Jump to content

Zeus Virus Popup


Recommended Posts

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by Jeff (administrator) on JEFF-PC (18-03-2016 19:38:24)
Running from C:\Users\Jeff\Desktop
Loaded Profiles: Jeff (Available Profiles: Jeff)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(SurfRight B.V.) C:\Program Files\HitmanPro\hmpsched.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(TechSmith Corporation) C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_service.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Cisco) C:\Users\Jeff\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe
(Octoshape ApS) C:\Users\Jeff\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe
() C:\Users\Jeff\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
(Google Inc.) C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\WINWORD.EXE
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagPriv.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\TscHelp.exe
(TechSmith Corporation) C:\Program Files (x86)\TechSmith\Snagit 12\SnagitEditor.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ink\InputPersonalization.exe
(Microsoft Corporation) C:\Windows\splwow64.exe
(Microsoft Corporation) C:\Users\Jeff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_tray.exe
(Prosoftnet) C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe
(Microsoft Corporation) C:\Windows\System32\LockAppHost.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSYNC.EXE
() C:\Program Files\WindowsApps\Evernote.Evernote_3.3.0.102_x86__q4d96b2w5wcc2\Evernote.Windows.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [Dropbox] => C:\Program Files (x86)\Dropbox\Client\Dropbox.exe [25122080 2016-02-16] (Dropbox, Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [413696 2008-05-27] (Apple Inc.)
HKLM-x32\...\Run: [IDrive Background process] => C:\Program Files (x86)\IDriveWindows\id_bglaunch.exe [72936 2016-02-17] (Prosoftnet)
HKLM-x32\...\Run: [IDrive Tray] => C:\Program Files (x86)\IDriveWindows\id_tray.exe [1985256 2016-02-17] (Prosoftnet)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\Run: [GoogleChromeAutoLaunch_1D9E4397701B26121F48AD4BA9175EBF] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874136 2016-03-07] (Google Inc.)
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\Run: [PCShowServer] => C:\Users\Jeff\AppData\Local\DIRECTV Player\PCShowServerPMWrapper.exe [1632752 2015-08-23] (Cisco)
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\Run: [Octoshape Streaming Services] => C:\Users\Jeff\AppData\Roaming\Octoshape\Octoshape Streaming Services\OctoshapeClient.exe [500016 2014-08-01] (Octoshape ApS)
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50599552 2016-02-02] (Skype Technologies S.A.)
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\Run: [Google Update] => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2016-01-24] (Google Inc.)
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\RunOnce: [Uninstall C:\Users\Jeff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jeff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\RunOnce: [Uninstall C:\Users\Jeff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jeff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\MountPoints2: {696ae9dc-c49d-11e5-829f-c0335e2c6a1e} - "D:\TL-Bootstrap.exe" 
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\MountPoints2: {696aea4a-c49d-11e5-829f-c0335e2c6a1e} - "D:\TL-Bootstrap.exe" 
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [232960 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  0001IDSIcon1] -> {0FA6DCC0-CF0B-427D-A8AF-97C466AB5769} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2016-02-05] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [  0001IDSIcon2] -> {66357BBE-D2E5-453C-95FF-8102EB32419D} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2016-02-05] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [  0001IDSIcon3] -> {904E6336-8B13-43FA-B4C3-5B62C1C91971} => C:\Program Files (x86)\IDriveWindows\IDSyncIntIcon64.dll [2016-02-05] (Pro-Softnet Corporation, U.S.A)
ShellIconOverlayIdentifiers: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt64.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt1] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt2] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt3] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt4] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt5] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt6] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt7] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
ShellIconOverlayIdentifiers-x32: [ DropboxExt8] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Program Files (x86)\Dropbox\Client\DropboxExt.33.dll [2016-02-16] (Dropbox, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Snagit 12.lnk [2015-08-25]
ShortcutTarget: Snagit 12.lnk -> C:\Program Files (x86)\TechSmith\Snagit 12\Snagit32.exe (TechSmith Corporation)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{01a8d70c-5b81-4020-9e94-faa83cafcb95}: [DhcpNameServer] 209.18.47.62 209.18.47.61
Tcpip\..\Interfaces\{149d6033-bd7c-4935-953c-5c82e3fd65f5}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{91275EF0-664A-492E-BE47-EF505A10DCB1}: [DhcpNameServer] 209.222.18.222 209.222.18.218
Tcpip\..\Interfaces\{c52a2f79-5994-45c6-926c-dd6ebbd4b683}: [DhcpNameServer] 209.18.47.62 209.18.47.61

Internet Explorer:
==================
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://google.com/
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2016-02-04] (Microsoft Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2016-02-04] (Microsoft Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2016-02-04] (Microsoft Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\2zsf27jd.default
FF DefaultSearchEngine.US: Google
FF Session Restore: -> is enabled.
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2016-02-04] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3198725457-717360934-4184150231-1001: @citrixonline.com/appdetectorplugin -> C:\Users\Jeff\AppData\Local\Citrix\Plugins\104\npappdetector.dll [2015-06-24] (Citrix Online)
FF Plugin HKU\S-1-5-21-3198725457-717360934-4184150231-1001: @octoshape.com/Octoshape Streaming Services,version=1.0 -> C:\Users\Jeff\AppData\Roaming\Octoshape\Octoshape Streaming Services\sua-1411300-0-npoctoshape.dll [2014-11-30] (Octoshape ApS)
FF Plugin HKU\S-1-5-21-3198725457-717360934-4184150231-1001: @tools.google.com/Google Update;version=3 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin HKU\S-1-5-21-3198725457-717360934-4184150231-1001: @tools.google.com/Google Update;version=9 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
FF Plugin ProgramFiles/Appdata: C:\Users\Jeff\AppData\Roaming\mozilla\plugins\npoctoshape.dll [2015-10-09] (Octoshape ApS)
FF Extension: GKeep Panel - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\2zsf27jd.default\extensions\gkeeppanel@alejandrobrizuela.com.ar.xpi [2015-10-18]
FF Extension: Integrated Google Calendar - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\2zsf27jd.default\extensions\intgcal@egarracingteam.com.ar.xpi [2015-10-18]
FF Extension: LastPass - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\2zsf27jd.default\extensions\support@lastpass.com [2016-03-09]
FF Extension: Grammarly Spell Checker & Grammar Checker - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\2zsf27jd.default\Extensions\87677a2c52b84ad3a151a4a72f5bd3c4@jetpack.xpi [2016-03-02]
FF Extension: Facebook™ Messenger - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\2zsf27jd.default\Extensions\jid1-jw3qAaBXs3HSov@jetpack.xpi [2016-03-02]
FF Extension: uBlock - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\2zsf27jd.default\Extensions\{2b10c1c8-a11f-4bad-fe9c-1c11e82cac42}.xpi [2015-12-12]
FF Extension: Adblock Plus - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\2zsf27jd.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-02-23]
FF Extension: Evernote Web Clipper - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\2zsf27jd.default\Extensions\{E0B8C461-F8FB-49b4-8373-FE32E9252800}.xpi [2015-11-29]
FF Extension: Theme Font & Size Changer - C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\2zsf27jd.default\Extensions\{f69e22c7-bc50-414a-9269-0f5c344cd94c}.xpi [2016-03-09]
FF Extension: Skype - C:\Program Files (x86)\Mozilla Firefox\browser\extensions\{82AF8DCA-6DE9-405D-BD5E-43525BDAD38A}.xpi [2016-01-06]

