TechSpot

An unwelcomed guest

By PhilipMoore62
Feb 27, 2016
  1. Mr Broni
    I'm having issues with my computer that is leading me to believe I've been hacked.
    I wrote this post in the hardware forum and I wanted to have you see this as you have always had correct answers in the past.
    Please advise if I've violated any terms/conditions by sending this to you and to the hardware group from Techspot. Thanks in advance for your attention.

    Yesterday, after coming home from a nice spring walk, I found my computer opening pictures and such on my desktop. I watched as the mouse navigated about my desktop.
    Things I've tried:
    I ran FAR BAR SCAN TOOL. (not experienced with using FRST but I'm typically able to find most baddies without destroying my OS.)
    I ran Rouge Killer which found nothing but PUM'S related to my DNS addresses.
    I ran Malwarebytes and it found no issues.
    I restored the OS to include programs already downloaded.
    As of this writing my computer screen seems all innocent and happy without any unusual activity. I am still aware of a significant lapse in over all performance.

    What would you suggest?
     
  2. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    What exactly do you mean by "restoring the OS"?
     
  3. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    My apologies for not wording my process correctly.
    I went to my windows search typed in recovery from there to recovery options, from there to reset PC. I reset the PC to include programs folders as part of the recovery. This process was unsuccessful.
     
  4. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Please, complete all steps listed here: http://www.techspot.com/vb/topic58138.html
    Make sure, you PASTE all logs. If some log exceeds 50,000 characters post limit, split it between couple of replies.
    Attached logs won't be reviewed.

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.
     
  5. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    I feeling confident from my computer activity yesterday that I had an unwanted visitor (Trojan?) As my cursor to my mouse was moving about on the desktop. My question is: after the scans I will send you and your directive. Are there other things that should be checked?

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
    Ran by Jesus Christ Reigns (administrator) on PHILIPMOORE (27-02-2016 13:20:08)
    Running from C:\Users\Jesus Christ Reigns\Documents\Stuff\Fixlistarchives\FRST-OlderVersion
    Loaded Profiles: Jesus Christ Reigns (Available Profiles: Jesus Christ Reigns)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (Intel Corporation) C:\Windows\syswow64\IntelCpHeciSvc.exe
     
  6. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Microsoft Corporation) C:\Windows\System32\msiexec.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
    (Microsoft Corporation) C:\Windows\System32\SrTasks.exe
    (Microsoft Corporation) C:\Windows\System32\SrTasks.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
    (Microsoft Corporation) C:\Windows\System32\cleanmgr.exe
    () C:\ProgramData\Avg_Update_0116pi\AVG-Secure-Search-Update_0116pi.exe
    () C:\ProgramData\Avg_Update_0116pi\AVG-Secure-Search-Update_0116pi.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16408320 1999-12-31] (Realtek Semiconductor)
    HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-01-12] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
    HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\...\Run: [AVG-Secure-Search-Update_0116pi] => C:\ProgramData\Avg_Update_0116pi\AVG-Secure-Search-Update_0116pi.exe [2795920 2016-01-10] ()
    HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\...\RunOnce: [Uninstall C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
    HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\...\RunOnce: [Uninstall C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
    HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-29] (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 216.228.160.4 216.228.160.3
    Tcpip\..\Interfaces\{f63f147d-9902-4615-8b2f-0297621c110d}: [DhcpNameServer] 216.228.160.4 216.228.160.3

    Internet Explorer:
    ==================
    BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll [2015-12-23] (IObit)

    FireFox:
    ========
    FF ProfilePath: C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla\Firefox\Profiles\5c99sxj0.default
    FF Homepage: hxxp://www.google.com/

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-02-01] (AVG Technologies CZ, s.r.o.)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1048488 2016-01-12] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
    R2 ETDService; C:\Program Files\Elantech\ETDService.exe [145624 2015-09-10] (ELAN Microelectronics Corp.)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-01-13] (Intel Corporation)
    R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\Windows\System32\drivers\athw10x.sys [4322440 2015-08-14] (Qualcomm Atheros Communications, Inc.)
    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
    R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
    R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [83576 2015-09-24] (Intel Corporation)
    S3 IntcAudioBus; C:\Windows\System32\drivers\IntcAudioBus.sys [196904 1999-12-31] (Intel(R) Corporation)
    S3 IntcOED; C:\Windows\System32\drivers\IntcOED.sys [613672 1999-12-31] (Intel(R) Corporation)
    R0 MBI; C:\Windows\System32\drivers\MBI.sys [41464 2015-09-24] (Intel(R) Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 1999-12-31] (Realtek )
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 1999-12-31] (Synaptics Incorporated)
    R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2022-03-25 02:48 - 2022-03-25 02:48 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC1.dat
    2022-03-25 02:48 - 2022-03-25 02:48 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC0.dat
    2022-03-25 01:22 - 2022-03-25 01:22 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTEQEX1.dat
    2022-03-25 01:22 - 2022-03-25 01:22 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTEQEX0.dat
    2016-02-27 13:19 - 2016-02-27 13:19 - 00003596 _____ C:\WINDOWS\System32\Tasks\AVG_SYS_TASK_0116pi_DELETE
    2016-02-27 13:19 - 2016-02-27 13:19 - 00003382 _____ C:\WINDOWS\System32\Tasks\AVG_SYS_TASK_0116pi
    2016-02-27 13:18 - 2016-02-27 13:19 - 00000000 ____D C:\ProgramData\Avg_Update_0116pi
    2016-02-27 13:17 - 2016-02-27 13:17 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\AVG
    2016-02-27 13:16 - 2016-02-27 13:16 - 00001009 _____ C:\Users\Public\Desktop\AVG Protection.lnk
    2016-02-27 13:16 - 2016-02-27 13:16 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\TuneUp Software
    2016-02-27 13:16 - 2016-02-27 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2016-02-27 13:14 - 2016-02-27 13:18 - 00000000 ____D C:\ProgramData\MFAData
    2016-02-27 13:14 - 2016-02-27 13:14 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\MFAData
    2016-02-27 13:13 - 2016-02-27 13:17 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Avg
    2016-02-27 13:13 - 2016-02-27 13:16 - 00000000 ____D C:\ProgramData\Avg
    2016-02-27 13:13 - 2016-02-27 13:15 - 00000000 ____D C:\Program Files (x86)\AVG
    2016-02-27 13:13 - 2016-02-27 13:13 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\AvgSetupLog
    2016-02-27 13:08 - 2016-02-27 13:08 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2016-02-27 13:08 - 2016-02-27 13:08 - 00000000 ___HD C:\OneDriveTemp
    2016-02-27 11:16 - 2016-02-27 11:16 - 00879220 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
    2016-02-27 10:46 - 2016-02-27 10:46 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-PHILIPMOORE-Windows-10-Home-(64-bit).dat
    2016-02-27 10:42 - 2016-02-27 11:24 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2016-02-27 10:39 - 2016-02-27 10:39 - 00003802 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
    2016-02-27 10:39 - 2016-02-27 10:39 - 00002236 _____ C:\Users\Jesus Christ Reigns\Desktop\Tweaking.com - Windows Repair.lnk
    2016-02-27 10:39 - 2016-02-27 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-02-27 10:38 - 2016-02-27 10:39 - 00183515 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
    2016-02-27 10:38 - 2016-02-27 10:38 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2016-02-27 10:37 - 2016-02-27 10:37 - 00472928 _____ C:\Users\Jesus Christ Reigns\Desktop\FixDotNet20160227183409621.cab
    2016-02-27 09:19 - 2016-02-27 09:19 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Apple
    2016-02-27 09:11 - 2016-02-27 09:18 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Mozilla
    2016-02-27 09:11 - 2016-02-27 09:12 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla
    2016-02-27 09:11 - 2016-02-27 09:11 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-02-27 09:11 - 2016-02-27 09:11 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-02-27 09:11 - 2016-02-27 09:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-02-27 09:11 - 2016-02-27 09:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-02-27 08:22 - 2016-02-27 08:22 - 00000000 ____D C:\Users\Jesus Christ Reigns\Downloads\ProcessExplorer (1)
    2016-02-27 08:21 - 2016-02-27 08:21 - 00000000 _____ C:\Users\Jesus Christ Reigns\Downloads\ProcessExplorer_zip.ocw77h4.partial
    2016-02-27 06:45 - 2015-12-08 19:39 - 00301728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2016-02-27 06:41 - 2016-02-27 06:44 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-02-27 06:41 - 2016-02-27 06:41 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-02-26 17:14 - 2016-02-27 07:42 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\ElevatedDiagnostics
    2016-02-26 17:07 - 2016-02-27 12:51 - 00000330 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Jesus_Christ_Reigns.job
    2016-02-26 17:07 - 2016-02-27 12:50 - 00002572 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Jesus_Christ_Reigns
    2016-02-26 16:58 - 2016-02-26 17:07 - 00000000 ____D C:\ProgramData\ProductData
    2016-02-26 16:58 - 2016-02-26 16:58 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\ProductData
    2016-02-26 16:45 - 2016-02-26 16:45 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
    2016-02-26 16:43 - 2016-02-26 17:50 - 00000000 ____D C:\ProgramData\IObit
    2016-02-26 16:43 - 2016-02-26 17:08 - 00000000 ____D C:\Program Files (x86)\IObit
    2016-02-26 16:43 - 2016-02-26 16:45 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\IObit
    2016-02-26 16:43 - 2016-02-26 16:43 - 00001431 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
    2016-02-26 16:43 - 2016-02-26 16:43 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\IObit
    2016-02-26 16:43 - 2016-02-26 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
    2016-02-26 16:42 - 2016-02-26 16:42 - 00002409 _____ C:\Users\Jesus Christ Reigns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-02-26 16:41 - 2016-02-26 16:43 - 12887328 _____ (IObit) C:\Users\Jesus Christ Reigns\Downloads\iobituninstaller (1).exe
    2016-02-26 16:41 - 2016-02-26 16:41 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\Macromedia
    2016-02-26 16:40 - 2016-02-26 16:48 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\MicrosoftEdge
    2016-02-26 16:38 - 2016-02-26 16:38 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Comms
    2016-02-26 16:37 - 2016-02-27 13:11 - 00814664 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-02-26 16:37 - 2016-02-26 16:37 - 00001333 _____ C:\Users\Jesus Christ Reigns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk
    2016-02-26 16:37 - 2016-02-26 16:37 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\ActiveSync
    2016-02-26 16:37 - 2016-02-26 16:37 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
    2016-02-26 16:35 - 2016-02-26 16:35 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Publishers
    2016-02-26 16:34 - 2016-02-26 17:11 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Packages
    2016-02-26 16:34 - 2016-02-26 16:34 - 00000020 ___SH C:\Users\Jesus Christ Reigns\ntuser.ini
    2016-02-26 16:34 - 2016-02-26 16:34 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\Adobe
    2016-02-26 16:34 - 2016-02-26 16:34 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\VirtualStore
    2016-02-26 16:34 - 2016-02-26 16:34 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\TileDataLayer
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default\My Documents
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default\Documents\My Music
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default User
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\All Users
    2016-02-26 16:31 - 2016-02-27 08:28 - 00000000 ____D C:\Users\Jesus Christ Reigns
    2016-02-26 16:31 - 2016-02-26 16:31 - 00000000 _SHDL C:\Users\Jesus Christ Reigns\My Documents
    2016-02-26 16:31 - 2016-02-26 16:31 - 00000000 _SHDL C:\Users\Jesus Christ Reigns\Documents\My Videos
    2016-02-26 16:31 - 2016-02-26 16:31 - 00000000 _SHDL C:\Users\Jesus Christ Reigns\Documents\My Pictures
    2016-02-26 16:31 - 2016-02-26 16:31 - 00000000 _SHDL C:\Users\Jesus Christ Reigns\Documents\My Music
    2016-02-26 16:24 - 2016-02-26 16:24 - 00000000 ____D C:\Program Files\Common Files\Atheros
    2016-02-26 16:23 - 2016-02-26 16:23 - 01226515 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
    2016-02-26 16:23 - 2016-02-26 16:23 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2016-02-26 16:23 - 2016-02-26 16:23 - 00000000 ____D C:\WINDOWS\system32\DAX2
    2016-02-26 16:23 - 2016-02-26 16:23 - 00000000 ____D C:\Program Files\Realtek
    2016-02-26 16:23 - 2016-02-26 16:23 - 00000000 ____D C:\Program Files\Intel
    2016-02-26 16:23 - 2015-12-21 11:39 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
    2016-02-26 16:23 - 2015-12-21 11:39 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
    2016-02-26 16:22 - 2016-02-26 16:22 - 00000000 ____D C:\ProgramData\USOShared
    2016-02-26 16:22 - 2016-02-26 16:22 - 00000000 ____D C:\Program Files\Synaptics
    2016-02-26 16:22 - 2016-02-26 16:22 - 00000000 _____ C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
    2016-02-26 16:22 - 2016-02-26 16:22 - 00000000 _____ C:\WINDOWS\system32\Drivers\Msft_Kernel_ETD_01011.Wdf
    2016-02-26 16:22 - 2015-10-29 23:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2016-02-26 16:19 - 2016-02-27 13:07 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-02-26 16:18 - 2016-02-27 11:34 - 00189240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-02-26 16:17 - 2016-02-26 16:34 - 00000000 ___DC C:\WINDOWS\Panther
    2016-02-26 16:17 - 2016-02-26 16:17 - 00000000 ____D C:\WINDOWS\InfusedApps
    2016-02-26 16:16 - 2016-02-26 16:18 - 00000000 ____D C:\WINDOWS\ServiceProfiles
    2016-02-26 16:16 - 2016-02-26 16:17 - 00000000 ____D C:\Windows.old
    2016-02-26 16:16 - 2016-02-26 16:16 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
    2016-02-26 16:14 - 2016-02-26 16:22 - 00000000 ____D C:\Program Files\Elantech
    2016-02-26 16:12 - 2016-02-26 16:12 - 00000000 ____D C:\WINDOWS\Setup
    2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\WINDOWS\OCR
    2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\Program Files\Reference Assemblies
    2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\Program Files\MSBuild
    2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\winrm
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\WCN
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\slmgr
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\DigitalLocker
    2016-02-26 16:04 - 2016-02-03 11:01 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-02-26 16:04 - 2016-02-03 11:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-26 16:02 - 2016-02-26 16:17 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2016-02-26 16:02 - 2016-02-26 15:57 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
    2016-02-26 16:02 - 2016-02-26 15:57 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
    2016-02-26 16:02 - 2016-02-26 15:57 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
    2016-02-26 16:02 - 2016-02-26 15:57 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
    2016-02-26 16:02 - 2016-02-26 15:57 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
    2016-02-26 16:02 - 2016-02-26 15:57 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
    2016-02-26 16:02 - 2016-02-26 15:57 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
    2016-02-26 16:02 - 2016-02-26 15:57 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_213
    2016-02-26 16:02 - 2016-02-26 15:57 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
    2016-02-26 16:02 - 2016-02-26 15:57 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
    2016-02-26 16:01 - 2016-02-27 13:16 - 00000000 ____D C:\WINDOWS\ELAMBKUP
    2016-02-26 16:01 - 2016-02-27 09:32 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\Dism
    2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ____D C:\WINDOWS\Provisioning
    2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ____D C:\Program Files\Windows Journal
    2016-02-26 16:01 - 2016-02-27 06:48 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-02-26 16:01 - 2016-02-27 06:48 - 00000000 ____D C:\Program Files\WindowsApps
    2016-02-26 16:01 - 2016-02-26 16:52 - 00000000 ___RD C:\WINDOWS\DevicesFlow
    2016-02-26 16:01 - 2016-02-26 16:37 - 00000000 ____D C:\WINDOWS\rescache
    2016-02-26 16:01 - 2016-02-26 16:35 - 00000000 ___RD C:\WINDOWS\PrintDialog
    2016-02-26 16:01 - 2016-02-26 16:35 - 00000000 ___RD C:\WINDOWS\MiracastView
    2016-02-26 16:01 - 2016-02-26 16:32 - 00000000 ___RD C:\Users\Public\Libraries
    2016-02-26 16:01 - 2016-02-26 16:32 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2016-02-26 16:01 - 2016-02-26 16:28 - 00000000 ____D C:\WINDOWS\system32\spool
    2016-02-26 16:01 - 2016-02-26 16:28 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
    2016-02-26 16:01 - 2016-02-26 16:27 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2016-02-26 16:01 - 2016-02-26 16:22 - 00000000 ____D C:\ProgramData\USOPrivate
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ___SD C:\WINDOWS\system32\dsc
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\setup
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\MUI
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\migwiz
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\Com
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\IME
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\Help
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files\Windows Defender
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files\Common Files\System
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ___SD C:\WINDOWS\system32\Nui
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\MsDtc
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\icsxml
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\ias
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\downlevel
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\Bthprops
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 __SHD C:\Program Files\Windows Sidebar
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 __RSD C:\WINDOWS\Media
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___SD C:\WINDOWS\system32\Configuration
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Web
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Vss
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\tracing
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\TAPI
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SystemResources
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SystemApps
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\winevt
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\ras
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\PointOfService
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\Ipmi
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\InputMethod
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\inetsrv
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\IME
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\config\Journal
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\AppLocker
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\System
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SKB
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\ShellNew
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\security
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\schemas
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SchCache
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Resources
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Registration
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\PLA
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Performance
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\ModemLogs
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\L2Schemas
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\InputMethod
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Globalization
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Cursors
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Branding
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\appcompat
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\addins
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\ProgramData\Comms
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files\Windows Portable Devices
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files\Windows NT
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files\Common Files\Services
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files (x86)\Windows NT
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
    2016-02-26 16:01 - 2016-02-26 15:57 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
    2016-02-26 16:01 - 2016-02-26 15:57 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
    2016-02-26 16:01 - 2016-02-26 15:57 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2016-02-26 16:01 - 2016-02-26 15:57 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
    2016-02-26 16:01 - 2016-02-26 15:57 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
    2016-02-26 16:01 - 2016-02-26 15:57 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
    2016-02-26 16:01 - 2016-02-26 15:57 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
    2016-02-26 16:01 - 2016-02-26 15:57 - 00000389 _____ C:\WINDOWS\system32\AutoWorkplace.exe.config
    2016-02-26 16:01 - 2016-02-26 15:57 - 00000219 _____ C:\WINDOWS\system.ini
    2016-02-26 16:01 - 2016-02-26 15:57 - 00000092 _____ C:\WINDOWS\win.ini
    2016-02-26 15:59 - 2016-02-27 13:11 - 00000000 ____D C:\WINDOWS\INF
    2016-02-26 15:47 - 2016-02-27 06:45 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-02-26 15:37 - 2016-02-27 13:18 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2016-02-26 15:37 - 2016-02-27 13:06 - 01572864 ___SH C:\WINDOWS\system32\config\BBI
    2016-02-26 15:37 - 2016-02-26 16:15 - 00000000 ____D C:\$Windows.~BT
    2016-02-26 15:37 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\servicing
    2016-02-26 15:37 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\SMI
    2016-02-26 15:37 - 2015-10-29 22:33 - 00000164 _____ C:\WINDOWS\system32\config\FP
    2016-02-26 15:18 - 2016-02-26 15:20 - 00257128 _____ C:\TDSSKiller.3.1.0.9_26.02.2016_15.18.52_log.txt
    2016-02-26 08:56 - 2016-02-26 08:56 - 00026623 _____ C:\Users\Jesus Christ Reigns\Downloads\Oliver's Advice.pdf
    2016-02-24 09:38 - 2016-02-24 09:38 - 00000321 _____ C:\Users\Jesus Christ Reigns\Documents\daniellyons.txt
    2016-02-22 08:25 - 2016-02-22 08:25 - 02306110 _____ C:\Users\Jesus Christ Reigns\Documents\PHILIPMOORE.arn
    2016-02-22 08:12 - 2016-02-22 08:12 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Autoruns
    2016-02-21 15:56 - 2016-02-21 15:56 - 01657200 _____ (Microsoft Corporation) C:\Users\Jesus Christ Reigns\Downloads\adksetup.exe
    2016-02-21 12:01 - 2016-02-21 12:01 - 00000187 _____ C:\Users\Jesus Christ Reigns\Documents\adlice.registration.useridpassword.txt
    2016-02-20 13:59 - 2016-02-20 13:59 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\New folder (2)
    2016-02-20 12:25 - 2016-02-20 13:33 - 00256734 _____ C:\TDSSKiller.3.1.0.9_20.02.2016_12.25.43_log.txt
    2016-02-20 07:10 - 2016-02-20 07:10 - 06828320 _____ (Piriform Ltd) C:\Users\Jesus Christ Reigns\Downloads\ccsetup514.exe
    2016-02-19 17:31 - 2016-02-19 17:32 - 13232968 _____ C:\Users\Jesus Christ Reigns\Downloads\jv16PT2016_beta2.exe
    2016-02-18 13:17 - 2016-02-18 13:17 - 00001082 _____ C:\Users\Jesus Christ Reigns\Desktop\Text Folder notepad.lnk
    2016-02-18 13:15 - 2016-02-26 14:38 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Text Folder notepad
    2016-02-18 12:21 - 2016-02-18 12:21 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\windowstweaksguide
    2016-02-18 12:09 - 2016-02-18 12:10 - 29616288 _____ (IObit ) C:\Users\Jesus Christ Reigns\Downloads\imf-setup.exe
    2016-02-18 11:47 - 2016-02-18 11:47 - 00001305 _____ C:\Users\Jesus Christ Reigns\Desktop\eso.exe - Shortcut.lnk
    2016-02-17 09:40 - 2016-02-26 14:38 - 00001885 _____ C:\Users\Jesus Christ Reigns\Desktop\FRST64.exe - Shortcut.lnk
    2016-02-15 10:51 - 2016-02-20 13:50 - 00000000 ____D C:\Users\Jesus Christ Reigns\Desktop\_av4_
    2016-02-15 10:49 - 2016-02-15 10:51 - 00254980 _____ C:\TDSSKiller.3.1.0.9_15.02.2016_10.49.30_log.txt
    2016-02-14 11:51 - 2016-02-14 11:51 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Photos-7
    2016-02-14 11:28 - 2016-02-14 11:28 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Photos-6
    2016-02-14 11:27 - 2016-02-14 11:27 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Photos-5
    2016-02-14 11:20 - 2016-02-14 11:20 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Photos-4
    2016-02-14 11:19 - 2016-02-14 11:19 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Photos-3
    2016-02-14 11:15 - 2016-02-14 11:15 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Photos-2
    2016-02-14 11:09 - 2016-02-14 11:09 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Photos-1
    2016-02-14 11:08 - 2016-02-14 11:08 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Photos
     
