TechSpot

Just checking for malware

By mrtraver
Dec 19, 2015
  1. A relative fell for the "Windows Tech Support" scam on Dec 11 and let them into her PC. I already uninstalled teamviewer (which I had previously installed so I could remotely work on her PC), and Avast, MalwareBytes AntiMalware, and SuperAntiSpyware did not find anything, but thought I should check in here as well. She does not use the PC for banking or anything like that; mainly just for personal email and facebook, so if possible I would prefer not to back up everything and reformat/reinstall. FRST logs to follow. Thanks!
     
    Last edited: Dec 19, 2015
  2. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +44

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:19-12-2015
    Ran by Alison (administrator) on ALISON-PC (19-12-2015 16:13:56)
    Running from C:\Users\Alison\Desktop
    Loaded Profiles: Alison & DefaultAppPool (Available Profiles: Alison & DefaultAppPool)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
    (SUPERAntiSpyware) C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
    (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5036144 2012-02-22] (VIA)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-19] (AVAST Software)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-01-27] ()
    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\...\Run: [GoogleChromeAutoLaunch_545A0C3BA033BA434B3702030390E77C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)
    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-12-01] (SUPERAntiSpyware)
    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\...\MountPoints2: {fce783f1-e447-11e1-9e42-806e6f6e6963} - "D:\Autorun.exe"
    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\PhotoScreenSaver.scr [583680 2015-10-30] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Alison\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-19] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Alison\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-19] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Alison\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-19] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-19] (AVAST Software)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Alison\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-19] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Alison\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-19] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Alison\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-19] (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
    Tcpip\..\Interfaces\{15283200-8c8e-46b7-a373-75e5eedee3a0}: [DhcpNameServer] 192.168.0.1 205.171.2.226
    Tcpip\..\Interfaces\{f1c90905-4378-4093-9605-5bbb1b0bf7a9}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    URLSearchHook: [S-1-5-82-3006700770-424185619-1745488364-794895919-4004696415_classes] ATTENTION => Default URLSearchHook is missing
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1324035087-4291948591-2733856161-1000 -> {FBA5760E-9A26-4467-9F8B-6FA5E005B933} URL = hxxp://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-27] (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-30] (AVAST Software)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-27] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-30] (AVAST Software)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKU\S-1-5-21-1324035087-4291948591-2733856161-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-27] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-27] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2012-04-14] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-21] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-19]
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-19]

    Chrome:
    =======
    CHR HomePage: Default -> hxxps://www.yahoo.com?fr=hp-avast&type=odc089
    CHR StartupUrls: Default -> "hxxps://www.yahoo.com?fr=hp-avast&type=odc089"
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
    CHR Profile: C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
    CHR Extension: (Google Drive) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-11]
    CHR Extension: (YouTube) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
    CHR Extension: (Google Search) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
    CHR Extension: (Google Docs Offline) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-28]
    CHR Extension: (Avast Online Security) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-11]
    CHR Extension: (Pin It Button) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-10-07]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-12]
    CHR Extension: (Gmail) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-30]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-19] (AVAST Software)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
    U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-19] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-19] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-19] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-19] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-19] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-19] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-19] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-19] (AVAST Software)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 SaiH8000; C:\Windows\system32\DRIVERS\SaiH8000.sys [178560 2008-04-04] (Saitek)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    U3 idsvc; no ImagePath
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    U3 wpcsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
     
  3. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +44

    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-19 16:13 - 2015-12-19 16:14 - 00016555 _____ C:\Users\Alison\Desktop\FRST.txt
    2015-12-19 14:33 - 2015-12-19 14:33 - 00000000 ____D C:\Users\Alison\AppData\Roaming\SUPERAntiSpyware.com
    2015-12-19 14:33 - 2015-12-19 14:33 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2015-12-19 14:33 - 2015-12-19 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-12-19 14:33 - 2015-12-19 14:33 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-12-19 14:32 - 2015-12-19 14:32 - 24209320 _____ (SUPERAntiSpyware) C:\Users\Alison\Downloads\SUPERAntiSpyware.exe
    2015-12-19 13:58 - 2015-12-19 13:58 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-12-19 13:57 - 2015-12-19 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-12-19 13:57 - 2015-12-19 13:57 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-12-19 13:57 - 2015-12-19 13:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-12-19 13:57 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-12-19 13:57 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-12-19 13:57 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-12-19 13:56 - 2015-12-19 13:57 - 22908888 _____ (Malwarebytes ) C:\Users\Alison\Downloads\mbam-setup-2.2.0.1024.exe
    2015-12-19 13:53 - 2015-12-19 13:53 - 00008146 _____ C:\Users\Alison\Desktop\alison install.txt
    2015-12-19 13:46 - 2015-12-19 13:47 - 00335368 _____ C:\Users\Alison\Documents\cc_20151219_134643.reg
    2015-12-19 13:18 - 2015-12-19 13:18 - 00002860 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2015-12-19 13:18 - 2015-12-19 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-12-19 13:18 - 2015-12-19 13:18 - 00000000 ____D C:\Program Files\CCleaner
    2015-12-19 13:17 - 2015-12-19 13:17 - 06801752 _____ (Piriform Ltd) C:\Users\Alison\Downloads\ccsetup512.exe
    2015-12-19 13:11 - 2015-12-19 12:42 - 02370048 _____ (Farbar) C:\Users\Alison\Desktop\FRST64.exe
    2015-12-19 12:43 - 2015-12-19 16:13 - 00000000 ____D C:\FRST
    2015-12-19 12:31 - 2015-12-19 12:31 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
    2015-12-19 12:31 - 2015-12-19 12:31 - 00000000 ___RD C:\Program Files (x86)\Skype
    2015-12-19 12:31 - 2015-12-19 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-12-19 12:24 - 2015-12-19 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2015-12-19 12:24 - 2015-12-19 12:24 - 00000000 ____D C:\Program Files\7-Zip
    2015-12-19 12:10 - 2015-12-19 12:10 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2015-12-19 12:10 - 2015-12-19 12:10 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2015-12-19 12:05 - 2015-12-06 21:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-12-19 12:04 - 2015-12-06 22:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2015-12-19 12:04 - 2015-12-06 22:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2015-12-19 12:04 - 2015-12-06 22:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2015-12-19 12:04 - 2015-12-06 22:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2015-12-19 12:04 - 2015-12-06 22:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2015-12-19 12:04 - 2015-12-06 22:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-12-19 12:04 - 2015-12-06 22:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-12-19 12:04 - 2015-12-06 22:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2015-12-19 12:04 - 2015-12-06 22:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2015-12-19 12:04 - 2015-12-06 22:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2015-12-19 12:04 - 2015-12-06 22:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2015-12-19 12:04 - 2015-12-06 21:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-12-19 12:04 - 2015-12-06 21:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2015-12-19 12:04 - 2015-12-06 21:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
    2015-12-19 12:04 - 2015-12-06 21:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2015-12-19 12:04 - 2015-12-06 21:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2015-12-19 12:04 - 2015-12-06 21:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
    2015-12-19 12:04 - 2015-12-06 21:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2015-12-19 12:04 - 2015-12-06 21:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2015-12-19 12:04 - 2015-12-06 21:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2015-12-19 12:04 - 2015-12-06 21:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2015-12-19 12:04 - 2015-12-06 21:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
    2015-12-19 12:03 - 2015-12-06 22:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
    2015-12-19 12:03 - 2015-12-06 22:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2015-12-19 12:03 - 2015-12-06 22:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2015-12-19 12:03 - 2015-12-06 22:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
    2015-12-19 12:03 - 2015-12-06 22:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
    2015-12-19 12:03 - 2015-12-06 22:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
    2015-12-19 12:03 - 2015-12-06 22:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
    2015-12-19 12:03 - 2015-12-06 22:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
    2015-12-19 12:03 - 2015-12-06 22:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
    2015-12-19 12:03 - 2015-12-06 22:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
    2015-12-19 12:03 - 2015-12-06 22:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
    2015-12-19 12:03 - 2015-12-06 22:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
    2015-12-19 12:03 - 2015-12-06 22:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2015-12-19 12:03 - 2015-12-06 22:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2015-12-19 12:03 - 2015-12-06 22:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
    2015-12-19 12:03 - 2015-12-06 22:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2015-12-19 12:03 - 2015-12-06 22:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
    2015-12-19 12:03 - 2015-12-06 22:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2015-12-19 12:03 - 2015-12-06 22:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2015-12-19 12:03 - 2015-12-06 22:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2015-12-19 12:03 - 2015-12-06 22:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
    2015-12-19 12:03 - 2015-12-06 22:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2015-12-19 12:03 - 2015-12-06 22:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
    2015-12-19 12:03 - 2015-12-06 22:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2015-12-19 12:03 - 2015-12-06 22:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2015-12-19 12:03 - 2015-12-06 21:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2015-12-19 12:03 - 2015-12-06 21:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2015-12-19 12:03 - 2015-12-06 21:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2015-12-19 12:03 - 2015-12-06 21:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
    2015-12-19 12:03 - 2015-12-06 21:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2015-12-19 12:03 - 2015-12-06 21:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2015-12-19 12:03 - 2015-12-06 21:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
    2015-12-19 12:03 - 2015-12-06 21:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
    2015-12-19 12:03 - 2015-12-06 21:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2015-12-19 12:03 - 2015-12-06 21:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
    2015-12-19 12:03 - 2015-12-06 21:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2015-12-19 12:03 - 2015-12-06 21:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2015-12-19 12:03 - 2015-12-06 21:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2015-12-19 12:03 - 2015-12-06 21:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
    2015-12-19 12:03 - 2015-12-06 21:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
    2015-12-19 12:03 - 2015-12-06 21:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2015-12-19 12:03 - 2015-12-06 21:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
    2015-12-19 12:03 - 2015-12-06 21:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2015-12-19 12:03 - 2015-12-06 21:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
    2015-12-19 12:03 - 2015-12-06 21:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
    2015-12-19 12:03 - 2015-12-06 21:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2015-12-19 12:03 - 2015-12-06 21:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2015-12-19 12:03 - 2015-12-06 21:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
    2015-12-19 12:03 - 2015-12-06 21:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
    2015-12-19 12:03 - 2015-12-06 21:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
    2015-12-19 10:47 - 2015-12-19 10:47 - 00000000 ____D C:\Users\Alison\AppData\Local\NetworkTiles
    2015-12-11 11:38 - 2015-12-11 11:38 - 00000000 ____D C:\$SysReset
    2015-12-09 06:17 - 2015-12-01 01:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2015-12-09 06:17 - 2015-11-24 06:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2015-12-09 06:17 - 2015-11-24 05:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2015-12-09 06:17 - 2015-11-24 04:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2015-12-09 06:17 - 2015-11-24 04:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2015-12-09 06:17 - 2015-11-24 03:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
    2015-12-09 06:17 - 2015-11-24 03:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-12-09 06:17 - 2015-11-24 03:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
    2015-12-09 06:17 - 2015-11-24 03:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
    2015-12-09 06:17 - 2015-11-24 03:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2015-12-09 06:17 - 2015-11-24 03:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
    2015-12-09 06:17 - 2015-11-24 03:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
    2015-12-09 06:17 - 2015-11-24 02:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-12-09 06:17 - 2015-11-24 02:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2015-12-09 06:17 - 2015-11-24 02:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2015-12-09 06:17 - 2015-11-24 02:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2015-12-09 06:17 - 2015-11-24 02:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
    2015-12-09 06:17 - 2015-11-24 02:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
    2015-12-09 06:17 - 2015-11-24 02:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-12-09 06:17 - 2015-11-24 01:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2015-12-09 06:17 - 2015-11-24 01:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
    2015-12-09 06:17 - 2015-11-24 01:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2015-12-09 06:17 - 2015-11-24 01:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2015-12-09 06:17 - 2015-11-24 01:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-12-09 06:17 - 2015-11-24 01:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2015-12-09 06:17 - 2015-11-24 01:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-12-09 06:17 - 2015-11-24 01:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2015-12-07 06:18 - 2015-12-07 06:19 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2015-12-02 17:11 - 2015-11-22 04:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2015-12-02 17:11 - 2015-11-22 04:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-02 17:11 - 2015-11-22 04:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2015-12-02 17:11 - 2015-11-22 03:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
    2015-12-02 17:11 - 2015-11-22 03:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
    2015-12-02 17:11 - 2015-11-22 03:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2015-12-02 17:11 - 2015-11-22 03:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2015-12-02 17:11 - 2015-11-22 03:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2015-12-02 17:11 - 2015-11-22 03:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2015-12-02 17:10 - 2015-11-22 04:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2015-12-02 17:10 - 2015-11-22 04:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2015-12-02 17:10 - 2015-11-22 04:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2015-12-02 17:10 - 2015-11-22 04:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
    2015-12-02 17:10 - 2015-11-22 04:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
    2015-12-02 17:10 - 2015-11-22 04:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
    2015-12-02 17:10 - 2015-11-22 04:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
    2015-12-02 17:10 - 2015-11-22 04:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2015-12-02 17:10 - 2015-11-22 04:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2015-12-02 17:10 - 2015-11-22 04:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2015-12-02 17:10 - 2015-11-22 04:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
    2015-12-02 17:10 - 2015-11-22 04:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2015-12-02 17:10 - 2015-11-22 04:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2015-12-02 17:10 - 2015-11-22 04:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2015-12-02 17:10 - 2015-11-22 04:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
    2015-12-02 17:10 - 2015-11-22 04:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
    2015-12-02 17:10 - 2015-11-22 03:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
    2015-12-02 17:10 - 2015-11-22 03:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
    2015-12-02 17:10 - 2015-11-22 03:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
    2015-12-02 17:10 - 2015-11-22 03:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
    2015-12-02 17:10 - 2015-11-22 03:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2015-12-02 17:10 - 2015-11-22 03:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
    2015-12-02 17:10 - 2015-11-22 03:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
    2015-12-02 17:10 - 2015-11-22 03:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
    2015-12-02 17:10 - 2015-11-22 03:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
    2015-12-02 17:10 - 2015-11-22 03:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
    2015-12-02 17:10 - 2015-11-22 03:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
    2015-12-02 17:10 - 2015-11-22 03:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
    2015-12-02 17:10 - 2015-11-22 03:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
    2015-12-02 17:10 - 2015-11-22 03:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
    2015-12-02 17:10 - 2015-11-22 03:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2015-12-02 17:10 - 2015-11-22 03:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
    2015-12-02 17:10 - 2015-11-22 03:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
    2015-12-02 17:10 - 2015-11-22 03:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
    2015-12-02 17:10 - 2015-11-22 03:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2015-12-02 17:10 - 2015-11-22 03:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
    2015-12-02 17:10 - 2015-11-22 03:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2015-12-02 17:10 - 2015-11-22 03:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
    2015-12-02 17:10 - 2015-11-22 03:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
    2015-12-02 17:10 - 2015-11-22 03:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2015-12-02 17:10 - 2015-11-22 03:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
    2015-12-02 17:10 - 2015-11-22 03:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
    2015-12-02 17:10 - 2015-11-22 03:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2015-12-02 17:10 - 2015-11-22 03:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
    2015-12-02 17:10 - 2015-11-22 03:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2015-12-02 17:10 - 2015-11-22 03:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2015-12-02 17:10 - 2015-11-22 03:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
    2015-12-02 17:10 - 2015-11-22 03:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
    2015-12-02 17:10 - 2015-11-22 03:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
    2015-12-02 17:10 - 2015-11-22 03:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
    2015-12-02 17:10 - 2015-11-22 03:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2015-12-02 17:10 - 2015-11-22 03:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
    2015-12-02 17:10 - 2015-11-22 03:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2015-12-02 17:10 - 2015-11-22 03:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
    2015-12-02 17:10 - 2015-11-22 03:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
    2015-12-02 17:10 - 2015-11-22 03:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
    2015-12-02 17:10 - 2015-11-22 03:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
    2015-12-02 17:10 - 2015-11-22 03:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
    2015-12-02 17:10 - 2015-11-22 03:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2015-12-02 17:10 - 2015-11-22 03:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
    2015-12-02 17:10 - 2015-11-22 03:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
    2015-12-02 17:10 - 2015-11-22 03:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2015-12-02 17:10 - 2015-11-22 03:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
    2015-12-02 17:10 - 2015-11-22 03:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
    2015-12-02 17:10 - 2015-11-22 03:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
    2015-12-02 17:10 - 2015-11-22 03:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2015-12-02 17:10 - 2015-11-22 03:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
    2015-12-02 17:10 - 2015-11-22 03:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
    2015-12-02 17:10 - 2015-11-22 03:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
    2015-12-02 17:10 - 2015-11-22 03:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2015-12-02 17:10 - 2015-11-22 03:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
    2015-12-02 17:10 - 2015-11-22 03:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2015-12-02 17:10 - 2015-11-22 03:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2015-12-02 17:10 - 2015-11-22 03:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2015-12-02 17:10 - 2015-11-22 03:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2015-12-02 17:10 - 2015-11-22 03:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2015-12-02 17:10 - 2015-11-22 03:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2015-12-02 17:10 - 2015-11-22 03:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2015-12-02 17:10 - 2015-11-22 03:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
    2015-12-02 17:10 - 2015-11-22 03:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2015-12-02 17:10 - 2015-11-22 03:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2015-12-02 17:10 - 2015-11-22 03:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
    2015-12-02 17:10 - 2015-11-22 03:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2015-12-02 17:10 - 2015-11-22 03:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2015-12-02 17:10 - 2015-11-22 03:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
    2015-12-02 17:10 - 2015-11-22 03:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2015-12-02 17:10 - 2015-11-22 03:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
    2015-12-02 17:10 - 2015-11-22 03:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
    2015-12-02 17:10 - 2015-11-22 03:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
    2015-12-02 17:10 - 2015-11-22 03:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2015-12-02 17:10 - 2015-11-22 03:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2015-12-02 17:10 - 2015-11-22 03:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
    2015-12-02 17:10 - 2015-11-22 03:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2015-12-02 17:10 - 2015-11-22 03:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
    2015-12-02 17:10 - 2015-11-22 03:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2015-12-02 17:10 - 2015-11-22 03:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2015-12-02 17:10 - 2015-11-22 03:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2015-12-02 17:10 - 2015-11-22 03:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2015-12-02 17:10 - 2015-11-22 03:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2015-12-02 17:10 - 2015-11-22 03:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
    2015-12-02 17:10 - 2015-11-22 03:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2015-12-02 17:10 - 2015-11-22 03:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
    2015-12-02 17:10 - 2015-11-22 03:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2015-12-02 17:10 - 2015-11-22 03:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2015-12-02 17:10 - 2015-11-22 03:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2015-12-02 17:10 - 2015-11-22 03:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-12-02 17:10 - 2015-11-22 03:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2015-12-02 17:10 - 2015-11-22 03:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
    2015-12-02 17:10 - 2015-11-22 03:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
    2015-12-02 17:10 - 2015-11-22 03:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2015-12-02 17:10 - 2015-11-22 03:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2015-12-02 17:10 - 2015-11-22 03:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2015-12-02 17:10 - 2015-11-22 03:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
    2015-12-02 17:10 - 2015-11-22 03:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
    2015-12-02 17:10 - 2015-11-22 03:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
    2015-12-02 17:10 - 2015-11-22 03:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-12-02 17:10 - 2015-11-22 03:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
    2015-12-01 00:50 - 2015-12-01 00:50 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
    2015-12-01 00:50 - 2015-12-01 00:50 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
    2015-12-01 00:50 - 2015-12-01 00:50 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
    2015-12-01 00:50 - 2015-12-01 00:50 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
    2015-12-01 00:50 - 2015-12-01 00:50 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
    2015-12-01 00:50 - 2015-12-01 00:50 - 00000000 ____D C:\Users\DefaultAppPool
    2015-12-01 00:50 - 2015-11-28 19:19 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
    2015-12-01 00:50 - 2015-11-28 19:19 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
    2015-12-01 00:50 - 2015-11-28 19:19 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
    2015-11-30 01:49 - 2015-11-30 01:49 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2015-11-29 07:51 - 2015-11-29 07:51 - 00000000 ____D C:\Users\Alison\AppData\Local\Comms
    2015-11-29 07:48 - 2015-12-19 12:16 - 00002409 _____ C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2015-11-29 07:47 - 2015-11-30 21:47 - 00000000 ____D C:\Users\Alison\AppData\Local\MicrosoftEdge
    2015-11-29 07:47 - 2015-11-29 07:47 - 00000000 ____D C:\Users\Alison\AppData\Local\Publishers
    2015-11-29 07:42 - 2015-11-29 07:42 - 00000000 __RHD C:\Users\Public\AccountPictures
    2015-11-29 00:39 - 2015-11-29 00:39 - 00000000 ____D C:\Users\Alison\AppData\Local\ActiveSync
    2015-11-29 00:37 - 2015-12-11 09:46 - 00000000 ____D C:\Users\Alison\AppData\Local\Packages
    2015-11-29 00:37 - 2015-11-29 00:37 - 00000020 ___SH C:\Users\Alison\ntuser.ini
    2015-11-29 00:37 - 2015-11-29 00:37 - 00000000 ____D C:\Users\Alison\AppData\Local\TileDataLayer
    2015-11-28 21:04 - 2015-12-19 13:29 - 00000000 ___DC C:\WINDOWS\Panther
     
