Solved An unwelcomed guest

PhilipMoore62

Posts: 330   +2
Mr Broni
I'm having issues with my computer that is leading me to believe I've been hacked.
I wrote this post in the hardware forum and I wanted to have you see this as you have always had correct answers in the past.
Please advise if I've violated any terms/conditions by sending this to you and to the hardware group from Techspot. Thanks in advance for your attention.

Yesterday, after coming home from a nice spring walk, I found my computer opening pictures and such on my desktop. I watched as the mouse navigated about my desktop.
Things I've tried:
I ran FAR BAR SCAN TOOL. (not experienced with using FRST but I'm typically able to find most baddies without destroying my OS.)
I ran Rouge Killer which found nothing but PUM'S related to my DNS addresses.
I ran Malwarebytes and it found no issues.
I restored the OS to include programs already downloaded.
As of this writing my computer screen seems all innocent and happy without any unusual activity. I am still aware of a significant lapse in over all performance.

What would you suggest?
 
My apologies for not wording my process correctly.
I went to my windows search typed in recovery from there to recovery options, from there to reset PC. I reset the PC to include programs folders as part of the recovery. This process was unsuccessful.
 
Please, complete all steps listed here: https://www.techspot.com/community/...lware-removal-preliminary-instructions.58138/
Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
Attached logs won't be reviewed.

Please, observe following rules:
  • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
  • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
  • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
  • Never run more than one scan at a time.
  • Keep updating me regarding your computer behavior, good, or bad.
  • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
  • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
  • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
 
I feeling confident from my computer activity yesterday that I had an unwanted visitor (Trojan?) As my cursor to my mouse was moving about on the desktop. My question is: after the scans I will send you and your directive. Are there other things that should be checked?

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by Jesus Christ Reigns (administrator) on PHILIPMOORE (27-02-2016 13:20:08)
Running from C:\Users\Jesus Christ Reigns\Documents\Stuff\Fixlistarchives\FRST-OlderVersion
Loaded Profiles: Jesus Christ Reigns (Available Profiles: Jesus Christ Reigns)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\syswow64\IntelCpHeciSvc.exe
 
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(Microsoft Corporation) C:\Windows\System32\SrTasks.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(Microsoft Corporation) C:\Windows\System32\cleanmgr.exe
() C:\ProgramData\Avg_Update_0116pi\AVG-Secure-Search-Update_0116pi.exe
() C:\ProgramData\Avg_Update_0116pi\AVG-Secure-Search-Update_0116pi.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16408320 1999-12-31] (Realtek Semiconductor)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\...\Run: [AVG-Secure-Search-Update_0116pi] => C:\ProgramData\Avg_Update_0116pi\AVG-Secure-Search-Update_0116pi.exe [2795920 2016-01-10] ()
HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\...\RunOnce: [Uninstall C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\...\RunOnce: [Uninstall C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-29] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 216.228.160.4 216.228.160.3
Tcpip\..\Interfaces\{f63f147d-9902-4615-8b2f-0297621c110d}: [DhcpNameServer] 216.228.160.4 216.228.160.3

Internet Explorer:
==================
BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-12-23] (IObit)

FireFox:
========
FF ProfilePath: C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla\Firefox\Profiles\5c99sxj0.default
FF Homepage: hxxp://www.google.com/

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [145624 2015-09-10] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-01-13] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4322440 2015-08-14] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [83576 2015-09-24] (Intel Corporation)
S3 IntcAudioBus; C:\Windows\System32\drivers\IntcAudioBus.sys [196904 1999-12-31] (Intel(R) Corporation)
S3 IntcOED; C:\Windows\System32\drivers\IntcOED.sys [613672 1999-12-31] (Intel(R) Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [41464 2015-09-24] (Intel(R) Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 1999-12-31] (Realtek )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 1999-12-31] (Synaptics Incorporated)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-25 02:48 - 2022-03-25 02:48 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC1.dat
2022-03-25 02:48 - 2022-03-25 02:48 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC0.dat
2022-03-25 01:22 - 2022-03-25 01:22 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTEQEX1.dat
2022-03-25 01:22 - 2022-03-25 01:22 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTEQEX0.dat
2016-02-27 13:19 - 2016-02-27 13:19 - 00003596 _____ C:\WINDOWS\System32\Tasks\AVG_SYS_TASK_0116pi_DELETE
2016-02-27 13:19 - 2016-02-27 13:19 - 00003382 _____ C:\WINDOWS\System32\Tasks\AVG_SYS_TASK_0116pi
2016-02-27 13:18 - 2016-02-27 13:19 - 00000000 ____D C:\ProgramData\Avg_Update_0116pi
2016-02-27 13:17 - 2016-02-27 13:17 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\AVG
2016-02-27 13:16 - 2016-02-27 13:16 - 00001009 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-02-27 13:16 - 2016-02-27 13:16 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\TuneUp Software
2016-02-27 13:16 - 2016-02-27 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-27 13:14 - 2016-02-27 13:18 - 00000000 ____D C:\ProgramData\MFAData
2016-02-27 13:14 - 2016-02-27 13:14 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\MFAData
2016-02-27 13:13 - 2016-02-27 13:17 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Avg
2016-02-27 13:13 - 2016-02-27 13:16 - 00000000 ____D C:\ProgramData\Avg
2016-02-27 13:13 - 2016-02-27 13:15 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-27 13:13 - 2016-02-27 13:13 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\AvgSetupLog
2016-02-27 13:08 - 2016-02-27 13:08 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-27 13:08 - 2016-02-27 13:08 - 00000000 ___HD C:\OneDriveTemp
2016-02-27 11:16 - 2016-02-27 11:16 - 00879220 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-02-27 10:46 - 2016-02-27 10:46 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-PHILIPMOORE-Windows-10-Home-(64-bit).dat
2016-02-27 10:42 - 2016-02-27 11:24 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-27 10:39 - 2016-02-27 10:39 - 00003802 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-02-27 10:39 - 2016-02-27 10:39 - 00002236 _____ C:\Users\Jesus Christ Reigns\Desktop\Tweaking.com - Windows Repair.lnk
2016-02-27 10:39 - 2016-02-27 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-02-27 10:38 - 2016-02-27 10:39 - 00183515 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2016-02-27 10:38 - 2016-02-27 10:38 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-02-27 10:37 - 2016-02-27 10:37 - 00472928 _____ C:\Users\Jesus Christ Reigns\Desktop\FixDotNet20160227183409621.cab
2016-02-27 09:19 - 2016-02-27 09:19 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Apple
2016-02-27 09:11 - 2016-02-27 09:18 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Mozilla
2016-02-27 09:11 - 2016-02-27 09:12 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla
2016-02-27 09:11 - 2016-02-27 09:11 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-27 09:11 - 2016-02-27 09:11 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-27 09:11 - 2016-02-27 09:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-27 09:11 - 2016-02-27 09:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-27 08:22 - 2016-02-27 08:22 - 00000000 ____D C:\Users\Jesus Christ Reigns\Downloads\ProcessExplorer (1)
2016-02-27 08:21 - 2016-02-27 08:21 - 00000000 _____ C:\Users\Jesus Christ Reigns\Downloads\ProcessExplorer_zip.ocw77h4.partial
2016-02-27 06:45 - 2015-12-08 19:39 - 00301728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-02-27 06:41 - 2016-02-27 06:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-27 06:41 - 2016-02-27 06:41 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-26 17:14 - 2016-02-27 07:42 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\ElevatedDiagnostics
2016-02-26 17:07 - 2016-02-27 12:51 - 00000330 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Jesus_Christ_Reigns.job
2016-02-26 17:07 - 2016-02-27 12:50 - 00002572 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Jesus_Christ_Reigns
2016-02-26 16:58 - 2016-02-26 17:07 - 00000000 ____D C:\ProgramData\ProductData
2016-02-26 16:58 - 2016-02-26 16:58 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\ProductData
2016-02-26 16:45 - 2016-02-26 16:45 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2016-02-26 16:43 - 2016-02-26 17:50 - 00000000 ____D C:\ProgramData\IObit
2016-02-26 16:43 - 2016-02-26 17:08 - 00000000 ____D C:\Program Files (x86)\IObit
2016-02-26 16:43 - 2016-02-26 16:45 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\IObit
2016-02-26 16:43 - 2016-02-26 16:43 - 00001431 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-02-26 16:43 - 2016-02-26 16:43 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\IObit
2016-02-26 16:43 - 2016-02-26 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-02-26 16:42 - 2016-02-26 16:42 - 00002409 _____ C:\Users\Jesus Christ Reigns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-26 16:41 - 2016-02-26 16:43 - 12887328 _____ (IObit) C:\Users\Jesus Christ Reigns\Downloads\iobituninstaller (1).exe
2016-02-26 16:41 - 2016-02-26 16:41 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\Macromedia
2016-02-26 16:40 - 2016-02-26 16:48 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\MicrosoftEdge
2016-02-26 16:38 - 2016-02-26 16:38 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Comms
2016-02-26 16:37 - 2016-02-27 13:11 - 00814664 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-26 16:37 - 2016-02-26 16:37 - 00001333 _____ C:\Users\Jesus Christ Reigns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk
2016-02-26 16:37 - 2016-02-26 16:37 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\ActiveSync
2016-02-26 16:37 - 2016-02-26 16:37 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-02-26 16:35 - 2016-02-26 16:35 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Publishers
2016-02-26 16:34 - 2016-02-26 17:11 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Packages
2016-02-26 16:34 - 2016-02-26 16:34 - 00000020 ___SH C:\Users\Jesus Christ Reigns\ntuser.ini
2016-02-26 16:34 - 2016-02-26 16:34 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\Adobe
2016-02-26 16:34 - 2016-02-26 16:34 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\VirtualStore
2016-02-26 16:34 - 2016-02-26 16:34 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\TileDataLayer
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default\My Documents
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default User
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\All Users
2016-02-26 16:31 - 2016-02-27 08:28 - 00000000 ____D C:\Users\Jesus Christ Reigns
2016-02-26 16:31 - 2016-02-26 16:31 - 00000000 _SHDL C:\Users\Jesus Christ Reigns\My Documents
2016-02-26 16:31 - 2016-02-26 16:31 - 00000000 _SHDL C:\Users\Jesus Christ Reigns\Documents\My Videos
2016-02-26 16:31 - 2016-02-26 16:31 - 00000000 _SHDL C:\Users\Jesus Christ Reigns\Documents\My Pictures
2016-02-26 16:31 - 2016-02-26 16:31 - 00000000 _SHDL C:\Users\Jesus Christ Reigns\Documents\My Music
2016-02-26 16:24 - 2016-02-26 16:24 - 00000000 ____D C:\Program Files\Common Files\Atheros
2016-02-26 16:23 - 2016-02-26 16:23 - 01226515 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2016-02-26 16:23 - 2016-02-26 16:23 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-02-26 16:23 - 2016-02-26 16:23 - 00000000 ____D C:\WINDOWS\system32\DAX2
2016-02-26 16:23 - 2016-02-26 16:23 - 00000000 ____D C:\Program Files\Realtek
2016-02-26 16:23 - 2016-02-26 16:23 - 00000000 ____D C:\Program Files\Intel
2016-02-26 16:23 - 2015-12-21 11:39 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-02-26 16:23 - 2015-12-21 11:39 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-02-26 16:22 - 2016-02-26 16:22 - 00000000 ____D C:\ProgramData\USOShared
2016-02-26 16:22 - 2016-02-26 16:22 - 00000000 ____D C:\Program Files\Synaptics
2016-02-26 16:22 - 2016-02-26 16:22 - 00000000 _____ C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-02-26 16:22 - 2016-02-26 16:22 - 00000000 _____ C:\WINDOWS\system32\Drivers\Msft_Kernel_ETD_01011.Wdf
2016-02-26 16:22 - 2015-10-29 23:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-02-26 16:19 - 2016-02-27 13:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-26 16:18 - 2016-02-27 11:34 - 00189240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-26 16:17 - 2016-02-26 16:34 - 00000000 ___DC C:\WINDOWS\Panther
2016-02-26 16:17 - 2016-02-26 16:17 - 00000000 ____D C:\WINDOWS\InfusedApps
2016-02-26 16:16 - 2016-02-26 16:18 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-02-26 16:16 - 2016-02-26 16:17 - 00000000 ____D C:\Windows.old
2016-02-26 16:16 - 2016-02-26 16:16 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-02-26 16:14 - 2016-02-26 16:22 - 00000000 ____D C:\Program Files\Elantech
2016-02-26 16:12 - 2016-02-26 16:12 - 00000000 ____D C:\WINDOWS\Setup
2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\WINDOWS\OCR
2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\Program Files\MSBuild
2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-02-26 16:04 - 2016-02-03 11:01 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-26 16:04 - 2016-02-03 11:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-26 16:02 - 2016-02-26 16:17 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-02-26 16:02 - 2016-02-26 15:57 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2016-02-26 16:02 - 2016-02-26 15:57 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2016-02-26 16:02 - 2016-02-26 15:57 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2016-02-26 16:02 - 2016-02-26 15:57 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2016-02-26 16:02 - 2016-02-26 15:57 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2016-02-26 16:02 - 2016-02-26 15:57 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2016-02-26 16:02 - 2016-02-26 15:57 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2016-02-26 16:02 - 2016-02-26 15:57 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_213
2016-02-26 16:02 - 2016-02-26 15:57 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2016-02-26 16:02 - 2016-02-26 15:57 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2016-02-26 16:01 - 2016-02-27 13:16 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2016-02-26 16:01 - 2016-02-27 09:32 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ____D C:\WINDOWS\Provisioning
2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-26 16:01 - 2016-02-27 06:48 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-26 16:01 - 2016-02-27 06:48 - 00000000 ____D C:\Program Files\WindowsApps
2016-02-26 16:01 - 2016-02-26 16:52 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-02-26 16:01 - 2016-02-26 16:37 - 00000000 ____D C:\WINDOWS\rescache
2016-02-26 16:01 - 2016-02-26 16:35 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-02-26 16:01 - 2016-02-26 16:35 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-02-26 16:01 - 2016-02-26 16:32 - 00000000 ___RD C:\Users\Public\Libraries
2016-02-26 16:01 - 2016-02-26 16:32 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-02-26 16:01 - 2016-02-26 16:28 - 00000000 ____D C:\WINDOWS\system32\spool
2016-02-26 16:01 - 2016-02-26 16:28 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-02-26 16:01 - 2016-02-26 16:27 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-02-26 16:01 - 2016-02-26 16:22 - 00000000 ____D C:\ProgramData\USOPrivate
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\setup
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\Com
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\IME
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\Help
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\ias
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 __RSD C:\WINDOWS\Media
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Web
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Vss
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\tracing
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\TAPI
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SystemResources
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SystemApps
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\winevt
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\ras
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\IME
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\System
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SKB
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\ShellNew
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\security
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\schemas
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SchCache
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Resources
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Registration
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\PLA
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Performance
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\InputMethod
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Globalization
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Cursors
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Branding
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\appcompat
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\addins
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\ProgramData\Comms
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files\Windows NT
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files\Common Files\Services
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-02-26 16:01 - 2016-02-26 15:57 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2016-02-26 16:01 - 2016-02-26 15:57 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2016-02-26 16:01 - 2016-02-26 15:57 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-02-26 16:01 - 2016-02-26 15:57 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2016-02-26 16:01 - 2016-02-26 15:57 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2016-02-26 16:01 - 2016-02-26 15:57 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2016-02-26 16:01 - 2016-02-26 15:57 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2016-02-26 16:01 - 2016-02-26 15:57 - 00000389 _____ C:\WINDOWS\system32\AutoWorkplace.exe.config
2016-02-26 16:01 - 2016-02-26 15:57 - 00000219 _____ C:\WINDOWS\system.ini
2016-02-26 16:01 - 2016-02-26 15:57 - 00000092 _____ C:\WINDOWS\win.ini
2016-02-26 15:59 - 2016-02-27 13:11 - 00000000 ____D C:\WINDOWS\INF
2016-02-26 15:47 - 2016-02-27 06:45 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-02-26 15:37 - 2016-02-27 13:18 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2016-02-26 15:37 - 2016-02-27 13:06 - 01572864 ___SH C:\WINDOWS\system32\config\BBI
2016-02-26 15:37 - 2016-02-26 16:15 - 00000000 ____D C:\$Windows.~BT
2016-02-26 15:37 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\servicing
2016-02-26 15:37 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\SMI
2016-02-26 15:37 - 2015-10-29 22:33 - 00000164 _____ C:\WINDOWS\system32\config\FP
2016-02-26 15:18 - 2016-02-26 15:20 - 00257128 _____ C:\TDSSKiller.3.1.0.9_26.02.2016_15.18.52_log.txt
2016-02-26 08:56 - 2016-02-26 08:56 - 00026623 _____ C:\Users\Jesus Christ Reigns\Downloads\Oliver's Advice.pdf
2016-02-24 09:38 - 2016-02-24 09:38 - 00000321 _____ C:\Users\Jesus Christ Reigns\Documents\daniellyons.txt
2016-02-22 08:25 - 2016-02-22 08:25 - 02306110 _____ C:\Users\Jesus Christ Reigns\Documents\PHILIPMOORE.arn
2016-02-22 08:12 - 2016-02-22 08:12 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Autoruns
2016-02-21 15:56 - 2016-02-21 15:56 - 01657200 _____ (Microsoft Corporation) C:\Users\Jesus Christ Reigns\Downloads\adksetup.exe
2016-02-21 12:01 - 2016-02-21 12:01 - 00000187 _____ C:\Users\Jesus Christ Reigns\Documents\adlice.registration.useridpassword.txt
2016-02-20 13:59 - 2016-02-20 13:59 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\New folder (2)
2016-02-20 12:25 - 2016-02-20 13:33 - 00256734 _____ C:\TDSSKiller.3.1.0.9_20.02.2016_12.25.43_log.txt
2016-02-20 07:10 - 2016-02-20 07:10 - 06828320 _____ (Piriform Ltd) C:\Users\Jesus Christ Reigns\Downloads\ccsetup514.exe
2016-02-19 17:31 - 2016-02-19 17:32 - 13232968 _____ C:\Users\Jesus Christ Reigns\Downloads\jv16PT2016_beta2.exe
2016-02-18 13:17 - 2016-02-18 13:17 - 00001082 _____ C:\Users\Jesus Christ Reigns\Desktop\Text Folder notepad.lnk
2016-02-18 13:15 - 2016-02-26 14:38 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Text Folder notepad
2016-02-18 12:21 - 2016-02-18 12:21 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\windowstweaksguide
2016-02-18 12:09 - 2016-02-18 12:10 - 29616288 _____ (IObit ) C:\Users\Jesus Christ Reigns\Downloads\imf-setup.exe
2016-02-18 11:47 - 2016-02-18 11:47 - 00001305 _____ C:\Users\Jesus Christ Reigns\Desktop\eso.exe - Shortcut.lnk
2016-02-17 09:40 - 2016-02-26 14:38 - 00001885 _____ C:\Users\Jesus Christ Reigns\Desktop\FRST64.exe - Shortcut.lnk
2016-02-15 10:51 - 2016-02-20 13:50 - 00000000 ____D C:\Users\Jesus Christ Reigns\Desktop\_av4_
2016-02-15 10:49 - 2016-02-15 10:51 - 00254980 _____ C:\TDSSKiller.3.1.0.9_15.02.2016_10.49.30_log.txt
2016-02-14 11:51 - 2016-02-14 11:51 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Photos-7
2016-02-14 11:28 - 2016-02-14 11:28 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Photos-6
2016-02-14 11:27 - 2016-02-14 11:27 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Photos-5
2016-02-14 11:20 - 2016-02-14 11:20 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Photos-4
2016-02-14 11:19 - 2016-02-14 11:19 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Photos-3
2016-02-14 11:15 - 2016-02-14 11:15 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Photos-2
2016-02-14 11:09 - 2016-02-14 11:09 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Photos-1
2016-02-14 11:08 - 2016-02-14 11:08 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Photos
 