  7. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    2016-02-14 08:37 - 2016-02-14 08:38 - 30174560 _____ (Goodsol Development Inc. ) C:\Users\Jesus Christ Reigns\Downloads\qualitypack.exe
    2016-02-13 17:24 - 2016-02-13 17:24 - 00000040 _____ C:\Users\Jesus Christ Reigns\Documents\olivia.txt
    2016-02-13 09:50 - 2016-02-13 09:50 - 05227019 _____ C:\Users\Jesus Christ Reigns\Downloads\namebench-1.3.1-Windows.exe
    2016-02-13 08:18 - 2016-02-13 08:18 - 02661352 _____ (Google) C:\Users\Jesus Christ Reigns\Downloads\gpautobackup_setup.exe
    2016-02-13 07:27 - 2016-02-13 07:27 - 13677800 _____ (Google) C:\Users\Jesus Christ Reigns\Downloads\picasa39-setup(1).exe
    2016-02-12 14:14 - 2016-02-12 14:14 - 00001045 _____ C:\Users\Jesus Christ Reigns\Desktop\Holiday Pictures - Shortcut.lnk
    2016-02-12 14:13 - 2016-02-26 14:32 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Holiday Pictures
    2016-02-12 14:13 - 2016-02-12 14:13 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\New folder
    2016-02-12 14:04 - 2016-02-12 14:04 - 00000000 ____D C:\Users\Jesus Christ Reigns\Desktop\Picasa3
    2016-02-12 09:39 - 2016-02-12 09:39 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Central Oregon Bus Maps
    2016-02-11 15:28 - 2016-02-26 08:58 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Favorite Quotes
    2016-02-11 14:45 - 2016-02-11 14:45 - 06265120 _____ (Carifred) C:\Users\Jesus Christ Reigns\Downloads\UVKSetup(1).exe
    2016-02-11 13:57 - 2016-02-19 08:22 - 00000000 ____D C:\Users\Jesus Christ Reigns\Desktop\plugtmp
    2016-02-11 08:15 - 2016-02-11 08:17 - 02944584 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jesus Christ Reigns\Downloads\AVG_PCTuneUp_877(1).exe
    2016-02-11 08:04 - 2016-02-11 08:04 - 02944584 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jesus Christ Reigns\Downloads\AVG_PCTuneUp_877.exe
    2016-02-11 07:14 - 2016-02-11 07:14 - 00987728 _____ (Google Inc.) C:\Users\Jesus Christ Reigns\Downloads\ChromeSetup(1).exe
    2016-02-11 07:05 - 2016-02-11 07:05 - 00000000 ___HD C:\$AVG
    2016-02-11 06:58 - 2016-02-11 07:01 - 245273648 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jesus Christ Reigns\Downloads\AVG_Antivirus_Free_x64_693.exe
    2016-02-11 06:41 - 2016-02-11 06:42 - 22908888 _____ (Malwarebytes ) C:\Users\Jesus Christ Reigns\Downloads\mbam-setup-2.2.0.1024.exe
    2016-02-10 16:26 - 1999-12-31 16:00 - 00613672 _____ (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\IntcOED.sys
    2016-02-10 16:26 - 1999-12-31 16:00 - 00229376 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_B3573EFF-6441-4A75-91F7-4281EEC4597D.bin
    2016-02-10 16:26 - 1999-12-31 16:00 - 00200704 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release.bin
    2016-02-10 16:26 - 1999-12-31 16:00 - 00196904 _____ (Intel(R) Corporation) C:\WINDOWS\system32\Drivers\IntcAudioBus.sys
    2016-02-10 16:26 - 1999-12-31 16:00 - 00151552 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_E0E018A8-3550-4B54-A8D0-A8E05D0FCBA2.bin
    2016-02-10 16:26 - 1999-12-31 16:00 - 00147456 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_E1284052-8664-4FE4-A353-3878F72704C3.bin
    2016-02-10 16:26 - 1999-12-31 16:00 - 00122880 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_202BADB5-8870-4290-B536-F2380C63F55D.bin
    2016-02-10 16:26 - 1999-12-31 16:00 - 00090112 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_B489C2DE-0F96-42E1-8A2D-C25B5091EE49.bin
    2016-02-10 16:26 - 1999-12-31 16:00 - 00040960 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_7C708106-3AFF-40FE-88BE-8C999B3F7445.bin
    2016-02-10 16:26 - 1999-12-31 16:00 - 00036864 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_F101FEF0-FF5A-4AD4-8710-43592A6F7948.bin
    2016-02-10 16:26 - 1999-12-31 16:00 - 00036864 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_EC774FA9-28D3-424A-90E4-69F984F1EEB7.bin
    2016-02-10 16:26 - 1999-12-31 16:00 - 00020480 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_F1C69181-329A-45F0-8EEF-D8BDDF81E036.bin
    2016-02-10 16:26 - 1999-12-31 16:00 - 00020480 _____ C:\WINDOWS\system32\Drivers\dsp_fw_release_46CB87FB-D2C9-4970-96D2-6D7E614BB605.bin
    2016-02-10 16:25 - 1999-12-31 16:00 - 03299832 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE2.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 02190992 _____ (Yamaha Corporation) C:\WINDOWS\system32\YamahaAE.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 02110600 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 01435144 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRRPTR64.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 01382240 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 00888472 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo64.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 00873472 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 00596120 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo64.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 00532384 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 00467168 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRAPO64.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 00381416 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM64.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 00341160 _____ (Synopsys, Inc.) C:\WINDOWS\SysWOW64\SRCOM.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 00341160 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SRCOM.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 00224264 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaemaxapo64.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 00221976 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 00209544 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 00172584 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo64.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 00166208 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 00158704 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
    2016-02-10 16:25 - 1999-12-31 16:00 - 00075544 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 72203792 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
    2016-02-10 16:24 - 1999-12-31 16:00 - 14057256 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioRealtek64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 13120760 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO3064.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 12986520 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO4064.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 10521552 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSSTAPO.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 07172920 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 07096192 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 06264640 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64AF3.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 05804772 _____ C:\WINDOWS\system32\Drivers\rtvienna.dat
    2016-02-10 16:24 - 1999-12-31 16:00 - 05776688 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICV2apo.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 05338936 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv211.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 05289952 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 04705536 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
    2016-02-10 16:24 - 1999-12-31 16:00 - 04486133 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
    2016-02-10 16:24 - 1999-12-31 16:00 - 03282032 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 03271912 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 03195648 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 03152591 _____ C:\WINDOWS\system32\Drivers\rtkSSTsetting.dat
    2016-02-10 16:24 - 1999-12-31 16:00 - 03052880 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 02893568 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
    2016-02-10 16:24 - 1999-12-31 16:00 - 02823280 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO7064.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 02692848 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RltkAPO.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 02437144 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOv201.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 02050184 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 02030208 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 01965816 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 01959608 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64AF3.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 01928632 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 01780624 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 01601952 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CX64APO.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 01591064 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 01508936 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 01421104 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO6064.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 01356512 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 01334384 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 01286152 _____ (DTS, Inc.) C:\WINDOWS\system32\slcnt64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 01211840 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 01186168 _____ (Intel Corporation) C:\WINDOWS\system32\IntelSstCApoPropPage.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 01164336 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 01008360 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 01003864 _____ (Nahimic Inc) C:\WINDOWS\system32\NahimicAPONSControl.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00998032 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00965032 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00952984 _____ (Dolby Laboratories) C:\WINDOWS\system32\DolbyDAX2APOProp.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00933640 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEHDRA64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00931624 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPOShell64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00923752 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00743968 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00727440 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00716112 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SECOMN64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00708320 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00689888 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00678192 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00677680 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00618192 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00589072 _____ (Sound Research, Corp.) C:\WINDOWS\SysWOW64\SECOMN32.DLL
    2016-02-10 16:24 - 1999-12-31 16:00 - 00574760 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00514528 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00504312 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00500560 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00448592 _____ (Sound Research, Corp.) C:\WINDOWS\system32\SEAPO64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00447728 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00445408 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00441272 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00428232 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00387320 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00369304 _____ (Dolby Laboratories) C:\WINDOWS\system32\HiFiDAX2API.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00362056 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64AF3.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00343712 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00340648 _____ (ICEpower a/s) C:\WINDOWS\system32\ICEsoundAPO64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00330568 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00327464 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00321720 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00310424 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64F3.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00272720 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00258504 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00253904 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00253872 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00252880 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00231920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00214840 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00192992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00151792 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00134208 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00122328 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00118600 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00118592 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00110992 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00105312 _____ C:\WINDOWS\system32\audioLibVc.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00090920 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00088352 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00088328 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00084616 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00083632 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
    2016-02-10 16:24 - 1999-12-31 16:00 - 00023696 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
    2016-02-10 16:05 - 2015-08-14 03:03 - 04322440 _____ (Qualcomm Atheros Communications, Inc.) C:\WINDOWS\system32\Drivers\athw10x.sys
    2016-02-10 15:54 - 2016-02-10 15:54 - 00000716 _____ C:\Users\Public\Desktop\Intel(R) HD Graphics Control Panel.lnk
    2016-02-10 15:48 - 2016-02-10 15:49 - 00981592 _____ (SlimWare Utilities, Inc.) C:\Users\Jesus Christ Reigns\Downloads\SlimDrivers-setup(1).exe
    2016-02-10 15:39 - 2016-02-10 15:39 - 12887328 _____ (IObit) C:\Users\Jesus Christ Reigns\Downloads\iobituninstaller.exe
    2016-02-10 15:13 - 2016-02-11 08:33 - 00000000 ___RD C:\Users\Jesus Christ Reigns\iCloudDrive
    2016-02-10 15:05 - 2016-02-10 15:06 - 125168408 _____ (Apple Inc.) C:\Users\Jesus Christ Reigns\Downloads\icloudsetup.exe
    2016-02-10 14:01 - 2016-02-10 14:01 - 17926424 _____ (Goodsol Development Inc. ) C:\Users\Jesus Christ Reigns\Downloads\gdsol.exe
    2016-02-10 13:11 - 2016-02-10 13:12 - 167583000 _____ (Apple Inc.) C:\Users\Jesus Christ Reigns\Downloads\iTunes6464Setup.exe
    2016-02-10 13:04 - 2016-01-26 20:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-02-10 13:03 - 2016-01-26 21:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-02-10 13:00 - 2016-01-26 21:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-02-10 12:59 - 2016-01-26 21:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-02-10 12:59 - 2016-01-26 21:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-02-10 12:58 - 2016-01-26 22:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-02-10 12:58 - 2016-01-26 21:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-02-10 12:58 - 2016-01-26 21:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-02-10 12:58 - 2016-01-26 21:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-02-10 12:58 - 2016-01-26 20:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-02-10 12:58 - 2016-01-26 20:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-02-10 12:58 - 2016-01-26 20:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-02-10 12:58 - 2016-01-26 20:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-02-10 12:58 - 2016-01-26 20:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-02-10 12:57 - 2016-02-10 12:57 - 05664688 _____ (AVAST Software) C:\Users\Jesus Christ Reigns\Downloads\avast_internet_security_setup_online.exe
    2016-02-10 12:57 - 2016-01-28 22:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-02-10 12:57 - 2016-01-28 22:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-02-10 12:57 - 2016-01-26 21:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-02-10 12:57 - 2016-01-26 21:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-02-10 12:57 - 2016-01-26 21:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-02-10 12:57 - 2016-01-26 20:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-02-10 12:57 - 2016-01-26 20:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-02-10 12:57 - 2016-01-26 20:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-02-10 12:57 - 2016-01-26 20:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-02-10 12:57 - 2016-01-26 20:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-02-10 12:56 - 2016-01-26 22:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-02-10 12:56 - 2016-01-26 22:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-02-10 12:56 - 2016-01-26 22:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-02-10 12:56 - 2016-01-26 22:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-02-10 12:56 - 2016-01-26 21:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2016-02-10 12:56 - 2016-01-26 21:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-02-10 12:56 - 2016-01-26 21:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2016-02-10 12:56 - 2016-01-26 21:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
    2016-02-10 12:56 - 2016-01-26 21:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-02-10 12:56 - 2016-01-26 21:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2016-02-10 12:56 - 2016-01-26 21:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-02-10 12:56 - 2016-01-26 21:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
    2016-02-10 12:56 - 2016-01-26 21:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-02-10 12:56 - 2016-01-26 21:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-02-10 12:56 - 2016-01-26 21:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-02-10 12:56 - 2016-01-26 21:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
    2016-02-10 12:56 - 2016-01-26 21:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-02-10 12:56 - 2016-01-26 21:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-02-10 12:56 - 2016-01-26 20:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
    2016-02-10 12:56 - 2016-01-26 20:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-02-10 12:56 - 2016-01-26 20:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-02-10 12:56 - 2016-01-26 20:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-02-10 12:56 - 2016-01-26 20:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-02-10 12:56 - 2016-01-26 20:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-02-10 12:55 - 2016-01-26 21:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-02-10 12:55 - 2016-01-26 21:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
    2016-02-10 12:55 - 2016-01-26 21:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-02-10 12:55 - 2016-01-26 21:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-02-10 12:55 - 2016-01-26 21:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-02-10 12:55 - 2016-01-26 21:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
    2016-02-10 12:55 - 2016-01-26 21:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
    2016-02-10 12:55 - 2016-01-26 21:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
    2016-02-10 12:55 - 2016-01-26 21:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-02-10 12:55 - 2016-01-26 21:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-02-10 12:55 - 2016-01-26 21:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2016-02-10 12:55 - 2016-01-26 21:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
    2016-02-10 12:55 - 2016-01-26 20:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-02-10 12:55 - 2016-01-26 20:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2016-02-10 12:55 - 2016-01-26 20:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
    2016-02-10 12:55 - 2016-01-26 20:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2016-02-10 12:55 - 2016-01-26 20:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
    2016-02-10 12:54 - 2015-11-24 00:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2016-02-10 12:54 - 2015-11-12 21:40 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2016-02-10 12:52 - 2015-12-06 20:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-02-10 12:52 - 2015-11-24 02:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2016-02-10 12:52 - 2015-11-24 01:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
    2016-02-10 12:52 - 2015-11-24 01:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2016-02-10 12:52 - 2015-11-24 00:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-02-10 12:52 - 2015-11-22 02:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2016-02-10 12:52 - 2015-11-22 01:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2016-02-10 12:52 - 2015-11-12 22:04 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2016-02-10 12:48 - 2016-02-10 12:49 - 00242056 _____ C:\Users\Jesus Christ Reigns\Downloads\Firefox Setup Stub 44.0.1.exe
    2016-02-10 12:21 - 2016-02-10 12:21 - 13677800 _____ (Google) C:\Users\Jesus Christ Reigns\Downloads\picasa39-setup.exe
    2016-02-10 11:02 - 2016-02-26 15:37 - 00000000 ____D C:\$SysReset
    2016-02-09 13:37 - 2016-02-10 13:24 - 08388608 _____ C:\Users\Jesus Christ Reigns\Downloads\mozilla_firefox.vhdx
    2016-02-09 13:34 - 2016-02-09 13:34 - 00000000 _____ C:\Users\Jesus Christ Reigns\Downloads\Firefox Setup Stub 44_0_1_exe (3).hkthpkw.partial
    2016-02-09 13:34 - 2016-02-09 13:34 - 00000000 _____ C:\Users\Jesus Christ Reigns\Downloads\Firefox Setup Stub 44_0_1_exe (2).o8bwv8w.partial
    2016-02-09 13:33 - 2016-02-09 13:33 - 00000000 _____ C:\Users\Jesus Christ Reigns\Downloads\Firefox Setup Stub 44_0_1_exe (1).39x1uqw.partial
    2016-02-09 13:32 - 2016-02-09 13:32 - 00000000 _____ C:\Users\Jesus Christ Reigns\Downloads\Firefox Setup Stub 44_0_1_exe.w36ef6z.partial
    2016-02-09 12:01 - 2016-02-10 10:33 - 00000000 ____D C:\Users\Jesus Christ Reigns\Downloads\ProcessExplorer
    2016-02-09 12:01 - 2016-02-09 12:01 - 01270466 _____ C:\Users\Jesus Christ Reigns\Downloads\ProcessExplorer (1).zip
    2016-02-09 12:00 - 2016-02-09 12:00 - 01270466 _____ C:\Users\Jesus Christ Reigns\Downloads\ProcessExplorer.zip
    2016-02-09 10:56 - 2016-02-09 11:06 - 00249014 _____ C:\TDSSKiller.3.1.0.9_09.02.2016_10.56.14_log.txt
    2016-02-08 13:02 - 2016-02-08 13:02 - 00000000 ____D C:\SFCFix
    2016-02-08 12:00 - 2016-02-08 12:00 - 00061144 _____ C:\sfcdetails.txt
    2016-02-08 10:34 - 2016-02-08 10:34 - 00339360 _____ C:\Users\Jesus Christ Reigns\Downloads\Virus_Remover.zip
    2016-02-08 09:19 - 2016-02-27 10:33 - 00879096 _____ (Microsoft Corporation) C:\Users\Jesus Christ Reigns\Downloads\NetFxRepairTool (1).exe
    2016-02-08 09:14 - 2016-02-08 09:14 - 00879096 _____ (Microsoft Corporation) C:\Users\Jesus Christ Reigns\Downloads\NetFxRepairTool.exe
    2016-02-08 06:59 - 2016-02-08 06:59 - 00000000 ____D C:\Users\Jesus Christ Reigns\New folder
    2016-02-08 06:27 - 2016-02-08 06:27 - 00089525 _____ C:\Users\Jesus Christ Reigns\Downloads\dir.dcr
    2016-02-07 16:39 - 2016-02-07 16:39 - 00027783 _____ C:\Users\Jesus Christ Reigns\Downloads\fixlist (8).txt
    2016-02-07 13:49 - 2016-02-07 13:49 - 21771104 _____ (Tweaking.com) C:\Users\Jesus Christ Reigns\Downloads\tweaking.com_windows_repair_aio_setup (3).exe
    2016-02-07 13:49 - 2016-02-07 13:49 - 21771104 _____ (Tweaking.com) C:\Users\Jesus Christ Reigns\Downloads\tweaking.com_windows_repair_aio_setup (2).exe
    2016-02-06 17:33 - 2016-02-06 17:33 - 00027783 _____ C:\Users\Jesus Christ Reigns\Downloads\fixlist (7).txt
    2016-02-06 17:06 - 2016-02-06 17:06 - 00001669 _____ C:\Users\Jesus Christ Reigns\Downloads\fixlist (6).txt
    2016-02-04 10:27 - 2016-02-04 10:27 - 01609032 _____ (Malwarebytes) C:\Users\Jesus Christ Reigns\Downloads\JRT (1).exe
    2016-02-04 09:18 - 2016-02-04 09:18 - 01201784 _____ (RaMMicHaeL) C:\Users\Jesus Christ Reigns\Downloads\unchecky_setup.exe
    2016-02-03 17:41 - 2016-02-03 17:42 - 00122046 _____ C:\TDSSKiller.3.1.0.9_03.02.2016_17.41.50_log.txt
    2016-02-03 12:27 - 2016-02-18 08:46 - 06330144 _____ (Carifred) C:\Users\Jesus Christ Reigns\Downloads\UVKSetup.exe
    2016-02-02 15:59 - 2016-02-02 15:59 - 06203680 _____ (Carifred) C:\Users\Jesus Christ Reigns\Downloads\UVKPortable.exe
    2016-02-02 08:25 - 2016-02-02 08:25 - 00000811 _____ C:\Users\Public\Desktop\Windows Repair Toolbox.lnk
    2016-02-02 08:24 - 2016-02-02 08:25 - 01891899 _____ (Alexandre Miguel Canotilho Coelho ) C:\Users\Jesus Christ Reigns\Downloads\Windows_Repair_Toolbox_setup.exe
    2016-02-02 08:18 - 2016-01-31 09:21 - 00000926 _____ C:\Users\Jesus Christ Reigns\Documents\Tweaks.reg
    2016-01-31 12:37 - 2016-01-31 12:38 - 05111240 _____ (Piriform Ltd) C:\Users\Jesus Christ Reigns\Downloads\spsetup129.exe
    2016-01-31 12:01 - 2016-02-10 10:34 - 00000000 ____D C:\Users\Jesus Christ Reigns\Downloads\nirsoft_package_1.19.70
    2016-01-31 11:01 - 2016-01-31 11:02 - 05080376 _____ (AVAST Software) C:\Users\Jesus Christ Reigns\Downloads\avast_free_antivirus_setup_online.exe
    2016-01-31 09:14 - 2016-01-31 09:14 - 00003101 _____ C:\Users\Jesus Christ Reigns\Downloads\fixlist (5).txt
    2016-01-30 17:14 - 2016-01-30 17:14 - 00852720 _____ C:\Users\Jesus Christ Reigns\Downloads\SecurityCheck (2).exe
    2016-01-30 17:08 - 2016-01-30 17:08 - 00002918 _____ C:\Users\Jesus Christ Reigns\Downloads\fixlist (4).txt
    2016-01-30 13:11 - 2016-01-30 13:11 - 13393245 _____ C:\Users\Jesus Christ Reigns\Downloads\MuscleCars.themepack
    2016-01-30 13:07 - 2016-01-30 13:07 - 02488196 _____ C:\Users\Jesus Christ Reigns\Downloads\24.themepack
    2016-01-30 13:05 - 2016-01-30 13:05 - 01844744 _____ C:\Users\Jesus Christ Reigns\Downloads\BMW 5-series.themepack
    2016-01-30 13:03 - 2016-01-30 13:03 - 19039376 _____ C:\Users\Jesus Christ Reigns\Downloads\ClassicSportsCars.themepack
    2016-01-29 16:01 - 2016-01-29 16:01 - 00001536 _____ C:\Users\Jesus Christ Reigns\Documents\fixlist.txt
    2016-01-29 12:32 - 2016-01-30 14:40 - 00014673 _____ C:\Users\Jesus Christ Reigns\Documents\hosts.txt
    2016-01-29 12:31 - 2016-01-29 12:31 - 00000855 _____ C:\Users\Jesus Christ Reigns\Documents\hosts.old.txt
    2016-01-28 10:24 - 2016-01-28 10:24 - 01371668 _____ (Igor Pavlov) C:\Users\Jesus Christ Reigns\Downloads\7z1514-x64.exe