Chrome: 
=======
CHR HomePage: Default -> hxxp://drudgereport.com/
CHR StartupUrls: Default -> "hxxp://www.drudgereport.com/"
CHR Session Restore: Default -> is enabled.
CHR Profile: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Translate) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapbdbdomjkkjkaonfhkkikfgjllcleb [2015-12-31]
CHR Extension: (Google Slides) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-23]
CHR Extension: (myPlex Queue Extension) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\agmheakklldmclgmkfnncddgkiibboil [2016-01-28]
CHR Extension: (SEOquake) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\akdgnmcogleenhbclghghlkkdndkjdjc [2016-03-18]
CHR Extension: (Google Docs) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-23]
CHR Extension: (Google Drive) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-27]
CHR Extension: (YouTube) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Cast) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\boadgeojelhgndaghljhdicfkmllpafd [2016-02-25]
CHR Extension: (Pushbullet) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\chlffgpmiacpedhhbkiomidkjlcfhogd [2016-01-27]
CHR Extension: (uBlock Origin) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-03-09]
CHR Extension: (Videostream for Google Chromecast™) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\cnciopoikihiagdjbjpnocolokfelagl [2016-03-05]
CHR Extension: (Google Search) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-27]
CHR Extension: (Search by Image (by Google)) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\dajedkncpodkggklbegccjpmnglmnflm [2015-12-21]
CHR Extension: (Netflix) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\deceagebecbceejblnlcjooeohmmeldh [2015-06-23]
CHR Extension: (Solitaire) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\dkelcbhdkpcdiiancfjhjcpdinbbfolp [2015-06-23]
CHR Extension: (Google+) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\dlppkpafhbajpcmmoheippocdidnckmm [2015-12-11]
CHR Extension: (Dropbox for Gmail) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\dpdmhfocilnekecfjgimjdeckachfbec [2015-12-02]
CHR Extension: (MozBar) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\eakacpaijcpapndcfffdgphdiccmpknp [2016-02-10]
CHR Extension: (Papaly Bookmark Manager) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ebaemiclbgheekdodbcengpahonmfnla [2015-08-30]
CHR Extension: (Gmail Offline) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejidjjhkpiempkbhmpbfngldlkglhimk [2015-06-23]
CHR Extension: (Google Calendar) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejjicmeblgpmajnghnpcppodonldlgfn [2015-10-12]
CHR Extension: (Box) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ejnkaeblpdcamcioiiabclakabcbjmbl [2015-06-23]
CHR Extension: (Solitaire Games) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\eljmkmbmhmgmpmmbkagbobpmpocacdbo [2015-06-23]
CHR Extension: (Sprucemarks) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\fakeocdnmmmnokabaiflppclocckihoj [2016-02-21]
CHR Extension: (Pandora) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\fbangkleohkafngihneedemihgfeikcl [2015-06-23]
CHR Extension: (Google Sheets) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-23]
CHR Extension: (PicMonkey) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\fgdgokchhicmaiacmgegjnppjkgogdhm [2015-06-23]
CHR Extension: (Wunderlist - To-do and Task list) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjliknjliaohjgjajlgolhijphojjdkc [2016-01-21]
CHR Extension: (Service Pages for Google Chrome™) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\fjmhjjohhiehaoljianalpmfcceojaff [2016-01-15]
CHR Extension: (Full Screen Weather) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\fkkaebihfmbofclegkcfkkemepfehibg [2015-06-23]
CHR Extension: (Google Play Movies) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\fppdphmgcddhjeddoeghpjefkdlccljb [2015-06-23]
CHR Extension: (Chrome Web Store Launcher (by Google)) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gecgipfabdickgidpmbicneamekgbaej [2015-06-23]
CHR Extension: (Google Docs Offline) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-03-18]
CHR Extension: (Dictionary by Dictionary.com) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gikhgcaliglmioibbockkmjknfnepbdh [2015-06-23]
CHR Extension: (Bookmark Manager) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gmlllbghnfkpflemihljekbapjopfjik [2016-02-05]
CHR Extension: (Pin It Button) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdjojdkbbmdfjfahjcgigfpmkopogic [2016-02-23]
CHR Extension: (Google Photos) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\hcglmfcclpfgljeaiahehebeoaiicbko [2016-03-17]
CHR Extension: (LastPass: Free Password Manager) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\hdokiejnpimakedhajhdlcegeplioahd [2016-03-09]
CHR Extension: (Ahrefs SEO Toolbar) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\hgmoccdbjhknikckedaaebbpdeebhiei [2015-12-11]
CHR Extension: (Google Keep - notes and lists) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\hmjkmjkepdijhoojdojkdfohbdgmmhki [2016-03-18]
CHR Extension: (Kindle Cloud Reader) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\icdipabjmbhpdkjaihfjoikhjjeneebd [2015-06-23]
CHR Extension: (Google Play Music) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\icppfcnhkcmnfdhfhphakoifcfokfdhg [2015-06-23]
CHR Extension: (World of Solitaire) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ifbnllnaaaohekjkcpfdllhhjijnidgn [2015-06-23]
CHR Extension: (Dropbox) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ioekoebejdcmnlefjiknokhhafglcjdl [2015-07-05]
CHR Extension: (Disconnect) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jeoacafpbcihiomhlakheieifhpjdfeo [2016-01-21]
CHR Extension: (Google +1 Button) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jgoepmocgafhnchmokaimcmlojpnlkhp [2015-06-23]
CHR Extension: (FlyOrDie Backgammon) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\jjajfipfoldnngmddjicblncidmijama [2016-01-18]
CHR Extension: (Grammarly Spell Checker & Grammar Checker) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\kbfnbcaeplbcioakkpcpgfkobkghlhen [2016-03-18]
CHR Extension: (Google Voice (by Google)) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcnhkahnjcbndmmehfkdnkjomaanaooo [2015-06-23]
CHR Extension: (Google Hangouts) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\knipolnnllmklapflnccelgolnpehhpl [2016-03-18]
CHR Extension: (Google Play) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\komhbcfkdcgmcdoenjcjheifdiabikfi [2015-06-23]
CHR Extension: (Evernote Web) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lbfehkoinhhcknnbdgnnmjhiladcgbol [2015-06-23]
CHR Extension: (Skype) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lifbcibllhkdhoafpjfnlhfpfgnpldfl [2015-12-19]
CHR Extension: (Google Maps) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\lneaknkopdijkpnocmklfnjbeapigfbh [2015-09-20]
CHR Extension: (Flashcontrol) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\mfidmkgnfgnkihnjeklbekckimkipmoe [2016-03-09]
CHR Extension: (Download to Dropbox) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\mklccdhnpppcmbpbkaanmamjfmmefbnp [2015-06-23]
CHR Extension: (Ghostery) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2016-02-21]
CHR Extension: (Yumprint) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nboinfelnglhdhgchcmomigiddalpjka [2015-06-23]
CHR Extension: (Google Hangouts) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nckgahadagoaajjgafhacjanaoiihapd [2015-12-11]
CHR Extension: (feedly) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\ndhinffkekpekljifjkkkkkhopnjodja [2016-01-28]
CHR Extension: (OneDrive) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nffchahhjecejoiigmnhhicpoabngedk [2015-06-23]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-27]
CHR Extension: (Picasa) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\onlgmecjpnejhfeofkgbfgnmdlipdejb [2015-06-23]
CHR Extension: (Evernote Web Clipper) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pioclpoplcdbaefihamjohnefbikjilc [2016-03-05]
CHR Extension: (Weather Underground) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjejbgheonogbpfkkjigbmahaljipoej [2015-06-23]
CHR Extension: (Gmail) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-23]
CHR Extension: (Inbox by Gmail) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pkclgpgponpjmpfokoepglboejdobkpl [2015-06-23]
CHR Extension: (RightToCopy) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\plmcimdddlobkphnofejmeidjblideca [2016-02-23]
CHR Extension: (AVG PrivacyFix) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pmejhjjecaldkllonlokhkglbdbkdcni [2016-01-28]
CHR Extension: (Majestic Backlink Analyzer) - C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Extensions\pnmjaflneibolacpepklokkjnakmikmg [2015-08-30]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2016-01-08]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2804976 2016-02-04] (Microsoft Corporation)
S2 dbupdate; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-01] (Dropbox, Inc.)
S3 dbupdatem; C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [136048 2015-09-01] (Dropbox, Inc.)
R2 HitmanProScheduler; C:\Program Files\HitmanPro\hmpsched.exe [135496 2016-02-25] (SurfRight B.V.)
R2 IDriveService; C:\Program Files (x86)\IDriveWindows\id_service.exe [154856 2016-02-17] (Prosoftnet)
S2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373152 2016-01-06] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 TechSmith Uploader Service; C:\Program Files (x86)\Common Files\TechSmith Shared\Uploader\UploaderService.exe [3408384 2015-01-26] (TechSmith Corporation) [File not signed]
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BthA2DP; C:\Windows\system32\drivers\BthA2DP.sys [165376 2015-10-30] (Microsoft Corporation)
R3 BthHFAud; C:\Windows\system32\DRIVERS\BthHfAud.sys [36864 2015-10-30] (Microsoft Corporation)
S3 iaLPSS_GPIO; C:\Windows\System32\drivers\iaLPSS_GPIO.sys [24568 2014-12-11] (Intel Corporation)
S3 iaLPSS_I2C; C:\Windows\System32\drivers\iaLPSS_I2C.sys [99320 2014-12-11] (Intel Corporation)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-03-18] (Malwarebytes)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-09-30] (Intel Corporation)
S3 MiraDispKmd; C:\Windows\System32\drivers\MiraDispKmd.sys [23552 2015-10-30] (Microsoft Corporation)
R3 mrvlpcie8897; C:\Windows\System32\drivers\mrvlpcie8897.sys [1058832 2016-01-07] (Marvell Semiconductors Inc.)
R3 msu30x64w8; C:\Windows\System32\drivers\msu30x64w8.sys [122368 2015-10-30] (Realtek                                            )
R3 SurfaceAccessoryDevice; C:\Windows\System32\drivers\SurfaceAccessoryDevice.sys [51856 2014-12-11] (Microsoft Corporation)
R3 SurfaceCapacitiveHomeButton; C:\Windows\System32\drivers\SurfaceCapacitiveHomeButton.sys [44152 2014-12-11] (Microsoft Corporation)
R3 SurfaceDisplayCalibration; C:\Windows\System32\drivers\SurfaceDisplayCalibration.sys [41616 2014-12-11] (Microsoft Corporation)
R3 SurfaceIntegrationDriver; C:\Windows\System32\drivers\SurfaceIntegrationDriver.sys [63000 2015-09-30] (Microsoft Corporation)
R0 SurfacePciController; C:\Windows\System32\drivers\SurfacePciController.sys [35440 2014-12-11] (Microsoft Corporation)
R3 SurfacePenDriver; C:\Windows\System32\drivers\SurfacePenDriver.sys [102552 2016-01-27] (Microsoft Corporation)
S3 SurfaceTypeCover; C:\Windows\System32\drivers\SurfaceTypeCover.sys [67592 2015-10-26] (Microsoft Corporation)
S3 SurfaceTypeCoverV3Integration; C:\Windows\System32\drivers\SurfaceTypeCoverV3Integration.sys [52768 2015-10-26] (Microsoft Corporation)
R3 TrueColor; C:\Windows\system32\DRIVERS\TrueColor.sys [35952 2014-12-11] ()
R3 usbaud; C:\Windows\system32\DRIVERS\usbaud64.sys [106752 2015-09-30] (Microsoft)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-18 19:38 - 2016-03-18 19:38 - 00033738 _____ C:\Users\Jeff\Desktop\FRST.txt
2016-03-18 19:38 - 2016-03-18 19:38 - 00000000 ____D C:\FRST
2016-03-18 19:37 - 2016-03-18 19:37 - 02374144 _____ (Farbar) C:\Users\Jeff\Desktop\FRST64.exe
2016-03-18 18:59 - 2016-03-18 18:59 - 00000000 ____D C:\Users\Jeff\Documents\Paypal Credit
2016-03-17 10:48 - 2016-03-18 19:26 - 00000000 ____D C:\Users\Jeff\Desktop\Contigo
2016-03-16 19:45 - 2016-03-16 19:45 - 00238231 _____ C:\Users\Jeff\Downloads\Shopify Chase Dispute Letter.pdf
2016-03-16 08:42 - 2016-03-16 08:42 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
2016-03-16 08:42 - 2016-03-16 08:42 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-03-11 13:03 - 2016-03-11 13:03 - 00000000 ____D C:\Users\Jeff\AppData\Local\Bluestacks
2016-03-10 16:42 - 2016-03-10 17:18 - 00000000 ____D C:\Users\Jeff\Documents\Health & Fitness Niche
2016-03-10 14:18 - 2016-03-10 16:38 - 00000000 ____D C:\Users\Jeff\Desktop\Health & Fitness Niche
2016-03-10 10:44 - 2016-03-10 10:44 - 00000000 ____D C:\Users\Jeff\Documents\Get Response
2016-03-09 19:49 - 2016-03-10 09:21 - 00011945 ____H C:\Users\Jeff\Documents\~WRL2349.tmp
2016-03-09 15:23 - 2016-03-09 15:23 - 00019338 _____ C:\Users\Jeff\Desktop\February 25 2016 Webiner Replay.htm
2016-03-09 15:22 - 2016-03-09 15:22 - 00019338 _____ C:\Users\Jeff\Desktop\February 18 2016 Webiner Replay.htm
2016-03-09 15:22 - 2016-03-09 15:22 - 00019338 _____ C:\Users\Jeff\Desktop\February 11 2016 Webiner Replay.htm
2016-03-08 18:05 - 2016-03-08 18:05 - 00110491 _____ C:\Users\Jeff\Desktop\Secure Message Center  Mesaage Sent.pdf
2016-03-08 17:55 - 2016-03-08 17:57 - 00131611 _____ C:\Users\Jeff\Desktop\Chase Bank Secure Message 03.08.2016.pdf
2016-03-08 17:45 - 2016-03-09 12:35 - 00139168 _____ C:\Users\Jeff\Desktop\Chase Bank Secure Message 3.8.2016.pdf
2016-03-08 17:33 - 2015-03-08 18:13 - 00368776 _____ C:\Users\Jeff\Desktop\Shopify Jewelry Sleuth Dispute.pdf
2016-03-08 14:40 - 2016-03-08 14:40 - 00000493 _____ C:\Users\Jeff\Downloads\customer_metrics_report (1).txt
2016-03-08 14:35 - 2016-03-08 14:35 - 00000401 _____ C:\Users\Jeff\Downloads\customer_metrics_report.txt
2016-03-05 08:23 - 2016-03-05 08:23 - 00212068 _____ C:\WINDOWS\Minidump\030516-7296-01.dmp
2016-03-04 16:42 - 2016-03-04 16:42 - 00051415 _____ C:\Users\Jeff\Downloads\report.pdf
2016-03-03 12:05 - 2016-03-03 12:30 - 00000000 ____D C:\Users\Jeff\Desktop\Shopify Shipping Setup
2016-03-02 21:45 - 2016-03-02 21:46 - 271802696 _____ (BlueStack Systems Inc.) C:\Users\Jeff\Downloads\BlueStacks2_native (2).exe
2016-03-02 21:39 - 2016-03-09 17:34 - 00000000 ____D C:\ProgramData\BlueStacksSetup
2016-03-02 21:38 - 2016-03-02 21:39 - 271802696 _____ (BlueStack Systems Inc.) C:\Users\Jeff\Downloads\BlueStacks2_native.exe
