Page 1 of 2 12 LastLast
Results 1 to 10 of 12

Thread: System is very glitchy.

  1. #1
    Member
    Join Date
    Jun 2008
    Posts
    54

    Default System is very glitchy.

    Ever since I have installed windows 10 my system has been glitchy, but in recent weeks it has gotten a lot worse. In particual the start button wold stop working, the screen will freeze, videos will suddenly stop playing or not start altogether, and even this page dropped while I was posting the logs, thrice. Any help you can render is appreciated. The requested logs are below.

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-02-2016 01
    Ran by Alan (administrator) on DELL (22-02-2016 21:46:36)
    Running from C:\Users\user\Desktop
    Loaded Profiles: Alan (Available Profiles: Alan)
    Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Chrome)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
    (Andrea Electronics Corporation) C:\Windows\System32\AECLSr64.exe
    (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe
    (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
    (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
    (Microsoft Corporation.) C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\SeaPort.EXE
    (Panda Security) C:\Program Files (x86)\Panda USB Vaccine\USBVaccine.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\Apoint.exe
    (Intel Corporation) C:\Windows\System32\hkcmd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApMsgFwd.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\hidfind.exe
    (Alps Electric Co., Ltd.) C:\Program Files\DellTPad\ApntEx.exe
    (Intel Corporation) C:\Windows\System32\igfxpers.exe
    (Dell Inc.) C:\Program Files\Dell\QuickSet\quickset.exe
    () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
    (Hewlett-Packard Co.) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    (CyberLink) C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastUI.exe
    (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
    (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
    (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.27.2.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [Apoint] => C:\Program Files\DellTPad\Apoint.exe [708952 2013-07-08] (Alps Electric Co., Ltd.)
    HKLM\...\Run: [QuickSet] => c:\Program Files\Dell\QuickSet\QuickSet.exe [3759504 2012-07-20] (Dell Inc.)
    HKLM\...\Run: [Dell Audio] => c:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe [20591616 2012-08-06] ()
    HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [277504 2012-07-09] (Intel Corporation)
    HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-07] (CyberLink)
    HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-04] (CyberLink Corp.)
    HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [143888 2012-06-01] (CyberLink Corp.)
    HKLM-x32\...\Run: [GrooveMonitor] => C:\Program Files (x86)\Microsoft Office\Office12\GrooveMonitor.exe [30040 2009-02-26] (Microsoft Corporation)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7021880 2015-12-14] (AVAST Software)
    HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
    HKLM-x32\...\Run: [Wondershare Helper Compact.exe] => C:\Program Files (x86)\Common Files\Wondershare\Wondershare Helper Compact\WSHelper.exe
    HKLM-x32\...\Run: [DelaypluginInstall] => C:\ProgramData\Wondershare\Video Converter Ultimate\DelayPluginI.exe
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4127488 2015-06-16] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
    HKLM-x32\...\Run: [ProductUpdater] => C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe [73216 2016-02-10] ()
    Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\Run: [Google Update] => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [144200 2015-08-30] (Google Inc.)
    HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\Run: [Spybot-S&D Cleaning] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDCleaner.exe [4594552 2015-06-16] (Safer-Networking Ltd.)
    HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-12-14] (AVAST Software)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2013-09-12]
    ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
    Tcpip\Parameters: [DhcpNameServer] 200.1.104.36 200.1.104.35
    Tcpip\..\Interfaces\{adf1526d-699b-4004-865b-2981dac3c120}: [DhcpNameServer] 200.1.104.35 200.1.104.36
    Tcpip\..\Interfaces\{fa97450f-e882-43c3-abef-371cf299a2f4}: [DhcpNameServer] 200.1.104.36 200.1.104.35

    Internet Explorer:
    ==================
    HKU\S-1-5-21-784291939-2049310861-2985522810-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE01&ocid=UE01DHP
    HKU\S-1-5-21-784291939-2049310861-2985522810-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://dell13.msn.com
    SearchScopes: HKU\S-1-5-21-784291939-2049310861-2985522810-1001 -> DefaultScope {15FA46C5-6D67-4BC0-B79F-850F465F5D88} URL =
    SearchScopes: HKU\S-1-5-21-784291939-2049310861-2985522810-1001 -> {012E1000-F331-11DB-8314-0800200C9A66} URL = hxxp://www.google.com/search?q={searchTerms}
    SearchScopes: HKU\S-1-5-21-784291939-2049310861-2985522810-1001 -> {15FA46C5-6D67-4BC0-B79F-850F465F5D88} URL =
    BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2012-07-31] (Qualcomm Atheros Commnucations)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-12-14] (AVAST Software)
    BHO: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office12\GrooveShellExtensions.dll [2009-02-26] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\ssv.dll [2016-02-02] (Oracle Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-12-14] (AVAST Software)
    BHO-x32: Bing Bar Helper -> {d2ce3e00-f94a-4740-988e-03dc2f38c34f} -> C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\jp2ssv.dll [2016-02-02] (Oracle Corporation)
    Toolbar: HKLM - No Name - {318A227B-5E9F-45bd-8999-7F8F10CA4CF5} - No File
    Toolbar: HKLM - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\amd64\BingExt.dll [2014-03-11] (Microsoft Corporation.)
    Toolbar: HKLM-x32 - Bing Bar - {8dcb7100-df86-4384-8842-8fa844297b3f} - C:\Program Files (x86)\Microsoft\BingBar\7.3.132.0\BingExt.dll [2014-03-11] (Microsoft Corporation.)

    FireFox:
    ========
    FF ProfilePath: C:\Users\user\AppData\Roaming\Mozilla\Firefox\Profiles\0wpdo2pa.default
    FF DefaultSearchEngine: Google
    FF DefaultSearchEngine.US: Google
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_306.dll [2016-02-10] ()
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_306.dll [2016-02-10] ()
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
    FF Plugin-x32: @java.com/DTPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\dtplugin\npDeployJava1.dll [2016-02-02] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.71.2 -> C:\Program Files (x86)\Java\jre1.8.0_71\bin\plugin2\npjp2.dll [2016-02-02] (Oracle Corporation)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-10] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.3 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
    FF Plugin HKU\S-1-5-21-784291939-2049310861-2985522810-1001: @talk.google.com/GoogleTalkPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-784291939-2049310861-2985522810-1001: @talk.google.com/O1DPlugin -> C:\Users\user\AppData\Roaming\Mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF Plugin HKU\S-1-5-21-784291939-2049310861-2985522810-1001: @tools.google.com/Google Update;version=3 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin HKU\S-1-5-21-784291939-2049310861-2985522810-1001: @tools.google.com/Google Update;version=9 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-01] (Google Inc.)
    FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npgoogletalk.dll [2015-12-08] (Google)
    FF Plugin ProgramFiles/Appdata: C:\Users\user\AppData\Roaming\mozilla\plugins\npo1d.dll [2015-12-08] (Google)
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-12-24]
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2015-12-14]
    FF HKLM-x32\...\Thunderbird\Extensions: [msktbird@mcafee.com] - C:\Program Files\McAfee\MSK => not found

    Chrome:
    =======
    CHR HomePage: Default -> hxxps://www.google.tt/
    CHR StartupUrls: Default -> "hxxps://www.google.tt/?gfe_rd=cr&ei=NNJEUpqTK8r28ga7rIH4BA"
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
    CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\PepperFlash\pepflashplayer.dll ()
    CHR Profile: C:\Users\user\AppData\Local\Google\Chrome\User Data\Default
    CHR Extension: (Google Docs) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
    CHR Extension: (Google Drive) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-21]
    CHR Extension: (YouTube) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
    CHR Extension: (Google Search) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
    CHR Extension: (Avast SafePrice) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\eofcbnmajmjmplflapaojjnihcjkigck [2016-01-28]
    CHR Extension: (Google Docs Offline) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-18]
    CHR Extension: (Avast Online Security) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\gomekmidlodglbbmalcneegieacbdmki [2016-02-13]
    CHR Extension: (Chrome Web Store Payments) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-24]
    CHR Extension: (Gmail) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-27]
    CHR Extension: (Abstract-Blue) - C:\Users\user\AppData\Local\Google\Chrome\User Data\Default\Extensions\plnacehkknmafkjgkikclamogikoiaaa [2014-07-17]
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswwebrepchrome-sp.crx [2014-08-04]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-12-14]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 AECLFilters; C:\Windows\system32\AECLSr64.exe [99696 2012-08-05] (Andrea Electronics Corporation)
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [226440 2015-12-14] (AVAST Software)
    S2 CirrusAudioService; c:\Program Files\Cirrus Logic Audio Panel\Cirrvus.exe [7168 2012-08-06] (Cirrus Logic) [File not signed]
    S2 DellDigitalDelivery; c:\Program Files (x86)\Dell Digital Delivery\DeliveryService.exe [173056 2012-06-19] (Dell Products, LP.) [File not signed]
    R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.)
    S3 IAStorDataMgrSvc; C:\Program Files (x86)\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [7168 2012-07-09] (Intel Corporation) [File not signed]
    R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
    S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
    S2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
    R2 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [254512 2012-04-24] ()
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1750712 2015-06-16] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2102496 2015-06-16] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [224712 2015-07-24] (Safer-Networking Ltd.)
    R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-01-12] (Dell Inc.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
    R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [77824 2012-07-22] (Atheros) [File not signed]