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-27 13:20 - 2015-11-30 14:59 - 00000000 ____D C:\FRST
    2016-02-27 13:08 - 2015-09-24 08:12 - 00000000 ____D C:\Users\Jesus Christ Reigns\IntelGraphicsProfiles
    2016-02-27 13:08 - 2015-09-24 07:25 - 00000000 ___RD C:\Users\Jesus Christ Reigns\OneDrive
    2016-02-27 06:56 - 2015-09-09 21:42 - 00000000 ___RD C:\Users\Public\AccountPictures
    2016-02-26 15:57 - 2015-10-29 23:19 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpdxm.dll
    2016-02-26 15:57 - 2015-10-29 23:19 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.tlb
    2016-02-26 15:57 - 2015-10-29 23:19 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\amcompat.tlb
    2016-02-26 15:57 - 2015-10-29 23:18 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2016-02-26 15:57 - 2015-10-29 23:18 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetpp.dll
    2016-02-26 15:57 - 2015-10-29 23:18 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetppui.dll
    2016-02-26 15:57 - 2015-10-29 23:18 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnpinst.exe
    2016-02-26 15:56 - 2015-10-29 23:19 - 00950784 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFS.exe
    2016-02-26 15:56 - 2015-10-29 23:19 - 00859648 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSST.dll
    2016-02-26 15:56 - 2015-10-29 23:19 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\WFSR.dll
    2016-02-26 15:56 - 2015-10-29 23:19 - 00429568 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMPOSE.dll
    2016-02-26 15:56 - 2015-10-29 23:19 - 00253080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpeffects.dll
    2016-02-26 15:56 - 2015-10-29 23:19 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOVER.exe
    2016-02-26 15:56 - 2015-10-29 23:19 - 00194560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\unregmp2.exe
    2016-02-26 15:56 - 2015-10-29 23:19 - 00183808 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSUTILITY.dll
    2016-02-26 15:56 - 2015-10-29 23:19 - 00102912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpshell.dll
    2016-02-26 15:56 - 2015-10-29 23:19 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMPOSERES.dll
    2016-02-26 15:56 - 2015-10-29 23:18 - 00407552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys
    2016-02-26 15:55 - 2015-10-29 23:20 - 00926208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSRESM.dll
    2016-02-26 15:55 - 2015-10-29 23:20 - 00525824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOMEX.dll
    2016-02-26 15:55 - 2015-10-29 23:20 - 00232448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSAPI.dll
    2016-02-26 15:55 - 2015-10-29 23:20 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSCOM.dll
    2016-02-26 15:55 - 2015-10-29 23:20 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinFax.dll
    2016-02-26 15:55 - 2015-10-29 23:19 - 00236032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpdxm.dll
    2016-02-26 15:55 - 2015-10-29 23:19 - 00153920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmpps.dll
    2016-02-26 15:55 - 2015-10-29 23:19 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpshell.dll
    2016-02-26 15:55 - 2015-10-29 23:19 - 00105984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSXP32.dll
    2016-02-26 15:55 - 2015-10-29 23:19 - 00044544 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.tlb
    2016-02-26 15:55 - 2015-10-29 23:19 - 00038912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FXSEXT32.dll
    2016-02-26 15:55 - 2015-10-29 23:19 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\amcompat.tlb
    2016-02-26 15:54 - 2015-10-29 23:19 - 12585984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2016-02-26 15:54 - 2015-10-29 23:19 - 09375232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmploc.DLL
    2016-02-26 15:54 - 2015-10-29 23:19 - 00926208 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSRESM.dll
    2016-02-26 15:54 - 2015-10-29 23:19 - 00627200 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOMEX.dll
    2016-02-26 15:54 - 2015-10-29 23:19 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSTIFF.dll
    2016-02-26 15:54 - 2015-10-29 23:19 - 00388896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpps.dll
    2016-02-26 15:54 - 2015-10-29 23:19 - 00305296 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpeffects.dll
    2016-02-26 15:54 - 2015-10-29 23:19 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSAPI.dll
    2016-02-26 15:54 - 2015-10-29 23:19 - 00254976 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXST30.dll
    2016-02-26 15:54 - 2015-10-29 23:19 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\system32\unregmp2.exe
    2016-02-26 15:54 - 2015-10-29 23:19 - 00090112 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSCOM.dll
    2016-02-26 15:54 - 2015-10-29 23:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinFax.dll
    2016-02-26 15:54 - 2015-10-29 23:19 - 00009216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spwmp.dll
    2016-02-26 15:54 - 2015-10-29 23:19 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msdxm.ocx
    2016-02-26 15:54 - 2015-10-29 23:19 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxmasf.dll
    2016-02-26 15:53 - 2015-10-29 23:19 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2016-02-26 15:53 - 2015-10-29 23:19 - 09375232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmploc.DLL
    2016-02-26 15:53 - 2015-10-29 23:19 - 00651776 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSSVC.exe
    2016-02-26 15:53 - 2015-10-29 23:19 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSROUTE.dll
    2016-02-26 15:53 - 2015-10-29 23:19 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSMON.dll
    2016-02-26 15:53 - 2015-10-29 23:19 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSUNATD.exe
     
