Posted June 3, 20168 yr FPCH Staff Hi Starbuck, here are the logs you requested. It was hit with the scam 2016_06_02 about 9:30 AM. I see Client Care Experts entries in the Addition log; Attention entries in the FRST log. Note: When starting this W10 machine, I'm getting "Please wait for the local session manager" and "Preparing Windows" notices on the screen. They go away after a few seconds. Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:01-06-2016 Ran by wayne (administrator) on WAYNE-PC (03-06-2016 09:33:15) Running from C:\Users\wayne\Desktop Loaded Profiles: wayne (Available Profiles: wayne) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: Edge) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (Atheros) C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe () C:\Windows\System32\igfxTray.exe (Microsoft Corporation) C:\Windows\System32\dllhost.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe (Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Microsoft Corporation) C:\Windows\System32\rundll32.exe (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe (Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe (Dell Inc.) C:\Program Files (x86)\Dell Customer Connect\DCCService.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpService.exe (Dell Inc.) C:\Program Files (x86)\Dell Update\DellUpTray.exe (Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe (Intuit Inc.) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe (Dell Inc.) C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe (Dell Inc.) C:\Program Files\Dell\DellDataVault\DellDataVault.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8512760 2015-08-04] (Realtek Semiconductor) HKLM\...\Run: [RtHDVBg] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor) HKLM\...\Run: [igfxTray] => C:\Windows\system32\igfxtray.exe [402344 2015-12-19] () HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe" HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe" HKLM\...\Run: [iAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [286056 2013-07-29] (Intel Corporation) HKLM\...\Run: [RtHDVBg_PushButton] => C:\Program Files\Realtek\Audio\HDA\RAVBg64.exe [1411320 2015-08-04] (Realtek Semiconductor) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-05-11] (Apple Inc.) HKLM-x32\...\Run: [uSB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-04-25] (Intel Corporation) HKLM-x32\...\Run: [Dell Registration] => C:\Program Files (x86)\System Registration\prodreg.exe /boot HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard) HKLM-x32\...\Run: [] => [X] HKLM-x32\...\Run: [emsisoft anti-malware] => C:\Program Files (x86)\Emsisoft Anti-Malware\a2guard.exe [5836888 2016-06-03] (Emsisoft Ltd) HKLM-x32\...\Run: [sunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] ShellIconOverlayIdentifiers: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\wayne\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll [2014-07-02] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File ShellIconOverlayIdentifiers: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\wayne\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll [2014-07-02] (Microsoft Corporation) ShellIconOverlayIdentifiers: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\wayne\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\amd64\SkyDriveShell64.dll [2014-07-02] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileBackuped] -> {831cebdd-6baf-4432-be76-9e0989c14aef} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers: [DBARFileNotBackuped] -> {275e4fd7-21ef-45cf-a836-832e5d2cc1b3} => C:\WINDOWS\system32\mscoree.dll [2015-10-30] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive1] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\wayne\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll [2014-07-02] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive4] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\wayne\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll [2014-07-02] (Microsoft Corporation) ShellIconOverlayIdentifiers-x32: [ OneDrive5] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\wayne\AppData\Local\Microsoft\SkyDrive\17.0.4041.0512\SkyDriveShell.dll [2014-07-02] (Microsoft Corporation) Startup: C:\Users\wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Deskjet 2540 series.lnk [2016-06-03] ShortcutTarget: Monitor Ink Alerts - HP Deskjet 2540 series.lnk -> C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPStatusBL.dll (Hewlett-Packard Co.) GroupPolicy: Restriction - Chrome CHR HKLM\SOFTWARE\Policies\Google: Restriction ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) ProxyServer: [HKLM] => http=proxy-url:port;https=proxy-url:port;ftp=proxy-url:port;socks=proxy-url:port; ProxyServer: [s-1-5-21-1560975029-805369101-429338555-1000] => http=proxy-url:port;https=proxy-url:port;ftp=proxy-url:port;socks=proxy-url:port; Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 Tcpip\..\Interfaces\{2b984eff-265c-4734-a571-3eb2c4d35be0}: [DhcpNameServer] 192.168.0.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome HKU\S-1-5-21-1560975029-805369101-429338555-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch HKU\S-1-5-21-1560975029-805369101-429338555-1000\Software\Microsoft\Internet Explorer\Main,Start Page = verizon.net SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-1560975029-805369101-429338555-1000 -> DefaultScope {DD68CCFB-BF1B-490E-9356-920618CB4B15} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} SearchScopes: HKU\S-1-5-21-1560975029-805369101-429338555-1000 -> {034478D8-546A-469D-87FC-47BACAF494D9} URL = SearchScopes: HKU\S-1-5-21-1560975029-805369101-429338555-1000 -> {0DD6AFE2-7837-46ED-8C56-8D93BE1EFD4D} URL = hxxps://search.yahoo.com/search?p={searchTerms}&b={startPage?}&fr=ie8 SearchScopes: HKU\S-1-5-21-1560975029-805369101-429338555-1000 -> {74FA884D-52A0-49EC-BBD9-135181ED12E6} URL = SearchScopes: HKU\S-1-5-21-1560975029-805369101-429338555-1000 -> {CC8208E4-2BCC-4DCF-904E-F731BCE42B61} URL = hxxps://duckduckgo.com/?q={searchTerms} SearchScopes: HKU\S-1-5-21-1560975029-805369101-429338555-1000 -> {DD68CCFB-BF1B-490E-9356-920618CB4B15} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?} BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2016-04-12] (Microsoft Corporation) BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-06-02] (Oracle Corporation) BHO: CIESpeechBHO Class -> {8D10F6C4-0E01-4BD4-8601-11AC1FDF8126} -> C:\Program Files (x86)\Dell Wireless\Bluetooth Suite\IEPlugIn.dll [2013-07-02] (Qualcomm®Atheros®) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) BHO: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files\WOT\WOT.dll [2013-09-02] () BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation) BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-02] (Oracle Corporation) BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-06-02] (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) BHO-x32: WOT Helper -> {C920E44A-7F78-4E64-BDD7-A57026E7FEB7} -> C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] () BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-06-02] (Oracle Corporation) BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File Toolbar: HKLM - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] () Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-27] (Google Inc.) Toolbar: HKLM-x32 - WOT - {71576546-354D-41c9-AAE8-31F2EC22BF0D} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] () Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-27] (Google Inc.) Toolbar: HKU\S-1-5-21-1560975029-805369101-429338555-1000 -> WOT - {71576546-354D-41C9-AAE8-31F2EC22BF0D} - C:\Program Files\WOT\WOT.dll [2013-09-02] () DPF: HKLM-x32 {7530BFB8-7293-4D34-9923-61A11451AFC5} hxxp://download.eset.com/special/eos/OnlineScanner.cab Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation) Handler: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files\WOT\WOT.dll [2013-09-02] () Handler-x32: wot - {C2A44D6B-CB9F-4663-88A6-DF2F26E4D952} - C:\Program Files (x86)\WOT\WOT.dll [2013-09-02] () FireFox: ======== FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-02] (Oracle Corporation) FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-02] (Oracle Corporation) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-12-18] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-04] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-06-02] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-06-02] (Oracle Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-07-03] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-10] (Google Inc.) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-03-17] (Adobe Systems Inc.) Chrome: ======= CHR StartupUrls: Default -> "hxxps://mail.verizon.com/webmail/driver?nimlet=showmessages&view=emails" CHR Profile: C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-01] CHR Extension: (Google Drive) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-01] CHR Extension: (WOT: Web of Trust, Website Reputation Ratings) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\bhmmomiinigofkjcapegjjndpbikblnp [2015-12-01] CHR Extension: (YouTube) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-01] CHR Extension: (Google Search) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-01] CHR Extension: (Google Docs Offline) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-06-03] CHR Extension: (Chrome Web Store Payments) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-06-03] CHR Extension: (Gmail) - C:\Users\wayne\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S2 a2AntiMalware; C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe [7084784 2016-06-03] (Emsisoft Ltd) R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.) R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [3009264 2016-05-17] (Microsoft Corporation) R2 Dell Customer Connect; C:\Program Files (x86)\Dell Customer Connect\DCCService.exe [137968 2015-09-22] (Dell Inc.) R2 DellDataVault; C:\Program Files\Dell\DellDataVault\DellDataVault.exe [2572024 2016-03-10] (Dell Inc.) R2 DellDataVaultWiz; C:\Program Files\Dell\DellDataVault\DellDataVaultWiz.exe [202488 2016-03-10] (Dell Inc.) R2 DellUpdate; C:\Program Files (x86)\Dell Update\DellUpService.exe [237272 2015-08-27] (Dell Inc.) R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [14696 2013-07-29] (Intel Corporation) R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [373160 2015-12-19] (Intel Corporation) R2 Intel® Capability Licensing Service Interface; c:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed] S3 Intel® Capability Licensing Service TCP IP Interface; c:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-25] (Intel Corporation) R2 RtkAudioService; C:\Program Files\Realtek\Audio\HDA\RtkAudioService64.exe [312056 2015-08-04] (Realtek Semiconductor) R2 SupportAssistAgent; C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssistAgent.exe [31928 2016-04-22] (Dell Inc.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) R2 ZAtheros Wlan Agent; C:\Program Files (x86)\Dell Wireless\Ath_WlanAgent.exe [81536 2013-06-20] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) S3 a2acc; C:\PROGRAM FILES (X86)\EMSISOFT ANTI-MALWARE\a2accx64.sys [71472 2014-05-12] (Emsisoft GmbH) R1 A2DDA; C:\Program Files (x86)\Emsisoft Anti-Malware\a2ddax64.sys [26176 2013-03-28] (Emsisoft GmbH) R1 a2injectiondriver; C:\Program Files (x86)\Emsisoft Anti-Malware\a2dix64.sys [45208 2013-09-30] (Emsisoft GmbH) R1 a2util; C:\Program Files (x86)\Emsisoft Anti-Malware\a2util64.sys [23088 2014-05-12] (Emsisoft GmbH) S3 cleanhlp; C:\Program Files (x86)\Emsisoft Anti-Malware\cleanhlp64.sys [57024 2013-12-04] (Emsisoft GmbH) R3 DDDriver; C:\Windows\system32\drivers\DDDriver64Dcsa.sys [32464 2015-09-11] (Dell Computer Corporation) R3 DellProf; C:\Windows\system32\drivers\DellProf.sys [24240 2015-05-22] (Dell Computer Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-04] (Intel Corporation) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) U3 idsvc; no ImagePath U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-03 09:33 - 2016-06-03 09:33 - 00021720 _____ C:\Users\wayne\Desktop\FRST.txt 2016-06-03 09:31 - 2016-06-03 09:32 - 02383872 _____ (Farbar) C:\Users\wayne\Desktop\FRST64.exe 2016-06-02 10:19 - 2016-06-02 10:19 - 00001824 _____ C:\Users\Public\Desktop\iTunes.lnk 2016-06-02 10:19 - 2016-06-02 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes 2016-06-02 10:19 - 2016-06-02 10:19 - 00000000 ____D C:\Program Files\iTunes 2016-06-02 10:19 - 2016-06-02 10:19 - 00000000 ____D C:\Program Files\iPod 2016-06-02 10:19 - 2016-06-02 10:19 - 00000000 ____D C:\Program Files (x86)\iTunes 2016-06-02 10:18 - 2016-06-02 10:18 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple 2016-06-02 10:18 - 2016-06-02 10:18 - 00000000 ____D C:\Program Files\Bonjour 2016-06-02 10:18 - 2016-06-02 10:18 - 00000000 ____D C:\Program Files (x86)\Bonjour 2016-06-02 10:18 - 2016-06-02 10:18 - 00000000 ____D C:\Program Files (x86)\Apple Software Update 2016-06-02 10:17 - 2016-06-02 10:17 - 00110144 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll 2016-06-02 10:17 - 2016-06-02 10:17 - 00000000 ____D C:\Program Files\Java 2016-06-02 10:16 - 2016-06-02 10:17 - 00000000 ____D C:\Users\wayne\.oracle_jre_usage 2016-06-02 10:16 - 2016-06-02 10:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java 2016-06-02 10:16 - 2016-06-02 10:16 - 00097856 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll 2016-06-02 10:16 - 2016-06-02 10:16 - 00000000 ____D C:\Users\wayne\AppData\Roaming\Sun 2016-06-02 10:16 - 2016-06-02 10:16 - 00000000 ____D C:\Users\wayne\AppData\LocalLow\Oracle 2016-06-02 10:16 - 2016-06-02 10:16 - 00000000 ____D C:\ProgramData\Oracle 2016-06-02 10:16 - 2016-06-02 10:16 - 00000000 ____D C:\Program Files (x86)\Java 2016-06-02 10:15 - 2016-06-02 10:15 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-06-02 10:15 - 2016-06-02 10:15 - 00000000 ____D C:\Program