Users\Public\Desktop\iTunes.lnk -> C:\Program Files\iTunes\iTunes.exe (Apple Inc.)
Shortcut: C:\Users\Public\Desktop\Malwarebytes.lnk -> C:\Program Files\Malwarebytes\Anti-Malware\mbam.exe (Malwarebytes)
Shortcut: C:\Users\Public\Desktop\MP Navigator 3.0.lnk -> C:\Program Files (x86)\Canon\MP Navigator 3.0\mpn30.exe (CANON INC.)
Shortcut: C:\Users\Public\Desktop\MP600 On-screen Manual.lnk -> C:\Program Files (x86)\Canon\IJ Manual\MP600\English\Windows\Contents87.chm ()
Shortcut: C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk -> C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWelcome.exe (Safer-Networking Ltd.)
 
 
 
 
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox 20 GB.lnk -> C:\Program Files (x86)\Dropbox\DropboxOEM\DropboxOEM.exe () -> manualstartmenu
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools\Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /7
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\StartUp\Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\wruninstall.exe (Webroot Software, Inc.) -> -p -name=Webroot -ffuuid {8ac62a8b-8b3f-43ba-9b1a-90c299b9dfda} --disablenotes --disableidentities --disablevault --disablecontext
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Database Compare 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\DATABASECOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Office 2016 Upload Center.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\MSOUC.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools\Spreadsheet Compare 2016.lnk -> C:\Program Files (x86)\Microsoft Office\root\client\AppVLP.exe (Microsoft Corporation) -> "C:\Program Files (x86)\Microsoft Office\Root\Office16\DCF\SPREADSHEETCOMPARE.EXE"
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\About Java.lnk -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\javacpl.exe (Oracle Corporation) -> -tab about
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Check For Updates.lnk -> C:\Program Files (x86)\Java\jre1.8.0_111\bin\javacpl.exe (Oracle Corporation) -> -tab update
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Customer Connect.lnk -> C:\Program Files (x86)\Dell Customer Connect\DCCTrayApp.exe (Dell Inc.) -> shortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\Dell Notifications.lnk -> C:\Program Files\Dell\Dell Foundation Services\ShellHelper.exe (Dell) -> /FromShortcut
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell\SupportAssist\SupportAssist.lnk -> C:\Program Files\Dell\SupportAssist\pcdlauncher.exe (PC-Doctor, Inc.) -> -lloc dsc
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities\MP Navigator 3.0\MP Navigator Uninstall.lnk -> C:\Program Files (x86)\Canon\MP Navigator 3.0\Maint.exe (CANON INC.) -> /UninstallRemove C:\Program Files (x86)\Canon\MP Navigator 3.0\uninst.ini
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MP600\Uninstall.lnk -> C:\Windows\System32\CanonIJ Uninstaller Information\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600\DelDrv.exe (CANON INC.) -> /U:{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MP600 /L0x0009
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Computer Management.lnk -> C:\Windows\System32\compmgmt.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Event Viewer.lnk -> C:\Windows\System32\eventvwr.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Performance Monitor.lnk -> C:\Windows\System32\perfmon.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Resource Monitor.lnk -> C:\Windows\System32\perfmon.exe (Microsoft Corporation) -> /res
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Administrative Tools\Task Scheduler.lnk -> C:\Windows\System32\taskschd.msc () -> /s
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories\Windows Media Player.lnk -> C:\Program Files (x86)\Windows Media Player\wmplayer.exe (Microsoft Corporation) -> /prefetch:1
ShortcutWithArgument: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility\Speech Recognition.lnk -> C:\Windows\Speech\Common\sapisvr.exe (Microsoft Corporation) -> -SpeechUX
ShortcutWithArgument: C:\Users\arose\AppData\Roaming\Microsoft\Word\tutorialspointRadioinfo305598962953204273\tutorialspointRadioinfo.docx.lnk -> C:\Users\arose\OneDrive\Documents\tutorialspointRadioinfo.docx () -> 0
ShortcutWithArgument: C:\Users\arose\AppData\Roaming\Microsoft\Word\postinfo305658961276734215\postinfo.docx.lnk -> C:\Users\arose\Documents\postinfo.docx () -> 0
ShortcutWithArgument: C:\Users\arose\AppData\Roaming\Microsoft\Word\PindropVOIPsolarch2305669652791499795\PindropVOIPsolarch2.docx.lnk -> C:\Users\arose\OneDrive\Documents\PindropVOIPsolarch2.docx () -> 0
ShortcutWithArgument: C:\Users\arose\AppData\Roaming\Microsoft\Word\1218jobsearch305647133309014154\1218jobsearch.docx.lnk -> C:\Users\arose\AppData\Roaming\Microsoft\Word\1218jobsearch.docx () -> 0
ShortcutWithArgument: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\arose\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Send to OneNote.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\ONENOTEM.EXE (Microsoft Corporation) -> /tsr
ShortcutWithArgument: C:\Users\arose\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\arose\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\Microsoft Outlook.lnk -> C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE (Microsoft Corporation) -> /recycle
ShortcutWithArgument: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\arose\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Default Apps.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPageAppsDefaults
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools\Devices.lnk -> C:\Windows\ImmersiveControlPanel\systemsettings.exe (Microsoft Corporation) -> page=SettingsPagePCSystemDevices
ShortcutWithArgument: C:\Users\Default\AppData\Roaming\Microsoft\Windows\SendTo\Fax Recipient.lnk -> C:\Windows\System32\WFS.exe (Microsoft Corporation) -> /SendTo
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\04-1 - Network Connections.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> ::{7007ACC7-3202-11D1-AAD2-00805FC1270E}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\05 - Device Manager.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.DeviceManager
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\06 - System.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.System
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\08 - Power Options.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.PowerOptions
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group3\10 - Programs and Features.lnk -> C:\Windows\System32\control.exe (Microsoft Corporation) -> /name Microsoft.ProgramsAndFeatures
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\1 - Run.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f3-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\2 - Search.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{2559a1f8-21d7-11d4-bdaf-00c04f60b9f0}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\3 - Windows Explorer.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{52205fd8-5dfb-447d-801a-d0b52f2e83e1}
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group2\5 - Task Manager.lnk -> C:\Windows\System32\Taskmgr.exe (Microsoft® Windows® Operating System) -> /0
ShortcutWithArgument: C:\Users\Default\AppData\Local\Microsoft\Windows\WinX\Group1\1 - Desktop.lnk -> C:\Windows\explorer.exe (Microsoft Corporation) -> shell:::{3080F90D-D7AD-11D9-BD98-0000947B0257}
 