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-12-14] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [97648 2015-12-18] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-12-14] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-12-14] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1065208 2016-01-20] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [464256 2016-01-20] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [155304 2015-12-14] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [273784 2015-12-14] (AVAST Software)
    R3 athr; C:\Windows\System32\drivers\athw10x.sys [4318760 2015-08-13] (Qualcomm Atheros Communications, Inc.)
    R3 CirrusLFD; C:\Windows\system32\DRIVERS\CSLFDx64.sys [41328 2012-08-05] (Cirrus Logic)
    R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)
    S3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [23760 2015-01-30] (Dell Computer Corporation)
    S3 DellProf; C:\Windows\system32\drivers\DellProf.sys [23312 2015-01-30] (Dell Computer Corporation)
    S3 DellRbtn; C:\Windows\System32\drivers\DellRbtn.sys [10752 2012-08-05] (OSR Open Systems Resources, Inc.)
    S3 MBAMSwissArmy; C:\windows\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-03] (Malwarebytes Corporation)
    S3 PSKMAD; C:\Windows\System32\DRIVERS\PSKMAD.sys [50320 2015-01-29] (Panda Security, S.L.)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
    S3 taphss6; C:\Windows\system32\DRIVERS\taphss6.sys [42184 2014-05-16] (Anchorfree Inc.)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-22 21:46 - 2016-02-22 21:47 - 00021176 _____ C:\Users\user\Desktop\FRST.txt
    2016-02-22 21:45 - 2016-02-22 21:46 - 00000000 ____D C:\FRST
    2016-02-22 21:44 - 2016-02-22 21:45 - 02371072 _____ (Farbar) C:\Users\user\Desktop\FRST64.exe
    2016-02-22 21:43 - 2016-02-22 21:43 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-DELL-Windows-10-Home-(64-bit).dat
    2016-02-22 21:42 - 2016-02-22 21:42 - 00000000 ____D C:\RegBackup
    2016-02-22 21:40 - 2016-02-22 21:41 - 04777232 _____ (Tweaking.com) C:\Users\user\Desktop\tweaking.com_registry_backup_setup.exe
    2016-02-18 07:18 - 2016-02-18 07:20 - 00433900 _____ C:\WINDOWS\Minidump\021816-35937-01.dmp
    2016-02-14 17:37 - 2016-02-14 17:37 - 00000000 ____D C:\Users\user\AppData\Roaming\AVG
    2016-02-14 17:34 - 2016-02-14 17:34 - 00000000 ____D C:\Users\user\AppData\Local\Avg
    2016-02-14 17:30 - 2016-02-14 17:39 - 00000000 ____D C:\ProgramData\AVG
    2016-02-14 17:30 - 2016-02-14 17:30 - 00001395 _____ C:\Users\Public\Desktop\Freemake Video Converter.lnk
    2016-02-14 17:30 - 2016-02-14 17:30 - 00000000 ____D C:\Users\user\Documents\Freemake
    2016-02-14 17:30 - 2016-02-14 17:30 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
    2016-02-14 17:30 - 2016-02-14 17:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Freemake
    2016-02-14 17:30 - 2016-02-14 17:30 - 00000000 ____D C:\ProgramData\Freemake
    2016-02-14 17:29 - 2016-02-14 17:30 - 00000000 ____D C:\Program Files (x86)\Freemake
    2016-02-14 17:29 - 2016-02-14 17:29 - 30954528 _____ (Ellora Assets Corporation ) C:\Users\user\Downloads\FreemakeVideoConverterFull.exe
    2016-02-14 17:29 - 2016-02-14 17:29 - 00000000 ____D C:\Users\user\AppData\Roaming\RPEng
    2016-02-09 18:48 - 2016-01-27 01:01 - 07476064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-02-09 18:48 - 2016-01-27 00:56 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-02-09 18:48 - 2016-01-27 00:55 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-02-09 18:48 - 2016-01-27 00:45 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-02-09 18:48 - 2016-01-27 00:45 - 06605544 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-02-09 18:48 - 2016-01-27 00:10 - 22394368 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-02-09 18:48 - 2016-01-27 00:05 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-02-09 18:48 - 2016-01-27 00:05 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-02-09 18:48 - 2016-01-27 00:04 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-02-09 18:48 - 2016-01-26 23:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-02-09 18:48 - 2016-01-26 23:55 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-02-09 18:48 - 2016-01-26 23:54 - 24603136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-02-09 18:48 - 2016-01-26 23:48 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-02-09 18:48 - 2016-01-26 23:38 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-02-09 18:47 - 2016-01-29 01:57 - 04502352 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
    2016-02-09 18:47 - 2016-01-29 01:33 - 04064320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
    2016-02-09 18:47 - 2016-01-27 01:15 - 01557776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-02-09 18:47 - 2016-01-27 01:15 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-02-09 18:47 - 2016-01-27 01:01 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-02-09 18:47 - 2016-01-27 01:01 - 01819720 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-02-09 18:47 - 2016-01-27 00:59 - 00304752 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemreset.exe
    2016-02-09 18:47 - 2016-01-27 00:57 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-02-09 18:47 - 2016-01-27 00:57 - 01824264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll
    2016-02-09 18:47 - 2016-01-27 00:57 - 00820704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll
    2016-02-09 18:47 - 2016-01-27 00:55 - 00081112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OpenWith.exe
    2016-02-09 18:47 - 2016-01-27 00:54 - 00295264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-02-09 18:47 - 2016-01-27 00:46 - 02606824 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll
    2016-02-09 18:47 - 2016-01-27 00:46 - 01270072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll
    2016-02-09 18:47 - 2016-01-27 00:44 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
    2016-02-09 18:47 - 2016-01-27 00:44 - 00085320 _____ (Microsoft Corporation) C:\WINDOWS\system32\OpenWith.exe
    2016-02-09 18:47 - 2016-01-27 00:43 - 00359776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-02-09 18:47 - 2016-01-27 00:37 - 01998176 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-02-09 18:47 - 2016-01-27 00:37 - 00576352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-02-09 18:47 - 2016-01-27 00:21 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll
    2016-02-09 18:47 - 2016-01-27 00:15 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ztrace_maps.dll
    2016-02-09 18:47 - 2016-01-27 00:13 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-02-09 18:47 - 2016-01-27 00:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-02-09 18:47 - 2016-01-27 00:11 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll
    2016-02-09 18:47 - 2016-01-27 00:10 - 00099840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll
    2016-02-09 18:47 - 2016-01-27 00:08 - 00299008 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll
    2016-02-09 18:47 - 2016-01-27 00:08 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ztrace_maps.dll
    2016-02-09 18:47 - 2016-01-27 00:07 - 00203264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iassam.dll
    2016-02-09 18:47 - 2016-01-27 00:05 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-02-09 18:47 - 2016-01-27 00:05 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-02-09 18:47 - 2016-01-27 00:04 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll
    2016-02-09 18:47 - 2016-01-27 00:03 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2016-02-09 18:47 - 2016-01-27 00:02 - 00109056 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll
    2016-02-09 18:47 - 2016-01-27 00:01 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2016-02-09 18:47 - 2016-01-26 23:59 - 00258048 _____ (Microsoft Corporation) C:\WINDOWS\system32\iassam.dll
    2016-02-09 18:47 - 2016-01-26 23:57 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-02-09 18:47 - 2016-01-26 23:55 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-02-09 18:47 - 2016-01-26 23:52 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2016-02-09 18:47 - 2016-01-26 23:50 - 02230784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-02-09 18:47 - 2016-01-26 23:50 - 01504768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-02-09 18:47 - 2016-01-26 23:50 - 00144384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys
    2016-02-09 18:47 - 2016-01-26 23:49 - 05662208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-02-09 18:47 - 2016-01-26 23:44 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll
    2016-02-09 18:47 - 2016-01-26 23:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
    2016-02-09 18:47 - 2016-01-26 23:41 - 03592704 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-02-09 18:47 - 2016-01-26 23:39 - 02275328 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-02-09 18:47 - 2016-01-26 23:38 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-02-09 18:47 - 2016-01-26 23:37 - 04894720 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-02-09 18:47 - 2016-01-26 23:36 - 02757120 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-02-09 18:47 - 2016-01-26 23:32 - 01087488 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
    2016-02-09 18:47 - 2016-01-26 23:31 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll
    2016-02-06 15:39 - 2016-02-18 07:18 - 00000000 ____D C:\WINDOWS\Minidump
    2016-02-06 15:39 - 2016-02-06 15:40 - 00334596 _____ C:\WINDOWS\Minidump\020616-28687-01.dmp
    2016-02-03 20:58 - 2016-02-03 20:58 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2016-02-02 10:24 - 2016-02-02 10:24 - 00643168 _____ (Oracle Corporation) C:\Users\user\Downloads\JavaSetup8u71.exe
    2016-02-02 07:12 - 2016-02-02 06:00 - 00000000 ___DC C:\WINDOWS\Panther
    2016-02-02 07:11 - 2016-01-16 01:23 - 08728920 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-02-02 07:11 - 2016-01-16 01:20 - 06971752 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-02-02 07:11 - 2016-01-16 00:45 - 16986112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2016-02-02 07:11 - 2016-01-16 00:38 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
    2016-02-02 07:11 - 2016-01-16 00:35 - 13018624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2016-02-02 07:11 - 2016-01-16 00:21 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
    2016-02-02 07:11 - 2016-01-16 00:17 - 05503488 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll
    2016-02-02 07:11 - 2016-01-04 21:45 - 02587696 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2016-02-02 07:11 - 2016-01-04 21:42 - 02026736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2016-02-02 07:11 - 2016-01-04 21:37 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-02-02 07:11 - 2016-01-04 21:33 - 02180128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-02-02 07:11 - 2016-01-04 20:39 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-02-02 07:11 - 2016-01-04 20:30 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-02-02 07:10 - 2016-01-16 01:37 - 00202472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscapi.dll
    2016-02-02 07:10 - 2016-01-16 01:36 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-02-02 07:10 - 2016-01-16 01:36 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-02-02 07:10 - 2016-01-16 01:34 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-02-02 07:10 - 2016-01-16 01:24 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
    2016-02-02 07:10 - 2016-01-16 01:23 - 00848160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-02-02 07:10 - 2016-01-16 01:23 - 00785088 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll
    2016-02-02 07:10 - 2016-01-16 01:23 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-02-02 07:10 - 2016-01-16 01:23 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-02-02 07:10 - 2016-01-16 01:23 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-02-02 07:10 - 2016-01-16 01:21 - 01750440 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcMon.exe
    2016-02-02 07:10 - 2016-01-16 01:20 - 00652312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll
    2016-02-02 07:10 - 2016-01-16 01:20 - 00431240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
    2016-02-02 07:10 - 2016-01-16 01:20 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
    2016-02-02 07:10 - 2016-01-16 01:19 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-02-02 07:10 - 2016-01-16 01:19 - 00405568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
    2016-02-02 07:10 - 2016-01-16 01:12 - 01415200 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctf.dll
    2016-02-02 07:10 - 2016-01-16 01:09 - 01089880 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys
    2016-02-02 07:10 - 2016-01-16 01:08 - 01174008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctf.dll
    2016-02-02 07:10 - 2016-01-16 01:08 - 00440152 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
    2016-02-02 07:10 - 2016-01-16 00:46 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
    2016-02-02 07:10 - 2016-01-16 00:44 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
    2016-02-02 07:10 - 2016-01-16 00:42 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
    2016-02-02 07:10 - 2016-01-16 00:41 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
    2016-02-02 07:10 - 2016-01-16 00:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaui.exe
    2016-02-02 07:10 - 2016-01-16 00:40 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
    2016-02-02 07:10 - 2016-01-16 00:39 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\FilterDS.dll
    2016-02-02 07:10 - 2016-01-16 00:38 - 00406528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2016-02-02 07:10 - 2016-01-16 00:38 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimCfg.dll
    2016-02-02 07:10 - 2016-01-16 00:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-02-02 07:10 - 2016-01-16 00:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2016-02-02 07:10 - 2016-01-16 00:37 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wscsvc.dll
    2016-02-02 07:10 - 2016-01-16 00:37 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2016-02-02 07:10 - 2016-01-16 00:36 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-02-02 07:10 - 2016-01-16 00:36 - 00475648 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDDS.dll
    2016-02-02 07:10 - 2016-01-16 00:36 - 00221696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
    2016-02-02 07:10 - 2016-01-16 00:36 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\SimAuth.dll
    2016-02-02 07:10 - 2016-01-16 00:35 - 00383488 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
    2016-02-02 07:10 - 2016-01-16 00:34 - 00610816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastls.dll
    2016-02-02 07:10 - 2016-01-16 00:34 - 00590848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2016-02-02 07:10 - 2016-01-16 00:34 - 00477696 _____ (Microsoft Corporation) C:\WINDOWS\system32\srcore.dll
    2016-02-02 07:10 - 2016-01-16 00:34 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-02-02 07:10 - 2016-01-16 00:33 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidcli.dll
    2016-02-02 07:10 - 2016-01-16 00:33 - 00574976 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.UX.EapRequestHandler.dll
    2016-02-02 07:10 - 2016-01-16 00:33 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
    2016-02-02 07:10 - 2016-01-16 00:32 - 00621568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wbiosrvc.dll
    2016-02-02 07:10 - 2016-01-16 00:32 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\pcaui.exe
    2016-02-02 07:10 - 2016-01-16 00:31 - 00851456 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
    2016-02-02 07:10 - 2016-01-16 00:31 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
    2016-02-02 07:10 - 2016-01-16 00:31 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
    2016-02-02 07:10 - 2016-01-16 00:31 - 00343552 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
    2016-02-02 07:10 - 2016-01-16 00:31 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasautou.exe
    2016-02-02 07:10 - 2016-01-16 00:30 - 02127360 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
    2016-02-02 07:10 - 2016-01-16 00:30 - 01053696 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-02-02 07:10 - 2016-01-16 00:30 - 00784384 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