Files (x86)\Adobe 2016-06-02 10:11 - 2016-06-02 10:11 - 00001173 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk 2016-06-02 10:08 - 2016-06-02 10:08 - 00002332 _____ C:\Users\wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Client Care Experts (2).lnk 2016-06-02 09:52 - 2016-06-02 09:52 - 00631524 _____ C:\Users\wayne\Desktop\service Report.pdf 2016-06-02 09:52 - 2016-06-02 09:52 - 00000219 _____ C:\Users\wayne\Desktop\Client care experts.url 2016-06-02 09:51 - 2016-06-02 09:51 - 00000002 _____ C:\Users\wayne\Desktop\Rkill.txt 2016-06-02 09:48 - 2015-11-17 18:11 - 00002131 _____ C:\Users\wayne\Desktop\Toolbox.lnk 2016-06-02 09:44 - 2016-06-02 09:46 - 00000000 ____D C:\Program Files\Client Care Experts 2016-06-02 09:44 - 2015-04-19 16:12 - 00001703 _____ C:\WINDOWS\reset.lnk 2016-06-02 09:34 - 2016-06-02 09:35 - 00000000 ____D C:\Users\wayne\AppData\Local\LogMeIn Rescue Calling Card 2016-06-02 09:34 - 2016-06-02 09:34 - 00002425 _____ C:\Users\Public\Desktop\Client Care Experts.lnk 2016-06-02 09:34 - 2016-06-02 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Client Care Experts 2016-06-02 09:34 - 2016-06-02 09:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue Calling Card 2016-06-02 09:33 - 2016-06-02 09:33 - 00000094 _____ C:\Users\wayne\Desktop\Joe - Client Care Experts.txt 2016-06-02 08:52 - 2016-06-02 08:54 - 00000000 ____D C:\ProgramData\WRData 2016-06-02 08:51 - 2016-06-02 08:51 - 00000248 _____ C:\rescue.info 2016-06-02 08:50 - 2016-06-02 08:50 - 00002332 _____ C:\Users\wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Client Care Experts.lnk 2016-06-02 06:40 - 2016-06-02 06:40 - 00019003 _____ C:\Users\wayne\Documents\power of attorney.pdf 2016-06-02 05:52 - 2016-06-02 05:52 - 04007859 _____ C:\Users\wayne\Downloads\Home Inspection (1).pdf 2016-05-29 21:14 - 2016-05-29 21:14 - 00057059 _____ C:\Users\wayne\Downloads\Settlement Confirm.PDF 2016-05-18 12:39 - 2016-05-18 12:39 - 05289917 _____ C:\Users\wayne\Downloads\What a Wonderful World.m4a 2016-05-18 07:04 - 2016-05-18 07:04 - 04007859 _____ C:\Users\wayne\Downloads\Home Inspection.pdf 2016-05-11 10:01 - 2016-05-06 00:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys 2016-05-11 10:01 - 2016-05-06 00:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2016-05-11 10:01 - 2016-05-06 00:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2016-05-11 10:01 - 2016-05-05 23:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2016-05-11 10:01 - 2016-05-05 23:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2016-05-11 10:01 - 2016-05-05 23:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2016-05-11 10:01 - 2016-05-05 23:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2016-05-11 10:01 - 2016-04-30 02:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-05-11 10:01 - 2016-04-30 02:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-05-11 10:01 - 2016-04-23 02:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-05-11 10:01 - 2016-04-23 02:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-05-11 10:01 - 2016-04-23 02:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-05-11 10:01 - 2016-04-23 02:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-05-11 10:01 - 2016-04-23 02:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-05-11 10:01 - 2016-04-23 02:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-05-11 10:01 - 2016-04-23 02:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-05-11 10:01 - 2016-04-23 02:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-05-11 10:01 - 2016-04-23 01:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-05-11 10:01 - 2016-04-23 01:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-05-11 10:01 - 2016-04-23 01:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-05-11 10:01 - 2016-04-23 01:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-05-11 10:01 - 2016-04-23 01:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-05-11 10:01 - 2016-04-23 01:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-05-11 10:01 - 2016-04-23 01:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2016-05-11 10:01 - 2016-04-23 01:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2016-05-11 10:01 - 2016-04-23 01:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2016-05-11 10:01 - 2016-04-23 01:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-05-11 10:01 - 2016-04-23 01:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-05-11 10:01 - 2016-04-23 01:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-05-11 10:01 - 2016-04-23 01:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2016-05-11 10:01 - 2016-04-23 01:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2016-05-11 10:01 - 2016-04-23 01:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2016-05-11 10:01 - 2016-04-23 01:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2016-05-11 10:01 - 2016-04-23 01:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2016-05-11 10:01 - 2016-04-23 01:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-05-11 10:01 - 2016-04-23 01:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2016-05-11 10:01 - 2016-04-23 01:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-05-11 10:01 - 2016-04-23 01:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys 2016-05-11 10:01 - 2016-04-23 01:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-05-11 10:01 - 2016-04-23 01:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-05-11 10:01 - 2016-04-23 01:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-05-11 10:01 - 2016-04-23 01:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-05-11 10:01 - 2016-04-23 01:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-05-11 10:01 - 2016-04-23 01:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-05-11 10:01 - 2016-04-23 01:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-05-11 10:01 - 2016-04-23 01:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2016-05-11 10:01 - 2016-04-23 01:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-05-11 10:01 - 2016-04-23 01:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-05-11 10:01 - 2016-04-23 01:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-05-11 10:01 - 2016-04-23 01:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-05-11 10:01 - 2016-04-23 01:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-05-11 10:01 - 2016-04-23 01:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-05-11 10:01 - 2016-04-23 01:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2016-05-11 10:01 - 2016-04-23 01:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2016-05-11 10:01 - 2016-04-23 01:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2016-05-11 10:01 - 2016-04-23 01:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2016-05-11 10:01 - 2016-04-23 01:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2016-05-11 10:01 - 2016-04-23 01:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2016-05-11 10:01 - 2016-04-23 01:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2016-05-11 10:01 - 2016-04-23 01:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-05-11 10:01 - 2016-04-23 01:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2016-05-11 10:01 - 2016-04-23 01:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll 2016-05-11 10:01 - 2016-04-23 01:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-05-11 10:01 - 2016-04-23 01:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2016-05-11 10:01 - 2016-04-23 01:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll 2016-05-11 10:01 - 2016-04-23 01:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-05-11 10:01 - 2016-04-23 01:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2016-05-11 10:01 - 2016-04-23 01:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-05-11 10:01 - 2016-04-23 01:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-05-11 10:01 - 2016-04-23 01:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-05-11 10:01 - 2016-04-23 01:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-05-11 10:01 - 2016-04-23 01:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2016-05-11 10:01 - 2016-04-23 01:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-05-11 10:01 - 2016-04-23 01:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll 2016-05-11 10:01 - 2016-04-23 01:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll 2016-05-11 10:01 - 2016-04-23 01:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll 2016-05-11 10:01 - 2016-04-23 00:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2016-05-11 10:01 - 2016-04-23 00:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2016-05-11 10:01 - 2016-04-23 00:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2016-05-11 10:01 - 2016-04-23 00:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2016-05-11 10:01 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys 2016-05-11 10:01 - 2016-04-23 00:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2016-05-11 10:01 - 2016-04-23 00:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2016-05-11 10:01 - 2016-04-23 00:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-05-11 10:01 - 2016-04-23 00:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-05-11 10:01 - 2016-04-23 00:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-05-11 10:01 - 2016-04-23 00:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-05-11 10:01 - 2016-04-23 00:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2016-05-11 10:01 - 2016-04-23 00:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2016-05-11 10:01 - 2016-04-23 00:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys 2016-05-11 10:01 - 2016-04-23 00:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2016-05-11 10:01 - 2016-04-23 00:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-05-11 10:01 - 2016-04-23 00:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-05-11 10:01 - 2016-04-23 00:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll 2016-05-11 10:01 - 2016-04-23 00:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll 2016-05-11 10:01 - 2016-04-23 00:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-05-11 10:01 - 2016-04-23 00:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-05-11 10:01 - 2016-04-23 00:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll 2016-05-11 10:01 - 2016-04-23 00:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2016-05-11 10:01 - 2016-04-23 00:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2016-05-11 10:01 - 2016-04-23 00:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-05-11 10:01 - 2016-04-23 00:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2016-05-11 10:01 - 2016-04-23 00:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-05-11 10:01 - 2016-04-23 00:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2016-05-11 10:01 - 2016-04-23 00:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-05-11 10:01 - 2016-04-23 00:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-05-11 10:01 - 2016-04-23 00:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2016-05-11 10:01 - 2016-04-23 00:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll 2016-05-11 10:01 - 2016-04-23 00:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll 2016-05-11 10:01 - 2016-04-23 00:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-05-11 10:01 - 2016-04-23 00:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll 2016-05-11 10:01 - 2016-04-23 00:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll 2016-05-11 10:01 - 2016-04-23 00:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-05-11 10:01 - 2016-04-23 00:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-05-11 10:01 - 2016-04-23 00:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-05-11 10:01 - 2016-04-23 00:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2016-05-11 10:01 - 2016-04-23 00:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-05-11 10:01 - 2016-04-23 00:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-05-11 10:01 - 2016-04-23 00:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2016-05-11 10:01 - 2016-04-23 00:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2016-05-11 10:01 - 2016-04-23 00:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-05-11 10:01 - 2016-04-23 00:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2016-05-11 10:01 - 2016-04-23 00:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2016-05-11 10:01 - 2016-04-23 00:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2016-05-11 10:01 - 2016-04-23 00:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-05-11 10:01 - 2016-04-23 00:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-05-11 10:01 - 2016-04-23 00:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-05-11 10:01 - 2016-04-23 00:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-05-11 10:01 - 2016-04-23 00:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-05-11 10:01 - 2016-04-23 00:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-05-11 10:01 - 2016-04-23 00:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2016-05-11 10:01 - 2016-04-23 00:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-05-11 10:01 - 2016-04-23 00:18 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys 2016-05-11 10:01 - 2016-04-23 00:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-05-11 10:01 - 2016-04-23 00:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-05-11 10:01 - 2016-04-23 00:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-05-11 10:01 - 2016-04-23 00:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-05-11 10:01 - 2016-04-23 00:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-05-11 10:01 - 2016-04-23 00:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-05-11 10:01 - 2016-04-23 00:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2016-05-11 10:01 - 2016-04-23 00:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2016-05-11 10:01 - 2016-04-23 00:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-05-11 10:01 - 2016-04-23 00:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-05-11 10:01 - 2016-04-23 00:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-05-11 10:01 - 2016-04-23 00:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-05-11 10:01 - 2016-04-23 00:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-05-11 10:01 - 2016-04-23 00:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2016-05-11 10:01 - 2016-04-23 00:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2016-05-11 10:01 - 2016-04-23 00:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-05-11 10:01 - 2016-04-23 00:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-05-11 10:01 - 2016-04-23 00:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2016-05-11 10:01 - 2016-04-23 00:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2016-05-11 10:01 - 2016-04-23 00:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-05-11 10:01 - 2016-04-23 00:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-05-11 10:01 - 2016-04-23 00:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-05-11 10:01 - 2016-04-23 00:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2016-05-11 10:01 - 2016-04-23 00:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2016-05-11 10:01 - 2016-04-23 00:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2016-05-11 10:01 - 2016-04-23 00:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-05-11 10:01 - 2016-04-23 00:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-05-11 10:01 - 2016-04-23 00:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2016-05-11 10:01 - 2016-04-23 00:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2016-05-11 10:01 - 2016-04-23 00:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-05-11 10:01 - 2016-04-23 00:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-05-11 10:01 - 2016-04-23 00:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-05-11 10:01 - 2016-04-23 00:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2016-05-11 10:01 - 2016-04-23 00:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-05-11 10:01 - 2016-04-23 00:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-05-11 10:01 - 2016-04-23 00:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-05-11 10:01 - 2016-04-23 00:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2016-05-11 10:01 - 2016-04-23 00:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-05-11 10:01 - 2016-04-23 00:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-05-11 10:01 - 2016-04-23 00:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-05-11 10:01 - 2016-04-23 00:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-05-11 10:01 - 2016-04-23 00:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-05-11 10:01 - 2016-04-23 00:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-05-11 10:01 - 2016-04-23 00:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-05-11 10:01 - 2016-04-23 00:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-05-11 10:01 - 2016-04-23 00:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-05-11 10:01 - 2016-04-23 00:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2016-05-11 10:01 - 2016-04-23 00:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-05-11 10:01 - 2016-04-23 00:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-05-11 10:01 - 2016-04-23 00:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-05-11 10:01 - 2016-04-23 00:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-05-11 10:01 - 2016-04-23 00:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2016-05-11 10:01 - 2016-04-23 00:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2016-05-11 10:01 - 2016-04-23 00:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-05-11 10:01 - 2016-04-23 00:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-05-11 10:01 - 2016-04-23 00:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-05-11 10:01 - 2016-04-23 00:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-05-11 10:01 - 2016-04-23 00:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2016-05-11 10:01 - 2016-04-23 00:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-05-11 10:01 - 2016-04-23 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2016-05-11 10:01 - 2016-04-23 00:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-05-11 10:01 - 2016-04-23 00:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2016-05-11 10:01 - 2016-04-23 00:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-05-11 10:01 - 2016-04-23 00:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-05-11 10:01 - 2016-04-23 00:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-05-11 10:01 - 2016-04-22 23:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2016-05-11 10:01 - 2016-04-22 22:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-05-11 10:00 - 2016-05-05 23:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2016-05-11 10:00 - 2016-04-23 01:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-05-11 10:00 - 2016-04-23 01:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-05-11 10:00 - 2016-04-23 01:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-05-11 10:00 - 2016-04-23 00:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2016-05-11 10:00 - 2016-04-23 00:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll 2016-05-11 10:00 - 2016-04-23 00:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-05-11 10:00 - 2016-04-23 00:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll 2016-05-11 10:00 - 2016-04-23 00:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe 2016-05-11 10:00 - 2016-04-23 00:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll 2016-05-11 10:00 - 2016-04-23 00:30 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys 2016-05-11 10:00 - 2016-04-23 00:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2016-05-11 10:00 - 2016-04-23 00:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll 2016-05-11 10:00 - 2016-04-23 00:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe 2016-05-11 10:00 - 2016-04-23 00:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2016-05-11 10:00 - 2016-04-23 00:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2016-05-11 10:00 - 2016-04-23 00:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-05-11 10:00 - 2016-04-23 00:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll 2016-05-11 10:00 - 2016-04-23 00:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2016-05-11 10:00 - 2016-04-23 00:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-05-11 10:00 - 2016-04-23 00:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-05-11 10:00 - 2016-04-23 00:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-05-11 10:00 - 2016-04-23 00:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2016-05-11 10:00 - 2016-04-23 00:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2016-05-11 10:00 - 2016-04-23 00:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll 2016-05-11 10:00 - 2016-04-23 00:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll 2016-05-11 10:00 - 2016-04-23 00:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2016-05-11 10:00 - 2016-04-23 00:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-05-11 10:00 - 2016-04-23 00:18 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS 2016-05-11 10:00 - 2016-04-23 00:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll 2016-05-11 10:00 - 2016-04-23 00:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-05-11 10:00 - 2016-04-23 00:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-05-11 10:00 - 2016-04-23 00:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2016-05-11 10:00 - 2016-04-22 22:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml 2016-05-11 10:00 - 2016-04-18 18:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml 2016-05-05 08:10 - 2016-05-05 08:10 - 00103819 _____ C:\Users\wayne\Downloads\SRA_ Suburban Realtors Alliance - West Norriton Township.pdf 2016-05-04 07:49 - 2016-05-04 07:49 - 00113087 _____ C:\Users\wayne\Downloads\Attachments (35).zip ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-03 09:33 - 2014-12-07 13:08 - 00000000 ____D C:\FRST 2016-06-03 09:32 - 2016-03-08 00:28 - 01011572 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-06-03 09:32 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF 2016-06-03 09:28 - 2014-12-07 11:53 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware 2016-06-03 09:27 - 2016-03-08 17:11 - 00000000 __SHD C:\Users\wayne\IntelGraphicsProfiles 2016-06-03 09:27 - 2016-03-08 00:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-06-03 09:27 - 2016-03-08 00:26 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat 2016-06-03 09:27 - 2014-07-03 18:58 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-06-03 09:26 - 2016-03-08 00:22 - 00240312 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-06-03 09:26 - 2015-10-30 02:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-06-03 08:07 - 2014-12-07 12:48 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-06-03 08:03 - 2014-07-03 18:58 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-03 07:49 - 2016-03-08 00:29 - 00000000 ____D C:\Users\wayne 2016-06-03 07:47 - 2014-04-11 22:00 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job 2016-06-03 07:12 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-06-03 07:12 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-06-03 07:07 - 2014-07-03 21:16 - 00000000 ____D C:\Users\wayne\AppData\Local\Adobe 2016-06-03 07:06 - 2014-07-15 19:25 - 00000000 ____D C:\GVTS 2016-06-02 10:19 - 2014-07-15 19:02 - 00000000 ____D C:\ProgramData\34BE82C4-E596-4e99-A191-52C6199EBF69 2016-06-02 10:19 - 2014-07-15 19:01 - 00000000 ____D C:\Program Files\Common Files\Apple 2016-06-02 10:18 - 2014-07-15 19:01 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk 2016-06-02 10:15 - 2014-12-31 19:37 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-06-02 10:15 - 2014-07-03 18:58 - 00002274 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-02 10:14 - 2014-04-11 22:16 - 00000000 ____D C:\ProgramData\Adobe 2016-06-02 10:11 - 2014-12-07 12:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware 2016-06-02 10:11 - 2014-12-07 12:48 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-06-02 10:10 - 2014-07-15 19:09 - 00000000 ____D C:\AdwCleaner 2016-06-02 09:53 - 2016-03-08 03:21 - 00000000 ___DC C:\WINDOWS\Panther 2016-06-02 09:53 - 2014-07-14 21:37 - 00000000 ____D C:\Users\wayne\AppData\Local\CrashDumps 2016-05-29 04:10 - 2015-10-30 03:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft 2016-05-29 04:09 - 2014-07-02 08:38 - 00000000 ____D C:\Program Files\Microsoft Office 15 2016-05-14 03:47 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache 2016-05-13 20:13 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-05-11 15:57 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-05-11 15:57 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-11 12:38 - 2016-03-08 17:11 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-05-11 12:35 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-11 12:35 - 2015-10-30 03:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2016-05-11 12:35 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-05-11 12:35 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-05-11 12:35 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\Provisioning 2016-05-11 12:35 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-05-11 11:58 - 2014-12-08 16:37 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-05-11 11:55 - 2014-12-08 16:37 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-05-11 05:38 - 2014-09-16 08:42 - 00000000 ____D C:\Users\wayne\Documents\TurboTax 2016-05-10 19:58 - 2014-07-03 18:58 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-10 19:58 - 2014-07-03 18:58 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-10 06:27 - 2014-07-21 07:40 - 00000000 ____D C:\Users\wayne\AppData\Local\ElevatedDiagnostics ==================== Files in the root of some directories ======= 2014-08-01 20:16 - 2014-08-01 20:16 - 0000000 _____ () C:\Users\wayne\AppData\Roaming\evezqxi.dll 2014-07-03 18:55 - 2014-07-03 18:55 - 0000057 _____ () C:\ProgramData\Ament.ini 2016-03-08 00:26 - 2016-03-08 00:26 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2014-09-16 08:30 - 2016-04-03 11:02 - 0000945 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc Some files in TEMP: ==================== C:\Users\wayne\AppData\Local\Temp\libeay32.dll C:\Users\wayne\AppData\Local\Temp\msvcr120.dll C:\Users\wayne\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-06-02 06:44 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-06-2016 Ran by wayne (2016-06-03 09:33:54) Running from C:\Users\wayne\Desktop Windows 10 Home Version 1511 (X64) (2016-03-08 21:11:16) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-1560975029-805369101-429338555-500 - Administrator - Disabled) DefaultAccount (S-1-5-21-1560975029-805369101-429338555-503 - Limited - Disabled) Guest (S-1-5-21-1560975029-805369101-429338555-501 - Limited - Disabled) HomeGroupUser$ (S-1-5-21-1560975029-805369101-429338555-1002 - Limited - Enabled) wayne (S-1-5-21-1560975029-805369101-429338555-1000 - Administrator - Enabled) => C:\Users\wayne ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) Accidental Damage Services Agreement (HKLM-x32\...\{EF85FEF4-EB92-4075-A6D2-5F519BB30A2C}) (Version: 2.0.0 - Dell Inc.) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated) Apple Application Support (32-bit) (HKLM-x32\...\{26356515-5821-40FA-9C3D-9785052A1062}) (Version: 4.3.1 - Apple Inc.) Apple Application Support (64-bit) (HKLM\...\{C2651553-6CA3-4822-B2E6-BC4ACA6E0EA2}) (Version: 4.3.1 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.) Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.) Banctec Service Agreement (HKLM-x32\...\{42D68A86-DB1C-4256-B8C9-5D0D92919AF5}) (Version: 2.0.0 - Dell Inc.) Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.) Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.) Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.) Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.) Client Care Experts (HKLM-x32\...\{75B23FA8-FEA5-47E4-9326-9B4FA9A9ACEE}) (Version: 7.7.581 - LogMeIn, Inc.) Complete Care Business Service Agreement (HKLM-x32\...\{0ECFCB07-9BFE-4970-ACA1-D568D982760B}) (Version: 2.0.0 - Dell Inc.) Consumer In-Home Service Agreement (HKLM-x32\...\{F47C37A4-7189-430A-B81D-739FF8A7A554}) (Version: 2.0.0 - Dell Inc.) Dell Backup and Recovery - Support Software (HKLM-x32\...\{A9668246-FB70-4103-A1E3-66C9BC2EFB49}) (Version: 1.6.2.0 - Dell Inc.) Dell Backup and Recovery (HKLM-x32\...\{0ED7EE95-6A97-47AA-AD73-152C08A15B04}) (Version: 1.6.2.0 - Dell Inc.) Dell Customer Connect (HKLM-x32\...\{124DE80C-9BFE-4D04-A8D9-69C5019DEEBF}) (Version: 1.3.28.0 - Dell Inc.) Dell Data Vault (Version: 4.3.8.0 - Dell Inc.) Hidden Dell Edoc Viewer (HKLM\...\{8EBA8727-ADC2-477B-9D9A-1A1836BE4E05}) (Version: 1.0.0 - Dell Inc) Dell Home Systems Service Agreement (HKLM-x32\...\{AB2FDE4F-6BED-4E9E-B676-3DCCEBB1FBFE}) (Version: 2.0.0 - Dell Inc.) Dell Product Registration (HKLM-x32\...\{2A0F2CC5-3065-492C-8380-B03AA7106B1A}) (Version: 1.1.3 - Dell Inc.) Dell SupportAssist (HKLM\...\PC-Doctor for Windows) (Version: 1.2.6793.01 - Dell) Dell SupportAssistAgent (HKLM-x32\...\{3ED468C2-2235-4747-90AD-A7A34F0FE70A}) (Version: 1.2.2.8 - Dell) Dell Update (HKLM-x32\...\{DB82968B-57A4-4397-81A5-ECAB21B5DFCD}) (Version: 1.7.1015.0 - Dell Inc.) Dell WLAN and Bluetooth Client Installation (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Dell Inc.) eBay (HKLM-x32\...\{A8B88634-7F90-402F-B66A-86429755F6A5}) (Version: 1.4.0 - eBay Inc.) Emsisoft Anti-Malware (HKLM-x32\...\{5502032C-88C1-4303-99FE-B5CBD7684CEA}_is1) (Version: 9.0 - Emsisoft Ltd.) ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - ) Google Chrome (HKLM-x32\...\{22309BC7-E8B7-3172-BBAE-6787B2DB89FA}) (Version: 51.0.2704.79 - Google, Inc.) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden HP Deskjet 2540 series Basic Device Software (HKLM\...\{7AF1A318-2914-41CC-9B24-041C2D4AAAD7}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.) HP Deskjet 2540 series Help (HKLM-x32\...\{4539575D-C09D-4E71-B207-0F2D6BD74DA2}) (Version: 30.0.0 - Hewlett Packard) HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP) HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard) Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation) Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.18.10.3272 - Intel Corporation) Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.7.3.1001 - Intel Corporation) Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.0.19 - Intel Corporation) Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel) iTunes (HKLM\...\{58D7E5F7-BAD1-49C5-93C8-B655736EDA00}) (Version: 12.4.0.119 - Apple Inc.) Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation) Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4823.1004 - Microsoft Corporation) Microsoft OneDrive (HKU\S-1-5-21-1560975029-805369101-429338555-1000\...\OneDriveSetup.exe) (Version: 17.0.4041.0512 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden Office 15 Click-to-Run Licensing Component (Version: 15.0.4823.1004 - Microsoft Corporation) Hidden Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4823.1004 - Microsoft Corporation) Hidden Premium Service Agreement (HKLM-x32\...\{C33AA6D6-F5EC-48F3-AFDC-8141345D473A}) (Version: 2.0.0 - Dell Inc.) Product Improvement Study for HP Deskjet 2540 series (HKLM\...\{446CCB22-B632-4A1D-BF84-DA8DB0575F98}) (Version: 32.0.1180.44630 - Hewlett-Packard Co.) Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.230 - Qualcomm Atheros Communications) QualxServ Service Agreement (HKLM-x32\...\{903679E8-44C8-4C07-9600-05C92654FC50}) (Version: 2.0.0 - Dell Inc.) Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.30164 - Realtek Semiconductor Corp.) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7544 - Realtek Semiconductor Corp.) Shared C Run-time for x64 (HKLM\...\{EF79C448-6946-4D71-8134-03407888C054}) (Version: 10.0.0 - McAfee) TurboTax 2011 (HKLM-x32\...\TurboTax 2011) (Version: - Intuit, Inc) TurboTax 2014 (HKLM-x32\...\TurboTax 2014) (Version: 2014.0 - Intuit, Inc) TurboTax 2015 (HKLM-x32\...\TurboTax 2015) (Version: 2015.0 - Intuit, Inc) WOT for Internet Explorer (HKLM\...\{373B90E1-A28C-434C-92B6-7281AFA6115A}) (Version: 13.9.2.0 - WOT Services Oy) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {03D5BFFC-658B-42BC-BC7F-1D68D188170E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File Task: {04ACFFB6-810F-4359-91F8-DEDB34F7EF1E} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {128D5A7C-3D8D-438A-9FD9-B46B6B65BB60} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File Task: {162F7A95-18DB-4C60-9F91-3B6F19F11439} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {17A458F6-2402-421A-9CD2-DCD3FB15E328} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File Task: {1C6D1D89-DC5D-441F-850F-284DD12A8E09} - System32\Tasks\Dell SupportAssistAgent AutoUpdate => C:\Program Files (x86)\Dell\SupportAssistAgent\bin\SupportAssist.exe [2016-04-22] (Dell Inc.) Task: {25D9C75E-5407-41D1-AB0D-E77CF131168B} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {26A5E551-6E87-415B-A5BB-8C5FA11BCA4D} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {2A39399D-64EB-452D-A597-D80BCAB30EBE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File Task: {30AEFC67-F451-41D0-9107-9E3C062295CE} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {36105029-1B89-4407-852C-8A5251CC3515} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File Task: {3D1B8B0E-6642-4134-B72D-F76D88BE4544} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {3F78DF88-097F-420A-9257-3E420F110936} - System32\Tasks\HPCustParticipation HP Deskjet 2540 series => C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPCustPartic.exe [2013-08-13] (Hewlett-Packard Co.) Task: {431AF508-D50B-4628-9E08-68A69EB467E9} - System32\Tasks\{417F66A7-12E7-4CF2-8487-35097D3546CE} => pcalua.exe -a "C:\Program Files (x86)\video MediaPlay-Air\Uninstall.exe" -c /fcp=1 Task: {470B5F99-B99E-4382-8426-454D24AAAB7D} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) Task: {4A7DB76E-B426-488C-88A9-2A05E5BD296B} - System32\Tasks\PCDoctorBackgroundMonitorTask => C:\Program Files\Dell\SupportAssist\uaclauncher.exe [2016-03-24] (PC-Doctor, Inc.) Task: {4CE4033A-BEB9-45F8-9ACE-085A50C2E917} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {5B2FB1BE-F393-4B52-B89F-CCE2D487389A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {602FD051-500D-4869-A33A-5A884909B0F0} - System32\Tasks\SystemToolsDailyTest => uaclauncher.exe Task: {609FD45C-548F-4A20-AB90-DF2DEDE59870} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File Task: {61F655F8-95BD-4DB3-8ED4-1E46AFDA3A7B} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {62CD5F12-2156-440D-BE8B-E128153E58A2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {6A3A539B-FEC6-4FAF-923F-C70CAC26B812} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {6F2119A9-914F-424F-B969-DB90C8F59A5E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.) Task: {7441ED4B-0F26-4E9F-B5D4-BBE963575F06} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-02-09] (Adobe Systems Incorporated) Task: {7561F60C-146C-4093-BED7-2EFE092FD494} - System32\Tasks\PCDEventLauncherTask => C:\Program Files\Dell\SupportAssist\sessionchecker.exe [2016-03-24] (PC-Doctor, Inc.) Task: {7A14CA65-B2A2-4788-B4F3-D25BEFE56933} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {82EEF70D-7C57-40B1-B0CC-4A869687F116} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File Task: {8803738E-E07B-467E-BF11-0A3FA10670DD} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {8B3454B0-E5CB-4BEA-9D5F-DC36E6E6A619} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {8CC764A0-B47D-4174-9FED-261CA4736C55} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {9D30C65B-684A-4AC3-9981-8DE50DC0B438} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {9E97B159-B428-4406-AD6B-7A3E94502E62} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {A45031B4-CE64-45E6-A290-E46EE19ED9FE} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {AC412BEE-DC8B-4640-BE00-CA4332F84A95} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation) Task: {B16D100F-73B7-4404-8037-1CBF83F06FE7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File Task: {B80B82BB-EF32-41FC-82B7-78EA124485F8} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe Task: {B8541BDC-C229-498C-9F4F-02E7897007D0} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {BAEE117B-20B4-49EA-94A2-D757CE74E18B} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {C16C07EB-5862-45EB-8122-30A6CF9AA143} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File Task: {C6292F3E-904B-4408-B6D8-A90218798DD6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File Task: {CA209243-FFD3-4C33-8101-CF53D720C344} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {CC1BC9B5-42AA-4756-92D3-E1772817D5D4} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft) Task: {D33852CA-C423-4FD3-AC01-697759769829} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {DA53BA80-D458-4712-83D5-4D8371A39F9A} - System32\Tasks\PCDDataUploadTask => uaclauncher.exe Task: {DE7161EA-56DF-4402-B3AF-B6911F1B0C6B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File Task: {E7CE2F71-A981-4344-A9D2-3CF6FE79E734} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {E90D263C-02AD-4B86-A48C-CB816F155A0D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2016-04-12] (Microsoft Corporation) Task: {EC4250C6-885F-47E4-8415-F8B122E08D3E} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation) Task: {ECB6050B-1EED-402B-8686-244B9ACDCB1D} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {EF62269D-A795-4E81-B886-6C8C9588251C} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {F365DE6C-571F-4B97-B178-88BE6EF6442A} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {F394FD5C-D88A-4584-9609-2411A90C388D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2016-04-12 19:17 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-12 19:17 - 2016-03-29 06:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2015-10-30 06:49 - 2015-09-01 12:04 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll 2016-04-19 04:02 - 2016-04-19 04:02 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-04-22 01:07 - 2016-04-22 01:07 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll 2016-04-22 01:07 - 2016-04-22 01:07 - 01337144 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll 2014-07-03 08:16 - 2015-10-13 05:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll 2015-12-19 02:08 - 2015-12-19 02:08 - 00402344 _____ () C:\WINDOWS\system32\igfxTray.exe 2016-03-08 03:18 - 2016-03-08 03:18 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-11 10:00 - 2016-04-23 00:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-05-11 10:01 - 2016-04-23 00:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-05-11 10:01 - 2016-04-22 23:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-05-11 10:01 - 2016-04-22 23:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-05-11 10:01 - 2016-04-23 00:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2016-06-02 10:15 - 2016-06-01 02:38 - 02334360 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\libglesv2.dll 2016-06-02 10:15 - 2016-06-01 02:38 - 00105112 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.79\libegl.dll 2016-04-19 04:02 - 2016-04-19 04:02 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 04:02 - 2016-04-19 04:02 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2014-04-11 22:02 - 2013-09-04 09:53 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CleanHlp.sys => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp => ""="Driver" HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CleanHlp.sys => ""="Driver" ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: ========================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-13 22:34 - 2016-06-02 10:03 - 00896360 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 localhost 127.0.0.1 localhost.localdomain 127.0.0.1 local 255.255.255.255 broadcasthost 0.0.0.0 www.outube.com0.0.0.0 lb.usemaxserver.de 0.0.0.0 tracking.klickthru.com 0.0.0.0 gsmtop.net 0.0.0.0 click.buzzcity.net 0.0.0.0 ads.admoda.com 0.0.0.0 stats.pflexads.com 0.0.0.0 a.glcdn.co 0.0.0.0 wwww.adleads.com 0.0.0.0 ad.madvertise.de 0.0.0.0 apps.buzzcity.net 0.0.0.0 ads.mobgold.com 0.0.0.0 android.bcfads.com 0.0.0.0 req.appads.com 0.0.0.0 show.buzzcity.net 0.0.0.0 api.analytics.omgpop.com 0.0.0.0 r.edge.inmobicdn.net 0.0.0.0 www.mmnetwork.mobi 0.0.0.0 img.ads.huntmad.com 0.0.0.0 creative1cdn.mobfox.com 0.0.0.0 admicro2.vcmedia.vn 0.0.0.0 admicro1.vcmedia.vn 0.0.0.0 s3.phluant.com 0.0.0.0 c.vrvm.com 0.0.0.0 go.vrvm.com 0.0.0.0 static.estebull.com 0.0.0.0 mobile.banzai.it There are 25713 more lines. ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-1560975029-805369101-429338555-1000\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Dell\Win7 LtBlue 1920x1200.jpg DNS Servers: 192.168.0.