2016-02-14 08:37 - 2016-02-14 08:38 - 30174560 _____ (Goodsol Development Inc. ) C:\Users\Jesus Christ Reigns\Downloads\qualitypack.exe
2016-02-13 17:24 - 2016-02-13 17:24 - 00000040 _____ C:\Users\Jesus Christ Reigns\Documents\olivia.txt
2016-02-13 09:50 - 2016-02-13 09:50 - 05227019 _____ C:\Users\Jesus Christ Reigns\Downloads\namebench-1.3.1-Windows.exe
2016-02-13 08:18 - 2016-02-13 08:18 - 02661352 _____ (Google) C:\Users\Jesus Christ Reigns\Downloads\gpautobackup_setup.exe
2016-02-13 07:27 - 2016-02-13 07:27 - 13677800 _____ (Google) C:\Users\Jesus Christ Reigns\Downloads\picasa39-setup(1).exe
2016-02-12 14:14 - 2016-02-12 14:14 - 00001045 _____ C:\Users\Jesus Christ Reigns\Desktop\Holiday Pictures - Shortcut.lnk
2016-02-12 14:13 - 2016-02-26 14:32 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Holiday Pictures
2016-02-12 14:13 - 2016-02-12 14:13 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\New folder
2016-02-12 14:04 - 2016-02-12 14:04 - 00000000 ____D C:\Users\Jesus Christ Reigns\Desktop\Picasa3
2016-02-12 09:39 - 2016-02-12 09:39 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Central Oregon Bus Maps
2016-02-11 15:28 - 2016-02-26 08:58 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Favorite Quotes
2016-02-11 14:45 - 2016-02-11 14:45 - 06265120 _____ (Carifred) C:\Users\Jesus Christ Reigns\Downloads\UVKSetup(1).exe
2016-02-11 13:57 - 2016-02-19 08:22 - 00000000 ____D C:\Users\Jesus Christ Reigns\Desktop\plugtmp
2016-02-11 08:15 - 2016-02-11 08:17 - 02944584 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jesus Christ Reigns\Downloads\AVG_PCTuneUp_877(1).exe
2016-02-11 08:04 - 2016-02-11 08:04 - 02944584 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jesus Christ Reigns\Downloads\AVG_PCTuneUp_877.exe
2016-02-11 07:14 - 2016-02-11 07:14 - 00987728 _____ (Google Inc.) C:\Users\Jesus Christ Reigns\Downloads\ChromeSetup(1).exe
2016-02-11 07:05 - 2016-02-11 07:05 - 00000000 ___HD C:\$AVG
2016-02-11 06:58 - 2016-02-11 07:01 - 245273648 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jesus Christ Reigns\Downloads\AVG_Antivirus_Free_x64_693.exe
2016-02-11 06:41 - 2016-02-11 06:42 - 22908888 _____ (Malwarebytes ) C:\Users\Jesus Christ Reigns\Downloads\mbam-setup-2.2.0.1024.exe
2016-02-10 16:26 - 1999-12-31 16:00 - 00613672 _____ (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\IntcOED.sys
2016-02-10 16:26 - 1999-12-31 16:00 - 00229376 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_B3573EFF-6441-4A75-91F7-4281EEC4597D.bin
2016-02-10 16:26 - 1999-12-31 16:00 - 00200704 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release.bin
2016-02-10 16:26 - 1999-12-31 16:00 - 00196904 _____ (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\IntcAudioBus.sys
2016-02-10 16:26 - 1999-12-31 16:00 - 00151552 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_E0E018A8-3550-4B54-A8D0-A8E05D0FCBA2.bin
2016-02-10 16:26 - 1999-12-31 16:00 - 00147456 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_E1284052-8664-4FE4-A353-3878F72704C3.bin
2016-02-10 16:26 - 1999-12-31 16:00 - 00122880 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_202BADB5-8870-4290-B536-F2380C63F55D.bin
2016-02-10 16:26 - 1999-12-31 16:00 - 00090112 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_B489C2DE-0F96-42E1-8A2D-C25B5091EE49.bin
2016-02-10 16:26 - 1999-12-31 16:00 - 00040960 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_7C708106-3AFF-40FE-88BE-8C999B3F7445.bin
2016-02-10 16:26 - 1999-12-31 16:00 - 00036864 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_F101FEF0-FF5A-4AD4-8710-43592A6F7948.bin
2016-02-10 16:26 - 1999-12-31 16:00 - 00036864 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_EC774FA9-28D3-424A-90E4-69F984F1EEB7.bin
2016-02-10 16:26 - 1999-12-31 16:00 - 00020480 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_F1C69181-329A-45F0-8EEF-D8BDDF81E036.bin
2016-02-10 16:26 - 1999-12-31 16:00 - 00020480 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_46CB87FB-D2C9-4970-96D2-6D7E614BB605.bin
2016-02-10 16:25 - 1999-12-31 16:00 - 03299832 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 02190992 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 02110600 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 01435144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 01382240 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 00888472 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo64.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 00873472 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 00596120 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo64.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 00467168 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 00381416 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 00341160 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 00341160 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 00224264 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaemaxapo64.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 00221976 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 00209544 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 00172584 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo64.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 00166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 00158704 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2016-02-10 16:25 - 1999-12-31 16:00 - 00075544 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 72203792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2016-02-10 16:24 - 1999-12-31 16:00 - 14057256 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 13120760 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 12986520 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 10521552 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 07172920 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 07096192 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 06264640 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
2016-02-10 16:24 - 1999-12-31 16:00 - 05776688 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 05338936 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 05289952 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 04705536 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2016-02-10 16:24 - 1999-12-31 16:00 - 04486133 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2016-02-10 16:24 - 1999-12-31 16:00 - 03282032 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 03271912 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 03195648 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 03152591 _____ C:\WINDOWS\system32\Drivers\rtkSSTsetting.dat
2016-02-10 16:24 - 1999-12-31 16:00 - 03052880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 02893568 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2016-02-10 16:24 - 1999-12-31 16:00 - 02823280 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 02692848 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 02437144 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 02050184 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 02030208 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 01965816 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 01959608 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 01928632 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 01780624 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 01601952 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 01591064 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 01508936 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 01421104 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 01356512 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 01334384 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 01286152 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 01211840 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 01186168 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 01164336 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 01008360 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 01003864 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00998032 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00965032 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00952984 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00933640 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00931624 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00923752 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00743968 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00727440 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00716112 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00708320 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00689888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00678192 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00677680 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00618192 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00589072 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.DLL
2016-02-10 16:24 - 1999-12-31 16:00 - 00574760 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00514528 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00504312 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00500560 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00448592 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00447728 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00445408 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00441272 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00428232 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00369304 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00362056 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00340648 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00330568 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00327464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00310424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00272720 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00258504 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00253904 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00253872 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00252880 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00231920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00214840 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00192992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00151792 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00134208 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00122328 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00118592 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00110992 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00105312 _____ C:\WINDOWS\system32\audioLibVc.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00090920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00088328 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00084616 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00083632 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2016-02-10 16:24 - 1999-12-31 16:00 - 00023696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2016-02-10 16:05 - 2015-08-14 03:03 - 04322440 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys
2016-02-10 15:54 - 2016-02-10 15:54 - 00000716 _____ C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk
2016-02-10 15:48 - 2016-02-10 15:49 - 00981592 _____ (SlimWare Utilities, Inc.) C:\Users\Jesus Christ Reigns\Downloads\SlimDrivers-setup(1).exe
2016-02-10 15:39 - 2016-02-10 15:39 - 12887328 _____ (IObit) C:\Users\Jesus Christ Reigns\Downloads\iobituninstaller.exe
2016-02-10 15:13 - 2016-02-11 08:33 - 00000000 ___RD C:\Users\Jesus Christ Reigns\iCloudDrive
2016-02-10 15:05 - 2016-02-10 15:06 - 125168408 _____ (Apple Inc.) C:\Users\Jesus Christ Reigns\Downloads\icloudsetup.exe
2016-02-10 14:01 - 2016-02-10 14:01 - 17926424 _____ (Goodsol Development Inc. ) C:\Users\Jesus Christ Reigns\Downloads\gdsol.exe
2016-02-10 13:11 - 2016-02-10 13:12 - 167583000 _____ (Apple Inc.) C:\Users\Jesus Christ Reigns\Downloads\iTunes6464Setup.exe
2016-02-10 13:04 - 2016-01-26 20:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-02-10 13:03 - 2016-01-26 21:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-02-10 13:00 - 2016-01-26 21:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-02-10 12:59 - 2016-01-26 21:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-02-10 12:59 - 2016-01-26 21:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-02-10 12:58 - 2016-01-26 22:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-02-10 12:58 - 2016-01-26 21:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-02-10 12:58 - 2016-01-26 21:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-02-10 12:58 - 2016-01-26 21:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-02-10 12:58 - 2016-01-26 20:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-02-10 12:58 - 2016-01-26 20:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-02-10 12:58 - 2016-01-26 20:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-02-10 12:58 - 2016-01-26 20:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-02-10 12:58 - 2016-01-26 20:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-02-10 12:57 - 2016-02-10 12:57 - 05664688 _____ (AVAST Software) C:\Users\Jesus Christ Reigns\Downloads\avast_internet_security_setup_online.exe
2016-02-10 12:57 - 2016-01-28 22:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2016-02-10 12:57 - 2016-01-28 22:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2016-02-10 12:57 - 2016-01-26 21:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
2016-02-10 12:57 - 2016-01-26 21:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
2016-02-10 12:57 - 2016-01-26 21:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-02-10 12:57 - 2016-01-26 20:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-02-10 12:57 - 2016-01-26 20:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-02-10 12:57 - 2016-01-26 20:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-02-10 12:57 - 2016-01-26 20:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-02-10 12:57 - 2016-01-26 20:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-02-10 12:56 - 2016-01-26 22:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-02-10 12:56 - 2016-01-26 22:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-02-10 12:56 - 2016-01-26 22:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-02-10 12:56 - 2016-01-26 22:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-02-10 12:56 - 2016-01-26 21:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