    2016-02-02 07:10 - 2016-01-16 00:30 - 00157696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimCfg.dll
    2016-02-02 07:10 - 2016-01-16 00:29 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
    2016-02-02 07:10 - 2016-01-16 00:29 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
    2016-02-02 07:10 - 2016-01-16 00:28 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-02-02 07:10 - 2016-01-16 00:28 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-02-02 07:10 - 2016-01-16 00:28 - 00884736 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdlg.dll
    2016-02-02 07:10 - 2016-01-16 00:28 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SimAuth.dll
    2016-02-02 07:10 - 2016-01-16 00:27 - 00335872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
    2016-02-02 07:10 - 2016-01-16 00:26 - 00535040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastls.dll
    2016-02-02 07:10 - 2016-01-16 00:26 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-02-02 07:10 - 2016-01-16 00:26 - 00260608 _____ C:\WINDOWS\system32\MTFServer.dll
    2016-02-02 07:10 - 2016-01-16 00:26 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-02-02 07:10 - 2016-01-16 00:25 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlidcli.dll
    2016-02-02 07:10 - 2016-01-16 00:25 - 00457728 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2016-02-02 07:10 - 2016-01-16 00:25 - 00235008 _____ C:\WINDOWS\system32\MTF.dll
    2016-02-02 07:10 - 2016-01-16 00:24 - 02057216 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
    2016-02-02 07:10 - 2016-01-16 00:24 - 00613888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
    2016-02-02 07:10 - 2016-01-16 00:24 - 00350720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
    2016-02-02 07:10 - 2016-01-16 00:24 - 00273408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
    2016-02-02 07:10 - 2016-01-16 00:23 - 02050048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
    2016-02-02 07:10 - 2016-01-16 00:23 - 00687616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
    2016-02-02 07:10 - 2016-01-16 00:20 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
    2016-02-02 07:10 - 2016-01-16 00:20 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
    2016-02-02 07:10 - 2016-01-16 00:20 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-02-02 07:10 - 2016-01-16 00:20 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasdlg.dll
    2016-02-02 07:10 - 2016-01-16 00:19 - 00733184 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasapi32.dll
    2016-02-02 07:10 - 2016-01-16 00:19 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-02-02 07:10 - 2016-01-16 00:19 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll
    2016-02-02 07:10 - 2016-01-16 00:19 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-02-02 07:10 - 2016-01-16 00:18 - 01674240 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll
    2016-02-02 07:10 - 2016-01-16 00:16 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
    2016-02-02 07:10 - 2016-01-16 00:16 - 01542656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll
    2016-02-02 07:10 - 2016-01-16 00:15 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll
    2016-02-02 07:10 - 2016-01-16 00:14 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-02-02 07:10 - 2016-01-16 00:14 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-02-02 07:10 - 2016-01-16 00:11 - 00653312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasapi32.dll
    2016-02-02 07:10 - 2016-01-04 21:51 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-02-02 07:10 - 2016-01-04 21:51 - 01141496 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-02-02 07:10 - 2016-01-04 21:50 - 00671472 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll
    2016-02-02 07:10 - 2016-01-04 21:48 - 00499432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll
    2016-02-02 07:10 - 2016-01-04 21:37 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
    2016-02-02 07:10 - 2016-01-04 21:37 - 00858952 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll
    2016-02-02 07:10 - 2016-01-04 21:37 - 00245840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
    2016-02-02 07:10 - 2016-01-04 21:37 - 00234504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mftranscode.dll
    2016-02-02 07:10 - 2016-01-04 21:36 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2016-02-02 07:10 - 2016-01-04 21:33 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
    2016-02-02 07:10 - 2016-01-04 21:33 - 00701384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll
    2016-02-02 07:10 - 2016-01-04 21:33 - 00208176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mftranscode.dll
    2016-02-02 07:10 - 2016-01-04 21:33 - 00116728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
    2016-02-02 07:10 - 2016-01-04 21:31 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2016-02-02 07:10 - 2016-01-04 21:27 - 01594408 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
    2016-02-02 07:10 - 2016-01-04 21:24 - 00796352 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-02-02 07:10 - 2016-01-04 21:23 - 01804664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll
    2016-02-02 07:10 - 2016-01-04 21:23 - 01309376 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2016-02-02 07:10 - 2016-01-04 21:23 - 00786696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL
    2016-02-02 07:10 - 2016-01-04 21:23 - 00119320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL
    2016-02-02 07:10 - 2016-01-04 21:21 - 01371792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
    2016-02-02 07:10 - 2016-01-04 21:17 - 00695752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL
    2016-02-02 07:10 - 2016-01-04 21:16 - 00100160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL
    2016-02-02 07:10 - 2016-01-04 20:57 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\RMSRoamingSecurity.dll
    2016-02-02 07:10 - 2016-01-04 20:57 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgrcli.dll
    2016-02-02 07:10 - 2016-01-04 20:56 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
    2016-02-02 07:10 - 2016-01-04 20:54 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthLEEnum.sys
    2016-02-02 07:10 - 2016-01-04 20:54 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-02-02 07:10 - 2016-01-04 20:53 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshom.ocx
    2016-02-02 07:10 - 2016-01-04 20:51 - 00472576 _____ (Microsoft Corporation) C:\WINDOWS\system32\DscCore.dll
    2016-02-02 07:10 - 2016-01-04 20:50 - 00644096 _____ (Microsoft Corporation) C:\WINDOWS\system32\uReFS.dll
    2016-02-02 07:10 - 2016-01-04 20:50 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2016-02-02 07:10 - 2016-01-04 20:49 - 01255936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL
    2016-02-02 07:10 - 2016-01-04 20:49 - 00749056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneService.dll
    2016-02-02 07:10 - 2016-01-04 20:49 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommon.dll
    2016-02-02 07:10 - 2016-01-04 20:48 - 01009152 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL
    2016-02-02 07:10 - 2016-01-04 20:48 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
    2016-02-02 07:10 - 2016-01-04 20:48 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usermgrcli.dll
    2016-02-02 07:10 - 2016-01-04 20:47 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2016-02-02 07:10 - 2016-01-04 20:47 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll
    2016-02-02 07:10 - 2016-01-04 20:47 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax
    2016-02-02 07:10 - 2016-01-04 20:45 - 00678912 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll
    2016-02-02 07:10 - 2016-01-04 20:45 - 00275968 _____ (Microsoft Corporation) C:\WINDOWS\system32\facecredentialprovider.dll
    2016-02-02 07:10 - 2016-01-04 20:44 - 00125440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshom.ocx
    2016-02-02 07:10 - 2016-01-04 20:43 - 00953856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
    2016-02-02 07:10 - 2016-01-04 20:43 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2016-02-02 07:10 - 2016-01-04 20:43 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2016-02-02 07:10 - 2016-01-04 20:41 - 01070080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL
    2016-02-02 07:10 - 2016-01-04 20:41 - 00558592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uReFS.dll
    2016-02-02 07:10 - 2016-01-04 20:40 - 00890880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL
    2016-02-02 07:10 - 2016-01-04 20:40 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ProximityCommon.dll
    2016-02-02 07:10 - 2016-01-04 20:39 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
    2016-02-02 07:10 - 2016-01-04 20:39 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
    2016-02-02 07:10 - 2016-01-04 20:39 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax
    2016-02-02 07:10 - 2016-01-04 20:38 - 00389120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll
    2016-02-02 07:10 - 2016-01-04 20:36 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll
    2016-02-02 07:09 - 2016-01-16 00:44 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
    2016-02-02 07:09 - 2016-01-16 00:44 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
    2016-02-02 07:09 - 2016-01-16 00:43 - 00097280 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttpcom.dll
    2016-02-02 07:09 - 2016-01-16 00:42 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\sscoreext.dll
    2016-02-02 07:09 - 2016-01-16 00:40 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasauto.dll
    2016-02-02 07:09 - 2016-01-16 00:38 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbio.dll
    2016-02-02 07:09 - 2016-01-16 00:36 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rastlsext.dll
    2016-02-02 07:09 - 2016-01-16 00:35 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rasadhlp.dll
    2016-02-02 07:09 - 2016-01-16 00:34 - 00079360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttpcom.dll
    2016-02-02 07:09 - 2016-01-16 00:30 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winbio.dll
    2016-02-02 07:09 - 2016-01-04 20:52 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll
    2016-02-02 07:09 - 2016-01-04 20:51 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
    2016-02-02 07:09 - 2016-01-04 20:49 - 01582080 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
    2016-02-02 07:09 - 2016-01-04 20:43 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2016-02-02 07:09 - 2016-01-04 20:42 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
    2016-02-02 07:09 - 2016-01-04 20:36 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2016-02-02 07:08 - 2016-02-02 07:08 - 00000000 ____D C:\Windows.old
    2016-02-02 07:06 - 2016-02-02 07:06 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
    2016-02-02 07:06 - 2016-02-02 07:06 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
    2016-02-02 07:06 - 2016-02-02 07:06 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2016-02-02 07:06 - 2016-02-02 07:06 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-02-02 07:06 - 2016-02-02 07:06 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
    2016-02-02 07:06 - 2016-02-02 07:06 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
    2016-02-02 07:06 - 2016-02-02 07:06 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2016-02-02 07:06 - 2016-02-02 07:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2016-02-02 07:06 - 2016-02-02 07:06 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2016-02-02 07:06 - 2016-02-02 07:06 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
    2016-02-02 07:06 - 2016-02-02 07:06 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
    2016-02-02 07:06 - 2016-02-02 07:06 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2016-02-02 07:06 - 2016-02-02 07:06 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
    2016-02-02 07:06 - 2016-02-02 07:06 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
    2016-02-02 07:06 - 2016-02-02 07:06 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
    2016-02-02 07:06 - 2016-02-02 07:06 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
    2016-02-02 07:06 - 2016-02-02 07:06 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
    2016-02-02 07:06 - 2016-02-02 07:06 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
    2016-02-02 07:02 - 2016-02-02 07:02 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
    2016-02-02 06:59 - 2016-02-02 06:59 - 00000000 ____D C:\Program Files\Reference Assemblies
    2016-02-02 06:59 - 2016-02-02 06:59 - 00000000 ____D C:\Program Files\MSBuild
    2016-02-02 06:59 - 2016-02-02 06:59 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2016-02-02 06:59 - 2016-02-02 04:32 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2016-02-02 06:58 - 2015-10-23 20:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
    2016-02-02 06:58 - 2015-10-23 20:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
    2016-02-02 06:58 - 2015-10-23 20:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
    2016-02-02 06:58 - 2015-10-23 20:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
    2016-02-02 06:58 - 2015-10-23 20:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
    2016-02-02 06:58 - 2015-10-23 20:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
    2016-02-02 05:08 - 2015-12-08 22:39 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2016-02-02 04:55 - 2016-02-02 04:55 - 00000000 ____D C:\Users\user\AppData\Local\ActiveSync
    2016-02-02 04:53 - 2016-02-02 04:53 - 00000020 ___SH C:\Users\user\ntuser.ini
    2016-02-02 04:52 - 2016-02-02 04:52 - 00000000 _SHDL C:\Users\Default\My Documents
    2016-02-02 04:52 - 2016-02-02 04:52 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
    2016-02-02 04:52 - 2016-02-02 04:52 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
    2016-02-02 04:52 - 2016-02-02 04:52 - 00000000 _SHDL C:\Users\Default\Documents\My Music
    2016-02-02 04:52 - 2016-02-02 04:52 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
    2016-02-02 04:52 - 2016-02-02 04:52 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
    2016-02-02 04:52 - 2016-02-02 04:52 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
    2016-02-02 04:43 - 2016-02-19 06:26 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-02-02 04:30 - 2016-02-02 04:30 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-02-02 04:30 - 2016-02-02 04:30 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
    2016-02-02 04:30 - 2016-02-02 04:30 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
    2016-02-02 04:23 - 2016-02-02 04:23 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
    2016-02-02 04:20 - 2016-02-02 04:20 - 00000000 _SHDL C:\Users\user\My Documents
    2016-02-02 04:20 - 2016-02-02 04:20 - 00000000 _SHDL C:\Users\user\Documents\My Videos
    2016-02-02 04:20 - 2016-02-02 04:20 - 00000000 _SHDL C:\Users\user\Documents\My Pictures
    2016-02-02 04:20 - 2016-02-02 04:20 - 00000000 _SHDL C:\Users\user\Documents\My Music
    2016-02-02 04:17 - 2016-02-02 04:17 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Apfiltr_01009.Wdf
    2016-02-02 04:17 - 2016-02-02 04:17 - 00000000 ____D C:\Program Files\Common Files\Atheros
    2016-02-02 04:16 - 2016-02-02 04:16 - 00000000 ____D C:\Program Files\DellTPad
    2016-02-02 04:16 - 2015-10-30 02:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2016-02-02 04:13 - 2016-02-02 04:34 - 00345376 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-01-29 19:34 - 2016-02-02 04:43 - 00003280 _____ C:\WINDOWS\System32\Tasks\Dell SupportAssistAgent AutoUpdate
    2016-01-29 19:34 - 2016-01-29 19:34 - 00000000 ____D C:\ProgramData\SupportAssistAgent
    2016-01-29 19:34 - 2016-01-29 19:34 - 00000000 ____D C:\Program Files (x86)\Dell
    2016-01-28 14:14 - 2016-02-02 12:17 - 00003560 _____ C:\WINDOWS\System32\Tasks\PCDEventLauncherTask
    2016-01-28 14:14 - 2016-02-02 04:43 - 00003812 _____ C:\WINDOWS\System32\Tasks\PCDoctorBackgroundMonitorTask
    2016-01-28 14:14 - 2016-02-02 04:43 - 00003100 _____ C:\WINDOWS\System32\Tasks\PCDDataUploadTask
    2016-01-28 14:14 - 2016-02-02 04:43 - 00002982 _____ C:\WINDOWS\System32\Tasks\SystemToolsDailyTest
    2016-01-28 14:14 - 2016-01-28 14:14 - 00000000 ____D C:\ProgramData\PC-Doctor for Windows
    2016-01-28 14:14 - 2016-01-28 14:14 - 00000000 ____D C:\Program Files\Dell Support Center