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{FF9947BE-2BFB-42A5-BA74-3E42D5237512}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{EEC981A7-BE9E-4449-8133-696580DD10FD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{5AE12218-4B23-41BD-AD1C-3CDD22AE655A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{7CEB2A49-560D-4B3A-A12B-C6FB008BE188}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{B6C57CB2-D790-453F-B582-3AAD6DEDAB39}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{1BA39456-7E7C-48CC-9720-67FB3C561268}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{8BE71F96-D458-4986-BB38-46F07935E9C5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{843EDF71-6368-47A6-9C73-C73A5E2AEB54}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A6E01B17-93B4-42F6-BAC5-C2BA903288ED}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe FirewallRules: [{7C14A584-B405-45A7-83DA-3AB88242CA7D}] => (Allow) C:\Program Files (x86)\Bench\Proxy\proc.exe FirewallRules: [{1D88BB98-FA9B-4B27-A0C3-72C4F7BF7500}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\HPNetworkCommunicatorCom.exe FirewallRules: [{7C2873DC-78B5-45EB-A839-69900C583FEA}] => (Allow) LPort=5357 FirewallRules: [{195F04CF-D6C8-4215-AF45-709261077E54}] => (Allow) C:\Program Files\HP\HP Deskjet 2540 series\Bin\DeviceSetup.exe FirewallRules: [{471C31D5-B192-4A14-961D-3704738FEA89}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{559BE440-F751-4A4F-AF53-F606A8E02135}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{AA9C66C7-E6F4-49EA-BA31-013D10A96E93}] => (Allow) C:\Users\wayne\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{EE0F6251-56B3-47EC-B2E6-02BC38774237}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{BD8B0C52-E36F-4CDD-BE67-D90195682DE0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{77E54C14-0F96-4372-B8B8-5422A204C849}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdater.exe FirewallRules: [{836A481F-BCC0-4E18-B891-5960CEAC67CD}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{4D3A34CA-E07F-4EF0-9425-D45700F30588}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{353391A6-AB6B-49C3-B2B0-CD9FE21631EF}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{ABD8942C-501F-4B0A-843C-BBA1CE58D3D4}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{5EB27E0B-A9D5-4A72-92E2-B6EC7023495F}] => (Allow) C:\Program Files (x86)\Common Files\Intuit\Update Service v4\IntuitUpdateService.exe FirewallRules: [{9C7F58D1-6D91-4EB9-9AFF-BCE40C89B4D9}] => (Allow) C:\Program Files\Client Care Experts\EST\EST.EXE FirewallRules: [{E673184D-C004-44FA-8712-4C16EDF0D0A3}] => (Allow) C:\Program Files\Client Care Experts\EST\EST.EXE FirewallRules: [{DF030A21-4790-4FA9-8C84-A5ABA6598C62}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{3CCF815F-2D4E-42AA-B5E9-A3EF882864EA}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{A2A9C1D1-6AD2-438E-94C9-D87EB55F7210}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{4683CB9D-0E66-42BF-9F6D-35F4482C44F6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{FED45245-20BF-4341-B1C6-24C0E751093E}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{686B7E4A-D78E-409E-8E21-878B95BBB61E}] => (Allow) C:\Program Files\iTunes\iTunes.exe ==================== Restore Points ========================= 11-05-2016 11:55:10 Windows Update 20-05-2016 01:58:17 Scheduled Checkpoint 29-05-2016 14:50:36 Scheduled Checkpoint 02-06-2016 09:52:00 CCE Initial restore point 02-06-2016 10:14:05 Installed Adobe Acrobat Reader DC. ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/03/2016 09:28:20 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: a2service.exe, version: 10.0.0.5735, time stamp: 0x55fc27db Faulting module name: a2engine.dll_unloaded, version: 3.0.0.600, time stamp: 0x5393a392 Exception code: 0xc00001a5 Fault offset: 0x0004a843 Faulting process id: 0x5e0 Faulting application start time: 0xa2service.exe0 Faulting application path: a2service.exe1 Faulting module path: a2service.exe2 Report Id: a2service.exe3 Faulting package full name: a2service.exe4 Faulting package-relative application ID: a2service.exe5 Error: (06/03/2016 09:28:19 AM) (Source: a2AntiMalware) (EventID: 0) (User: ) Description: Service failed on start: Access violation at address 00000000 in module 'a2service.exe'. Execution of address 00000000 Error: (06/03/2016 09:28:17 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: a2service.exe, version: 10.0.0.5735, time stamp: 0x55fc27db Faulting module name: a2engine.dll_unloaded, version: 3.0.0.600, time stamp: 0x5393a392 Exception code: 0xc00001a5 Fault offset: 0x0004c9e9 Faulting process id: 0x6c8 Faulting application start time: 0xa2service.exe0 Faulting application path: a2service.exe1 Faulting module path: a2service.exe2 Report Id: a2service.exe3 Faulting package full name: a2service.exe4 Faulting package-relative application ID: a2service.exe5 Error: (06/03/2016 09:28:16 AM) (Source: a2AntiMalware) (EventID: 0) (User: ) Description: Service failed on start: Access violation at address 00000000 in module 'a2service.exe'. Execution of address 00000000 Error: (06/03/2016 09:28:13 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: a2service.exe, version: 10.0.0.5735, time stamp: 0x55fc27db Faulting module name: a2engine.dll_unloaded, version: 3.0.0.600, time stamp: 0x5393a392 Exception code: 0xc00001a5 Fault offset: 0x0004c9e9 Faulting process id: 0x16ec Faulting application start time: 0xa2service.exe0 Faulting application path: a2service.exe1 Faulting module path: a2service.exe2 Report Id: a2service.exe3 Faulting package full name: a2service.exe4 Faulting package-relative application ID: a2service.exe5 Error: (06/03/2016 09:28:11 AM) (Source: a2AntiMalware) (EventID: 0) (User: ) Description: Service failed on start: Access violation at address 00000000 in module 'a2service.exe'. Execution of address 00000000 Error: (06/03/2016 09:27:44 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: a2service.exe, version: 10.0.0.5735, time stamp: 0x55fc27db Faulting module name: a2engine.dll_unloaded, version: 3.0.0.600, time stamp: 0x5393a392 Exception code: 0xc00001a5 Fault offset: 0x0004c9e9 Faulting process id: 0x5ac Faulting application start time: 0xa2service.exe0 Faulting application path: a2service.exe1 Faulting module path: a2service.exe2 Report Id: a2service.exe3 Faulting package full name: a2service.exe4 Faulting package-relative application ID: a2service.exe5 Error: (06/03/2016 09:27:12 AM) (Source: a2AntiMalware) (EventID: 0) (User: ) Description: Service failed on start: Access violation at address 00000000 in module 'a2service.exe'. Execution of address 00000000 Error: (06/03/2016 09:15:33 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: a2service.exe, version: 10.0.0.5735, time stamp: 0x55fc27db Faulting module name: a2engine.dll_unloaded, version: 3.0.0.600, time stamp: 0x5393a392 Exception code: 0xc00001a5 Fault offset: 0x0004a843 Faulting process id: 0x1fd4 Faulting application start time: 0xa2service.exe0 Faulting application path: a2service.exe1 Faulting module path: a2service.exe2 Report Id: a2service.exe3 Faulting package full name: a2service.exe4 Faulting package-relative application ID: a2service.exe5 Error: (06/03/2016 09:15:32 AM) (Source: a2AntiMalware) (EventID: 0) (User: ) Description: Service failed on start: Access violation at address 00000000 in module 'a2service.exe'. Execution of address 00000000 System errors: ============= Error: (06/03/2016 09:27:15 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: %%1058 Error: (06/03/2016 09:24:29 AM) (Source: Service Control Manager) (EventID: 7009) (User: ) Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_b2987 service to connect. Error: (06/03/2016 09:24:24 AM) (Source: DCOM) (EventID: 10010) (User: wayne-PC) Description: {0002DF02-0000-0000-C000-000000000046} Error: (06/03/2016 09:24:19 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_b2987 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. Error: (06/03/2016 09:15:40 AM) (Source: DCOM) (EventID: 10016) (User: wayne-PC) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}wayne-PCwayneS-1-5-21-1560975029-805369101-429338555-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (06/03/2016 09:15:39 AM) (Source: DCOM) (EventID: 10016) (User: wayne-PC) Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}wayne-PCwayneS-1-5-21-1560975029-805369101-429338555-1000LocalHost (Using LRPC)Microsoft.Windows.Cortana_1.6.1.52_neutral_neutral_cw5n1h2txyewyS-1-15-2-1861897761-1695161497-2927542615-642690995-327840285-2659745135-2630312742 Error: (06/03/2016 08:28:58 AM) (Source: Service Control Manager) (EventID: 7001) (User: ) Description: The NetTcpActivator service depends on the NetTcpPortSharing service which failed to start because of the following error: %%1058 Error: (06/03/2016 08:28:11 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The State Repository Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 120000 milliseconds: Restart the service. Error: (06/03/2016 08:28:10 AM) (Source: DCOM) (EventID: 10010) (User: wayne-PC) Description: {0002DF02-0000-0000-C000-000000000046} Error: (06/03/2016 08:28:05 AM) (Source: Service Control Manager) (EventID: 7031) (User: ) Description: The Sync Host_310e1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service. CodeIntegrity: =================================== Date: 2016-06-03 09:32:33.295 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-03 09:32:33.287 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-03 09:32:33.117 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-03 09:32:33.108 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-02 10:20:48.868 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-02 10:20:48.855 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-02 10:20:48.706 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-02 10:20:48.694 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-02 10:16:34.211 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-06-02 10:16:34.197 Description: Code Integrity determined that a process (\Device\HarddiskVolume3\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume3\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel® Core i3-4130 CPU @ 3.40GHz Percentage of memory in use: 24% Total physical RAM: 8108.95 MB Available physical RAM: 6123.73 MB Total Virtual: 16300.95 MB Available Virtual: 14146.9 MB ==================== Drives ================================ Drive c: (OS) (Fixed) (Total:909.81 GB) (Free:850.3 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 97C06EA5) Partition 1: (Not Active) - (Size=39 MB) - (Type=DE) Partition 2: (Active) - (Size=21.7 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=909.8 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================
June 3, 20168 yr Hi Tony, A quick question before I complete a fix.... EAM is installed and entries are showing in the reports, but not showing in the Security Center.... only Windows Defender: ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} Any idea why this is?
June 3, 20168 yr Author FPCH Staff I installed EAM on this machine in Feb 2015. I renewed the license for it. It should have been running. When I got the machine yesterday, EAM came up asking me to select either a 30-day trial, insert license, or buy a license. I knew at that point it was hosed. I selected the 30-day trial. It seemed to install OK, but got stuck after installation was 100% complete. At that point I figured it was really messed up. My plan is to use the EAM Clean utility and reinstall EAM.
June 3, 20168 yr I installed EAM on this machine in Feb 2015. I renewed the license for it. It should have been running I see the system has been recently upgraded to Win10. Was EAM removed before the upgrade took place? The upgrade can mess up some installed AV's. My plan is to use the EAM Clean utility and reinstall EAM. Good idea. What I suggest is that you run the EAM clean and then run the steps below. EAM can be re-installed afterwards.... just leave Win Defender running for now. There are some remnants of a previous infection... we'll deal with those in the fix. Step 1 Please download the attached fixlist.txt file (bottom of this post) and save it to the Desktop. NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system Re-run FRST/FRST64 (which ever is installed ) and press the Fix button just once and wait. The tool will make a log on the Desktop (Fixlog.txt). Please post this in your next reply. Step 2 "Please wait for the local session manager" If the FRST fix doesn't fix this....... Click on Search and type in Advanced System Settings Click on the top result. Click the Remote Tab You can disable Remote Assistance from there. In your next reply, please submit: Fixlog.txt and give me an update on how the system is running. Thanks.fixlist.txt