  4. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +44

    2015-11-28 21:00 - 2015-11-28 21:00 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2015-11-28 21:00 - 2015-11-28 21:00 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2015-11-28 21:00 - 2015-11-28 21:00 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2015-11-28 21:00 - 2015-11-28 21:00 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2015-11-28 21:00 - 2015-11-28 21:00 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
    2015-11-28 21:00 - 2015-11-28 21:00 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00000000 ____D C:\Windows.old
    2015-11-28 20:58 - 2015-11-28 20:58 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
    2015-11-28 20:55 - 2015-11-28 20:55 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
    2015-11-28 20:55 - 2015-11-28 20:55 - 00000000 ____D C:\WINDOWS\system32\msmq
    2015-11-28 20:55 - 2015-11-28 20:55 - 00000000 ____D C:\WINDOWS\system32\BestPractices
    2015-11-28 20:55 - 2015-11-28 20:55 - 00000000 ____D C:\Program Files\Reference Assemblies
    2015-11-28 20:55 - 2015-11-28 20:55 - 00000000 ____D C:\Program Files\MSBuild
    2015-11-28 20:55 - 2015-11-28 20:55 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2015-11-28 20:55 - 2015-11-28 20:55 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2015-11-28 20:55 - 2015-11-28 20:55 - 00000000 ____D C:\inetpub
    2015-11-28 20:54 - 2015-10-23 19:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
    2015-11-28 20:54 - 2015-10-23 19:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-11-28 20:54 - 2015-10-23 19:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2015-11-28 20:54 - 2015-10-23 19:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2015-11-28 20:54 - 2015-10-23 19:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2015-11-28 20:54 - 2015-10-23 19:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-11-28 19:32 - 2015-11-28 19:32 - 00000000 ____D C:\ProgramData\USOShared
    2015-11-28 19:31 - 2015-11-28 19:31 - 00000000 _SHDL C:\Users\Default\My Documents
    2015-11-28 19:31 - 2015-11-28 19:31 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
    2015-11-28 19:31 - 2015-11-28 19:31 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
    2015-11-28 19:31 - 2015-11-28 19:31 - 00000000 _SHDL C:\Users\Default\Documents\My Music
    2015-11-28 19:31 - 2015-11-28 19:31 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
    2015-11-28 19:31 - 2015-11-28 19:31 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
    2015-11-28 19:31 - 2015-11-28 19:31 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
    2015-11-28 19:29 - 2015-12-19 16:09 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-11-28 19:19 - 2015-11-28 19:19 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-11-28 19:19 - 2015-11-28 19:19 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
    2015-11-28 19:19 - 2015-11-28 19:19 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2015-11-28 19:19 - 2015-11-28 19:19 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2015-11-28 19:19 - 2015-11-28 19:19 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
    2015-11-28 19:19 - 2015-11-28 19:19 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2015-11-28 19:19 - 2015-11-28 19:19 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2015-11-28 19:15 - 2015-11-28 19:15 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
    2015-11-28 19:12 - 2015-12-19 16:11 - 00000000 ____D C:\Users\Alison
    2015-11-28 19:12 - 2015-11-28 19:12 - 00000000 _SHDL C:\Users\Alison\My Documents
    2015-11-28 19:12 - 2015-11-28 19:12 - 00000000 _SHDL C:\Users\Alison\Documents\My Videos
    2015-11-28 19:12 - 2015-11-28 19:12 - 00000000 _SHDL C:\Users\Alison\Documents\My Pictures
    2015-11-28 19:12 - 2015-11-28 19:12 - 00000000 _SHDL C:\Users\Alison\Documents\My Music
    2015-11-28 19:11 - 2015-12-19 12:46 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-11-28 19:11 - 2015-11-28 19:11 - 00965390 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
    2015-11-28 19:08 - 2015-11-28 19:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2015-11-28 19:08 - 2015-11-28 19:08 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
    2015-11-28 19:08 - 2015-11-28 19:08 - 00000000 ____D C:\Program Files\VIA
    2015-11-28 19:08 - 2015-10-30 01:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2015-11-28 19:05 - 2015-12-11 11:40 - 00247584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-11-28 18:45 - 2015-10-30 01:18 - 00000001 ___SH C:\BOOTNXT
    2015-11-27 23:33 - 2015-11-27 23:33 - 00000000 ____D C:\Users\Alison\AppData\Roaming\Sun
    2015-11-27 23:33 - 2015-11-27 23:33 - 00000000 ____D C:\Users\Alison\.oracle_jre_usage