  8. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    2016-02-26 15:53 - 2015-10-29 23:19 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwmp.dll
    2016-02-26 15:53 - 2015-10-29 23:19 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\FXSEVENT.dll
    2016-02-26 15:53 - 2015-10-29 23:19 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdxm.ocx
    2016-02-26 15:53 - 2015-10-29 23:19 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxmasf.dll
    2016-02-26 15:53 - 2015-10-29 23:18 - 01554152 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
    2016-02-26 15:53 - 2015-10-29 23:18 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll
    2016-02-26 15:17 - 2015-10-02 10:44 - 00000000 ____D C:\Windows_Repair_Toolbox
    2016-02-26 15:02 - 2016-01-12 11:13 - 00000000 ____D C:\Users\Jesus Christ Reigns\Documents\Stuff
    2016-02-18 12:35 - 2015-12-07 08:19 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\LocalLow\IObit
    2016-02-15 11:54 - 2015-12-06 13:34 - 00000000 ____D C:\AdwCleaner
    2016-02-10 10:34 - 2016-01-09 09:12 - 00000000 ___RD C:\Users\Jesus Christ Reigns\3D Objects

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-26 16:18

    ==================== End of FRST.txt ============================
     
  9. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
    Ran by Jesus Christ Reigns (2016-02-27 13:24:09)
    Running from C:\Users\Jesus Christ Reigns\Documents\Stuff\Fixlistarchives\FRST-OlderVersion
    Windows 10 Home Version 1511 (X64) (2016-02-27 00:34:03)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1151840851-2588883232-3208457946-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1151840851-2588883232-3208457946-503 - Limited - Disabled)
    Guest (S-1-5-21-1151840851-2588883232-3208457946-501 - Limited - Disabled)
    Jesus Christ Reigns (S-1-5-21-1151840851-2588883232-3208457946-1001 - Administrator - Enabled) => C:\Users\Jesus Christ Reigns

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    AVG (Version: 16.41.7442 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4522 - AVG Technologies) Hidden
    AVG Protection (HKLM\...\AVG) (Version: 2016.41.7442 - AVG Technologies)
    ELAN Touchpad 15.6.3.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.6.3.3 - ELAN Microelectronic Corp.)
    FMW 1 (Version: 1.52.1 - AVG Technologies) Hidden
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.5.126 - IObit)
    Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
    Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.2 - Tweaking.com)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1151840851-2588883232-3208457946-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1151840851-2588883232-3208457946-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {45456E6C-60C8-47A9-9F57-187F586DF723} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
    Task: {7EB81812-3458-4C2F-88A4-485CF6CAFC58} - System32\Tasks\AVG_SYS_TASK_0116pi_DELETE => C:\ProgramData\Avg_Update_0116pi\AVG-Secure-Search-Update_0116pi.exe [2016-01-10] ()
    Task: {D8296EEB-BB1D-4439-B792-97622FF2AE93} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-27] (Microsoft Corporation)
    Task: {E3FCEF24-3085-4E57-97EF-211749B29C11} - System32\Tasks\AVG_SYS_TASK_0116pi => C:\ProgramData\Avg_Update_0116pi\AVG-Secure-Search-Update_0116pi.exe [2016-01-10] ()
    Task: {F5C77587-DA41-4D8B-9D11-C75CAF5D99CC} - System32\Tasks\Uninstaller_SkipUac_Jesus_Christ_Reigns => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2016-01-27] (IObit)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
    Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Jesus_Christ_Reigns.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2015-12-03 09:30 - 2015-11-22 02:47 - 02653816 _____ () c:\windows\system32\CoreUIComponents.dll
    2015-12-03 09:30 - 2015-11-22 02:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-03 09:30 - 2015-11-22 02:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-10-30 01:09 - 2015-10-30 01:09 - 00044032 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2015-12-18 08:13 - 2015-12-06 20:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2015-12-18 08:13 - 2015-12-06 20:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-01-12 10:28 - 2016-01-04 17:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-12 10:28 - 2016-01-04 17:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-01-27 11:09 - 2016-01-15 21:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-01-27 11:09 - 2016-01-15 21:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-02-27 13:19 - 2016-01-10 01:55 - 02795920 _____ () C:\ProgramData\Avg_Update_0116pi\AVG-Secure-Search-Update_0116pi.exe
    2016-02-26 16:43 - 2015-12-23 16:27 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
    2015-10-30 01:09 - 2015-10-30 01:09 - 00151040 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2015-10-30 01:09 - 2015-10-30 01:09 - 18818048 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_1.10.22012.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2016-02-26 16:43 - 2015-12-23 16:27 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
    2016-02-26 16:43 - 2015-12-23 16:27 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
    2016-02-26 16:43 - 2015-12-23 16:27 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
    2016-02-27 13:13 - 2015-04-07 05:34 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2016-02-26 16:02 - 2016-02-27 11:24 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jesus Christ Reigns\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 216.228.160.4 - 216.228.160.3
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: ETDCtrl =>

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{7C924DD7-4E3C-4F3D-9888-977414599B38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C1D5CA33-8BC7-478D-A4FE-16EB4C7A2909}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{01A315DF-2C38-4D00-84A9-4EF1FE6A2037}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{49F54691-33C2-4E85-A17D-905CBDD3DDFA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{B5530ECD-58A4-4ABD-AB22-33C9D8EDEED5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{99945F20-6D33-4F5A-9D9F-218CA6AE907E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{E0A510E6-D98A-4BED-BFA7-D99F162B1428}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{92186D22-3438-42C8-B30E-20AAA115D0DA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{5C29149F-CF96-4494-B273-AA95EC6815E3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{DA50BA1E-4D93-43DD-992D-DFACCF009C8D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe

    ==================== Restore Points =========================

    26-02-2016 16:52:24 JRT Pre-Junkware Removal
    27-02-2016 13:14:24 Installed AVG 2016
    27-02-2016 13:15:21 Installed AVG

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/27/2016 01:22:40 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_UserDataSvc_2c5f4, version: 10.0.10586.0, time stamp: 0x5632d7ba
    Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
    Exception code: 0xc0000409
    Fault offset: 0x000000000002138b
    Faulting process id: 0x1d74
    Faulting application start time: 0xsvchost.exe_UserDataSvc_2c5f40
    Faulting application path: svchost.exe_UserDataSvc_2c5f41
    Faulting module path: svchost.exe_UserDataSvc_2c5f42
    Report Id: svchost.exe_UserDataSvc_2c5f43
    Faulting package full name: svchost.exe_UserDataSvc_2c5f44
    Faulting package-relative application ID: svchost.exe_UserDataSvc_2c5f45

    Error: (02/27/2016 01:18:37 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: PHILIPMOORE)
    Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/27/2016 01:10:34 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_UserDataSvc_2c5f4, version: 10.0.10586.0, time stamp: 0x5632d7ba
    Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
    Exception code: 0xc0000409
    Fault offset: 0x000000000002138b
    Faulting process id: 0x1444
    Faulting application start time: 0xsvchost.exe_UserDataSvc_2c5f40
    Faulting application path: svchost.exe_UserDataSvc_2c5f41
    Faulting module path: svchost.exe_UserDataSvc_2c5f42
    Report Id: svchost.exe_UserDataSvc_2c5f43
    Faulting package full name: svchost.exe_UserDataSvc_2c5f44
    Faulting package-relative application ID: svchost.exe_UserDataSvc_2c5f45

    Error: (02/27/2016 01:10:14 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_UserDataSvc_2c5f4, version: 10.0.10586.0, time stamp: 0x5632d7ba
    Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
    Exception code: 0xc0000409
    Fault offset: 0x000000000002138b
    Faulting process id: 0x1510
    Faulting application start time: 0xsvchost.exe_UserDataSvc_2c5f40
    Faulting application path: svchost.exe_UserDataSvc_2c5f41
    Faulting module path: svchost.exe_UserDataSvc_2c5f42
    Report Id: svchost.exe_UserDataSvc_2c5f43
    Faulting package full name: svchost.exe_UserDataSvc_2c5f44
    Faulting package-relative application ID: svchost.exe_UserDataSvc_2c5f45

    Error: (02/27/2016 01:09:54 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_UserDataSvc_2c5f4, version: 10.0.10586.0, time stamp: 0x5632d7ba
    Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
    Exception code: 0xc0000409
    Fault offset: 0x000000000002138b
    Faulting process id: 0xf3c
    Faulting application start time: 0xsvchost.exe_UserDataSvc_2c5f40
    Faulting application path: svchost.exe_UserDataSvc_2c5f41
    Faulting module path: svchost.exe_UserDataSvc_2c5f42
    Report Id: svchost.exe_UserDataSvc_2c5f43
    Faulting package full name: svchost.exe_UserDataSvc_2c5f44
    Faulting package-relative application ID: svchost.exe_UserDataSvc_2c5f45

    Error: (02/27/2016 01:09:33 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_UserDataSvc_2c5f4, version: 10.0.10586.0, time stamp: 0x5632d7ba
    Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
    Exception code: 0xc0000409
    Fault offset: 0x000000000002138b
    Faulting process id: 0x93c
    Faulting application start time: 0xsvchost.exe_UserDataSvc_2c5f40
    Faulting application path: svchost.exe_UserDataSvc_2c5f41
    Faulting module path: svchost.exe_UserDataSvc_2c5f42
    Report Id: svchost.exe_UserDataSvc_2c5f43
    Faulting package full name: svchost.exe_UserDataSvc_2c5f44
    Faulting package-relative application ID: svchost.exe_UserDataSvc_2c5f45

    Error: (02/27/2016 01:09:11 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_UserDataSvc_2c5f4, version: 10.0.10586.0, time stamp: 0x5632d7ba
    Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
    Exception code: 0xc0000409
    Fault offset: 0x000000000002138b
    Faulting process id: 0x13a0
    Faulting application start time: 0xsvchost.exe_UserDataSvc_2c5f40
    Faulting application path: svchost.exe_UserDataSvc_2c5f41
    Faulting module path: svchost.exe_UserDataSvc_2c5f42
    Report Id: svchost.exe_UserDataSvc_2c5f43
    Faulting package full name: svchost.exe_UserDataSvc_2c5f44
    Faulting package-relative application ID: svchost.exe_UserDataSvc_2c5f45

    Error: (02/27/2016 01:09:04 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_UserDataSvc_2c5f4, version: 10.0.10586.0, time stamp: 0x5632d7ba
    Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
    Exception code: 0xc0000409
    Fault offset: 0x000000000002138b
    Faulting process id: 0x1788
    Faulting application start time: 0xsvchost.exe_UserDataSvc_2c5f40
    Faulting application path: svchost.exe_UserDataSvc_2c5f41
    Faulting module path: svchost.exe_UserDataSvc_2c5f42
    Report Id: svchost.exe_UserDataSvc_2c5f43
    Faulting package full name: svchost.exe_UserDataSvc_2c5f44
    Faulting package-relative application ID: svchost.exe_UserDataSvc_2c5f45

    Error: (02/27/2016 12:50:50 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_UserDataSvc_2f3d2, version: 10.0.10586.0, time stamp: 0x5632d7ba
    Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
    Exception code: 0xc0000409
    Fault offset: 0x000000000002138b
    Faulting process id: 0x1974
    Faulting application start time: 0xsvchost.exe_UserDataSvc_2f3d20
    Faulting application path: svchost.exe_UserDataSvc_2f3d21
    Faulting module path: svchost.exe_UserDataSvc_2f3d22
    Report Id: svchost.exe_UserDataSvc_2f3d23
    Faulting package full name: svchost.exe_UserDataSvc_2f3d24
    Faulting package-relative application ID: svchost.exe_UserDataSvc_2f3d25

    Error: (02/27/2016 12:50:44 PM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: svchost.exe_UserDataSvc_2f3d2, version: 10.0.10586.0, time stamp: 0x5632d7ba
    Faulting module name: ntdll.dll, version: 10.0.10586.103, time stamp: 0x56a8483f
    Exception code: 0xc0000409
    Fault offset: 0x000000000002138b
    Faulting process id: 0x1834
    Faulting application start time: 0xsvchost.exe_UserDataSvc_2f3d20
    Faulting application path: svchost.exe_UserDataSvc_2f3d21
    Faulting module path: svchost.exe_UserDataSvc_2f3d22
    Report Id: svchost.exe_UserDataSvc_2f3d23
    Faulting package full name: svchost.exe_UserDataSvc_2f3d24
    Faulting package-relative application ID: svchost.exe_UserDataSvc_2f3d25


    System errors:
    =============
    Error: (02/27/2016 01:22:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The User Data Access_2c5f4 service terminated unexpectedly. It has done this 7 time(s).