June 3, 20168 yr Author FPCH Staff The machine is working very nicely. It's quite fast. What's been done uninstalled Emsisoft AntiMalware. Then ran EAM Clean. ran Fixlist.txt Disabled "Allow remote assistance connections to this computer" I still see a message or two very briefly when restarting. I think they're OK. It's just that I haven't seen them before. They come and go so fast that it's hard to make out what they say. Fix result of Farbar Recovery Scan Tool (x64) Version:03-06-2016 Ran by wayne (2016-06-03 17:30:10) Run:1 Running from C:\Users\wayne\Desktop Loaded Profiles: wayne (Available Profiles: wayne) Boot Mode: Normal ============================================== fixlist content: ***************** HKLM-x32\...\Run: [] => [X] HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore: [DisableSR/DisableConfig] ShellIconOverlayIdentifiers: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File ShellIconOverlayIdentifiers: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive2] -> {5AB7172C-9C11-405C-8DD5-AF20F3606282} => No File ShellIconOverlayIdentifiers-x32: [ OneDrive3] -> {A78ED123-AB77-406B-9962-2A5D9D2F7F30} => No File GroupPolicy: Restriction - Chrome CHR HKLM\SOFTWARE\Policies\Google: Restriction ProxyServer: [HKLM] => http=proxy-url:port;https=proxy-url:port;ftp=proxy-url:port;socks=proxy-url:port; ProxyServer: [s-1-5-21-1560975029-805369101-429338555-1000] => http=proxy-url:port;https=proxy-url:port;ftp=proxy-url:port;socks=proxy-url:port; HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction SearchScopes: HKLM-x32 -> DefaultScope value is missing SearchScopes: HKU\S-1-5-21-1560975029-805369101-429338555-1000 -> {74FA884D-52A0-49EC-BBD9-135181ED12E6} URL = BHO-x32: No Name -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> No File U3 idsvc; no ImagePath U3 wpcsvc; no ImagePath 2016-06-02 09:52 - 2016-06-02 09:52 - 00631524 _____ C:\Users\wayne\Desktop\service Report.pdf 2016-06-02 09:52 - 2016-06-02 09:52 - 00000219 _____ C:\Users\wayne\Desktop\Client care experts.url 2016-06-02 09:44 - 2016-06-02 09:46 - 00000000 ____D C:\Program Files\Client Care Experts 2016-06-02 09:34 - 2016-06-02 09:35 - 00000000 ____D C:\Users\wayne\AppData\Local\LogMeIn Rescue Calling Card 2016-06-02 09:34 - 2016-06-02 09:34 - 00002425 _____ C:\Users\Public\Desktop\Client Care Experts.lnk 2016-06-02 09:34 - 2016-06-02 09:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Client Care Experts 2016-06-02 09:34 - 2016-06-02 09:34 - 00000000 ____D C:\Program Files (x86)\LogMeIn Rescue Calling Card 2016-06-02 09:33 - 2016-06-02 09:33 - 00000094 _____ C:\Users\wayne\Desktop\Joe - Client Care Experts.txt 2016-06-02 08:50 - 2016-06-02 08:50 - 00002332 _____ C:\Users\wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Client Care Experts.lnk C:\Users\wayne\AppData\Local\Temp\libeay32.dll C:\Users\wayne\AppData\Local\Temp\msvcr120.dll C:\Users\wayne\AppData\Local\Temp\sqlite3.dll Task: {03D5BFFC-658B-42BC-BC7F-1D68D188170E} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File Task: {128D5A7C-3D8D-438A-9FD9-B46B6B65BB60} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File Task: {17A458F6-2402-421A-9CD2-DCD3FB15E328} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File Task: {2A39399D-64EB-452D-A597-D80BCAB30EBE} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File Task: {36105029-1B89-4407-852C-8A5251CC3515} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File Task: {609FD45C-548F-4A20-AB90-DF2DEDE59870} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File Task: {82EEF70D-7C57-40B1-B0CC-4A869687F116} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File Task: {B16D100F-73B7-4404-8037-1CBF83F06FE7} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File Task: {C16C07EB-5862-45EB-8122-30A6CF9AA143} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File Task: {C6292F3E-904B-4408-B6D8-A90218798DD6} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File Task: {DE7161EA-56DF-4402-B3AF-B6911F1B0C6B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File Task: {F394FD5C-D88A-4584-9609-2411A90C388D} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File FirewallRules: [{FF9947BE-2BFB-42A5-BA74-3E42D5237512}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{EEC981A7-BE9E-4449-8133-696580DD10FD}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe FirewallRules: [{5AE12218-4B23-41BD-AD1C-3CDD22AE655A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{7CEB2A49-560D-4B3A-A12B-C6FB008BE188}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe FirewallRules: [{A6E01B17-93B4-42F6-BAC5-C2BA903288ED}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe FirewallRules: [{7C14A584-B405-45A7-83DA-3AB88242CA7D}] => (Allow) C:\Program Files (x86)\Bench\Proxy\proc.exe FirewallRules: [{471C31D5-B192-4A14-961D-3704738FEA89}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{559BE440-F751-4A4F-AF53-F606A8E02135}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{EE0F6251-56B3-47EC-B2E6-02BC38774237}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{BD8B0C52-E36F-4CDD-BE67-D90195682DE0}] => (Allow) C:\Program Files\Common Files\mcafee\platform\McSvcHost\McSvHost.exe FirewallRules: [{9C7F58D1-6D91-4EB9-9AFF-BCE40C89B4D9}] => (Allow) C:\Program Files\Client Care Experts\EST\EST.EXE FirewallRules: [{E673184D-C004-44FA-8712-4C16EDF0D0A3}] => (Allow) C:\Program Files\Client Care Experts\EST\EST.EXE C:\Program Files (x86)\Bench CMD: ipconfig /flushdns RemoveProxy: EmptyTemp: Hosts: ***************** HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully "HKLM\Software\Policies\Microsoft\Windows NT\SystemRestore" => key removed successfully "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully HKCR\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. "HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully HKCR\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive2" => key removed successfully HKCR\Wow6432Node\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282} => key not found. "HKLM\Software\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\ OneDrive3" => key removed successfully HKCR\Wow6432Node\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30} => key not found. C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully "HKLM\SOFTWARE\Policies\Google" => key removed successfully HKLM\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully HKU\S-1-5-21-1560975029-805369101-429338555-1000\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully "HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully "HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully "HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{74FA884D-52A0-49EC-BBD9-135181ED12E6}" => key removed successfully HKCR\CLSID\{74FA884D-52A0-49EC-BBD9-135181ED12E6} => key not found. "HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{FFCB3198-32F3-4E8B-9539-4324694ED664}" => key removed successfully HKCR\Wow6432Node\CLSID\{FFCB3198-32F3-4E8B-9539-4324694ED664} => key not found. idsvc => service removed successfully wpcsvc => service removed successfully C:\Users\wayne\Desktop\service Report.pdf => moved successfully C:\Users\wayne\Desktop\Client care experts.url => moved successfully C:\Program Files\Client Care Experts => moved successfully C:\Users\wayne\AppData\Local\LogMeIn Rescue Calling Card => moved successfully C:\Users\Public\Desktop\Client Care Experts.lnk => moved successfully C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Client Care Experts => moved successfully C:\Program Files (x86)\LogMeIn Rescue Calling Card => moved successfully C:\Users\wayne\Desktop\Joe - Client Care Experts.txt => moved successfully C:\Users\wayne\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Client Care Experts.lnk => moved successfully C:\Users\wayne\AppData\Local\Temp\libeay32.dll => moved successfully C:\Users\wayne\AppData\Local\Temp\msvcr120.dll => moved successfully C:\Users\wayne\AppData\Local\Temp\sqlite3.dll => moved successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{03D5BFFC-658B-42BC-BC7F-1D68D188170E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{03D5BFFC-658B-42BC-BC7F-1D68D188170E}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{128D5A7C-3D8D-438A-9FD9-B46B6B65BB60}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{128D5A7C-3D8D-438A-9FD9-B46B6B65BB60}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{17A458F6-2402-421A-9CD2-DCD3FB15E328}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{17A458F6-2402-421A-9CD2-DCD3FB15E328}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2A39399D-64EB-452D-A597-D80BCAB30EBE}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2A39399D-64EB-452D-A597-D80BCAB30EBE}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{36105029-1B89-4407-852C-8A5251CC3515}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{36105029-1B89-4407-852C-8A5251CC3515}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{609FD45C-548F-4A20-AB90-DF2DEDE59870}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{609FD45C-548F-4A20-AB90-DF2DEDE59870}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82EEF70D-7C57-40B1-B0CC-4A869687F116}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82EEF70D-7C57-40B1-B0CC-4A869687F116}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B16D100F-73B7-4404-8037-1CBF83F06FE7}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B16D100F-73B7-4404-8037-1CBF83F06FE7}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C16C07EB-5862-45EB-8122-30A6CF9AA143}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C16C07EB-5862-45EB-8122-30A6CF9AA143}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{C6292F3E-904B-4408-B6D8-A90218798DD6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{C6292F3E-904B-4408-B6D8-A90218798DD6}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{DE7161EA-56DF-4402-B3AF-B6911F1B0C6B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{DE7161EA-56DF-4402-B3AF-B6911F1B0C6B}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F394FD5C-D88A-4584-9609-2411A90C388D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F394FD5C-D88A-4584-9609-2411A90C388D}" => key removed successfully "HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime" => key removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{FF9947BE-2BFB-42A5-BA74-3E42D5237512} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EEC981A7-BE9E-4449-8133-696580DD10FD} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{5AE12218-4B23-41BD-AD1C-3CDD22AE655A} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7CEB2A49-560D-4B3A-A12B-C6FB008BE188} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{A6E01B17-93B4-42F6-BAC5-C2BA903288ED} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{7C14A584-B405-45A7-83DA-3AB88242CA7D} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{471C31D5-B192-4A14-961D-3704738FEA89} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{559BE440-F751-4A4F-AF53-F606A8E02135} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{EE0F6251-56B3-47EC-B2E6-02BC38774237} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{BD8B0C52-E36F-4CDD-BE67-D90195682DE0} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{9C7F58D1-6D91-4EB9-9AFF-BCE40C89B4D9} => value removed successfully HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\FirewallRules\\{E673184D-C004-44FA-8712-4C16EDF0D0A3} => value removed successfully "C:\Program Files (x86)\Bench" => not found. ========= ipconfig /flushdns ========= Windows IP Configuration Successfully flushed the DNS Resolver Cache. ========= End of CMD: ========= ========= RemoveProxy: ========= HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully ========= End of RemoveProxy: ========= C:\Windows\System32\Drivers\etc\hosts => moved successfully Hosts restored successfully. EmptyTemp: => 68.6 MB temporary data Removed. The system needed a reboot. ==== End of Fixlog 17:30:20 ====
June 3, 20168 yr Hi Tony, Ok let's try and re-install EAM. I'd recommend that you disable Win Defender before actually installing EAM. Press the Windows key + X (at the same time ) and fetch up the advanced context menu. Click Control Panel. In Control Panel, select Windows Defender Click Settings On the next page move the slider to disable Win Defender. Now EAM should install without any problems. If you have the old license key, it should still work. Let me know how it goes.
June 4, 20168 yr Author FPCH Staff Everything went well. It's working great. This is a fast machine even with its i3 processor. I'm surprised. EAM installed nicely and took the old license. I'm not sure how Windows Defender works. I thought it should be enabled and that it would shut down when it recognized another AV program was installed. So I thought I'd re-enable it. If I click on the Windows Defender Control Panel now, it says "This app has been turned off and isn't monitoring your computer". My concern is that if he doesn't renew his EAM license, I'd like to see Windows Defender start back up. Will it?
June 4, 20168 yr If I click on the Windows Defender Control Panel now, it says "This app has been turned off and isn't monitoring your computer That's right. Windows Defender is designed to not start if a third party AV is detected. That was why I was surprised that Win Defender was running when EAM was still installed. Although EAM was borked, there were still plenty of entries on the system. My concern is that if he doesn't renew his EAM license, I'd like to see Windows Defender start back up. Will it? The short answer is... no it probably won't. Even if a third party AV is removed, Windows Defender will probably need re-enabling manually. It is meant to re-enable automatically, but it seems that this doesn't always happen. Everything went well. It's working great. This is a fast machine even with its i3 processor. I'm surprised. That's good to hear. The version of Adobe on that system is out of date: Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.007.20033 - Adobe Systems Incorporated) Check my thread here: Latest Adobe Versions For the latest version. You could run a MBAM scan or an Eset online scan as a double check, but the system should be OK now. If you are happy, we can finish off now. Don't forget, to remove any tools used: Download Delfix and save it to your desktop. Ensure Remove disinfection tools is checked. Also place a checkmark next to: Create registry backup Purge system restore . Click the Run button. When the tool has finished, please reboot your system to finalize the cleanup procedure. A log will open in notepad.... but i don't actually need this report Glad I was able to help. Safe surfing.