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-19 16:13 - 2012-08-12 07:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-12-19 16:11 - 2013-05-24 16:08 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-12-19 16:08 - 2015-10-30 00:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2015-12-19 16:08 - 2015-10-30 00:28 - 00000000 ____D C:\Windows
    2015-12-19 16:07 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2015-12-19 16:07 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Provisioning
    2015-12-19 16:07 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2015-12-19 16:07 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
    2015-12-19 15:31 - 2013-05-24 16:08 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-12-19 14:23 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2015-12-19 13:50 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2015-12-19 13:50 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-12-19 13:29 - 2015-02-04 21:15 - 00000000 ____D C:\Users\Alison\AppData\Local\CrashDumps
    2015-12-19 12:33 - 2015-01-18 14:03 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2015-12-19 12:33 - 2012-08-12 09:03 - 00000000 ____D C:\Users\Alison\AppData\Roaming\Skype
    2015-12-19 12:32 - 2012-08-12 08:00 - 00000000 ____D C:\ProgramData\Skype
    2015-12-19 12:16 - 2012-08-12 12:18 - 00000000 ___RD C:\Users\Alison\SkyDrive
    2015-12-19 12:11 - 2013-04-21 06:33 - 00451040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
    2015-12-19 12:11 - 2013-04-21 06:33 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
    2015-12-19 12:10 - 2014-08-06 07:34 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2015-12-19 12:10 - 2014-02-22 20:28 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2015-12-19 12:10 - 2013-04-21 06:33 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2015-12-19 12:10 - 2013-04-21 06:33 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2015-12-19 12:10 - 2013-04-21 06:33 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2015-12-19 12:10 - 2013-04-21 06:33 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2015-12-19 12:09 - 2013-04-21 06:33 - 01055560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2015-12-19 11:50 - 2012-08-11 23:32 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6FFBF262-9944-489A-ABCA-F380B15BBF90}
    2015-12-11 11:56 - 2012-08-11 23:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-12-10 04:16 - 2012-08-12 07:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-12-10 04:16 - 2012-08-12 07:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-12-10 04:15 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2015-12-10 00:16 - 2012-08-12 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-12-10 00:14 - 2013-08-14 20:37 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-12-10 00:07 - 2012-08-12 08:23 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-12-07 06:18 - 2015-02-08 22:53 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2015-12-07 06:18 - 2012-08-12 07:57 - 00000000 ____D C:\ProgramData\Adobe
    2015-12-07 06:18 - 2012-08-12 07:57 - 00000000 ____D C:\Program Files (x86)\Adobe
    2015-12-03 21:36 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
    2015-12-03 19:52 - 2015-01-29 17:22 - 00015646 _____ C:\Users\Alison\Documents\Chase Online Service E-Sign Disclosure and Consent.odt
    2015-12-03 17:26 - 2013-05-24 16:08 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-12-03 17:26 - 2013-05-24 16:08 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-12-03 03:30 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2015-12-01 00:52 - 2014-12-16 06:35 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
    2015-12-01 00:52 - 2014-12-16 06:35 - 00000000 ____D C:\WINDOWS\system32\vbox
    2015-11-30 18:33 - 2015-10-30 01:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-11-30 18:33 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-11-29 07:46 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
    2015-11-29 07:45 - 2012-08-12 12:22 - 00001358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    2015-11-29 03:01 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\appcompat
    2015-11-29 00:38 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2015-11-29 00:38 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
    2015-11-29 00:38 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\MiracastView
    2015-11-29 00:38 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2015-11-28 21:04 - 2015-10-30 01:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2015-11-28 21:00 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2015-11-28 21:00 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Dism
    2015-11-28 20:55 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
    2015-11-28 20:55 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
    2015-11-28 20:55 - 2015-10-30 01:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
    2015-11-28 20:55 - 2015-10-30 01:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
    2015-11-28 20:55 - 2015-10-30 01:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
    2015-11-28 20:55 - 2015-10-30 01:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
    2015-11-28 20:55 - 2015-10-30 01:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
    2015-11-28 20:55 - 2015-10-30 01:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
    2015-11-28 20:55 - 2015-10-30 01:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
    2015-11-28 20:55 - 2015-10-30 01:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
    2015-11-28 20:55 - 2015-10-30 01:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
    2015-11-28 20:55 - 2015-10-30 01:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
    2015-11-28 20:55 - 2015-10-30 01:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
    2015-11-28 20:55 - 2015-10-30 01:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
    2015-11-28 20:55 - 2015-10-30 01:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
    2015-11-28 20:55 - 2015-10-30 01:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
    2015-11-28 20:55 - 2015-10-30 01:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
    2015-11-28 20:55 - 2015-10-30 01:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
    2015-11-28 20:55 - 2015-10-30 01:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
    2015-11-28 20:55 - 2015-10-30 01:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
    2015-11-28 20:55 - 2015-10-30 01:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
    2015-11-28 20:55 - 2015-10-30 01:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
    2015-11-28 20:55 - 2015-10-30 01:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
    2015-11-28 20:54 - 2015-10-30 01:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
    2015-11-28 20:54 - 2015-10-30 01:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
    2015-11-28 20:54 - 2015-10-30 01:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
    2015-11-28 20:54 - 2015-10-30 01:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
    2015-11-28 20:54 - 2015-10-30 01:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
    2015-11-28 20:54 - 2015-10-30 01:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
    2015-11-28 20:54 - 2015-10-30 01:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
    2015-11-28 19:32 - 2015-10-30 01:24 - 00000000 ____D C:\ProgramData\USOPrivate
    2015-11-28 19:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2015-11-28 19:31 - 2015-10-30 00:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2015-11-28 19:31 - 2012-08-12 00:10 - 00012336 _____ C:\WINDOWS\diagerr.xml
    2015-11-28 19:31 - 2012-08-12 00:10 - 00011415 _____ C:\WINDOWS\diagwrn.xml
    2015-11-28 19:30 - 2015-03-08 09:48 - 00003738 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series
    2015-11-28 19:30 - 2012-12-22 14:06 - 00003250 _____ C:\WINDOWS\System32\Tasks\{4D300699-ED8C-44E6-8BDC-AE417C490363}
    2015-11-28 19:29 - 2015-10-30 01:24 - 00000000 __RSD C:\WINDOWS\Media
    2015-11-28 19:29 - 2015-10-30 01:24 - 00000000 __RHD C:\Users\Public\Libraries
    2015-11-28 19:29 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Registration
    2015-11-28 19:29 - 2012-08-12 07:55 - 00003878 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2015-11-28 19:29 - 2012-08-12 00:43 - 00032264 _____ C:\WINDOWS\system32\emptyregdb.dat
    2015-11-28 19:23 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\spool
    2015-11-28 19:20 - 2012-08-11 23:22 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
    2015-11-28 19:19 - 2015-10-11 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2015-11-28 19:19 - 2015-03-08 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2015-11-28 19:19 - 2015-01-29 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-11-28 19:19 - 2015-01-18 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2015-11-28 19:19 - 2013-08-21 21:57 - 00000000 ____D C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Space Fan 4 Free
    2015-11-28 19:19 - 2013-05-24 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-11-28 19:19 - 2013-04-21 06:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin
    2015-11-28 19:19 - 2012-12-05 23:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
    2015-11-28 19:19 - 2012-12-05 23:12 - 00000000 ____D C:\WINDOWS\en
    2015-11-28 19:19 - 2012-08-12 21:41 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
    2015-11-28 19:19 - 2012-08-12 08:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2015-11-28 19:19 - 2012-08-12 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
    2015-11-28 19:19 - 2012-08-12 07:59 - 00000000 ____D C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    2015-11-28 19:19 - 2009-07-13 21:20 - 00000000 ____D C:\Users\Default.migrated
    2015-11-28 19:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
    2015-11-28 19:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
    2015-11-28 19:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\NDF
    2015-11-28 19:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\IME
    2015-11-28 19:16 - 2012-08-12 07:59 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
    2015-11-28 19:16 - 2012-08-11 23:26 - 00000000 ____D C:\WINDOWS\SysWOW64\x64
    2015-11-28 19:16 - 2012-08-11 23:26 - 00000000 ____D C:\WINDOWS\SysWOW64\Lang
    2015-11-28 19:15 - 2015-10-30 01:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
    2015-11-28 19:15 - 2015-10-30 01:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
    2015-11-28 19:15 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\schemas
    2015-11-28 19:15 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2015-11-28 19:15 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2015-11-28 19:15 - 2012-08-12 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
    2015-11-28 19:15 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Microsoft Games
    2015-11-28 19:15 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\DVD Maker
    2015-11-28 19:14 - 2009-07-13 21:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
    2015-11-28 19:10 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2015-11-28 19:05 - 2015-10-30 03:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
    2015-11-28 18:45 - 2012-08-12 01:35 - 00008192 __RSH C:\BOOTSECT.BAK
    2015-11-28 18:43 - 2009-07-13 22:45 - 00028144 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-11-28 18:43 - 2009-07-13 22:45 - 00028144 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-11-28 18:40 - 2015-10-30 03:42 - 00000000 ___HD C:\$WINDOWS.~BT
    2015-11-28 00:09 - 2015-01-29 19:53 - 00000000 ____D C:\ProgramData\Oracle
    2015-11-27 23:34 - 2013-05-26 21:08 - 00000000 ____D C:\Program Files\Java
    2015-11-27 23:33 - 2013-05-26 21:08 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll

    ==================== Files in the root of some directories =======

    2015-06-28 09:12 - 2015-06-28 09:12 - 0004608 _____ () C:\Users\Alison\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-03-08 09:46 - 2015-03-08 09:46 - 0000057 _____ () C:\ProgramData\Ament.ini

    Files to move or delete:
    ====================
    C:\Users\Alison\ttech.exe


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-19 14:21

    ==================== End of FRST.txt ============================
     
  5. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +44

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:19-12-2015
    Ran by Alison (2015-12-19 16:15:17)
    Running from C:\Users\Alison\Desktop
    Windows 10 Home (X64) (2015-11-29 06:37:34)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1324035087-4291948591-2733856161-500 - Administrator - Disabled)
    Alison (S-1-5-21-1324035087-4291948591-2733856161-1000 - Administrator - Enabled) => C:\Users\Alison
    DefaultAccount (S-1-5-21-1324035087-4291948591-2733856161-503 - Limited - Disabled)
    Guest (S-1-5-21-1324035087-4291948591-2733856161-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1324035087-4291948591-2733856161-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.12 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
    CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
    FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
    HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{5FB5B723-6B6E-45ED-BA73-F264D52AF916}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
    Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: - )
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1324035087-4291948591-2733856161-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Alison\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

    ==================== Restore Points =========================

    29-11-2015 02:40:09 Windows Update
    29-11-2015 19:00:33 Windows Backup
    05-12-2015 19:31:55 Windows Modules Installer
    06-12-2015 19:00:18 Windows Backup
    10-12-2015 00:06:49 Windows Update
    11-12-2015 11:10:07 Revo Uninstaller's restore point - TeamViewer 9
    19-12-2015 10:33:13 Windows Backup
    19-12-2015 11:50:35 Windows Backup
    19-12-2015 12:20:17 Windows Backup

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:34 - 2015-12-11 11:31 - 00000830 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0774C1E2-3735-49A1-8349-D6076828156C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
    Task: {0C50F7D8-C32F-4E58-ABC1-2B53D40B4C9D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {0CD73469-290D-434E-9F4C-2BEF6A1FFBDA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {0D599DC4-3784-4B73-ACAC-776EB1996F91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
    Task: {19D2CE48-10F8-4A19-AFDE-31ED5478E891} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {1EC28D0E-D584-408C-A00F-F0735F270132} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
    Task: {212C18F7-424B-4CF8-9B5B-B805D705F5DE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {2B058A87-C1E0-4210-9C42-AF371A564D12} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
    Task: {3A6DEBAD-C049-4430-9D01-25A528D5D3E6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
    Task: {3AD85DB4-1FC2-4231-8F6B-DF3E3542B4F9} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
    Task: {3F426D3D-6EC1-444C-826A-F64E13394D8F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {445ACF70-E6BD-4B6F-84B2-8761C95EC37E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
    Task: {4720BFF9-4537-4AA0-A40F-395200B1302A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {4AA87F43-4B1D-453D-AD47-74427AF3ECD7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {5A2BDA96-AA60-478E-8270-F4D9852CBA36} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
    Task: {5B1C0990-A450-44D3-9255-CB02EFB10412} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
    Task: {67BF2B2E-E120-4D45-BEF0-766FB30C01B6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
    Task: {771C29B3-2F0E-46CE-808E-CDE2FA4000C8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
    Task: {7D08F1E8-72BA-4905-97B4-3BC2E397F8F9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {7E22D0A2-B85D-4DCB-8CF0-EE45C3BADC8E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {7EFCDF6F-7A4B-4936-B064-3BA33E4A2BE8} - System32\Tasks\{4D300699-ED8C-44E6-8BDC-AE417C490363} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.126/en/abandoninstall?source=lightinstaller&amp;page=tsMain
    Task: {81DE99A7-ABC5-43B2-A648-42112B531328} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {833B5540-8BF6-4F16-9CB0-65A64E2571E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
    Task: {863679CD-CF6B-4225-976B-7425AEDC925F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {96D81837-59EC-4DC7-8ADA-F85E2A584B90} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
    Task: {9812DA7D-31DF-4216-975E-094551586E97} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {9DF85AA6-2F28-4BCD-9051-6312D86314AF} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {A29B6991-A964-4CC7-B494-813738BBE46C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {A8B3095B-7A3B-4375-A917-B7026C63AC4E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {BA822BBF-D7B1-4BCA-95CA-240E411CC50A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {BF7E491E-A1A9-4FA3-B8D8-76A2CCEAEE1A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
    Task: {D339FE5C-F414-4880-A958-5FEAF04C8F1A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
    Task: {DC06A4A9-F9CC-4309-B133-F844367A456C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {DE332ACB-777B-4D3A-8328-D7EAC649E1B6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {E2336D28-7810-4746-BADD-F26B502ED0F6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {E7B9B536-8145-4519-9C54-25F5E17F4EF3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-19] (AVAST Software)
    Task: {EC54A275-301A-4661-A6F0-B408EEB6E90F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {ECD32C0A-75B1-47C1-AABF-AC1371C23E9F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
    Task: {F2B6E414-42C2-415A-B73E-FEC3AE6F9327} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {F6E0873E-0466-4986-A243-68AECEF66604} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
    Task: {F9128909-3AB4-4C8A-983F-FA6C50ED52DC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
    Task: {FD2CE616-E0D3-4C56-9F8D-54969725C038} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: {FF1DABA5-9AB5-4803-BADB-C403D0A8EDAF} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2015-12-02 17:11 - 2015-11-22 04:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-02 17:11 - 2015-11-22 04:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-12-19 12:26 - 2015-12-19 12:29 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2015-12-19 12:03 - 2015-12-06 22:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2015-12-19 12:03 - 2015-12-06 22:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-12-19 12:04 - 2015-12-06 21:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2015-12-19 12:03 - 2015-12-06 21:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-12-19 12:04 - 2015-12-06 21:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-12-19 12:04 - 2015-12-06 21:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-01-27 06:18 - 2015-01-27 06:18 - 02926800 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
    2015-12-19 12:10 - 2015-12-19 12:10 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-12-19 12:10 - 2015-12-19 12:10 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-12-19 12:37 - 2015-12-19 12:37 - 02805760 _____ () C:\Program Files\AVAST Software\Avast\defs\15121901\algo.dll
    2015-12-19 12:10 - 2015-12-19 12:10 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2015-12-19 12:26 - 2015-12-19 12:29 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2015-12-19 12:26 - 2015-12-19 12:29 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2015-12-19 12:10 - 2015-12-19 12:10 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alison\Desktop\005 (2).JPG
    DNS Servers: 192.168.0.1 - 205.171.2.226
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_545A0C3BA033BA434B3702030390E77C"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [{2C4B0F05-1B8F-48A7-998C-BC5D63360DCD}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{9D4DFFF9-3A6D-4FDF-935A-95E98E3670F4}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{7119EC66-2E87-417F-8513-9042441B23CD}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
    FirewallRules: [{ED35FEFA-1218-4C94-A769-4AA2C26AA335}] => (Allow) LPort=53
    FirewallRules: [{AC47008D-50C6-45F1-B929-6C1AAF121976}] => (Allow) LPort=1542
    FirewallRules: [{5F6CFDFC-8CCD-470E-B14C-CF7AF4FA4FB6}] => (Allow) LPort=1542
    FirewallRules: [{97D95957-B6F2-4FBE-AD0C-A16ED7DE2D15}] => (Allow) LPort=1900
    FirewallRules: [{E29CB022-4996-4092-A6F5-1BFB05B2A872}] => (Allow) LPort=2869
    FirewallRules: [{FAB2EEC9-4988-46FC-8EEA-E27F5561A68C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{070E3390-FD5D-40AE-976B-E3937D8C6621}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{0D3EF491-790B-40CB-9F69-871C24645BB1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{99B5C2ED-6AD9-46CE-AE26-447923921D3F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/19/2015 02:20:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Alison-PC)
    Description: Package Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

    Error: (12/19/2015 01:46:17 PM) (Source: Windows Backup) (EventID: 4104) (User: )
    Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048).

    Error: (12/19/2015 01:46:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (12/19/2015 01:46:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (12/19/2015 01:45:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (12/19/2015 01:26:43 PM) (Source: ESENT) (EventID: 455) (User: )
    Description: taskhostw (4552) WebCacheLocal: Error -1032 (0xfffffbf8) occurred while opening logfile C:\Users\Alison\AppData\Local\Microsoft\Windows\WebCache\V01.log.

    Error: (12/19/2015 01:26:43 PM) (Source: ESENT) (EventID: 489) (User: )
    Description: taskhostw (4552) WebCacheLocal: An attempt to open the file "C:\Users\Alison\AppData\Local\Microsoft\Windows\WebCache\V01.log" for read only access failed with system error 32 (0x00000020): "The process cannot access the file because it is being used by another process. ". The open file operation will fail with error -1032 (0xfffffbf8).

    Error: (12/19/2015 12:27:08 PM) (Source: MsiInstaller) (EventID: 1041) (User: NT AUTHORITY)
    Description: Failed to begin a Windows Installer transaction ASU_MSI_TRAN. Error 1603 occurred while beginning the transaction.

    Error: (12/19/2015 12:20:19 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (12/19/2015 12:19:06 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .


    System errors:
    =============
    Error: (12/19/2015 04:09:15 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
    %%1058

    Error: (12/19/2015 04:07:02 PM) (Source: DCOM) (EventID: 10010) (User: Alison-PC)
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

    Error: (12/19/2015 04:07:02 PM) (Source: DCOM) (EventID: 10010) (User: Alison-PC)
    Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}

    Error: (12/19/2015 04:07:01 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_1ea20 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (12/19/2015 01:16:04 PM) (Source: DCOM) (EventID: 10016) (User: Alison-PC)
    Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}Alison-PCAlisonS-1-5-21-1324035087-4291948591-2733856161-1000LocalHost (Using LRPC)Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194

    Error: (12/19/2015 01:16:03 PM) (Source: DCOM) (EventID: 10016) (User: Alison-PC)
    Description: application-specificLocalActivation{9E175B6D-F52A-11D8-B9A5-505054503030}{9E175B9C-F52A-11D8-B9A5-505054503030}Alison-PCAlisonS-1-5-21-1324035087-4291948591-2733856161-1000LocalHost (Using LRPC)Microsoft.MicrosoftEdge_25.10586.0.0_neutral__8wekyb3d8bbweS-1-15-2-3624051433-2125758914-1423191267-1740899205-1073925389-3782572162-737981194-4256926629-1688279915-2739229046-3928706915

    Error: (12/19/2015 12:14:25 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NetMsmqActivator service failed to start due to the following error:
    %%1053

    Error: (12/19/2015 12:14:25 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the NetMsmqActivator service to connect.