2016-03-01 20:24 - 2016-02-23 04:27 - 07475040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-01 20:24 - 2016-02-23 04:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-01 20:24 - 2016-02-23 04:23 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-01 20:24 - 2016-02-23 04:22 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-01 20:24 - 2016-02-23 04:15 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-01 20:24 - 2016-02-23 03:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-01 20:24 - 2016-02-23 03:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-01 20:24 - 2016-02-23 03:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-01 20:24 - 2016-02-23 03:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-01 20:24 - 2016-02-23 03:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-01 20:24 - 2016-02-23 03:21 - 06606568 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-01 20:24 - 2016-02-23 02:45 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-01 20:24 - 2016-02-23 02:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-01 20:24 - 2016-02-23 02:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-01 20:24 - 2016-02-23 02:26 - 05241984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-01 20:24 - 2016-02-23 01:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-01 20:24 - 2016-02-23 01:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-01 20:24 - 2016-02-23 01:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-01 20:24 - 2016-02-23 01:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-01 20:24 - 2016-02-23 01:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-01 20:24 - 2016-02-23 01:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-01 20:24 - 2016-02-23 01:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-01 20:24 - 2016-02-23 00:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-01 20:24 - 2016-02-23 00:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-01 20:24 - 2016-02-23 00:41 - 03594240 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-01 20:24 - 2016-02-23 00:30 - 02275840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-01 20:24 - 2016-02-23 00:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-01 20:24 - 2016-02-23 00:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-01 20:24 - 2016-02-23 00:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-01 20:24 - 2016-02-23 00:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-01 20:24 - 2016-02-22 23:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-01 20:24 - 2016-02-22 23:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-01 20:24 - 2016-02-22 23:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-01 20:24 - 2016-02-22 23:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-01 20:24 - 2016-02-22 23:50 - 22396416 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-01 20:24 - 2016-02-22 23:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-01 20:24 - 2016-02-22 23:40 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-01 20:24 - 2016-02-22 23:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-01 20:24 - 2016-02-22 23:36 - 19341312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-01 20:24 - 2016-02-22 23:36 - 18680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-01 20:24 - 2016-02-22 23:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-01 20:24 - 2016-02-22 23:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-01 20:24 - 2016-02-08 20:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-01 20:24 - 2016-02-08 20:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-01 20:24 - 2016-02-08 20:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-01 20:23 - 2016-02-23 04:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-01 20:23 - 2016-02-23 04:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-01 20:23 - 2016-02-23 04:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-01 20:23 - 2016-02-23 04:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-01 20:23 - 2016-02-23 04:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-01 20:23 - 2016-02-23 04:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-01 20:23 - 2016-02-23 04:09 - 01614176 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-01 20:23 - 2016-02-23 03:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-01 20:23 - 2016-02-23 03:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-01 20:23 - 2016-02-23 03:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-01 20:23 - 2016-02-23 03:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-01 20:23 - 2016-02-23 03:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-01 20:23 - 2016-02-23 03:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-01 20:23 - 2016-02-23 03:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-01 20:23 - 2016-02-23 03:31 - 00847656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-01 20:23 - 2016-02-23 03:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-01 20:23 - 2016-02-23 03:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-01 20:23 - 2016-02-23 03:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-01 20:23 - 2016-02-23 03:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-01 20:23 - 2016-02-23 02:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-01 20:23 - 2016-02-23 02:45 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-01 20:23 - 2016-02-23 02:44 - 00640984 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-01 20:23 - 2016-02-23 02:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-01 20:23 - 2016-02-23 02:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-01 20:23 - 2016-02-23 02:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-01 20:23 - 2016-02-23 02:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-01 20:23 - 2016-02-23 02:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-01 20:23 - 2016-02-23 02:38 - 00709176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-01 20:23 - 2016-02-23 02:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-01 20:23 - 2016-02-23 02:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-01 20:23 - 2016-02-23 02:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-01 20:23 - 2016-02-23 02:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-01 20:23 - 2016-02-23 02:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-01 20:23 - 2016-02-23 02:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-01 20:23 - 2016-02-23 02:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-01 20:23 - 2016-02-23 01:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-01 20:23 - 2016-02-23 01:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-01 20:23 - 2016-02-23 01:54 - 00539256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-01 20:23 - 2016-02-23 01:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-01 20:23 - 2016-02-23 01:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-01 20:23 - 2016-02-23 01:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-01 20:23 - 2016-02-23 01:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-01 20:23 - 2016-02-23 01:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-01 20:23 - 2016-02-23 01:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-01 20:23 - 2016-02-23 01:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-01 20:23 - 2016-02-23 01:30 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-01 20:23 - 2016-02-23 01:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-01 20:23 - 2016-02-23 01:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-01 20:23 - 2016-02-23 01:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-01 20:23 - 2016-02-23 01:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-01 20:23 - 2016-02-23 01:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-01 20:23 - 2016-02-23 01:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-01 20:23 - 2016-02-23 01:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-01 20:23 - 2016-02-23 01:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-01 20:23 - 2016-02-23 01:13 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-01 20:23 - 2016-02-23 01:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-01 20:23 - 2016-02-23 01:11 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-01 20:23 - 2016-02-23 01:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-01 20:23 - 2016-02-23 01:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-01 20:23 - 2016-02-23 01:09 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-01 20:23 - 2016-02-23 01:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-01 20:23 - 2016-02-23 01:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-01 20:23 - 2016-02-23 01:06 - 01848832 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-01 20:23 - 2016-02-23 01:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-01 20:23 - 2016-02-23 01:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-01 20:23 - 2016-02-23 01:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-01 20:23 - 2016-02-23 01:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-01 20:23 - 2016-02-23 01:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-01 20:23 - 2016-02-23 00:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-01 20:23 - 2016-02-23 00:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-01 20:23 - 2016-02-23 00:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-01 20:23 - 2016-02-23 00:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-01 20:23 - 2016-02-23 00:47 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-01 20:23 - 2016-02-23 00:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-01 20:23 - 2016-02-23 00:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-01 20:23 - 2016-02-23 00:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-01 20:23 - 2016-02-23 00:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-01 20:23 - 2016-02-23 00:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-01 20:23 - 2016-02-23 00:31 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-01 20:23 - 2016-02-23 00:30 - 01832448 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-01 20:23 - 2016-02-23 00:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-01 20:23 - 2016-02-23 00:29 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-01 20:23 - 2016-02-23 00:26 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-01 20:23 - 2016-02-23 00:25 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-01 20:23 - 2016-02-23 00:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-01 20:23 - 2016-02-23 00:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-01 20:23 - 2016-02-23 00:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-01 20:23 - 2016-02-23 00:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-01 20:23 - 2016-02-23 00:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-01 20:23 - 2016-02-23 00:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-01 20:23 - 2016-02-23 00:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-01 20:23 - 2016-02-23 00:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-01 20:23 - 2016-02-22 23:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-01 20:23 - 2016-02-22 23:55 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-01 20:23 - 2016-02-22 23:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-01 20:23 - 2016-02-22 23:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-01 20:23 - 2016-02-22 23:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-01 20:23 - 2016-02-22 23:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-01 20:23 - 2016-02-22 23:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-01 20:23 - 2016-02-22 23:33 - 14254080 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-01 20:23 - 2016-02-22 23:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-01 20:23 - 2016-02-22 23:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-01 20:23 - 2016-02-22 23:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-01 20:23 - 2016-02-22 23:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-01 20:23 - 2016-02-22 23:26 - 12587520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-01 20:23 - 2016-02-08 21:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-01 20:23 - 2016-02-08 20:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-01 20:23 - 2016-02-08 20:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-03-01 20:22 - 2016-02-23 04:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-01 20:22 - 2016-02-23 04:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-01 20:22 - 2016-02-23 04:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-01 20:22 - 2016-02-23 03:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-01 20:22 - 2016-02-23 03:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-01 20:22 - 2016-02-23 03:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-01 20:22 - 2016-02-23 02:49 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-01 20:22 - 2016-02-23 02:45 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-01 20:22 - 2016-02-23 02:45 - 00259336 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-01 20:22 - 2016-02-23 02:44 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-01 20:22 - 2016-02-23 02:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-01 20:22 - 2016-02-23 02:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-01 20:22 - 2016-02-23 02:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-01 20:22 - 2016-02-23 02:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-01 20:22 - 2016-02-23 02:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-01 20:22 - 2016-02-23 02:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-01 20:22 - 2016-02-23 02:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-01 20:22 - 2016-02-23 02:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-01 20:22 - 2016-02-23 02:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-01 20:22 - 2016-02-23 02:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-01 20:22 - 2016-02-23 02:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-01 20:22 - 2016-02-23 02:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-01 20:22 - 2016-02-23 02:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-01 20:22 - 2016-02-23 01:58 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-01 20:22 - 2016-02-23 01:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-01 20:22 - 2016-02-23 01:55 - 00221600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-01 20:22 - 2016-02-23 01:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-01 20:22 - 2016-02-23 01:54 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-01 20:22 - 2016-02-23 01:54 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-03-01 20:22 - 2016-02-23 01:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-01 20:22 - 2016-02-23 01:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-01 20:22 - 2016-02-23 01:51 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-03-01 20:22 - 2016-02-23 01:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-01 20:22 - 2016-02-23 01:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-01 20:22 - 2016-02-23 01:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-01 20:22 - 2016-02-23 01:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-01 20:22 - 2016-02-23 01:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-01 20:22 - 2016-02-23 01:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-01 20:22 - 2016-02-23 01:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-01 20:22 - 2016-02-23 01:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-01 20:22 - 2016-02-23 01:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-01 20:22 - 2016-02-23 01:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-01 20:22 - 2016-02-23 01:28 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-01 20:22 - 2016-02-23 01:25 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-01 20:22 - 2016-02-23 01:25 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-01 20:22 - 2016-02-23 01:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-01 20:22 - 2016-02-23 01:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-01 20:22 - 2016-02-23 01:22 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-01 20:22 - 2016-02-23 01:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-01 20:22 - 2016-02-23 01:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-01 20:22 - 2016-02-23 01:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-01 20:22 - 2016-02-23 01:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-01 20:22 - 2016-02-23 01:13 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-01 20:22 - 2016-02-23 01:13 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-01 20:22 - 2016-02-23 01:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-01 20:22 - 2016-02-23 01:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-01 20:22 - 2016-02-23 01:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-01 20:22 - 2016-02-23 01:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-01 20:22 - 2016-02-23 00:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-01 20:22 - 2016-02-23 00:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-01 20:22 - 2016-02-23 00:54 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-01 20:22 - 2016-02-23 00:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-01 20:22 - 2016-02-23 00:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-01 20:22 - 2016-02-23 00:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-01 20:22 - 2016-02-23 00:37 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-01 20:22 - 2016-02-23 00:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-01 20:22 - 2016-02-23 00:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-01 20:22 - 2016-02-23 00:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-01 20:22 - 2016-02-23 00:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-01 20:22 - 2016-02-23 00:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-01 20:22 - 2016-02-23 00:26 - 01498112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-01 20:22 - 2016-02-23 00:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-01 20:22 - 2016-02-23 00:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-01 20:22 - 2016-02-22 23:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-01 20:22 - 2016-02-22 23:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-01 20:22 - 2016-02-08 21:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-01 20:22 - 2016-02-08 20:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-02-24 08:04 - 2016-02-04 10:24 - 00822066 ____R C:\Users\Jeff\Desktop\Drop Shipping Template (2016_02_20 02_50_05 UTC).pdf
2016-02-20 23:05 - 2016-02-20 23:05 - 00000220 _____ C:\Users\Jeff\Documents\Configure your IDrive® Wi-fi device for Local Backup.URL
2016-02-20 23:00 - 2016-02-20 23:04 - 00000000 ____D C:\Users\Jeff\Documents\IDrive
2016-02-20 13:03 - 2016-02-20 13:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IDrive
2016-02-20 12:11 - 2016-02-20 12:11 - 20681744 _____ (Pro Softnet Corp ) C:\Users\Jeff\Downloads\IDriveWinSetup (10).exe
2016-02-20 12:03 - 2016-02-20 13:03 - 00001140 _____ C:\Users\Public\Desktop\IDrive.lnk
2016-02-20 12:03 - 2016-02-05 17:02 - 00533776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml.dll
2016-02-20 12:03 - 2016-02-05 17:02 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3a.dll
2016-02-20 11:57 - 2016-02-20 11:57 - 20681744 _____ (Pro Softnet Corp ) C:\Users\Jeff\Downloads\IDriveWinSetup (9).exe
2016-02-20 11:55 - 2016-02-20 11:55 - 20681744 _____ (Pro Softnet Corp ) C:\Users\Jeff\Downloads\IDriveWinSetup (8).exe
2016-02-17 18:07 - 2016-02-17 18:07 - 00000000 ____D C:\Users\Jeff\Desktop\eComsuiteX Contest Page Setup - Copy
2016-02-17 18:04 - 2016-02-17 18:06 - 00000000 ____D C:\Users\Jeff\Desktop\eComsuiteX Contest Page Setup
2016-02-17 17:50 - 2016-02-17 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dropbox