 
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Get Help.url -> URL: hxxp://java.com/help
InternetURL: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java\Visit Java.com.url -> URL: hxxp://java.com/
InternetURL: C:\Users\arose\OneDrive\Documents\Audrey's Notebook.url -> URL: hxxps://onedrive.live.com/redir.aspx?cid=e28a7a02758d710e&resid=E28A7A02758D710E!170&type=3
InternetURL: C:\Users\arose\Favorites\Bing.url -> URL: hxxp://go.microsoft.com/fwlink/p/?LinkId=255142
InternetURL: C:\Users\arose\Favorites\TV.com\TV.com – Internet TV on your PC.url -> URL: hxxp://www.tv.com/toshiba
InternetURL: C:\Users\arose\Favorites\Toshiba\Deals and Offers.url -> URL: hxxp://us.toshiba.com/adps/deals-and-offers
InternetURL: C:\Users\arose\Favorites\Toshiba\Find Us on Twitter, Facebook, and YouTube.url -> URL: hxxp://us.toshiba.com/social-media
InternetURL: C:\Users\arose\Favorites\Toshiba\QuickBooks® Online Banking.url -> URL: hxxp://www.quickbooksdirect.com/tshboffer1
InternetURL: C:\Users\arose\Favorites\Toshiba\Shop Toshiba.url -> URL: hxxp://www.toshibadirect.com/
InternetURL: C:\Users\arose\Favorites\Toshiba\Toshiba App Place.url -> URL: hxxp://apps.toshiba.com/
InternetURL: C:\Users\arose\Favorites\Toshiba\Toshiba Book Place.url -> URL: hxxp://www.toshibabookplace.com/
InternetURL: C:\Users\arose\Favorites\Toshiba\Toshiba Corporate Social Responsibility.url -> URL: hxxp://us.toshiba.com/green
InternetURL: C:\Users\arose\Favorites\Toshiba\Toshiba Laptop Forums.url -> URL: hxxp://laptopforums.toshiba.com/
InternetURL: C:\Users\arose\Favorites\Toshiba\Toshiba Online Backup.url -> URL: hxxp://us.toshiba.com/online-backup
InternetURL: C:\Users\arose\Favorites\Toshiba\Toshiba Product Registration.url -> URL: hxxp://toshibaproductregistration.com/
InternetURL: C:\Users\arose\Favorites\Toshiba\Toshiba Start Place.url -> URL: hxxp://start.toshiba.com/?cid=C001B2Y
InternetURL: C:\Users\arose\Favorites\Toshiba\Toshiba Support.url -> URL: hxxp://pcsupport.toshiba.com/
InternetURL: C:\Users\arose\Favorites\Toshiba\Toshiba US.url -> URL: hxxp://us.toshiba.com/
InternetURL: C:\Users\arose\Favorites\Skype\Skype.url -> URL: hxxp://www.skype.com/go/ToshibaTAIS
InternetURL: C:\Users\arose\Favorites\Music\eMusic.url -> URL: hxxp://www.emusic.com/Toshiba
InternetURL: C:\Users\arose\Favorites\LogMeIn\LogMeIn.url -> URL: hxxps://secure.logmein.com/welcome/toshiba/
InternetURL: C:\Users\arose\Favorites\Links\WildTangent Games.url -> URL: hxxp://www.wildtangent.com/webslice?dp=toshibaus
InternetURL: C:\Users\arose\Favorites\Internet Security\Your Security Center.url -> URL: hxxp://us.toshiba.com/computers/research-center/for-home/cybercrime-news-by-norton