    Error: (12/19/2015 12:14:24 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NetPipeActivator service failed to start due to the following error:
    %%1053

    Error: (12/19/2015 12:14:24 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.


    CodeIntegrity:
    ===================================
    Date: 2015-12-19 16:10:14.477
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-11 04:17:06.337
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-10 04:18:03.984
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-06 04:04:08.874
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-03 03:33:55.172
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-29 03:01:55.112
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-28 19:24:28.161
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-28 19:06:21.636
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Celeron(R) CPU E3400 @ 2.60GHz
    Percentage of memory in use: 32%
    Total physical RAM: 4061.36 MB
    Available physical RAM: 2748.39 MB
    Total Virtual: 8157.36 MB
    Available Virtual: 6933.1 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.32 GB) (Free:363.97 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive d: (CD104A1) (CDROM) (Total:0.11 GB) (Free:0 GB) CDFS
    Drive e: () (Fixed) (Total:149.04 GB) (Free:43.42 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 113F06D6)
    Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D21A3831)
    Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

    ==================== End of Addition.txt ============================
     
  6. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Please, observe following rules:
    • Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
    • If you're stuck, or you're not sure about certain step, always ask before doing anything else.
    • Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
    • Never run more than one scan at a time.
    • Keep updating me regarding your computer behavior, good, or bad.
    • The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
    • If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
    • I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

    =============================

    [​IMG] Download RogueKiller from one of the following links and save it to your Desktop:

    Link 1
    Link 2
    • Close all the running programs
    • Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
    • Otherwise just double-click on RogueKiller.exe
    • Pre-scan will start. Let it finish.
    • Click on SCAN button.
    • Wait until the Status box shows Scan Finished
    • Click on Delete.
    • Wait until the Status box shows Deleting Finished.
    • Click on Report and copy/paste the content of the Notepad into your next reply.
    • RKreport.txt could also be found on your desktop.
    • If more than one log is produced post all logs.
    • If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again
    [​IMG] Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
    NOTE. If you already have MBAM 2.0 installed scroll down.
    • Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
    • At the end, be sure a checkmark is placed next to the following:
    • Launch Malwarebytes Anti-Malware
    • A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
    • Click Finish.
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    If you already have MBAM 2.0 installed:
    • On the Dashboard, click the 'Update Now >>' link
    • After the update completes, click the 'Scan Now >>' button.
    • Or, on the Dashboard, click the Scan Now >> button.
    • If an update is available, click the Update Now button.
    • A Threat Scan will begin.
    • When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
    • In most cases, a restart will be required.
    • Wait for the prompt to restart the computer to appear, then click on Yes.
    How to get logs:
    (Export log to save as txt)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Export'.
    • Click 'Text file (*.txt)'
    • In the Save File dialog box which appears, click on Desktop.
    • In the File name: box type a name for your scan log.
    • A message box named 'File Saved' should appear stating "Your file has been successfully exported".
    • Click Ok
    • Attach that saved log to your next reply.
    (Copy to clipboard for pasting into forum replies or tickets)
    • After the restart once you are back at your desktop, open MBAM once more.
    • Click on the History tab > Application Logs.
    • Double click on the Scan Log which shows the Date and time of the scan just performed.
    • Click 'Copy to Clipboard'
    • Paste the contents of the clipboard into your reply.
    [​IMG] Please download AdwCleaner by Xplode onto your desktop.
    • Close all open programs and internet browsers.
    • Double click on adwcleaner.exe to run the tool.
    • Click on Scan button.
    • When the scan has finished click on Clean button.
    • Your computer will be rebooted automatically. A text file will open after the restart.
    • Please post the contents of that logfile with your next reply.
    • You can find the logfile at C:\AdwCleaner[S1].txt as well.
    [​IMG] Please download Junkware Removal Tool to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.
     
  7. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +44

    Thank you!

    RogueKiller V11.0.3.0 [Dec 14 2015] (Free) by Adlice Software
    mail : http://www.adlice.com/contact/
    Feedback : http://forum.adlice.com
    Website : http://www.adlice.com/software/roguekiller/
    Blog : http://www.adlice.com

    Operating System : Windows 10 (10.0.10586) 64 bits version
    Started in : Normal mode
    User : Alison [Administrator]
    Started from : C:\Users\Alison\Desktop\RogueKiller.exe
    Mode : Delete -- Date : 12/19/2015 18:06:07

    ¤¤¤ Processes : 0 ¤¤¤

    ¤¤¤ Registry : 3 ¤¤¤
    [PUP] (X64) HKEY_LOCAL_MACHINE\Software\Partner -> Not selected
    [PUM.Https] (X64) HKEY_USERS\S-1-5-21-1324035087-4291948591-2733856161-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> Not selected
    [PUM.Https] (X86) HKEY_USERS\S-1-5-21-1324035087-4291948591-2733856161-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings | WarnOnHTTPSToHTTPRedirect : 0 -> Not selected

    ¤¤¤ Tasks : 1 ¤¤¤
    [Suspicious.Path] \Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan -- c:\Program Files\Microsoft Security Client\MpCmdRun.exe (Scan -ScheduleJob -RestrictPrivileges) -> Not selected

    ¤¤¤ Files : 0 ¤¤¤

    ¤¤¤ Hosts File : 0 ¤¤¤

    ¤¤¤ Antirootkit : 7 (Driver: Not loaded [0xc000036b]) ¤¤¤
    [IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll!LdrUnloadDll : Unknown @ 0xae03fc (jmp 0x8972f0cc|jmp 0x6794d334)
    [IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll!LdrUnloadDll : Unknown @ 0xf003fc (jmp 0x89b4f0cc|jmp 0x6752d334)
    [IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll!LdrUnloadDll : Unknown @ 0x8803fc (jmp 0x894cf0cc|jmp 0x67bad334)
    [IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll!LdrUnloadDll : Unknown @ 0x6603fc (jmp 0x892af0cc|jmp 0x67dcd334)
    [IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll!LdrUnloadDll : Unknown @ 0xf003fc (jmp 0x89b4f0cc|jmp 0x6752d334)
    [IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll!LdrUnloadDll : Unknown @ 0x11503fc (jmp 0x89d9f0cc|jmp 0x672dd334)
    [IAT:Inl(Hook.IEAT)] (chrome.exe @ KERNEL32.dll) ntdll!LdrUnloadDll : Unknown @ 0xb703fc (jmp 0x897bf0cc|jmp 0x678bd334)

    ¤¤¤ Web browsers : 0 ¤¤¤

    ¤¤¤ MBR Check : ¤¤¤
    +++++ PhysicalDrive0: ST3160023A ATA Device +++++
    --- User ---
    [MBR] d3e7a9a4a7dcb3039a70af0593467eb1
    [BSP] dd90e6744e76f9056f6658e481d9ab3f : Windows XP|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 63 | Size: 152617 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive1: ST500DM002-1BD142 ATA Device +++++
    --- User ---
    [MBR] c1a7dcb4a82d59afbcc4ab024d80421d
    [BSP] 02adceddf87cfc2d60afb19221cb0e43 : Windows Vista/7/8|VT.Unknown MBR Code
    Partition table:
    0 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 2048 | Size: 476488 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
    1 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 975849472 | Size: 450 MB
    User = LL1 ... OK
    User = LL2 ... OK

    +++++ PhysicalDrive2: Generic USB SD Reader USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive3: Generic USB CF Reader USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive4: Generic USB SM Reader USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    +++++ PhysicalDrive5: Generic USB MS Reader USB Device +++++
    Error reading User MBR! ([15] The device is not ready. )
    Error reading LL1 MBR! NOT VALID!
    Error reading LL2 MBR! ([32] The request is not supported. )

    -------------------

    Malwarebytes Anti-Malware
    www.malwarebytes.org

    Scan Date: 12/19/2015
    Scan Time: 6:09 PM
    Logfile: MBAM 12_19.txt
    Administrator: Yes

    Version: 2.2.0.1024
    Malware Database: v2015.12.19.06
    Rootkit Database: v2015.12.18.01
    License: Free
    Malware Protection: Disabled
    Malicious Website Protection: Disabled
    Self-protection: Disabled

    OS: Windows 10
    CPU: x64
    File System: NTFS
    User: Alison

    Scan Type: Threat Scan
    Result: Completed
    Objects Scanned: 378263
    Time Elapsed: 19 min, 37 sec

    Memory: Enabled
    Startup: Enabled
    Filesystem: Enabled
    Archives: Enabled
    Rootkits: Disabled
    Heuristics: Enabled
    PUP: Enabled
    PUM: Enabled

    Processes: 0
    (No malicious items detected)

    Modules: 0
    (No malicious items detected)

    Registry Keys: 0
    (No malicious items detected)

    Registry Values: 0
    (No malicious items detected)

    Registry Data: 0
    (No malicious items detected)

    Folders: 0
    (No malicious items detected)

    Files: 0
    (No malicious items detected)

    Physical Sectors: 0
    (No malicious items detected)

    (end)

    -------------

    # AdwCleaner v5.025 - Logfile created 19/12/2015 at 18:36:35
    # Updated 13/12/2015 by Xplode
    # Database : 2015-12-13.2 [Server]
    # Operating system : Windows 10 Home (x64)
    # Username : Alison - ALISON-PC
    # Running from : C:\Users\Alison\Desktop\adwcleaner_5.025.exe
    # Option : Cleaning
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****


    ***** [ Files ] *****


    ***** [ DLLs ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****

    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{05F5414D-DCD6-4EE6-8C46-20A3F1209E0F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0D8734DB-7110-4CDB-833F-52BC93865AB2}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{200F1306-1316-473B-90CE-A777144BBDF5}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{269D72FF-8629-4DB6-AB4F-86AA3A92F8A9}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{41AE59EF-88EE-450B-B60A-F153679E6EE8}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{47A124BA-A6E2-4ED4-AA6F-84FF29E4D7DC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4AEF0F25-D761-4EAA-AEB7-9E756C6BF11E}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4E26AE37-A628-496E-B410-5D432F38BD1A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4F55EE37-30D9-45D6-870F-3EEA6CB9BE9F}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{50ADA3A9-20B4-4EE0-8AFA-DE0BCAB94A25}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{6818868A-1B3D-4E35-A561-FA964A96CD3B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{797657A7-D3C7-4D7C-98E3-D0324DDFC4BA}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{7A739956-FB82-4379-AF60-E38C48226AA7}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{902E7D34-D421-4766-8191-15A1B52D0BA2}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9193E23B-4182-493F-A38E-682307A7C463}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{0396D01A-1323-4A15-BD0C-1BC7510F46C6}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{15106AE4-6BDF-443E-80B0-3E38B59D26EC}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{64FBF8B6-C770-401A-8B84-F630EDAF4448}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{69D0BAC4-A1B1-45CE-944F-9EEB1479F059}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{8FEEDA9E-8F71-45DF-A797-468226D1D35B}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{A549A4F7-FA70-421C-B0F2-8F6C0B4B85A8}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{BF78452B-F168-4310-9EC0-4B9B66B845F0}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{D833690C-6E56-46C2-A19F-CF5FD81C9C9A}
    [-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{F9B90065-CD7A-4439-B311-B292299182A9}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{05F5414D-DCD6-4EE6-8C46-20A3F1209E0F}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{0D8734DB-7110-4CDB-833F-52BC93865AB2}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{200F1306-1316-473B-90CE-A777144BBDF5}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{269D72FF-8629-4DB6-AB4F-86AA3A92F8A9}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{41AE59EF-88EE-450B-B60A-F153679E6EE8}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{47A124BA-A6E2-4ED4-AA6F-84FF29E4D7DC}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4AEF0F25-D761-4EAA-AEB7-9E756C6BF11E}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4E26AE37-A628-496E-B410-5D432F38BD1A}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{4F55EE37-30D9-45D6-870F-3EEA6CB9BE9F}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{50ADA3A9-20B4-4EE0-8AFA-DE0BCAB94A25}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{6818868A-1B3D-4E35-A561-FA964A96CD3B}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{797657A7-D3C7-4D7C-98E3-D0324DDFC4BA}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{7A739956-FB82-4379-AF60-E38C48226AA7}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{902E7D34-D421-4766-8191-15A1B52D0BA2}
    [-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9193E23B-4182-493F-A38E-682307A7C463}

    ***** [ Web browsers ] *****


    *************************

    :: "Tracing" keys removed
    :: Winsock settings cleared

    ########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4184 bytes] ##########


    ---------------

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.1 (11.24.2015)
    Operating System: Windows 10 Home x64
    Ran by Alison (Administrator) on Sat 12/19/2015 at 18:44:46.83
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 1

    Successfully deleted: C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic (Folder)



    Registry: 1

    Successfully deleted: HKCU\Software\Microsoft\Windows\CurrentVersion\Run\\GoogleChromeAutoLaunch_545A0C3BA033BA434B3702030390E77C (Registry Value)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sat 12/19/2015 at 18:47:53.61
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
     
  8. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

    • Double click to run it.
    • Make sure you checkmark Addition.txt box.
    • Press Scan button.
    • Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.
     