2016-02-10 12:56 - 2016-01-26 21:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-02-10 12:56 - 2016-01-26 21:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
2016-02-10 12:56 - 2016-01-26 21:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
2016-02-10 12:56 - 2016-01-26 21:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-02-10 12:56 - 2016-01-26 21:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
2016-02-10 12:56 - 2016-01-26 21:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2016-02-10 12:56 - 2016-01-26 21:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
2016-02-10 12:56 - 2016-01-26 21:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-02-10 12:56 - 2016-01-26 21:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-02-10 12:56 - 2016-01-26 21:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-02-10 12:56 - 2016-01-26 21:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
2016-02-10 12:56 - 2016-01-26 21:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
2016-02-10 12:56 - 2016-01-26 21:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2016-02-10 12:56 - 2016-01-26 20:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
2016-02-10 12:56 - 2016-01-26 20:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-02-10 12:56 - 2016-01-26 20:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2016-02-10 12:56 - 2016-01-26 20:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-02-10 12:56 - 2016-01-26 20:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2016-02-10 12:56 - 2016-01-26 20:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-02-10 12:55 - 2016-01-26 21:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
2016-02-10 12:55 - 2016-01-26 21:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
2016-02-10 12:55 - 2016-01-26 21:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-02-10 12:55 - 2016-01-26 21:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-02-10 12:55 - 2016-01-26 21:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
2016-02-10 12:55 - 2016-01-26 21:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
2016-02-10 12:55 - 2016-01-26 21:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
2016-02-10 12:55 - 2016-01-26 21:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
2016-02-10 12:55 - 2016-01-26 21:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-02-10 12:55 - 2016-01-26 21:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-02-10 12:55 - 2016-01-26 21:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-02-10 12:55 - 2016-01-26 21:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
2016-02-10 12:55 - 2016-01-26 20:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-02-10 12:55 - 2016-01-26 20:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
2016-02-10 12:55 - 2016-01-26 20:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
2016-02-10 12:55 - 2016-01-26 20:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2016-02-10 12:55 - 2016-01-26 20:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
2016-02-10 12:54 - 2015-11-24 00:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2016-02-10 12:54 - 2015-11-12 21:40 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-02-10 12:52 - 2015-12-06 20:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-02-10 12:52 - 2015-11-24 02:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2016-02-10 12:52 - 2015-11-24 01:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2016-02-10 12:52 - 2015-11-24 01:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2016-02-10 12:52 - 2015-11-24 00:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-02-10 12:52 - 2015-11-22 02:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2016-02-10 12:52 - 2015-11-22 01:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2016-02-10 12:52 - 2015-11-12 22:04 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-02-10 12:48 - 2016-02-10 12:49 - 00242056 _____ C:\Users\Jesus Christ Reigns\Downloads\Firefox Setup Stub 44.0.1.exe
2016-02-10 12:21 - 2016-02-10 12:21 - 13677800 _____ (Google) C:\Users\Jesus Christ Reigns\Downloads\picasa39-setup.exe
2016-02-10 11:02 - 2016-02-26 15:37 - 00000000 ____D C:\$SysReset
2016-02-09 13:37 - 2016-02-10 13:24 - 08388608 _____ C:\Users\Jesus Christ Reigns\Downloads\mozilla_firefox.vhdx
2016-02-09 13:34 - 2016-02-09 13:34 - 00000000 _____ C:\Users\Jesus Christ Reigns\Downloads\Firefox Setup Stub 44_0_1_exe (3).hkthpkw.partial
2016-02-09 13:34 - 2016-02-09 13:34 - 00000000 _____ C:\Users\Jesus Christ Reigns\Downloads\Firefox Setup Stub 44_0_1_exe (2).o8bwv8w.partial
2016-02-09 13:33 - 2016-02-09 13:33 - 00000000 _____ C:\Users\Jesus Christ Reigns\Downloads\Firefox Setup Stub 44_0_1_exe (1).39x1uqw.partial
2016-02-09 13:32 - 2016-02-09 13:32 - 00000000 _____ C:\Users\Jesus Christ Reigns\Downloads\Firefox Setup Stub 44_0_1_exe.w36ef6z.partial
2016-02-09 12:01 - 2016-02-10 10:33 - 00000000 ____D C:\Users\Jesus Christ Reigns\Downloads\ProcessExplorer
2016-02-09 12:01 - 2016-02-09 12:01 - 01270466 _____ C:\Users\Jesus Christ Reigns\Downloads\ProcessExplorer (1).zip
2016-02-09 12:00 - 2016-02-09 12:00 - 01270466 _____ C:\Users\Jesus Christ Reigns\Downloads\ProcessExplorer.zip
2016-02-09 10:56 - 2016-02-09 11:06 - 00249014 _____ C:\TDSSKiller.3.1.0.9_09.02.2016_10.56.14_log.txt
2016-02-08 13:02 - 2016-02-08 13:02 - 00000000 ____D C:\SFCFix
2016-02-08 12:00 - 2016-02-08 12:00 - 00061144 _____ C:\sfcdetails.txt
2016-02-08 10:34 - 2016-02-08 10:34 - 00339360 _____ C:\Users\Jesus Christ Reigns\Downloads\Virus_Remover.zip
2016-02-08 09:19 - 2016-02-27 10:33 - 00879096 _____ (Microsoft Corporation) C:\Users\Jesus Christ Reigns\Downloads\NetFxRepairTool (1).exe
2016-02-08 09:14 - 2016-02-08 09:14 - 00879096 _____ (Microsoft Corporation) C:\Users\Jesus Christ Reigns\Downloads\NetFxRepairTool.exe
2016-02-08 06:59 - 2016-02-08 06:59 - 00000000 ____D C:\Users\Jesus Christ Reigns\New folder
2016-02-08 06:27 - 2016-02-08 06:27 - 00089525 _____ C:\Users\Jesus Christ Reigns\Downloads\dir.dcr
2016-02-07 16:39 - 2016-02-07 16:39 - 00027783 _____ C:\Users\Jesus Christ Reigns\Downloads\fixlist (8).txt
2016-02-07 13:49 - 2016-02-07 13:49 - 21771104 _____ (Tweaking.com) C:\Users\Jesus Christ Reigns\Downloads\tweaking.com_windows_repair_aio_setup (3).exe
2016-02-07 13:49 - 2016-02-07 13:49 - 21771104 _____ (Tweaking.com) C:\Users\Jesus Christ Reigns\Downloads\tweaking.com_windows_repair_aio_setup (2).exe
2016-02-06 17:33 - 2016-02-06 17:33 - 00027783 _____ C:\Users\Jesus Christ Reigns\Downloads\fixlist (7).txt
2016-02-06 17:06 - 2016-02-06 17:06 - 00001669 _____ C:\Users\Jesus Christ Reigns\Downloads\fixlist (6).txt
2016-02-04 10:27 - 2016-02-04 10:27 - 01609032 _____ (Malwarebytes) C:\Users\Jesus Christ Reigns\Downloads\JRT (1).exe
2016-02-04 09:18 - 2016-02-04 09:18 - 01201784 _____ (RaMMicHaeL) C:\Users\Jesus Christ Reigns\Downloads\unchecky_setup.exe
2016-02-03 17:41 - 2016-02-03 17:42 - 00122046 _____ C:\TDSSKiller.3.1.0.9_03.02.2016_17.41.50_log.txt
2016-02-03 12:27 - 2016-02-18 08:46 - 06330144 _____ (Carifred) C:\Users\Jesus Christ Reigns\Downloads\UVKSetup.exe
2016-02-02 15:59 - 2016-02-02 15:59 - 06203680 _____ (Carifred) C:\Users\Jesus Christ Reigns\Downloads\UVKPortable.exe
2016-02-02 08:25 - 2016-02-02 08:25 - 00000811 _____ C:\Users\Public\Desktop\Windows Repair Toolbox.lnk
2016-02-02 08:24 - 2016-02-02 08:25 - 01891899 _____ (Alexandre Miguel Canotilho Coelho ) C:\Users\Jesus Christ Reigns\Downloads\Windows_Repair_Toolbox_setup.exe
2016-02-02 08:18 - 2016-01-31 09:21 - 00000926 _____ C:\Users\Jesus Christ Reigns\Documents\Tweaks.reg
2016-01-31 12:37 - 2016-01-31 12:38 - 05111240 _____ (Piriform Ltd) C:\Users\Jesus Christ Reigns\Downloads\spsetup129.exe
2016-01-31 12:01 - 2016-02-10 10:34 - 00000000 ____D C:\Users\Jesus Christ Reigns\Downloads\nirsoft_package_1.19.70
2016-01-31 11:01 - 2016-01-31 11:02 - 05080376 _____ (AVAST Software) C:\Users\Jesus Christ Reigns\Downloads\avast_free_antivirus_setup_online.exe
2016-01-31 09:14 - 2016-01-31 09:14 - 00003101 _____ C:\Users\Jesus Christ Reigns\Downloads\fixlist (5).txt
2016-01-30 17:14 - 2016-01-30 17:14 - 00852720 _____ C:\Users\Jesus Christ Reigns\Downloads\SecurityCheck (2).exe
2016-01-30 17:08 - 2016-01-30 17:08 - 00002918 _____ C:\Users\Jesus Christ Reigns\Downloads\fixlist (4).txt
2016-01-30 13:11 - 2016-01-30 13:11 - 13393245 _____ C:\Users\Jesus Christ Reigns\Downloads\MuscleCars.themepack
2016-01-30 13:07 - 2016-01-30 13:07 - 02488196 _____ C:\Users\Jesus Christ Reigns\Downloads\24.themepack
2016-01-30 13:05 - 2016-01-30 13:05 - 01844744 _____ C:\Users\Jesus Christ Reigns\Downloads\BMW 5-series.themepack
2016-01-30 13:03 - 2016-01-30 13:03 - 19039376 _____ C:\Users\Jesus Christ Reigns\Downloads\ClassicSportsCars.themepack
2016-01-29 16:01 - 2016-01-29 16:01 - 00001536 _____ C:\Users\Jesus Christ Reigns\Documents\fixlist.txt
2016-01-29 12:32 - 2016-01-30 14:40 - 00014673 _____ C:\Users\Jesus Christ Reigns\Documents\hosts.txt
2016-01-29 12:31 - 2016-01-29 12:31 - 00000855 _____ C:\Users\Jesus Christ Reigns\Documents\hosts.old.txt
2016-01-28 10:24 - 2016-01-28 10:24 - 01371668 _____ (Igor Pavlov) C:\Users\Jesus Christ Reigns\Downloads\7z1514-x64.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-02-27 13:20 - 2015-11-30 14:59 - 00000000 ____D C:\FRST
2016-02-27 13:08 - 2015-09-24 08:12 - 00000000 ____D C:\Users\Jesus Christ Reigns\IntelGraphicsProfiles
2016-02-27 13:08 - 2015-09-24 07:25 - 00000000 ___RD C:\Users\Jesus Christ Reigns\OneDrive
2016-02-27 06:56 - 2015-09-09 21:42 - 00000000 ___RD C:\Users\Public\AccountPictures
2016-02-26 15:57 - 2015-10-29 23:19 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
2016-02-26 15:57 - 2015-10-29 23:19 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.tlb
2016-02-26 15:57 - 2015-10-29 23:19 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\amcompat.tlb
2016-02-26 15:57 - 2015-10-29 23:18 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-02-26 15:57 - 2015-10-29 23:18 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
2016-02-26 15:57 - 2015-10-29 23:18 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetppui.dll
2016-02-26 15:57 - 2015-10-29 23:18 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
2016-02-26 15:56 - 2015-10-29 23:19 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFS.exe
2016-02-26 15:56 - 2015-10-29 23:19 - 00859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSST.dll
2016-02-26 15:56 - 2015-10-29 23:19 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFSR.dll
2016-02-26 15:56 - 2015-10-29 23:19 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMPOSE.dll
2016-02-26 15:56 - 2015-10-29 23:19 - 00253080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
2016-02-26 15:56 - 2015-10-29 23:19 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOVER.exe
2016-02-26 15:56 - 2015-10-29 23:19 - 00194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unregmp2.exe
2016-02-26 15:56 - 2015-10-29 23:19 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSUTILITY.dll
2016-02-26 15:56 - 2015-10-29 23:19 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
2016-02-26 15:56 - 2015-10-29 23:19 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMPOSERES.dll
2016-02-26 15:56 - 2015-10-29 23:18 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
2016-02-26 15:55 - 2015-10-29 23:20 - 00926208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSRESM.dll
2016-02-26 15:55 - 2015-10-29 23:20 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
2016-02-26 15:55 - 2015-10-29 23:20 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
2016-02-26 15:55 - 2015-10-29 23:20 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOM.dll
2016-02-26 15:55 - 2015-10-29 23:20 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinFax.dll
2016-02-26 15:55 - 2015-10-29 23:19 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
2016-02-26 15:55 - 2015-10-29 23:19 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpps.dll
2016-02-26 15:55 - 2015-10-29 23:19 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
2016-02-26 15:55 - 2015-10-29 23:19 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSXP32.dll
2016-02-26 15:55 - 2015-10-29 23:19 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.tlb
2016-02-26 15:55 - 2015-10-29 23:19 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSEXT32.dll
2016-02-26 15:55 - 2015-10-29 23:19 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\amcompat.tlb
2016-02-26 15:54 - 2015-10-29 23:19 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-02-26 15:54 - 2015-10-29 23:19 - 09375232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
2016-02-26 15:54 - 2015-10-29 23:19 - 00926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSRESM.dll
2016-02-26 15:54 - 2015-10-29 23:19 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
2016-02-26 15:54 - 2015-10-29 23:19 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSTIFF.dll
2016-02-26 15:54 - 2015-10-29 23:19 - 00388896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
2016-02-26 15:54 - 2015-10-29 23:19 - 00305296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
2016-02-26 15:54 - 2015-10-29 23:19 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
2016-02-26 15:54 - 2015-10-29 23:19 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXST30.dll
2016-02-26 15:54 - 2015-10-29 23:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\unregmp2.exe
2016-02-26 15:54 - 2015-10-29 23:19 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOM.dll
2016-02-26 15:54 - 2015-10-29 23:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinFax.dll
2016-02-26 15:54 - 2015-10-29 23:19 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
2016-02-26 15:54 - 2015-10-29 23:19 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
2016-02-26 15:54 - 2015-10-29 23:19 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
2016-02-26 15:53 - 2015-10-29 23:19 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-02-26 15:53 - 2015-10-29 23:19 - 09375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
2016-02-26 15:53 - 2015-10-29 23:19 - 00651776 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSSVC.exe
2016-02-26 15:53 - 2015-10-29 23:19 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSROUTE.dll
2016-02-26 15:53 - 2015-10-29 23:19 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSMON.dll
2016-02-26 15:53 - 2015-10-29 23:19 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSUNATD.exe
 