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-18 19:35 - 2015-09-30 08:11 - 00000000 ____D C:\ProgramData\IDrive
2016-03-18 19:33 - 2015-07-19 16:51 - 00000000 ___RD C:\Users\Jeff\Desktop\Goals & Priorities Discipline
2016-03-18 19:32 - 2015-06-23 14:45 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{419AD1CF-0A46-4EC1-AA73-23CC89A0798C}
2016-03-18 19:31 - 2015-06-24 10:39 - 00000572 _____ C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3198725457-717360934-4184150231-1001.job
2016-03-18 19:16 - 2015-06-23 15:17 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-18 18:50 - 2015-09-01 22:45 - 00000920 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job
2016-03-18 18:37 - 2015-06-24 10:39 - 00000668 _____ C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3198725457-717360934-4184150231-1001.job
2016-03-18 18:19 - 2015-06-23 21:36 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2016-03-18 15:36 - 2015-06-23 16:37 - 00000000 ____D C:\Users\Jeff\AppData\LocalLow\LastPass
2016-03-18 15:34 - 2015-12-12 09:20 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2016-03-18 13:52 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-18 12:54 - 2015-10-30 00:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-18 11:55 - 2015-06-23 13:04 - 00000000 __RDO C:\Users\Jeff\OneDrive
2016-03-18 10:34 - 2016-01-24 21:24 - 00000868 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3198725457-717360934-4184150231-1001Core.job
2016-03-18 10:16 - 2015-06-23 15:17 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-17 22:50 - 2015-09-01 22:45 - 00000916 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job
2016-03-17 14:24 - 2015-07-31 06:42 - 00000000 ____D C:\Users\Jeff\AppData\Local\ElevatedDiagnostics
2016-03-16 19:25 - 2015-11-12 12:26 - 00000000 ____D C:\Users\Jeff\Documents\Shopify
2016-03-16 10:43 - 2016-02-06 17:22 - 00000000 ____D C:\Users\Jeff\Documents\Notepad
2016-03-16 08:42 - 2016-01-26 22:02 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-03-14 17:40 - 2015-06-23 15:17 - 00002279 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-13 20:00 - 2015-07-26 09:46 - 00000000 ____D C:\Users\Jeff\AppData\Roaming\Skype
2016-03-13 16:09 - 2015-07-26 09:46 - 00000000 ____D C:\ProgramData\Skype
2016-03-13 15:16 - 2015-07-29 21:51 - 00002405 _____ C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-03-13 14:56 - 2015-10-30 00:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-13 14:56 - 2015-07-29 21:33 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-13 14:20 - 2015-10-30 00:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-13 14:10 - 2015-06-26 05:41 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-13 14:01 - 2015-06-26 05:41 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-12 07:49 - 2015-06-24 10:39 - 00003818 _____ C:\WINDOWS\System32\Tasks\G2MUploadTask-S-1-5-21-3198725457-717360934-4184150231-1001
2016-03-12 07:49 - 2015-06-24 10:39 - 00003722 _____ C:\WINDOWS\System32\Tasks\G2MUpdateTask-S-1-5-21-3198725457-717360934-4184150231-1001
2016-03-11 10:23 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2016-03-10 18:02 - 2015-07-15 13:49 - 00000000 ____D C:\Users\Jeff\AppData\Local\Microsoft Help
2016-03-10 09:29 - 2015-07-11 13:49 - 00000000 ____D C:\Users\Jeff\Documents\Outlook Files
2016-03-09 13:06 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-09 12:36 - 2015-12-12 09:22 - 00000000 ____D C:\Users\Jeff
2016-03-08 00:12 - 2015-10-30 00:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 00:12 - 2015-10-30 00:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-03-07 12:33 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-05 08:25 - 2015-12-12 09:27 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-05 08:25 - 2015-12-12 09:21 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2016-03-05 08:25 - 2015-12-12 09:20 - 00352344 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-05 08:25 - 2015-06-23 12:53 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-05 08:24 - 2015-10-30 02:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-05 08:24 - 2015-10-30 00:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-05 08:24 - 2015-10-30 00:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-05 08:24 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-05 08:24 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-05 08:24 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-05 08:24 - 2015-10-30 00:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-05 08:24 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-05 08:24 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-05 08:24 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-05 08:24 - 2015-10-30 00:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-05 08:24 - 2015-10-29 23:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2016-03-05 08:24 - 2015-10-29 23:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-05 08:24 - 2015-10-29 23:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-05 08:23 - 2016-01-18 11:01 - 00000000 ____D C:\WINDOWS\Minidump
2016-03-05 08:23 - 2015-08-01 07:44 - 1419075033 _____ C:\WINDOWS\MEMORY.DMP
2016-03-02 21:40 - 2015-10-30 00:24 - 00000000 __RHD C:\Users\Public\Libraries
2016-02-25 22:05 - 2015-10-30 00:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2016-02-25 22:02 - 2015-02-23 18:02 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2016-02-21 12:30 - 2015-06-23 12:58 - 00000000 ____D C:\Users\Jeff\AppData\Local\Packages
2016-02-20 13:04 - 2015-09-30 08:11 - 00000000 ____D C:\Program Files (x86)\IDriveWindows
2016-02-18 16:53 - 2016-02-13 14:45 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2016-02-18 16:53 - 2015-06-23 15:49 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2016-02-17 17:50 - 2015-09-01 22:45 - 00000000 ____D C:\Program Files (x86)\Dropbox