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-02-22 21:41 - 2015-07-18 18:14 - 00031318 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2016-02-22 21:41 - 2015-07-18 18:14 - 00002310 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2016-02-22 21:39 - 2013-07-07 20:35 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-784291939-2049310861-2985522810-1001UA.job
    2016-02-22 21:37 - 2015-10-10 18:54 - 00000000 ____D C:\Users\user\Documents\Other
    2016-02-22 20:51 - 2013-06-28 12:16 - 00000916 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-02-22 20:33 - 2013-06-28 14:50 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-02-22 19:39 - 2013-07-07 20:35 - 00000862 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-784291939-2049310861-2985522810-1001Core.job
    2016-02-22 18:27 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-02-22 18:27 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-02-22 18:23 - 2013-10-31 19:22 - 00004142 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C79AD3D2-1A03-443C-A8BF-4EB65A453E8C}
    2016-02-22 18:19 - 2013-06-28 12:15 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-02-22 07:15 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
    2016-02-22 07:15 - 2015-10-15 10:31 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-02-21 18:49 - 2015-12-13 17:34 - 00000000 ____D C:\Users\user\Documents\Calibre Library
    2016-02-21 18:40 - 2013-09-01 21:07 - 00000000 ____D C:\Users\user\Documents\Official
    2016-02-21 13:31 - 2013-09-28 13:33 - 00000000 ____D C:\Users\user\AppData\Roaming\vlc
    2016-02-19 06:30 - 2013-06-28 12:18 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2016-02-18 18:53 - 2013-06-28 12:17 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
    2016-02-18 18:53 - 2013-06-28 12:17 - 00002262 _____ C:\Users\Public\Desktop\Google Chrome.lnk
    2016-02-18 07:18 - 2013-11-09 13:08 - 536360881 _____ C:\WINDOWS\MEMORY.DMP
    2016-02-14 08:07 - 2015-11-04 19:24 - 00001730 _____ C:\Users\user\Desktop\Windows Media Player.lnk
    2016-02-13 15:10 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2016-02-11 21:38 - 2015-10-15 15:00 - 00002362 _____ C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-02-11 21:38 - 2015-10-15 15:00 - 00000000 ___RD C:\Users\user\OneDrive
    2016-02-11 05:50 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-02-11 04:10 - 2015-09-10 00:42 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-02-10 21:22 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
    2016-02-10 21:22 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2016-02-10 17:33 - 2013-06-28 14:50 - 00003816 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
    2016-02-10 06:02 - 2013-07-14 22:53 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-02-10 05:55 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-02-10 05:55 - 2013-06-29 15:16 - 146614896 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-02-10 05:46 - 2013-06-28 12:16 - 00003974 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2016-02-10 05:46 - 2013-06-28 12:15 - 00003742 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2016-02-03 21:49 - 2015-10-30 02:24 - 00000000 ___SD C:\WINDOWS\system32\F12
    2016-02-03 21:49 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-02-03 21:49 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2016-02-03 21:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-02-03 21:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\oobe
    2016-02-03 21:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-02-03 21:49 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-02-03 17:25 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\appcompat
    2016-02-03 14:01 - 2015-10-30 02:26 - 00828920 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-02-03 14:01 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-02-02 10:27 - 2013-10-21 07:45 - 00000000 ____D C:\ProgramData\Oracle
    2016-02-02 10:26 - 2015-07-16 07:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2016-02-02 10:26 - 2013-06-30 15:44 - 00000000 ____D C:\Program Files (x86)\Java
    2016-02-02 10:25 - 2015-08-29 17:30 - 00000000 ____D C:\Users\user\.oracle_jre_usage
    2016-02-02 10:25 - 2015-07-16 07:15 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2016-02-02 07:12 - 2015-10-30 02:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2016-02-02 07:07 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2016-02-02 07:07 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Provisioning
    2016-02-02 07:07 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2016-02-02 07:07 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism
    2016-02-02 05:19 - 2013-06-28 12:08 - 00000000 ____D C:\Users\user\AppData\Local\Packages
    2016-02-02 05:13 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
    2016-02-02 04:55 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
    2016-02-02 04:55 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\MiracastView
    2016-02-02 04:54 - 2015-10-30 01:28 - 00065536 ___SH C:\WINDOWS\system32\config\ELAM
    2016-02-02 04:52 - 2013-10-26 11:53 - 00045723 _____ C:\WINDOWS\diagwrn.xml
    2016-02-02 04:52 - 2013-10-26 11:53 - 00045723 _____ C:\WINDOWS\diagerr.xml
    2016-02-02 04:47 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2016-02-02 04:47 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Registration
    2016-02-02 04:44 - 2013-10-26 12:14 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
    2016-02-02 04:43 - 2015-07-24 18:41 - 00002380 _____ C:\WINDOWS\System32\Tasks\PandaUSBVaccine
    2016-02-02 04:43 - 2014-09-24 07:13 - 00002372 _____ C:\WINDOWS\System32\Tasks\{74AF0438-94B8-47AD-AC0B-DE2C03D96500}
    2016-02-02 04:43 - 2013-07-07 20:35 - 00003588 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-784291939-2049310861-2985522810-1001UA
    2016-02-02 04:43 - 2013-07-07 20:35 - 00003320 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskUserS-1-5-21-784291939-2049310861-2985522810-1001Core
    2016-02-02 04:43 - 2013-06-28 12:17 - 00002938 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-784291939-2049310861-2985522810-1001
    2016-02-02 04:42 - 2015-10-30 02:24 - 00000000 __RHD C:\Users\Public\Libraries
    2016-02-02 04:33 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
    2016-02-02 04:32 - 2015-10-30 04:07 - 00000000 ____D C:\WINDOWS\ShellNew
    2016-02-02 04:32 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
    2016-02-02 04:32 - 2015-10-15 14:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2016-02-02 04:32 - 2015-07-21 20:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-02-02 04:32 - 2015-07-01 14:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
    2016-02-02 04:32 - 2015-04-06 09:31 - 00000000 ____D C:\WINDOWS\en
    2016-02-02 04:32 - 2014-05-14 19:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\File Shredder
    2016-02-02 04:32 - 2013-12-14 19:06 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Steam
    2016-02-02 04:32 - 2013-09-28 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\VideoLAN
    2016-02-02 04:32 - 2013-09-12 21:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
    2016-02-02 04:32 - 2013-07-13 19:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dell
    2016-02-02 04:32 - 2013-07-10 20:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\calibre - E-book Management
    2016-02-02 04:32 - 2013-07-10 20:05 - 00000000 ____D C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-02-02 04:32 - 2013-07-10 20:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
    2016-02-02 04:32 - 2013-06-28 12:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
    2016-02-02 04:32 - 2013-01-21 06:41 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink Media Suite
    2016-02-02 04:32 - 2013-01-21 06:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
    2016-02-02 04:30 - 2015-07-10 04:47 - 00000000 ____D C:\Users\Default.migrated
    2016-02-02 04:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
    2016-02-02 04:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
    2016-02-02 04:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\spool
    2016-02-02 04:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-02-02 04:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
    2016-02-02 04:26 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\IME
    2016-02-02 04:26 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
    2016-02-02 04:26 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
    2016-02-02 04:25 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\Resources
    2016-02-02 04:24 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\InputMethod
    2016-02-02 04:24 - 2015-10-30 02:24 - 00000000 ____D C:\ProgramData\USOPrivate
    2016-02-02 04:24 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2016-02-02 04:24 - 2015-07-24 18:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Panda Security
    2016-02-02 04:24 - 2015-07-18 18:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-02-02 04:24 - 2013-08-22 10:36 - 00000000 ____D C:\WINDOWS\ADFS
    2016-02-02 04:24 - 2013-06-28 12:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Visual Studio 2005
    2016-02-02 04:24 - 2013-01-21 06:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HotSpot
    2016-02-02 04:24 - 2013-01-21 06:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Atheros Smart Net
    2016-02-02 04:22 - 2015-10-15 07:34 - 00000000 ___RD C:\Users\user\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices
    2016-02-02 04:19 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2016-02-02 04:13 - 2015-10-30 04:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
    2016-02-02 03:37 - 2015-10-30 04:42 - 00000000 ___HD C:\$WINDOWS.~BT
    2016-01-28 14:13 - 2015-07-23 16:37 - 00000000 ____D C:\ProgramData\PCDr
    2016-01-28 13:41 - 2016-01-10 18:40 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2016-01-28 13:41 - 2013-06-28 14:47 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service