2016-02-26 15:53 - 2015-10-29 23:19 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
2016-02-26 15:53 - 2015-10-29 23:19 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSEVENT.dll
2016-02-26 15:53 - 2015-10-29 23:19 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
2016-02-26 15:53 - 2015-10-29 23:19 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
2016-02-26 15:53 - 2015-10-29 23:18 - 01554152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2016-02-26 15:53 - 2015-10-29 23:18 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
2016-02-26 15:17 - 2015-10-02 10:44 - 00000000 ____D C:\Windows_Repair_Toolbox
2016-02-26 15:02 - 2016-01-12 11:13 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Stuff
2016-02-18 12:35 - 2015-12-07 08:19 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\LocalLow\IObit
2016-02-15 11:54 - 2015-12-06 13:34 - 00000000 ____D C:\AdwCleaner
2016-02-10 10:34 - 2016-01-09 09:12 - 00000000 ___RD C:\Users\Jesus Christ Reigns\3D Objects

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-02-26 16:18

==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Jesus Christ Reigns (2016-02-27 13:24:09)
Running from C:\Users\Jesus Christ Reigns\Documents\Stuff\Fixlistarchives\FRST-OlderVersion
Windows 10 Home Version 1511 (X64) (2016-02-27 00:34:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1151840851-2588883232-3208457946-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1151840851-2588883232-3208457946-503 - Limited - Disabled)
Guest (S-1-5-21-1151840851-2588883232-3208457946-501 - Limited - Disabled)
Jesus Christ Reigns (S-1-5-21-1151840851-2588883232-3208457946-1001 - Administrator - Enabled) => C:\Users\Jesus Christ Reigns

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

AVG (Version: 16.41.7442 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.41.7442 - AVG Technologies)
ELAN Touchpad 15.6.3.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.6.3.3 - ELAN Microelectronic Corp.)
FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.5.126 - IObit)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.2 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1151840851-2588883232-3208457946-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1151840851-2588883232-3208457946-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {45456E6C-60C8-47A9-9F57-187F586DF723} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {7EB81812-3458-4C2F-88A4-485CF6CAFC58} - System32\Tasks\AVG_SYS_TASK_0116pi_DELETE => C:\ProgramData\Avg_Update_0116pi\AVG-Secure-Search-Update_0116pi.exe [2016-01-10] ()
Task: {D8296EEB-BB1D-4439-B792-97622FF2AE93} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-27] (Microsoft Corporation)
Task: {E3FCEF24-3085-4E57-97EF-211749B29C11} - System32\Tasks\AVG_SYS_TASK_0116pi => C:\ProgramData\Avg_Update_0116pi\AVG-Secure-Search-Update_0116pi.exe [2016-01-10] ()
Task: {F5C77587-DA41-4D8B-9D11-C75CAF5D99CC} - System32\Tasks\Uninstaller_SkipUac_Jesus_Christ_Reigns => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-01-27] (IObit)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Jesus_Christ_Reigns.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-03 09:30 - 2015-11-22 02:47 - 02653816 _____ () c:\windows\system32\CoreUIComponents.dll
2015-12-03 09:30 - 2015-11-22 02:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 09:30 - 2015-11-22 02:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-30 01:09 - 2015-10-30 01:09 - 00044032 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 08:13 - 2015-12-06 20:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 08:13 - 2015-12-06 20:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 10:28 - 2016-01-04 17:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 10:28 - 2016-01-04 17:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-27 11:09 - 2016-01-15 21:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 11:09 - 2016-01-15 21:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2016-02-27 13:19 - 2016-01-10 01:55 - 02795920 _____ () C:\ProgramData\Avg_Update_0116pi\AVG-Secure-Search-Update_0116pi.exe
2016-02-26 16:43 - 2015-12-23 16:27 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2015-10-30 01:09 - 2015-10-30 01:09 - 00151040 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-10-30 01:09 - 2015-10-30 01:09 - 18818048 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-02-26 16:43 - 2015-12-23 16:27 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-02-26 16:43 - 2015-12-23 16:27 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-02-26 16:43 - 2015-12-23 16:27 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-02-27 13:13 - 2015-04-07 05:34 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-02-26 16:02 - 2016-02-27 11:24 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jesus Christ Reigns\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 216.228.160.4 - 216.228.160.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ETDCtrl =>

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7C924DD7-4E3C-4F3D-9888-977414599B38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C1D5CA33-8BC7-478D-A4FE-16EB4C7A2909}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{01A315DF-2C38-4D00-84A9-4EF1FE6A2037}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{49F54691-33C2-4E85-A17D-905CBDD3DDFA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{B5530ECD-58A4-4ABD-AB22-33C9D8EDEED5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{99945F20-6D33-4F5A-9D9F-218CA6AE907E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{E0A510E6-D98A-4BED-BFA7-D99F162B1428}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{92186D22-3438-42C8-B30E-20AAA115D0DA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{5C29149F-CF96-4494-B273-AA95EC6815E3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{DA50BA1E-4D93-43DD-992D-DFACCF009C8D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

==================== Restore Points =========================

26-02-2016 16:52:24 JRT Pre-Junkware Removal
27-02-2016 13:14:24 Installed AVG 2016
27-02-2016 13:15:21 Installed AVG

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/27/2016 01:22:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_UserDataSvc_2c5f4, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
Exception code: 0xc0000409
Fault offset: 0x000000000002138b
Faulting process id: 0x1d74
Faulting application start time: 0xsvchost.exe_UserDataSvc_2c5f40
Faulting application path: svchost.exe_UserDataSvc_2c5f41
Faulting module path: svchost.exe_UserDataSvc_2c5f42
Report Id: svchost.exe_UserDataSvc_2c5f43
Faulting package full name: svchost.exe_UserDataSvc_2c5f44
Faulting package-relative application ID: svchost.exe_UserDataSvc_2c5f45

Error: (02/27/2016 01:18:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PHILIPMOORE)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (02/27/2016 01:10:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_UserDataSvc_2c5f4, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
Exception code: 0xc0000409
Fault offset: 0x000000000002138b
Faulting process id: 0x1444
Faulting application start time: 0xsvchost.exe_UserDataSvc_2c5f40
Faulting application path: svchost.exe_UserDataSvc_2c5f41
Faulting module path: svchost.exe_UserDataSvc_2c5f42
Report Id: svchost.exe_UserDataSvc_2c5f43
Faulting package full name: svchost.exe_UserDataSvc_2c5f44
Faulting package-relative application ID: svchost.exe_UserDataSvc_2c5f45

Error: (02/27/2016 01:10:14 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_UserDataSvc_2c5f4, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
Exception code: 0xc0000409
Fault offset: 0x000000000002138b
Faulting process id: 0x1510
Faulting application start time: 0xsvchost.exe_UserDataSvc_2c5f40
Faulting application path: svchost.exe_UserDataSvc_2c5f41
Faulting module path: svchost.exe_UserDataSvc_2c5f42
Report Id: svchost.exe_UserDataSvc_2c5f43
Faulting package full name: svchost.exe_UserDataSvc_2c5f44
Faulting package-relative application ID: svchost.exe_UserDataSvc_2c5f45

Error: (02/27/2016 01:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_UserDataSvc_2c5f4, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
Exception code: 0xc0000409
Fault offset: 0x000000000002138b
Faulting process id: 0xf3c
Faulting application start time: 0xsvchost.exe_UserDataSvc_2c5f40
Faulting application path: svchost.exe_UserDataSvc_2c5f41
Faulting module path: svchost.exe_UserDataSvc_2c5f42
Report Id: svchost.exe_UserDataSvc_2c5f43
Faulting package full name: svchost.exe_UserDataSvc_2c5f44
Faulting package-relative application ID: svchost.exe_UserDataSvc_2c5f45