==================== Files in the root of some directories =======

2016-01-26 22:07 - 2016-01-26 22:07 - 0027934 _____ () C:\Users\Jeff\AppData\Roaming\net.telestream.wirecast.xml
2016-01-26 22:07 - 2016-01-26 22:07 - 0000000 _____ () C:\Users\Jeff\AppData\Roaming\wirecast_check_crash.txt
2015-07-22 12:53 - 2015-07-22 12:53 - 0000017 _____ () C:\Users\Jeff\AppData\Local\resmon.resmoncfg
2015-12-12 09:21 - 2015-12-12 09:21 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Jeff\AppData\Local\Temp\HD-Logger-Native.dll
C:\Users\Jeff\AppData\Local\Temp\HD-ShortcutHandler.dll
C:\Users\Jeff\AppData\Local\Temp\uninstall.exe


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2016-03-10 11:25

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Jeff (2016-03-18 19:39:04)
Running from C:\Users\Jeff\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-12 16:31:00)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3198725457-717360934-4184150231-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3198725457-717360934-4184150231-503 - Limited - Disabled)
Guest (S-1-5-21-3198725457-717360934-4184150231-501 - Limited - Disabled)
Jeff (S-1-5-21-3198725457-717360934-4184150231-1001 - Administrator - Enabled) => C:\Users\Jeff

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7-Zip 15.14 (x64) (HKLM\...\7-Zip) (Version: 15.14 - Igor Pavlov)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
ChromecastApp (HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\{079ede36-133d-44b0-8053-c7c1fa8d2e0d}_is1) (Version: 1.5.1693.0 - Google Inc.)
Citrix Online Launcher (HKLM-x32\...\{8A16C63D-027A-4645-B394-C033665D0195}) (Version: 1.0.325 - Citrix)
DIRECTV Player (HKLM-x32\...\{04f0c8c0-e0c8-4292-8676-db9174655d7a}) (Version: 12.1 - DIRECTV)
Dropbox (HKLM-x32\...\Dropbox) (Version: 3.14.7 - Dropbox, Inc.)
Dropbox Update Helper (x32 Version: 1.3.27.35 - Dropbox, Inc.) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
GoToMeeting 7.13.1.4628 (HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\GoToMeeting) (Version: 7.13.1.4628 - CitrixOnline)
Grammarly (HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\Grammarly) (Version: 1.3.16 - Grammarly)
Grammarly for Microsoft® Office Suite (HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\{67ea7aa0-ae09-4050-a01a-26e212b3d0d0}) (Version: 6.4.104.5108 - Grammarly)
Grammarly for Microsoft® Office Suite (Version: 6.4.104.5108 - Grammarly) Hidden
HitmanPro 3.7 (HKLM\...\HitmanPro37) (Version: 3.7.13.258 - SurfRight B.V.)
IDrive Version - 6.0 (HKLM-x32\...\IDrive_is1) (Version: 6.0 - Pro Softnet Corp)
Infinite HD™ App (HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\Octoshape Streaming Services) (Version:  - Octoshape ApS)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 20.19.15.4331 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6568.2025 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Mozilla Firefox 44.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 44.0.2 (x86 en-US)) (Version: 44.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 44.0.2.5884 - Mozilla)
Mozy Restore Manager x64 (HKLM\...\{D8555D7B-3AF3-4F46-9603-479834D44835}) (Version: 2.3.0.621 - Mozy, Inc)
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6528.1011 - Microsoft Corporation) Hidden
paint.net (HKLM\...\{DADC2AF6-DC9F-4BCF-BFCE-DCEC16EF507C}) (Version: 4.0.9 - dotPDN LLC)
Private Internet Access Support Files (HKLM-x32\...\{7D72DAFF-DCB2-437B-BC22-4B2ABF21462B}) (Version: 1.0.0.0 - Private Internet Access)
QuickTime (HKLM-x32\...\{08CA9554-B5FE-4313-938F-D4A417B81175}) (Version: 7.50.61.0 - Apple Inc.)
SimpleMind desktop Pro 1.11.0d (HKLM-x32\...\SMPRO1_is1) (Version: 1.11.0d - ModelMaker Tools BV)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.111 - Skype Technologies S.A.)
Snagit 12 (HKLM-x32\...\{4FC332FE-CBE3-4AE0-B531-35048FD81912}) (Version: 12.4.1 - TechSmith Corporation)
Wirecast (HKLM-x32\...\{37C5DF8F-C877-4B87-AEF8-7771749B4A3D}) (Version: 5.0.3 - Telestream, Inc.)
XMind 7 (v3.6.0) (HKLM-x32\...\XMind_is1) (Version: 3.6.0.R-201511090408 - XMind Ltd.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3198725457-717360934-4184150231-1001_Classes\CLSID\{2AD206F1-152C-4F9D-A24E-6F93FE7A4AFC}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Grammarly\Grammarly for Microsoft Office Suite\6.4.104.5108\52CB11A2EF254977AF6F19895C2EF873\GrammarlyShim64.dll (CompanyName)
CustomCLSID: HKU\S-1-5-21-3198725457-717360934-4184150231-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Jeff\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3198725457-717360934-4184150231-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
CustomCLSID: HKU\S-1-5-21-3198725457-717360934-4184150231-1001_Classes\CLSID\{84B5A313-CD5D-4904-8BA2-AFDC81C1B309}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4431\G2MOutlookAddin64.dll (Citrix Online, a division of Citrix Systems, Inc.)
CustomCLSID: HKU\S-1-5-21-3198725457-717360934-4184150231-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
CustomCLSID: HKU\S-1-5-21-3198725457-717360934-4184150231-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\Jeff\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00403FBD-33CC-4BFC-B79D-7104CB2D41FF} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {0CABE570-3DAC-42E9-9663-4CE165B8B2A2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {2FC49EA6-25A6-4F56-B899-8E4F6ACF90AC} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3198725457-717360934-4184150231-1001UA => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-24] (Google Inc.)
Task: {35BEA135-23B3-4A56-8080-046E63748703} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {376571AE-28A3-4D8A-95BF-B4A35BCBA9DF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3F8367EF-8562-48A0-8A97-664C018BD674} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {43D743E0-0709-451A-9007-93074079CB5D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {453B72C0-AAFA-4C34-8F5E-A933E6AF1089} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2016-02-25] (Microsoft Corporation)
Task: {4E8118DD-4DE7-4576-AABD-1551BBD63D64} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {4F46CBDC-213B-4EFC-B2A5-91ACB834672A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-3198725457-717360934-4184150231-1001Core => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe [2016-01-24] (Google Inc.)
Task: {53DDC2B5-D516-459D-B38B-57CEA8944E6F} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23] (Google Inc.)
Task: {591AE3DA-B0A8-4358-BEBE-103AEB61C69F} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-23] (Google Inc.)
Task: {75490C4D-DDAC-4471-9CDC-E4C32405069B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-13] (Microsoft Corporation)
Task: {945FAA2F-2523-4272-9494-531425226085} - System32\Tasks\TechSmith Updater => C:\Program Files (x86)\Common Files\TechSmith Shared\Updater\TSCUpdClt.exe [2015-08-11] (TechSmith Corporation)
Task: {9DAB374E-E3BD-4650-8AF5-F75D3C8990C3} - System32\Tasks\Private Internet Access Startup => C:\Program Files\pia_manager\pia_manager.exe [2015-12-04] ()
Task: {AAAF5FFE-76DB-4FDC-8D52-B391045B0BC1} - System32\Tasks\DropboxUpdateTaskMachineCore => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-01] (Dropbox, Inc.)
Task: {AE2E86F5-0DD4-4B6F-82F9-55E23D3D7543} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {BC1D6C65-83E1-4067-8846-E51FAAEEC65E} - System32\Tasks\DropboxUpdateTaskMachineUA => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe [2015-09-01] (Dropbox, Inc.)
Task: {C6F6762E-0DCD-4A3D-AA20-4F29B277CA13} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2016-02-04] (Microsoft Corporation)
Task: {CB19FE36-AAD2-4779-9E1F-1924AA635975} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D5218239-8207-4215-852B-ABC2D10C7E7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DB722DD3-9701-4358-8AE2-67A57E730D8A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DE9919FF-DEA0-4E19-9188-F4ADDC1EB185} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {E3F166AB-BB8E-45F5-AC21-1A5CFB02C326} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)
Task: {E5CED888-CF0D-4A31-BB87-45D7B710CA35} - System32\Tasks\G2MUpdateTask-S-1-5-21-3198725457-717360934-4184150231-1001 => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4628\g2mupdate.exe [2016-03-12] (Citrix Online, a division of Citrix Systems, Inc.)
Task: {F1A668A1-F368-4BCA-89B5-A4C8BC28E0EE} - System32\Tasks\G2MUploadTask-S-1-5-21-3198725457-717360934-4184150231-1001 => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4628\g2mupload.exe [2016-03-12] (Citrix Online, a division of Citrix Systems, Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineCore.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskMachineUA.job => C:\Program Files (x86)\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\G2MUpdateTask-S-1-5-21-3198725457-717360934-4184150231-1001.job => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4628\g2mupdate.exe
Task: C:\WINDOWS\Tasks\G2MUploadTask-S-1-5-21-3198725457-717360934-4184150231-1001.job => C:\Users\Jeff\AppData\Local\Citrix\GoToMeeting\4628\g2mupload.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3198725457-717360934-4184150231-1001Core.job => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-3198725457-717360934-4184150231-1001UA.job => C:\Users\Jeff\AppData\Local\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