    ==================== Files in the root of some directories =======

    2016-01-17 12:12 - 2016-01-17 12:12 - 0000132 _____ () C:\Users\user\AppData\Roaming\Adobe PNG Format CS6 Prefs
    2015-06-30 20:18 - 2015-07-21 09:52 - 0008704 _____ () C:\Users\user\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
    2013-07-14 19:10 - 2014-01-06 17:15 - 0007605 _____ () C:\Users\user\AppData\Local\Resmon.ResmonCfg
    2013-09-12 21:55 - 2015-11-22 20:23 - 0004268 _____ () C:\ProgramData\hpzinstall.log
    2013-01-21 06:46 - 2013-01-21 06:46 - 0000119 _____ () C:\ProgramData\{1FBF6C24-C1fD-4101-A42B-0C564F9E8E79}.log
    2013-01-21 06:41 - 2013-01-21 06:42 - 0000106 _____ () C:\ProgramData\{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}.log
    2013-01-21 06:42 - 2013-01-21 06:44 - 0000111 _____ () C:\ProgramData\{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}.log
    2013-01-21 06:41 - 2013-01-21 06:41 - 0000107 _____ () C:\ProgramData\{C59C179C-668D-49A9-B6EA-0121CCFC1243}.log
    2013-01-21 06:44 - 2013-01-21 06:46 - 0000108 _____ () C:\ProgramData\{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}.log

    Some files in TEMP:
    ====================
    C:\Users\user\AppData\Local\Temp\DseShExt-x64.dll
    C:\Users\user\AppData\Local\Temp\DseShExt-x86.dll
    C:\Users\user\AppData\Local\Temp\SDShelEx-win32.dll
    C:\Users\user\AppData\Local\Temp\SDShelEx-x64.dll


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-02-17 17:01

    ==================== End of FRST.txt ============================


    Additional scan result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
    Ran by Alan (2016-02-22 21:48:21)
    Running from C:\Users\user\Desktop
    Windows 10 Home Version 1511 (X64) (2016-02-02 09:53:13)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-784291939-2049310861-2985522810-500 - Administrator - Disabled)
    Alan (S-1-5-21-784291939-2049310861-2985522810-1001 - Administrator - Enabled) => C:\Users\user
    DefaultAccount (S-1-5-21-784291939-2049310861-2985522810-503 - Limited - Disabled)
    Guest (S-1-5-21-784291939-2049310861-2985522810-501 - Limited - Disabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Spybot - Search and Destroy (Enabled - Out of date) {A16C3F68-9280-E053-1818-342707FECF4D}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
    Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.306 - Adobe Systems Incorporated)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2245 - AVAST Software)
    Battle.net (HKLM-x32\...\Battle.net) (Version: - Blizzard Entertainment)
    Bing Bar (HKLM-x32\...\{3365E735-48A6-4194-9988-CE59AC5AE503}) (Version: 7.3.132.0 - Microsoft Corporation)
    BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    calibre (HKLM-x32\...\{3000D354-D0BB-4FF3-89F9-04B6E9DD51BA}) (Version: 2.47.0 - Kovid Goyal)
    Cirrus Logic Audio Panel (Version: 1.2.10.0 - Cirrus Logic) Hidden
    Copy (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    CyberLink Media Suite Essentials (HKLM-x32\...\InstallShield_{8F14AA37-5193-4A14-BD5B-BDF9B361AEF7}) (Version: 10.0 - CyberLink Corp.)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.0.0.5 - Dell Inc.)
    Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.0.0.5 - Dell Inc.)
    Dell Customer Connect (HKLM-x32\...\{FEFDCDCF-C49C-45D0-AAF8-5345858ADEC7}) (Version: 1.2.1.0 - Dell Inc.)
    Dell Digital Delivery (HKLM-x32\...\{D9ED3EFC-AB00-4CE0-ADED-80EE6B1158A7}) (Version: 2.2.2000.0 - Dell Products, LP)
    Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6745.47 - Dell)
    Dell SupportAssistAgent (HKLM-x32\...\{A62A2F03-3006-40CA-A3FA-C1086B2FEF5D}) (Version: 1.2.0.94 - Dell)
    Dell Touchpad (HKLM\...\{9F72EF8B-AEC9-4CA5-B483-143980AFD6FD}) (Version: 8.1200.101.218 - ALPS ELECTRIC CO., LTD.)
    Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.)
    Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.)
    Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    DJ_AIO_06_F2400_SW_Min (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
    F2400 (x32 Version: 140.0.851.000 - Hewlett-Packard) Hidden
    File Shredder 2.5 (HKLM\...\File Shredder_is1) (Version: - Pow Tools)
    Freemake Video Converter version 4.1.9 (HKLM-x32\...\Freemake Video Converter_is1) (Version: 4.1.9 - Ellora Assets Corporation)
    Google Chrome (HKLM-x32\...\Google Chrome) (Version: 48.0.2564.116 - Google Inc.)
    Google Talk Plugin (HKLM-x32\...\{F9B579C2-D854-300A-BE62-A09EB9D722E4}) (Version: 5.41.3.0 - Google)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Hearthstone (HKLM-x32\...\Hearthstone) (Version: - Blizzard Entertainment)
    HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
    HP Deskjet F2400 All-in-One Driver Software 14.0 Rel. 6 (HKLM\...\{BCDD692B-172D-440A-9A1B-501C71D72CC8}) (Version: 14.0 - HP)
    HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
    HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.2024 - HP Photo Creations Powered by RocketLife)
    HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
    HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
    HPDiagnosticAlert (x32 Version: 1.00.0000 - Microsoft) Hidden
    HPPhotoGadget (x32 Version: 140.0.524.000 - Hewlett-Packard) Hidden
    HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
    HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Intel(R) Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1008 - Intel Corporation)
    Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
    Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.3347 - Intel Corporation)
    Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.5.0.1207 - Intel Corporation)
    Java 8 Update 71 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218071F0}) (Version: 8.0.710.15 - Oracle Corporation)
    Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
    MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
    Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
    Microsoft Office Enterprise 2007 (HKLM-x32\...\ENTERPRISE) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
    Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{837b34e3-7c30-493c-8f6a-2b0f04e2912c}) (Version: 8.0.59193 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
    Microsoft Visual Studio Express 2012 for Windows 8 - ENU (HKLM-x32\...\{b6391d7a-479c-494c-a76f-cad96a8a73ac}) (Version: 11.0.50727.1 - Microsoft Corporation)
    Might & Magic: Duel of Champions (HKLM-x32\...\Steam App 256410) (Version: - Ubisoft Quebec)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    Mozilla Firefox 43.0.4 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.4 (x86 en-US)) (Version: 43.0.4 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.4.5848 - Mozilla)
    Panda Cloud Cleaner (HKLM-x32\...\{92B2B132-C7F0-43DC-921A-4493C04F78A4}_is1) (Version: 1.1.2 - Panda Security)
    Panda USB Vaccine 1.0.1.4 (HKLM-x32\...\{55A41219-9B22-4098-BAE7-AE289B3C569A}_is1) (Version: - Panda Security)
    PokerStars (HKLM-x32\...\PokerStars) (Version: - PokerStars)
    Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.0.204 - Qualcomm Atheros Communications)
    Quickset64 (HKLM\...\{87CF757E-C1F1-4D22-865C-00C6950B5258}) (Version: 11.1.003 - Dell Inc.)
    QuickTransfer (x32 Version: 140.0.98.000 - Hewlett-Packard) Hidden
    Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
    Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee)
    Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
    SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.5.43 - Safer-Networking Ltd.)
    Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
    Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
    TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-0030-0000-0000-0000000FF1CE}_ENTERPRISE_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)
    WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
    WinRAR 5.21 (32-bit) (HKLM-x32\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\user\AppData\Local\Microsoft\OneDrive\17.3.6301.0127\FileCoAuth.exe (Microsoft Corporation)
    CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{793EE463-1304-471C-ADF1-68C2FFB01247}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)
    CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{E8CF3E55-F919-49D9-ABC0-948E6CB34B9F}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.5\psuser_64.dll (Google Inc.)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {07814D79-D6A0-4065-8C8F-6753DE2E8E1A} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-784291939-2049310861-2985522810-1001UA => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {15AAABD7-23C5-48DF-862E-95DCBB0E1261} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {1A381909-A18D-47FC-962E-1F6E793D2DE4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {1AE8E228-E6DF-466E-B909-2FFA3B96DF51} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {2A3BFB2E-A678-449B-9B52-D662E517254E} - System32\Tasks\PandaUSBVaccine => C:\Program Files (x86)\Panda USB Vaccine\RunInteractiveWin.exe [2009-09-23] ()
    Task: {2E3266A8-7852-43DD-9F6C-FA742FC24317} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {338885A1-B400-47D7-A380-D8B9B282DC1C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {354F3C7C-9B60-4F41-8D58-F3E6A6A8E520} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2015-06-16] (Safer-Networking Ltd.)
    Task: {591AD833-156C-48E1-9925-6EB82FB81A9F} - System32\Tasks\GoogleUpdateTaskUserS-1-5-21-784291939-2049310861-2985522810-1001Core => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe [2015-08-30] (Google Inc.)
    Task: {60C67F50-D371-4252-BA11-781E51333176} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {6E3C8BF8-85F4-489E-8403-3BEFCB50F8E4} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-02-10] (Microsoft Corporation)
    Task: {721B71D2-C9AB-48EB-8FDB-5D1B0EA26D5A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {7888F181-D3DF-4857-A75E-010B654718A0} - System32\Tasks\{74AF0438-94B8-47AD-AC0B-DE2C03D96500} => pcalua.exe -a "C:\ProgramData\Battle.net\Agent\Blizzard Uninstaller.exe" -c --lang=enUS --uid=hs_beta --displayname="Hearthstone"
    Task: {88FDDBEE-47B1-4F43-935A-1C928CEF6659} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2015-06-16] (Safer-Networking Ltd.)
    Task: {89978B2B-57B6-4777-B861-2834E36BDAE6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {8DA5CA30-F84B-4624-8D81-2E49851C1E45} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-01-12] (Dell Inc.)
    Task: {9707BC84-CE22-46FA-B534-2E18CBDBE207} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {9D28DBAB-8C83-423A-BE08-7FD409A352F8} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2015-06-16] (Safer-Networking Ltd.)
    Task: {9D8EBF25-6E22-4C54-9B03-7E35D441C713} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe
    Task: {AA9AE98D-3250-4720-8B85-61F9D4B37097} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-12-14] (AVAST Software)
    Task: {B052C525-FA65-499E-A35D-49E65178728E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {B65F4644-EBA6-42C0-B49E-766642BE1B39} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
    Task: {B81BB8EA-1320-4EAD-B316-25E3C82582F8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-10] (Adobe Systems Incorporated)
    Task: {BF8E135C-9756-4690-B7FB-771D3A26E201} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {DA4AB3EC-C6BA-42DC-9462-97E73CEB5B7D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {EB6AF079-610A-405E-A3CB-5EEE9FE38099} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2015-12-29] (PC-Doctor, Inc.)
    Task: {ED7B0200-4696-4F95-B00B-ED921205F1C2} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe
    Task: {EF6A6C17-422F-4F7B-86BD-FD28ED20832E} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2015-12-29] (PC-Doctor, Inc.)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-784291939-2049310861-2985522810-1001Core.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskUserS-1-5-21-784291939-2049310861-2985522810-1001UA.job => C:\Users\user\AppData\Local\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2013-01-21 06:44 - 2012-04-24 21:43 - 00254512 ____N () C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe
    2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-03-29 09:30 - 2014-10-24 14:16 - 00721263 _____ () C:\windows\SysWOW64\WSCM64.dll
    2014-05-14 19:59 - 2012-04-01 00:06 - 02689536 _____ () C:\Program Files\File Shredder\fsshell.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-02-02 07:06 - 2016-02-02 07:06 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-02-02 07:11 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-02-02 07:10 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-02-02 07:11 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-02-02 07:11 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-06-01 21:00 - 2015-06-01 21:00 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
    2012-08-06 22:16 - 2012-08-06 22:16 - 20591616 _____ () C:\Program Files\Cirrus Logic Audio Panel\CirrusAudioPanel_Dell.exe
    2016-02-14 17:30 - 2016-02-10 19:13 - 00073216 _____ () C:\Program Files (x86)\Common Files\Freemake Shared\ProductUpdater\ProductUpdater.exe
    2016-02-11 16:04 - 2016-02-11 16:05 - 09789952 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2016.27.2.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
    2016-02-02 05:44 - 2016-02-02 05:45 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2015-12-14 22:03 - 2015-12-14 22:03 - 00103888 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2015-12-14 22:03 - 2015-12-14 22:03 - 00125512 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-02-18 18:55 - 2016-02-18 18:55 - 02835968 _____ () C:\Program Files\AVAST Software\Avast\defs\16021801\algo.dll
    2015-12-14 22:03 - 2015-12-14 22:03 - 00469008 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-02-22 18:54 - 2016-02-22 18:54 - 02835968 _____ () C:\Program Files\AVAST Software\Avast\defs\16022201\algo.dll
    2015-10-15 14:58 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2015-10-15 14:58 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2015-10-15 14:58 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2015-10-15 14:58 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2013-01-21 06:30 - 2012-06-25 13:41 - 01198912 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll
    2013-01-21 06:42 - 2012-06-07 22:34 - 00627216 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMediaLibrary.dll
    2012-06-08 14:34 - 2012-06-08 14:34 - 00016400 _____ () C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvcPS.dll
    2015-12-14 22:03 - 2015-12-14 22:03 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2016-02-02 05:44 - 2016-02-02 05:45 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-02-02 05:44 - 2016-02-02 05:45 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2016-02-18 18:52 - 2016-02-17 23:14 - 01630360 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
    2016-02-18 18:52 - 2016-02-17 23:14 - 00085656 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys => ""="Driver"
    HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Wdf01000.sys => ""="Driver"