June 4, 20168 yr Author FPCH Staff Thanks again Pete, I had run a MBAM scan before we started. It found only: I'll run another scan. Registry Keys: 9 PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{477DF9AB-3738-4D90-808F-3C57DACA7B90}, Quarantined, [a3eb698fc2d7d95df31d1377be45b34d], PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{71C7569C-AF09-4019-BD1C-B9FF7FCA5CA5}, Quarantined, [f599d22640595bdb27eae7a3f40ff907], PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{78D67600-F8E4-408B-97EB-2CC9F77783DC}, Quarantined, [eba37b7d0099e74fed234743b152926e], PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{84AC695E-8309-4627-87E9-6EA0D14886BE}, Quarantined, [513d04f40891a591cf41cfbb946f43bd], PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E1C6F54-79C9-4EC5-AE9E-301261FC759F}, Quarantined, [8d0138c09504dd595ab7abdf3dc6d62a], PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99204414-9C0E-4FD0-B945-4CC025876B3F}, Quarantined, [503ef206356441f5bc54dab01ce741bf], PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E15E2AD8-F859-4EFD-B542-CB42E1D92691}, Quarantined, [97f7ab4defaaa690060b0387dd26c13f], PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F0985FC4-35AB-49C4-9180-862DF56E6081}, Quarantined, [1b73887027720a2c2de4adddd72c9070], PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F706A965-7B6B-447D-9236-DFD02B33E854}, Quarantined, [e8a688705f3a78be20f1a1e939ca847c], Registry Values: 9 PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{477DF9AB-3738-4D90-808F-3C57DACA7B90}|AppName, b4485999-768d-4989-88ae-ed0beab63105-2.exe-buttonutil.exe, Quarantined, [a3eb698fc2d7d95df31d1377be45b34d] PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{71C7569C-AF09-4019-BD1C-B9FF7FCA5CA5}|AppName, b4485999-768d-4989-88ae-ed0beab63105-2.exe-codedownloader.exe, Quarantined, [f599d22640595bdb27eae7a3f40ff907] PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{78D67600-F8E4-408B-97EB-2CC9F77783DC}|AppName, b4485999-768d-4989-88ae-ed0beab63105-2.exe-buttonutil.exe, Quarantined, [eba37b7d0099e74fed234743b152926e] PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{84AC695E-8309-4627-87E9-6EA0D14886BE}|AppName, b4485999-768d-4989-88ae-ed0beab63105-2.exe-buttonutil.exe, Quarantined, [513d04f40891a591cf41cfbb946f43bd] PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{8E1C6F54-79C9-4EC5-AE9E-301261FC759F}|AppName, b4485999-768d-4989-88ae-ed0beab63105-2.exe-codedownloader.exe, Quarantined, [8d0138c09504dd595ab7abdf3dc6d62a] PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{99204414-9C0E-4FD0-B945-4CC025876B3F}|AppName, b4485999-768d-4989-88ae-ed0beab63105-2.exe-buttonutil.exe, Quarantined, [503ef206356441f5bc54dab01ce741bf] PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E15E2AD8-F859-4EFD-B542-CB42E1D92691}|AppName, b4485999-768d-4989-88ae-ed0beab63105-2.exe-codedownloader.exe, Quarantined, [97f7ab4defaaa690060b0387dd26c13f] PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F0985FC4-35AB-49C4-9180-862DF56E6081}|AppName, b4485999-768d-4989-88ae-ed0beab63105-2.exe-codedownloader.exe, Quarantined, [1b73887027720a2c2de4adddd72c9070] PUP.Optional.CrossRider, HKU\S-1-5-21-1560975029-805369101-429338555-1000\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{F706A965-7B6B-447D-9236-DFD02B33E854}|AppName, b4485999-768d-4989-88ae-ed0beab63105-2.exe-codedownloader.exe, Quarantined, [e8a688705f3a78be20f1a1e939ca847c] Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 1 PUP.Optional.WebInstr, C:\Windows\System32\drivers\Msft_Kernel_webinstr_01009.Wdf, Delete-on-Reboot, , Physical Sectors: 0 (No malicious items detected) (end)
June 4, 20168 yr Author FPCH Staff by the way, here's a log file I found. Sending in case anyone is interested in what went on. 8:51 AM Connecting... 8:51 AM Connected. A support representative will be with you shortly. 8:51 AM Support session established with Representative: 1491753. 8:51 AM You have granted full permission to Representative: 1491753. To revoke, click the red X on the toolbar or press Pause/Break on the keyboard. 8:51 AM Remote Control started by Representative: 1491753. 9:17 AM Representative: 1491753: I think we got disconnected, Wayne. Trying to call you back. 9:18 AM Representative: 1491753: whdahl@******.net - this is the user's email address 9:19 AM Wayne: wayne dahl 9:20 AM Representative: 1491753: this was the user's address, USA 9:34 AM Logon password has been set for unattended reboot. 9:34 AM Deployment of the Calling Card has started. 9:34 AM File transfer complete. (Size: 3846144 bytes, MD5 fingerprint: CB767C0F84976A8D608A8A8BA6D9BEE1) 9:34 AM Representative: 1491753 is installing the Calling Card... 9:34 AM Calling Card installation successful. 9:44 AM Transferring session to another technician... 9:44 AM Support session established with Expert: Session Control. 9:44 AM Remote Control started by Expert: Session Control. 9:44 AM File Management started by Expert: Session Control. 9:44 AM Remote Control by Representative: 1491753 stopped. 9:44 AM Received file 'C:\Windows\reset.lnk' from Expert: Session Control. (Size: 1703 bytes, MD5 fingerprint: 3BD899C8C9F6625176DD422CC7D30842) 9:44 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\'. 9:44 AM Received file 'C:\Program Files\Client Care Experts\CallingCard.exe' from Expert: Session Control. (Size: 93184 bytes, MD5 fingerprint: 2B17576E27EC6BB805FD0E53FC4B811C) 9:44 AM Received file 'C:\Program Files\Client Care Experts\cce.bmp' from Expert: Session Control. (Size: 88806 bytes, MD5 fingerprint: 1D380EDC86436C55652DDF347CCE0656) 9:44 AM Received file 'C:\Program Files\Client Care Experts\cce.ico' from Expert: Session Control. (Size: 32038 bytes, MD5 fingerprint: 0AEADD6EF6D450A0FB75717C7897A589) 9:44 AM Received file 'C:\Program Files\Client Care Experts\cce2.bmp' from Expert: Session Control. (Size: 5841 bytes, MD5 fingerprint: A106C7346953C5943F941938C9E9C203) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Client Care Experts.url' from Expert: Session Control. (Size: 219 bytes, MD5 fingerprint: 17E9335B3F6BB7617D1DE58FFE4E8F90) 9:44 AM Received file 'C:\Program Files\Client Care Experts\esetsmartinstaller_enu.exe' from Expert: Session Control. (Size: 2347384 bytes, MD5 fingerprint: E8D3E34FFDAF21DF7C09CBBBA5763237) 9:44 AM Received file 'C:\Program Files\Client Care Experts\GET_WR_INFO.exe' from Expert: Session Control. (Size: 156160 bytes, MD5 fingerprint: 76B79D5E243459EA90697D4C6E229FE3) 9:44 AM Received file 'C:\Program Files\Client Care Experts\rkill.com' from Expert: Session Control. (Size: 2019656 bytes, MD5 fingerprint: 456FD750BA7349202281AF7729ECD987) 9:44 AM Received file 'C:\Program Files\Client Care Experts\state.dat' from Expert: Session Control. (Size: 19 bytes, MD5 fingerprint: 0E6BCE6899FAE841F79024AFBDF7DB1D) 9:44 AM Received file 'C:\Program Files\Client Care Experts\syswranalyzer.exe' from Expert: Session Control. (Size: 768656 bytes, MD5 fingerprint: 475CEA2EB1B89B3553DE24AA5C21BCF1) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Webroot SecureAnywhere.url' from Expert: Session Control. (Size: 207 bytes, MD5 fingerprint: B55095A08E140C0223137D3555A58C5A) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Work in Progress.png' from Expert: Session Control. (Size: 512387 bytes, MD5 fingerprint: 7F7EA42DD97547C19652E2E7A925F8FB) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Work in Progress.xps' from Expert: Session Control. (Size: 212471 bytes, MD5 fingerprint: 53D2C4FA907BF4FD6F5F71E7B1132106) 9:44 AM Received file 'C:\Program Files\Client Care Experts\WSA.ico' from Expert: Session Control. (Size: 99678 bytes, MD5 fingerprint: 3F71BD358E589BEFF427EF6D5FF5D4E4) 9:44 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\Display pages\'. 9:44 AM Received file 'C:\Program Files\Client Care Experts\Display pages\Issues.xps' from Expert: Session Control. (Size: 141751 bytes, MD5 fingerprint: 4A9B9E2CAA17F0F7E1114DE1968181F5) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Display pages\Overnight.xps' from Expert: Session Control. (Size: 144827 bytes, MD5 fingerprint: 7A3BDA802149C5D24400533ED2D26461) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Display pages\Service Report.pdf' from Expert: Session Control. (Size: 631524 bytes, MD5 fingerprint: 41A9F2D7E7A431CA9346E6ABF5FA93E9) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Display pages\Verification.xps' from Expert: Session Control. (Size: 144495 bytes, MD5 fingerprint: B619DC5276AE952ECAFE804570BF5D78) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Display pages\Work Complete Contact.xps' from Expert: Session Control. (Size: 141372 bytes, MD5 fingerprint: 9060B64E26AF31975DA23437EF0CA204) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Display pages\Work Complete.xps' from Expert: Session Control. (Size: 142828 bytes, MD5 fingerprint: 9AE37DBE5C35582735B59949E115B00B) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Display pages\Work in Progress.xps' from Expert: Session Control. (Size: 212471 bytes, MD5 fingerprint: 53D2C4FA907BF4FD6F5F71E7B1132106) 9:44 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\Display pages (UK)\'. 9:44 AM Received file 'C:\Program Files\Client Care Experts\Display pages (UK)\Escalate_UK.xps' from Expert: Session Control. (Size: 145782 bytes, MD5 fingerprint: F22D8E12D4A50CB21EDB0728BB66E469) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Display pages (UK)\Issues_UK.xps' from Expert: Session Control. (Size: 142465 bytes, MD5 fingerprint: E79773EB2AD056BE49A1DF18FC258B11) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Display pages (UK)\Overnight_UK.xps' from Expert: Session Control. (Size: 145060 bytes, MD5 fingerprint: 1FC492286702577F3E9A9331465B82FB) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Display pages (UK)\Verification_UK.xps' from Expert: Session Control. (Size: 144973 bytes, MD5 fingerprint: 029434DB0A8C94BEAA7D4655C74F1A7A) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Display pages (UK)\Work Complete Contact_UK.xps' from Expert: Session Control. (Size: 141590 bytes, MD5 fingerprint: 9C9857358D6BAC3F4A260737662685BF) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Display pages (UK)\Work Complete_UK.xps' from Expert: Session Control. (Size: 143374 bytes, MD5 fingerprint: 7DF585781E72D042B122AC6C86DF752E) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Display pages (UK)\Work in Progress_UK.xps' from Expert: Session Control. (Size: 212495 bytes, MD5 fingerprint: DE3CD039F715E21BC700211C388042BD) 9:44 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\Escalation Toolbox\'. 9:44 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\Adware Removal Tool by TSA.exe' from Expert: Session Control. (Size: 752296 bytes, MD5 fingerprint: 0FF0F5C72CF494A6A431DF733A4F1E83) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\AllAVRemovalTool.exe' from Expert: Session Control. (Size: 29696 bytes, MD5 fingerprint: 0D4ABB491A1A1730E7BCDE33C2333D3B) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\Autoruns.zip' from Expert: Session Control. (Size: 2233194 bytes, MD5 fingerprint: 3960BA3E7CC1685F37248AB4302A333B) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\bnxmx5jf.exe' from Expert: Session Control. (Size: 380416 bytes, MD5 fingerprint: 9A8336796A7C71E9F33DE848B8320ED3) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\ComIntRep.exe' from Expert: Session Control. (Size: 728576 bytes, MD5 fingerprint: 54327E1383CABE5BE6CC18FE2F0DF38E) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\ComIntRep_x64.exe' from Expert: Session Control. (Size: 1314304 bytes, MD5 fingerprint: 34A43FF6AB11C96212DB39E747567216) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\Everything-1.3.4.686.x86.zip' from Expert: Session Control. (Size: 443240 bytes, MD5 fingerprint: 07295B23F68BB2C74CEDAD968277113B) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\geek.exe' from Expert: Session Control. (Size: 6340896 bytes, MD5 fingerprint: 024FB46B3657AB059505199AE8C1E9FF) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\herdProtectScan_Portable.exe' from Expert: Session Control. (Size: 2409800 bytes, MD5 fingerprint: 4A0BC44B7B17BB3A84038D3C2A6562DC) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\herdProtectScan_Setup.exe' from Expert: Session Control. (Size: 2454896 bytes, MD5 fingerprint: E4229C33CDDE2626A2F7DD22D5DAB657) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\instalsm.bat' from Expert: Session Control. (Size: 110 bytes, MD5 fingerprint: 240D6911DBEF42CBA7CE0A0221CC3095) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\kavremvr.exe' from Expert: Session Control. (Size: 9786160 bytes, MD5 fingerprint: 917B8B33A0F602AB1C2A957D9E85AA04) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\MaliciousSoftwareRemovalTool.url' from Expert: Session Control. (Size: 239 bytes, MD5 fingerprint: B9098C36CA024C9579ABCBDADDDF0144) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\msrt.ico' from Expert: Session Control. (Size: 137 bytes, MD5 fingerprint: B66BCBE2CBE33B224622AE9553F2C605) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\netadapter-log-2016-03-27-18-10-46.txt' from Expert: Session Control. (Size: 3686 bytes, MD5 fingerprint: 3D68365F758D6C3FFE8E31F5AF097B52) 9:44 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\NetAdapterRepair1.2.exe' from Expert: Session Control. (Size: 2091520 bytes, MD5 fingerprint: DFFA32BB9624829C7FBF963BD73E58DB) 9:45 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\ProcessExplorer.zip' from Expert: Session Control. (Size: 1186640 bytes, MD5 fingerprint: E16CEB1197549AA19630AD0982D04E89) 9:45 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\RogueKiller.exe' from Expert: Session Control. (Size: 19655240 bytes, MD5 fingerprint: DA3E2C8621D4EAF84B8EB28B63FEC276) 9:45 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\RogueKillerX64.exe' from Expert: Session Control. (Size: 23872072 bytes, MD5 fingerprint: E2D66638AC4049804475B86F11010FEF) 9:45 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\ServicesRepair.exe' from Expert: Session Control. (Size: 4009167 bytes, MD5 fingerprint: FFF0BD7669C420AF07BF6E6C1DF7CA3D) 9:45 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\tdsskiller.exe' from Expert: Session Control. (Size: 4727984 bytes, MD5 fingerprint: 8AF92D125EFC48D4A4F0140777AA2FD4) 9:45 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\Total-Uninstall-Setup-6.12.0.exe' from Expert: Session Control. (Size: 18811968 bytes, MD5 fingerprint: FD9D20BEDED98D12AE0055D975D8D253) 9:45 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\TrusteerRapportSafeUninstaller.exe' from Expert: Session Control. (Size: 1095960 bytes, MD5 fingerprint: C391E9BF982F601F1297FB1949F9BD49) 9:45 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\Tweaking.com - Windows Repair.zip' from Expert: Session Control. (Size: 19486049 bytes, MD5 fingerprint: 43BE0C8DE65D16AEF93D8F90D694EBD4) 9:45 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\Escalation Toolbox\logging\'. 9:45 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\Escalation Toolbox\Themes\'. 