    Error: (02/27/2016 01:22:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The User Data Storage_2c5f4 service terminated unexpectedly. It has done this 7 time(s).

    Error: (02/27/2016 01:22:45 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Contact Data_2c5f4 service terminated unexpectedly. It has done this 7 time(s).

    Error: (02/27/2016 01:11:24 PM) (Source: DCOM) (EventID: 10016) (User: PHILIPMOORE)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PhilipMooreJesus Christ ReignsS-1-5-21-1151840851-2588883232-3208457946-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

    Error: (02/27/2016 01:11:24 PM) (Source: DCOM) (EventID: 10016) (User: PHILIPMOORE)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PhilipMooreJesus Christ ReignsS-1-5-21-1151840851-2588883232-3208457946-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

    Error: (02/27/2016 01:11:23 PM) (Source: DCOM) (EventID: 10016) (User: PHILIPMOORE)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PhilipMooreJesus Christ ReignsS-1-5-21-1151840851-2588883232-3208457946-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

    Error: (02/27/2016 01:10:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The User Data Access_2c5f4 service terminated unexpectedly. It has done this 6 time(s).

    Error: (02/27/2016 01:10:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The User Data Storage_2c5f4 service terminated unexpectedly. It has done this 6 time(s).

    Error: (02/27/2016 01:10:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Contact Data_2c5f4 service terminated unexpectedly. It has done this 6 time(s).

    Error: (02/27/2016 01:10:48 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Sync Host_2c5f4 service terminated unexpectedly. It has done this 4 time(s).


    CodeIntegrity:
     
  10. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    ===================================
    Date: 2016-02-27 06:55:36.469
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-27 06:46:40.642
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-26 16:21:28.609
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
    Percentage of memory in use: 45%
    Total physical RAM: 3977.7 MB
    Available physical RAM: 2187.67 MB
    Total Virtual: 5385.7 MB
    Available Virtual: 3615.76 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:464.38 GB) (Free:418.93 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EC3041B2)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  11. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  12. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    I believe the '192...' reference is my own ISP but I'm wondering about the '127...' as being
    an Intruder?
    When I go to a Administrator Command Prompt I see this info
    about my network connection. When typing the command 'ipconfig'

    Wireless LAN adapter Wi-Fi:

    Connection-specific DNS Suffix . : bendbroadband.com
    IPv4 Address. . . . . . . . . . . : 192.168.0.7
    Subnet Mask . . . . . . . . . . . : 255.255.255.0
    Default Gateway . . . . . . . . . : 192.168.0.1

    When typing netstat -ano I get this info:
    Active Connections

    Proto Local Address Foreign Address State PID
    TCP 0.0.0.0:135 0.0.0.0:0 LISTENING 1328
    TCP 0.0.0.0:445 0.0.0.0:0 LISTENING 4
    TCP 0.0.0.0:2869 0.0.0.0:0 LISTENING 4
    TCP 0.0.0.0:5357 0.0.0.0:0 LISTENING 4
    TCP 0.0.0.0:7112 0.0.0.0:0 LISTENING 3596
    TCP 0.0.0.0:49664 0.0.0.0:0 LISTENING 1036
    TCP 0.0.0.0:49665 0.0.0.0:0 LISTENING 1528
    TCP 0.0.0.0:49666 0.0.0.0:0 LISTENING 1828
    TCP 0.0.0.0:49667 0.0.0.0:0 LISTENING 2304
    TCP 0.0.0.0:49668 0.0.0.0:0 LISTENING 1172
    TCP 0.0.0.0:49673 0.0.0.0:0 LISTENING 1164
    TCP 127.0.0.1:5354 0.0.0.0:0 LISTENING 7444
    TCP 127.0.0.1:27015 0.0.0.0:0 LISTENING 6636

    TCP 127.0.0.1:27015 127.0.0.1:51601 ESTABLISHED 6636
    TCP 127.0.0.1:51601 127.0.0.1:27015 ESTABLISHED 5036
    TCP 127.0.0.1:51609 127.0.0.1:51610 ESTABLISHED 6548
    TCP 127.0.0.1:51610 127.0.0.1:51609 ESTABLISHED 6548

    TCP 192.168.0.7:139 0.0.0.0:0 LISTENING 4
    TCP 192.168.0.7:51571 65.52.108.206:443 ESTABLISHED 6364
    TCP 192.168.0.7:51915 193.85.216.234:443 ESTABLISHED 2776
    TCP 192.168.0.7:52996 205.217.188.3:443 ESTABLISHED 6548
    TCP 192.168.0.7:53067 31.13.76.102:443 ESTABLISHED 7252
    TCP 192.168.0.7:53121 0.0.0.0:0 LISTENING 4100
    TCP 192.168.0.7:53262 52.84.20.143:80 ESTABLISHED 6548
    TCP 192.168.0.7:53273 54.246.120.57:80 ESTABLISHED 6548
    TCP 192.168.0.7:53283 52.84.20.83:80 ESTABLISHED 6548
    TCP 192.168.0.7:53284 198.54.12.97:80 ESTABLISHED 6548
    TCP 192.168.0.7:53325 66.35.58.80:80 ESTABLISHED 6548
    TCP 192.168.0.7:53326 52.9.66.80:80 ESTABLISHED 6548
    TCP 192.168.0.7:53327 52.9.66.80:80 ESTABLISHED 6548
    TCP 192.168.0.7:53346 52.9.66.80:80 ESTABLISHED 6548
    TCP 192.168.0.7:53363 54.148.203.11:80 ESTABLISHED 6548
    TCP 192.168.0.7:53401 52.71.202.21:80 ESTABLISHED 6548
    TCP 192.168.0.7:53403 54.246.120.57:80 ESTABLISHED 6548
    TCP 192.168.0.7:53446 52.84.20.232:80 ESTABLISHED 6548
    TCP 192.168.0.7:53696 52.36.41.115:443 TIME_WAIT 0
    TCP 192.168.0.7:53701 174.35.52.74:80 TIME_WAIT 0
    TCP 192.168.0.7:53707 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53708 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53709 23.195.226.106:80 TIME_WAIT 0
    TCP 192.168.0.7:53710 23.195.226.106:80 TIME_WAIT 0
    TCP 192.168.0.7:53711 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53715 2.19.128.149:443 ESTABLISHED 7796
    TCP 192.168.0.7:53716 2.19.128.149:443 ESTABLISHED 7796
    TCP 192.168.0.7:53717 54.246.120.57:80 TIME_WAIT 0
    TCP 192.168.0.7:53726 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53727 23.195.226.106:80 TIME_WAIT 0
    TCP 192.168.0.7:53728 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53729 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53730 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53739 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53740 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53741 23.195.226.106:80 TIME_WAIT 0
    TCP 192.168.0.7:53742 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53744 54.246.120.57:80 TIME_WAIT 0
    TCP 192.168.0.7:53745 54.246.120.57:80 TIME_WAIT 0
    TCP 192.168.0.7:53750 174.35.52.184:80 TIME_WAIT 0
    TCP 192.168.0.7:53754 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53755 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53756 23.195.226.106:80 TIME_WAIT 0
    TCP 192.168.0.7:53757 23.195.226.106:80 TIME_WAIT 0
    TCP 192.168.0.7:53758 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53759 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53761 52.84.20.172:80 ESTABLISHED 6548
    TCP 192.168.0.7:53769 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53770 23.195.226.106:80 ESTABLISHED 6548
    TCP 192.168.0.7:53771 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53772 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53773 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53776 64.4.54.253:443 ESTABLISHED 2616
    TCP 192.168.0.7:53779 174.35.52.78:80 TIME_WAIT 0
    TCP 192.168.0.7:53784 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53785 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53787 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53789 54.246.119.203:80 TIME_WAIT 0
    TCP 192.168.0.7:53798 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53799 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53800 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53804 174.35.52.88:80 TIME_WAIT 0
    TCP 192.168.0.7:53808 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53809 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53811 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53812 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53815 174.35.52.88:80 TIME_WAIT 0
    TCP 192.168.0.7:53821 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53822 23.74.52.28:80 TIME_WAIT 0
    TCP 192.168.0.7:53823 23.74.52.28:80 TIME_WAIT 0
    TCP [::]:135 [::]:0 LISTENING 1328
    TCP [::]:445 [::]:0 LISTENING 4
    TCP [::]:2869 [::]:0 LISTENING 4
    TCP [::]:5357 [::]:0 LISTENING 4
    TCP [::]:49664 [::]:0 LISTENING 1036
    TCP [::]:49665 [::]:0 LISTENING 1528
    TCP [::]:49666 [::]:0 LISTENING 1828
    TCP [::]:49667 [::]:0 LISTENING 2304
    TCP [::]:49668 [::]:0 LISTENING 1172
    TCP [::]:49673 [::]:0 LISTENING 1164
    UDP 0.0.0.0:123 *:* 1676
    UDP 0.0.0.0:3544 *:* 1528
    UDP 0.0.0.0:3702 *:* 1764
    UDP 0.0.0.0:3702 *:* 1764
    UDP 0.0.0.0:5353 *:* 988
    UDP 0.0.0.0:5355 *:* 988
    UDP 0.0.0.0:49664 *:* 1764
    UDP 0.0.0.0:53230 *:* 7444
    UDP 127.0.0.1:1900 *:* 1764
    UDP 127.0.0.1:51922 *:* 1764
    UDP 127.0.0.1:53232 *:* 6636
    UDP 127.0.0.1:53233 *:* 6636
    UDP 127.0.0.1:54937 *:* 5036
    UDP 127.0.0.1:54938 *:* 5036
    UDP 192.168.0.7:137 *:* 4
    UDP 192.168.0.7:138 *:* 4
    UDP 192.168.0.7:1900 *:* 1764
    UDP 192.168.0.7:5050 *:* 1676
    UDP 192.168.0.7:5353 *:* 7444
    UDP 192.168.0.7:51921 *:* 1764
    UDP 192.168.0.7:53121 *:* 4100
    UDP 192.168.0.7:62775 *:* 1528
    UDP [::]:123 *:* 1676
    UDP [::]:3702 *:* 1764
    UDP [::]:3702 *:* 1764
    UDP [::]:49665 *:* 1764
    UDP [::]:53231 *:* 7444
    UDP [::1]:1900 *:* 1764
    UDP [::1]:5353 *:* 7444
    UDP [::1]:51920 *:* 1764
    UDP [fe80::148f:ac8:bc33:4b8e%13]:546 *:* 1828
    UDP [fe80::148f:ac8:bc33:4b8e%13]:546 *:*
    1828


    Still waiting on RK and will send logs once it's through.
    Thank you.
     
  13. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 2/28/2016
    Scan Time: 8:16 AM
    Logfile: mbam.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2016.02.28.03
    Rootkit Database: v2016.02.27.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Jesus Christ Reigns

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 333749
    Time Elapsed: 25 min, 42 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)


    (end)
     
  14. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    Malwarebytes Anti-Malware
    www.malwarebytes.org


    Update, 2/28/2016 8:16 AM, SYSTEM, PHILIPMOORE, Manual, Remediation Database, 2015.9.16.1, 2016.2.22.2,
    Update, 2/28/2016 8:16 AM, SYSTEM, PHILIPMOORE, Manual, Rootkit Database, 2015.9.18.1, 2016.2.27.1,
    Update, 2/28/2016 8:16 AM, SYSTEM, PHILIPMOORE, Manual, IP Database, 2015.9.21.2, 2016.2.27.1,
    Update, 2/28/2016 8:16 AM, SYSTEM, PHILIPMOORE, Manual, Domain Database, 2015.9.22.3, 2016.2.28.2,
    Update, 2/28/2016 8:16 AM, SYSTEM, PHILIPMOORE, Manual, Malware Database, 2015.9.22.5, 2016.2.28.3,
    Scan, 2/28/2016 8:42 AM, SYSTEM, PHILIPMOORE, Manual, Start:2/28/2016 8:16 AM, Duration:25 min 42 sec, Threat Scan, Completed, 0 Malware Detections, 0 Non-Malware Detections,

    (end)
     
  15. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    # AdwCleaner v5.029 - Logfile created 11/01/2016 at 16:27:34

    WHAT DOES THIS MEAN???? LINE ABOVE.