    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\dell.com -> dell.com
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\007guard.com -> install.007guard.com
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\008k.com -> www.008k.com
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\00hq.com -> www.00hq.com
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\010402.com -> 010402.com
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\032439.com -> 80gw6ry3i3x3qbrkwhxhw.032439.com
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\0scan.com -> www.0scan.com
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\1-2005-search.com -> www.1-2005-search.com
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\1-domains-registrations.com -> www.1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\1000gratisproben.com -> www.1000gratisproben.com
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\1001namen.com -> www.1001namen.com
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\100888290cs.com -> mir.100888290cs.com
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\100sexlinks.com -> www.100sexlinks.com
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\10sek.com -> www.10sek.com
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\12-26.net -> user1.12-26.net
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\12-27.net -> user1.12-27.net
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\123fporn.info -> www.123fporn.info
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\123haustiereundmehr.com -> www.123haustiereundmehr.com
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\123moviedownload.com -> www.123moviedownload.com
    IE restricted site: HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\123simsen.com -> www.123simsen.com

    There are 7867 more sites.


    ==================== Hosts content: ==========================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2013-08-22 08:25 - 2015-10-04 19:58 - 00450833 ____A C:\WINDOWS\system32\Drivers\etc\hosts

    127.0.0.1 www.007guard.com
    127.0.0.1 007guard.com
    127.0.0.1 008i.com
    127.0.0.1 www.008k.com
    127.0.0.1 008k.com
    127.0.0.1 www.00hq.com
    127.0.0.1 00hq.com
    127.0.0.1 010402.com
    127.0.0.1 www.032439.com
    127.0.0.1 032439.com
    127.0.0.1 www.0scan.com
    127.0.0.1 0scan.com
    127.0.0.1 1000gratisproben.com
    127.0.0.1 www.1000gratisproben.com
    127.0.0.1 1001namen.com
    127.0.0.1 www.1001namen.com
    127.0.0.1 100888290cs.com
    127.0.0.1 www.100888290cs.com
    127.0.0.1 www.100sexlinks.com
    127.0.0.1 100sexlinks.com
    127.0.0.1 10sek.com
    127.0.0.1 www.10sek.com
    127.0.0.1 www.1-2005-search.com
    127.0.0.1 1-2005-search.com
    127.0.0.1 123fporn.info
    127.0.0.1 www.123fporn.info
    127.0.0.1 123haustiereundmehr.com
    127.0.0.1 www.123haustiereundmehr.com
    127.0.0.1 123moviedownload.com
    127.0.0.1 www.123moviedownload.com

    There are 15464 more lines.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-784291939-2049310861-2985522810-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\user\Pictures\Wallpaper\4703-dismembered-robot-1920x1080-3d-wallpaper.jpg
    DNS Servers: 200.1.104.36 - 200.1.104.35
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run32: => "RemoteControl10"
    HKU\S-1-5-21-784291939-2049310861-2985522810-1001\...\StartupApproved\Run: => "Google Update"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [UDP Query User{52C90EAC-4E44-4886-A3EF-53C0C9831F4C}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
    FirewallRules: [TCP Query User{8958FBDC-352A-48CA-AFD3-1D243AD8CB45}C:\windows\system32\mmc.exe] => (Block) C:\windows\system32\mmc.exe
    FirewallRules: [{0DF2A6A6-090C-447E-8D07-2B878E207DE7}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{ABF057B2-2170-4E97-92A9-34B942A85E17}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{A679E423-162B-4517-9D2D-49D150FCCEE9}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
    FirewallRules: [{FEE54D13-5CA6-4595-AA92-FCB87068F2A2}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
    FirewallRules: [{A8CCCFEC-31AD-4C99-98ED-E2F8C1A21F59}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
    FirewallRules: [{BB2CAB2A-A160-4CBB-B369-5D4ED8B0B6AD}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
    FirewallRules: [{98F4DCE3-7DEB-4C51-A6FE-608EBC9CA998}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
    FirewallRules: [{FEEB2C42-37C4-4E19-AAE7-32D7555A024B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
    FirewallRules: [{37A6E584-5E72-4355-BEB8-A87F751CA5AE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
    FirewallRules: [{FC53E9ED-A45A-4C33-94EF-08A549D5F468}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
    FirewallRules: [{E9020C13-DBA4-4BCA-8E32-51AA99289272}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqcopy2.exe
    FirewallRules: [{4B3FAC1A-048A-49A6-B306-87A84EC480A1}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
    FirewallRules: [{1FFFB9D7-EC16-4DF7-8B00-4A5BE2A16D69}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
    FirewallRules: [{059E7E8F-C664-41B0-98D4-CD27C6AF161C}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
    FirewallRules: [{0447AC70-75E6-41CA-8E60-4229589D0E2B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
    FirewallRules: [{C31A492A-9786-4BAF-839C-B022ACD38703}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS4258\hppiw.exe
    FirewallRules: [{E8F1CB1B-E6DE-492E-9D32-2535D0C69FA3}] => (Allow) C:\Users\user\AppData\Local\Temp\7zS4258\hppiw.exe
    FirewallRules: [{D91BE12D-F546-4DF4-B240-CDC5E46081B0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE
    FirewallRules: [{949A3F81-AC6F-4D2D-9656-0033215CC7FA}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe
    FirewallRules: [{8F4BC650-91A8-404F-926B-C4BDF849290B}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDirector10\PDR10.EXE
    FirewallRules: [{038BCBE1-F971-49E6-991B-70F807CAEF7C}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Win7Ui.exe
    FirewallRules: [{101EC4CE-9D35-484A-9D16-5E48B0F58160}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
    FirewallRules: [{F62B6D44-9251-4D65-AA14-F4BA1FE02A90}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\BtTray.exe
    FirewallRules: [{772CFE55-8698-46FC-843D-5094C8C56361}] => (Allow) C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\Btvstack.exe
    FirewallRules: [{F10FCD35-4220-4F44-9EEB-DFB4995348B7}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{2E2A8443-6FF0-473D-89DC-9215E7E4CDFD}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
    FirewallRules: [{4B9F35BD-2F67-4715-930F-49295424C993}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Might & Magic - Duel of Champions\Game.exe
    FirewallRules: [{3417CCA2-AD11-49D7-A78B-3DDFF224E1A1}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Might & Magic - Duel of Champions\Game.exe
    FirewallRules: [{127CA207-8044-48BD-992D-ED4F79AF0171}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Might & Magic - Duel of Champions\Game.exe
    FirewallRules: [{CAAD1DD9-1902-4DFE-95FF-397BD4679499}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Might & Magic - Duel of Champions\Game.exe
    FirewallRules: [{55F8FE54-4A10-4BB1-BBCA-F8B374C31986}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Elsword\data\x2.exe
    FirewallRules: [{9DBDCD30-F6A5-4BA5-9411-3FB211DE48B7}] => (Allow) C:\Program Files (x86)\Steam\SteamApps\common\Elsword\data\x2.exe
    FirewallRules: [{DD199D1E-A371-4160-A7DF-1B6695D496D7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
    FirewallRules: [{30AFA730-9924-43A4-A0E3-5B95106FBE84}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2380\Agent.exe
    FirewallRules: [{A7AE21E4-A18F-497C-AA48-E2BB534AC4F1}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
    FirewallRules: [{A44C8E89-04BB-4A35-8CBF-3A0E80425238}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2717\Agent.exe
    FirewallRules: [{255D9694-8E54-4449-A639-A90CE049F456}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{F4C8FC03-7C9F-47E3-AD2A-4259E45592D0}] => (Allow) C:\Program Files (x86)\Battle.net\Battle.net.exe
    FirewallRules: [{451AA4D1-6E55-4162-8661-EC013BDED175}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{CF2640A0-65FC-49E0-BD10-2B3C162361B0}] => (Allow) C:\Program Files (x86)\Hearthstone\Hearthstone.exe
    FirewallRules: [{CAD9A21C-FDF6-44C3-9068-2E26A993BFAC}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
    FirewallRules: [{785B530C-4C92-4CE2-AA3B-7A6A2A854572}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2737\Agent.exe
    FirewallRules: [{B7FC5931-3CF8-414B-B6FB-7CB98F4D07B7}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
    FirewallRules: [{B109C377-D770-4CF8-8EC7-6E14761FF679}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.beta.2753\Agent.exe
    FirewallRules: [{1A1F5599-EC4B-4918-A501-808ADB073682}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
    FirewallRules: [{CD815252-0782-45EF-8BD4-362225EDE89C}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2787\Agent.exe
    FirewallRules: [{932C5D4F-D160-465F-961A-2B617139B289}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
    FirewallRules: [{77EEF96A-5E48-4273-9C43-E51633021224}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2816\Agent.exe
    FirewallRules: [TCP Query User{38A586F9-AAB1-4EBD-827C-AE35C66064A9}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
    FirewallRules: [UDP Query User{3636B944-5363-469A-99CC-109E86350D16}C:\program files (x86)\java\jre7\bin\java.exe] => (Allow) C:\program files (x86)\java\jre7\bin\java.exe
    FirewallRules: [{F8D05E8C-025C-4013-91B2-B90854D96F57}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
    FirewallRules: [{815EB691-A6C9-4595-AC0A-31FB25339AEA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.2880\Agent.exe
    FirewallRules: [{F8AED90B-104A-4681-B0C3-F451B87EF049}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{2BC26A33-B09B-45E3-AFCE-40F78F1851CA}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3526\Agent.exe
    FirewallRules: [{5268E425-7525-4A49-85C7-70C049ABB278}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{EDA3368F-5012-432D-ABA0-E0C423E0A80E}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{FA3618C8-8A14-46EE-8A28-2B0C620BF133}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{FF5AC3DF-3FA6-49AD-8CD5-A4354608EF3E}] => (Allow) LPort=2869
    FirewallRules: [{7CC6E7FD-FD5D-422A-ADED-4840190C6421}] => (Allow) LPort=1900
    FirewallRules: [TCP Query User{FDB40A38-B4EE-4865-97A3-48646F320434}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
    FirewallRules: [UDP Query User{57EE1491-744E-4A68-B512-750675779CAE}C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe] => (Allow) C:\program files (x86)\wondershare\video converter ultimate\dscheck.exe
    FirewallRules: [TCP Query User{6643D38C-5FCC-423C-8104-AAAB2455D488}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [UDP Query User{B2C120C7-2AD5-4A13-A0E6-9939CBFFA4C0}C:\program files (x86)\videolan\vlc\vlc.exe] => (Block) C:\program files (x86)\videolan\vlc\vlc.exe
    FirewallRules: [TCP Query User{13998ED2-9122-4A1D-A112-E85A820446DD}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe
    FirewallRules: [UDP Query User{820EE342-E56C-4B49-ADD9-36067D78B657}C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_60\bin\javaw.exe
    FirewallRules: [TCP Query User{4B9BA4C6-78F8-4E00-B03C-81678515B31A}C:\program files (x86)\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\java.exe
    FirewallRules: [UDP Query User{729D20AA-206F-4B7E-83E1-F3D350714038}C:\program files (x86)\java\jre1.8.0_60\bin\java.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\java.exe
    FirewallRules: [TCP Query User{45B150CB-63F1-4419-B391-1FBE9503FB79}C:\program files (x86)\java\jre1.8.0_71\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_71\bin\jp2launcher.exe
    FirewallRules: [UDP Query User{24A1ECC0-559D-4F9B-A029-5935C577B542}C:\program files (x86)\java\jre1.8.0_71\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_71\bin\jp2launcher.exe
    FirewallRules: [{6A494A81-F75C-4CAA-96F0-A34C58F97A0D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    03-02-2016 17:33:55 Windows Update
    09-02-2016 06:56:29 Windows Modules Installer
    15-02-2016 07:02:06 Removed AVG PC TuneUp 2015
    19-02-2016 06:31:13 Dell Update: eDellRoot Removal
    19-02-2016 06:34:38 Dell Update: DSD Cert Removal