9:45 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\windowswirelessservice.reg' from Expert: Session Control. (Size: 1676 bytes, MD5 fingerprint: C291F5352DC50504B753906B8CB62C81) 9:45 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\logging\ComIntRepair.log' from Expert: Session Control. (Size: 192 bytes, MD5 fingerprint: A26BE074EA18B45CBD90BEFA9DDF1720) 9:45 AM Received file 'C:\Program Files\Client Care Experts\Escalation Toolbox\Themes\101.ani' from Expert: Session Control. (Size: 101928 bytes, MD5 fingerprint: 3023A4FD3C3574709A72D61D276886BA) 9:45 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\EST\'. 9:45 AM Received file 'C:\Program Files\Client Care Experts\EST\EST.EXE' from Expert: Session Control. (Size: 3608064 bytes, MD5 fingerprint: FF036EB6357F139807DD9647CED8D230) 9:45 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\EST\ABPDeployment\'. 9:46 AM Received file 'C:\Program Files\Client Care Experts\EST\ABPDeployment\adblockplusie-x64.msi' from Expert: Session Control. (Size: 4911104 bytes, MD5 fingerprint: FA811D0FF6E458CD777272E514944D5F) 9:46 AM Received file 'C:\Program Files\Client Care Experts\EST\ABPDeployment\adblockplusie-x86.msi' from Expert: Session Control. (Size: 4190208 bytes, MD5 fingerprint: 7F983C7F363407B5F334B2E14F67E557) 9:46 AM Received file 'C:\Program Files\Client Care Experts\EST\ABPDeployment\FirefoxAdblock.exe' from Expert: Session Control. (Size: 2223046 bytes, MD5 fingerprint: BE12800AECD94E6278A7628BD71C5B49) 9:46 AM Received file 'C:\Program Files\Client Care Experts\EST\ABPDeployment\NiniteFirefox.exe' from Expert: Session Control. (Size: 307200 bytes, MD5 fingerprint: 971F5C8CDDC174F3D274F1E8A9630793) 9:46 AM Received file 'C:\Program Files\Client Care Experts\EST\ABPDeployment\patterns.ini' from Expert: Session Control. (Size: 1691145 bytes, MD5 fingerprint: 85628E066255B90686E67CF114F10BD6) 9:46 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\EST\ABPDeployment\firefox\'. 9:46 AM Received file 'C:\Program Files\Client Care Experts\EST\ABPDeployment\firefox\558_XPI_1451525641.xpi' from Expert: Session Control. (Size: 989188 bytes, MD5 fingerprint: 5BEDF856552D9333046FE24CB303F469) 9:46 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\EST\CPD\'. 9:46 AM Received file 'C:\Program Files\Client Care Experts\EST\CPD\cp.exe' from Expert: Session Control. (Size: 1617040 bytes, MD5 fingerprint: C8D6C76BBC575C852556CF07FA199DA3) 9:46 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\EST\desktopConfig\'. 9:46 AM Received file 'C:\Program Files\Client Care Experts\EST\desktopConfig\cce.bmp' from Expert: Session Control. (Size: 5841 bytes, MD5 fingerprint: A106C7346953C5943F941938C9E9C203) 9:46 AM Received file 'C:\Program Files\Client Care Experts\EST\desktopConfig\cce.ico' from Expert: Session Control. (Size: 32038 bytes, MD5 fingerprint: 0AEADD6EF6D450A0FB75717C7897A589) 9:46 AM Received file 'C:\Program Files\Client Care Experts\EST\desktopConfig\Client Care Experts.url' from Expert: Session Control. (Size: 219 bytes, MD5 fingerprint: 17E9335B3F6BB7617D1DE58FFE4E8F90) 9:46 AM Received file 'C:\Program Files\Client Care Experts\EST\desktopConfig\Service Report.pdf' from Expert: Session Control. (Size: 631524 bytes, MD5 fingerprint: 41A9F2D7E7A431CA9346E6ABF5FA93E9) 9:46 AM Received file 'C:\Program Files\Client Care Experts\EST\desktopConfig\Thumbs.db' from Expert: Session Control. (Size: 18432 bytes, MD5 fingerprint: 1DA7746AD4EFBC31C268E010CCD99A08) 9:46 AM Received file 'C:\Program Files\Client Care Experts\EST\desktopConfig\Webroot SecureAnywhere.url' from Expert: Session Control. (Size: 207 bytes, MD5 fingerprint: B55095A08E140C0223137D3555A58C5A) 9:46 AM Received file 'C:\Program Files\Client Care Experts\EST\desktopConfig\WSA.ico' from Expert: Session Control. (Size: 99678 bytes, MD5 fingerprint: 3F71BD358E589BEFF427EF6D5FF5D4E4) 9:46 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\EST\rdr_CCE\'. 9:46 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\Logs\'. 9:46 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\Reconnection Tools\'. 9:46 AM Received file 'C:\Program Files\Client Care Experts\EST\rdr_CCE\AcroRdrDC.mst' from Expert: Session Control. (Size: 40960 bytes, MD5 fingerprint: 8A6D34A273A696F0776BAF3EE6EE519B) 9:46 AM Received file 'C:\Program Files\Client Care Experts\EST\rdr_CCE\Setup.ini' from Expert: Session Control. (Size: 258 bytes, MD5 fingerprint: 97F31302F2B0F7D3D5DE1D546D6BA479) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Logs\mainOutput.txt' from Expert: Session Control. (Size: 1296 bytes, MD5 fingerprint: 82813AFC429C68327ED8D62F4A591006) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Reconnection Tools\ComIntRep.exe' from Expert: Session Control. (Size: 730112 bytes, MD5 fingerprint: AFEF6533AE9E30C6E12AAE560DF71EAF) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Reconnection Tools\ComIntRep_x64.exe' from Expert: Session Control. (Size: 1315840 bytes, MD5 fingerprint: 9EA6B32DB10006DF62C4C143ADA537C3) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Reconnection Tools\netadapter-log-2015-12-25-11-17-04.txt' from Expert: Session Control. (Size: 2970 bytes, MD5 fingerprint: 05C505DBF00F739CC78161CC051C6F58) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Reconnection Tools\netadapter-log-2015-12-25-11-17-14.txt' from Expert: Session Control. (Size: 2970 bytes, MD5 fingerprint: E688230FEEAF6E0DFE8CE8A8BD5C1A76) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Reconnection Tools\NetAdapterRepair1.2.exe' from Expert: Session Control. (Size: 2091520 bytes, MD5 fingerprint: DFFA32BB9624829C7FBF963BD73E58DB) 9:46 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\Rework\'. 9:46 AM Received file 'C:\Program Files\Client Care Experts\Reconnection Tools\Wireless_Adapter_Fix_Win7.reg' from Expert: Session Control. (Size: 1676 bytes, MD5 fingerprint: C291F5352DC50504B753906B8CB62C81) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Rework\CCleaner64.exe' from Expert: Session Control. (Size: 8322328 bytes, MD5 fingerprint: 09266319529C342813EA013E24200568) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Rework\Ninite Java 8 Reader DC Installer.exe' from Expert: Session Control. (Size: 307200 bytes, MD5 fingerprint: 3FFEDB8932C9ED3CD6BC2AE82A33E439) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Rework\RestorePoint.bat' from Expert: Session Control. (Size: 26 bytes, MD5 fingerprint: B830084A26878A369D187AEE42C0C7E3) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Rework\tweaking.com_simple_system_tweaker_portable.zip' from Expert: Session Control. (Size: 3142146 bytes, MD5 fingerprint: F6EF49B2D7692513269719745876435F) 9:46 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\Toolbox\'. 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\adw.exe' from Expert: Session Control. (Size: 3651136 bytes, MD5 fingerprint: 276301DE3892CC50045EF3721DBFA08A) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\cce.bmp' from Expert: Session Control. (Size: 88806 bytes, MD5 fingerprint: 1D380EDC86436C55652DDF347CCE0656) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\CCleaner.exe' from Expert: Session Control. (Size: 6675672 bytes, MD5 fingerprint: 7098651FB78BC6950F507C91E6A18CFF) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\ccleaner.ini' from Expert: Session Control. (Size: 411 bytes, MD5 fingerprint: 42B50B9AFB68E2DCCC79F75BC3F89243) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\CCleaner64.exe' from Expert: Session Control. (Size: 8698584 bytes, MD5 fingerprint: 79B65FCC2AC6169B0B898F2894C61221) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\JRT (3).exe' from Expert: Session Control. (Size: 1609032 bytes, MD5 fingerprint: A677F1A50AD97F33A1668E0559238FE1) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\License.txt' from Expert: Session Control. (Size: 5535 bytes, MD5 fingerprint: 50A31918135E47E3E57EBE126C4AD01B) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\mbam-clean-2.1.1.1001.exe' from Expert: Session Control. (Size: 321848 bytes, MD5 fingerprint: 3C7707013DEEA5ED7F68A29A007A7D57) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\mbam-setup-2.2.1.1043.exe' from Expert: Session Control. (Size: 22851472 bytes, MD5 fingerprint: 52F4695C53B02ADA7D648F95F2E2F8B4) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\net.conf' from Expert: Session Control. (Size: 6103 bytes, MD5 fingerprint: C056ACA2C9D940F35C2617295F6BE626) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\OEM Info.txt' from Expert: Session Control. (Size: 718 bytes, MD5 fingerprint: 700238A4912CCB7B2F693329E5B3FC2D) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\oem-change.reg' from Expert: Session Control. (Size: 612 bytes, MD5 fingerprint: 2094DB95D5F5D774CC553E89CB43521F) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\portable.dat' from Expert: Session Control. (Size: 10 bytes, MD5 fingerprint: 15B9DE0B65F03AFE4235B261FE4E28DC) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\Remove Calling Card.bat' from Expert: Session Control. (Size: 187 bytes, MD5 fingerprint: 938A63E2502116439D058D3BEEECCBED) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\reset2.bat' from Expert: Session Control. (Size: 1553 bytes, MD5 fingerprint: A61CE08C63839536BC2EAB5E0EBAEDE8) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\RestorePoint.bat' from Expert: Session Control. (Size: 26 bytes, MD5 fingerprint: B830084A26878A369D187AEE42C0C7E3) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\Webroot Installer.exe' from Expert: Session Control. (Size: 773320 bytes, MD5 fingerprint: 13184C19C830A68E63B770ECF1175D1D) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\winapp2.ini' from Expert: Session Control. (Size: 180850 bytes, MD5 fingerprint: 2352FCEB805094F9D60E186F0D488793) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\Windows7OemInfoEditor.exe' from Expert: Session Control. (Size: 79360 bytes, MD5 fingerprint: 9198099F16377D5468BFDB6C8C3EB9DB) 9:46 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\Toolbox\Plugins\'. 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\winreg2.ini' from Expert: Session Control. (Size: 1793 bytes, MD5 fingerprint: 742F5E202B9B15C16C81048622ED91B9) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\winsys2.ini' from Expert: Session Control. (Size: 17140 bytes, MD5 fingerprint: 9A9A9116FBC8AD13DC624EFD5247404F) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\Plugins\adblockplusie-1.5.exe' from Expert: Session Control. (Size: 6468104 bytes, MD5 fingerprint: 6418A79AA8F0039939595BB897575779) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\Plugins\Ninite Java 8 Installer.exe' from Expert: Session Control. (Size: 307200 bytes, MD5 fingerprint: A49723C13A71A5C2ADB8CFE247B567A7) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\Plugins\readerdc_en_ha_install.exe' from Expert: Session Control. (Size: 1193704 bytes, MD5 fingerprint: 833B6C5A506FA87127EFA79B98425603) 9:46 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\Toolbox\Plugins\Flash Player\'. 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\Plugins\Flash Player\Flash Player Win 8 Firefox.exe' from Expert: Session Control. (Size: 1124544 bytes, MD5 fingerprint: 82773EC9E1277C31F375312B78791E79) 9:46 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\Plugins\Flash Player\Flash Player XP Vista 7 Chrome.exe' from Expert: Session Control. (Size: 1124544 bytes, MD5 fingerprint: 5C025659DB5049E4BB959659B5E7FA15) 9:46 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\Toolbox\Plugins\Standalone Ninite Plugins\'. 9:47 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\Plugins\Standalone Ninite Plugins\jre-8u77-windows-i586-iftw.exe' from Expert: Session Control. (Size: 734784 bytes, MD5 fingerprint: C4CBD9A1C00B70617C9E64A6033E43AD) 9:47 AM Received file 'C:\Program Files\Client Care Experts\Toolbox\Plugins\Standalone Ninite Plugins\readerdc_en_ha_install.exe' from Expert: Session Control. (Size: 1124072 bytes, MD5 fingerprint: E56F36B94A50D661FD7D3E5E72CA5F7C) 9:47 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\Toolbox\Plugins\Standalone Ninite Plugins\JavaRa-2.6\'. 9:47 AM Expert: Session Control created the directory 'C:\Program Files\Client Care Experts\Toolbox\Plugins\Standalone Ninite Plugins\JavaRa-2.6\localizations\'. 9:48 AM Received file 'C:\Users\wayne\Desktop\Toolbox.lnk' from Expert: Session Control. (Size: 2131 bytes, MD5 fingerprint: 1FEA2E5B1A074BB330FF3401986B072D) 9:49 AM Transferring session to another technician... 9:49 AM File Management by Expert: Session Control stopped. 9:50 AM Remote Control by Expert: Session Control stopped. 9:50 AM Support session established with Expert: Staging. 9:50 AM Remote Control started by Expert: Staging. 9:51 AM Please wait - Expert: Staging has temporarily put your session on hold. 9:51 AM Remote Control by Expert: Staging stopped. 10:07 AM Connection closed. Attempting reconnection... 10:08 AM Connecting... 10:08 AM Connected. A support representative will be with you shortly. 10:08 AM Please wait - Expert: Staging has temporarily put your session on hold. 7:03 AM Connecting... 7:03 AM This session has expired and can no longer be used. To start a new session this applet must be downloaded again.
June 4, 20168 yr So apart from installing a lot of rubbish.... they didn't really do anything. I hope he's learned something from this. I had run a MBAM scan before we started. It found only: In that case, you'll need to clear the MBAM quarantine folder. Restart MBAM. Click on the History tab >> Quarantine Tick to select all items and then click the Delete button. Close MBAM Did MBAM find anything on the recent scan?
June 4, 20168 yr Author FPCH Staff So apart from installing a lot of rubbish.... they didn't really do anything.That's good to know I hope he's learned something from this.I know he did. Did MBAM find anything on the recent scan?No, today's scan was clean.
June 4, 20168 yr No, today's scan was clean. That's good then. Just the cleaning up to do now from post #8 ( if you haven't done it already)
June 4, 20168 yr Author FPCH Staff Adobe Reader has been updated. Delfix has been run, Forgot the ESET scan. Will do that now.