  9. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +44

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:20-12-2015
    Ran by Alison (administrator) on ALISON-PC (20-12-2015 18:42:35)
    Running from C:\Users\Alison\Desktop
    Loaded Profiles: Alison & DefaultAppPool (Available Profiles: Alison & DefaultAppPool)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (VIA Technologies, Inc.) C:\Windows\System32\ViakaraokeSrv.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Elaborate Bytes AG) C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Windows\System32\inetsrv\w3wp.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
    HKLM-x32\...\Run: [HDAudDeck] => C:\Program Files (x86)\VIA\VIAudioi\VDeck\VDeck.exe [5036144 2012-02-22] (VIA)
    HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
    HKLM-x32\...\Run: [VirtualCloneDrive] => C:\Program Files (x86)\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe [89456 2011-03-07] (Elaborate Bytes AG)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-19] (AVAST Software)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [] => [X]
    HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\...\Run: [FileHippo.com] => C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe [2926800 2015-01-27] ()
    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8591272 2015-11-16] (Piriform Ltd)
    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\...\Run: [GoogleChromeAutoLaunch_545A0C3BA033BA434B3702030390E77C] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [741704 2015-12-10] (Google Inc.)
    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\System32\PhotoScreenSaver.scr [583680 2015-10-30] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Alison\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-19] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Alison\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-19] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Alison\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-19] (Microsoft Corporation)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-19] (AVAST Software)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Alison\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-19] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Alison\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-19] (Microsoft Corporation)
    ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Alison\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-19] (Microsoft Corporation)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.226
    Tcpip\..\Interfaces\{15283200-8c8e-46b7-a373-75e5eedee3a0}: [DhcpNameServer] 192.168.0.1 205.171.2.226
    Tcpip\..\Interfaces\{f1c90905-4378-4093-9605-5bbb1b0bf7a9}: [DhcpNameServer] 192.168.1.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
    SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-1324035087-4291948591-2733856161-1000 -> {FBA5760E-9A26-4467-9F8B-6FA5E005B933} URL = hxxp://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8
    BHO: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-27] (Oracle Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-11-30] (AVAST Software)
    BHO: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-27] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-11-30] (AVAST Software)
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKU\S-1-5-21-1324035087-4291948591-2733856161-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File

    FireFox:
    ========
    FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-27] (Oracle Corporation)
    FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-27] (Oracle Corporation)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1222172.dll [2015-11-19] (Adobe Systems, Inc.)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2012-04-14] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=10.21.2 -> C:\Windows\SysWOW64\npDeployJava1.dll [2013-04-21] (Oracle Corporation)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41105.0\npctrl.dll [2015-11-04] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-03] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-19]
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-19]

    Chrome:
    =======
    CHR HomePage: Default -> hxxps://www.yahoo.com?fr=hp-avast&type=odc089
    CHR StartupUrls: Default -> "hxxps://www.yahoo.com?fr=hp-avast&type=odc089"
    CHR Session Restore: Default -> is enabled.
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll ()
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin2.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin3.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin4.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin5.dll (Apple Inc.)
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
    CHR Plugin: (Google Earth Plugin) - C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll (Google)
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (Photo Gallery) - C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll (Microsoft Corporation)
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll => No File
    CHR Plugin: (Java Deployment Toolkit 7.0.210.11) - C:\Windows\SysWOW64\npDeployJava1.dll (Oracle Corporation)
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
    CHR Profile: C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]
    CHR Extension: (Google Drive) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-11]
    CHR Extension: (YouTube) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-10-07]
    CHR Extension: (Google Search) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-11]
    CHR Extension: (Google Docs Offline) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-28]
    CHR Extension: (Avast Online Security) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2015-11-11]
    CHR Extension: (Pin It Button) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2015-12-19]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-09-12]
    CHR Extension: (Gmail) - C:\Users\Alison\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-01]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-11-30]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-19] (AVAST Software)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 VIAKaraokeService; C:\Windows\system32\viakaraokesrv.exe [36504 2015-06-22] (VIA Technologies, Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
    U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-19] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-19] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-19] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-19] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1055560 2015-12-19] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [451040 2015-12-19] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-19] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-19] (AVAST Software)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 SaiH8000; C:\Windows\system32\DRIVERS\SaiH8000.sys [178560 2008-04-04] (Saitek)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [30848 2015-12-19] ()
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    U3 idsvc; no ImagePath
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    U3 wpcsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-20 18:42 - 2015-12-20 18:44 - 00016732 _____ C:\Users\Alison\Desktop\FRST.txt
    2015-12-20 18:41 - 2015-12-20 18:41 - 00000000 ____D C:\Users\Alison\Desktop\FRST-OlderVersion
    2015-12-19 18:47 - 2015-12-19 18:47 - 00000844 _____ C:\Users\Alison\Desktop\JRT.txt
    2015-12-19 18:40 - 2015-12-19 18:40 - 00004323 _____ C:\Users\Alison\Desktop\AdwCleaner[C2].txt
    2015-12-19 18:32 - 2015-12-19 18:36 - 00000000 ____D C:\AdwCleaner
    2015-12-19 18:31 - 2015-12-19 18:31 - 00001047 _____ C:\Users\Alison\Desktop\MBAM 12_19.txt
    2015-12-19 18:08 - 2015-12-19 18:08 - 00007764 _____ C:\Users\Alison\Desktop\RKreport.txt
    2015-12-19 18:01 - 2015-12-19 18:44 - 01599336 _____ (Malwarebytes) C:\Users\Alison\Desktop\JRT.exe
    2015-12-19 18:00 - 2015-12-19 18:32 - 01740288 _____ C:\Users\Alison\Desktop\adwcleaner_5.025.exe
    2015-12-19 17:39 - 2015-12-19 17:40 - 20834376 _____ C:\Users\Alison\Desktop\RogueKiller.exe
    2015-12-19 17:05 - 2015-12-19 17:05 - 00590888 _____ C:\Users\Alison\AppData\Local\census.cache
    2015-12-19 17:05 - 2015-12-19 17:05 - 00426249 _____ C:\Users\Alison\AppData\Local\ars.cache
    2015-12-19 16:55 - 2015-12-19 16:55 - 00000010 _____ C:\Users\Alison\AppData\Local\sponge.last.runtime.cache
    2015-12-19 16:51 - 2015-12-19 16:51 - 00000036 _____ C:\Users\Alison\AppData\Local\housecall.guid.cache
    2015-12-19 16:51 - 2015-08-27 07:19 - 00316168 _____ (Trend Micro Inc.) C:\WINDOWS\system32\Drivers\tmcomm.sys
    2015-12-19 16:48 - 2015-12-19 16:48 - 00000000 ____D C:\Users\Alison\AppData\Roaming\QuickScan
    2015-12-19 14:33 - 2015-12-19 14:33 - 00000000 ____D C:\Users\Alison\AppData\Roaming\SUPERAntiSpyware.com
    2015-12-19 14:33 - 2015-12-19 14:33 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2015-12-19 14:33 - 2015-12-19 14:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-12-19 14:33 - 2015-12-19 14:33 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-12-19 13:58 - 2015-12-19 18:09 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-12-19 13:57 - 2015-12-19 13:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-12-19 13:57 - 2015-12-19 13:57 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-12-19 13:57 - 2015-12-19 13:57 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-12-19 13:57 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-12-19 13:57 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-12-19 13:57 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-12-19 13:46 - 2015-12-19 13:47 - 00335368 _____ C:\Users\Alison\Documents\cc_20151219_134643.reg
    2015-12-19 13:18 - 2015-12-19 13:18 - 00002860 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2015-12-19 13:18 - 2015-12-19 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2015-12-19 13:18 - 2015-12-19 13:18 - 00000000 ____D C:\Program Files\CCleaner
    2015-12-19 13:11 - 2015-12-20 18:41 - 02370560 _____ (Farbar) C:\Users\Alison\Desktop\FRST64.exe
    2015-12-19 12:43 - 2015-12-20 18:42 - 00000000 ____D C:\FRST
    2015-12-19 12:31 - 2015-12-19 12:31 - 00002640 _____ C:\Users\Public\Desktop\Skype.lnk
    2015-12-19 12:31 - 2015-12-19 12:31 - 00000000 ___RD C:\Program Files (x86)\Skype
    2015-12-19 12:31 - 2015-12-19 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-12-19 12:24 - 2015-12-19 12:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
    2015-12-19 12:24 - 2015-12-19 12:24 - 00000000 ____D C:\Program Files\7-Zip
    2015-12-19 12:10 - 2015-12-19 12:10 - 00386096 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2015-12-19 12:10 - 2015-12-19 12:10 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2015-12-19 12:05 - 2015-12-06 21:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-12-19 12:04 - 2015-12-06 22:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2015-12-19 12:04 - 2015-12-06 22:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2015-12-19 12:04 - 2015-12-06 22:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2015-12-19 12:04 - 2015-12-06 22:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2015-12-19 12:04 - 2015-12-06 22:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2015-12-19 12:04 - 2015-12-06 22:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2015-12-19 12:04 - 2015-12-06 22:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-12-19 12:04 - 2015-12-06 22:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-12-19 12:04 - 2015-12-06 22:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2015-12-19 12:04 - 2015-12-06 22:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2015-12-19 12:04 - 2015-12-06 22:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2015-12-19 12:04 - 2015-12-06 22:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2015-12-19 12:04 - 2015-12-06 21:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-12-19 12:04 - 2015-12-06 21:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2015-12-19 12:04 - 2015-12-06 21:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
    2015-12-19 12:04 - 2015-12-06 21:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2015-12-19 12:04 - 2015-12-06 21:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2015-12-19 12:04 - 2015-12-06 21:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
    2015-12-19 12:04 - 2015-12-06 21:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2015-12-19 12:04 - 2015-12-06 21:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2015-12-19 12:04 - 2015-12-06 21:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2015-12-19 12:04 - 2015-12-06 21:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2015-12-19 12:04 - 2015-12-06 21:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
    2015-12-19 12:03 - 2015-12-06 22:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
    2015-12-19 12:03 - 2015-12-06 22:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2015-12-19 12:03 - 2015-12-06 22:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2015-12-19 12:03 - 2015-12-06 22:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2015-12-19 12:03 - 2015-12-06 22:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
    2015-12-19 12:03 - 2015-12-06 22:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
    2015-12-19 12:03 - 2015-12-06 22:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
    2015-12-19 12:03 - 2015-12-06 22:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
    2015-12-19 12:03 - 2015-12-06 22:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
    2015-12-19 12:03 - 2015-12-06 22:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
    2015-12-19 12:03 - 2015-12-06 22:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
    2015-12-19 12:03 - 2015-12-06 22:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
    2015-12-19 12:03 - 2015-12-06 22:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
    2015-12-19 12:03 - 2015-12-06 22:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2015-12-19 12:03 - 2015-12-06 22:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2015-12-19 12:03 - 2015-12-06 22:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
    2015-12-19 12:03 - 2015-12-06 22:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2015-12-19 12:03 - 2015-12-06 22:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
    2015-12-19 12:03 - 2015-12-06 22:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2015-12-19 12:03 - 2015-12-06 22:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2015-12-19 12:03 - 2015-12-06 22:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2015-12-19 12:03 - 2015-12-06 22:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
    2015-12-19 12:03 - 2015-12-06 22:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2015-12-19 12:03 - 2015-12-06 22:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
    2015-12-19 12:03 - 2015-12-06 22:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2015-12-19 12:03 - 2015-12-06 22:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2015-12-19 12:03 - 2015-12-06 21:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2015-12-19 12:03 - 2015-12-06 21:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2015-12-19 12:03 - 2015-12-06 21:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2015-12-19 12:03 - 2015-12-06 21:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
    2015-12-19 12:03 - 2015-12-06 21:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2015-12-19 12:03 - 2015-12-06 21:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2015-12-19 12:03 - 2015-12-06 21:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
    2015-12-19 12:03 - 2015-12-06 21:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
    2015-12-19 12:03 - 2015-12-06 21:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2015-12-19 12:03 - 2015-12-06 21:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
    2015-12-19 12:03 - 2015-12-06 21:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2015-12-19 12:03 - 2015-12-06 21:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2015-12-19 12:03 - 2015-12-06 21:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2015-12-19 12:03 - 2015-12-06 21:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
    2015-12-19 12:03 - 2015-12-06 21:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
    2015-12-19 12:03 - 2015-12-06 21:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2015-12-19 12:03 - 2015-12-06 21:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
    2015-12-19 12:03 - 2015-12-06 21:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2015-12-19 12:03 - 2015-12-06 21:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
    2015-12-19 12:03 - 2015-12-06 21:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
    2015-12-19 12:03 - 2015-12-06 21:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2015-12-19 12:03 - 2015-12-06 21:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2015-12-19 12:03 - 2015-12-06 21:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
    2015-12-19 12:03 - 2015-12-06 21:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
    2015-12-19 12:03 - 2015-12-06 21:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
    2015-12-19 10:47 - 2015-12-19 10:47 - 00000000 ____D C:\Users\Alison\AppData\Local\NetworkTiles
    2015-12-11 11:38 - 2015-12-11 11:38 - 00000000 ____D C:\$SysReset
    2015-12-09 06:17 - 2015-12-01 01:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2015-12-09 06:17 - 2015-11-24 06:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2015-12-09 06:17 - 2015-11-24 05:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2015-12-09 06:17 - 2015-11-24 04:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2015-12-09 06:17 - 2015-11-24 04:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2015-12-09 06:17 - 2015-11-24 03:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
    2015-12-09 06:17 - 2015-11-24 03:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2015-12-09 06:17 - 2015-11-24 03:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
    2015-12-09 06:17 - 2015-11-24 03:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
    2015-12-09 06:17 - 2015-11-24 03:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2015-12-09 06:17 - 2015-11-24 03:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
    2015-12-09 06:17 - 2015-11-24 03:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
    2015-12-09 06:17 - 2015-11-24 02:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-12-09 06:17 - 2015-11-24 02:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2015-12-09 06:17 - 2015-11-24 02:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2015-12-09 06:17 - 2015-11-24 02:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2015-12-09 06:17 - 2015-11-24 02:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
    2015-12-09 06:17 - 2015-11-24 02:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
    2015-12-09 06:17 - 2015-11-24 02:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-12-09 06:17 - 2015-11-24 01:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2015-12-09 06:17 - 2015-11-24 01:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
    2015-12-09 06:17 - 2015-11-24 01:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2015-12-09 06:17 - 2015-11-24 01:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2015-12-09 06:17 - 2015-11-24 01:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-12-09 06:17 - 2015-11-24 01:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2015-12-09 06:17 - 2015-11-24 01:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-12-09 06:17 - 2015-11-24 01:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2015-12-07 06:18 - 2015-12-07 06:19 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2015-12-02 17:11 - 2015-11-22 04:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2015-12-02 17:11 - 2015-11-22 04:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-02 17:11 - 2015-11-22 04:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2015-12-02 17:11 - 2015-11-22 03:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
    2015-12-02 17:11 - 2015-11-22 03:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
    2015-12-02 17:11 - 2015-11-22 03:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2015-12-02 17:11 - 2015-11-22 03:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2015-12-02 17:11 - 2015-11-22 03:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2015-12-02 17:11 - 2015-11-22 03:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2015-12-02 17:10 - 2015-11-22 04:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2015-12-02 17:10 - 2015-11-22 04:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2015-12-02 17:10 - 2015-11-22 04:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2015-12-02 17:10 - 2015-11-22 04:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
    2015-12-02 17:10 - 2015-11-22 04:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
    2015-12-02 17:10 - 2015-11-22 04:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
    2015-12-02 17:10 - 2015-11-22 04:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
    2015-12-02 17:10 - 2015-11-22 04:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2015-12-02 17:10 - 2015-11-22 04:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2015-12-02 17:10 - 2015-11-22 04:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2015-12-02 17:10 - 2015-11-22 04:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
    2015-12-02 17:10 - 2015-11-22 04:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2015-12-02 17:10 - 2015-11-22 04:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2015-12-02 17:10 - 2015-11-22 04:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2015-12-02 17:10 - 2015-11-22 04:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
    2015-12-02 17:10 - 2015-11-22 04:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
    2015-12-02 17:10 - 2015-11-22 03:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
    2015-12-02 17:10 - 2015-11-22 03:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
    2015-12-02 17:10 - 2015-11-22 03:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
    2015-12-02 17:10 - 2015-11-22 03:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
    2015-12-02 17:10 - 2015-11-22 03:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2015-12-02 17:10 - 2015-11-22 03:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
    2015-12-02 17:10 - 2015-11-22 03:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
    2015-12-02 17:10 - 2015-11-22 03:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
    2015-12-02 17:10 - 2015-11-22 03:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
    2015-12-02 17:10 - 2015-11-22 03:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
    2015-12-02 17:10 - 2015-11-22 03:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
    2015-12-02 17:10 - 2015-11-22 03:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
    2015-12-02 17:10 - 2015-11-22 03:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
    2015-12-02 17:10 - 2015-11-22 03:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
    2015-12-02 17:10 - 2015-11-22 03:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2015-12-02 17:10 - 2015-11-22 03:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
    2015-12-02 17:10 - 2015-11-22 03:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
    2015-12-02 17:10 - 2015-11-22 03:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
    2015-12-02 17:10 - 2015-11-22 03:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2015-12-02 17:10 - 2015-11-22 03:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
    2015-12-02 17:10 - 2015-11-22 03:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2015-12-02 17:10 - 2015-11-22 03:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
    2015-12-02 17:10 - 2015-11-22 03:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
    2015-12-02 17:10 - 2015-11-22 03:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2015-12-02 17:10 - 2015-11-22 03:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
    2015-12-02 17:10 - 2015-11-22 03:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
    2015-12-02 17:10 - 2015-11-22 03:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2015-12-02 17:10 - 2015-11-22 03:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
    2015-12-02 17:10 - 2015-11-22 03:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2015-12-02 17:10 - 2015-11-22 03:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2015-12-02 17:10 - 2015-11-22 03:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
    2015-12-02 17:10 - 2015-11-22 03:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
    2015-12-02 17:10 - 2015-11-22 03:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
    2015-12-02 17:10 - 2015-11-22 03:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
    2015-12-02 17:10 - 2015-11-22 03:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2015-12-02 17:10 - 2015-11-22 03:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
    2015-12-02 17:10 - 2015-11-22 03:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2015-12-02 17:10 - 2015-11-22 03:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
    2015-12-02 17:10 - 2015-11-22 03:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
    2015-12-02 17:10 - 2015-11-22 03:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
    2015-12-02 17:10 - 2015-11-22 03:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
    2015-12-02 17:10 - 2015-11-22 03:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
    2015-12-02 17:10 - 2015-11-22 03:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2015-12-02 17:10 - 2015-11-22 03:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
    2015-12-02 17:10 - 2015-11-22 03:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
    2015-12-02 17:10 - 2015-11-22 03:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2015-12-02 17:10 - 2015-11-22 03:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
    2015-12-02 17:10 - 2015-11-22 03:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
    2015-12-02 17:10 - 2015-11-22 03:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
    2015-12-02 17:10 - 2015-11-22 03:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2015-12-02 17:10 - 2015-11-22 03:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
    2015-12-02 17:10 - 2015-11-22 03:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
    2015-12-02 17:10 - 2015-11-22 03:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
    2015-12-02 17:10 - 2015-11-22 03:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2015-12-02 17:10 - 2015-11-22 03:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
    2015-12-02 17:10 - 2015-11-22 03:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2015-12-02 17:10 - 2015-11-22 03:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2015-12-02 17:10 - 2015-11-22 03:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
    2015-12-02 17:10 - 2015-11-22 03:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2015-12-02 17:10 - 2015-11-22 03:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2015-12-02 17:10 - 2015-11-22 03:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2015-12-02 17:10 - 2015-11-22 03:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2015-12-02 17:10 - 2015-11-22 03:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2015-12-02 17:10 - 2015-11-22 03:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
    2015-12-02 17:10 - 2015-11-22 03:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2015-12-02 17:10 - 2015-11-22 03:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2015-12-02 17:10 - 2015-11-22 03:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
    2015-12-02 17:10 - 2015-11-22 03:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2015-12-02 17:10 - 2015-11-22 03:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2015-12-02 17:10 - 2015-11-22 03:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
    2015-12-02 17:10 - 2015-11-22 03:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2015-12-02 17:10 - 2015-11-22 03:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
    2015-12-02 17:10 - 2015-11-22 03:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
     