    # Updated 11/01/2016 by Xplode
    # Database : 2016-01-11.4 [Server]
    # Operating system : Windows 10 Home (x64)
    # Username : Jesus Christ Reigns - PHILIPMOORE
    # Running from : C:\Users\Jesus Christ Reigns\Downloads\adwcleaner_5.029.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKCU\Software\darwendlm

    ***** [ Web browsers ] *****

    [-] [C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla\Firefox\Profiles\wrl94xrb.default-1451927182068\prefs.js] [Preference] Deleted : user_pref("browser.safebrowsing.provider.google.lastupdatetime", "1452557747433");
    [-] [C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla\Firefox\Profiles\wrl94xrb.default-1451927182068\prefs.js] [Preference] Deleted : user_pref("browser.safebrowsing.provider.google.nextupdatetime", "1452559476433");
    [-] [C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla\Firefox\Profiles\wrl94xrb.default-1451927182068\prefs.js] [Preference] Deleted : user_pref("browser.safebrowsing.provider.mozilla.lastupdatetime", "1452557748384");
    [-] [C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla\Firefox\Profiles\wrl94xrb.default-1451927182068\prefs.js] [Preference] Deleted : user_pref("browser.safebrowsing.provider.mozilla.nextupdatetime", "1452561348384");

    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1629 bytes] ##########
    # AdwCleaner v5.037 - Logfile created 28/02/2016 at 08:50:17
    # Updated 28/02/2016 by Xplode
    # Database : 2016-02-28.2 [Server]
    # Operating system : Windows 10 Home (x64)
    # Username : Jesus Christ Reigns - PHILIPMOORE
    # Running from : C:\Users\Jesus Christ Reigns\Downloads\adwcleaner_5.037.exe
    # Option : Clean
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    [-] Folder Deleted : C:\Program Files (x86)\Common Files\AVG Secure Search
    [-] Folder Deleted : C:\Program Files\Common Files\AVG Secure Search
    [-] Folder Deleted : C:\ProgramData\AVG Secure Search

    ***** [ Files ] *****

    [-] File Deleted : C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla\Firefox\Profiles\5c99sxj0.default\extensions\Avg@toolbar.xpi

    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
    [-] Key Deleted : HKLM\SOFTWARE\MozillaPlugins\@avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{933B95E2-E7B7-4AD9-B952-7AC336682AE3}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C2AC8A0E-E48E-484B-A71C-C7A937FAAB94}
    [-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{95B7759C-8C7F-4BF1-B163-73684A933233}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{C401D2CE-DC27-45C7-BC0C-8E6EA7F085D6}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
    [-] Value Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Run [vProt]

    ***** [ Web browsers ] *****


    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    *************************

    C:\AdwCleaner\AdwCleaner[C1].txt - [2341 bytes] - [06/12/2015 13:39:52]
    C:\AdwCleaner\AdwCleaner[C2].txt - [2661 bytes] - [10/01/2016 12:35:42]
    C:\AdwCleaner\AdwCleaner[C3].txt - [4477 bytes] - [11/01/2016 16:27:34]
    C:\AdwCleaner\AdwCleaner[C4].txt - [1018 bytes] - [15/01/2016 17:53:40]
    C:\AdwCleaner\AdwCleaner[S1].txt - [2097 bytes] - [06/12/2015 13:34:45]
    C:\AdwCleaner\AdwCleaner[S2].txt - [2816 bytes] - [01/01/2016 09:21:30]
    C:\AdwCleaner\AdwCleaner[S3].txt - [4535 bytes] - [10/01/2016 12:20:30]
    C:\AdwCleaner\AdwCleaner[S4].txt - [362 bytes] - [11/01/2016 08:40:45]
    C:\AdwCleaner\AdwCleaner[S5].txt - [681 bytes] - [11/01/2016 09:23:48]
    C:\AdwCleaner\AdwCleaner[S6].txt - [1586 bytes] - [11/01/2016 16:21:31]
    C:\AdwCleaner\AdwCleaner[S7].txt - [914 bytes] - [15/01/2016 17:50:38]

    ########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [5131 bytes] ##########
     
  16. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.3 (02.09.2016)
    Operating System: Windows 10 Home x64
    Ran by Jesus Christ Reigns (Administrator) on Sun 02/28/2016 at 9:05:57.40
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 2

    Successfully deleted: C:\ProgramData\productdata (Folder)
    Successfully deleted: C:\Users\Jesus Christ Reigns\AppData\Roaming\productdata (Folder)



    Registry: 0





    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 02/28/2016 at 9:07:52.30
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  17. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    RogueKiller log?

    192 is your router.
    127 is your own computer.
     
  18. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    RogueKiller V11.0.13.0 [Feb 22 2016] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.10586) 64 bits version
    Started in : Normal mode
    User : Jesus Christ Reigns [Administrator]
    Started from : C:\Users\Jesus Christ Reigns\Downloads\RogueKiller.exe
    Mode : Delete -- Date : 02/28/2016 08:09:09

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 7 ¤¤¤
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814} (C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer.dll) -> Deleted
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{95B7759C-8C7F-4BF1-B163-73684A933233} (C:\Program Files\AVG Web TuneUp\4.2.6.552\AVG Web TuneUp.dll) -> Deleted
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters | DhcpNameServer : 216.228.160.4 216.228.160.3 ([X][X]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters | DhcpNameServer : 216.228.160.4 216.228.160.3 ([X][X]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\Tcpip\Parameters\Interfaces\{f63f147d-9902-4615-8b2f-0297621c110d} | DhcpNameServer : 216.228.160.4 216.228.160.3 ([X][X]) -> Not selected
    [PUM.Dns] (X64) HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Tcpip\Parameters\Interfaces\{f63f147d-9902-4615-8b2f-0297621c110d} | DhcpNameServer : 216.228.160.4 216.228.160.3 ([X][X]) -> Not selected

    ¤¤¤ Tasks : 0 ¤¤¤

    ¤¤¤ Files : 1 ¤¤¤
    [PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001} -> Deleted
    [PUP][File] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DIFxAPI.dll -> Deleted
    [PUP][File] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DifXInstall64.exe -> Deleted
    [PUP][File] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\DIFxInstallLog.txt -> Deleted
    [PUP][File] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\GEARAspiWDM.inf -> Deleted
    [PUP][File] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\gearaspiwdmx64.cat -> Deleted
    [PUP][File] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64\GEARAspi.dll -> Deleted
    [PUP][File] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64\GEARAspi64.dll -> Deleted
    [PUP][File] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64\GEARAspiWDM.sys -> Deleted
    [PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64\x64 -> Deleted
    [PUP][Folder] C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}\x64 -> Deleted

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

    ¤¤¤ Web browsers : 1 ¤¤¤
    [PUP][FIREFX:Addon] 5c99sxj0.default : AVG Web TuneUp [avg@toolbar] -> Not selected

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: WDC WD5000LPVX-22V0TT0 +++++
    --- User ---
    [MBR] 43126f3adc47adacacc6fd31c8958445
    [BSP] 828d19adbf4bd1bd48f5fe84ae37e5ef : Windows Vista/7/8 MBR Code
    Partition table:
    0 - [MAN-MOUNT] EFI system partition | Offset (sectors): 2048 | Size: 100 MB
    1 - [MAN-MOUNT] Microsoft reserved partition | Offset (sectors): 206848 | Size: 16 MB
    2 - Basic data partition | Offset (sectors): 239616 | Size: 475527 MB
    3 - [SYSTEM][MAN-MOUNT] | Offset (sectors): 974120960 | Size: 845 MB
    User = LL1 ... OK
    User = LL2 ... OK
     
  19. Broni

    Broni Malware Annihilator Posts: 52,897   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  20. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    I seriously wished I had taken a video of my desktop during the hacked attack. The moving cursor that was not me, resulted in placing all types of icons on my desktop without my consent. (mostly tmp files but .dll files too) When attempting to start trojan scans I would have to fight with the cursor to stop them. When using FRST it was like pulling teeth to remove files. I would attempt to click on the file and the cursor continued to move away. Had I not known shortcuts using cut, copy past, I'm not sure it would have allowed anything. It was the same way when I went to restore the OS. If I didn't know that I've already been there it would make one think he was going crazy! LOL
    Before you ask I don't visit porn sites or any other that are considered iffy.
    I used Process Explorer to attempt to cease the action. I'm not an expert with Procexplorer but have a laymens understanding of how it works. I couldn't stop the hack using that.
    How can I verify that this event has ceased?
     
    Last edited: Feb 28, 2016
  21. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    I missed your request to re-run FRST doing it now. My apologies
     
  22. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:27-02-2016
    Ran by Jesus Christ Reigns (2016-02-28 12:25:08)
    Running from C:\Users\Jesus Christ Reigns\Documents\Stuff\Fixlistarchives\FRST-OlderVersion
    Windows 10 Home Version 1511 (X64) (2016-02-27 00:34:03)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1151840851-2588883232-3208457946-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1151840851-2588883232-3208457946-503 - Limited - Disabled)
    Guest (S-1-5-21-1151840851-2588883232-3208457946-501 - Limited - Disabled)
    Jesus Christ Reigns (S-1-5-21-1151840851-2588883232-3208457946-1001 - Administrator - Enabled) => C:\Users\Jesus Christ Reigns

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
    AVG (Version: 16.41.7442 - AVG Technologies) Hidden
    AVG 2016 (Version: 16.0.4537 - AVG Technologies) Hidden
    AVG PC TuneUp (HKLM-x32\...\AVG PC TuneUp) (Version: 16.22.1.58906 - AVG Technologies)
    AVG PC TuneUp (x32 Version: 16.22.3 - AVG Technologies) Hidden
    AVG Protection (HKLM\...\AVG) (Version: 2016.41.7442 - AVG Technologies)
    AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.2.6.552 - AVG Technologies)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    ELAN Touchpad 15.6.3.3_X64_WHQL (HKLM\...\Elantech) (Version: 15.6.3.3 - ELAN Microelectronic Corp.)
    FMW 1 (Version: 1.62.2 - AVG Technologies) Hidden
    HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
    IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 5.2.5.126 - IObit)
    iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2 - Mozilla)
    Pretty Good Solitaire version 15.1.0 (HKLM-x32\...\Pretty Good Solitaire_is1) (Version: 15.1.0 - Goodsol Development Inc.)
    QuickTime (HKLM-x32\...\{57752979-A1C9-4C02-856B-FBB27AC4E02C}) (Version: 7.69.80.9 - Apple Inc.)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7687 - Realtek Semiconductor Corp.)
    Tweaking.com - Windows Repair (HKLM-x32\...\Tweaking.com - Windows Repair) (Version: 3.8.2 - Tweaking.com)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1151840851-2588883232-3208457946-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-1151840851-2588883232-3208457946-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {45456E6C-60C8-47A9-9F57-187F586DF723} - System32\Tasks\Tweaking.com - Windows Repair Tray Icon => C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe [2015-03-11] (Tweaking.com)
    Task: {868D9670-2A41-46D2-8212-C3A580862189} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-27] (Microsoft Corporation)
    Task: {DA7F0B4D-BDC7-4375-A401-1229C6B89E30} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
    Task: {FAFA0D86-82BA-4DCE-B8A8-B6F5E66A4FA5} - System32\Tasks\{941D2DFD-FF11-4D26-BD70-3C302B1B8770} => pcalua.exe -a "C:\Program Files (x86)\iTunes\iTunes.exe" -d "C:\Users\Jesus Christ Reigns\Desktop"

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2015-12-03 09:30 - 2015-11-22 02:47 - 02653816 _____ () c:\windows\system32\CoreUIComponents.dll
    2016-02-27 13:25 - 2016-02-27 13:23 - 01215560 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
    2015-12-03 09:30 - 2015-11-22 02:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-03 09:30 - 2015-11-22 02:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2016-02-27 13:46 - 2016-02-27 13:47 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2015-12-18 08:13 - 2015-12-06 20:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2015-12-18 08:13 - 2015-12-06 20:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-01-12 10:28 - 2016-01-04 17:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-12 10:28 - 2016-01-04 17:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-01-27 11:09 - 2016-01-15 21:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-01-27 11:09 - 2016-01-15 21:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-02-26 16:43 - 2015-12-23 16:27 - 00629536 _____ () C:\Program Files (x86)\IObit\LiveUpdate\ProductStatistics.dll
    2016-02-27 13:46 - 2016-02-27 13:47 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-02-27 13:46 - 2016-02-27 13:47 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2016-02-26 16:43 - 2015-12-23 16:27 - 00355616 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madExcept_.bpl
    2016-02-26 16:43 - 2015-12-23 16:27 - 00190240 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madBasic_.bpl
    2016-02-26 16:43 - 2015-12-23 16:27 - 00057632 _____ () C:\Program Files (x86)\IObit\IObit Uninstaller\madDisAsm_.bpl
    2016-02-27 13:13 - 2015-04-07 05:34 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BFE => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MpsSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SharedAccess => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WSService => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\AppXSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\BITS => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\ClipSvc => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\msiserver => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SamSs => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srv2 => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\srvnet => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TweakingRemoveSafeBoot => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\vss => ""="Service"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\WSService => ""="Service"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2016-02-26 16:02 - 2016-02-27 11:24 - 00000855 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 localhost

    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jesus Christ Reigns\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
    DNS Servers: 216.228.160.4 - 216.228.160.3
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    MSCONFIG\startupreg: ETDCtrl =>
    HKLM\...\StartupApproved\Run: => "iTunesHelper"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKLM\...\StartupApproved\Run32: => "vProt"
    HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\...\StartupApproved\Run: => "OneDrive"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [{7C924DD7-4E3C-4F3D-9888-977414599B38}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{C1D5CA33-8BC7-478D-A4FE-16EB4C7A2909}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{01A315DF-2C38-4D00-84A9-4EF1FE6A2037}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{49F54691-33C2-4E85-A17D-905CBDD3DDFA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    FirewallRules: [{B5530ECD-58A4-4ABD-AB22-33C9D8EDEED5}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{99945F20-6D33-4F5A-9D9F-218CA6AE907E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
    FirewallRules: [{E0A510E6-D98A-4BED-BFA7-D99F162B1428}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{92186D22-3438-42C8-B30E-20AAA115D0DA}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
    FirewallRules: [{5C29149F-CF96-4494-B273-AA95EC6815E3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{DA50BA1E-4D93-43DD-992D-DFACCF009C8D}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
    FirewallRules: [{3BFAE7D3-F825-4249-B817-D8AE1A2E8DA1}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{39E90977-3592-4B2B-9CCE-EC441CE1B700}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{924E4C84-3F95-4B4C-9E77-303EF4AB274F}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{3CE4E793-D8CE-433A-A8C3-186C561962D4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{5119C7D9-B62B-4D9C-B8CC-458037E41761}] => (Allow) C:\Program Files\iTunes\iTunes.exe

    ==================== Restore Points =========================

    26-02-2016 16:52:24 JRT Pre-Junkware Removal
    27-02-2016 13:14:24 Installed AVG 2016
    27-02-2016 13:15:21 Installed AVG
    27-02-2016 14:30:18 Installed iTunes
    27-02-2016 14:38:10 Installed iTunes
    27-02-2016 15:37:55 Checkpoint by HitmanPro
    27-02-2016 15:39:35 Checkpoint by HitmanPro
    27-02-2016 15:47:54 JRT Pre-Junkware Removal
    27-02-2016 17:40:07 Installed iTunes
    28-02-2016 08:59:22 JRT Pre-Junkware Removal
    28-02-2016 09:05:57 JRT Pre-Junkware Removal
    28-02-2016 09:33:20 Installed iTunes

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/28/2016 09:58:15 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 4 seconds

    Error: (02/28/2016 09:58:12 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 3 seconds

    Error: (02/28/2016 09:58:11 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 3 seconds

    Error: (02/28/2016 09:58:10 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 3 seconds

    Error: (02/28/2016 09:58:00 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 4 seconds

    Error: (02/28/2016 09:57:58 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 4 seconds

    Error: (02/28/2016 09:57:55 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 4 seconds

    Error: (02/28/2016 09:57:52 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 4 seconds

    Error: (02/28/2016 09:57:50 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 5 seconds
     
  23. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    Error: (02/28/2016 09:57:46 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Excessive update rate for Jesus\032Christ\032Reigns’s\032Library._home-sharing._tcp.local.; delaying announcement by 4 seconds


    System errors:
    =============
    Error: (02/28/2016 10:41:27 AM) (Source: DCOM) (EventID: 10016) (User: PHILIPMOORE)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PhilipMooreJesus Christ ReignsS-1-5-21-1151840851-2588883232-3208457946-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

    Error: (02/28/2016 10:41:27 AM) (Source: DCOM) (EventID: 10016) (User: PHILIPMOORE)
    Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}PhilipMooreJesus Christ ReignsS-1-5-21-1151840851-2588883232-3208457946-1001LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742

    Error: (02/28/2016 09:55:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The User Data Access_2e4a0 service terminated unexpectedly. It has done this 7 time(s).