Error: (02/27/2016 01:09:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_UserDataSvc_2c5f4, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
Exception code: 0xc0000409
Fault offset: 0x000000000002138b
Faulting process id: 0x93c
Faulting application start time: 0xsvchost.exe_UserDataSvc_2c5f40
Faulting application path: svchost.exe_UserDataSvc_2c5f41
Faulting module path: svchost.exe_UserDataSvc_2c5f42
Report Id: svchost.exe_UserDataSvc_2c5f43
Faulting package full name: svchost.exe_UserDataSvc_2c5f44
Faulting package-relative application ID: svchost.exe_UserDataSvc_2c5f45

Error: (02/27/2016 01:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_UserDataSvc_2c5f4, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
Exception code: 0xc0000409
Fault offset: 0x000000000002138b
Faulting process id: 0x13a0
Faulting application start time: 0xsvchost.exe_UserDataSvc_2c5f40
Faulting application path: svchost.exe_UserDataSvc_2c5f41
Faulting module path: svchost.exe_UserDataSvc_2c5f42
Report Id: svchost.exe_UserDataSvc_2c5f43
Faulting package full name: svchost.exe_UserDataSvc_2c5f44
Faulting package-relative application ID: svchost.exe_UserDataSvc_2c5f45

Error: (02/27/2016 01:09:04 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_UserDataSvc_2c5f4, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
Exception code: 0xc0000409
Fault offset: 0x000000000002138b
Faulting process id: 0x1788
Faulting application start time: 0xsvchost.exe_UserDataSvc_2c5f40
Faulting application path: svchost.exe_UserDataSvc_2c5f41
Faulting module path: svchost.exe_UserDataSvc_2c5f42
Report Id: svchost.exe_UserDataSvc_2c5f43
Faulting package full name: svchost.exe_UserDataSvc_2c5f44
Faulting package-relative application ID: svchost.exe_UserDataSvc_2c5f45

Error: (02/27/2016 12:50:50 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_UserDataSvc_2f3d2, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
Exception code: 0xc0000409
Fault offset: 0x000000000002138b
Faulting process id: 0x1974
Faulting application start time: 0xsvchost.exe_UserDataSvc_2f3d20
Faulting application path: svchost.exe_UserDataSvc_2f3d21
Faulting module path: svchost.exe_UserDataSvc_2f3d22
Report Id: svchost.exe_UserDataSvc_2f3d23
Faulting package full name: svchost.exe_UserDataSvc_2f3d24
Faulting package-relative application ID: svchost.exe_UserDataSvc_2f3d25

Error: (02/27/2016 12:50:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_UserDataSvc_2f3d2, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
Exception code: 0xc0000409
Fault offset: 0x000000000002138b
Faulting process id: 0x1834
Faulting application start time: 0xsvchost.exe_UserDataSvc_2f3d20
Faulting application path: svchost.exe_UserDataSvc_2f3d21
Faulting module path: svchost.exe_UserDataSvc_2f3d22
Report Id: svchost.exe_UserDataSvc_2f3d23
Faulting package full name: svchost.exe_UserDataSvc_2f3d24
Faulting package-relative application ID: svchost.exe_UserDataSvc_2f3d25


System errors:
=============
Error: (02/27/2016 01:22:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Data Access_2c5f4 service terminated unexpectedly. It has done this 7 time(s).

Error: (02/27/2016 01:22:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Data Storage_2c5f4 service terminated unexpectedly. It has done this 7 time(s).

Error: (02/27/2016 01:22:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Contact Data_2c5f4 service terminated unexpectedly. It has done this 7 time(s).

Error: (02/27/2016 01:11:24 PM) (Source: DCOM) (EventID: 10016) (User: PHILIPMOORE)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PhilipMooreJesus Christ ReignsS-1-5-21-1151840851-2588883232-3208457946-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (02/27/2016 01:11:24 PM) (Source: DCOM) (EventID: 10016) (User: PHILIPMOORE)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PhilipMooreJesus Christ ReignsS-1-5-21-1151840851-2588883232-3208457946-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (02/27/2016 01:11:23 PM) (Source: DCOM) (EventID: 10016) (User: PHILIPMOORE)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PhilipMooreJesus Christ ReignsS-1-5-21-1151840851-2588883232-3208457946-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (02/27/2016 01:10:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Data Access_2c5f4 service terminated unexpectedly. It has done this 6 time(s).

Error: (02/27/2016 01:10:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Data Storage_2c5f4 service terminated unexpectedly. It has done this 6 time(s).

Error: (02/27/2016 01:10:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Contact Data_2c5f4 service terminated unexpectedly. It has done this 6 time(s).

Error: (02/27/2016 01:10:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Sync Host_2c5f4 service terminated unexpectedly. It has done this 4 time(s).


CodeIntegrity:
 
===================================
Date: 2016-02-27 06:55:36.469
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-27 06:46:40.642
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-26 16:21:28.609
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 45%
Total physical RAM: 3977.7 MB
Available physical RAM: 2187.67 MB
Total Virtual: 5385.7 MB
Available Virtual: 3615.76 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.38 GB) (Free:418.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EC3041B2)

Partition: GPT.

==================== End of Addition.txt ============================
 
redtarget.gif
Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2
  • Close all the running programs
  • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
  • Otherwise just double-click on RogueKiller.exe
  • Pre-scan will start. Let it finish.
  • Click on SCAN button.
  • Wait until the Status box shows Scan Finished
  • Click on Delete.
  • Wait until the Status box shows Deleting Finished.
  • Click on Report and copy/paste the content of the Notepad into your next reply.
  • RKreport.txt could also be found on your desktop.
  • If more than one log is produced post all logs.
  • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
redtarget.gif
Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.
  • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to the following:
  • Launch Malwarebytes Anti-Malware
  • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
  • Click Finish.
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
If you already have MBAM 2.0 installed:
  • On the Dashboard, click the 'Update Now >>' link
  • After the update completes, click the 'Scan Now >>' button.
  • Or, on the Dashboard, click the Scan Now >> button.
  • If an update is available, click the Update Now button.
  • A Threat Scan will begin.
  • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
  • In most cases, a restart will be required.
  • Wait for the prompt to restart the computer to appear, then click on Yes.
How to get logs:
(Export log to save as txt)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Export'.
  • Click 'Text file (*.txt)'
  • In the Save File dialog box which appears, click on Desktop.
  • In the File name: box type a name for your scan log.
  • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
  • Click Ok
  • Attach that saved log to your next reply.
(Copy to clipboard for pasting into forum replies or tickets)
  • After the restart once you are back at your desktop, open MBAM once more.
  • Click on the History tab > Application Logs.
  • Double click on the Scan Log which shows the Date and time of the scan just performed.
  • Click 'Copy to Clipboard'
  • Paste the contents of the clipboard into your reply.
redtarget.gif
Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Double click on adwcleaner.exe to run the tool.
  • Click on Scan button.
  • When the scan has finished click on Clean button.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the contents of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.
redtarget.gif
Please download Junkware Removal Tool to your desktop.
  • Shut down your protection software now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Post the contents of JRT.txt into your next message.
 
I believe the '192...' reference is my own ISP but I'm wondering about the '127...' as being
an Intruder?
When I go to a Administrator Command Prompt I see this info
about my network connection. When typing the command 'ipconfig'

Wireless LAN adapter Wi-Fi:

Connection-specific DNS Suffix . : bendbroadband.com
IPv4 Address. . . . . . . . . . . : 192.168.0.7
Subnet Mask . . . . . . . . . . . : 255.255.255.0
Default Gateway . . . . . . . . . : 192.168.0.1

When typing netstat -ano I get this info:
Active Connections

Proto Local Address Foreign Address State PID
TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1328
TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4
TCP 0.0.0.0:7112 0.0.0.0:0 LISTENING 3596
TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 1036
TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1528
TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1828
TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 2304
TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 1172
TCP 0.0.0.0:49673 0.0.0.0:0 LISTENING 1164
TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING 7444
TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING 6636

TCP 127.0.0.1:27015 127.0.0.1:51601 ESTABLISHED 6636
TCP 127.0.0.1:51601 127.0.0.1:27015 ESTABLISHED 5036
TCP 127.0.0.1:51609 127.0.0.1:51610 ESTABLISHED 6548
TCP 127.0.0.1:51610 127.0.0.1:51609 ESTABLISHED 6548

TCP 192.168.0.7:139 0.0.0.0:0 LISTENING 4
TCP 192.168.0.7:51571 65.52.108.206:443 ESTABLISHED 6364
TCP 192.168.0.7:51915 193.85.216.234:443 ESTABLISHED 2776
TCP 192.168.0.7:52996 205.217.188.3:443 ESTABLISHED 6548
TCP 192.168.0.7:53067 31.13.76.102:443 ESTABLISHED 7252
TCP 192.168.0.7:53121 0.0.0.0:0 LISTENING 4100
TCP 192.168.0.7:53262 52.84.20.143:80 ESTABLISHED 6548
TCP 192.168.0.7:53273 54.246.120.57:80 ESTABLISHED 6548
TCP 192.168.0.7:53283 52.84.20.83:80 ESTABLISHED 6548
TCP 192.168.0.7:53284 198.54.12.97:80 ESTABLISHED 6548
TCP 192.168.0.7:53325 66.35.58.80:80 ESTABLISHED 6548
TCP 192.168.0.7:53326 52.9.66.80:80 ESTABLISHED 6548
TCP 192.168.0.7:53327 52.9.66.80:80 ESTABLISHED 6548
TCP 192.168.0.7:53346 52.9.66.80:80 ESTABLISHED 6548
TCP 192.168.0.7:53363 54.148.203.11:80 ESTABLISHED 6548
TCP 192.168.0.7:53401 52.71.202.21:80 ESTABLISHED 6548
TCP 192.168.0.7:53403 54.246.120.57:80 ESTABLISHED 6548
TCP 192.168.0.7:53446 52.84.20.232:80 ESTABLISHED 6548
TCP 192.168.0.7:53696 52.36.41.115:443 TIME_WAIT 0
TCP 192.168.0.7:53701 174.35.52.74:80 TIME_WAIT 0
TCP 192.168.0.7:53707 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53708 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53709 23.195.226.106:80 TIME_WAIT 0
TCP 192.168.0.7:53710 23.195.226.106:80 TIME_WAIT 0
TCP 192.168.0.7:53711 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53715 2.19.128.149:443 ESTABLISHED 7796
TCP 192.168.0.7:53716 2.19.128.149:443 ESTABLISHED 7796
TCP 192.168.0.7:53717 54.246.120.57:80 TIME_WAIT 0
TCP 192.168.0.7:53726 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53727 23.195.226.106:80 TIME_WAIT 0
TCP 192.168.0.7:53728 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53729 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53730 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53739 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53740 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53741 23.195.226.106:80 TIME_WAIT 0
TCP 192.168.0.7:53742 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53744 54.246.120.57:80 TIME_WAIT 0
TCP 192.168.0.7:53745 54.246.120.57:80 TIME_WAIT 0
TCP 192.168.0.7:53750 174.35.52.184:80 TIME_WAIT 0
TCP 192.168.0.7:53754 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53755 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53756 23.195.226.106:80 TIME_WAIT 0
TCP 192.168.0.7:53757 23.195.226.106:80 TIME_WAIT 0
TCP 192.168.0.7:53758 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53759 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53761 52.84.20.172:80 ESTABLISHED 6548
TCP 192.168.0.7:53769 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53770 23.195.226.106:80 ESTABLISHED 6548
TCP 192.168.0.7:53771 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53772 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53773 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53776 64.4.54.253:443 ESTABLISHED 2616
TCP 192.168.0.7:53779 174.35.52.78:80 TIME_WAIT 0
TCP 192.168.0.7:53784 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53785 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53787 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53789 54.246.119.203:80 TIME_WAIT 0
TCP 192.168.0.7:53798 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53799 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53800 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53804 174.35.52.88:80 TIME_WAIT 0
TCP 192.168.0.7:53808 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53809 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53811 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53812 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53815 174.35.52.88:80 TIME_WAIT 0
TCP 192.168.0.7:53821 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53822 23.74.52.28:80 TIME_WAIT 0
TCP 192.168.0.7:53823 23.74.52.28:80 TIME_WAIT 0
TCP [::]:135 [::]:0 LISTENING 1328
TCP [::]:445 [::]:0 LISTENING 4
TCP [::]:2869 [::]:0 LISTENING 4
TCP [::]:5357 [::]:0 LISTENING 4
TCP [::]:49664 [::]:0 LISTENING 1036
TCP [::]:49665 [::]:0 LISTENING 1528
TCP [::]:49666 [::]:0 LISTENING 1828
TCP [::]:49667 [::]:0 LISTENING 2304
TCP [::]:49668 [::]:0 LISTENING 1172
TCP [::]:49673 [::]:0 LISTENING 1164
UDP 0.0.0.0:123 *:* 1676
UDP 0.0.0.0:3544 *:* 1528
UDP 0.0.0.0:3702 *:* 1764
UDP 0.0.0.0:3702 *:* 1764
UDP 0.0.0.0:5353 *:* 988
UDP 0.0.0.0:5355 *:* 988
UDP 0.0.0.0:49664 *:* 1764
UDP 0.0.0.0:53230 *:* 7444
UDP 127.0.0.1:1900 *:* 1764
UDP 127.0.0.1:51922 *:* 1764
UDP 127.0.0.1:53232 *:* 6636
UDP 127.0.0.1:53233 *:* 6636
UDP 127.0.0.1:54937 *:* 5036
UDP 127.0.0.1:54938 *:* 5036
UDP 192.168.0.7:137 *:* 4
UDP 192.168.0.7:138 *:* 4
UDP 192.168.0.7:1900 *:* 1764
UDP 192.168.0.7:5050 *:* 1676
UDP 192.168.0.7:5353 *:* 7444
UDP 192.168.0.7:51921 *:* 1764
UDP 192.168.0.7:53121 *:* 4100
UDP 192.168.0.7:62775 *:* 1528
UDP [::]:123 *:* 1676
UDP [::]:3702 *:* 1764
UDP [::]:3702 *:* 1764
UDP [::]:49665 *:* 1764
UDP [::]:53231 *:* 7444
UDP [::1]:1900 *:* 1764
UDP [::1]:5353 *:* 7444
UDP [::1]:51920 *:* 1764
UDP [fe80::148f:ac8:bc33:4b8e%13]:546 *:* 1828
UDP [fe80::148f:ac8:bc33:4b8e%13]:546 *:*
1828


Still waiting on RK and will send logs once it's through.
Thank you.
 