  10. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +44

    2015-12-02 17:10 - 2015-11-22 03:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
    2015-12-02 17:10 - 2015-11-22 03:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2015-12-02 17:10 - 2015-11-22 03:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2015-12-02 17:10 - 2015-11-22 03:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
    2015-12-02 17:10 - 2015-11-22 03:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2015-12-02 17:10 - 2015-11-22 03:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2015-12-02 17:10 - 2015-11-22 03:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
    2015-12-02 17:10 - 2015-11-22 03:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2015-12-02 17:10 - 2015-11-22 03:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2015-12-02 17:10 - 2015-11-22 03:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2015-12-02 17:10 - 2015-11-22 03:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2015-12-02 17:10 - 2015-11-22 03:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2015-12-02 17:10 - 2015-11-22 03:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
    2015-12-02 17:10 - 2015-11-22 03:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2015-12-02 17:10 - 2015-11-22 03:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
    2015-12-02 17:10 - 2015-11-22 03:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2015-12-02 17:10 - 2015-11-22 03:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2015-12-02 17:10 - 2015-11-22 03:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2015-12-02 17:10 - 2015-11-22 03:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2015-12-02 17:10 - 2015-11-22 03:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2015-12-02 17:10 - 2015-11-22 03:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
    2015-12-02 17:10 - 2015-11-22 03:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
    2015-12-02 17:10 - 2015-11-22 03:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2015-12-02 17:10 - 2015-11-22 03:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2015-12-02 17:10 - 2015-11-22 03:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2015-12-02 17:10 - 2015-11-22 03:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
    2015-12-02 17:10 - 2015-11-22 03:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
    2015-12-02 17:10 - 2015-11-22 03:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
    2015-12-02 17:10 - 2015-11-22 03:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2015-12-02 17:10 - 2015-11-22 03:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
    2015-12-01 00:50 - 2015-12-01 00:50 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
    2015-12-01 00:50 - 2015-12-01 00:50 - 00000000 _SHDL C:\Users\DefaultAppPool\My Documents
    2015-12-01 00:50 - 2015-12-01 00:50 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Videos
    2015-12-01 00:50 - 2015-12-01 00:50 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Pictures
    2015-12-01 00:50 - 2015-12-01 00:50 - 00000000 _SHDL C:\Users\DefaultAppPool\Documents\My Music
    2015-12-01 00:50 - 2015-12-01 00:50 - 00000000 ____D C:\Users\DefaultAppPool
    2015-12-01 00:50 - 2015-11-28 19:19 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Media Center Programs
    2015-12-01 00:50 - 2015-11-28 19:19 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Macromedia
    2015-12-01 00:50 - 2015-11-28 19:19 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Local\Microsoft Help
    2015-11-30 01:49 - 2015-11-30 01:49 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2015-11-29 07:51 - 2015-11-29 07:51 - 00000000 ____D C:\Users\Alison\AppData\Local\Comms
    2015-11-29 07:48 - 2015-12-19 12:16 - 00002409 _____ C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2015-11-29 07:47 - 2015-11-30 21:47 - 00000000 ____D C:\Users\Alison\AppData\Local\MicrosoftEdge
    2015-11-29 07:47 - 2015-11-29 07:47 - 00000000 ____D C:\Users\Alison\AppData\Local\Publishers
    2015-11-29 07:42 - 2015-11-29 07:42 - 00000000 __RHD C:\Users\Public\AccountPictures
    2015-11-29 00:39 - 2015-11-29 00:39 - 00000000 ____D C:\Users\Alison\AppData\Local\ActiveSync
    2015-11-29 00:37 - 2015-12-11 09:46 - 00000000 ____D C:\Users\Alison\AppData\Local\Packages
    2015-11-29 00:37 - 2015-11-29 00:37 - 00000020 ___SH C:\Users\Alison\ntuser.ini
    2015-11-29 00:37 - 2015-11-29 00:37 - 00000000 ____D C:\Users\Alison\AppData\Local\TileDataLayer
    2015-11-28 21:04 - 2015-12-19 13:29 - 00000000 ___DC C:\WINDOWS\Panther
    2015-11-28 21:00 - 2015-11-28 21:00 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2015-11-28 21:00 - 2015-11-28 21:00 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2015-11-28 21:00 - 2015-11-28 21:00 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2015-11-28 21:00 - 2015-11-28 21:00 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2015-11-28 21:00 - 2015-11-28 21:00 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
    2015-11-28 21:00 - 2015-11-28 21:00 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
    2015-11-28 21:00 - 2015-11-28 21:00 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
    2015-11-28 21:00 - 2015-11-28 21:00 - 00000000 ____D C:\Windows.old
    2015-11-28 20:58 - 2015-11-28 20:58 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
    2015-11-28 20:55 - 2015-11-28 20:55 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
    2015-11-28 20:55 - 2015-11-28 20:55 - 00000000 ____D C:\WINDOWS\system32\msmq
    2015-11-28 20:55 - 2015-11-28 20:55 - 00000000 ____D C:\WINDOWS\system32\BestPractices
    2015-11-28 20:55 - 2015-11-28 20:55 - 00000000 ____D C:\Program Files\Reference Assemblies
    2015-11-28 20:55 - 2015-11-28 20:55 - 00000000 ____D C:\Program Files\MSBuild
    2015-11-28 20:55 - 2015-11-28 20:55 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2015-11-28 20:55 - 2015-11-28 20:55 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2015-11-28 20:55 - 2015-11-28 20:55 - 00000000 ____D C:\inetpub
    2015-11-28 20:54 - 2015-10-23 19:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
    2015-11-28 20:54 - 2015-10-23 19:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2015-11-28 20:54 - 2015-10-23 19:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2015-11-28 20:54 - 2015-10-23 19:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2015-11-28 20:54 - 2015-10-23 19:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2015-11-28 20:54 - 2015-10-23 19:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2015-11-28 19:32 - 2015-11-28 19:32 - 00000000 ____D C:\ProgramData\USOShared
    2015-11-28 19:31 - 2015-11-28 19:31 - 00000000 _SHDL C:\Users\Default\My Documents
    2015-11-28 19:31 - 2015-11-28 19:31 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
    2015-11-28 19:31 - 2015-11-28 19:31 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
    2015-11-28 19:31 - 2015-11-28 19:31 - 00000000 _SHDL C:\Users\Default\Documents\My Music
    2015-11-28 19:31 - 2015-11-28 19:31 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
    2015-11-28 19:31 - 2015-11-28 19:31 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
    2015-11-28 19:31 - 2015-11-28 19:31 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
    2015-11-28 19:29 - 2015-12-20 18:39 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-11-28 19:19 - 2015-11-28 19:19 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2015-11-28 19:19 - 2015-11-28 19:19 - 00000000 ____D C:\Users\Default\AppData\Roaming\Media Center Programs
    2015-11-28 19:19 - 2015-11-28 19:19 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
    2015-11-28 19:19 - 2015-11-28 19:19 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2015-11-28 19:19 - 2015-11-28 19:19 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Media Center Programs
    2015-11-28 19:19 - 2015-11-28 19:19 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
    2015-11-28 19:19 - 2015-11-28 19:19 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2015-11-28 19:15 - 2015-11-28 19:15 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
    2015-11-28 19:12 - 2015-12-20 13:30 - 00000000 ____D C:\Users\Alison
    2015-11-28 19:12 - 2015-11-28 19:12 - 00000000 _SHDL C:\Users\Alison\My Documents
    2015-11-28 19:12 - 2015-11-28 19:12 - 00000000 _SHDL C:\Users\Alison\Documents\My Videos
    2015-11-28 19:12 - 2015-11-28 19:12 - 00000000 _SHDL C:\Users\Alison\Documents\My Pictures
    2015-11-28 19:12 - 2015-11-28 19:12 - 00000000 _SHDL C:\Users\Alison\Documents\My Music
    2015-11-28 19:11 - 2015-12-19 12:46 - 01009692 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-11-28 19:11 - 2015-11-28 19:11 - 00965390 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
    2015-11-28 19:08 - 2015-11-28 19:08 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2015-11-28 19:08 - 2015-11-28 19:08 - 00000000 ____D C:\WINDOWS\system32\SRSLabs
    2015-11-28 19:08 - 2015-11-28 19:08 - 00000000 ____D C:\Program Files\VIA
    2015-11-28 19:08 - 2015-10-30 01:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2015-11-28 19:05 - 2015-12-11 11:40 - 00247584 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-11-28 18:45 - 2015-10-30 01:18 - 00000001 ___SH C:\BOOTNXT
    2015-11-27 23:33 - 2015-11-27 23:33 - 00000000 ____D C:\Users\Alison\AppData\Roaming\Sun
    2015-11-27 23:33 - 2015-11-27 23:33 - 00000000 ____D C:\Users\Alison\.oracle_jre_usage