    Error: (02/28/2016 09:55:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The User Data Storage_2e4a0 service terminated unexpectedly. It has done this 7 time(s).

    Error: (02/28/2016 09:55:26 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Contact Data_2e4a0 service terminated unexpectedly. It has done this 7 time(s).

    Error: (02/28/2016 09:39:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The User Data Access_2e4a0 service terminated unexpectedly. It has done this 6 time(s).

    Error: (02/28/2016 09:39:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The User Data Storage_2e4a0 service terminated unexpectedly. It has done this 6 time(s).

    Error: (02/28/2016 09:39:51 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Contact Data_2e4a0 service terminated unexpectedly. It has done this 6 time(s).

    Error: (02/28/2016 09:39:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The User Data Access_2e4a0 service terminated unexpectedly. It has done this 5 time(s).

    Error: (02/28/2016 09:39:36 AM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The User Data Storage_2e4a0 service terminated unexpectedly. It has done this 5 time(s).


    CodeIntegrity:
    ===================================
    Date: 2016-02-28 12:25:55.406
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-28 12:25:55.329
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-28 09:33:51.492
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-28 09:32:48.857
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume3\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-28 09:07:37.139
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-28 09:07:37.124
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-28 09:07:31.711
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-28 09:07:31.695
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-28 09:00:41.669
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-02-28 09:00:41.652
    Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume3\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
    Percentage of memory in use: 66%
    Total physical RAM: 3977.7 MB
    Available physical RAM: 1345.2 MB
    Total Virtual: 5385.7 MB
    Available Virtual: 2532.21 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:464.38 GB) (Free:420.97 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: EC3041B2)

    Partition: GPT.

    ==================== End of Addition.txt ============================
     
  24. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-02-2016
    Ran by Jesus Christ Reigns (administrator) on PHILIPMOORE (28-02-2016 12:23:14)
    Running from C:\Users\Jesus Christ Reigns\Documents\Stuff\Fixlistarchives\FRST-OlderVersion
    Loaded Profiles: Jesus Christ Reigns (Available Profiles: Jesus Christ Reigns)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (Intel Corporation) C:\Windows\syswow64\IntelCpHeciSvc.exe
    () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
    (Intel Corporation) C:\Windows\System32\igfxCUIService.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
    (IObit) C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
    (ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Intel Corporation) C:\Windows\System32\igfxEM.exe
    (Intel Corporation) C:\Windows\System32\igfxHK.exe
    (Intel Corporation) C:\Windows\System32\igfxTray.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
    (IObit) C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallMonitor.exe
    (Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Windows Repair (All in One)\WR_Tray_Icon.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
    (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\distnoted.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
    (Microsoft Corporation) C:\Windows\System32\browser_broker.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe
    (AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesApp64.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16408320 1999-12-31] (Realtek Semiconductor)
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
    HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguirnx.exe [179624 2016-02-18] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3873704 2016-02-01] (AVG Technologies CZ, s.r.o.)
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2010-11-29] (Apple Inc.)
    HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\...\RunOnce: [Uninstall C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
    HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\...\RunOnce: [Uninstall C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.5892.0626] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jesus Christ Reigns\AppData\Local\Microsoft\OneDrive\17.3.5892.0626"
    HKU\S-1-5-21-1151840851-2588883232-3208457946-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\scrnsave.scr [31744 2015-10-29] (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 216.228.160.4 216.228.160.3
    Tcpip\..\Interfaces\{f63f147d-9902-4615-8b2f-0297621c110d}: [DhcpNameServer] 216.228.160.4 216.228.160.3

    Internet Explorer:
    ==================
    HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page =

    FireFox:
    ========
    FF ProfilePath: C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla\Firefox\Profiles\5c99sxj0.default
    FF Homepage: hxxp://www.google.com/
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [604144 2016-02-01] (AVG Technologies CZ, s.r.o.)
    R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3881184 2016-02-01] (AVG Technologies CZ, s.r.o.)
    R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1045928 2016-02-18] (AVG Technologies CZ, s.r.o.)
    R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [561104 2016-02-01] (AVG Technologies CZ, s.r.o.)
    R2 ETDService; C:\Program Files\Elantech\ETDService.exe [145624 2015-09-10] (ELAN Microelectronics Corp.)
    R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [319096 2016-01-13] (Intel Corporation)
    R2 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2945312 2016-01-15] (IObit)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 TuneUp.UtilitiesSvc; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesService64.exe [4364200 2016-02-15] (AVG Technologies CZ, s.r.o.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)
    R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1215560 2016-02-27] ()

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R3 athr; C:\Windows\System32\drivers\athw10x.sys [4322440 2015-08-14] (Qualcomm Atheros Communications, Inc.)
    S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [21632 2016-01-07] (AVG Technologies CZ, s.r.o.)
    R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [184240 2015-11-06] (AVG Technologies CZ, s.r.o.)
    R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [315312 2016-01-05] (AVG Technologies CZ, s.r.o.)
    R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [272304 2016-01-08] (AVG Technologies CZ, s.r.o.)
    R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
    R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
    R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [260528 2016-01-22] (AVG Technologies CZ, s.r.o.)
    R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-12-04] (AVG Technologies CZ, s.r.o.)
    R0 Avguniva; C:\Windows\System32\DRIVERS\avguniva.sys [23472 2016-01-08] (AVG Technologies CZ, s.r.o.)
    R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [315840 2015-12-16] (AVG Technologies CZ, s.r.o.)
    R3 iaioi2c; C:\Windows\System32\drivers\iaioi2ce.sys [83576 2015-09-24] (Intel Corporation)
    S3 IntcAudioBus; C:\Windows\System32\drivers\IntcAudioBus.sys [196904 1999-12-31] (Intel(R) Corporation)
    S3 IntcOED; C:\Windows\System32\drivers\IntcOED.sys [613672 1999-12-31] (Intel(R) Corporation)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R0 MBI; C:\Windows\System32\drivers\MBI.sys [41464 2015-09-24] (Intel(R) Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [888064 1999-12-31] (Realtek )
    R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 1999-12-31] (Synaptics Incorporated)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [24688 2016-02-28] ()
    R3 TuneUpUtilitiesDrv; C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [32304 2016-02-15] (AVG Netherlands B.V.)
    R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
    S3 WinRing0_1_2_0; C:\Windows_Repair_Toolbox\Windows_Repair_Toolbox.sys [14544 2016-02-28] (OpenLibSys.org)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== Three Months Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2022-03-25 02:48 - 2022-03-25 02:48 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC1.dat
    2022-03-25 02:48 - 2022-03-25 02:48 - 00000852 _____ C:\WINDOWS\system32\Drivers\RTKHDRC0.dat
    2022-03-25 01:22 - 2022-03-25 01:22 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTEQEX1.dat
    2022-03-25 01:22 - 2022-03-25 01:22 - 00000712 _____ C:\WINDOWS\system32\Drivers\RTEQEX0.dat
    2016-02-28 11:41 - 2016-02-15 10:36 - 00045992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
    2016-02-28 11:41 - 2016-02-15 10:30 - 00037288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\authuitu.dll
    2016-02-28 11:41 - 2016-02-15 10:30 - 00032680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\authuitu.dll
    2016-02-28 11:40 - 2016-02-28 11:40 - 00002212 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
    2016-02-28 11:40 - 2016-02-28 11:40 - 00002200 _____ C:\Users\Public\Desktop\AVG PC TuneUp.lnk
    2016-02-28 11:37 - 2016-02-28 11:38 - 02944584 _____ (AVG Technologies CZ, s.r.o.) C:\Users\Jesus Christ Reigns\Downloads\AVG_PCTuneUp_877 (1).exe
    2016-02-28 10:16 - 2016-02-28 10:16 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2016-02-28 09:40 - 2016-02-28 09:40 - 00076112 ____H C:\WINDOWS\system32\mlfcache.dat
    2016-02-28 09:35 - 2016-02-28 09:35 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
    2016-02-28 09:35 - 2016-02-28 09:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
    2016-02-28 09:35 - 2016-02-28 09:35 - 00000000 ____D C:\Program Files\iPod
    2016-02-28 09:35 - 2016-02-28 09:35 - 00000000 ____D C:\Program Files (x86)\iTunes
    2016-02-28 09:34 - 2016-02-28 09:35 - 00000000 ____D C:\Program Files\iTunes
    2016-02-28 09:33 - 2016-02-28 09:33 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
    2016-02-28 09:33 - 2016-02-28 09:33 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2016-02-28 09:32 - 2016-02-28 09:32 - 00000000 ____D C:\Program Files\Bonjour
    2016-02-28 09:32 - 2016-02-28 09:32 - 00000000 ____D C:\Program Files (x86)\Bonjour
    2016-02-28 09:28 - 2016-02-28 09:28 - 00000000 ____D C:\ProgramData\{93E26451-CD9A-43A5-A2FA-C42392EA4001}
    2016-02-28 09:25 - 2016-02-28 09:25 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\ProductData
    2016-02-28 09:25 - 2016-02-28 09:25 - 00000000 ____D C:\ProgramData\ProductData
    2016-02-28 09:07 - 2016-02-28 09:07 - 00000719 _____ C:\Users\Jesus Christ Reigns\Desktop\JRT.txt
    2016-02-28 08:58 - 2016-02-28 08:59 - 01609216 _____ (Malwarebytes) C:\Users\Jesus Christ Reigns\Downloads\JRT(1).exe
    2016-02-28 08:50 - 2016-02-28 09:55 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\CrashDumps
    2016-02-28 08:47 - 2016-02-28 08:47 - 00000745 _____ C:\Users\Jesus Christ Reigns\Desktop\dailyprotection.txt
    2016-02-28 08:46 - 2016-02-28 08:46 - 00001053 _____ C:\Users\Jesus Christ Reigns\Desktop\mbam.txt
    2016-02-28 08:24 - 2016-02-28 08:25 - 01518592 _____ C:\Users\Jesus Christ Reigns\Downloads\adwcleaner_5.037.exe
    2016-02-28 08:17 - 2016-02-28 08:17 - 00231803 _____ C:\Users\Jesus Christ Reigns\Desktop\BURGER&FRIES.htm
    2016-02-28 08:17 - 2016-02-28 08:17 - 00000000 ____D C:\Users\Jesus Christ Reigns\Desktop\BURGER&FRIES_files
    2016-02-28 08:15 - 2016-02-28 08:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-02-28 08:15 - 2016-02-28 08:15 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-02-28 08:15 - 2016-02-28 08:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-02-28 08:15 - 2016-02-28 08:15 - 00000000 ____D C:\ProgramData\Malwarebytes
    2016-02-28 08:15 - 2016-02-28 08:15 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-02-28 08:15 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2016-02-28 08:15 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2016-02-28 08:15 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2016-02-28 08:10 - 2016-02-28 08:10 - 00007224 _____ C:\Users\Jesus Christ Reigns\Desktop\rk.txt
    2016-02-28 08:09 - 2016-02-28 08:09 - 00010500 _____ C:\Users\Jesus Christ Reigns\Desktop\BURGER.txt
    2016-02-28 07:47 - 2016-02-28 08:13 - 00000000 ____D C:\ProgramData\RogueKiller
    2016-02-28 07:47 - 2016-02-28 07:47 - 20959304 _____ C:\Users\Jesus Christ Reigns\Downloads\RogueKiller.exe
    2016-02-28 07:47 - 2016-02-28 07:47 - 00024688 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2016-02-27 17:42 - 2016-02-27 17:42 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Apple Computer
    2016-02-27 17:40 - 2016-02-28 09:33 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2016-02-27 17:39 - 2016-02-28 09:34 - 00000000 ____D C:\Program Files\Common Files\Apple
    2016-02-27 17:04 - 2016-02-27 17:04 - 00001064 _____ C:\Users\Jesus Christ Reigns\Desktop\Pretty Good Solitaire.lnk
    2016-02-27 17:04 - 2016-02-27 17:04 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\Goodsol
    2016-02-27 17:04 - 2016-02-27 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pretty Good Solitaire
    2016-02-27 17:04 - 2016-02-27 17:04 - 00000000 ____D C:\Program Files (x86)\goodsol
    2016-02-27 17:04 - 2000-05-22 15:58 - 01066176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mscomctl.ocx
    2016-02-27 17:04 - 2000-05-22 15:58 - 00244416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msflxgrd.ocx
    2016-02-27 17:04 - 2000-05-22 15:58 - 00140488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.ocx
    2016-02-27 15:47 - 2016-02-27 15:47 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Alexandre_Miguel_Canotilh
    2016-02-27 15:43 - 2016-02-27 15:43 - 00000000 ___HD C:\OneDriveTemp
    2016-02-27 15:06 - 2016-02-27 15:06 - 00049584 _____ C:\WINDOWS\system32\Drivers\hitmanpro37.sys
    2016-02-27 15:06 - 2016-02-27 15:06 - 00001966 _____ C:\Users\Public\Desktop\HitmanPro.lnk
    2016-02-27 15:06 - 2016-02-27 15:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HitmanPro
    2016-02-27 15:06 - 2016-02-27 15:06 - 00000000 ____D C:\Program Files\HitmanPro
    2016-02-27 15:05 - 2016-02-27 15:41 - 00000000 ____D C:\ProgramData\HitmanPro
    2016-02-27 14:45 - 2016-02-27 14:45 - 00003348 _____ C:\WINDOWS\System32\Tasks\{941D2DFD-FF11-4D26-BD70-3C302B1B8770}
    2016-02-27 14:40 - 2009-05-18 13:17 - 00034152 _____ (GEAR Software Inc.) C:\WINDOWS\system32\Drivers\GEARAspiWDM.sys
    2016-02-27 14:40 - 2008-04-17 12:12 - 00126312 _____ (GEAR Software Inc.) C:\WINDOWS\system32\GEARAspi64.dll
    2016-02-27 14:40 - 2008-04-17 12:12 - 00107368 _____ (GEAR Software Inc.) C:\WINDOWS\SysWOW64\GEARAspi.dll
    2016-02-27 14:37 - 2016-02-28 10:58 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\Apple Computer
    2016-02-27 14:37 - 2016-02-28 09:34 - 00000000 ____D C:\ProgramData\Apple Computer
    2016-02-27 14:37 - 2016-02-27 14:37 - 00001914 _____ C:\Users\Public\Desktop\QuickTime Player.lnk
    2016-02-27 14:37 - 2016-02-27 14:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2016-02-27 14:37 - 2016-02-27 14:37 - 00000000 ____D C:\Program Files (x86)\QuickTime
    2016-02-27 14:36 - 2016-02-27 14:36 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\LocalLow\Apple Computer
    2016-02-27 14:35 - 2016-02-27 14:36 - 81614632 _____ (Apple Inc.) C:\Users\Jesus Christ Reigns\Downloads\iTunes64Setup.exe
    2016-02-27 14:28 - 2016-02-28 09:31 - 00000000 ____D C:\ProgramData\Apple
    2016-02-27 13:26 - 2016-02-27 13:26 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\AVG Web TuneUp
    2016-02-27 13:25 - 2016-02-27 13:26 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
    2016-02-27 13:25 - 2016-02-27 13:25 - 00000000 ____D C:\Program Files\AVG Web TuneUp
    2016-02-27 13:25 - 2016-02-27 13:25 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
    2016-02-27 13:17 - 2016-02-27 13:17 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\AVG
    2016-02-27 13:16 - 2016-02-27 13:16 - 00001009 _____ C:\Users\Public\Desktop\AVG Protection.lnk
    2016-02-27 13:16 - 2016-02-27 13:16 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\TuneUp Software
    2016-02-27 13:16 - 2016-02-27 13:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
    2016-02-27 13:14 - 2016-02-28 07:13 - 00000000 ____D C:\ProgramData\MFAData
    2016-02-27 13:14 - 2016-02-27 13:14 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\MFAData
    2016-02-27 13:13 - 2016-02-28 11:40 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\AvgSetupLog
    2016-02-27 13:13 - 2016-02-28 11:40 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Avg
    2016-02-27 13:13 - 2016-02-28 11:40 - 00000000 ____D C:\ProgramData\Avg
    2016-02-27 13:13 - 2016-02-28 11:40 - 00000000 ____D C:\Program Files (x86)\AVG
    2016-02-27 13:08 - 2016-02-27 13:08 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
    2016-02-27 11:16 - 2016-02-27 11:16 - 00879220 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
    2016-02-27 10:46 - 2016-02-27 10:46 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-PHILIPMOORE-Windows-10-Home-(64-bit).dat
    2016-02-27 10:42 - 2016-02-27 11:24 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
    2016-02-27 10:39 - 2016-02-27 10:39 - 00003802 _____ C:\WINDOWS\System32\Tasks\Tweaking.com - Windows Repair Tray Icon
    2016-02-27 10:39 - 2016-02-27 10:39 - 00002236 _____ C:\Users\Jesus Christ Reigns\Desktop\Tweaking.com - Windows Repair.lnk
    2016-02-27 10:39 - 2016-02-27 10:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-02-27 10:38 - 2016-02-27 10:39 - 00183515 _____ C:\WINDOWS\Tweaking.com - Windows Repair Setup Log.txt
    2016-02-27 10:38 - 2016-02-27 10:38 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2016-02-27 09:19 - 2016-02-27 14:30 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Apple
    2016-02-27 09:11 - 2016-02-27 13:26 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-02-27 09:11 - 2016-02-27 09:18 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Mozilla
     