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 2/28/2016
Scan Time: 8:16 AM
Logfile: mbam.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.02.28.03
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Jesus Christ Reigns

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 333749
Time Elapsed: 25 min, 42 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)
 
Malwarebytes Anti-Malware
www.malwarebytes.org


Update, 2/28/2016 8:16 AM, SYSTEM, PHILIPMOORE, Manual, Remediation Database, 2015.9.16.1, 2016.2.22.2,
Update, 2/28/2016 8:16 AM, SYSTEM, PHILIPMOORE, Manual, Rootkit Database, 2015.9.18.1, 2016.2.27.1,
Update, 2/28/2016 8:16 AM, SYSTEM, PHILIPMOORE, Manual, IP Database, 2015.9.21.2, 2016.2.27.1,
Update, 2/28/2016 8:16 AM, SYSTEM, PHILIPMOORE, Manual, Domain Database, 2015.9.22.3, 2016.2.28.2,
Update, 2/28/2016 8:16 AM, SYSTEM, PHILIPMOORE, Manual, Malware Database, 2015.9.22.5, 2016.2.28.3,
Scan, 2/28/2016 8:42 AM, SYSTEM, PHILIPMOORE, Manual, Start:2/28/2016 8:16 AM, Duration:25 min 42 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

(end)
 
# AdwCleaner v5.029 - Logfile created 11/01/2016 at 16:27:34

WHAT DOES THIS MEAN???? LINE ABOVE.

# Updated 11/01/2016 by Xplode
# Database : 2016-01-11.4 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Jesus Christ Reigns - PHILIPMOORE
# Running from : C:\Users\Jesus Christ Reigns\Downloads\adwcleaner_5.029.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\darwendlm

***** [ Web browsers ] *****

[-] [C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla\Firefox\Profiles\wrl94xrb.default-1451927182068\prefs.js] [Preference] Deleted : user_pref("browser.safebrowsing.provider.google.lastupdatetime", "1452557747433");
[-] [C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla\Firefox\Profiles\wrl94xrb.default-1451927182068\prefs.js] [Preference] Deleted : user_pref("browser.safebrowsing.provider.google.nextupdatetime", "1452559476433");
[-] [C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla\Firefox\Profiles\wrl94xrb.default-1451927182068\prefs.js] [Preference] Deleted : user_pref("browser.safebrowsing.provider.mozilla.lastupdatetime", "1452557748384");
[-] [C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla\Firefox\Profiles\wrl94xrb.default-1451927182068\prefs.js] [Preference] Deleted : user_pref("browser.safebrowsing.provider.mozilla.nextupdatetime", "1452561348384");

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1629 bytes] ##########
# AdwCleaner v5.037 - Logfile created 28/02/2016 at 08:50:17
# Updated 28/02/2016 by Xplode
# Database : 2016-02-28.2 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Jesus Christ Reigns - PHILIPMOORE
# Running from : C:\Users\Jesus Christ Reigns\Downloads\adwcleaner_5.037.exe
# Option : Clean
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
[-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
[-] Folder Deleted : C:\ProgramData\AVG Secure Search

***** [ Files ] *****

[-] File Deleted : C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla\Firefox\Profiles\5c99sxj0.default\extensions\Avg@toolbar.xpi

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

*************************

C:\AdwCleaner\AdwCleaner[C1].txt - [2341 bytes] - [06/12/2015 13:39:52]
C:\AdwCleaner\AdwCleaner[C2].txt - [2661 bytes] - [10/01/2016 12:35:42]
C:\AdwCleaner\AdwCleaner[C3].txt - [4477 bytes] - [11/01/2016 16:27:34]
C:\AdwCleaner\AdwCleaner[C4].txt - [1018 bytes] - [15/01/2016 17:53:40]
C:\AdwCleaner\AdwCleaner[S1].txt - [2097 bytes] - [06/12/2015 13:34:45]
C:\AdwCleaner\AdwCleaner[S2].txt - [2816 bytes] - [01/01/2016 09:21:30]
C:\AdwCleaner\AdwCleaner[S3].txt - [4535 bytes] - [10/01/2016 12:20:30]
C:\AdwCleaner\AdwCleaner[S4].txt - [362 bytes] - [11/01/2016 08:40:45]
C:\AdwCleaner\AdwCleaner[S5].txt - [681 bytes] - [11/01/2016 09:23:48]
C:\AdwCleaner\AdwCleaner[S6].txt - [1586 bytes] - [11/01/2016 16:21:31]
C:\AdwCleaner\AdwCleaner[S7].txt - [914 bytes] - [15/01/2016 17:50:38]

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [5131 bytes] ##########
 
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.3 (02.09.2016)
Operating System: Windows 10 Home x64
Ran by Jesus Christ Reigns (Administrator) on Sun 02/28/2016 at 9:05:57.40
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\ProgramData\productdata (Folder)
Successfully deleted: C:\Users\Jesus Christ Reigns\AppData\Roaming\productdata (Folder)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 02/28/2016 at 9:07:52.30
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 
RogueKiller V11.0.13.0 [Feb 22 2016] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10586) 64 bits version
Started in : Normal mode
User : Jesus Christ Reigns [Administrator]
Started from : C:\Users\Jesus Christ Reigns\Downloads\RogueKiller.exe
Mode : Delete -- Date : 02/28/2016 08:09:09

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 7 ¤¤¤
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll) -> Deleted
[PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll) -> Deleted
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 216.228.160.4 216.228.160.3 ([X][X]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 216.228.160.4 216.228.160.3 ([X][X]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f63f147d-9902-4615-8b2f-0297621c110d} | DhcpNameServer : 216.228.160.4 216.228.160.3 ([X][X]) -> Not selected
[PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f63f147d-9902-4615-8b2f-0297621c110d} | DhcpNameServer : 216.228.160.4 216.228.160.3 ([X][X]) -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 1 ¤¤¤
[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Deleted
[PUP][File] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DIFxAPI.dll -> Deleted
[PUP][File] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe -> Deleted
[PUP][File] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DIFxInstallLog.txt -> Deleted
[PUP][File] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\GEARAspiWDM.inf -> Deleted
[PUP][File] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\gearaspiwdmx64.cat -> Deleted
[PUP][File] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64\GEARAspi.dll -> Deleted
[PUP][File] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64\GEARAspi64.dll -> Deleted
[PUP][File] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64\GEARAspiWDM.sys -> Deleted
[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64 -> Deleted
[PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64 -> Deleted

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 1 ¤¤¤
[PUP][FIREFX:Addon] 5c99sxj0.default : AVG Web TuneUp [avg@toolbar] -> Not selected

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: WDC WD5000LPVX-22V0TT0 +++++
--- User ---
[MBR] 43126f3adc47adacacc6fd31c8958445
[BSP] 828d19adbf4bd1bd48f5fe84ae37e5ef : Windows Vista/7/8 MBR Code
Partition table:
0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 16 MB
2 - Basic data partition | Offset (sectors): 239616 | Size: 475527 MB
3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 974120960 | Size: 845 MB
User = LL1 ... OK
User = LL2 ... OK
 
Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

  • Double click to run it.
  • Make sure you checkmark Addition.txt box.
  • Press Scan button.
  • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
 
I seriously wished I had taken a video of my desktop during the hacked attack. The moving cursor that was not me, resulted in placing all types of icons on my desktop without my consent. (mostly tmp files but .dll files too) When attempting to start trojan scans I would have to fight with the cursor to stop them. When using FRST it was like pulling teeth to remove files. I would attempt to click on the file and the cursor continued to move away. Had I not known shortcuts using cut, copy past, I'm not sure it would have allowed anything. It was the same way when I went to restore the OS. If I didn't know that I've already been there it would make one think he was going crazy! LOL
Before you ask I don't visit porn sites or any other that are considered iffy.
I used Process Explorer to attempt to cease the action. I'm not an expert with Procexplorer but have a laymens understanding of how it works. I couldn't stop the hack using that.
How can I verify that this event has ceased?
 
Last edited:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
Ran by Jesus Christ Reigns (2016-02-28 12:25:08)
Running from C:\Users\Jesus Christ Reigns\Documents\Stuff\Fixlistarchives\FRST-OlderVersion
Windows 10 Home Version 1511 (X64) (2016-02-27 00:34:03)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1151840851-2588883232-3208457946-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1151840851-2588883232-3208457946-503 - Limited - Disabled)
Guest (S-1-5-21-1151840851-2588883232-3208457946-501 - Limited - Disabled)
Jesus Christ Reigns (S-1-5-21-1151840851-2588883232-3208457946-1001 - Administrator - Enabled) => C:\Users\Jesus Christ Reigns

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
AVG (Version: 16.41.7442 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4537 - AVG Technologies) Hidden
AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.22.1.58906 - AVG Technologies)
AVG PC TuneUp (x32 Version: 16.22.3 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.41.7442 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.6.552 - AVG Technologies)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
ELAN Touchpad 15.6.3.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.6.3.3 - ELAN Microelectronic Corp.)
FMW 1 (Version: 1.62.2 - AVG Technologies) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.5.126 - IObit)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla)
Pretty Good Solitaire version 15.1.0 (HKLM-x32\...\Pretty Good Solitaire_is1) (Version: 15.1.0 - Goodsol Development Inc.)
QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.2 - Tweaking.com)
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1151840851-2588883232-3208457946-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1151840851-2588883232-3208457946-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {45456E6C-60C8-47A9-9F57-187F586DF723} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
Task: {868D9670-2A41-46D2-8212-C3A580862189} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-27] (Microsoft Corporation)
Task: {DA7F0B4D-BDC7-4375-A401-1229C6B89E30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {FAFA0D86-82BA-4DCE-B8A8-B6F5E66A4FA5} - System32\Tasks\{941D2DFD-FF11-4D26-BD70-3C302B1B8770} => pcalua.exe -a "C:\Program Files (x86)\iTunes\iTunes.exe" -d "C:\Users\Jesus Christ Reigns\Desktop"

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-03 09:30 - 2015-11-22 02:47 - 02653816 _____ () c:\windows\system32\CoreUIComponents.dll
2016-02-27 13:25 - 2016-02-27 13:23 - 01215560 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-12-03 09:30 - 2015-11-22 02:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-03 09:30 - 2015-11-22 02:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2016-02-27 13:46 - 2016-02-27 13:47 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-18 08:13 - 2015-12-06 20:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 08:13 - 2015-12-06 20:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-12 10:28 - 2016-01-04 17:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 10:28 - 2016-01-04 17:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-27 11:09 - 2016-01-15 21:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 11:09 - 2016-01-15 21:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2016-02-26 16:43 - 2015-12-23 16:27 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
2016-02-27 13:46 - 2016-02-27 13:47 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-02-27 13:46 - 2016-02-27 13:47 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2016-02-26 16:43 - 2015-12-23 16:27 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
2016-02-26 16:43 - 2015-12-23 16:27 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
2016-02-26 16:43 - 2015-12-23 16:27 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
2016-02-27 13:13 - 2015-04-07 05:34 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2016-02-26 16:02 - 2016-02-27 11:24 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 localhost