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-12-20 18:41 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-12-20 18:41 - 2013-04-21 06:33 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2015-12-20 18:39 - 2013-05-24 16:08 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-12-20 13:13 - 2012-08-12 07:55 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2015-12-20 12:34 - 2012-08-11 23:32 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6FFBF262-9944-489A-ABCA-F380B15BBF90}
    2015-12-20 12:31 - 2013-05-24 16:08 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-12-20 09:10 - 2015-10-30 01:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2015-12-19 18:37 - 2015-10-30 00:28 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
    2015-12-19 18:08 - 2015-01-18 10:13 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-12-19 17:40 - 2015-01-18 10:13 - 00030848 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-12-19 16:15 - 2015-10-30 00:28 - 00000000 ____D C:\Windows
    2015-12-19 16:07 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2015-12-19 16:07 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Provisioning
    2015-12-19 16:07 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2015-12-19 16:07 - 2015-10-30 01:21 - 00000000 ____D C:\WINDOWS\INF
    2015-12-19 14:23 - 2015-10-30 01:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2015-12-19 13:29 - 2015-02-04 21:15 - 00000000 ____D C:\Users\Alison\AppData\Local\CrashDumps
    2015-12-19 12:33 - 2015-01-18 14:03 - 00001143 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2015-12-19 12:33 - 2012-08-12 09:03 - 00000000 ____D C:\Users\Alison\AppData\Roaming\Skype
    2015-12-19 12:32 - 2012-08-12 08:00 - 00000000 ____D C:\ProgramData\Skype
    2015-12-19 12:16 - 2012-08-12 12:18 - 00000000 ___RD C:\Users\Alison\SkyDrive
    2015-12-19 12:11 - 2013-04-21 06:33 - 00451040 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
    2015-12-19 12:11 - 2013-04-21 06:33 - 00097648 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
    2015-12-19 12:10 - 2014-08-06 07:34 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2015-12-19 12:10 - 2014-02-22 20:28 - 00155304 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2015-12-19 12:10 - 2013-04-21 06:33 - 00273784 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
    2015-12-19 12:10 - 2013-04-21 06:33 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2015-12-19 12:10 - 2013-04-21 06:33 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2015-12-19 12:09 - 2013-04-21 06:33 - 01055560 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSnx.sys
    2015-12-11 11:56 - 2012-08-11 23:22 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
    2015-12-10 04:16 - 2012-08-12 07:55 - 00000000 ____D C:\Program Files\Microsoft Silverlight
    2015-12-10 04:16 - 2012-08-12 07:55 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
    2015-12-10 04:15 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2015-12-10 00:16 - 2012-08-12 07:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
    2015-12-10 00:14 - 2013-08-14 20:37 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-12-10 00:07 - 2012-08-12 08:23 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-12-07 06:18 - 2015-02-08 22:53 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
    2015-12-07 06:18 - 2012-08-12 07:57 - 00000000 ____D C:\ProgramData\Adobe
    2015-12-07 06:18 - 2012-08-12 07:57 - 00000000 ____D C:\Program Files (x86)\Adobe
    2015-12-03 21:36 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\rescache
    2015-12-03 19:52 - 2015-01-29 17:22 - 00015646 _____ C:\Users\Alison\Documents\Chase Online Service E-Sign Disclosure and Consent.odt
    2015-12-03 17:26 - 2013-05-24 16:08 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-12-03 17:26 - 2013-05-24 16:08 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-12-03 03:30 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2015-12-01 00:52 - 2014-12-16 06:35 - 00000000 ____D C:\WINDOWS\SysWOW64\vbox
    2015-12-01 00:52 - 2014-12-16 06:35 - 00000000 ____D C:\WINDOWS\system32\vbox
    2015-11-30 18:33 - 2015-10-30 01:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-11-30 18:33 - 2015-10-30 01:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-11-29 07:46 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
    2015-11-29 07:45 - 2012-08-12 12:22 - 00001358 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live Mail.lnk
    2015-11-29 03:01 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\appcompat
    2015-11-29 00:38 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2015-11-29 00:38 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
    2015-11-29 00:38 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\MiracastView
    2015-11-29 00:38 - 2015-10-30 01:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2015-11-28 21:04 - 2015-10-30 01:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2015-11-28 21:00 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2015-11-28 21:00 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Dism
    2015-11-28 20:55 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
    2015-11-28 20:55 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\inetsrv
    2015-11-28 20:55 - 2015-10-30 01:19 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
    2015-11-28 20:55 - 2015-10-30 01:19 - 00266240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
    2015-11-28 20:55 - 2015-10-30 01:19 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
    2015-11-28 20:55 - 2015-10-30 01:19 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
    2015-11-28 20:55 - 2015-10-30 01:19 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
    2015-11-28 20:55 - 2015-10-30 01:19 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
    2015-11-28 20:55 - 2015-10-30 01:19 - 00051200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
    2015-11-28 20:55 - 2015-10-30 01:19 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
    2015-11-28 20:55 - 2015-10-30 01:19 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
    2015-11-28 20:55 - 2015-10-30 01:19 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
    2015-11-28 20:55 - 2015-10-30 01:19 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
    2015-11-28 20:55 - 2015-10-30 01:19 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
    2015-11-28 20:55 - 2015-10-30 01:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
    2015-11-28 20:55 - 2015-10-30 01:19 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
    2015-11-28 20:55 - 2015-10-30 01:18 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
    2015-11-28 20:55 - 2015-10-30 01:18 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
    2015-11-28 20:55 - 2015-10-30 01:18 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
    2015-11-28 20:55 - 2015-10-30 01:18 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
    2015-11-28 20:55 - 2015-10-30 01:18 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
    2015-11-28 20:55 - 2015-10-30 01:18 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
    2015-11-28 20:55 - 2015-10-30 01:18 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
    2015-11-28 20:55 - 2015-10-30 01:18 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
    2015-11-28 20:54 - 2015-10-30 01:19 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
    2015-11-28 20:54 - 2015-10-30 01:19 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
    2015-11-28 20:54 - 2015-10-30 01:18 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
    2015-11-28 20:54 - 2015-10-30 01:18 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
    2015-11-28 20:54 - 2015-10-30 01:18 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
    2015-11-28 20:54 - 2015-10-30 01:18 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
    2015-11-28 20:54 - 2015-10-30 01:18 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
    2015-11-28 19:32 - 2015-10-30 01:24 - 00000000 ____D C:\ProgramData\USOPrivate
    2015-11-28 19:31 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2015-11-28 19:31 - 2015-10-30 00:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2015-11-28 19:31 - 2012-08-12 00:10 - 00012336 _____ C:\WINDOWS\diagerr.xml
    2015-11-28 19:31 - 2012-08-12 00:10 - 00011415 _____ C:\WINDOWS\diagwrn.xml
    2015-11-28 19:30 - 2015-03-08 09:48 - 00003738 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series
    2015-11-28 19:30 - 2012-12-22 14:06 - 00003250 _____ C:\WINDOWS\System32\Tasks\{4D300699-ED8C-44E6-8BDC-AE417C490363}
    2015-11-28 19:29 - 2015-10-30 01:24 - 00000000 __RSD C:\WINDOWS\Media
    2015-11-28 19:29 - 2015-10-30 01:24 - 00000000 __RHD C:\Users\Public\Libraries
    2015-11-28 19:29 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\Registration
    2015-11-28 19:29 - 2012-08-12 07:55 - 00003878 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2015-11-28 19:29 - 2012-08-12 00:43 - 00032264 _____ C:\WINDOWS\system32\emptyregdb.dat
    2015-11-28 19:23 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\spool
    2015-11-28 19:20 - 2012-08-11 23:22 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
    2015-11-28 19:19 - 2015-10-11 18:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
    2015-11-28 19:19 - 2015-03-08 09:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2015-11-28 19:19 - 2015-01-29 19:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-11-28 19:19 - 2015-01-18 14:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2015-11-28 19:19 - 2013-08-21 21:57 - 00000000 ____D C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Disk Space Fan 4 Free
    2015-11-28 19:19 - 2013-05-24 16:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
    2015-11-28 19:19 - 2013-04-21 06:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Belkin
    2015-11-28 19:19 - 2012-12-05 23:12 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
    2015-11-28 19:19 - 2012-12-05 23:12 - 00000000 ____D C:\WINDOWS\en
    2015-11-28 19:19 - 2012-08-12 21:41 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OpenOffice.org 3.4
    2015-11-28 19:19 - 2012-08-12 08:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth
    2015-11-28 19:19 - 2012-08-12 08:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
    2015-11-28 19:19 - 2012-08-12 07:59 - 00000000 ____D C:\Users\Alison\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller
    2015-11-28 19:19 - 2009-07-13 21:20 - 00000000 ____D C:\Users\Default.migrated
    2015-11-28 19:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
    2015-11-28 19:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
    2015-11-28 19:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\NDF
    2015-11-28 19:16 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\system32\IME
    2015-11-28 19:16 - 2012-08-12 07:59 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
    2015-11-28 19:16 - 2012-08-11 23:26 - 00000000 ____D C:\WINDOWS\SysWOW64\x64
    2015-11-28 19:16 - 2012-08-11 23:26 - 00000000 ____D C:\WINDOWS\SysWOW64\Lang
    2015-11-28 19:15 - 2015-10-30 01:24 - 00000000 __SHD C:\Program Files\Windows Sidebar
    2015-11-28 19:15 - 2015-10-30 01:24 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
    2015-11-28 19:15 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\schemas
    2015-11-28 19:15 - 2015-10-30 01:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2015-11-28 19:15 - 2015-10-30 01:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2015-11-28 19:15 - 2012-08-12 14:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Elaborate Bytes
    2015-11-28 19:15 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\Microsoft Games
    2015-11-28 19:15 - 2009-07-13 23:32 - 00000000 ____D C:\Program Files\DVD Maker
    2015-11-28 19:14 - 2009-07-13 21:20 - 00000000 ____D C:\WINDOWS\system32\GroupPolicy
    2015-11-28 19:10 - 2015-10-30 00:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2015-11-28 19:05 - 2015-10-30 03:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
    2015-11-28 18:45 - 2012-08-12 01:35 - 00008192 __RSH C:\BOOTSECT.BAK
    2015-11-28 18:43 - 2009-07-13 22:45 - 00028144 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
    2015-11-28 18:43 - 2009-07-13 22:45 - 00028144 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
    2015-11-28 18:40 - 2015-10-30 03:42 - 00000000 ___HD C:\$WINDOWS.~BT
    2015-11-28 00:09 - 2015-01-29 19:53 - 00000000 ____D C:\ProgramData\Oracle
    2015-11-27 23:34 - 2013-05-26 21:08 - 00000000 ____D C:\Program Files\Java
    2015-11-27 23:33 - 2013-05-26 21:08 - 00110176 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll

    ==================== Files in the root of some directories =======

    2015-12-19 17:05 - 2015-12-19 17:05 - 0426249 _____ () C:\Users\Alison\AppData\Local\ars.cache
    2015-12-19 17:05 - 2015-12-19 17:05 - 0590888 _____ () C:\Users\Alison\AppData\Local\census.cache
    2015-06-28 09:12 - 2015-06-28 09:12 - 0004608 _____ () C:\Users\Alison\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-12-19 16:51 - 2015-12-19 16:51 - 0000036 _____ () C:\Users\Alison\AppData\Local\housecall.guid.cache
    2015-12-19 16:55 - 2015-12-19 16:55 - 0000010 _____ () C:\Users\Alison\AppData\Local\sponge.last.runtime.cache
    2015-03-08 09:46 - 2015-03-08 09:46 - 0000057 _____ () C:\ProgramData\Ament.ini

    Files to move or delete:
    ====================
    C:\Users\Alison\ttech.exe


    Some files in TEMP:
    ====================
    C:\Users\Alison\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Alison\AppData\Local\Temp\sqlite3.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-12-19 14:21

    ==================== End of FRST.txt ============================
     
  11. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +44

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
    Ran by Alison (2015-12-20 18:45:17)
    Running from C:\Users\Alison\Desktop
    Windows 10 Home (X64) (2015-11-29 06:37:34)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1324035087-4291948591-2733856161-500 - Administrator - Disabled)
    Alison (S-1-5-21-1324035087-4291948591-2733856161-1000 - Administrator - Enabled) => C:\Users\Alison
    DefaultAccount (S-1-5-21-1324035087-4291948591-2733856161-503 - Limited - Disabled)
    Guest (S-1-5-21-1324035087-4291948591-2733856161-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1324035087-4291948591-2733856161-1002 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}
    FW: avast! Antivirus (Disabled) {2F96FC65-F07D-9D1E-5A6E-3DA5C487EAF0}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    7-Zip 15.12 (x64 edition) (HKLM\...\{23170F69-40C1-2702-1512-000001000000}) (Version: 15.12.00.0 - Igor Pavlov)
    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
    Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 20.0.0.204 - Adobe Systems Incorporated)
    Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.2.172 - Adobe Systems, Inc.)
    Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
    CCleaner (HKLM\...\CCleaner) (Version: 5.12 - Piriform)
    FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
    HP Deskjet 3050 J610 series Basic Device Software (HKLM\...\{6457BD83-98CF-4267-93D7-F173FF3E7C25}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Deskjet 3050 J610 series Help (HKLM-x32\...\{F7632A9B-661E-4FD9-B1A4-3B86BC99847F}) (Version: 140.0.63.63 - Hewlett Packard)
    HP Deskjet 3050 J610 series Product Improvement Study (HKLM\...\{5FB5B723-6B6E-45ED-BA73-F264D52AF916}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
    Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41105.0 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30411 (HKLM-x32\...\{5DA8F6CD-C70E-39D8-8430-3D9808D6BD17}) (Version: 9.0.30411 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
    Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1210 - SUPERAntiSpyware.com)
    swMSM (HKLM-x32\...\{612C34C7-5E90-47D8-9B5C-0F717DD82726}) (Version: - )
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1324035087-4291948591-2733856161-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Alison\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

    ==================== Restore Points =========================

    10-12-2015 00:06:49 Windows Update
    11-12-2015 11:10:07 Revo Uninstaller's restore point - TeamViewer 9
    19-12-2015 10:33:13 Windows Backup
    19-12-2015 11:50:35 Windows Backup
    19-12-2015 12:20:17 Windows Backup
    19-12-2015 18:44:51 JRT Pre-Junkware Removal

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 20:34 - 2015-12-11 11:31 - 00000830 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0774C1E2-3735-49A1-8349-D6076828156C} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
    Task: {0C50F7D8-C32F-4E58-ABC1-2B53D40B4C9D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {0CD73469-290D-434E-9F4C-2BEF6A1FFBDA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {0D599DC4-3784-4B73-ACAC-776EB1996F91} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-11-11] (Adobe Systems Incorporated)
    Task: {19D2CE48-10F8-4A19-AFDE-31ED5478E891} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {1EC28D0E-D584-408C-A00F-F0735F270132} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
    Task: {212C18F7-424B-4CF8-9B5B-B805D705F5DE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {2B058A87-C1E0-4210-9C42-AF371A564D12} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
    Task: {3A6DEBAD-C049-4430-9D01-25A528D5D3E6} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
    Task: {3AD85DB4-1FC2-4231-8F6B-DF3E3542B4F9} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
    Task: {3F426D3D-6EC1-444C-826A-F64E13394D8F} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {445ACF70-E6BD-4B6F-84B2-8761C95EC37E} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
    Task: {4720BFF9-4537-4AA0-A40F-395200B1302A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {4AA87F43-4B1D-453D-AD47-74427AF3ECD7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {5A2BDA96-AA60-478E-8270-F4D9852CBA36} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
    Task: {5B1C0990-A450-44D3-9255-CB02EFB10412} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
    Task: {67BF2B2E-E120-4D45-BEF0-766FB30C01B6} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-11-16] (Piriform Ltd)
    Task: {771C29B3-2F0E-46CE-808E-CDE2FA4000C8} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
    Task: {7D08F1E8-72BA-4905-97B4-3BC2E397F8F9} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
    Task: {7E22D0A2-B85D-4DCB-8CF0-EE45C3BADC8E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {7EFCDF6F-7A4B-4936-B064-3BA33E4A2BE8} - System32\Tasks\{4D300699-ED8C-44E6-8BDC-AE417C490363} => Iexplore.exe hxxp://ui.skype.com/ui/0/6.0.0.126/en/abandoninstall?source=lightinstaller&amp;page=tsMain
    Task: {81DE99A7-ABC5-43B2-A648-42112B531328} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {833B5540-8BF6-4F16-9CB0-65A64E2571E5} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-12] (Google Inc.)
    Task: {863679CD-CF6B-4225-976B-7425AEDC925F} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {96D81837-59EC-4DC7-8ADA-F85E2A584B90} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
    Task: {9812DA7D-31DF-4216-975E-094551586E97} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {9DF85AA6-2F28-4BCD-9051-6312D86314AF} - System32\Tasks\HPCustParticipation HP Deskjet 3050 J610 series => C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
    Task: {A29B6991-A964-4CC7-B494-813738BBE46C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {A8B3095B-7A3B-4375-A917-B7026C63AC4E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {BA822BBF-D7B1-4BCA-95CA-240E411CC50A} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {BF7E491E-A1A9-4FA3-B8D8-76A2CCEAEE1A} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
    Task: {D339FE5C-F414-4880-A958-5FEAF04C8F1A} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
    Task: {DC06A4A9-F9CC-4309-B133-F844367A456C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {DE332ACB-777B-4D3A-8328-D7EAC649E1B6} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {E2336D28-7810-4746-BADD-F26B502ED0F6} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {E7B9B536-8145-4519-9C54-25F5E17F4EF3} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-19] (AVAST Software)
    Task: {EC54A275-301A-4661-A6F0-B408EEB6E90F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {ECD32C0A-75B1-47C1-AABF-AC1371C23E9F} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
    Task: {F2B6E414-42C2-415A-B73E-FEC3AE6F9327} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {F6E0873E-0466-4986-A243-68AECEF66604} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
    Task: {F9128909-3AB4-4C8A-983F-FA6C50ED52DC} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
    Task: {FD2CE616-E0D3-4C56-9F8D-54969725C038} - System32\Tasks\Microsoft\Microsoft Antimalware\Microsoft Antimalware Scheduled Scan => c:\Program Files\Microsoft Security Client\MpCmdRun.exe
    Task: {FF1DABA5-9AB5-4803-BADB-C403D0A8EDAF} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2015-10-30 01:18 - 2015-10-30 01:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2015-12-02 17:11 - 2015-11-22 04:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-12-19 12:04 - 2015-12-06 22:59 - 03081568 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
    2015-12-19 12:03 - 2015-12-06 22:57 - 02394976 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
    2015-12-02 17:11 - 2015-11-22 04:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-12-19 12:26 - 2015-12-19 12:29 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2015-12-19 12:03 - 2015-12-06 22:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2015-12-19 12:03 - 2015-12-06 22:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-12-19 12:04 - 2015-12-06 21:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2015-12-19 12:03 - 2015-12-06 21:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-12-19 12:04 - 2015-12-06 21:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-12-19 12:04 - 2015-12-06 21:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-01-27 06:18 - 2015-01-27 06:18 - 02926800 _____ () C:\Program Files (x86)\FileHippo.com\FileHippo.AppManager.exe
    2015-12-19 12:10 - 2015-12-19 12:10 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-12-19 12:10 - 2015-12-19 12:10 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2015-12-20 06:40 - 2015-12-20 06:40 - 02805760 _____ () C:\Program Files\AVAST Software\Avast\defs\15122000\algo.dll
    2015-12-19 12:10 - 2015-12-19 12:10 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2015-12-20 18:41 - 2015-12-20 18:41 - 02805760 _____ () C:\Program Files\AVAST Software\Avast\defs\15122001\algo.dll
    2015-12-19 12:26 - 2015-12-19 12:29 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2015-12-19 13:53 - 2015-12-10 21:54 - 01583432 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libglesv2.dll
    2015-12-19 13:53 - 2015-12-10 21:54 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\libegl.dll
    2015-12-19 12:10 - 2015-12-19 12:10 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2015-12-19 13:53 - 2015-12-10 21:54 - 16573256 _____ () C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\PepperFlash\pepflashplayer.dll
     