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (02/22/2016 09:44:10 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (02/22/2016 09:42:22 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (02/22/2016 07:11:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DELL)
    Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/22/2016 07:11:50 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DELL)
    Description: Activation of app Microsoft.Windows.Photos_8wekyb3d8bbwe!App failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/21/2016 01:13:51 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DELL)
    Description: Activation of app Microsoft.ZuneVideo_8wekyb3d8bbwe!Microsoft.ZuneVideo failed with error: -2147023170 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/20/2016 07:05:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DELL)
    Description: Activation of app Microsoft.Windows.ShellExperienceHost_cw5n1h2txyewy!App failed with error: -2144927142 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (02/20/2016 07:03:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: DELL)
    Description: Package Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewy+App was terminated because it took too long to suspend.

    Error: (02/19/2016 07:25:51 AM) (Source: Application Error) (EventID: 1000) (User: )
    Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.35, time stamp: 0x566505bc
    Faulting module name: StartUI.dll, version: 10.0.10586.35, time stamp: 0x56650467
    Exception code: 0xc0000005
    Fault offset: 0x0000000000384209
    Faulting process id: 0x9e8
    Faulting application start time: 0xShellExperienceHost.exe0
    Faulting application path: ShellExperienceHost.exe1
    Faulting module path: ShellExperienceHost.exe2
    Report Id: ShellExperienceHost.exe3
    Faulting package full name: ShellExperienceHost.exe4
    Faulting package-relative application ID: ShellExperienceHost.exe5

    Error: (02/19/2016 06:34:41 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (02/19/2016 06:33:20 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .


    System errors:
    =============
    Error: (02/22/2016 09:12:29 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    Error: (02/22/2016 08:04:22 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    Error: (02/22/2016 09:33:57 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_cda2666 service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/22/2016 09:33:46 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_cda2666 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/22/2016 09:33:46 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (02/22/2016 12:12:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_8e6920d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/22/2016 12:12:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

    Error: (02/21/2016 02:46:35 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_61106d9 service to connect.

    Error: (02/21/2016 02:46:25 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_61106d9 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (02/21/2016 02:46:25 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
    Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable


    CodeIntegrity:
    ===================================
    Date: 2016-02-22 21:46:00.050
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-22 21:41:18.115
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-22 20:33:47.990
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-22 20:32:05.978
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-22 19:26:06.440
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-22 19:23:47.565
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-22 18:23:17.155
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-22 18:22:45.883
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-22 18:22:30.414
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-02-22 18:22:18.708
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume5\Windows\System32\ChainAPO64.dll because the set of per-page image hashes could not be found on the system.


    ==================== Memory info ===========================

    Processor: Intel(R) Celeron(R) CPU B820 @ 1.70GHz
    Percentage of memory in use: 48%
    Total physical RAM: 3959.09 MB
    Available physical RAM: 2054.3 MB
    Total Virtual: 5141.25 MB
    Available Virtual: 2999.91 MB

    ==================== Drives ================================

    Drive c: (OS) (Fixed) (Total:287.64 GB) (Free:204.1 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (Size: 298.1 GB) (Disk ID: 68EBE124)

    Partition: GPT.

    ==================== End of Addition.txt ============================

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2016-02-22 21:52:03
    -----------------------------
    21:52:03.159 OS Version: Windows x64 6.2.9200
    21:52:03.159 Number of processors: 2 586 0x2A07
    21:52:03.159 ComputerName: DELL UserName: Alan
    21:52:08.596 Initialize success
    21:52:08.643 VM: initialized successfully
    21:52:08.643 VM: Intel CPU supported virtualized
    21:52:11.893 VM: disk I/O iaStorA.sys
    21:52:14.503 AVAST engine defs: 16022201
    21:52:17.691 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002a
    21:52:17.691 Disk 0 Vendor: ST320LM001_HN-M320MBB 2AR20003 Size: 305245MB BusType: 11
    21:52:18.050 Disk 0 MBR read successfully
    21:52:18.066 Disk 0 MBR scan
    21:52:18.097 Disk 0 unknown MBR code
    21:52:18.097 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1
    21:52:18.175 Disk 0 scanning C:\WINDOWS\system32\drivers
    21:52:52.826 Service scanning
    21:53:20.113 Modules scanning
    21:53:20.128 Disk 0 trace - called modules:
    21:53:20.660 ntoskrnl.exe CLASSPNP.SYS disk.sys ACPI.sys storport.sys hal.dll iaStorA.sys
    21:53:20.675 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00067532060]
    21:53:20.675 3 CLASSPNP.SYS[fffff8011bab7d95] -> nt!IofCallDriver -> [0xffffe000667ffb20]
    21:53:20.691 5 ACPI.sys[fffff8011b831361] -> nt!IofCallDriver -> \Device\0000002a[0xffffe000667fd060]
    21:53:21.253 AVAST engine scan C:\WINDOWS
    21:53:23.425 AVAST engine scan C:\WINDOWS\system32
    21:56:26.132 AVAST engine scan C:\WINDOWS\system32\drivers
    21:56:45.186 AVAST engine scan C:\Users\user
    21:58:01.487 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
    21:58:01.487 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"
    22:13:00.958 AVAST engine scan C:\ProgramData
    22:16:39.746 Disk 0 statistics 4469318/0/0 @ 1.86 MB/s
    22:16:39.746 Scan finished successfully
    22:18:42.066 Disk 0 MBR has been saved successfully to "C:\Users\user\Desktop\MBR.dat"
    22:18:42.066 The log file has been saved successfully to "C:\Users\user\Desktop\aswMBR.txt"

  2. #2
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,923

    Default

    Hi and welcome

    I see a small amount of things to remove and really not malicious. What I see the most of are system errors.


    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
    C:\Users\user\AppData\Local\Temp\DseShExt-x64.dll
    C:\Users\user\AppData\Local\Temp\DseShExt-x86.dll
    C:\Users\user\AppData\Local\Temp\SDShelEx-win32.dll
    C:\Users\user\AppData\Local\Temp\SDShelEx-x64.dll
    CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    Task: {15AAABD7-23C5-48DF-862E-95DCBB0E1261} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {1A381909-A18D-47FC-962E-1F6E793D2DE4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {2E3266A8-7852-43DD-9F6C-FA742FC24317} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {338885A1-B400-47D7-A380-D8B9B282DC1C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {60C67F50-D371-4252-BA11-781E51333176} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {721B71D2-C9AB-48EB-8FDB-5D1B0EA26D5A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {89978B2B-57B6-4777-B861-2834E36BDAE6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {9707BC84-CE22-46FA-B534-2E18CBDBE207} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {BF8E135C-9756-4690-B7FB-771D3A26E201} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {DA4AB3EC-C6BA-42DC-9462-97E73CEB5B7D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    EmptyTemp:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.

    ~~~~~~~~~~~~~~~~~~~~~~~~~`

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
    • Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Please download Junkware Removal Tool
    or from here http://downloads.malwarebytes.org/file/jrt
    to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ~~~
    please post
    Fixlog.txt
    AdwCleaner[CX].txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  3. #3
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,923

    Default

    Still need help?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  4. #4
    Member
    Join Date
    Jun 2008
    Posts
    54

    Default Instructions followed

    Heay, sorry for not getting back to you. It's been a crappy week at work and I forgot I even posted for help until today. Anyway, Thanks for your help. I did the things you instructed and the logs are posted below. Is my system clean now?