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jesus Christ Reigns\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 216.228.160.4 - 216.228.160.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\startupreg: ETDCtrl =>
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "QuickTime Task"
HKLM\...\StartupApproved\Run32: => "vProt"
HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [{7C924DD7-4E3C-4F3D-9888-977414599B38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C1D5CA33-8BC7-478D-A4FE-16EB4C7A2909}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{01A315DF-2C38-4D00-84A9-4EF1FE6A2037}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{49F54691-33C2-4E85-A17D-905CBDD3DDFA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{B5530ECD-58A4-4ABD-AB22-33C9D8EDEED5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{99945F20-6D33-4F5A-9D9F-218CA6AE907E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{E0A510E6-D98A-4BED-BFA7-D99F162B1428}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{92186D22-3438-42C8-B30E-20AAA115D0DA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{5C29149F-CF96-4494-B273-AA95EC6815E3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{DA50BA1E-4D93-43DD-992D-DFACCF009C8D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{3BFAE7D3-F825-4249-B817-D8AE1A2E8DA1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{39E90977-3592-4B2B-9CCE-EC441CE1B700}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{924E4C84-3F95-4B4C-9E77-303EF4AB274F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{3CE4E793-D8CE-433A-A8C3-186C561962D4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{5119C7D9-B62B-4D9C-B8CC-458037E41761}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

26-02-2016 16:52:24 JRT Pre-Junkware Removal
27-02-2016 13:14:24 Installed AVG 2016
27-02-2016 13:15:21 Installed AVG
27-02-2016 14:30:18 Installed iTunes
27-02-2016 14:38:10 Installed iTunes
27-02-2016 15:37:55 Checkpoint by HitmanPro
27-02-2016 15:39:35 Checkpoint by HitmanPro
27-02-2016 15:47:54 JRT Pre-Junkware Removal
27-02-2016 17:40:07 Installed iTunes
28-02-2016 08:59:22 JRT Pre-Junkware Removal
28-02-2016 09:05:57 JRT Pre-Junkware Removal
28-02-2016 09:33:20 Installed iTunes

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (02/28/2016 09:58:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 4 seconds

Error: (02/28/2016 09:58:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 3 seconds

Error: (02/28/2016 09:58:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 3 seconds

Error: (02/28/2016 09:58:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 3 seconds

Error: (02/28/2016 09:58:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 4 seconds

Error: (02/28/2016 09:57:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 4 seconds

Error: (02/28/2016 09:57:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 4 seconds

Error: (02/28/2016 09:57:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 4 seconds

Error: (02/28/2016 09:57:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 5 seconds
 
Error: (02/28/2016 09:57:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 4 seconds


System errors:
=============
Error: (02/28/2016 10:41:27 AM) (Source: DCOM) (EventID: 10016) (User: PHILIPMOORE)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PhilipMooreJesus Christ ReignsS-1-5-21-1151840851-2588883232-3208457946-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (02/28/2016 10:41:27 AM) (Source: DCOM) (EventID: 10016) (User: PHILIPMOORE)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PhilipMooreJesus Christ ReignsS-1-5-21-1151840851-2588883232-3208457946-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

Error: (02/28/2016 09:55:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Data Access_2e4a0 service terminated unexpectedly. It has done this 7 time(s).

Error: (02/28/2016 09:55:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Data Storage_2e4a0 service terminated unexpectedly. It has done this 7 time(s).

Error: (02/28/2016 09:55:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Contact Data_2e4a0 service terminated unexpectedly. It has done this 7 time(s).

Error: (02/28/2016 09:39:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Data Access_2e4a0 service terminated unexpectedly. It has done this 6 time(s).

Error: (02/28/2016 09:39:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Data Storage_2e4a0 service terminated unexpectedly. It has done this 6 time(s).

Error: (02/28/2016 09:39:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Contact Data_2e4a0 service terminated unexpectedly. It has done this 6 time(s).

Error: (02/28/2016 09:39:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Data Access_2e4a0 service terminated unexpectedly. It has done this 5 time(s).

Error: (02/28/2016 09:39:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The User Data Storage_2e4a0 service terminated unexpectedly. It has done this 5 time(s).


CodeIntegrity:
===================================
Date: 2016-02-28 12:25:55.406
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-28 12:25:55.329
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-28 09:33:51.492
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-28 09:32:48.857
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-28 09:07:37.139
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-28 09:07:37.124
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-28 09:07:31.711
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-28 09:07:31.695
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-28 09:00:41.669
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2016-02-28 09:00:41.652
Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 66%
Total physical RAM: 3977.7 MB
Available physical RAM: 1345.2 MB
Total Virtual: 5385.7 MB
Available Virtual: 2532.21 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:464.38 GB) (Free:420.97 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EC3041B2)

Partition: GPT.

==================== End of Addition.txt ============================
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
Ran by Jesus Christ Reigns (administrator) on PHILIPMOORE (28-02-2016 12:23:14)
Running from C:\Users\Jesus Christ Reigns\Documents\Stuff\Fixlistarchives\FRST-OlderVersion
Loaded Profiles: Jesus Christ Reigns (Available Profiles: Jesus Christ Reigns)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\syswow64\IntelCpHeciSvc.exe
() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16408320 1999-12-31] (Realtek Semiconductor)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-02-18] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\...\RunOnce: [Uninstall C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\...\RunOnce: [Uninstall C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-29] (Microsoft Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 216.228.160.4 216.228.160.3
Tcpip\..\Interfaces\{f63f147d-9902-4615-8b2f-0297621c110d}: [DhcpNameServer] 216.228.160.4 216.228.160.3

Internet Explorer:
==================
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =

FireFox:
========
FF ProfilePath: C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla\Firefox\Profiles\5c99sxj0.default
FF Homepage: hxxp://www.google.com/
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1045928 2016-02-18] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [145624 2015-09-10] (ELAN Microelectronics Corp.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-01-13] (Intel Corporation)
R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4364200 2016-02-15] (AVG Technologies CZ, s.r.o.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1215560 2016-02-27] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 athr; C:\Windows\System32\drivers\athw10x.sys [4322440 2015-08-14] (Qualcomm Atheros Communications, Inc.)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [83576 2015-09-24] (Intel Corporation)
S3 IntcAudioBus; C:\Windows\System32\drivers\IntcAudioBus.sys [196904 1999-12-31] (Intel(R) Corporation)
S3 IntcOED; C:\Windows\System32\drivers\IntcOED.sys [613672 1999-12-31] (Intel(R) Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R0 MBI; C:\Windows\System32\drivers\MBI.sys [41464 2015-09-24] (Intel(R) Corporation)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 1999-12-31] (Realtek )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 1999-12-31] (Synaptics Incorporated)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-28] ()
R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
S3 WinRing0_1_2_0; C:\Windows_Repair_Toolbox\Windows_Repair_Toolbox.sys [14544 2016-02-28] (OpenLibSys.org)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Three Months Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2022-03-25 02:48 - 2022-03-25 02:48 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC1.dat
2022-03-25 02:48 - 2022-03-25 02:48 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC0.dat
2022-03-25 01:22 - 2022-03-25 01:22 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTEQEX1.dat
2022-03-25 01:22 - 2022-03-25 01:22 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTEQEX0.dat
2016-02-28 11:41 - 2016-02-15 10:36 - 00045992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2016-02-28 11:41 - 2016-02-15 10:30 - 00037288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\authuitu.dll
2016-02-28 11:41 - 2016-02-15 10:30 - 00032680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\authuitu.dll
2016-02-28 11:40 - 2016-02-28 11:40 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2016-02-28 11:40 - 2016-02-28 11:40 - 00002200 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
2016-02-28 11:37 - 2016-02-28 11:38 - 02944584 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jesus Christ Reigns\Downloads\AVG_PCTuneUp_877 (1).exe
2016-02-28 10:16 - 2016-02-28 10:16 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-02-28 09:40 - 2016-02-28 09:40 - 00076112 ____H C:\WINDOWS\system32\mlfcache.dat
2016-02-28 09:35 - 2016-02-28 09:35 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-02-28 09:35 - 2016-02-28 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-02-28 09:35 - 2016-02-28 09:35 - 00000000 ____D C:\Program Files\iPod
2016-02-28 09:35 - 2016-02-28 09:35 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-02-28 09:34 - 2016-02-28 09:35 - 00000000 ____D C:\Program Files\iTunes
2016-02-28 09:33 - 2016-02-28 09:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-02-28 09:33 - 2016-02-28 09:33 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-02-28 09:32 - 2016-02-28 09:32 - 00000000 ____D C:\Program Files\Bonjour
2016-02-28 09:32 - 2016-02-28 09:32 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-02-28 09:28 - 2016-02-28 09:28 - 00000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
2016-02-28 09:25 - 2016-02-28 09:25 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\ProductData
2016-02-28 09:25 - 2016-02-28 09:25 - 00000000 ____D C:\ProgramData\ProductData
2016-02-28 09:07 - 2016-02-28 09:07 - 00000719 _____ C:\Users\Jesus Christ Reigns\Desktop\JRT.txt
2016-02-28 08:58 - 2016-02-28 08:59 - 01609216 _____ (Malwarebytes) C:\Users\Jesus Christ Reigns\Downloads\JRT(1).exe
2016-02-28 08:50 - 2016-02-28 09:55 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\CrashDumps
2016-02-28 08:47 - 2016-02-28 08:47 - 00000745 _____ C:\Users\Jesus Christ Reigns\Desktop\dailyprotection.txt
2016-02-28 08:46 - 2016-02-28 08:46 - 00001053 _____ C:\Users\Jesus Christ Reigns\Desktop\mbam.txt
2016-02-28 08:24 - 2016-02-28 08:25 - 01518592 _____ C:\Users\Jesus Christ Reigns\Downloads\adwcleaner_5.037.exe
2016-02-28 08:17 - 2016-02-28 08:17 - 00231803 _____ C:\Users\Jesus Christ Reigns\Desktop\BURGER&FRIES.htm
2016-02-28 08:17 - 2016-02-28 08:17 - 00000000 ____D C:\Users\Jesus Christ Reigns\Desktop\BURGER&FRIES_files
2016-02-28 08:15 - 2016-02-28 08:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-02-28 08:15 - 2016-02-28 08:15 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2016-02-28 08:15 - 2016-02-28 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2016-02-28 08:15 - 2016-02-28 08:15 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-28 08:15 - 2016-02-28 08:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-28 08:15 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-28 08:15 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-28 08:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2016-02-28 08:10 - 2016-02-28 08:10 - 00007224 _____ C:\Users\Jesus Christ Reigns\Desktop\rk.txt
2016-02-28 08:09 - 2016-02-28 08:09 - 00010500 _____ C:\Users\Jesus Christ Reigns\Desktop\BURGER.txt
2016-02-28 07:47 - 2016-02-28 08:13 - 00000000 ____D C:\ProgramData\RogueKiller
2016-02-28 07:47 - 2016-02-28 07:47 - 20959304 _____ C:\Users\Jesus Christ Reigns\Downloads\RogueKiller.exe
2016-02-28 07:47 - 2016-02-28 07:47 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2016-02-27 17:42 - 2016-02-27 17:42 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Apple Computer
2016-02-27 17:40 - 2016-02-28 09:33 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-02-27 17:39 - 2016-02-28 09:34 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-02-27 17:04 - 2016-02-27 17:04 - 00001064 _____ C:\Users\Jesus Christ Reigns\Desktop\Pretty Good Solitaire.lnk
2016-02-27 17:04 - 2016-02-27 17:04 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\Goodsol
2016-02-27 17:04 - 2016-02-27 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pretty Good Solitaire
2016-02-27 17:04 - 2016-02-27 17:04 - 00000000 ____D C:\Program Files (x86)\goodsol
2016-02-27 17:04 - 2000-05-22 15:58 - 01066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomctl.ocx
2016-02-27 17:04 - 2000-05-22 15:58 - 00244416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msflxgrd.ocx
2016-02-27 17:04 - 2000-05-22 15:58 - 00140488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx
2016-02-27 15:47 - 2016-02-27 15:47 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Alexandre_Miguel_Canotilh
2016-02-27 15:43 - 2016-02-27 15:43 - 00000000 ___HD C:\OneDriveTemp
2016-02-27 15:06 - 2016-02-27 15:06 - 00049584 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
2016-02-27 15:06 - 2016-02-27 15:06 - 00001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
2016-02-27 15:06 - 2016-02-27 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
2016-02-27 15:06 - 2016-02-27 15:06 - 00000000 ____D C:\Program Files\HitmanPro
2016-02-27 15:05 - 2016-02-27 15:41 - 00000000 ____D C:\ProgramData\HitmanPro
2016-02-27 14:45 - 2016-02-27 14:45 - 00003348 _____ C:\WINDOWS\System32\Tasks\{941D2DFD-FF11-4D26-BD70-3C302B1B8770}
2016-02-27 14:40 - 2009-05-18 13:17 - 00034152 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
2016-02-27 14:40 - 2008-04-17 12:12 - 00126312 _____ (GEAR Software Inc.) C:\WINDOWS\system32\GEARAspi64.dll
2016-02-27 14:40 - 2008-04-17 12:12 - 00107368 _____ (GEAR Software Inc.) C:\WINDOWS\SysWOW64\GEARAspi.dll
2016-02-27 14:37 - 2016-02-28 10:58 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\Apple Computer
2016-02-27 14:37 - 2016-02-28 09:34 - 00000000 ____D C:\ProgramData\Apple Computer
2016-02-27 14:37 - 2016-02-27 14:37 - 00001914 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
2016-02-27 14:37 - 2016-02-27 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2016-02-27 14:37 - 2016-02-27 14:37 - 00000000 ____D C:\Program Files (x86)\QuickTime
2016-02-27 14:36 - 2016-02-27 14:36 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\LocalLow\Apple Computer
2016-02-27 14:35 - 2016-02-27 14:36 - 81614632 _____ (Apple Inc.) C:\Users\Jesus Christ Reigns\Downloads\iTunes64Setup.exe
2016-02-27 14:28 - 2016-02-28 09:31 - 00000000 ____D C:\ProgramData\Apple
2016-02-27 13:26 - 2016-02-27 13:26 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\AVG Web TuneUp
2016-02-27 13:25 - 2016-02-27 13:26 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2016-02-27 13:25 - 2016-02-27 13:25 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2016-02-27 13:25 - 2016-02-27 13:25 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2016-02-27 13:17 - 2016-02-27 13:17 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\AVG
2016-02-27 13:16 - 2016-02-27 13:16 - 00001009 _____ C:\Users\Public\Desktop\AVG Protection.lnk
2016-02-27 13:16 - 2016-02-27 13:16 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\TuneUp Software
2016-02-27 13:16 - 2016-02-27 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2016-02-27 13:14 - 2016-02-28 07:13 - 00000000 ____D C:\ProgramData\MFAData
2016-02-27 13:14 - 2016-02-27 13:14 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\MFAData
2016-02-27 13:13 - 2016-02-28 11:40 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\AvgSetupLog
2016-02-27 13:13 - 2016-02-28 11:40 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Avg
2016-02-27 13:13 - 2016-02-28 11:40 - 00000000 ____D C:\ProgramData\Avg
2016-02-27 13:13 - 2016-02-28 11:40 - 00000000 ____D C:\Program Files (x86)\AVG
2016-02-27 13:08 - 2016-02-27 13:08 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-02-27 11:16 - 2016-02-27 11:16 - 00879220 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2016-02-27 10:46 - 2016-02-27 10:46 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-PHILIPMOORE-Windows-10-Home-(64-bit).dat
2016-02-27 10:42 - 2016-02-27 11:24 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2016-02-27 10:39 - 2016-02-27 10:39 - 00003802 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
2016-02-27 10:39 - 2016-02-27 10:39 - 00002236 _____ C:\Users\Jesus Christ Reigns\Desktop\Tweaking.com - Windows Repair.lnk
2016-02-27 10:39 - 2016-02-27 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2016-02-27 10:38 - 2016-02-27 10:39 - 00183515 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
2016-02-27 10:38 - 2016-02-27 10:38 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2016-02-27 09:19 - 2016-02-27 14:30 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Apple
2016-02-27 09:11 - 2016-02-27 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-27 09:11 - 2016-02-27 09:18 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Mozilla
 