ShortcutWithArgument: C:\Users\Jeff\Dropbox\File Cabinet\Gmail.lnk -> C:\Program Files (x86)\Mozilla Firefox\firefox.exe (Mozilla Corporation) -> hxxp://mail.google.com/mail/
ShortcutWithArgument: C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\Default\Web Applications\www.evernote.com\https_80\Have Evernote with you, wherever you are.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.evernote.com/LoggedOut.action
ShortcutWithArgument: C:\Users\Jeff\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Evernote.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.evernote.com/LoggedOut.action
ShortcutWithArgument: C:\Users\Jeff\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Evernote.lnk -> C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) ->  --app=hxxps://www.evernote.com/LoggedOut.action

==================== Loaded Modules (Whitelisted) ==============

2015-12-04 08:39 - 2016-02-04 06:51 - 00173256 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2016-02-20 12:03 - 2016-02-17 18:28 - 00043520 _____ () C:\Program Files (x86)\IDriveWindows\RemoteManagement.dll
2016-02-20 12:03 - 2016-02-17 18:28 - 00013312 _____ () C:\Program Files (x86)\IDriveWindows\SqliteWrapper.dll
2016-02-20 12:03 - 2016-02-05 17:02 - 00834048 _____ () C:\Program Files (x86)\IDriveWindows\sqlite3.dll
2016-02-20 12:03 - 2016-02-05 17:02 - 00412672 _____ () C:\Program Files (x86)\IDriveWindows\Sync.dll
2015-10-30 00:18 - 2015-10-30 00:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-01 20:23 - 2016-02-23 04:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-01 20:23 - 2016-02-23 04:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-30 08:11 - 2016-02-05 17:02 - 00601600 _____ () C:\Program Files (x86)\IDriveWindows\IDContextMenu.dll
2016-01-12 17:19 - 2016-01-04 18:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-21 14:06 - 2016-01-21 14:06 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2015-12-17 21:46 - 2015-12-06 21:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-01 20:23 - 2016-02-23 01:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-03-01 20:22 - 2016-02-23 01:38 - 00674816 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\MtcUvc.dll
2016-03-01 20:23 - 2016-02-23 04:27 - 02654872 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-08-23 12:06 - 2015-08-23 12:06 - 01384416 _____ () C:\Users\Jeff\AppData\Local\DIRECTV Player\NDSPCShowServer.exe
2016-02-25 21:57 - 2016-02-04 06:53 - 08914120 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2016-01-17 08:12 - 2016-01-17 08:12 - 03501056 _____ () C:\Program Files\WindowsApps\Evernote.Evernote_3.3.0.102_x86__q4d96b2w5wcc2\Evernote.Windows.exe
2016-01-12 17:19 - 2016-01-04 18:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-12 17:19 - 2016-01-04 18:24 - 00936960 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2016-01-27 17:30 - 2016-01-15 22:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-27 17:30 - 2016-01-15 22:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-12 09:19 - 2015-12-12 09:19 - 00529408 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-10-30 00:18 - 2015-10-30 02:07 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-10-30 00:18 - 2015-10-30 02:07 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-10-30 00:18 - 2015-10-30 02:07 - 00961024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-10-30 00:18 - 2015-10-30 02:07 - 00206336 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-10-30 00:18 - 2015-10-30 02:07 - 00558592 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-10-30 00:18 - 2015-10-30 02:07 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-10-30 00:18 - 2015-10-30 02:07 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-10-30 00:18 - 2015-10-30 02:07 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-10-30 00:18 - 2015-10-30 02:07 - 00200192 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2016-01-21 14:06 - 2016-01-21 14:06 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2016-01-21 14:06 - 2016-01-21 14:06 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-08-23 12:06 - 2015-08-23 12:06 - 11424224 _____ () C:\Users\Jeff\AppData\Local\DIRECTV Player\PCShowServer.dll
2015-08-23 12:06 - 2015-08-23 12:06 - 00340440 _____ () C:\Users\Jeff\AppData\Local\DIRECTV Player\ndsLogStore.dll
2015-08-23 12:06 - 2015-08-23 12:06 - 03301344 _____ () C:\Users\Jeff\AppData\Local\DIRECTV Player\DrmSingleton.dll
2015-08-23 12:06 - 2015-08-23 12:06 - 02101224 _____ () C:\Users\Jeff\AppData\Local\DIRECTV Player\DiscoveryManager.dll
2015-08-23 12:06 - 2015-08-23 12:06 - 08347104 _____ () C:\Users\Jeff\AppData\Local\DIRECTV Player\gsttspplugin.dll
2015-08-23 12:06 - 2015-08-23 12:06 - 00690152 _____ () C:\Users\Jeff\AppData\Local\DIRECTV Player\libgstreamer-0.10.dll
2015-08-23 12:06 - 2015-08-23 12:06 - 01404376 _____ () C:\Users\Jeff\AppData\Local\DIRECTV Player\libxml2-2.dll
2015-08-23 12:06 - 2015-08-23 12:06 - 00093128 _____ () C:\Users\Jeff\AppData\Local\DIRECTV Player\z.dll
2015-06-16 16:50 - 2015-06-16 16:50 - 02099200 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_core249.dll
2015-06-16 16:50 - 2015-06-16 16:50 - 01914368 _____ () C:\Program Files (x86)\TechSmith\Snagit 12\opencv_imgproc249.dll
2015-06-16 16:50 - 2015-06-16 16:50 - 04710400 ____R () C:\Program Files (x86)\TechSmith\Snagit 12\PDFNetC.dll
2016-03-09 01:44 - 2016-03-09 01:44 - 01114136 _____ () C:\Users\Jeff\AppData\Roaming\Mozilla\Firefox\Profiles\2zsf27jd.default\extensions\support@lastpass.com\platform\WINNT_x86-msvc\components\lpxpcom.dll
2015-02-23 17:45 - 2014-12-11 13:00 - 00410744 ____N () C:\WINDOWS\SYSTEM32\TrueColor5.2\LcProxy2.ax
2015-02-23 17:45 - 2014-12-11 13:00 - 00749168 ____N () C:\WINDOWS\SYSTEM32\TrueColor5.2\CAL2.dll
2014-04-15 18:13 - 2014-04-15 18:13 - 00072192 _____ () C:\Program Files (x86)\Telestream\Wirecast\filters\WirecastVirtualCamera.ax
2016-03-14 17:39 - 2016-03-07 19:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-14 17:39 - 2016-03-07 19:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
2016-03-10 09:21 - 2016-03-08 13:16 - 17541312 _____ () C:\Users\Jeff\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.182\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2013-08-22 06:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3198725457-717360934-4184150231-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Jeff\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\st. john us virgin island.jpg
DNS Servers: 209.18.47.62 - 209.18.47.61
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Snagit 12.lnk"
HKLM\...\StartupApproved\Run32: => "Dropbox"
HKLM\...\StartupApproved\Run32: => "IDrive Background process"
HKLM\...\StartupApproved\Run32: => "IDrive Tray"
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_1D9E4397701B26121F48AD4BA9175EBF"
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{70D4EEEF-E47A-4185-BF48-37D67F2F99C3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{C6FE20AD-A336-41BA-BBAB-3314E85C7524}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [UDP Query User{796E9774-61F4-40C9-B69F-91DAEC14ACAB}C:\users\jeff\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\jeff\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [TCP Query User{A4EAC37B-7A0C-45DA-ADD7-CAF049AEBFA6}C:\users\jeff\appdata\local\directv player\ndspcshowserver.exe] => (Block) C:\users\jeff\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [UDP Query User{C83DADAB-F1ED-4956-AFD7-BCEFDFBF1D70}C:\users\jeff\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\jeff\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [TCP Query User{DF2F8B57-29B4-4169-89F3-9F5CA8A2F8EB}C:\users\jeff\appdata\local\directv player\ndspcshowserver.exe] => (Allow) C:\users\jeff\appdata\local\directv player\ndspcshowserver.exe
FirewallRules: [{562E28A4-40DD-4AE3-B852-DCCC1EB365C5}] => (Allow) LPort=8298
FirewallRules: [{40B1B6A0-63BC-4DD1-9F45-D82D6D63CC2B}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5DBF85EF-4970-40B6-970D-B7EEB72E9330}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{7092F47E-64E1-4DE8-89FC-425AB3FD10A4}] => (Allow) C:\Users\Jeff\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [TCP Query User{A5D7788D-D926-4DBC-ACA2-B1FF5B9AD7B2}C:\program files\common files\microsoft shared\ink\inputpersonalization.exe] => (Block) C:\program files\common files\microsoft shared\ink\inputpersonalization.exe
FirewallRules: [UDP Query User{8EF27FC2-5FF2-4E9E-90A6-EEFD7697D57D}C:\program files\common files\microsoft shared\ink\inputpersonalization.exe] => (Block) C:\program files\common files\microsoft shared\ink\inputpersonalization.exe
FirewallRules: [UDP Query User{664AD449-B8B9-4144-B7B7-B52DA48AD5C7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{F6E090E7-1DBA-4676-A680-D776D949FF51}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{009C2C68-CB1C-4F03-ABD9-502B03B9C878}] => (Block) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [{A1CFB74E-B38C-4E4F-A195-C404F0FF22AD}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{CBA0115A-C29D-4E22-8A54-2D6F03E89E25}] => (Allow) C:\Program Files (x86)\Dropbox\Client\Dropbox.exe
FirewallRules: [{5E8573E9-9A1D-44A6-AF61-8E3DEDBA070D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

01-03-2016 16:36:02 Scheduled Checkpoint
09-03-2016 14:39:29 Scheduled Checkpoint
11-03-2016 13:01:30 Removed BlueStacks App Player