  25. PhilipMoore62

    PhilipMoore62 TS Booster Topic Starter Posts: 303

    2016-02-27 09:11 - 2016-02-27 09:12 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\Mozilla
    2016-02-27 09:11 - 2016-02-27 09:11 - 00001232 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-02-27 09:11 - 2016-02-27 09:11 - 00001220 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk
    2016-02-27 09:11 - 2016-02-27 09:11 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
    2016-02-27 08:22 - 2016-02-27 08:22 - 00000000 ____D C:\Users\Jesus Christ Reigns\Downloads\ProcessExplorer (1)
    2016-02-27 08:21 - 2016-02-27 08:21 - 00000000 _____ C:\Users\Jesus Christ Reigns\Downloads\ProcessExplorer_zip.ocw77h4.partial
    2016-02-27 06:45 - 2015-12-08 19:39 - 00301728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2016-02-27 06:41 - 2016-02-27 06:44 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-02-27 06:41 - 2016-02-27 06:41 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-02-26 17:14 - 2016-02-27 07:42 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\ElevatedDiagnostics
    2016-02-26 16:45 - 2016-02-26 16:45 - 00000000 ____D C:\WINDOWS\Tasks\ImCleanDisabled
    2016-02-26 16:43 - 2016-02-26 17:50 - 00000000 ____D C:\ProgramData\IObit
    2016-02-26 16:43 - 2016-02-26 17:08 - 00000000 ____D C:\Program Files (x86)\IObit
    2016-02-26 16:43 - 2016-02-26 16:45 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\IObit
    2016-02-26 16:43 - 2016-02-26 16:43 - 00001431 _____ C:\Users\Public\Desktop\IObit Uninstaller.lnk
    2016-02-26 16:43 - 2016-02-26 16:43 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\IObit
    2016-02-26 16:43 - 2016-02-26 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IObit Uninstaller
    2016-02-26 16:42 - 2016-02-26 16:42 - 00002409 _____ C:\Users\Jesus Christ Reigns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-02-26 16:41 - 2016-02-26 16:43 - 12887328 _____ (IObit) C:\Users\Jesus Christ Reigns\Downloads\iobituninstaller (1).exe
    2016-02-26 16:41 - 2016-02-26 16:41 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\Macromedia
    2016-02-26 16:40 - 2016-02-26 16:48 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\MicrosoftEdge
    2016-02-26 16:38 - 2016-02-26 16:38 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Comms
    2016-02-26 16:37 - 2016-02-28 08:56 - 00814664 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-02-26 16:37 - 2016-02-26 16:37 - 00001333 _____ C:\Users\Jesus Christ Reigns\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\HD Audio Manager.lnk
    2016-02-26 16:37 - 2016-02-26 16:37 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\ActiveSync
    2016-02-26 16:37 - 2016-02-26 16:37 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
    2016-02-26 16:35 - 2016-02-26 16:35 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Publishers
    2016-02-26 16:34 - 2016-02-28 11:59 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\VirtualStore
    2016-02-26 16:34 - 2016-02-26 17:11 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\Packages
    2016-02-26 16:34 - 2016-02-26 16:34 - 00000020 ___SH C:\Users\Jesus Christ Reigns\ntuser.ini
    2016-02-26 16:34 - 2016-02-26 16:34 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Roaming\Adobe
    2016-02-26 16:34 - 2016-02-26 16:34 - 00000000 ____D C:\Users\Jesus Christ Reigns\AppData\Local\TileDataLayer
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default\My Documents
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default\Documents\My Music
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\Default User
    2016-02-26 16:33 - 2016-02-26 16:33 - 00000000 _SHDL C:\Users\All Users
    2016-02-26 16:31 - 2016-02-27 08:28 - 00000000 ____D C:\Users\Jesus Christ Reigns
    2016-02-26 16:31 - 2016-02-26 16:31 - 00000000 _SHDL C:\Users\Jesus Christ Reigns\My Documents
    2016-02-26 16:31 - 2016-02-26 16:31 - 00000000 _SHDL C:\Users\Jesus Christ Reigns\Documents\My Videos
    2016-02-26 16:31 - 2016-02-26 16:31 - 00000000 _SHDL C:\Users\Jesus Christ Reigns\Documents\My Pictures
    2016-02-26 16:31 - 2016-02-26 16:31 - 00000000 _SHDL C:\Users\Jesus Christ Reigns\Documents\My Music
    2016-02-26 16:24 - 2016-02-26 16:24 - 00000000 ____D C:\Program Files\Common Files\Atheros
    2016-02-26 16:23 - 2016-02-26 16:23 - 01226515 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
    2016-02-26 16:23 - 2016-02-26 16:23 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2016-02-26 16:23 - 2016-02-26 16:23 - 00000000 ____D C:\WINDOWS\system32\DAX2
    2016-02-26 16:23 - 2016-02-26 16:23 - 00000000 ____D C:\Program Files\Realtek
    2016-02-26 16:23 - 2016-02-26 16:23 - 00000000 ____D C:\Program Files\Intel
    2016-02-26 16:23 - 2015-12-21 11:39 - 00064000 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
    2016-02-26 16:23 - 2015-12-21 11:39 - 00060416 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
    2016-02-26 16:22 - 2016-02-26 16:22 - 00000000 ____D C:\ProgramData\USOShared
    2016-02-26 16:22 - 2016-02-26 16:22 - 00000000 ____D C:\Program Files\Synaptics
    2016-02-26 16:22 - 2016-02-26 16:22 - 00000000 _____ C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
    2016-02-26 16:22 - 2016-02-26 16:22 - 00000000 _____ C:\WINDOWS\system32\Drivers\Msft_Kernel_ETD_01011.Wdf
    2016-02-26 16:22 - 2015-10-29 23:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2016-02-26 16:19 - 2016-02-28 09:24 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-02-26 16:18 - 2016-02-27 11:34 - 00189240 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-02-26 16:17 - 2016-02-26 16:34 - 00000000 ___DC C:\WINDOWS\Panther
    2016-02-26 16:17 - 2016-02-26 16:17 - 00000000 ____D C:\WINDOWS\InfusedApps
    2016-02-26 16:16 - 2016-02-27 15:23 - 00000000 ____D C:\Windows.old
    2016-02-26 16:16 - 2016-02-26 16:18 - 00000000 ____D C:\WINDOWS\ServiceProfiles
    2016-02-26 16:16 - 2016-02-26 16:16 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
    2016-02-26 16:14 - 2016-02-26 16:22 - 00000000 ____D C:\Program Files\Elantech
    2016-02-26 16:12 - 2016-02-26 16:12 - 00000000 ____D C:\WINDOWS\Setup
    2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\WINDOWS\OCR
    2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\Program Files\Reference Assemblies
    2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\Program Files\MSBuild
    2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2016-02-26 16:11 - 2016-02-26 16:11 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\winrm
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\WCN
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\slmgr
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
    2016-02-26 16:09 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\DigitalLocker
    2016-02-26 16:04 - 2016-02-03 11:01 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-02-26 16:04 - 2016-02-03 11:01 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-26 16:02 - 2016-02-26 16:17 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2016-02-26 16:02 - 2016-02-26 15:57 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
    2016-02-26 16:02 - 2016-02-26 15:57 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
    2016-02-26 16:02 - 2016-02-26 15:57 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
    2016-02-26 16:02 - 2016-02-26 15:57 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
    2016-02-26 16:02 - 2016-02-26 15:57 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
    2016-02-26 16:02 - 2016-02-26 15:57 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
    2016-02-26 16:02 - 2016-02-26 15:57 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
    2016-02-26 16:02 - 2016-02-26 15:57 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_213
    2016-02-26 16:02 - 2016-02-26 15:57 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
    2016-02-26 16:02 - 2016-02-26 15:57 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
    2016-02-26 16:01 - 2016-02-28 10:06 - 00000000 ____D C:\Program Files\WindowsApps
    2016-02-26 16:01 - 2016-02-28 08:13 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-02-26 16:01 - 2016-02-28 07:13 - 00000000 ____D C:\WINDOWS\appcompat
    2016-02-26 16:01 - 2016-02-27 13:16 - 00000000 ____D C:\WINDOWS\ELAMBKUP
    2016-02-26 16:01 - 2016-02-27 09:32 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\Dism
    2016-02-26 16:01 - 2016-02-27 06:51 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ____D C:\WINDOWS\Provisioning
    2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-02-26 16:01 - 2016-02-27 06:50 - 00000000 ____D C:\Program Files\Windows Journal
    2016-02-26 16:01 - 2016-02-26 16:52 - 00000000 ___RD C:\WINDOWS\DevicesFlow
    2016-02-26 16:01 - 2016-02-26 16:37 - 00000000 ____D C:\WINDOWS\rescache
    2016-02-26 16:01 - 2016-02-26 16:35 - 00000000 ___RD C:\WINDOWS\PrintDialog
    2016-02-26 16:01 - 2016-02-26 16:35 - 00000000 ___RD C:\WINDOWS\MiracastView
    2016-02-26 16:01 - 2016-02-26 16:32 - 00000000 ___RD C:\Users\Public\Libraries
    2016-02-26 16:01 - 2016-02-26 16:32 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2016-02-26 16:01 - 2016-02-26 16:28 - 00000000 ____D C:\WINDOWS\system32\spool
    2016-02-26 16:01 - 2016-02-26 16:28 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
    2016-02-26 16:01 - 2016-02-26 16:27 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2016-02-26 16:01 - 2016-02-26 16:22 - 00000000 ____D C:\ProgramData\USOPrivate
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ___SD C:\WINDOWS\system32\dsc
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\setup
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\MUI
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\migwiz
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\system32\Com
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\IME
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\WINDOWS\Help
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files\Windows Defender
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files\Common Files\System
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2016-02-26 16:01 - 2016-02-26 16:09 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ___SD C:\WINDOWS\system32\Nui
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\MailContactsCalendarSync
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\MsDtc
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\icsxml
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\ias
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\downlevel
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\Bthprops
    2016-02-26 16:01 - 2016-02-26 16:02 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 __SHD C:\Program Files\Windows Sidebar
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 __RSD C:\WINDOWS\Media
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___SD C:\WINDOWS\system32\Configuration
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Web
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Vss
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\tracing
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\TAPI
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicyUsers
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SystemResources
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SystemApps
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\winevt
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\ras
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\PointOfService
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\Ipmi
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\InputMethod
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\inetsrv
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\IME
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\GroupPolicyUsers
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\config\Journal
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\system32\AppLocker
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\System
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SKB
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\ShellNew
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\security
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\schemas
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\SchCache
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Resources
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Registration
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\PLA
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Performance
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\ModemLogs
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\L2Schemas
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\InputMethod
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Globalization
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Cursors
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\Branding
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\WINDOWS\addins
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\ProgramData\Comms
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files\Windows Portable Devices
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files\Windows NT
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files\Common Files\Services
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files (x86)\Windows NT
    2016-02-26 16:01 - 2016-02-26 16:01 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
    2016-02-26 16:01 - 2016-02-26 15:57 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
    2016-02-26 16:01 - 2016-02-26 15:57 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
    2016-02-26 16:01 - 2016-02-26 15:57 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2016-02-26 16:01 - 2016-02-26 15:57 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
    2016-02-26 16:01 - 2016-02-26 15:57 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
    2016-02-26 16:01 - 2016-02-26 15:57 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
    2016-02-26 16:01 - 2016-02-26 15:57 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
    2016-02-26 16:01 - 2016-02-26 15:57 - 00000389 _____ C:\WINDOWS\system32\AutoWorkplace.exe.config
    2016-02-26 16:01 - 2016-02-26 15:57 - 00000219 _____ C:\WINDOWS\system.ini
    2016-02-26 16:01 - 2016-02-26 15:57 - 00000092 _____ C:\WINDOWS\win.ini
    2016-02-26 15:59 - 2016-02-28 10:16 - 00000000 ____D C:\WINDOWS\INF
    2016-02-26 15:47 - 2016-02-27 06:45 - 00000000 ____D C:\WINDOWS\CbsTemp
     

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...