2016-02-27 09:11 - 2016-02-27 09:12 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla
2016-02-27 09:11 - 2016-02-27 09:11 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2016-02-27 09:11 - 2016-02-27 09:11 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
2016-02-27 09:11 - 2016-02-27 09:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-27 08:22 - 2016-02-27 08:22 - 00000000 ____D C:\Users\Jesus Christ Reigns\Downloads\ProcessExplorer (1)
2016-02-27 08:21 - 2016-02-27 08:21 - 00000000 _____ C:\Users\Jesus Christ Reigns\Downloads\ProcessExplorer_zip.ocw77h4.partial
2016-02-27 06:45 - 2015-12-08 19:39 - 00301728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2016-02-27 06:41 - 2016-02-27 06:44 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-02-27 06:41 - 2016-02-27 06:41 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-02-26 17:14 - 2016-02-27 07:42 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\ElevatedDiagnostics
2016-02-26 16:45 - 2016-02-26 16:45 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
2016-02-26 16:43 - 2016-02-26 17:50 - 00000000 ____D C:\ProgramData\IObit
2016-02-26 16:43 - 2016-02-26 17:08 - 00000000 ____D C:\Program Files (x86)\IObit
2016-02-26 16:43 - 2016-02-26 16:45 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\IObit
2016-02-26 16:43 - 2016-02-26 16:43 - 00001431 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
2016-02-26 16:43 - 2016-02-26 16:43 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\IObit
2016-02-26 16:43 - 2016-02-26 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
2016-02-26 16:42 - 2016-02-26 16:42 - 00002409 _____ C:\Users\Jesus Christ Reigns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-02-26 16:41 - 2016-02-26 16:43 - 12887328 _____ (IObit) C:\Users\Jesus Christ Reigns\Downloads\iobituninstaller (1).exe
2016-02-26 16:41 - 2016-02-26 16:41 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\Macromedia
2016-02-26 16:40 - 2016-02-26 16:48 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\MicrosoftEdge
2016-02-26 16:38 - 2016-02-26 16:38 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Comms
2016-02-26 16:37 - 2016-02-28 08:56 - 00814664 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-02-26 16:37 - 2016-02-26 16:37 - 00001333 _____ C:\Users\Jesus Christ Reigns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk
2016-02-26 16:37 - 2016-02-26 16:37 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\ActiveSync
2016-02-26 16:37 - 2016-02-26 16:37 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2016-02-26 16:35 - 2016-02-26 16:35 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Publishers
2016-02-26 16:34 - 2016-02-28 11:59 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\VirtualStore
2016-02-26 16:34 - 2016-02-26 17:11 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Packages
2016-02-26 16:34 - 2016-02-26 16:34 - 00000020 ___SH C:\Users\Jesus Christ Reigns\ntuser.ini
2016-02-26 16:34 - 2016-02-26 16:34 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\Adobe
2016-02-26 16:34 - 2016-02-26 16:34 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\TileDataLayer
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default\My Documents
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default User
2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\All Users
2016-02-26 16:31 - 2016-02-27 08:28 - 00000000 ____D C:\Users\Jesus Christ Reigns
2016-02-26 16:31 - 2016-02-26 16:31 - 00000000 _SHDL C:\Users\Jesus Christ Reigns\My Documents
2016-02-26 16:31 - 2016-02-26 16:31 - 00000000 _SHDL C:\Users\Jesus Christ Reigns\Documents\My Videos
2016-02-26 16:31 - 2016-02-26 16:31 - 00000000 _SHDL C:\Users\Jesus Christ Reigns\Documents\My Pictures
2016-02-26 16:31 - 2016-02-26 16:31 - 00000000 _SHDL C:\Users\Jesus Christ Reigns\Documents\My Music
2016-02-26 16:24 - 2016-02-26 16:24 - 00000000 ____D C:\Program Files\Common Files\Atheros
2016-02-26 16:23 - 2016-02-26 16:23 - 01226515 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2016-02-26 16:23 - 2016-02-26 16:23 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2016-02-26 16:23 - 2016-02-26 16:23 - 00000000 ____D C:\WINDOWS\system32\DAX2
2016-02-26 16:23 - 2016-02-26 16:23 - 00000000 ____D C:\Program Files\Realtek
2016-02-26 16:23 - 2016-02-26 16:23 - 00000000 ____D C:\Program Files\Intel
2016-02-26 16:23 - 2015-12-21 11:39 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2016-02-26 16:23 - 2015-12-21 11:39 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2016-02-26 16:22 - 2016-02-26 16:22 - 00000000 ____D C:\ProgramData\USOShared
2016-02-26 16:22 - 2016-02-26 16:22 - 00000000 ____D C:\Program Files\Synaptics
2016-02-26 16:22 - 2016-02-26 16:22 - 00000000 _____ C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2016-02-26 16:22 - 2016-02-26 16:22 - 00000000 _____ C:\WINDOWS\system32\Drivers\Msft_Kernel_ETD_01011.Wdf
2016-02-26 16:22 - 2015-10-29 23:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2016-02-26 16:19 - 2016-02-28 09:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-02-26 16:18 - 2016-02-27 11:34 - 00189240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-02-26 16:17 - 2016-02-26 16:34 - 00000000 ___DC C:\WINDOWS\Panther
2016-02-26 16:17 - 2016-02-26 16:17 - 00000000 ____D C:\WINDOWS\InfusedApps
2016-02-26 16:16 - 2016-02-27 15:23 - 00000000 ____D C:\Windows.old
2016-02-26 16:16 - 2016-02-26 16:18 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2016-02-26 16:16 - 2016-02-26 16:16 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2016-02-26 16:14 - 2016-02-26 16:22 - 00000000 ____D C:\Program Files\Elantech
2016-02-26 16:12 - 2016-02-26 16:12 - 00000000 ____D C:\WINDOWS\Setup
2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\WINDOWS\OCR
2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\Program Files\Reference Assemblies
2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\Program Files\MSBuild
2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\Program Files (x86)\MSBuild
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\winrm
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\WCN
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\slmgr
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\DigitalLocker
2016-02-26 16:04 - 2016-02-03 11:01 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-02-26 16:04 - 2016-02-03 11:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-26 16:02 - 2016-02-26 16:17 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2016-02-26 16:02 - 2016-02-26 15:57 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2016-02-26 16:02 - 2016-02-26 15:57 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2016-02-26 16:02 - 2016-02-26 15:57 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2016-02-26 16:02 - 2016-02-26 15:57 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2016-02-26 16:02 - 2016-02-26 15:57 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2016-02-26 16:02 - 2016-02-26 15:57 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2016-02-26 16:02 - 2016-02-26 15:57 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2016-02-26 16:02 - 2016-02-26 15:57 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_213
2016-02-26 16:02 - 2016-02-26 15:57 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2016-02-26 16:02 - 2016-02-26 15:57 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2016-02-26 16:01 - 2016-02-28 10:06 - 00000000 ____D C:\Program Files\WindowsApps
2016-02-26 16:01 - 2016-02-28 08:13 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-02-26 16:01 - 2016-02-28 07:13 - 00000000 ____D C:\WINDOWS\appcompat
2016-02-26 16:01 - 2016-02-27 13:16 - 00000000 ____D C:\WINDOWS\ELAMBKUP
2016-02-26 16:01 - 2016-02-27 09:32 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ___SD C:\WINDOWS\system32\F12
2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\oobe
2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ____D C:\WINDOWS\Provisioning
2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ____D C:\Program Files\Windows Journal
2016-02-26 16:01 - 2016-02-26 16:52 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2016-02-26 16:01 - 2016-02-26 16:37 - 00000000 ____D C:\WINDOWS\rescache
2016-02-26 16:01 - 2016-02-26 16:35 - 00000000 ___RD C:\WINDOWS\PrintDialog
2016-02-26 16:01 - 2016-02-26 16:35 - 00000000 ___RD C:\WINDOWS\MiracastView
2016-02-26 16:01 - 2016-02-26 16:32 - 00000000 ___RD C:\Users\Public\Libraries
2016-02-26 16:01 - 2016-02-26 16:32 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2016-02-26 16:01 - 2016-02-26 16:28 - 00000000 ____D C:\WINDOWS\system32\spool
2016-02-26 16:01 - 2016-02-26 16:28 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2016-02-26 16:01 - 2016-02-26 16:27 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2016-02-26 16:01 - 2016-02-26 16:22 - 00000000 ____D C:\ProgramData\USOPrivate
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ___SD C:\WINDOWS\system32\dsc
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\setup
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\MUI
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\migwiz
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\Com
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\IME
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\Help
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files\Windows Defender
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files\Common Files\System
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ___SD C:\WINDOWS\system32\Nui
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\icsxml
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\ias
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\downlevel
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 __SHD C:\Program Files\Windows Sidebar
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 __RSD C:\WINDOWS\Media
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Web
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Vss
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\tracing
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\TAPI
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SystemResources
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SystemApps
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\winevt
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\ras
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\Macromed
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\IME
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\System
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SKB
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\ShellNew
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\security
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\schemas
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SchCache
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Resources
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Registration
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\PLA
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Performance
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\ModemLogs
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\L2Schemas
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\InputMethod
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Globalization
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Cursors
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Branding
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\addins
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\ProgramData\Comms
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files\Windows NT
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files\Common Files\Services
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files (x86)\Windows NT
2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-02-26 16:01 - 2016-02-26 15:57 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2016-02-26 16:01 - 2016-02-26 15:57 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2016-02-26 16:01 - 2016-02-26 15:57 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2016-02-26 16:01 - 2016-02-26 15:57 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2016-02-26 16:01 - 2016-02-26 15:57 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2016-02-26 16:01 - 2016-02-26 15:57 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2016-02-26 16:01 - 2016-02-26 15:57 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2016-02-26 16:01 - 2016-02-26 15:57 - 00000389 _____ C:\WINDOWS\system32\AutoWorkplace.exe.config
2016-02-26 16:01 - 2016-02-26 15:57 - 00000219 _____ C:\WINDOWS\system.ini
2016-02-26 16:01 - 2016-02-26 15:57 - 00000092 _____ C:\WINDOWS\win.ini
2016-02-26 15:59 - 2016-02-28 10:16 - 00000000 ____D C:\WINDOWS\INF
2016-02-26 15:47 - 2016-02-27 06:45 - 00000000 ____D C:\WINDOWS\CbsTemp
 
Back