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (03/18/2016 06:15:40 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: chrome.exe, version: 48.0.2564.116, time stamp: 0x56c52f1d
Faulting module name: chrome.dll, version: 48.0.2564.116, time stamp: 0x56c52969
Exception code: 0x80000003
Fault offset: 0x00568942
Faulting process id: 0x5b0
Faulting application start time: 0xchrome.exe0
Faulting application path: chrome.exe1
Faulting module path: chrome.exe2
Report Id: chrome.exe3
Faulting package full name: chrome.exe4
Faulting package-relative application ID: chrome.exe5

Error: (03/18/2016 06:05:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: twinapi.appcore.dll, version: 10.0.10586.0, time stamp: 0x5632d2f5
Exception code: 0xc000027b
Fault offset: 0x000000000004b199
Faulting process id: 0x439c
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (03/18/2016 04:50:11 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: backgroundTaskHost.exe, version: 10.0.10586.0, time stamp: 0x5632d8f0
Faulting module name: twinapi.appcore.dll, version: 10.0.10586.0, time stamp: 0x5632d2f5
Exception code: 0xc000027b
Fault offset: 0x000000000004b199
Faulting process id: 0x4f74
Faulting application start time: 0xbackgroundTaskHost.exe0
Faulting application path: backgroundTaskHost.exe1
Faulting module path: backgroundTaskHost.exe2
Report Id: backgroundTaskHost.exe3
Faulting package full name: backgroundTaskHost.exe4
Faulting package-relative application ID: backgroundTaskHost.exe5

Error: (03/18/2016 07:17:36 AM) (Source: VSS) (EventID: 4001) (User: )
Description: Volume Shadow Copy Service error: Cannot find diff areas for creating shadow copies.
Add at least one NTFS drive to the system with enough free space.
The free space needed is at least 320 Mb for each volume to be shadow copied.


Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Volume Name: \\?\Volume{301887e8-19e2-11e5-825b-c0335e2c6a1e}\
   Execution Context: System Provider

Error: (03/17/2016 11:44:57 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (03/17/2016 05:38:33 AM) (Source: VSS) (EventID: 4001) (User: )
Description: Volume Shadow Copy Service error: Cannot find diff areas for creating shadow copies.
Add at least one NTFS drive to the system with enough free space.
The free space needed is at least 320 Mb for each volume to be shadow copied.


Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Volume Name: \\?\Volume{301887e8-19e2-11e5-825b-c0335e2c6a1e}\
   Execution Context: System Provider

Error: (03/17/2016 05:36:53 AM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (03/17/2016 05:36:44 AM) (Source: VSS) (EventID: 4001) (User: )
Description: Volume Shadow Copy Service error: Cannot find diff areas for creating shadow copies.
Add at least one NTFS drive to the system with enough free space.
The free space needed is at least 320 Mb for each volume to be shadow copied.


Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Volume Name: \\?\Volume{301887e8-19e2-11e5-825b-c0335e2c6a1e}\
   Execution Context: System Provider

Error: (03/16/2016 08:31:30 AM) (Source: VSS) (EventID: 4001) (User: )
Description: Volume Shadow Copy Service error: Cannot find diff areas for creating shadow copies.
Add at least one NTFS drive to the system with enough free space.
The free space needed is at least 320 Mb for each volume to be shadow copied.


Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Volume Name: \\?\Volume{301887e8-19e2-11e5-825b-c0335e2c6a1e}\
   Execution Context: System Provider

Error: (03/16/2016 06:05:28 AM) (Source: VSS) (EventID: 4001) (User: )
Description: Volume Shadow Copy Service error: Cannot find diff areas for creating shadow copies.
Add at least one NTFS drive to the system with enough free space.
The free space needed is at least 320 Mb for each volume to be shadow copied.


Operation:
   Automatically choosing a diff-area volume
   Processing EndPrepareSnapshots

Context:
   Volume Name: \\?\Volume{301887e8-19e2-11e5-825b-c0335e2c6a1e}\
   Execution Context: System Provider


System errors:
=============
Error: (03/18/2016 03:34:04 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (03/18/2016 03:17:17 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (03/18/2016 03:15:24 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (03/18/2016 03:13:54 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (03/18/2016 02:47:02 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (03/18/2016 02:46:31 PM) (Source: DCOM) (EventID: 10010) (User: JEFF-PC)
Description: {3BFADDE5-09ED-42AE-8190-2E68B650CFE6}

Error: (03/18/2016 02:45:32 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (03/18/2016 02:44:02 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (03/18/2016 02:27:03 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}

Error: (03/18/2016 02:25:16 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {7006698D-2974-4091-A424-85DD0B909E23}


CodeIntegrity:
===================================
  Date: 2016-03-17 18:02:03.714
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-17 18:02:03.683
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-17 18:01:49.469
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-17 18:01:49.440
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-17 18:01:20.354
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-17 18:01:20.305
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-17 18:01:14.166
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-17 18:01:14.131
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-17 17:50:28.479
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.

  Date: 2016-03-17 17:50:28.445
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\MicRotateAPO.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4650U CPU @ 1.70GHz
Percentage of memory in use: 92%
Total physical RAM: 8097.07 MB
Available physical RAM: 639.71 MB
Total Virtual: 15521.07 MB
Available Virtual: 5697.61 MB

==================== Drives ================================

Drive c: (Windows) (Fixed) (Total:470.26 GB) (Free:361.98 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 476.9 GB) (Disk ID: 9B451D28)

Partition: GPT.

==================== End of Addition.txt ============================56ecc0c72d5b2_ZeusVirusPopup.thumb.jpg.5

Link to post
Share on other sites

Don't worry, that is a fake technical support number.

  • Step #1 Scan with Malwarebytes' Anti-Malware
    • Download Malwarebytes' Anti-Malware from the suitable link below --
    • Double-click on mbam-setup-version-number.exe to install the application.
    • Before clicking Finish perform the following actions --
      • Un-check the box beside Enable free trial of Malwarebytes Anti-Malware Premium.
      • Check the box beside Launch Malwarebytes Anti-Malware
    • Once the program has loaded, The MBAM dashboard will appear with an alert to update - click the green button Update Now;
      • Navigate to the Settings tab Detection and Protection and check all the boxes under Detection Options
    • From the Dashboard click on Scan Now;
    • If threats are detected, make sure everything is set to Quarantine and click on Apply actions. If the program asks to reboot your PC, let it do so;
    • On completion of the scan click on History > Application Log. After that click on the top Scan Log > Export, select Text File and save the log to your Desktop;
    • Copy and Paste the contents of the log in your next reply.
Link to post
Share on other sites

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 3/19/2016
Scan Time: 6:40 AM
Logfile: History Log.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.03.19.03
Rootkit Database: v2016.03.12.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Jeff

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 365373
Time Elapsed: 12 min, 26 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

Link to post
Share on other sites

  • Step #2 Fix with FRST
    Make sure that you still have FRST.exe on your Desktop. If you do not have it, download the suitable version from here to your Desktop.
    • Open Notepad.exe. Do not use any other text editor software;
    • Copy and Paste the contents inside the code-box to your Notepad --
      Start
      CreateRestorePoint:
      CloseProcesses:
      EmptyTemp:
      FF Session Restore: -> is enabled.
      CHR Session Restore: Default -> is enabled
      HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\RunOnce: [Uninstall C:\Users\Jeff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jeff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
      HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\RunOnce: [Uninstall C:\Users\Jeff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jeff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
      HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\MountPoints2: {696ae9dc-c49d-11e5-829f-c0335e2c6a1e} - "D:\TL-Bootstrap.exe"
      HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\MountPoints2: {696aea4a-c49d-11e5-829f-c0335e2c6a1e} - "D:\TL-Bootstrap.exe"
      Task: {0CABE570-3DAC-42E9-9663-4CE165B8B2A2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
      Task: {35BEA135-23B3-4A56-8080-046E63748703} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
      Task: {376571AE-28A3-4D8A-95BF-B4A35BCBA9DF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
      Task: {3F8367EF-8562-48A0-8A97-664C018BD674} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
      Task: {43D743E0-0709-451A-9007-93074079CB5D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
      Task: {4E8118DD-4DE7-4576-AABD-1551BBD63D64} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
      Task: {AE2E86F5-0DD4-4B6F-82F9-55E23D3D7543} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
      Task: {CB19FE36-AAD2-4779-9E1F-1924AA635975} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
      Task: {D5218239-8207-4215-852B-ABC2D10C7E7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
      Task: {DB722DD3-9701-4358-8AE2-67A57E730D8A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
      Task: {DE9919FF-DEA0-4E19-9188-F4ADDC1EB185} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
      CMD: bitsadmin /reset /allusers
      End
    • Click on File > Save as...
      • Inside the File Name box type fixlist.txt;
      • From the Save as type drop down list, choose All Files
    • Save the file to your Desktop;
    • Re-run FRST.exe and click Fix;
      • Note: If FRST advises there is a new updated version to be downloaded, do so/allow this.
    • After the completion, a log will be produced;
    • Copy and Paste the contents of the log in your next reply.


  • Step #3 ESET Online Scanner
  • Disable your security programs which includes but not limited to anti-virus, anti-malware, anti-spyware et cetera. Peruse this for additional information.
    • Download esetsmartinstaller_enu.exe by clicking here.
    • Right-click on the program and choose Run as administrator.
    • Accept their terms and condition and proceed.
    • Install Add-On/Active X if prompted.
    • From the Computer Scan Setting check the following box --
      • Enable detection for potentially unwanted programs
    • Click on Advanced Setting --
      • Check the box beside Remove Found Threats;
      • Check the box beside Scan archives
      • Check the box beside Scan for potentially unsafe applications
      • Check the box beside Enable Anti-Stealth Technology
    • Click on Start and wait for the virus signature database to update.
    • The online scan will begin automatically and can take several hours.
      • Note: Do not touch either the Mouse or keyboard during the scan. Otherwise it may stall.
    • After the Scan finishes --
      • If no threats were found:
        • Put a checkmark in Uninstall application on close.
        • Close the program and report that nothing was found
      • If threats were found:
        • Open the file located in C:\Program Files\ESET\ESET Online Scanner\log.txt (32-bit) or C:\Program Files (x86)\ESET\ESET Online Scanner\log.txt (64-bit).
        • Copy and Paste contents of the log file in your next reply.