InternetURL: C:\Users\arose\Favorites\Games\Audrey's Notebook.url -> URL: hxxps://onedrive.live.com/redir.aspx?cid=e28a7a02758d710e&resid=E28A7A02758D710E!170&type=3
InternetURL: C:\Users\arose\Favorites\Games\WildTangent Games.url -> URL: hxxp://toshiba.wildgames.com/?mc=iefav&dp=toshibaus
InternetURL: C:\Users\arose\Favorites\eBay\Electronics, Cars, Clothing, Collectibles and More Online Shopping.url -> URL: hxxp://rover.ebay.com/rover/1/711-136351-14396-0/4
InternetURL: C:\Users\arose\Favorites\Dell\Dell Auction.url -> URL: hxxp://www.dellauction.com/
InternetURL: C:\Users\arose\Favorites\Dell\Dell.url -> URL: hxxp://www.dell.com/
InternetURL: C:\Users\arose\Favorites\Dell\Support.Dell.Com.url -> URL: hxxp://www.dell.com/support/home
InternetURL: C:\Users\arose\Favorites\ASUS E-Service\ASUS Homepage.url -> URL: hxxp://www.asus.com/
InternetURL: C:\Users\arose\Favorites\ASUS E-Service\ASUS Member.url -> URL: hxxps://account.asus.com/
InternetURL: C:\Users\arose\Favorites\Amazon.com\Amazon MP3 – Millions of Music Downloads.url -> URL: hxxp://www.amazon.com/b/?node=163856011&tag=tais2-bookmark-mp3-20
InternetURL: C:\Users\arose\Favorites\Amazon.com\Amazon Video On Demand Movies & TV.url -> URL: hxxp://www.amazon.com/b/?node=16261631&tag=tais2-bookmark-vod-20
InternetURL: C:\Users\arose\Favorites\Amazon.com\Shop at Amazon.com.url -> URL: hxxp://www.amazon.com/?tag=tais2-desktop-20
InternetURL: C:\Users\arose\AppData\Roaming\Microsoft\Word\pogrominfo2305626693270986096\pogrominfo2.docx.url -> 
InternetURL: C:\Users\arose\AppData\Roaming\Microsoft\Word\PindropVOIPsolarch305663044065685716\PindropVOIPsolarch.docx.url -> 
InternetURL: C:\Users\arose\AppData\Roaming\Microsoft\Word\Opensky2305663121536440358\Opensky2.docx.url -> 
InternetURL: C:\Users\arose\AppData\Roaming\Microsoft\Word\jobsatisfaction5305618923293376940\jobsatisfaction5.docx.url -> 
InternetURL: C:\Users\arose\AppData\Roaming\Microsoft\Word\jobs1215305620963630296817\jobs1215.docx.url -> 
InternetURL: C:\Users\arose\AppData\Roaming\Microsoft\Word\CCNAinfo305659603685012703\CCNAinfo.docx.url -> 
InternetURL: C:\Users\arose\AppData\Roaming\Microsoft\Word\BUCHOLnotes305642953695067497\BUCHOLnotes.docx.url -> 
InternetURL: C:\Users\arose\AppData\Roaming\Microsoft\Word\Audrey_Rosenthalem305663090868172293\Audrey_Rosenthalem.doc.url -> 
InternetURL: C:\Users\arose\AppData\Roaming\Microsoft\Word\Audrey_Rosenthal305663044169531869\Audrey_Rosenthal.docx.url -> 
 
==================== End of Shortcut.txt =============================
 
 
 





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users