  12. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +44

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Alison\Desktop\005 (2).JPG
    DNS Servers: 192.168.0.1 - 205.171.2.226
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run32: => "APSDaemon"
    HKLM\...\StartupApproved\Run32: => "HP Software Update"
    HKLM\...\StartupApproved\Run32: => "QuickTime Task"
    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\...\StartupApproved\Run: => "CCleaner Monitoring"
    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_545A0C3BA033BA434B3702030390E77C"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [{2C4B0F05-1B8F-48A7-998C-BC5D63360DCD}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicatorCom.exe
    FirewallRules: [{9D4DFFF9-3A6D-4FDF-935A-95E98E3670F4}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\HPNetworkCommunicator.exe
    FirewallRules: [{7119EC66-2E87-417F-8513-9042441B23CD}] => (Allow) C:\Program Files\HP\HP Deskjet 3050 J610 series\Bin\DeviceSetup.exe
    FirewallRules: [{ED35FEFA-1218-4C94-A769-4AA2C26AA335}] => (Allow) LPort=53
    FirewallRules: [{AC47008D-50C6-45F1-B929-6C1AAF121976}] => (Allow) LPort=1542
    FirewallRules: [{5F6CFDFC-8CCD-470E-B14C-CF7AF4FA4FB6}] => (Allow) LPort=1542
    FirewallRules: [{97D95957-B6F2-4FBE-AD0C-A16ED7DE2D15}] => (Allow) LPort=1900
    FirewallRules: [{E29CB022-4996-4092-A6F5-1BFB05B2A872}] => (Allow) LPort=2869
    FirewallRules: [{FAB2EEC9-4988-46FC-8EEA-E27F5561A68C}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{070E3390-FD5D-40AE-976B-E3937D8C6621}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
    FirewallRules: [{0D3EF491-790B-40CB-9F69-871C24645BB1}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{99B5C2ED-6AD9-46CE-AE26-447923921D3F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (12/19/2015 06:45:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (12/19/2015 05:39:37 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

    Error: (12/19/2015 05:08:45 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

    Error: (12/19/2015 05:08:43 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

    Error: (12/19/2015 05:08:34 PM) (Source: SideBySide) (EventID: 78) (User: )
    Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
    A component version required by the application conflicts with another component version already active.
    Conflicting components are:.
    Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
    Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

    Error: (12/19/2015 02:20:27 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: Alison-PC)
    Description: Package Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

    Error: (12/19/2015 01:46:17 PM) (Source: Windows Backup) (EventID: 4104) (User: )
    Description: The backup was not successful. The error is: There is not enough free space on the backup storage location to back up the data. (0x80780048).

    Error: (12/19/2015 01:46:16 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (12/19/2015 01:46:05 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (12/19/2015 01:45:51 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .


    System errors:
    =============
    Error: (12/20/2015 06:39:16 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
    %%1058

    Error: (12/20/2015 06:38:58 PM) (Source: EventLog) (EventID: 6008) (User: )
    Description: The previous system shutdown at 1:17:34 PM on ‎12/‎20/‎2015 was unexpected.

    Error: (12/20/2015 06:38:41 PM) (Source: Microsoft-Windows-Kernel-Boot) (EventID: 29) (User: NT AUTHORITY)
    Description: 32212255954804178619732200

    Error: (12/19/2015 06:37:49 PM) (Source: Service Control Manager) (EventID: 7001) (User: )
    Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error:
    %%1058

    Error: (12/19/2015 06:36:49 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_419d1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (12/19/2015 06:36:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

    Error: (12/19/2015 06:36:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Message Queuing service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service.

    Error: (12/19/2015 06:36:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The VIA Karaoke digital mixer Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (12/19/2015 06:36:33 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
    Description: The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).

    Error: (12/19/2015 06:36:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The SAS Core Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 1000 milliseconds: Restart the service.


    CodeIntegrity:
    ===================================
    Date: 2015-12-19 16:10:14.477
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-11 04:17:06.337
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-10 04:18:03.984
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-06 04:04:08.874
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-12-03 03:33:55.172
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-29 03:01:55.112
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-28 19:24:28.161
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2015-11-28 19:06:21.636
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Celeron(R) CPU E3400 @ 2.60GHz
    Percentage of memory in use: 40%
    Total physical RAM: 4061.36 MB
    Available physical RAM: 2396.77 MB
    Total Virtual: 8157.36 MB
    Available Virtual: 6479.17 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:465.32 GB) (Free:367.27 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive e: () (Fixed) (Total:149.04 GB) (Free:43.42 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows XP) (Size: 149.1 GB) (Disk ID: 113F06D6)
    Partition 1: (Active) - (Size=149 GB) - (Type=07 NTFS)

    ========================================================
    Disk: 1 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: D21A3831)
    Partition 1: (Active) - (Size=465.3 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=450 MB) - (Type=27)

    ==================== End of Addition.txt ============================
     
  13. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

  14. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +44

    Fix result of Farbar Recovery Scan Tool (x64) Version:20-12-2015
    Ran by Alison (2015-12-21 20:04:32) Run:1
    Running from C:\Users\Alison\Desktop
    Loaded Profiles: Alison (Available Profiles: Alison & DefaultAppPool)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    HKLM-x32\...\Run: [] => [X]
    Toolbar: HKLM - avast! Online Security - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - No Name - {CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} - No File
    Toolbar: HKU\S-1-5-21-1324035087-4291948591-2733856161-1000 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File
    CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => No File
    CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => No File
    CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => No File
    CHR Plugin: (QuickTime Plug-in 7.7.3) - C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => No File
    CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => No File
    CHR Plugin: (Java(TM) Platform SE 7 U21) - C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => No File
    CHR Plugin: (Shockwave for Director) - C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll => No File
    CHR Plugin: (Silverlight Plug-In) - c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => No File
    U4 AvastVBoxSvc; "C:\Program Files\AVAST Software\Avast\ng\vbox\AvastVBoxSVC.exe" [X]
    U3 idsvc; no ImagePath
    U4 VBoxAswDrv; \??\C:\Program Files\AVAST Software\Avast\ng\vbox\VBoxAswDrv.sys [X]
    U3 wpcsvc; no ImagePath
    2015-12-19 17:05 - 2015-12-19 17:05 - 0426249 _____ () C:\Users\Alison\AppData\Local\ars.cache
    2015-12-19 17:05 - 2015-12-19 17:05 - 0590888 _____ () C:\Users\Alison\AppData\Local\census.cache
    2015-06-28 09:12 - 2015-06-28 09:12 - 0004608 _____ () C:\Users\Alison\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2015-12-19 16:51 - 2015-12-19 16:51 - 0000036 _____ () C:\Users\Alison\AppData\Local\housecall.guid.cache
    2015-12-19 16:55 - 2015-12-19 16:55 - 0000010 _____ () C:\Users\Alison\AppData\Local\sponge.last.runtime.cache
    2015-03-08 09:46 - 2015-03-08 09:46 - 0000057 _____ () C:\ProgramData\Ament.ini
    C:\Users\Alison\ttech.exe
    C:\Users\Alison\AppData\Local\Temp\dllnt_dump.dll
    C:\Users\Alison\AppData\Local\Temp\sqlite3.dll
    Task: {0C50F7D8-C32F-4E58-ABC1-2B53D40B4C9D} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {0CD73469-290D-434E-9F4C-2BEF6A1FFBDA} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {19D2CE48-10F8-4A19-AFDE-31ED5478E891} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {212C18F7-424B-4CF8-9B5B-B805D705F5DE} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {4AA87F43-4B1D-453D-AD47-74427AF3ECD7} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {7E22D0A2-B85D-4DCB-8CF0-EE45C3BADC8E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {9812DA7D-31DF-4216-975E-094551586E97} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {A29B6991-A964-4CC7-B494-813738BBE46C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {A8B3095B-7A3B-4375-A917-B7026C63AC4E} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {DC06A4A9-F9CC-4309-B133-F844367A456C} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {EC54A275-301A-4661-A6F0-B408EEB6E90F} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

    *****************

    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5} => value removed successfully
    "HKCR\CLSID\{318A227B-5E9F-45bd-8999-7F8F10CA4CF5}" => key removed successfully
    HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => value removed successfully
    HKCR\CLSID\{CC1A175A-E45B-41ED-A30C-C9B1D7A0C02F} => key not found.
    HKU\S-1-5-21-1324035087-4291948591-2733856161-1000\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => value removed successfully
    HKCR\CLSID\{2318C2B1-4965-11D4-9B18-009027A5CD4F} => key not found.
    C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\ppGoogleNaClPluginChrome.dll => not found.
    C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\pdf.dll => not found.
    C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Browser\nppdf32.dll => not found.
    C:\Program Files (x86)\QuickTime\plugins\npqtplugin6.dll => not found.
    C:\Program Files (x86)\QuickTime\plugins\npqtplugin7.dll => not found.
    C:\Program Files (x86)\Google\Update\1.3.21.145\npGoogleUpdate3.dll => not found.
    C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll => not found.
    C:\Windows\SysWOW64\Adobe\Director\np32dsw_1165635.dll => not found.
    c:\Program Files (x86)\Microsoft Silverlight\5.1.20125.0\npctrl.dll => not found.
    AvastVBoxSvc => service could not remove
    idsvc => service removed successfully
    VBoxAswDrv => service could not remove
    wpcsvc => service removed successfully
    C:\Users\Alison\AppData\Local\ars.cache => moved successfully
    C:\Users\Alison\AppData\Local\census.cache => moved successfully
    C:\Users\Alison\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully
    C:\Users\Alison\AppData\Local\housecall.guid.cache => moved successfully
    C:\Users\Alison\AppData\Local\sponge.last.runtime.cache => moved successfully
    C:\ProgramData\Ament.ini => moved successfully
    C:\Users\Alison\ttech.exe => moved successfully
    C:\Users\Alison\AppData\Local\Temp\dllnt_dump.dll => moved successfully
    C:\Users\Alison\AppData\Local\Temp\sqlite3.dll => moved successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0C50F7D8-C32F-4E58-ABC1-2B53D40B4C9D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0C50F7D8-C32F-4E58-ABC1-2B53D40B4C9D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CD73469-290D-434E-9F4C-2BEF6A1FFBDA}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CD73469-290D-434E-9F4C-2BEF6A1FFBDA}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{19D2CE48-10F8-4A19-AFDE-31ED5478E891}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{19D2CE48-10F8-4A19-AFDE-31ED5478E891}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{212C18F7-424B-4CF8-9B5B-B805D705F5DE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{212C18F7-424B-4CF8-9B5B-B805D705F5DE}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4AA87F43-4B1D-453D-AD47-74427AF3ECD7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4AA87F43-4B1D-453D-AD47-74427AF3ECD7}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{7E22D0A2-B85D-4DCB-8CF0-EE45C3BADC8E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7E22D0A2-B85D-4DCB-8CF0-EE45C3BADC8E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{9812DA7D-31DF-4216-975E-094551586E97}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9812DA7D-31DF-4216-975E-094551586E97}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A29B6991-A964-4CC7-B494-813738BBE46C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A29B6991-A964-4CC7-B494-813738BBE46C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{A8B3095B-7A3B-4375-A917-B7026C63AC4E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8B3095B-7A3B-4375-A917-B7026C63AC4E}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DC06A4A9-F9CC-4309-B133-F844367A456C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DC06A4A9-F9CC-4309-B133-F844367A456C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EC54A275-301A-4661-A6F0-B408EEB6E90F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EC54A275-301A-4661-A6F0-B408EEB6E90F}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully

    ==== End of Fixlog 20:04:34 ====
     
  15. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
  16. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +44

    Results of screen317's Security Check version 1.009
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    avast! Antivirus
    Antivirus up to date!
    `````````Anti-malware/Other Utilities Check:`````````
    Java version 32-bit out of Date!
    Google Chrome (47.0.2526.106)
    Google Chrome (47.0.2526.80)
    ````````Process Check: objlist.exe by Laurent````````
    AVAST Software Avast AvastSvc.exe
    AVAST Software Avast AvastUI.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````


    Farbar Service Scanner Version: 10-06-2014
    Ran by Alison (administrator) on 22-12-2015 at 20:59:59
    Running from "C:\Users\Alison\Desktop"
    Microsoft Windows 10 Home (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Disabled Policy:
    ========================


    Security Center:
    ============


    Windows Update:
    ============
    wuauserv Service is not running. Checking service configuration:
    The start type of wuauserv service is set to Demand. The default start type is Auto.
    The ImagePath of wuauserv service is OK.
    The ServiceDll of wuauserv service is OK.


    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============
    WinDefend Service is not running. Checking service configuration:
    The start type of WinDefend service is set to Demand. The default start type is Auto.
    The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".
    Checking ServiceDll: ATTENTION!=====> Unable to open WinDefend registry key. The service key does not exist.


    Windows Defender Disabled Policy:
    ==========================
    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
    "DisableAntiSpyware"=DWORD:1


    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\SDRSVC.dll => File is digitally signed
    C:\Windows\System32\vssvc.exe => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****


    Sophos said PC was clean :)
     
  17. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
  18. mrtraver

    mrtraver TS Guru Topic Starter Posts: 345   +44

    Awesome; thank you so much!!!
    Happy Holidays!
     
  19. Broni

    Broni Malware Annihilator Posts: 52,911   +344

    [​IMG]
     
    mrtraver likes this.

Similar Topics

Add New Comment

You need to be a member to leave a comment. Join thousands of tech enthusiasts and participate.
TechSpot Account You may also...