Note: Enable your security programs afterwards.

 

 

 

 

 

 

 

 

 

 

 

 

 

Link to post
Share on other sites

I'm sorry for the response delay.  I lost some functionality after running FRST and had to reboot.

Do I have a virus, and if so, which virus?

 

Fix result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by Jeff (2016-03-19 18:35:25) Run:1
Running from C:\Users\Jeff\Desktop
Loaded Profiles: Jeff (Available Profiles: Jeff)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Start
CreateRestorePoint:
CloseProcesses:
EmptyTemp:
FF Session Restore: -> is enabled.
CHR Session Restore: Default -> is enabled
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\RunOnce: [Uninstall C:\Users\Jeff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jeff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64"
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\RunOnce: [Uninstall C:\Users\Jeff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Jeff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127"
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\MountPoints2: {696ae9dc-c49d-11e5-829f-c0335e2c6a1e} - "D:\TL-Bootstrap.exe"
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\...\MountPoints2: {696aea4a-c49d-11e5-829f-c0335e2c6a1e} - "D:\TL-Bootstrap.exe"
Task: {0CABE570-3DAC-42E9-9663-4CE165B8B2A2} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {35BEA135-23B3-4A56-8080-046E63748703} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {376571AE-28A3-4D8A-95BF-B4A35BCBA9DF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {3F8367EF-8562-48A0-8A97-664C018BD674} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {43D743E0-0709-451A-9007-93074079CB5D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {4E8118DD-4DE7-4576-AABD-1551BBD63D64} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {AE2E86F5-0DD4-4B6F-82F9-55E23D3D7543} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {CB19FE36-AAD2-4779-9E1F-1924AA635975} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D5218239-8207-4215-852B-ABC2D10C7E7D} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {DB722DD3-9701-4358-8AE2-67A57E730D8A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {DE9919FF-DEA0-4E19-9188-F4ADDC1EB185} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
CMD: bitsadmin /reset /allusers
End
*****************

Restore point was successfully created.
Processes closed successfully.
FF Session Restore: -> removed successfully
Chrome Session Restore: => removed successfully
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Jeff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\amd64 => value removed successfully
HKU\S-1-5-21-3198725457-717360934-4184150231-1001\Software\Microsoft\Windows\CurrentVersion\RunOnce\\Uninstall C:\Users\Jeff\AppData\Local\Microsoft\OneDrive\17.3.6301.0127 => value removed successfully
"HKU\S-1-5-21-3198725457-717360934-4184150231-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{696ae9dc-c49d-11e5-829f-c0335e2c6a1e}" => key removed successfully
HKCR\CLSID\{696ae9dc-c49d-11e5-829f-c0335e2c6a1e} => key not found. 
"HKU\S-1-5-21-3198725457-717360934-4184150231-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\MountPoints2\{696aea4a-c49d-11e5-829f-c0335e2c6a1e}" => key removed successfully
HKCR\CLSID\{696aea4a-c49d-11e5-829f-c0335e2c6a1e} => key not found. 
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0CABE570-3DAC-42E9-9663-4CE165B8B2A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CABE570-3DAC-42E9-9663-4CE165B8B2A2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{35BEA135-23B3-4A56-8080-046E63748703}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{35BEA135-23B3-4A56-8080-046E63748703}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{376571AE-28A3-4D8A-95BF-B4A35BCBA9DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{376571AE-28A3-4D8A-95BF-B4A35BCBA9DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3F8367EF-8562-48A0-8A97-664C018BD674}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3F8367EF-8562-48A0-8A97-664C018BD674}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{43D743E0-0709-451A-9007-93074079CB5D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{43D743E0-0709-451A-9007-93074079CB5D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4E8118DD-4DE7-4576-AABD-1551BBD63D64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4E8118DD-4DE7-4576-AABD-1551BBD63D64}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{AE2E86F5-0DD4-4B6F-82F9-55E23D3D7543}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AE2E86F5-0DD4-4B6F-82F9-55E23D3D7543}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{CB19FE36-AAD2-4779-9E1F-1924AA635975}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{CB19FE36-AAD2-4779-9E1F-1924AA635975}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D5218239-8207-4215-852B-ABC2D10C7E7D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D5218239-8207-4215-852B-ABC2D10C7E7D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DB722DD3-9701-4358-8AE2-67A57E730D8A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DB722DD3-9701-4358-8AE2-67A57E730D8A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE9919FF-DEA0-4E19-9188-F4ADDC1EB185}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE9919FF-DEA0-4E19-9188-F4ADDC1EB185}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.8.10586 ]
BITS administration utility.
(C) Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {C731B8A1-A7BC-4C97-B32F-63F0B35CF2E2}.
0 out of 1 jobs canceled.

========= End of CMD: =========

EmptyTemp: => 4.4 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 18:38:10 ====

Link to post
Share on other sites

Perusing your logs, I see no infection currently present in your system. Unless you are having any issue(s), the machine appears to be Malware-free as we speak.

 
 

♣ Removal of Tools and Quarantined Files ♣


 

Despite the tools we have used are clean, they are powerful removal tools and made in a way so that they carry out any commands given to them without (most cases) asking for a confirmation. In the hands of an inept person, they can make the machine un-bootable -- a scenario we do not wish to see. Also, we need to remove the quarantined files/folders from your system as a dormant malware can be as bad as an active one if given the proper environment. I shall now give you the guidelines to remove the tools and the quarantined files from your system.

  • Cleanup with Delfix
    Please download DelFix by Xplode to your Desktop.
    Download Link
    • Double-click to run the program;
      • Note: Windows Vista/7/8/8.1/10 users right-click and choose Run as administrator
    • Make sure that all the boxes are checked;
    • Click Run;
    • A log will be opened after the operation is finished;
    • Copy and Paste it in your next reply

 
 

♣ Prevention and Future Guidelines ♣


 

Prevention is better than cure -- goes the old saying. As much as we love to see you visit our site, we do not want to see you having your PC infected by malwares again.

  • Keep Windows up-to-date.
    It is extremely important that you keep your operating system (Windows) updated when updates are made available. It is set to alert you, so be sure not to ignore these notices and to allow the updates to install. Many of these are critical security packages which could very possibly be the difference between your picking up a future infiltration and simply passing right by it unharmed.
  • Run antivirus software and keep it up-to-date, too.
    Antivirus software is your safety net if all other protections fail. The first line of defense is smart computing, of course, but everyone needs a backup. I'd recommend Microsoft Security Essentials or avast!, both of which are excellent, as well as free. Once they're installed, check periodically to ensure they have been successfully updating as well. An out-of-date antivirus is not a happy antivirus!
  • Keep your web browser plugins and other programs updated also.
    This tip is rarely shared by technicians and its importance is not widely recognized, but it's absolutely critical. Programs such as Java, Adobe Flash Player and Adobe Reader, Internet Explorer, and myriad other such web-exposed items are deeply vulnerable to attack, which can quickly lead to a hopelessly infected system no matter what protection you currently have installed. The reason is that these programs are ubiquitous, but are also not perfect and are extremely complex... and as such, security vulnerabilities are discovered and exploited by hackers hoping to gain control over your machine. By performing every update for these programs as soon as it's made available, you will greatly reduce your exposure to dangerous internet threats.

    A great way to do this is to install the Filehippo Update Checker and run it regularly. Also, try not to ignore any notifications you receive regarding updates to programs already installed on your PC.

    No scripts is an excellent security device too. I like it but it is not for everyone because it requires you to take action if you want to see some things (pop ups, banners etc.) on sites you visit.

    Download NoSript by Giorgio Maone.

    Note: Sometimes you will get a site telling you that you need to install Java when actually all you need to do is enable the site through the no script icon down on the right hand side of your computer.
  • Watch out for new threat named CryptoLocker
    CryptoLocker is a new type ransomware family malware that encrypts your important files and asks for a ransom to decrypt them. At the moment of posting this reply there are no tools that can undo the havoc this malware causes. We can help you to remove the malware from your system but the files that was encrypted cannot be recovered without the decryption key. So, I ask for your forbearance and practice constant vigilance. Please read the following article to acknowledge yourself about the safety measures.
    How to prevent your computer from becoming infected by CryptoLocker.
  • And last of all, surf smart.
    It doesn't matter how well the autopilot system works if the pilot keeps flying the plane into mountain ranges. Don't forget that no matter how much you have protecting yourself, your security ultimately begins and ends with you. Don't visit dangerous or questionable web sites, avoid suspicious links on Facebook and emails/email attachments you're unsure about, and just generally keep your wits about you, and you'll be much safer. Also, avoid illegal downloads, cracks, "warez", and all other too-good-to-be-true internet offerings: they're typically laden with malware. Be smart and you can avoid most threats lurking about the darker corners of the internet! And for even more tips, see our article How Did I Get Infected in the First Place? and Keep Your Computer Safe Online.
     

Regards,
Valinorum

Link to post
Share on other sites

# DelFix v1.012 - Logfile created 22/03/2016 at 11:58:49
# Updated 04/03/2015 by Xplode
# Username : Jeff - JEFF-PC
# Operating System : Windows 10 Pro  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\RegBackup
Deleted : C:\Users\Jeff\Desktop\Addition.txt
Deleted : C:\Users\Jeff\Desktop\adwcleaner_4.207.exe
Deleted : C:\Users\Jeff\Desktop\Fixlog.txt
Deleted : C:\Users\Jeff\Desktop\FRST.txt
Deleted : C:\Users\Jeff\Desktop\FRST64.exe
Deleted : C:\Users\Jeff\Downloads\adwcleaner_4.207 (1).exe
Deleted : C:\Users\Jeff\Downloads\adwcleaner_4.207 (2).exe
Deleted : C:\Users\Jeff\Downloads\adwcleaner_4.207.exe
Deleted : C:\Users\Jeff\Downloads\esetsmartinstaller_enu.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

########## - EOF - ##########

Link to post
Share on other sites

  • Root Admin

Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks!

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.