    Fix result of Farbar Recovery Scan Tool (x64) Version:21-02-2016 01
    Ran by Alan (2016-02-28 15:42:08) Run:1
    Running from C:\Users\user\Desktop
    Loaded Profiles: Alan (Available Profiles: Alan)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-12-22] (Oracle Corporation)
    CHR Plugin: (Widevine Content Decryption Module) - C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => No File
    C:\Users\user\AppData\Local\Temp\DseShExt-x64.dll
    C:\Users\user\AppData\Local\Temp\DseShExt-x86.dll
    C:\Users\user\AppData\Local\Temp\SDShelEx-win32.dll
    C:\Users\user\AppData\Local\Temp\SDShelEx-x64.dll
    CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.13\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.29.1\psuser_64.dll => No File
    CustomCLSID: HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}\InprocServer32 -> C:\Users\user\AppData\Local\Google\Update\1.3.28.15\psuser_64.dll => No File
    Task: {15AAABD7-23C5-48DF-862E-95DCBB0E1261} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {1A381909-A18D-47FC-962E-1F6E793D2DE4} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {2E3266A8-7852-43DD-9F6C-FA742FC24317} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {338885A1-B400-47D7-A380-D8B9B282DC1C} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {60C67F50-D371-4252-BA11-781E51333176} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {721B71D2-C9AB-48EB-8FDB-5D1B0EA26D5A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {89978B2B-57B6-4777-B861-2834E36BDAE6} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {9707BC84-CE22-46FA-B534-2E18CBDBE207} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {BF8E135C-9756-4690-B7FB-771D3A26E201} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {DA4AB3EC-C6BA-42DC-9462-97E73CEB5B7D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    EmptyTemp:
    End
    *****************

    Restore point was successfully created.
    Processes closed successfully.
    HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\SunJavaUpdateSched => value removed successfully
    C:\Users\user\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll => not found.
    C:\Users\user\AppData\Local\Temp\DseShExt-x64.dll => moved successfully
    C:\Users\user\AppData\Local\Temp\DseShExt-x86.dll => moved successfully
    C:\Users\user\AppData\Local\Temp\SDShelEx-win32.dll => moved successfully
    C:\Users\user\AppData\Local\Temp\SDShelEx-x64.dll => moved successfully
    "HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{5C8C2A98-6133-4EBA-BBCC-34D9EA01FC2E}" => key removed successfully
    "HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{78550997-5DEF-4A8A-BAF9-D5774E87AC98}" => key removed successfully
    "HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{CC182BE1-84CE-4A57-B85C-FD4BBDF78CB2}" => key removed successfully
    "HKU\S-1-5-21-784291939-2049310861-2985522810-1001_Classes\CLSID\{D1EDC4F5-7F4D-4B12-906A-614ECF66DDAF}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{15AAABD7-23C5-48DF-862E-95DCBB0E1261}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{15AAABD7-23C5-48DF-862E-95DCBB0E1261}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A381909-A18D-47FC-962E-1F6E793D2DE4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A381909-A18D-47FC-962E-1F6E793D2DE4}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2E3266A8-7852-43DD-9F6C-FA742FC24317}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2E3266A8-7852-43DD-9F6C-FA742FC24317}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{338885A1-B400-47D7-A380-D8B9B282DC1C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{338885A1-B400-47D7-A380-D8B9B282DC1C}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{60C67F50-D371-4252-BA11-781E51333176}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{60C67F50-D371-4252-BA11-781E51333176}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{721B71D2-C9AB-48EB-8FDB-5D1B0EA26D5A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{721B71D2-C9AB-48EB-8FDB-5D1B0EA26D5A}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{89978B2B-57B6-4777-B861-2834E36BDAE6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{89978B2B-57B6-4777-B861-2834E36BDAE6}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{9707BC84-CE22-46FA-B534-2E18CBDBE207}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{9707BC84-CE22-46FA-B534-2E18CBDBE207}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BF8E135C-9756-4690-B7FB-771D3A26E201}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BF8E135C-9756-4690-B7FB-771D3A26E201}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DA4AB3EC-C6BA-42DC-9462-97E73CEB5B7D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DA4AB3EC-C6BA-42DC-9462-97E73CEB5B7D}" => key removed successfully
    "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
    EmptyTemp: => 874.1 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 15:46:41 ====

    # AdwCleaner v5.037 - Logfile created 28/02/2016 at 15:56:57
    # Updated 28/02/2016 by Xplode
    # Database : 2016-02-28.2 [Server]
    # Operating system : Windows 10 Home (x64)
    # Username : Alan - DELL
    # Running from : C:\Users\user\Desktop\AdwCleaner.exe
    # Option : Scan
    # Support : http://toolslib.net/forum

    ***** [ Services ] *****


    ***** [ Folders ] *****

    Folder Found : C:\Users\user\AppData\Roaming\RPEng

    ***** [ Files ] *****


    ***** [ DLL ] *****


    ***** [ Shortcuts ] *****


    ***** [ Scheduled tasks ] *****


    ***** [ Registry ] *****


    ***** [ Web browsers ] *****


    *************************

    C:\AdwCleaner\AdwCleaner[S1].txt - [638 bytes] - [28/02/2016 15:56:57]

    ########## EOF - C:\AdwCleaner\AdwCleaner[S1].txt - [710 bytes] ##########

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Junkware Removal Tool (JRT) by Malwarebytes
    Version: 8.0.3 (02.09.2016)
    Operating System: Windows 10 Home x64
    Ran by Alan (Administrator) on Sun 02/28/2016 at 16:08:57.18
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




    File System: 4

    Successfully deleted: C:\WINDOWS\system32\Tasks\PCDEventLauncherTask (Task)
    Successfully deleted: C:\WINDOWS\system32\Tasks\PCDoctorBackgroundMonitorTask (Task)
    Successfully deleted: C:\WINDOWS\prefetch\FREEMAKEVIDEOCONVERTERFULL.TM-7E7D14C9.pf (File)
    Successfully deleted: C:\WINDOWS\prefetch\FREEMAKEVIDEOCONVERTERFULL.TM-9A1F1E87.pf (File)



    Registry: 1

    Successfully deleted: HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{15FA46C5-6D67-4BC0-B79F-850F465F5D88} (Registry Key)




    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
    Scan was completed on Sun 02/28/2016 at 16:12:47.62
    End of JRT log
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

  5. #5
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,923

    Default

    What we can do now is run an online scan with Eset, for the time being it is our most trusted scanner.
    Most reliable and thorough.
    The settings I suggest will show us items located in quarantine folders so don't be alarmed with this, also, in case of a false positive I ask that you not allow it to delete what it does find.
    This scanner can take quite a bit of time to run, depending of course how full your computer is.



    Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.

    ESET Online Scan
    Note: This scan may take a long time to complete. Please do not browse the Internet whilst your Anti-Virus is disabled.
    • Please download ESET Online Scan and save the file to your Desktop.
    • Temporarily disable your anti-virus software. For instructions, please refer to the following link.
    • Double-click esetsmartinstaller_enu.exe to run the programme.
    • Agree to the EULA by placing a checkmark next to Yes, I accept the Terms of Use. Then click Start.
    • Agree to the Terms of Use once more and click Start. Allow components to download.
    • Place a checkmark next to Enable detection of potentially unwanted applications.
    • Click Advanced settings. Place a checkmark next to:
      • Scan archives
      • Scan for potentially unsafe applications
      • Enable Anti-Stealth technology

    • Ensure Remove found threats is unchecked.
    • Click Start.
    • Wait for the scan to finish. Please be patient as this can take some time.
    • Upon completion, click . If no threats were found, skip the next two bullet points.
    • Click and save the file to your Desktop, naming it something such as "MyEsetScan".
    • Push the Back button.
    • Place a checkmark next to and click .
    • Re-enable your anti-virus software.
    • Copy the contents of the log and paste in your next reply.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  6. #6
    Member
    Join Date
    Jun 2008
    Posts
    54

    Default

    HI, The requested log is below. It found 3 threats.

    C:\Program Files (x86)\Dell Backup and Recovery\Components\DBRUpdate\Backup\DBRUpdate\hstart.exe.bak a variant of Win32/HiddenStart.A potentially unsafe application
    C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe a variant of Win32/OpenCandy.A potentially unsafe application
    C:\Users\user\Downloads\FreemakeVideoConverterFull.exe a variant of Win32/OpenCandy.A potentially unsafe application

  7. #7
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,923

    Default

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)

    start
    CreateRestorePoint:
    CloseProcesses:
    C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe
    C:\Users\user\Downloads\FreemakeVideoConverterFull.exe
    EmptyTemp:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.


    How is the computer now?
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  8. #8
    Member
    Join Date
    Jun 2008
    Posts
    54

    Default

    Hey, it seems to be working well. I haven't had the video glitch since running the fix. Does that mean the video not playing was because of the malware?

    Fix result of Farbar Recovery Scan Tool (x64) Version:02-03-2016
    Ran by Alan (2016-03-03 21:03:41) Run:2
    Running from C:\Users\user\Desktop
    Loaded Profiles: Alan (Available Profiles: Alan)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    start
    CreateRestorePoint:
    CloseProcesses:
    C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe
    C:\Users\user\Downloads\FreemakeVideoConverterFull.exe
    EmptyTemp:
    End

    *****************

    Restore point was successfully created.
    Processes closed successfully.
    C:\Program Files (x86)\Freemake\Freemake Video Converter\SetupUpdate.exe => moved successfully
    C:\Users\user\Downloads\FreemakeVideoConverterFull.exe => moved successfully
    EmptyTemp: => 502.2 MB temporary data Removed.


    The system needed a reboot.

    ==== End of Fixlog 21:04:37 ====

  9. #9
    Security Expert Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    3,923

    Default

    Hey, it seems to be working well. I haven't had the video glitch since running the fix. Does that mean the video not playing was because of the malware?
    It's possible but, to be able to give an exact cause, I can't.

    DelFix
    • Please download DelFix or from Here and save the file to your Desktop.
    • Double-click DelFix.exe to run the programme.
    • Place a checkmark next to the following items:

    • Remove disinfection tools

    • Click the Run button.
    • -- This will remove the specialised tools we used to disinfect your system. Any leftover logs, files, folders or tools remaining on your Desktop which were not removed can be deleted manually (right-click the file + delete).


    ~~~~~~~~~~~~~~~~~~~~~~`


    The following programmes come highly recommended in the security community.
    • AdBlock is a browser add-on that blocks annoying banners, pop-ups and video ads.
    • CryptoPrevent places policy restrictions on loading points for ransomware (eg.CryptoPrevent), preventing your files from being encrypted.
    • Malwarebytes Anti-Exploit (MBAE) is designed to prevent zero-day malware from exploiting vulnerable software.
    • Malwarebytes Anti-Malware Premium (MBAM) works in real-time along side your Anti-Virus to prevent malware execution.
    • NoScript is a Firefox add-on that blocks the actions of malicious scripts by using whitelisting and other technology.
    • Sandboxie isolates programmes of your choice, preventing files from being written to your HDD unless approved by you.
    • Secuina PSI will scan your computer for vulnerable softwarethat is outdated, and automatically find the latest update for you.
    • SpywareBlaster is a form of passive protection, designed to block the actions of malicious websites and tracking cookies.
    • Web of Trust (WOT) is a browser add-on designed to alert you before interacting with a potentially malicious website.




    Want to help others? Join the ClassRoom and learn how.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.

  10. #10
    Member
    Join Date
    Jun 2008
    Posts
    54

    Default

    Alright, all done. Thanks for all your help.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •