sspm Posted June 6, 2016 ID:1043935 Share Posted June 6, 2016 Hi, I am getting multiple warnings when opening a website ( Malicious Website Blocked ) Have run multiple scans and there are no infections. This seems to happen when I access one site only which has always worked perfectly well in the past. I have even tried uninstalling Mozilla and reinstalling having deleted profiles but still have the same issue. Any help would be appreciated. Link to post Share on other sites More sharing options...
sspm Posted June 6, 2016 Author ID:1043936 Share Posted June 6, 2016 25 minutes ago, sspm said: Hi, I am getting multiple warnings when opening a website ( Malicious Website Blocked ) Have run multiple scans and there are no infections. This seems to happen when I access one site only which has always worked perfectly well in the past. I have even tried uninstalling Mozilla and reinstalling having deleted profiles but still have the same issue. Any help would be appreciated. Link to post Share on other sites More sharing options...
sspm Posted June 6, 2016 Author ID:1043985 Share Posted June 6, 2016 Thanks for the information and yes it's happening only when I visit www.heraldsun.com.au. This happens with all browsers as I also checked with chrome and MS Edge and I get the identical problem. There is an identical issue submitted by "Dida" which I am now following. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 7, 2016 Root Admin ID:1044092 Share Posted June 7, 2016 Hello and Please read the following and post back the logs when ready and we'll see about getting you cleaned up. Before we proceed further, please read all of the following instructions carefully. If there is anything that you do not understand kindly ask before proceeding. If needed please print out these instructions. Please do not post logs using CODE, QUOTE, or FONT tags. Just paste them as direct text. If the log is too large then you can use attachments by clicking on the More Reply Options button. Please enable your system to show hidden files: How to see hidden files in Windows Make sure you're subscribed to this topic: Click on the Follow This Topic Button (at the top right of this page), make sure that the Receive notification box is checked and that it is set to Instantly Removing malware can be unpredictable...It is unlikely but things can go very wrong! Please make sure you Backup all files that cannot be replaced if something were to happen. You can copy them to a CD/DVD, external drive or a pen drive Please don't run any other scans, download, install or uninstall any programs unless requested by me while I'm working with you. The removal of malware is not instantaneous, please be patient. Often we are also on a different Time Zone. Perform everything in the correct order. Sometimes one step requires the previous one. If you have any problems while following my instructions, Stop there and tell me the exact nature of the issue. You can check here if you're not sure if your computer is 32-bit or 64-bit Please disable your antivirus while running any requested scanners so that they do not interfere with the scanners. When we are done, I'll give you instructions on how to cleanup all the tools and logs Please stick with me until I give you the "all clear" and Please don't waste my time by leaving before that. Your topic will be closed if you haven't replied within 3 days (If I have not responded within 24 hours, please send me a Private Message as a reminder) STEP 01RKill is a program that was developed at BleepingComputer.com that attempts to terminate known malware processes so that your normal security software can then run and clean your computer of infections. When RKill runs it will kill malware processes and then removes incorrect executable associations and fixes policies that stop us from using certain tools. When finished it will display a log file that shows the processes that were terminated while the program was running. As RKill only terminates a program's running process, and does not delete any files, after running it you should not reboot your computer as any malware processes that are configured to start automatically will just be started again. Instead, after running RKill you should immediately scan your computer using the requested scans I've included. Please download Rkill by Grinler from one of the links below and save it to your desktop.Link 1 | Link 2 On Windows XP double-click on the Rkill desktop icon to run the tool. On Windows Vista/Windows 7 or 8, right-click on the Rkill desktop icon and select Run As Administrator A black DOS box will briefly flash and then disappear. This is normal and indicates the tool ran successfully. If not, delete the file, then download and use the one provided in Link 2. If it does not work, repeat the process and attempt to use one of the remaining links until the tool runs. If the tool does not run from any of the links provided, please let me know. Do not reboot the computer, you will need to run the application again. STEP 02Backup the Registry:Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so. Please download ERUNT from one of the following links: Link1 | Link2 | Link3 ERUNT (Emergency Recovery Utility NT) is a free program that allows you to keep a complete backup of your registry and restore it when needed. Double click on erunt-setup.exe to Install ERUNT by following the prompts. NOTE: Do not choose to allow ERUNT to add an Entry to the Startup folder. Click NO. Start ERUNT either by double clicking on the desktop icon or choosing to start the program at the end of the setup process. Choose a location for the backup. Note: the default location is C:\Windows\ERDNT which is acceptable. Make sure that at least the first two check boxes are selected. Click on OK Then click on YES to create the folder. Note: if it is necessary to restore the registry, open the backup folder and start ERDNT.exe STEP 03 Please run a Threat Scan with MBAM. If you're unable to run or complete the scan as shown below please see the following:MBAM Clean Removal Process 2x When reinstalling the program please try the latest version. Right click and choose "Run as administrator" to open Malwarebytes Anti-Malware and from the Dashboard please Check for Updates by clicking the Update Now... link Open up Malwarebytes > Settings > Detection and Protection > Enable Scan for rootkit and Under Non Malware Protection set both PUP and PUM to Treat detections as malware. Click on the SCAN button and run a Threat Scan with Malwarebytes Anti-Malware by clicking the Scan Now>> button. Once completed please click on the History > Application Logs and find your scan log and open it and then click on the "copy to clipboard" button and post back the results on your next reply. Link to post Share on other sites More sharing options...
sspm Posted June 7, 2016 Author ID:1044109 Share Posted June 7, 2016 Firstly, thanks for your assistance. This issue occurs only when I visit www.heraldsun.com.au. This happens with Firefox but I also checked with Chrome and MS Edge and I get the identical problem. Logs are below. Rkill 2.8.4 by Lawrence Abrams (Grinler)http://www.bleepingcomputer.com/ Copyright 2008-2016 BleepingComputer.com More Information about Rkill can be found at this link:http://www.bleepingcomputer.com/forums/topic308364.html Program started at: 06/07/2016 02:39:53 PM in x64 mode. Windows Version: Windows 10 Home Checking for Windows services to stop: * No malware services found to stop. Checking for processes to terminate: * No malware processes found to kill. Checking Registry for malware related settings: * No issues found in the Registry. Resetting .EXE, .COM, & .BAT associations in the Windows Registry. Performing miscellaneous checks: * Windows Defender Disabled [HKLM\SOFTWARE\Microsoft\Windows Defender] "DisableAntiSpyware" = dword:00000001 Checking Windows Service Integrity: * No issues found. Searching for Missing Digital Signatures: * No issues found. Checking HOSTS File: * No issues found. Program finished at: 06/07/2016 02:41:34 PM Execution time: 0 hours(s), 1 minute(s), and 41 seconds(s) Malwarebytes Anti-Malware www.malwarebytes.org Scan Date: 07-Jun-16 Scan Time: 2:46 PM Logfile: Administrator: Yes Version: 2.2.1.1043 Malware Database: v2016.06.07.02 Rootkit Database: v2016.05.27.01 License: Premium Malware Protection: Enabled Malicious Website Protection: Enabled Self-protection: Disabled OS: Windows 10 CPU: x64 File System: NTFS User: Owner Scan Type: Threat Scan Result: Completed Objects Scanned: 446014 Time Elapsed: 31 min, 19 sec Memory: Enabled Startup: Enabled Filesystem: Enabled Archives: Enabled Rootkits: Enabled Heuristics: Enabled PUP: Enabled PUM: Enabled Processes: 0 (No malicious items detected) Modules: 0 (No malicious items detected) Registry Keys: 0 (No malicious items detected) Registry Values: 0 (No malicious items detected) Registry Data: 0 (No malicious items detected) Folders: 0 (No malicious items detected) Files: 0 (No malicious items detected) Physical Sectors: 0 (No malicious items detected) (end) Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 7, 2016 Root Admin ID:1044205 Share Posted June 7, 2016 Yes, unfortunately it's typically just a redirect but finding the exact method that is being used often changes and we need to find the method and remove it. If the step for ESET hangs up for more than a couple of hours go ahead and end task it and move on to the next step please. Please go ahead and run through the following steps and post back the logs when ready.STEP 04 Please download Junkware Removal Tool to your desktop. Shutdown your antivirus to avoid any conflicts. Right click over JRT.exe and select Run as administrator on Windows Vista or Windows 7, double-click on XP. The tool will open and start scanning your system. Please be patient as this can take a while to complete. On completion, a log (JRT.txt) is saved to your desktop and will automatically open. Post the contents of JRT.txt into your next reply message When completed make sure to re-enable your antivirus STEP 05 Lets clean out any adware now: (this will require a reboot so save all your work) Please download AdwCleaner by Xplode and save to your Desktop. Double click on AdwCleaner.exe to run the tool.Vista / Windows 7/8 users right-click and select Run As Administrator Click on the Scan button. AdwCleaner will begin...be patient as the scan may take some time to complete. When it's done you'll see: Pending: Please uncheck elements you don't want removed. Now click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review. Look over the log especially under Files/Folders for any program you want to save. If there's a program you may want to save, just uncheck it from AdwCleaner. If you're not sure, post the log for review. (all items found are adware/spyware/foistware) If you're ready to clean it all up.....click the Clean button. After rebooting, a logfile report (AdwCleaner[S0].txt) will open automatically. Copy and paste the contents of that logfile in your next reply. A copy of that logfile will also be saved in the C:\AdwCleaner folder. Items that are deleted are moved to the Quarantine Folder: C:\AdwCleaner\Quarantine To restore an item that has been deleted: Go to Tools > Quarantine Manager > check what you want restored > now click on Restore. STEP 06 Please go here to run the online antivirus scannner from ESET. Turn off the real time scanner of any existing antivirus program while performing the online scan Tick the box next to YES, I accept the Terms of Use. Click Start When asked, allow the activex control to install Click Start Make sure that the option Remove found threats is unticked Click on Advanced Settings and ensure these options are ticked: Scan for potentially unwanted applications Scan for potentially unsafe applications Enable Anti-Stealth Technology Click Scan Wait for the scan to finish If any threats were found, click the 'List of found threats' , then click Export to text file.... Save it to your desktop, then please copy and paste that log as a reply to this topic. STEP 07 Please download the Farbar Recovery Scan Tool and save it to your desktop.Note: You need to run the version compatibale with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit Double-click to run it. When the tool opens click Yes to disclaimer. Press the Scan button. It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply. The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply as well. Link to post Share on other sites More sharing options...
sspm Posted June 8, 2016 Author ID:1044261 Share Posted June 8, 2016 Logs are below....Note that ESET stops responding about 40mins into the scan and has found 2 threats at that stage. I will continue to try to get a complete scan. ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Junkware Removal Tool (JRT) by Malwarebytes Version: 8.0.6 (04.25.2016) Operating System: Windows 10 Home x64 Ran by Owner (Administrator) on 08-Jun-16 at 9:00:24.53 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ File System: 0 Registry: 0 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ Scan was completed on 08-Jun-16 at 9:04:28.42 End of JRT log ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ # AdwCleaner v5.119 - Logfile created 08/06/2016 at 09:10:22 # Updated 30/05/2016 by Xplode # Database : 2016-06-07.1 [Server] # Operating system : Windows 10 Home (X64) # Username : Owner - OWNER-PC # Running from : C:\Users\Owner\Downloads\adwcleaner_5.119.exe # Option : Clean # Support : http://toolslib.net/forum ***** [ Services ] ***** ***** [ Folders ] ***** ***** [ Files ] ***** ***** [ DLLs ] ***** ***** [ WMI ] ***** ***** [ Shortcuts ] ***** ***** [ Scheduled tasks ] ***** ***** [ Registry ] ***** [-] Key Deleted : HKU\S-1-5-21-572258881-633112587-3302369216-1003-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} [-] Key Deleted : HKU\S-1-5-21-572258881-633112587-3302369216-1004-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} [-] Key Deleted : HKU\S-1-5-21-572258881-633112587-3302369216-1005-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4} ***** [ Web browsers ] ***** ************************* :: "Tracing" keys deleted :: Winsock settings cleared ************************* C:\AdwCleaner\AdwCleaner[C1].txt - [3289 bytes] - [03/06/2016 10:20:47] C:\AdwCleaner\AdwCleaner[C2].txt - [1303 bytes] - [03/06/2016 13:08:35] C:\AdwCleaner\AdwCleaner[C3].txt - [1454 bytes] - [08/06/2016 09:10:22] C:\AdwCleaner\AdwCleaner[R0].txt - [1820 bytes] - [13/09/2013 22:14:10] C:\AdwCleaner\AdwCleaner[S0].txt - [1871 bytes] - [13/09/2013 22:14:37] C:\AdwCleaner\AdwCleaner[S1].txt - [4310 bytes] - [03/06/2016 10:01:26] C:\AdwCleaner\AdwCleaner[S2].txt - [3137 bytes] - [03/06/2016 10:18:28] C:\AdwCleaner\AdwCleaner[S3].txt - [1141 bytes] - [03/06/2016 13:07:05] C:\AdwCleaner\AdwCleaner[S4].txt - [1864 bytes] - [08/06/2016 09:07:10] ########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [1965 bytes] ########## Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-06-2016 Ran by Owner (administrator) on OWNER-PC (08-06-2016 14:09:03) Running from C:\Users\Owner\Downloads Loaded Profiles: Owner (Available Profiles: Owner & Simone & Monique & Paula) Platform: Windows 10 Home Version 1511 (X64) Language: English (United States) Internet Explorer Version 11 (Default browser: FF) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/ ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) (Intel Corporation) C:\Windows\System32\igfxCUIService.exe (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe (Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe (IBM Corp) C:\Program Files (x86)\IBM\Notes\ntmulti.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe (LSoft Technologies Inc) C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe (IBM Corp) C:\Program Files (x86)\IBM\Notes\SUService.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\NAV.exe (Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe (IBM) C:\Program Files (x86)\IBM\Notes\nsd.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe (Microsoft Corporation) C:\Windows\System32\mqsvc.exe () C:\Program Files (x86)\Photodex\ProShow Gold\scsiaccess.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler.exe (Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.30.3\GoogleCrashHandler64.exe () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe (Intel Corporation) C:\Windows\System32\igfxEM.exe (Intel Corporation) C:\Windows\System32\igfxHK.exe (Symantec Corporation) C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\NAV.exe (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe (Nokia) C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe (Vicky's Cool Softwares) C:\Program Files (x86)\ShutDown After\SA.exe (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\ServiceLayer.exe (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.526.11220.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.20961.0_x64__8wekyb3d8bbwe\Video.UI.exe (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.20961.0_x64__8wekyb3d8bbwe\Music.UI.exe () C:\Program Files\WindowsApps\Microsoft.WindowsCalculator_10.1601.49020.0_x64__8wekyb3d8bbwe\Calculator.exe (Nokia) C:\Program Files (x86)\PC Connectivity Solution\Transports\NclUSBSrv64.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [6548112 2012-06-12] (Realtek Semiconductor) HKLM-x32\...\Run: [Family Tree Builder Update] => C:\Program Files (x86)\MyHeritage\Bin\FTBCheckUpdates.exe [2532864 2013-11-13] (MyHeritage) HKLM-x32\...\Run: [iTunesHelper] => C:\Program Files (x86)\iTunes\iTunesHelper.exe [152392 2014-09-01] (Apple Inc.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation) HKU\S-1-5-21-572258881-633112587-3302369216-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8722136 2016-06-02] (Piriform Ltd) HKU\S-1-5-21-572258881-633112587-3302369216-1000\...\Run: [NokiaSuite.exe] => C:\Program Files (x86)\Nokia\Nokia Suite\NokiaSuite.exe [1092448 2014-11-19] (Nokia) HKU\S-1-5-21-572258881-633112587-3302369216-1000\...\Run: [Dropbox Update] => C:\Users\Owner\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-18] (Dropbox, Inc.) HKU\S-1-5-21-572258881-633112587-3302369216-1000\...\MountPoints2: {2baee1ff-6d3a-11e5-9613-005056c00008} - "D:\LaunchU3.exe" -a ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton AntiVirus\Engine64\22.6.0.142\buShell.dll [2016-02-19] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton AntiVirus\Engine64\22.6.0.142\buShell.dll [2016-02-19] (Symantec Corporation) ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton AntiVirus\Engine64\22.6.0.142\buShell.dll [2016-02-19] (Symantec Corporation) ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-01] (Dropbox, Inc.) ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll [2016-06-01] (Dropbox, Inc.) Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Adobe Gamma.lnk [2013-09-03] ShortcutTarget: Adobe Gamma.lnk -> C:\Program Files (x86)\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe (Adobe Systems, Inc.) Startup: C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\ShutDown After.lnk [2013-04-07] ShortcutTarget: ShutDown After.lnk -> C:\Program Files (x86)\ShutDown After\SA.exe (Vicky's Cool Softwares) ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Tcpip\Parameters: [DhcpNameServer] 192.168.178.1 Tcpip\..\Interfaces\{a3160903-20c5-4f60-9711-686157ba9249}: [DhcpNameServer] 192.168.178.1 Internet Explorer: ================== HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=NAV&pvid=21.7.0.11 HKU\S-1-5-21-572258881-633112587-3302369216-1000\Software\Microsoft\Internet Explorer\Main,Start Page = about:Tabs HKU\S-1-5-21-572258881-633112587-3302369216-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://ninemsn.com.au/?ocid=iehp SearchScopes: HKU\S-1-5-21-572258881-633112587-3302369216-1000 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxps://www.google.com/search?q={searchTerms} BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton AntiVirus\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation) BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-18] (Microsoft Corporation) BHO: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.) BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation) BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-21] (Oracle Corporation) BHO-x32: Google Toolbar Helper -> {AA58ED58-01DD-4d91-8333-CF10577473F7} -> C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.) BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation) BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-21] (Oracle Corporation) Toolbar: HKLM - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_64.dll [2016-04-26] (Google Inc.) Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Engine64\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation) Toolbar: HKLM-x32 - Google Toolbar - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - C:\Program Files (x86)\Google\Google Toolbar\GoogleToolbar_32.dll [2016-04-26] (Google Inc.) Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\coIEPlg.dll [2016-02-21] (Symantec Corporation) Toolbar: HKU\S-1-5-21-572258881-633112587-3302369216-1000 -> No Name - {A13C2648-91D4-4BF3-BC6D-0079707C4389} - No File DPF: HKLM-x32 {CAFEEFAC-0016-0000-0000-ABCDEFFEDCBA} hxxp://javadl-esd.oracle.com/update/1.6.0/jinstall-6u24-windows-i586.cab DPF: HKLM-x32 {F27237D7-93C8-44C2-AC6E-D6057B9A918F} hxxps://vpn.vicroads.vic.gov.au/dana-cached/sc/JuniperSetupClient.cab FireFox: ======== FF ProfilePath: C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vqy5jfpg.default-1414296587151 FF SelectedSearchEngine: Yahoo! FF Homepage: about:home FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_242.dll [2016-05-17] () FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~2\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_242.dll [2016-05-17] () FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-05-06] () FF Plugin-x32: @canon.com/MycameraPlugin -> C:\Program Files (x86)\Canon\MyCamera Download Plugin\NPCIG.dll [2008-10-15] (CANON INC.) FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google) FF Plugin-x32: @google.com/npPicasa3,version=3.0.0 -> C:\Program Files (x86)\Google\Picasa3\npPicasa3.dll [2014-01-07] (Google, Inc.) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-17] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-21] (Oracle Corporation) FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-21] (Oracle Corporation) FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation) FF Plugin-x32: @nokia.com/EnablerPlugin -> C:\Program Files (x86)\Nokia\Nokia Suite\npNokiaSuiteEnabler.dll [2014-11-19] ( ) FF Plugin-x32: @photodex.com/PhotodexPresenter -> C:\Program Files (x86)\Photodex Presenter\npPxPlay.dll [2016-05-16] ( ) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN) FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-28] (Adobe Systems Inc.) FF Plugin HKU\S-1-5-21-572258881-633112587-3302369216-1000: jpl.nasa.gov/NASAEyes -> C:\Users\Owner\AppData\Roaming\JPL-NASA-Caltech\NASA's Eyes\npNASAEyes.dll [2016-03-24] (Jet Propulsion Laboratory) FF Extension: UserZoom Survey Tool - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vqy5jfpg.default-1414296587151\Extensions\userzoom_survey_tool@jetpack.xpi [2015-08-18] [not signed] FF Extension: Video WithOut Flash - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vqy5jfpg.default-1414296587151\Extensions\vwof@drev.com.xpi [2015-10-04] FF Extension: Adblock Plus - C:\Users\Owner\AppData\Roaming\Mozilla\Firefox\Profiles\vqy5jfpg.default-1414296587151\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2016-04-28] FF HKLM\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.6.0.142\coFFAddon FF Extension: Norton Identity Safe - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.6.0.142\coFFAddon [2016-05-16] FF HKLM-x32\...\Firefox\Extensions: [{C1A2A613-35F1-4FCF-B27F-2840527B6556}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\NAV_22.6.0.142\coFFAddon Chrome: ======= CHR HomePage: Default -> hxxps://au.search.yahoo.com/?type=994519&fr=yo-yhp-ch CHR StartupUrls: Default -> "hxxps://au.search.yahoo.com/?type=994519&fr=yo-yhp-ch",null,"hxxp://www.google.com/" CHR DefaultSearchURL: Default -> hxxps://au.search.yahoo.com/search?fr=chr-yo_gc&ei=utf-8&ilc=12&type=994519&p={searchTerms} CHR DefaultSearchKeyword: Default -> yahoo.com search CHR DefaultSuggestURL: Default -> hxxps://ff.search.yahoo.com/gossip?output=fxjson&command={searchTerms} CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\PepperFlash\pepflashplayer.dll () CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File CHR Plugin: (Adobe Acrobat) - C:\Program Files (x86)\Adobe\Reader 11.0\Reader\Browser\nppdf32.dll => No File CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL (Microsoft Corporation) CHR Plugin: (Microsoft Office 2010) - C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL (Microsoft Corporation) CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.135\npGoogleUpdate3.dll => No File CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll (Intel Corporation) CHR Plugin: (Intel® Identity Protection Technology) - C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll (Intel Corporation) CHR Plugin: (VLC Web Plugin) - C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll (VideoLAN) CHR Profile: C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Google Docs) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-30] CHR Extension: (Google Drive) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19] CHR Extension: (YouTube) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-19] CHR Extension: (Norton Security Toolbar) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjabmdjcfcfdmffimndhafhblfmpjdpe [2016-03-17] CHR Extension: (Google Search) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19] CHR Extension: (Google Docs Offline) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-04-18] CHR Extension: (Norton Identity Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\iikflkcanblccfahdhdonehdalibjnif [2014-10-05] CHR Extension: (Norton Safe) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmgcfemagnogdodbambjhdcmfcpicngl [2016-05-28] CHR Extension: (Chrome Web Store Payments) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-05-02] CHR Extension: (Gmail) - C:\Users\Owner\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-22] CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\Exts\Chrome.crx [2016-05-16] CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\Exts\Chrome.crx [2016-05-16] CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 Active@ Disk Monitor; C:\Program Files (x86)\LSoft Technologies Inc\Active@ Hard Disk Monitor\DiskMonitorService.exe [1727200 2012-10-12] (LSoft Technologies Inc) S3 Adobe LM Service; C:\Program Files (x86)\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe [72704 2013-09-03] (Adobe Systems) [File not signed] R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [436032 2016-02-17] (Amazon Inc.) R2 IBM Notes Diagnostics; C:\Program Files (x86)\IBM\Notes\nsd.exe [5164136 2013-10-15] (IBM) R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation) R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel(R) Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [169432 2013-09-17] (Intel Corporation) R2 LNSUSvc; C:\Program Files (x86)\IBM\Notes\SUService.exe [1654376 2013-10-15] (IBM Corp) R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1514464 2016-03-10] (Malwarebytes) R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1136608 2016-03-10] (Malwarebytes) R2 Multi-user Cleanup Service; C:\Program Files (x86)\IBM\Notes\ntmulti.exe [38504 2013-10-15] (IBM Corp) R2 NAV; C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\NAV.exe [289080 2016-02-26] (Symantec Corporation) R2 ScsiAccess; C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe [186760 2016-05-16] () S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation) S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation) ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R1 BHDrvx64; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.6.0.142\Definitions\BASHDefs\20160601.001\BHDrvx64.sys [1832176 2016-05-13] (Symantec Corporation) R1 ccSet_NAV; C:\Windows\system32\drivers\NAVx64\1606000.08E\ccSetx64.sys [173808 2016-02-24] (Symantec Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [497392 2016-04-27] (Symantec Corporation) R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [156912 2016-04-27] (Symantec Corporation) R1 IDSVia64; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.6.0.142\Definitions\IPSDefs\20160606.001\IDSvia64.sys [876248 2016-05-25] (Symantec Corporation) R3 ikbevent; C:\Windows\System32\DRIVERS\ikbevent.sys [20968 2012-07-24] () R3 imsevent; C:\Windows\System32\DRIVERS\imsevent.sys [19944 2012-07-24] () R3 ISCT; C:\Windows\System32\drivers\ISCTD64.sys [46016 2012-07-24] () R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [27008 2016-03-10] (Malwarebytes) R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2016-06-08] (Malwarebytes) R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [65408 2016-03-10] (Malwarebytes Corporation) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-17] (Intel Corporation) R3 NAVENG; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.6.0.142\Definitions\VirusDefs\20160607.001\ENG64.SYS [138456 2016-05-17] (Symantec Corporation) R3 NAVEX15; C:\Program Files (x86)\Norton AntiVirus\NortonData\22.6.0.142\Definitions\VirusDefs\20160607.001\EX64.SYS [2148056 2016-05-17] (Symantec Corporation) R3 pelmouse; C:\Windows\system32\DRIVERS\pelmouse.sys [23040 2015-12-17] (TPMX Electronics Ltd.) R3 pelusblf; C:\Windows\system32\DRIVERS\pelusblf.sys [35328 2015-12-22] (TPMX Electronics Ltd.) R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek ) R1 SRTSP; C:\Windows\system32\drivers\NAVx64\1606000.08E\SRTSP64.SYS [928504 2016-02-24] (Symantec Corporation) R1 SRTSPX; C:\Windows\system32\drivers\NAVx64\1606000.08E\SRTSPX64.SYS [50936 2016-02-24] (Symantec Corporation) R0 SymEFASI; C:\Windows\System32\drivers\NAVx64\1606000.08E\SYMEFASI64.SYS [1621232 2016-02-24] (Symantec Corporation) S0 SymELAM; C:\Windows\System32\drivers\NAVx64\1606000.08E\SymELAM.sys [24192 2016-02-24] (Symantec Corporation) R3 SymEvent; C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS [111344 2016-05-16] (Symantec Corporation) R1 SymIRON; C:\Windows\system32\drivers\NAVx64\1606000.08E\Ironx64.SYS [295664 2016-02-24] (Symantec Corporation) R1 SymNetS; C:\Windows\system32\drivers\NAVx64\1606000.08E\SYMNETS.SYS [577768 2016-02-24] (Symantec Corporation) S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation) S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation) S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation) S3 WPRO_41_2001; C:\Windows\System32\drivers\WPRO_41_2001.sys [34752 2016-02-29] () U3 idsvc; no ImagePath S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X] S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X] S2 VMnetBridge; system32\DRIVERS\vmnetbridge.sys [X] U3 wpcsvc; no ImagePath ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-08 09:15 - 2016-06-08 09:16 - 06858912 _____ (ESET spol. s r.o.) C:\Users\Owner\Downloads\esetonlinescanner_enu(1).exe 2016-06-08 09:14 - 2016-06-08 09:14 - 00002044 _____ C:\Users\Owner\Desktop\AdwCleaner[C3].txt 2016-06-07 14:44 - 2016-06-07 14:44 - 00000000 ____D C:\WINDOWS\ERDNT 2016-06-07 14:43 - 2016-06-07 14:43 - 00000993 _____ C:\Users\Owner\Desktop\NTREGOPT.lnk 2016-06-07 14:43 - 2016-06-07 14:43 - 00000974 _____ C:\Users\Owner\Desktop\ERUNT.lnk 2016-06-07 14:43 - 2016-06-07 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ERUNT 2016-06-07 14:43 - 2016-06-07 14:43 - 00000000 ____D C:\Program Files (x86)\ERUNT 2016-06-07 14:39 - 2016-06-07 14:41 - 00002198 _____ C:\Users\Owner\Desktop\Rkill.txt 2016-06-07 14:31 - 2016-06-07 14:42 - 00791393 _____ (Lars Hederer ) C:\Users\Owner\Downloads\erunt-setup.exe 2016-06-07 14:30 - 2016-06-07 14:39 - 02030536 _____ (Bleeping Computer, LLC) C:\Users\Owner\Downloads\rkill.exe 2016-06-06 16:24 - 2016-06-08 14:08 - 00000000 ____D C:\Users\Owner\Downloads\FRST-OlderVersion 2016-06-06 11:00 - 2016-06-06 11:00 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk 2016-06-06 11:00 - 2016-06-06 11:00 - 00001216 _____ C:\Users\Public\Desktop\Mozilla Firefox.lnk 2016-06-06 10:59 - 2016-06-08 09:43 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox 2016-06-06 10:58 - 2016-06-06 10:59 - 00242120 _____ C:\Users\Owner\Downloads\Firefox Setup Stub 46.0.1.exe 2016-06-06 10:44 - 2016-06-06 10:44 - 00098787 _____ C:\Users\Owner\Documents\bookmarks.html 2016-06-06 09:45 - 2016-06-06 09:45 - 03745012 _____ C:\Users\Owner\Downloads\SRT5428.AP 2016-06-05 22:12 - 2016-06-05 22:12 - 06893008 _____ (Piriform Ltd) C:\Users\Owner\Downloads\ccsetup518.exe 2016-06-05 21:59 - 2016-06-05 21:59 - 00123436 _____ C:\Users\Owner\Documents\cc_20160605_215942.reg 2016-06-05 21:14 - 2016-06-05 21:14 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox 2016-06-03 15:10 - 2016-06-03 15:10 - 05659224 _____ (Swearware) C:\Users\Owner\Downloads\ComboFix.exe 2016-06-03 15:09 - 2016-06-03 15:09 - 01610816 _____ (Malwarebytes) C:\Users\Owner\Downloads\JRT(1).exe 2016-06-03 14:30 - 2016-06-03 14:31 - 00266012 _____ C:\TDSSKiller.3.1.0.9_03.06.2016_14.30.44_log.txt 2016-06-03 14:30 - 2016-06-03 14:30 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller(1).exe 2016-06-03 13:21 - 2016-06-03 14:08 - 00000000 ____D C:\Users\Owner\Desktop\mbar 2016-06-03 13:21 - 2016-06-03 13:21 - 16563352 _____ (Malwarebytes Corp.) C:\Users\Owner\Downloads\mbar-1.09.3.1001.exe 2016-06-03 13:02 - 2016-06-03 13:02 - 00000000 _____ C:\Users\Owner\Downloads\aswmbr.exe 2016-06-03 12:57 - 2016-06-03 12:59 - 00051893 _____ C:\Users\Owner\Downloads\Addition.txt 2016-06-03 12:56 - 2016-06-08 14:09 - 00025970 _____ C:\Users\Owner\Downloads\FRST.txt 2016-06-03 12:55 - 2016-06-08 14:08 - 02385408 _____ (Farbar) C:\Users\Owner\Downloads\FRST64.exe 2016-06-03 12:55 - 2016-06-08 14:08 - 00000000 ____D C:\FRST 2016-06-03 11:12 - 2016-06-03 11:12 - 06858912 _____ (ESET spol. s r.o.) C:\Users\Owner\Downloads\esetonlinescanner_enu.exe 2016-06-03 11:12 - 2016-06-03 11:12 - 00000000 ____D C:\Users\Owner\AppData\Local\ESET 2016-06-03 10:31 - 2016-06-03 10:32 - 00266012 _____ C:\TDSSKiller.3.1.0.9_03.06.2016_10.31.03_log.txt 2016-06-03 10:30 - 2016-06-03 10:30 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\Owner\Downloads\tdsskiller.exe 2016-06-03 10:16 - 2016-06-08 09:06 - 00000545 _____ C:\Users\Owner\Desktop\JRT.txt 2016-06-03 10:13 - 2016-06-03 10:13 - 01610816 _____ (Malwarebytes) C:\Users\Owner\Downloads\JRT.exe 2016-06-03 10:00 - 2016-06-03 10:00 - 03677248 _____ C:\Users\Owner\Downloads\adwcleaner_5.119.exe 2016-06-02 12:26 - 2016-06-02 12:26 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WUDFUsbccidDriver_01_11_00.Wdf 2016-05-31 16:56 - 2016-05-31 16:56 - 00000000 ____D C:\Users\Owner\Downloads\giantsinearth00rolv_daisy 2016-05-31 16:54 - 2016-05-31 16:54 - 01494911 _____ C:\Users\Owner\Downloads\giantsinearth00rolv_daisy.zip 2016-05-31 13:01 - 2016-05-31 13:01 - 03248133 _____ C:\Users\Owner\Downloads\ufos-and-the-national-security-state-the-cover-up-exposed-1973-1991.pdf 2016-05-30 15:16 - 2016-05-30 15:16 - 00987728 _____ (Google Inc.) C:\Users\Owner\Downloads\GoogleEarthSetup.exe 2016-05-30 14:12 - 2016-05-30 14:12 - 09768174 _____ C:\Users\Owner\Downloads\8665444444.pdf 2016-05-30 13:55 - 2016-05-30 13:59 - 707232043 _____ C:\Users\Owner\Downloads\eBooks(1).zip 2016-05-27 21:45 - 2016-05-27 21:45 - 00596713 _____ C:\Users\Owner\Downloads\Carla L. Rueckert SECRETS OF THE UFO.pdf 2016-05-26 17:11 - 2016-05-26 17:11 - 00378157 _____ C:\Users\Owner\Downloads\ILLUMINATI CLOAK OF..Document.pdf 2016-05-26 13:59 - 2016-04-30 16:42 - 01387520 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys 2016-05-26 13:59 - 2016-04-30 16:31 - 03591168 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys 2016-05-26 13:59 - 2016-04-23 15:28 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-05-26 13:59 - 2016-04-23 15:24 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-05-26 13:59 - 2016-04-23 15:24 - 01819208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-05-26 13:59 - 2016-04-23 15:09 - 22561256 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-05-26 13:59 - 2016-04-23 15:08 - 06605504 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll 2016-05-26 13:59 - 2016-04-23 14:31 - 13018112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll 2016-05-26 13:59 - 2016-04-23 14:30 - 22379008 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll 2016-05-26 13:59 - 2016-04-23 14:28 - 16984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll 2016-05-26 13:59 - 2016-04-23 14:24 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll 2016-05-26 13:59 - 2016-04-23 14:23 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll 2016-05-26 13:59 - 2016-04-23 14:22 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll 2016-05-26 13:59 - 2016-04-23 14:20 - 19344384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-05-26 13:59 - 2016-04-23 14:20 - 18676224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll 2016-05-26 13:59 - 2016-04-23 14:19 - 07977472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll 2016-05-26 13:59 - 2016-04-23 14:19 - 00970752 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-05-26 13:59 - 2016-04-23 14:18 - 24604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-05-26 13:59 - 2016-04-23 14:18 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll 2016-05-26 13:59 - 2016-04-23 14:17 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll 2016-05-26 13:59 - 2016-04-23 14:15 - 00792064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-05-26 13:59 - 2016-04-23 14:14 - 13383168 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-05-26 13:59 - 2016-04-23 14:10 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-05-26 13:59 - 2016-04-23 14:09 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll 2016-05-26 13:59 - 2016-04-23 14:08 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll 2016-05-26 13:59 - 2016-04-23 14:07 - 01500160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-05-26 13:59 - 2016-04-23 14:06 - 06974464 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-05-26 13:59 - 2016-04-23 14:04 - 01731072 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-05-26 13:59 - 2016-04-23 14:03 - 05660160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll 2016-05-26 13:59 - 2016-04-23 14:03 - 02280960 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-05-26 13:59 - 2016-04-23 14:02 - 07832576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll 2016-05-26 13:59 - 2016-03-29 20:20 - 02656952 _____ C:\WINDOWS\system32\CoreUIComponents.dll 2016-05-26 13:59 - 2016-03-29 20:18 - 02152280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys 2016-05-26 13:59 - 2016-03-29 19:37 - 01862008 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll 2016-05-26 13:59 - 2016-03-29 18:41 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe 2016-05-26 13:59 - 2016-03-29 18:06 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-05-26 13:59 - 2016-03-29 18:02 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll 2016-05-26 13:59 - 2016-03-29 18:01 - 00541304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe 2016-05-26 13:59 - 2016-03-29 17:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll 2016-05-26 13:59 - 2016-03-29 17:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll 2016-05-26 13:59 - 2016-03-29 17:46 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-05-26 13:59 - 2016-03-29 17:36 - 00209408 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll 2016-05-26 13:59 - 2016-03-29 17:19 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-05-26 13:59 - 2016-03-29 17:15 - 01714688 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll 2016-05-26 13:59 - 2016-03-29 17:14 - 00965632 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll 2016-05-26 13:59 - 2016-03-29 17:12 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll 2016-05-26 13:59 - 2016-03-29 17:12 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll 2016-05-26 13:59 - 2016-03-29 17:02 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-05-26 13:59 - 2016-03-29 16:37 - 01444352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll 2016-05-26 13:59 - 2016-03-29 16:37 - 00799744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll 2016-05-26 13:59 - 2016-03-29 16:26 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-05-26 13:59 - 2016-03-29 16:05 - 01388032 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-05-26 13:59 - 2016-03-29 16:02 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-05-26 13:58 - 2016-05-06 14:53 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdport.sys 2016-05-26 13:58 - 2016-05-06 13:53 - 00351232 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnr.dll 2016-05-26 13:58 - 2016-04-23 16:12 - 01401024 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll 2016-05-26 13:58 - 2016-04-23 16:12 - 01184960 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-05-26 13:58 - 2016-04-23 16:12 - 00713920 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll 2016-05-26 13:58 - 2016-04-23 16:12 - 00514752 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-05-26 13:58 - 2016-04-23 16:12 - 00294592 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-05-26 13:58 - 2016-04-23 16:12 - 00190144 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe 2016-05-26 13:58 - 2016-04-23 16:12 - 00046784 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe 2016-05-26 13:58 - 2016-04-23 15:28 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-05-26 13:58 - 2016-04-23 15:26 - 00707608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-05-26 13:58 - 2016-04-23 15:24 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-05-26 13:58 - 2016-04-23 15:24 - 00754664 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll 2016-05-26 13:58 - 2016-04-23 15:22 - 01161120 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-05-26 13:58 - 2016-04-23 15:13 - 00502104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll 2016-05-26 13:58 - 2016-04-23 15:12 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll 2016-05-26 13:58 - 2016-04-23 15:12 - 00451928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll 2016-05-26 13:58 - 2016-04-23 15:12 - 00413536 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe 2016-05-26 13:58 - 2016-04-23 15:11 - 01092464 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll 2016-05-26 13:58 - 2016-04-23 15:11 - 00696672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll 2016-05-26 13:58 - 2016-04-23 15:11 - 00498960 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll 2016-05-26 13:58 - 2016-04-23 15:11 - 00390496 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll 2016-05-26 13:58 - 2016-04-23 15:10 - 03673424 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-05-26 13:58 - 2016-04-23 15:10 - 02919832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-05-26 13:58 - 2016-04-23 15:10 - 00330072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys 2016-05-26 13:58 - 2016-04-23 15:09 - 21123320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-05-26 13:58 - 2016-04-23 15:09 - 05240960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll 2016-05-26 13:58 - 2016-04-23 15:09 - 04074160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe 2016-05-26 13:58 - 2016-04-23 15:09 - 00569744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SHCore.dll 2016-05-26 13:58 - 2016-04-23 15:09 - 00303216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe 2016-05-26 13:58 - 2016-04-23 15:09 - 00255168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe 2016-05-26 13:58 - 2016-04-23 15:08 - 04515256 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe 2016-05-26 13:58 - 2016-04-23 15:08 - 00725776 _____ (Microsoft Corporation) C:\WINDOWS\system32\SHCore.dll 2016-05-26 13:58 - 2016-04-23 15:07 - 01848072 _____ (Microsoft Corporation) C:\WINDOWS\system32\crypt32.dll 2016-05-26 13:58 - 2016-04-23 15:07 - 01536088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\crypt32.dll 2016-05-26 13:58 - 2016-04-23 15:06 - 00291360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe 2016-05-26 13:58 - 2016-04-23 15:02 - 00188256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll 2016-05-26 13:58 - 2016-04-23 15:01 - 01996640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-05-26 13:58 - 2016-04-23 15:01 - 00650304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll 2016-05-26 13:58 - 2016-04-23 15:01 - 00619296 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll 2016-05-26 13:58 - 2016-04-23 15:01 - 00577368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys 2016-05-26 13:58 - 2016-04-23 15:01 - 00522176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll 2016-05-26 13:58 - 2016-04-23 15:01 - 00513368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll 2016-05-26 13:58 - 2016-04-23 15:01 - 00217440 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll 2016-05-26 13:58 - 2016-04-23 15:00 - 01776768 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-05-26 13:58 - 2016-04-23 15:00 - 01594920 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-05-26 13:58 - 2016-04-23 15:00 - 01522152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-05-26 13:58 - 2016-04-23 15:00 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-05-26 13:58 - 2016-04-23 15:00 - 01372304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2016-05-26 13:58 - 2016-04-23 15:00 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-05-26 13:58 - 2016-04-23 14:56 - 00534872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS 2016-05-26 13:58 - 2016-04-23 14:35 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll 2016-05-26 13:58 - 2016-04-23 14:29 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe 2016-05-26 13:58 - 2016-04-23 14:29 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll 2016-05-26 13:58 - 2016-04-23 14:28 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll 2016-05-26 13:58 - 2016-04-23 14:26 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll 2016-05-26 13:58 - 2016-04-23 14:25 - 00630784 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll 2016-05-26 13:58 - 2016-04-23 14:25 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll 2016-05-26 13:58 - 2016-04-23 14:25 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll 2016-05-26 13:58 - 2016-04-23 14:25 - 00207360 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll 2016-05-26 13:58 - 2016-04-23 14:24 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll 2016-05-26 13:58 - 2016-04-23 14:24 - 00292864 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll 2016-05-26 13:58 - 2016-04-23 14:24 - 00287232 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll 2016-05-26 13:58 - 2016-04-23 14:24 - 00181248 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2016-05-26 13:58 - 2016-04-23 14:24 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll 2016-05-26 13:58 - 2016-04-23 14:23 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe 2016-05-26 13:58 - 2016-04-23 14:22 - 00460800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll 2016-05-26 13:58 - 2016-04-23 14:21 - 00479232 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-05-26 13:58 - 2016-04-23 14:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll 2016-05-26 13:58 - 2016-04-23 14:20 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll 2016-05-26 13:58 - 2016-04-23 14:20 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll 2016-05-26 13:58 - 2016-04-23 14:20 - 00356864 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActivationManager.dll 2016-05-26 13:58 - 2016-04-23 14:20 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2016-05-26 13:58 - 2016-04-23 14:19 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll 2016-05-26 13:58 - 2016-04-23 14:19 - 00853504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll 2016-05-26 13:58 - 2016-04-23 14:19 - 00440320 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll 2016-05-26 13:58 - 2016-04-23 14:18 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll 2016-05-26 13:58 - 2016-04-23 14:18 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll 2016-05-26 13:58 - 2016-04-23 14:18 - 00939520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll 2016-05-26 13:58 - 2016-04-23 14:18 - 00804352 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-05-26 13:58 - 2016-04-23 14:18 - 00605184 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-05-26 13:58 - 2016-04-23 14:18 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe 2016-05-26 13:58 - 2016-04-23 14:18 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll 2016-05-26 13:58 - 2016-04-23 14:18 - 00471552 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll 2016-05-26 13:58 - 2016-04-23 14:18 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll 2016-05-26 13:58 - 2016-04-23 14:17 - 00529920 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll 2016-05-26 13:58 - 2016-04-23 14:17 - 00388608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-05-26 13:58 - 2016-04-23 14:16 - 01319424 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll 2016-05-26 13:58 - 2016-04-23 14:16 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-05-26 13:58 - 2016-04-23 14:16 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll 2016-05-26 13:58 - 2016-04-23 14:15 - 01073152 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll 2016-05-26 13:58 - 2016-04-23 14:15 - 00865792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AzureSettingSyncProvider.dll 2016-05-26 13:58 - 2016-04-23 14:15 - 00673280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2016-05-26 13:58 - 2016-04-23 14:15 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll 2016-05-26 13:58 - 2016-04-23 14:14 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll 2016-05-26 13:58 - 2016-04-23 14:14 - 00821760 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll 2016-05-26 13:58 - 2016-04-23 14:14 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll 2016-05-26 13:58 - 2016-04-23 14:14 - 00647680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-05-26 13:58 - 2016-04-23 14:14 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-05-26 13:58 - 2016-04-23 14:14 - 00354304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll 2016-05-26 13:58 - 2016-04-23 14:14 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll 2016-05-26 13:58 - 2016-04-23 14:13 - 07200256 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll 2016-05-26 13:58 - 2016-04-23 14:13 - 06295552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll 2016-05-26 13:58 - 2016-04-23 14:13 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2016-05-26 13:58 - 2016-04-23 14:13 - 00434688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll 2016-05-26 13:58 - 2016-04-23 14:12 - 00667648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AzureSettingSyncProvider.dll 2016-05-26 13:58 - 2016-04-23 14:10 - 00639488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll 2016-05-26 13:58 - 2016-04-23 14:09 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-05-26 13:58 - 2016-04-23 14:08 - 05324288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-05-26 13:58 - 2016-04-23 14:07 - 05205504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll 2016-05-26 13:58 - 2016-04-23 14:07 - 02598912 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll 2016-05-26 13:58 - 2016-04-23 14:05 - 05502976 _____ (Microsoft Corporation) C:\WINDOWS\system32\d2d1.dll 2016-05-26 13:58 - 2016-04-23 14:05 - 02166784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll 2016-05-26 13:58 - 2016-04-23 14:05 - 02066432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll 2016-05-26 13:58 - 2016-04-23 14:05 - 01946112 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll 2016-05-26 13:58 - 2016-04-23 14:05 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll 2016-05-26 13:58 - 2016-04-23 14:05 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2016-05-26 13:58 - 2016-04-23 14:04 - 04759040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d2d1.dll 2016-05-26 13:58 - 2016-04-23 14:03 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-05-26 13:58 - 2016-04-23 14:03 - 02000896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll 2016-05-26 13:58 - 2016-04-23 14:03 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll 2016-05-26 13:58 - 2016-04-23 14:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2016-05-26 13:58 - 2016-04-23 14:02 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll 2016-05-26 13:58 - 2016-04-23 14:01 - 04775424 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-05-26 13:58 - 2016-04-23 14:00 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll 2016-05-26 13:58 - 2016-04-23 14:00 - 00984576 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll 2016-05-26 13:58 - 2016-04-23 12:10 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-05-26 13:58 - 2016-04-02 14:13 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe 2016-05-26 13:58 - 2016-04-02 14:10 - 00730344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll 2016-05-26 13:58 - 2016-04-02 13:19 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-05-26 13:58 - 2016-04-02 13:14 - 03994624 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll 2016-05-26 13:58 - 2016-04-02 13:07 - 03575296 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsThresholdAdminFlowUI.dll 2016-05-26 13:58 - 2016-03-29 20:23 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys 2016-05-26 13:58 - 2016-03-29 20:22 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-05-26 13:58 - 2016-03-29 20:22 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-05-26 13:58 - 2016-03-29 20:20 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-05-26 13:58 - 2016-03-29 20:20 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-05-26 13:58 - 2016-03-29 20:11 - 00686976 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsapi.dll 2016-05-26 13:58 - 2016-03-29 20:02 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi 2016-05-26 13:58 - 2016-03-29 19:56 - 01297752 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll 2016-05-26 13:58 - 2016-03-29 19:28 - 00535080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dnsapi.dll 2016-05-26 13:58 - 2016-03-29 19:25 - 00258912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufx01000.sys 2016-05-26 13:58 - 2016-03-29 19:19 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll 2016-05-26 13:58 - 2016-03-29 19:13 - 00986976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll 2016-05-26 13:58 - 2016-03-29 19:11 - 00605440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-05-26 13:58 - 2016-03-29 19:08 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-05-26 13:58 - 2016-03-29 19:08 - 00261376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LsaIso.exe 2016-05-26 13:58 - 2016-03-29 18:26 - 02403680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys 2016-05-26 13:58 - 2016-03-29 18:26 - 01089888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\http.sys 2016-05-26 13:58 - 2016-03-29 18:24 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-05-26 13:58 - 2016-03-29 18:21 - 00378208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS 2016-05-26 13:58 - 2016-03-29 17:48 - 00144896 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Devices.dll 2016-05-26 13:58 - 2016-03-29 17:44 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\DAFWSD.dll 2016-05-26 13:58 - 2016-03-29 17:39 - 00550912 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll 2016-05-26 13:58 - 2016-03-29 17:36 - 00530432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\nwifi.sys 2016-05-26 13:58 - 2016-03-29 17:35 - 00411648 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacc.dll 2016-05-26 13:58 - 2016-03-29 17:35 - 00239616 _____ (Microsoft Corporation) C:\WINDOWS\system32\credprovhost.dll 2016-05-26 13:58 - 2016-03-29 17:34 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll 2016-05-26 13:58 - 2016-03-29 17:34 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsrslvr.dll 2016-05-26 13:58 - 2016-03-29 17:30 - 00328192 _____ (Microsoft Corporation) C:\WINDOWS\system32\profsvc.dll 2016-05-26 13:58 - 2016-03-29 17:27 - 00339968 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll 2016-05-26 13:58 - 2016-03-29 17:26 - 00169472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll 2016-05-26 13:58 - 2016-03-29 17:23 - 00694784 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys 2016-05-26 13:58 - 2016-03-29 17:23 - 00628736 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll 2016-05-26 13:58 - 2016-03-29 17:22 - 00438784 _____ (Microsoft Corporation) C:\WINDOWS\system32\AccountsRt.dll 2016-05-26 13:58 - 2016-03-29 17:20 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll 2016-05-26 13:58 - 2016-03-29 17:20 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AboveLockAppHost.dll 2016-05-26 13:58 - 2016-03-29 17:19 - 00556032 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll 2016-05-26 13:58 - 2016-03-29 17:17 - 00708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll 2016-05-26 13:58 - 2016-03-29 17:16 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll 2016-05-26 13:58 - 2016-03-29 17:14 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll 2016-05-26 13:58 - 2016-03-29 17:13 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll 2016-05-26 13:58 - 2016-03-29 17:11 - 00881664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Input.Inking.dll 2016-05-26 13:58 - 2016-03-29 17:09 - 01239552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll 2016-05-26 13:58 - 2016-03-29 17:08 - 00888320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.dll 2016-05-26 13:58 - 2016-03-29 17:07 - 01902592 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2016-05-26 13:58 - 2016-03-29 17:06 - 01575936 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll 2016-05-26 13:58 - 2016-03-29 17:05 - 01395712 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll 2016-05-26 13:58 - 2016-03-29 17:03 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dfsc.sys 2016-05-26 13:58 - 2016-03-29 17:02 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll 2016-05-26 13:58 - 2016-03-29 17:02 - 01211904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll 2016-05-26 13:58 - 2016-03-29 17:00 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll 2016-05-26 13:58 - 2016-03-29 17:00 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll 2016-05-26 13:58 - 2016-03-29 16:59 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\BitLockerDeviceEncryption.exe 2016-05-26 13:58 - 2016-03-29 16:59 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll 2016-05-26 13:58 - 2016-03-29 16:56 - 00415232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll 2016-05-26 13:58 - 2016-03-29 16:55 - 01052160 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.dll 2016-05-26 13:58 - 2016-03-29 16:53 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacc.dll 2016-05-26 13:58 - 2016-03-29 16:49 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveui.dll 2016-05-26 13:58 - 2016-03-29 16:44 - 00498176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll 2016-05-26 13:58 - 2016-03-29 16:43 - 00358400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AccountsRt.dll 2016-05-26 13:58 - 2016-03-29 16:42 - 01410560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.Http.dll 2016-05-26 13:58 - 2016-03-29 16:41 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AboveLockAppHost.dll 2016-05-26 13:58 - 2016-03-29 16:40 - 00787456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Web.dll 2016-05-26 13:58 - 2016-03-29 16:39 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WSDApi.dll 2016-05-26 13:58 - 2016-03-29 16:36 - 03351040 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2016-05-26 13:58 - 2016-03-29 16:36 - 00649728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll 2016-05-26 13:58 - 2016-03-29 16:34 - 00682496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Input.Inking.dll 2016-05-26 13:58 - 2016-03-29 16:34 - 00418304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll 2016-05-26 13:58 - 2016-03-29 16:32 - 01588224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2016-05-26 13:58 - 2016-03-29 16:32 - 01098240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll 2016-05-26 13:58 - 2016-03-29 16:32 - 00854528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll 2016-05-26 13:58 - 2016-03-29 16:32 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.dll 2016-05-26 13:58 - 2016-03-29 16:32 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll 2016-05-26 13:58 - 2016-03-29 16:32 - 00162816 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll 2016-05-26 13:58 - 2016-03-29 16:31 - 01117184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll 2016-05-26 13:58 - 2016-03-29 16:30 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll 2016-05-26 13:58 - 2016-03-29 16:29 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll 2016-05-26 13:58 - 2016-03-29 16:29 - 00256000 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll 2016-05-26 13:58 - 2016-03-29 16:28 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll 2016-05-26 13:58 - 2016-03-29 16:28 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll 2016-05-26 13:58 - 2016-03-29 16:27 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll 2016-05-26 13:58 - 2016-03-29 16:27 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll 2016-05-26 13:58 - 2016-03-29 16:27 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll 2016-05-26 13:58 - 2016-03-29 16:23 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MsSpellCheckingFacility.dll 2016-05-26 13:58 - 2016-03-29 16:19 - 02635776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll 2016-05-26 13:58 - 2016-03-29 16:17 - 00765952 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-05-26 13:58 - 2016-03-29 16:14 - 01072128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.Http.dll 2016-05-26 13:58 - 2016-03-29 16:13 - 00592384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Web.dll 2016-05-26 13:58 - 2016-03-29 16:10 - 03671040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2016-05-26 13:58 - 2016-03-29 16:06 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll 2016-05-26 13:58 - 2016-03-29 16:05 - 00361472 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll 2016-05-26 13:58 - 2016-03-29 16:04 - 00688640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll 2016-05-26 13:58 - 2016-03-29 16:01 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2016-05-26 13:58 - 2016-03-29 15:58 - 01799680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll 2016-05-26 13:58 - 2016-03-29 15:45 - 03078144 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll 2016-05-26 13:58 - 2016-03-29 15:45 - 00338432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncbservice.dll 2016-05-26 13:58 - 2016-03-29 15:43 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll 2016-05-26 13:58 - 2016-03-29 15:43 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll 2016-05-26 13:58 - 2016-03-29 15:38 - 02798080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll 2016-05-26 13:58 - 2016-03-29 15:36 - 02722816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll 2016-05-26 13:58 - 2016-03-29 15:26 - 00958976 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll 2016-05-26 13:58 - 2016-03-29 15:25 - 00712704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll 2016-05-26 13:57 - 2016-05-06 14:05 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll 2016-05-26 13:57 - 2016-05-06 14:03 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll 2016-05-26 13:57 - 2016-05-06 13:49 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\NgcCtnrSvc.dll 2016-05-26 13:57 - 2016-05-06 13:44 - 00582656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll 2016-05-26 13:57 - 2016-05-06 13:43 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll 2016-05-26 13:57 - 2016-05-06 13:23 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcpopkeysrv.dll 2016-05-26 13:57 - 2016-04-23 16:12 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll 2016-05-26 13:57 - 2016-04-23 15:24 - 00638816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fvevol.sys 2016-05-26 13:57 - 2016-04-23 15:24 - 00335712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys 2016-05-26 13:57 - 2016-04-23 15:24 - 00099680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys 2016-05-26 13:57 - 2016-04-23 15:18 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-05-26 13:57 - 2016-04-23 15:13 - 00306832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanapi.dll 2016-05-26 13:57 - 2016-04-23 15:13 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll 2016-05-26 13:57 - 2016-04-23 15:11 - 00131424 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ufxsynopsys.sys 2016-05-26 13:57 - 2016-04-23 15:11 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll 2016-05-26 13:57 - 2016-04-23 15:09 - 00565600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe 2016-05-26 13:57 - 2016-04-23 15:09 - 00465760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe 2016-05-26 13:57 - 2016-04-23 15:07 - 00204048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rsaenh.dll 2016-05-26 13:57 - 2016-04-23 15:07 - 00183904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rsaenh.dll 2016-05-26 13:57 - 2016-04-23 15:01 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys 2016-05-26 13:57 - 2016-04-23 15:00 - 00550656 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll 2016-05-26 13:57 - 2016-04-23 15:00 - 00453472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll 2016-05-26 13:57 - 2016-04-23 15:00 - 00058208 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwminit.dll 2016-05-26 13:57 - 2016-04-23 14:39 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll 2016-05-26 13:57 - 2016-04-23 14:34 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys 2016-05-26 13:57 - 2016-04-23 14:34 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll 2016-05-26 13:57 - 2016-04-23 14:34 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2016-05-26 13:57 - 2016-04-23 14:33 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll 2016-05-26 13:57 - 2016-04-23 14:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshbth.dll 2016-05-26 13:57 - 2016-04-23 14:33 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmCx.sys 2016-05-26 13:57 - 2016-04-23 14:33 - 00038400 _____ (Microsoft Corporation) C:\WINDOWS\system32\ByteCodeGenerator.exe 2016-05-26 13:57 - 2016-04-23 14:32 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll 2016-05-26 13:57 - 2016-04-23 14:32 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll 2016-05-26 13:57 - 2016-04-23 14:32 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll 2016-05-26 13:57 - 2016-04-23 14:31 - 00074752 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll 2016-05-26 13:57 - 2016-04-23 14:30 - 00120320 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll 2016-05-26 13:57 - 2016-04-23 14:30 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll 2016-05-26 13:57 - 2016-04-23 14:29 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll 2016-05-26 13:57 - 2016-04-23 14:29 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll 2016-05-26 13:57 - 2016-04-23 14:29 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filecrypt.sys 2016-05-26 13:57 - 2016-04-23 14:29 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll 2016-05-26 13:57 - 2016-04-23 14:29 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ByteCodeGenerator.exe 2016-05-26 13:57 - 2016-04-23 14:29 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2016-05-26 13:57 - 2016-04-23 14:28 - 00130560 _____ (Microsoft Corporation) C:\WINDOWS\system32\CloudDomainJoinDataModelServer.dll 2016-05-26 13:57 - 2016-04-23 14:28 - 00127488 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll 2016-05-26 13:57 - 2016-04-23 14:28 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\BluetoothApis.dll 2016-05-26 13:57 - 2016-04-23 14:28 - 00051712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wshbth.dll 2016-05-26 13:57 - 2016-04-23 14:27 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidclass.sys 2016-05-26 13:57 - 2016-04-23 14:27 - 00039424 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll 2016-05-26 13:57 - 2016-04-23 14:26 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpdbusenum.dll 2016-05-26 13:57 - 2016-04-23 14:26 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll 2016-05-26 13:57 - 2016-04-23 14:25 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll 2016-05-26 13:57 - 2016-04-23 14:24 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll 2016-05-26 13:57 - 2016-04-23 14:23 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\system32\ListSvc.dll 2016-05-26 13:57 - 2016-04-23 14:23 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\BrowserSettingSync.dll 2016-05-26 13:57 - 2016-04-23 14:23 - 00080896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BluetoothApis.dll 2016-05-26 13:57 - 2016-04-23 14:22 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll 2016-05-26 13:57 - 2016-04-23 14:21 - 00314880 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXTaskFactory.dll 2016-05-26 13:57 - 2016-04-23 14:20 - 00307200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll 2016-05-26 13:57 - 2016-04-23 14:19 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlansec.dll 2016-05-26 13:57 - 2016-04-23 14:19 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BrowserSettingSync.dll 2016-05-26 13:57 - 2016-04-23 14:18 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll 2016-05-26 13:57 - 2016-04-23 14:18 - 00219648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll 2016-05-26 13:57 - 2016-04-23 14:17 - 00337920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wlanmsm.dll 2016-05-26 13:57 - 2016-04-23 14:15 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll 2016-05-26 13:57 - 2016-04-23 14:15 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll 2016-05-26 13:57 - 2016-04-23 14:13 - 00705536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-05-26 13:57 - 2016-04-23 14:07 - 00848896 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-05-26 13:57 - 2016-04-23 14:05 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatepolicy.dll 2016-05-26 13:57 - 2016-04-23 14:05 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\updatepolicy.dll 2016-05-26 13:57 - 2016-04-23 14:03 - 02193408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2016-05-26 13:57 - 2016-04-23 13:45 - 00461824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll 2016-05-26 13:57 - 2016-04-23 12:10 - 00002186 _____ C:\WINDOWS\system32\AppxProvisioning.xml 2016-05-26 13:57 - 2016-04-19 08:30 - 00002186 _____ C:\WINDOWS\SysWOW64\AppxProvisioning.xml 2016-05-26 13:57 - 2016-04-02 14:10 - 00770640 _____ (Microsoft Corporation) C:\WINDOWS\system32\iuilp.dll 2016-05-26 13:57 - 2016-04-02 14:10 - 00374008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettingsAdminFlows.exe 2016-05-26 13:57 - 2016-04-02 13:25 - 00278528 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll 2016-05-26 13:57 - 2016-04-02 13:25 - 00239104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll 2016-05-26 13:57 - 2016-03-29 20:15 - 00100232 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll 2016-05-26 13:57 - 2016-03-29 20:05 - 01152864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys 2016-05-26 13:57 - 2016-03-29 20:02 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll 2016-05-26 13:57 - 2016-03-29 19:25 - 00058400 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll 2016-05-26 13:57 - 2016-03-29 19:18 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys 2016-05-26 13:57 - 2016-03-29 19:11 - 00074424 _____ (Microsoft Corporation) C:\WINDOWS\system32\easinvoker.exe 2016-05-26 13:57 - 2016-03-29 19:10 - 00110584 _____ (Microsoft Corporation) C:\WINDOWS\system32\srvcli.dll 2016-05-26 13:57 - 2016-03-29 19:09 - 00078040 _____ (Microsoft Corporation) C:\WINDOWS\system32\wkscli.dll 2016-05-26 13:57 - 2016-03-29 19:07 - 00081144 _____ (Microsoft Corporation) C:\WINDOWS\system32\netapi32.dll 2016-05-26 13:57 - 2016-03-29 18:41 - 00051128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.dll 2016-05-26 13:57 - 2016-03-29 18:26 - 00073872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srvcli.dll 2016-05-26 13:57 - 2016-03-29 18:25 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wkscli.dll 2016-05-26 13:57 - 2016-03-29 18:23 - 00069744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netapi32.dll 2016-05-26 13:57 - 2016-03-29 18:16 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys 2016-05-26 13:57 - 2016-03-29 18:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll 2016-05-26 13:57 - 2016-03-29 18:07 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll 2016-05-26 13:57 - 2016-03-29 18:07 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenterprisediagnostics.dll 2016-05-26 13:57 - 2016-03-29 18:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsdchngr.dll 2016-05-26 13:57 - 2016-03-29 18:06 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\oleacchooks.dll 2016-05-26 13:57 - 2016-03-29 18:00 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetCfgNotifyObjectHost.exe 2016-05-26 13:57 - 2016-03-29 18:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveskybackup.dll 2016-05-26 13:57 - 2016-03-29 17:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe 2016-05-26 13:57 - 2016-03-29 17:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe 2016-05-26 13:57 - 2016-03-29 17:57 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-05-26 13:57 - 2016-03-29 17:57 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\browcli.dll 2016-05-26 13:57 - 2016-03-29 17:55 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serial.sys 2016-05-26 13:57 - 2016-03-29 17:55 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\tbauth.dll 2016-05-26 13:57 - 2016-03-29 17:54 - 00147456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-05-26 13:57 - 2016-03-29 17:53 - 00116224 _____ (Microsoft Corporation) C:\WINDOWS\system32\FontProvider.dll 2016-05-26 13:57 - 2016-03-29 17:52 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBrokerCookies.exe 2016-05-26 13:57 - 2016-03-29 17:51 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll 2016-05-26 13:57 - 2016-03-29 17:51 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll 2016-05-26 13:57 - 2016-03-29 17:50 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\BdeHdCfgLib.dll 2016-05-26 13:57 - 2016-03-29 17:50 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll 2016-05-26 13:57 - 2016-03-29 17:50 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\OnDemandConnRouteHelper.dll 2016-05-26 13:57 - 2016-03-29 17:50 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll 2016-05-26 13:57 - 2016-03-29 17:49 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll 2016-05-26 13:57 - 2016-03-29 17:46 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\browser.dll 2016-05-26 13:57 - 2016-03-29 17:34 - 00333824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys 2016-05-26 13:57 - 2016-03-29 17:33 - 00174592 _____ (Microsoft Corporation) C:\WINDOWS\system32\easwrt.dll 2016-05-26 13:57 - 2016-03-29 17:30 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll 2016-05-26 13:57 - 2016-03-29 17:21 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll 2016-05-26 13:57 - 2016-03-29 17:20 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll 2016-05-26 13:57 - 2016-03-29 17:20 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wsdchngr.dll 2016-05-26 13:57 - 2016-03-29 17:19 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\oleacchooks.dll 2016-05-26 13:57 - 2016-03-29 17:18 - 00676352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSDApi.dll 2016-05-26 13:57 - 2016-03-29 17:11 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe 2016-05-26 13:57 - 2016-03-29 17:11 - 00061440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-05-26 13:57 - 2016-03-29 17:11 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\browcli.dll 2016-05-26 13:57 - 2016-03-29 17:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tbauth.dll 2016-05-26 13:57 - 2016-03-29 17:08 - 00841216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32spl.dll 2016-05-26 13:57 - 2016-03-29 17:08 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll 2016-05-26 13:57 - 2016-03-29 17:06 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBrokerCookies.exe 2016-05-26 13:57 - 2016-03-29 17:05 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OnDemandConnRouteHelper.dll 2016-05-26 13:57 - 2016-03-29 17:04 - 00103936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Devices.dll 2016-05-26 13:57 - 2016-03-29 17:00 - 00235008 _____ C:\WINDOWS\system32\MTF.dll 2016-05-26 13:57 - 2016-03-29 17:00 - 00176128 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemSettings.DeviceEncryptionHandlers.dll 2016-05-26 13:57 - 2016-03-29 16:59 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll 2016-05-26 13:57 - 2016-03-29 16:53 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\credprovhost.dll 2016-05-26 13:57 - 2016-03-29 16:52 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\easwrt.dll 2016-05-26 13:57 - 2016-03-29 16:42 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll 2016-05-26 13:57 - 2016-03-29 16:39 - 00496128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll 2016-05-26 13:57 - 2016-03-29 16:32 - 00128512 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll 2016-05-26 13:57 - 2016-03-29 16:27 - 00162816 _____ C:\WINDOWS\SysWOW64\MTF.dll 2016-05-26 13:57 - 2016-03-29 16:05 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll 2016-05-26 13:57 - 2016-03-29 15:35 - 00821248 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvewiz.dll 2016-05-26 13:57 - 2016-03-29 15:28 - 00324608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fvecpl.dll 2016-05-26 13:57 - 2016-03-29 15:27 - 00794112 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2016-05-26 13:57 - 2016-03-29 15:26 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2016-05-26 13:57 - 2016-03-29 15:25 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2016-05-26 13:57 - 2016-03-29 15:21 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll 2016-05-25 20:42 - 2016-05-25 20:42 - 00071204 _____ C:\Users\Owner\Documents\South Morang timetable.pdf 2016-05-25 15:52 - 2016-05-25 15:52 - 04243435 _____ C:\Users\Owner\Downloads\[Edward_Steers_Jr.pdf 2016-05-25 15:50 - 2016-05-25 15:50 - 03943453 _____ C:\Users\Owner\Downloads\The_Secret_History_of_Extraterr_-_Len_Kasten.pdf 2016-05-25 15:48 - 2016-05-25 15:48 - 06536862 _____ C:\Users\Owner\Downloads\[Edward_Steers_Jr_converted.epub 2016-05-25 14:49 - 2016-05-25 14:49 - 01332481 _____ C:\Users\Owner\Downloads\My Trip to Mars, the Moon and V - Buck Nelson.pdf 2016-05-25 14:37 - 2016-05-25 14:37 - 47263506 _____ C:\Users\Owner\Downloads\Chinas_Super_Psychics_Paul_Dong_OCR_SD.pdf 2016-05-25 14:37 - 2016-05-25 14:37 - 06532798 _____ C:\Users\Owner\Downloads\[Edward_Steers_Jr.,_Joe_Nickell]_Hoax.epub 2016-05-22 14:09 - 2016-05-22 14:09 - 42042928 _____ (Any-Video-Converter.com ) C:\Users\Owner\Downloads\avc-ultimate.exe 2016-05-22 14:07 - 2016-05-22 14:07 - 00000000 ____D C:\Users\Owner\Documents\Any Video Converter Professional 2016-05-22 12:21 - 2016-05-22 12:22 - 86456696 _____ (WonderShare Software ) C:\Users\Owner\Downloads\dsb_resources.exe 2016-05-20 13:54 - 2016-05-25 14:16 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Audacity 2016-05-20 13:54 - 2016-05-20 13:54 - 00527423 _____ ( ) C:\Users\Owner\Downloads\Lame_v3.99.3_for_Windows.exe 2016-05-20 13:54 - 2016-05-20 13:54 - 00000000 ____D C:\Users\Owner\AppData\Local\Audacity 2016-05-20 13:54 - 2016-05-20 13:54 - 00000000 ____D C:\Program Files (x86)\Lame For Audacity 2016-05-20 13:53 - 2016-05-20 13:54 - 00000000 ____D C:\Program Files (x86)\Audacity 2016-05-20 13:53 - 2016-05-20 13:53 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk 2016-05-20 13:53 - 2016-05-20 13:53 - 00001076 _____ C:\Users\Public\Desktop\Audacity.lnk 2016-05-20 13:52 - 2016-05-20 13:53 - 26496761 _____ (Audacity Team ) C:\Users\Owner\Downloads\audacity-win-2.1.2.exe 2016-05-20 13:50 - 2016-05-20 13:50 - 01239752 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-web (1).exe 2016-05-17 15:18 - 2016-05-17 15:18 - 06220854 _____ C:\Users\Owner\Documents\Italy28.bmp 2016-05-17 13:11 - 2016-05-17 13:11 - 01802739 _____ C:\Users\Owner\Downloads\The Secret History of Extraterr - Len Kasten.epub 2016-05-16 15:57 - 2016-05-16 15:57 - 06220854 _____ C:\Users\Owner\Documents\Italy27.bmp 2016-05-16 15:39 - 2016-06-08 09:45 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton AntiVirus 2016-05-16 15:36 - 2016-05-16 15:36 - 00111344 _____ (Symantec Corporation) C:\WINDOWS\system32\Drivers\SYMEVENT64x86.SYS 2016-05-16 15:36 - 2016-05-16 15:36 - 00008214 _____ C:\WINDOWS\system32\Drivers\SYMEVENT64x86.CAT 2016-05-16 15:36 - 2016-05-16 15:36 - 00002475 _____ C:\Users\Public\Desktop\Norton AntiVirus.LNK 2016-05-16 15:34 - 2016-05-16 15:36 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton AntiVirus 2016-05-16 15:34 - 2016-05-16 15:34 - 00000000 ____D C:\Program Files (x86)\NortonInstaller 2016-05-16 15:34 - 2016-05-16 15:34 - 00000000 ____D C:\Program Files (x86)\Norton AntiVirus 2016-05-16 15:29 - 2016-05-16 15:39 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton Remove and Reinstall 2016-05-16 15:25 - 2016-05-16 15:25 - 00000000 ____D C:\ProgramData\PCSettings 2016-05-16 15:22 - 2016-05-16 15:23 - 09406776 _____ (Symantec Corporation) C:\Users\Owner\Downloads\NRnR.exe 2016-05-16 13:54 - 2016-05-16 13:54 - 00000137 _____ C:\Users\Owner\Desktop\mail.txt 2016-05-16 11:49 - 2016-05-16 13:31 - 00000000 ____D C:\Users\Owner\Documents\Project 2016-05-16 11:39 - 2016-05-24 12:27 - 00000000 ____D C:\Users\Owner\Documents\Simone21 2016-05-16 11:31 - 2016-05-16 11:31 - 00000000 ____D C:\Users\Owner\Documents\Wondershare DVD Slideshow Builder Deluxe 2016-05-16 11:30 - 2016-05-16 11:30 - 00001215 _____ C:\Users\Owner\Desktop\Wondershare DVD Slideshow Builder Deluxe.lnk 2016-05-16 11:30 - 2016-05-16 11:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wondershare 2016-05-16 11:30 - 2014-08-21 18:15 - 02140712 _____ (MainConcept GmbH) C:\WINDOWS\SysWOW64\mcmpgvout.004 2016-05-16 11:30 - 2014-08-21 18:15 - 00531496 _____ (MainConcept GmbH) C:\WINDOWS\SysWOW64\mcmpeg2mux.ax 2016-05-16 11:30 - 2014-08-21 18:15 - 00375848 _____ (MainConcept GmbH) C:\WINDOWS\SysWOW64\mcm2ve.ax 2016-05-16 11:30 - 2014-08-21 18:15 - 00257064 _____ (MainConcept GmbH) C:\WINDOWS\SysWOW64\mcl2ae.ax 2016-05-16 11:30 - 2014-08-21 18:15 - 00244776 _____ (MainConcept GmbH) C:\WINDOWS\SysWOW64\mcmpgaout.dll 2016-05-16 11:30 - 2014-08-21 18:15 - 00020520 _____ (MainConcept GmbH) C:\WINDOWS\SysWOW64\mcmpgvout.dll 2016-05-16 11:29 - 2016-05-16 11:29 - 00814152 _____ C:\Users\Owner\Downloads\dsb_deluxe_setup_full18.exe 2016-05-16 11:29 - 2016-05-16 11:29 - 00000000 ____D C:\Users\Public\Documents\Wondershare 2016-05-16 11:29 - 2016-05-16 11:29 - 00000000 ____D C:\ProgramData\Wondershare 2016-05-16 11:29 - 2016-05-16 11:29 - 00000000 ____D C:\Program Files (x86)\Wondershare 2016-05-16 11:00 - 2016-05-16 11:00 - 00002170 _____ C:\Users\Public\Desktop\ProShow Gold.lnk 2016-05-16 11:00 - 2016-05-16 11:00 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Netscape 2016-05-16 11:00 - 2016-05-16 11:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ProShow Gold 2016-05-16 11:00 - 2016-05-16 11:00 - 00000000 ____D C:\Program Files (x86)\Photodex Presenter 2016-05-16 10:59 - 2016-05-16 10:59 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Photodex 2016-05-16 10:59 - 2016-05-16 10:59 - 00000000 ____D C:\ProgramData\Photodex 2016-05-16 10:59 - 2016-05-16 10:59 - 00000000 ____D C:\Program Files (x86)\Photodex 2016-05-16 10:57 - 2016-05-16 10:57 - 46886656 _____ (Photodex Corporation) C:\Users\Owner\Downloads\psgold_70_3527.exe 2016-05-15 22:27 - 2016-05-15 22:27 - 00001447 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk 2016-05-15 22:27 - 2016-05-15 22:27 - 00001378 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk 2016-05-15 22:27 - 2016-05-15 22:27 - 00000000 ____D C:\WINDOWS\en 2016-05-15 22:26 - 2016-05-15 22:26 - 00000000 ____D C:\Program Files (x86)\Windows Live 2016-05-15 22:26 - 2016-05-15 22:26 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition 2016-05-15 22:26 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll 2016-05-15 22:26 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll 2016-05-15 22:26 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll 2016-05-15 22:26 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll 2016-05-15 22:26 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll 2016-05-15 22:26 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll 2016-05-15 22:26 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll 2016-05-15 22:26 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll 2016-05-15 22:26 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll 2016-05-15 22:26 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll 2016-05-15 22:24 - 2016-05-15 22:29 - 00000000 ____D C:\Users\Owner\AppData\Local\Windows Live 2016-05-15 22:22 - 2016-05-15 22:23 - 01239752 _____ (Microsoft Corporation) C:\Users\Owner\Downloads\wlsetup-web.exe 2016-05-15 13:40 - 2016-05-25 14:16 - 00000000 ____D C:\Users\Owner\Documents\Simone 2016-05-12 09:40 - 2016-05-12 09:40 - 01859224 _____ (Malwarebytes ) C:\Users\Owner\Downloads\mbae-setup-1.08.1.1196.exe ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-06-08 14:07 - 2013-11-03 18:56 - 00000000 ____D C:\Users\Owner\AppData\Local\CrashDumps 2016-06-08 14:01 - 2016-03-29 14:55 - 00000000 ____D C:\WINDOWS\System32\Tasks\Remediation 2016-06-08 14:01 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-06-08 13:59 - 2015-06-18 20:48 - 00000918 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-572258881-633112587-3302369216-1000UA.job 2016-06-08 13:26 - 2013-04-07 21:13 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-06-08 13:21 - 2013-04-08 21:11 - 00000000 ____D C:\Users\Owner\Documents\Outlook Files 2016-06-08 13:20 - 2014-05-31 12:30 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys 2016-06-08 10:14 - 2014-05-31 12:30 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware 2016-06-08 10:04 - 2013-04-07 21:13 - 00002272 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-08 10:04 - 2013-04-07 21:13 - 00002260 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-08 09:18 - 2016-02-29 15:48 - 01022448 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-06-08 09:18 - 2015-10-30 17:21 - 00000000 ____D C:\WINDOWS\INF 2016-06-08 09:13 - 2016-02-29 20:59 - 00000000 __SHD C:\Users\Owner\IntelGraphicsProfiles 2016-06-08 09:12 - 2016-02-29 16:16 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-06-08 09:11 - 2015-10-30 16:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI 2016-06-08 09:10 - 2013-09-13 22:14 - 00000000 ____D C:\AdwCleaner 2016-06-08 08:35 - 2014-03-09 21:30 - 00004150 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{BB702683-FC3C-49B9-8C98-F8A65789E7F4} 2016-06-07 14:33 - 2015-03-06 13:17 - 00000000 ____D C:\Users\Owner\AppData\Local\CutePDF Writer 2016-06-06 20:59 - 2015-06-18 20:48 - 00000866 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-572258881-633112587-3302369216-1000Core.job 2016-06-06 12:34 - 2013-05-31 21:02 - 00021505 _____ C:\Users\Owner\Desktop\New Text Document.txt 2016-06-06 11:00 - 2013-04-07 20:20 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service 2016-06-06 10:49 - 2016-02-29 15:49 - 00000000 ____D C:\Users\Owner 2016-06-06 08:31 - 2014-09-25 21:17 - 00000000 ____D C:\Users\Owner\AppData\Local\ElevatedDiagnostics 2016-06-05 22:13 - 2013-05-23 21:26 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk 2016-06-05 21:58 - 2014-09-04 20:33 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Azureus 2016-06-05 21:15 - 2014-07-04 20:57 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Dropbox 2016-06-05 20:59 - 2015-10-30 17:24 - 00000000 ___HD C:\Program Files\WindowsApps 2016-06-03 22:17 - 2015-11-01 15:24 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk 2016-06-03 17:15 - 2014-10-26 13:49 - 00000000 ____D C:\Password Safe 2016-06-03 17:07 - 2014-10-26 13:53 - 00000000 ____D C:\Users\Owner\AppData\Local\PasswordSafe 2016-06-03 15:48 - 2015-09-26 12:09 - 00000000 ____D C:\Users\Owner\Downloads\eBooks 2016-06-03 14:08 - 2014-02-11 20:32 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable) 2016-06-03 13:21 - 2014-02-11 20:31 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys 2016-06-03 10:12 - 2014-12-07 14:37 - 00000000 ____D C:\Program Files (x86)\Vuze 2016-06-02 12:17 - 2015-10-30 16:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM 2016-05-30 11:40 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\rescache 2016-05-28 11:20 - 2015-10-30 17:11 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-05-28 11:09 - 2016-02-29 16:25 - 00000000 __RHD C:\Users\Public\AccountPictures 2016-05-28 11:06 - 2016-02-29 15:42 - 00237656 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-05-27 22:22 - 2015-10-30 19:07 - 00000000 ____D C:\Program Files\Windows Journal 2016-05-27 22:22 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns 2016-05-27 22:22 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\oobe 2016-05-27 22:22 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\system32\appraiser 2016-05-27 22:22 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\Provisioning 2016-05-27 22:22 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2016-05-27 22:22 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\bcastdvr 2016-05-27 22:21 - 2015-10-30 17:24 - 00015703 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml 2016-05-26 15:04 - 2013-08-14 21:46 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-05-26 14:47 - 2013-04-06 21:49 - 139319312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-05-25 21:56 - 2014-07-04 21:02 - 00000000 ___RD C:\Users\Owner\Dropbox 2016-05-23 14:00 - 2013-05-22 15:37 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Canon 2016-05-22 13:03 - 2013-04-07 12:32 - 00000000 ____D C:\Users\Owner\AppData\Roaming\vlc 2016-05-18 21:35 - 2016-02-29 19:32 - 00002401 _____ C:\Users\Owner\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk 2016-05-18 21:35 - 2016-02-29 19:32 - 00000000 ___RD C:\Users\Owner\OneDrive 2016-05-18 21:12 - 2013-10-09 18:58 - 00000000 ____D C:\Program Files\Recuva 2016-05-17 14:13 - 2014-09-04 20:33 - 00000000 ____D C:\Users\Owner\Documents\Vuze Downloads 2016-05-17 12:49 - 2014-11-15 13:55 - 00000000 ____D C:\Users\Owner\Downloads\GrabIt Downloads 2016-05-16 15:36 - 2016-03-29 14:50 - 00003390 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration 2016-05-16 15:36 - 2013-04-06 20:43 - 00000000 ____D C:\Program Files\Common Files\Symantec Shared 2016-05-16 15:34 - 2013-04-06 20:34 - 00000000 ____D C:\ProgramData\Norton 2016-05-16 11:00 - 2013-04-07 20:20 - 00000000 ____D C:\Users\Owner\AppData\Roaming\Mozilla 2016-05-16 09:36 - 2013-09-29 15:22 - 00008704 _____ C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2016-05-13 16:20 - 2014-08-20 21:22 - 00000000 ____D C:\ProgramData\Malwarebytes Anti-Exploit 2016-05-13 16:19 - 2015-10-30 17:24 - 00000000 ____D C:\WINDOWS\System 2016-05-12 08:35 - 2015-05-18 14:00 - 00003972 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task 2016-05-12 05:57 - 2015-10-30 17:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-05-12 05:57 - 2015-10-30 17:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-05-11 09:21 - 2013-04-07 21:13 - 00003982 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA 2016-05-11 09:21 - 2013-04-07 21:13 - 00003750 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore 2016-05-11 09:21 - 2013-04-07 21:13 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-05-09 18:44 - 2016-03-30 18:30 - 00000000 ____D C:\Users\Simone\AppData\Local\Packages 2016-05-09 18:42 - 2016-03-30 18:30 - 00000000 __SHD C:\Users\Simone\IntelGraphicsProfiles ==================== Files in the root of some directories ======= 2015-05-04 13:10 - 2015-05-04 20:40 - 0000115 _____ () C:\Users\Owner\AppData\Roaming\LogFile.txt 2013-09-15 13:26 - 2013-09-15 13:26 - 4412624 _____ () C:\Users\Owner\AppData\Local\ASbs.ac 2013-09-29 15:22 - 2016-05-16 09:36 - 0008704 _____ () C:\Users\Owner\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini 2014-10-05 15:16 - 2014-10-05 15:16 - 0000093 _____ () C:\Users\Owner\AppData\Local\fusioncache.dat 2015-04-30 15:20 - 2015-04-30 15:20 - 0000017 _____ () C:\Users\Owner\AppData\Local\resmon.resmoncfg Some files in TEMP: ==================== C:\Users\Owner\AppData\Local\Temp\libeay32.dll C:\Users\Owner\AppData\Local\Temp\msvcr120.dll C:\Users\Owner\AppData\Local\Temp\NOSEventMessages.dll C:\Users\Owner\AppData\Local\Temp\sqlite3.dll ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2016-05-31 15:17 ==================== End of FRST.txt ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 8, 2016 Root Admin ID:1044263 Share Posted June 8, 2016 Can you please attach the ADDITIONS.TXT log for review. Link to post Share on other sites More sharing options...
sspm Posted June 8, 2016 Author ID:1044285 Share Posted June 8, 2016 Additional scan result of Farbar Recovery Scan Tool (x64) Version:01-06-2016 Ran by Owner (2016-06-03 12:57:38) Running from C:\Users\Owner\Downloads Windows 10 Home Version 1511 (X64) (2016-02-29 06:21:54) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-572258881-633112587-3302369216-500 - Administrator - Disabled) ASPNET (S-1-5-21-572258881-633112587-3302369216-1007 - Limited - Enabled) DefaultAccount (S-1-5-21-572258881-633112587-3302369216-503 - Limited - Disabled) Guest (S-1-5-21-572258881-633112587-3302369216-501 - Limited - Disabled) Monique (S-1-5-21-572258881-633112587-3302369216-1004 - Limited - Enabled) => C:\Users\Monique Owner (S-1-5-21-572258881-633112587-3302369216-1000 - Administrator - Enabled) => C:\Users\Owner Paula (S-1-5-21-572258881-633112587-3302369216-1005 - Limited - Enabled) => C:\Users\Paula Simone (S-1-5-21-572258881-633112587-3302369216-1003 - Limited - Enabled) => C:\Users\Simone ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Norton AntiVirus (Enabled - Up to date) {53C7D717-52E2-B95E-FA61-6F32ECC805DB} AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Norton AntiVirus (Enabled - Up to date) {E8A636F3-74D8-B6D0-C0D1-5440974F4F66} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 4Videosoft 3D Converter 5.1.16 (HKLM-x32\...\{8C9467CB-02EF-4948-B1F3-725EEFA6D571}_is1) (Version: - ) Active@ Hard Disk Monitor (HKLM-x32\...\{1C42D474-BDBD-4200-829D-28246879365D}) (Version: 3.1.6 - LSoft Technologies Inc) Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated) Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.242 - Adobe Systems Incorporated) Adobe Photoshop CS2 (HKLM-x32\...\Adobe Photoshop CS2 - {236BB7C4-4419-42FD-0409-1E257A25E34D}) (Version: 9.0 - Adobe Systems, Inc.) Adobe Photoshop Lightroom 4.4 64-bit (HKLM\...\{11A955CD-4398-405A-886D-E464C3618FBF}) (Version: 4.4.1 - Adobe) Amazon 1Button App (HKLM-x32\...\{B6DCCCD3-520D-4485-B642-FCC136CE12C3}) (Version: 2.3.4 - Amazon) <==== ATTENTION Any Video Converter 5.0.9 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com) Apple Application Support (HKLM-x32\...\{78002155-F025-4070-85B3-7C0453561701}) (Version: 3.0.6 - Apple Inc.) Apple Mobile Device Support (HKLM\...\{B678797F-DF38-4556-8A31-8B818E261868}) (Version: 8.0.0.23 - Apple Inc.) Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.) Audacity 2.1.2 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.2 - Audacity Team) BitPim 1.0.7 (HKLM-x32\...\{FA61D601-A0FC-48BD-AE7A-54946BCD7FB6}_is1) (Version: 1.0.7 - Joe Pham <djpham@bitpim.org>) Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.) Canon MOV Encoder (HKLM-x32\...\Canon MOV Encoder) (Version: 1.3.1.3 - Canon Inc.) Canon MovieEdit Task for ZoomBrowser EX (HKLM-x32\...\MovieEditTask) (Version: 3.4.1.9 - Canon Inc.) Canon MP Navigator 2.0 (HKLM-x32\...\MP Navigator 2.0) (Version: - ) Canon MP500 (HKLM\...\{BA4DF4C3-196E-4128-969A-00996B5A46F8}) (Version: - ) Canon Utilities CameraWindow DC 8 (HKLM-x32\...\CameraWindowDC) (Version: 8.8.0.17 - Canon Inc.) Canon Utilities Digital Photo Professional 3.8 (HKLM-x32\...\DPP) (Version: 3.8.1.0 - Canon Inc.) Canon Utilities EOS Utility (HKLM-x32\...\EOS Utility) (Version: 2.8.1.0 - Canon Inc.) Canon Utilities PhotoStitch (HKLM-x32\...\PhotoStitch) (Version: 3.1.22.46 - Canon Inc.) Canon Utilities Picture Style Editor (HKLM-x32\...\Picture Style Editor) (Version: 1.7.0.0 - Canon Inc.) Canon Utilities WFT Utility (HKLM-x32\...\WFTK) (Version: 3.5.1.1 - Canon Inc.) Canon Utilities ZoomBrowser EX (HKLM-x32\...\ZoomBrowser EX) (Version: 6.5.1.15 - Canon Inc.) Canon ZoomBrowser EX Memory Card Utility (HKLM-x32\...\ZoomBrowser EX Memory Card Utility) (Version: 1.3.0.4 - Canon Inc.) CCleaner (HKLM\...\CCleaner) (Version: 5.16 - Piriform) CrystalDiskInfo 3.10.0 (HKLM-x32\...\CrystalDiskInfo_is1) (Version: 3.10.0 - Crystal Dew World) CutePDF Writer 3.0 (HKLM\...\CutePDF Writer Installation) (Version: 3.0 - Acro Software Inc.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Data Lifeguard Diagnostic for Windows 1.27 (HKLM-x32\...\{519C4DB6-B53B-4F5C-8297-89B2BE949FA5}_is1) (Version: - Western Digital Corporation) Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform) DiskCheckup v3.2 (HKLM-x32\...\DiskCheckup_is1) (Version: 3.2.1000 - PassMark Software) Dropbox (HKU\S-1-5-21-572258881-633112587-3302369216-1000\...\Dropbox) (Version: 3.20.1 - Dropbox, Inc.) EPUB Converter 3.6.7 (HKLM-x32\...\{B93E585D-4A34-43F2-B0AC-33578DD28234}) (Version: 3.6.7 - AniceSoft) e-tax 2013 (HKLM-x32\...\{FFF14233-FE39-4671-A38E-76FD8F24A879}) (Version: 0.10.558 - Australian Taxation Office) e-tax 2014 (HKLM-x32\...\{42D5C0B2-A309-4F84-9BD7-5DDDFE6C09E1}) (Version: 2.10.788 - Australian Taxation Office) e-tax 2015 (HKLM-x32\...\{9D19C250-CE9A-4BF0-91C8-031665D54D16}) (Version: 2.10.541 - Australian Taxation Office) EVEREST Home Edition v2.20 (HKLM-x32\...\EVEREST Home Edition_is1) (Version: 2.20 - Lavalys Inc) Fotosizer 2.09 (HKLM-x32\...\Fotosizer) (Version: 2.09.0.548 - Fotosizer.com) Free YouTube Downloader 3.5.136 (HKLM-x32\...\{A7E19604-93AF-4611-8C9F-CE509C2B286F}_is1) (Version: - HOW Inc.) FreeFileSync 7.6 (HKLM-x32\...\FreeFileSync_is1) (Version: 7.6 - www.FreeFileSync.org) Google Chrome (HKLM-x32\...\Google Chrome) (Version: 50.0.2661.102 - Google Inc.) Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google) Google Earth Plug-in (HKLM-x32\...\{4AB54F11-2F8C-11E3-B09F-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google) Google Toolbar for Internet Explorer (HKLM-x32\...\{2318C2B1-4965-11d4-9B18-009027A5CD4F}) (Version: 7.5.7619.1252 - Google Inc.) Google Toolbar for Internet Explorer (x32 Version: 1.0.0 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Google+ Auto Backup (HKLM-x32\...\{A50DE037-B5C0-4C8A-8049-B0C576B313D1}) (Version: 1.0.21.81 - Google) GrabIt 1.7.3 Beta (build 1010) (HKLM-x32\...\GrabIt_is1) (Version: - Ilan Shemes) GSmartControl (HKLM-x32\...\GSmartControl) (Version: 0.8.7 - Alexander Shaduri) IBM Notes 9.0.1 Social Edition (HKLM-x32\...\{FFEBEBC7-7761-4D1F-9C7C-562EA3752590}) (Version: 9.01.13293 - IBM) Image Composite Editor (HKLM\...\{92AB5708-1AAA-4B1B-A8D5-45CF3AD77519}) (Version: 2.0.3 - Microsoft Corporation) ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!) InfraRecorder (HKLM-x32\...\InfraRecorder) (Version: - Christian Kindahl) Inquisit 4 Web Player (HKLM\...\{E8620E4B-8567-4E07-8CDB-8432054BD5B2}) (Version: 4.0.8.0 - Millisecond Software) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.15.1730 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.2817 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) Intel(R) Smart Connect Technology 3.0 x64 (HKLM\...\{EE21578E-DE14-46D5-83D7-EA4D347B2F9A}) (Version: 3.0.30.1526 - Intel) Internet Explorer (Enable DEP) (HKLM\...\{a9264802-8a7a-40fe-a135-5c6d204aed7a}.sdb) (Version: - ) iTunes (HKLM\...\{F46AA0F1-E284-4878-A462-5F11B9166C0E}) (Version: 11.4.0.18 - Apple Inc.) Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation) LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version: - ) Lotto Pro (HKLM-x32\...\Lotto Pro) (Version: - Data Solutions) Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes) Map Maker Sun Clock 7 (HKLM-x32\...\Map Maker Sun Clock 7) (Version: - Map Maker Ltd) Microsoft .NET Framework 1.1 (HKLM-x32\...\{CB2F7EDD-9D1F-43C1-90FC-4F52EAE172A1}) (Version: 1.1.4322 - Microsoft) Microsoft Office Professional Plus 2010 (HKLM\...\Office14.PROPLUSR) (Version: 14.0.7015.1000 - Microsoft Corporation) Microsoft RichCopy 4.0 (HKLM-x32\...\{86F4F32B-77C7-4951-B33C-05D41A8190C1}) (Version: 4.0.216 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Sync Framework 2.0 Core Components (x64) ENU (HKLM\...\{8CCBEC22-D2DB-4DC9-A58A-E1A1F3A38C8A}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Sync Framework 2.0 Provider Services (x64) ENU (HKLM\...\{03AC245F-4C64-425C-89CF-7783C1D3AB2C}) (Version: 2.0.1578.0 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{7299052b-02a4-4627-81f2-1818da5d550d}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation) Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.4148 (HKLM\...\{4B6C7001-C7D6-3710-913E-5BC23FCE91E6}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation) Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation) Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden Mozilla Firefox 46.0.1 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 46.0.1 (x86 en-US)) (Version: 46.0.1 - Mozilla) Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 46.0.1.5966 - Mozilla) MSVC80_x64_v2 (Version: 1.0.3.0 - Nokia) Hidden MSVC80_x86_v2 (x32 Version: 1.0.3.0 - Nokia) Hidden MSVC90_x64 (Version: 1.0.1.2 - Nokia) Hidden MSVC90_x86 (x32 Version: 1.0.1.2 - Nokia) Hidden MSXML 4.0 SP2 (KB954430) (HKLM-x32\...\{86493ADD-824D-4B8E-BD72-8C5DCDC52A71}) (Version: 4.20.9870.0 - Microsoft Corporation) MSXML 4.0 SP2 (KB973688) (HKLM-x32\...\{F662A8E6-F4DC-41A2-901E-8C11F044BDEC}) (Version: 4.20.9876.0 - Microsoft Corporation) MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation) MyHeritage Family Tree Builder (HKLM-x32\...\Family Tree Builder) (Version: 7.0.0.7128 - MyHeritage.com) Nokia Connectivity Cable Driver (HKLM-x32\...\{29373274-977E-413C-A4DE-DC0F8E80C429}) (Version: 7.1.172.0 - Nokia) Nokia Suite (HKLM-x32\...\Nokia Suite) (Version: 3.8.54.0 - Nokia) Nokia Suite (x32 Version: 3.8.54.0 - Nokia) Hidden Norton AntiVirus (HKLM-x32\...\NAV) (Version: 22.6.0.142 - Symantec Corporation) NSF Viewer Tool 2.2 (HKLM-x32\...\NSF Viewer Tool_is1) (Version: - Recovery Toolbox, Inc.) PC Connectivity Solution (HKLM-x32\...\{6D01D1B1-17BD-4F10-BB11-F08F0C47D42B}) (Version: 12.0.109.0 - Nokia) Photodex Presenter (HKLM-x32\...\Photodex Presenter) (Version: - Photodex Corporation) PhotoSync (HKLM\...\{CECDB976-FC3E-49E1-8A47-DF447D8B4DBC}) (Version: 3.0.7 - touchbyte GmbH) Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9 - Google, Inc.) ProShow Gold (HKLM-x32\...\ProShow Gold) (Version: - Photodex Corporation) Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.53.216.2012 - Realtek) Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6657 - Realtek Semiconductor Corp.) Recuva (HKLM\...\Recuva) (Version: 1.52 - Piriform) Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group) Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.16035.2 - Samsung Electronics Co., Ltd.) Samsung Kies3 (x32 Version: 3.2.16035.2 - Samsung Electronics Co., Ltd.) Hidden Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{91140000-0011-0000-1000-0000000FF1CE}_Office14.PROPLUSR_{A3364707-2F53-4C83-8F68-C9877A9080C7}) (Version: - Microsoft) Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version: - Microsoft) Hidden ShutDown After 3.0 (HKLM-x32\...\ShutDown After_is1) (Version: - Vicky's Cool Softwares) SIM Manager (HKLM-x32\...\{90A5E41B-072E-49F9-816E-87071211367F}) (Version: 3.3.0 - Dekart) Stellar Phoenix Photo Recovery (HKLM-x32\...\Stellar Phoenix Photo Recovery_is1) (Version: 6.0.0.0 - Stellar Information Technology Pvt Ltd.) Stellarium 0.13.3 (HKLM\...\Stellarium_is1) (Version: 0.13.3 - Stellarium team) SyncToy 2.1 (x64) (HKLM\...\{88DAAF05-5A72-46D2-A7C5-C3759697E943}) (Version: 2.1.0 - Microsoft) SysTools Export Notes (HKLM-x32\...\SysTools® Export Notes v7.6 - DEMO Version_is1) (Version: - ) VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN) Windows Driver Package - Dekart (DEKART38) SmartCardReader (08/08/2011 1.1.6.1) (HKLM\...\8D434570B215F4E7650A004193A770DC9BD6DB58) (Version: 08/08/2011 1.1.6.1 - Dekart) Windows Driver Package - Nokia pccsmcfd LegacyDriver (05/31/2012 7.1.2.0) (HKLM\...\62BBD193ADFDBB228C7E1ADB56463F5732FF7F6F) (Version: 05/31/2012 7.1.2.0 - Nokia) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation) Windows Media Encoder 9 Series (HKLM-x32\...\Windows Media Encoder 9) (Version: - ) WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH) Wondershare DVD Slideshow Builder Deluxe(Build 6.5.1.1) (HKLM-x32\...\Wondershare DVD Slideshow Builder Deluxe_is1) (Version: 6.5.1.1 - Wondershare Software Co.,Ltd.) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-572258881-633112587-3302369216-1000_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-572258881-633112587-3302369216-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\FileCoAuth.exe (Microsoft Corporation) CustomCLSID: HKU\S-1-5-21-572258881-633112587-3302369216-1000_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation) CustomCLSID: HKU\S-1-5-21-572258881-633112587-3302369216-1000_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-572258881-633112587-3302369216-1000_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-572258881-633112587-3302369216-1000_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-572258881-633112587-3302369216-1000_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-572258881-633112587-3302369216-1000_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-572258881-633112587-3302369216-1000_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-572258881-633112587-3302369216-1000_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-572258881-633112587-3302369216-1000_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-572258881-633112587-3302369216-1000_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) CustomCLSID: HKU\S-1-5-21-572258881-633112587-3302369216-1000_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Owner\AppData\Roaming\Dropbox\bin\DropboxExt64.34.dll (Dropbox, Inc.) ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {00BDB657-9A9B-4295-A972-BEA7F8563695} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe Task: {01E9D777-DC4F-4C7F-AF9F-8EB8D5E0D8F7} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe Task: {0289F9EF-5C5A-44F1-B93F-A0E23A9EFCDD} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION Task: {05110B89-A28A-47DE-8A56-74D52EC5C8DC} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe Task: {0973E839-3643-44FF-AE81-D4FF91891DA1} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe Task: {1429BED2-DBBD-42BD-B28E-B1B89B5971E1} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {232D38B4-4C29-4D9D-9DB1-74D1A55CBE28} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION Task: {28D74EE8-129E-406B-9C7E-3A444A34B929} - System32\Tasks\Norton AntiVirus\Norton Error Analyzer => C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\SymErr.exe [2016-02-11] (Symantec Corporation) Task: {29841371-22C8-4823-820C-7EFA7B971543} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe Task: {30FA76E0-6274-4B23-9F39-A0624B41D4A3} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION Task: {3589973D-2CBA-4D63-AFC7-1C97AFAD9D23} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe Task: {3B93BC5E-9910-4E38-8554-29763CAF83D4} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION Task: {3CBEBE58-6A7F-44AB-8B91-D5CF3F303869} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe Task: {3CF0397B-72CB-46C5-ABB8-CDAB41AFA554} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated) Task: {3E2DACAB-4FF5-45DB-851A-E3229B3D7240} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeReminderTime -> No File <==== ATTENTION Task: {42C6A0D1-2173-4BCA-B651-EF062F366C78} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe Task: {4F3EC56B-B5F4-45F6-B2D8-EFAAB7905327} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe Task: {5500B033-DDE4-4B24-8206-25EA6D49F939} - System32\Tasks\Norton AntiVirus\Norton Autofix => C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\SymErr.exe [2016-02-11] (Symantec Corporation) Task: {5C0A69BD-E82E-4A7C-BB92-9F8FC32F4D68} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION Task: {5F23F676-B290-42D0-B096-31EAEBE4D5E1} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe Task: {62496F5F-6536-42D9-904D-BA64786D2F0A} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-572258881-633112587-3302369216-1000UA => C:\Users\Owner\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.) Task: {65B12394-C3B4-4AD6-88D2-5D185B596F8E} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {6785A5B2-88D0-44F7-AD82-3F305D05BA5A} - \Microsoft\Windows\Setup\GWXTriggers\ScheduleUpgradeTime -> No File <==== ATTENTION Task: {69152EEF-5647-4E5C-8BF7-E717F58DCBA1} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {6A4DA622-3F37-4B35-A895-F3A436FF6D75} - System32\Tasks\Norton AntiVirus\Norton Error Processor => C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\SymErr.exe [2016-02-11] (Symantec Corporation) Task: {6C965227-DAEE-4A21-8895-FAECA86BF0D8} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe Task: {6E81B8AF-A0E0-4E47-A34F-163FDD416DD2} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe Task: {71147707-244D-493F-A5E0-9A3DA28AE3E9} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe Task: {716D6BAF-185D-4BC7-BB04-0D01C8D74ADF} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION Task: {799C14BB-3DD4-4FF7-A271-374AC680EBA1} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe Task: {7B8F61A0-2062-4D24-BB4A-FFC2F3606027} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton AntiVirus\Upgrade.exe [2016-02-26] (Symantec Corporation) Task: {808E5E45-D242-4503-BA27-14030ED5696F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.) Task: {82EDDBE0-972D-4459-B805-52330994F130} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {95EC4524-5912-449F-A37B-5DAF400FDC91} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe Task: {9B496568-D3CA-4305-8EA2-C487E8BC68AC} - System32\Tasks\{AFA3BC53-6877-4969-8813-AB7344DABA7B} => pcalua.exe -a C:\Users\Owner\Downloads\dmf_pro7_tbyb_e_esd1.exe -d C:\Users\Owner\Desktop Task: {A71CF5F7-5E60-45F4-A944-5B5619EDEB7D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.) Task: {A8281946-DD6C-4437-8054-36EA05B19A23} - System32\Tasks\{535361FE-0F58-445C-AF00-D35240613689} => pcalua.exe -a "C:\Program Files (x86)\Windows Lotto Pro 2000\WiseUpdt.exe" Task: {ABFBA37E-729D-44B7-A87D-4B30AAF0680A} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-03-12] (Piriform Ltd) Task: {AFB56E70-CE51-4FFE-8345-58C9FD4214B6} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe Task: {B1D1FF78-2177-4651-BBF3-3AA334386AAC} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe Task: {BE36B91B-D8C5-4DFF-AFBB-5E7CFB663794} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION Task: {C39F2B05-5508-4387-AE28-17D7B81C0B4A} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION Task: {C5B392A8-0F5B-4F79-A5C6-D95C01CB062F} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe Task: {C81B772F-4DFD-4BD3-9E59-4E2FA5D29D37} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-572258881-633112587-3302369216-1000Core => C:\Users\Owner\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-18] (Dropbox, Inc.) Task: {CB038687-E3DF-463E-B73B-20D8A73B61D6} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe Task: {DE073487-7131-4AD8-9207-EFE924851AA2} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION Task: {E7CE620C-CE01-4C59-BAA8-6F0890546EC8} - System32\Tasks\Norton WSC Integration => C:\Program Files (x86)\Norton AntiVirus\Engine\22.6.0.142\WSCStub.exe [2016-02-26] (Symantec Corporation) Task: {E9FCE959-964F-4CC5-85D4-BD93DFFE8C57} - System32\Tasks\{88F30199-EC9E-4689-B086-D5D8B791848F} => pcalua.exe -a C:\Users\Owner\Downloads\m6C19MUx.exe -d C:\Users\Owner\Desktop Task: {F4FD7B2E-BE33-460C-A58E-AE5EAC5AE6F4} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {F6F20F95-6885-47CE-AD7B-6FBF0A4E859E} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION Task: {FC966BBE-A707-4EBB-831A-D048735CA310} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe Task: {FED76883-7FED-4971-9C8B-2E464107BD04} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-572258881-633112587-3302369216-1000Core.job => C:\Users\Owner\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-572258881-633112587-3302369216-1000UA.job => C:\Users\Owner\AppData\Local\Dropbox\Update\DropboxUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-10-30 17:18 - 2015-10-30 17:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll 2015-03-06 13:16 - 2013-10-23 14:24 - 00087600 _____ () C:\WINDOWS\System32\cpwmon64.dll 2016-05-16 10:59 - 2016-05-16 10:59 - 00186760 _____ () C:\Program Files (x86)\Photodex\ProShow Gold\ScsiAccess.exe 2016-05-26 13:59 - 2016-03-29 20:20 - 02656952 _____ () C:\WINDOWS\system32\CoreUIComponents.dll 2016-04-19 12:04 - 2016-04-19 12:05 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeHost.exe 2016-05-26 13:59 - 2016-03-29 20:20 - 02656952 _____ () C:\WINDOWS\System32\CoreUIComponents.dll 2016-05-18 21:35 - 2016-05-18 21:35 - 00959168 _____ () C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\amd64\ClientTelemetry.dll 2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF 2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll 2016-03-01 10:34 - 2016-03-01 10:34 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll 2016-05-26 13:59 - 2016-04-23 14:25 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll 2016-05-26 13:58 - 2016-04-23 14:02 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll 2016-05-26 13:58 - 2016-04-23 13:58 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll 2016-05-26 13:58 - 2016-04-23 13:58 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll 2016-05-26 13:58 - 2016-04-23 14:01 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll 2013-09-04 23:17 - 2013-09-04 23:17 - 04300456 _____ () C:\Program Files\Common Files\Microsoft Shared\office14\Cultures\office.odf 2015-11-11 01:49 - 2015-11-11 01:49 - 01557160 _____ () C:\Program Files\Microsoft Office\Office14\ADDINS\UmOutlookAddin.dll 2014-07-31 12:16 - 2014-07-31 12:16 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll 2014-07-31 12:16 - 2014-07-31 12:16 - 01044776 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll 2016-04-19 12:04 - 2016-04-19 12:05 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll 2016-04-19 12:04 - 2016-04-19 12:05 - 22284800 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.15.20002.0_x86__8wekyb3d8bbwe\SkyWrap.dll 2014-11-19 12:48 - 2014-11-19 12:48 - 08507232 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtGui4.dll 2014-11-19 12:48 - 2014-11-19 12:48 - 02354016 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtCore4.dll 2014-11-19 12:48 - 2014-11-19 12:48 - 01014624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtNetwork4.dll 2014-11-19 12:48 - 2014-11-19 12:48 - 02480992 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtDeclarative4.dll 2014-11-19 12:48 - 2014-11-19 12:48 - 00364384 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXml4.dll 2014-11-19 12:48 - 2014-11-19 12:48 - 01346912 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtScript4.dll 2014-11-19 12:48 - 2014-11-19 12:48 - 00206176 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtSql4.dll 2014-11-19 12:48 - 2014-11-19 12:48 - 02653024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtXmlPatterns4.dll 2014-11-19 12:48 - 2014-11-19 12:48 - 00033120 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qgif4.dll 2014-11-19 12:48 - 2014-11-19 12:48 - 00035680 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qico4.dll 2014-11-19 12:48 - 2014-11-19 12:48 - 00207200 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\imageformats\qjpeg4.dll 2014-11-19 12:48 - 2014-11-19 12:48 - 11166560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtWebKit4.dll 2014-11-19 12:48 - 2014-11-19 12:48 - 00276832 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\phonon4.dll 2014-11-11 10:21 - 2014-11-11 10:21 - 00392552 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\ssoengine.dll 2014-11-11 10:21 - 2014-11-11 10:21 - 00059752 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\securestorage.dll 2014-11-19 12:48 - 2014-11-19 12:48 - 00446304 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\sqldrivers\qsqlite4.dll 2014-11-19 12:48 - 2014-11-19 12:48 - 00520544 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtMultimediaKit1.dll 2014-11-19 12:48 - 2014-11-19 12:48 - 00720736 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\QtOpenGL4.dll 2014-11-19 12:46 - 2014-11-19 12:46 - 00606560 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\CommonUpdateChecker.dll 2014-11-19 12:48 - 2014-11-19 12:48 - 00093024 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\qjson.dll 2014-11-19 12:47 - 2014-11-19 12:47 - 00438624 _____ () C:\Program Files (x86)\Nokia\Nokia Suite\NService.dll 2016-05-18 21:35 - 2016-05-18 21:35 - 00679624 _____ () C:\Users\Owner\AppData\Local\Microsoft\OneDrive\17.3.6390.0509\ClientTelemetry.dll 2014-03-27 14:03 - 2013-09-17 02:20 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\TEMP:1F8C9007 [362] AlternateDataStreams: C:\ProgramData\TEMP:39413AC3 [117] AlternateDataStreams: C:\ProgramData\TEMP:F0D7EE30 [118] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) IE trusted site: HKU\.DEFAULT\...\amazon.com -> hxxps://amazon.com IE trusted site: HKU\S-1-5-21-572258881-633112587-3302369216-1000\...\amazon.com -> hxxps://amazon.com ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2009-07-14 12:34 - 2009-06-11 07:00 - 00000824 ____N C:\WINDOWS\system32\Drivers\etc\hosts ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-572258881-633112587-3302369216-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Owner\Documents\Italy17.bmp DNS Servers: 192.168.178.1 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "Family Tree Builder Update" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808 FirewallRules: [{8F5B36EA-BE03-4D21-95B8-2497F0CC6FDA}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{5BD38DE4-7010-41C7-A425-26D606E83A80}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{B393ABFD-9D9D-46EE-97AD-B3C85EAE48F1}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsd6905.tmp\Installer-10687648.exe FirewallRules: [{E245D3D2-7956-4F61-932F-AC2C03D89B22}] => (Allow) C:\Users\Owner\AppData\Local\Temp\nsd6905.tmp\Installer-10687648.exe FirewallRules: [{F74CE23E-B36E-4EFE-96C4-6B11D25B2162}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{846FEA0C-A25E-477E-9E93-27409E06679B}] => (Allow) C:\Windows\SysWOW64\muzapp.exe FirewallRules: [{DA6EA16D-B1C3-4009-8278-3D80C6C7F21C}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe FirewallRules: [{4690C142-F928-413E-82FE-E620E30716B3}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe FirewallRules: [{19A72421-0882-47F8-8AF1-A564E3A01AA4}] => (Allow) C:\Program Files (x86)\Common Files\nokia\service layer\a\nsl_host_process.exe FirewallRules: [{0C70A326-EFD7-4371-AB45-7680A15342E2}] => (Allow) C:\Program Files (x86)\nokia\nokia suite\nokiasuite.exe FirewallRules: [UDP Query User{76617A0E-5AF9-49B1-9DD6-5728B7077454}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [TCP Query User{1C2A39CD-D68C-4854-9B31-D6EA011FB896}C:\program files (x86)\mozilla firefox\firefox.exe] => (Allow) C:\program files (x86)\mozilla firefox\firefox.exe FirewallRules: [{C1659E6B-CFD4-414E-A303-0B7088CFC8CE}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{3F41B6C1-7A46-4801-8088-57F89A75C88C}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe FirewallRules: [{F0E20FFA-A8B7-4F53-A13C-B55B284C583A}] => (Allow) C:\Program Files (x86)\iTunes\iTunes.exe FirewallRules: [{767F80CD-25C9-456B-BB6D-B5C61F0D7215}] => (Allow) C:\Windows\System32\wuapp.exe FirewallRules: [{CC17AE1A-4A54-48B6-812D-829F61F6F542}] => (Allow) C:\Windows\System32\wuapp.exe FirewallRules: [{B9D0256C-A421-46D7-A829-6D962881BA24}] => (Allow) C:\Windows\System32\wuapp.exe FirewallRules: [{244AE38E-9977-4573-A089-5EB13CAB561F}] => (Allow) C:\Windows\System32\wuapp.exe FirewallRules: [{C84BAE0C-8AC6-49C3-9A5A-CDA1B9326587}] => (Allow) C:\Program Files (x86)\4Videosoft Studio\4Videosoft 3D Converter\4Videosoft 3D Converter.exe FirewallRules: [{80864AA9-42E0-4DC7-B42E-107410D5944E}] => (Allow) C:\Program Files (x86)\4Videosoft Studio\4Videosoft 3D Converter\4Videosoft 3D Converter.exe FirewallRules: [{89740D62-D44A-485B-9DFF-A7927C1660CA}] => (Allow) C:\Program Files (x86)\4Videosoft Studio\4Videosoft 3D Converter\4Videosoft 3D Converter.exe FirewallRules: [{428E0413-17E8-4148-9AA2-31338C22776D}] => (Allow) C:\Program Files (x86)\4Videosoft Studio\4Videosoft 3D Converter\4Videosoft 3D Converter.exe FirewallRules: [UDP Query User{3C11B02E-E28D-4C64-9F83-26F529044D64}C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [TCP Query User{E4C596E1-26EA-413F-992A-0D781A4B3497}C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe] => (Allow) C:\users\owner\appdata\roaming\dropbox\bin\dropbox.exe FirewallRules: [UDP Query User{0215E2FE-85AB-4E7E-A62C-D37402545E19}C:\program files (x86)\windows lotto pro 2000\proupdt.exe] => (Allow) C:\program files (x86)\windows lotto pro 2000\proupdt.exe FirewallRules: [TCP Query User{D21C189B-CC5A-4B89-AC41-81C1DC18B9D0}C:\program files (x86)\windows lotto pro 2000\proupdt.exe] => (Allow) C:\program files (x86)\windows lotto pro 2000\proupdt.exe FirewallRules: [{7D01EF98-B476-49D4-9204-5952DE17266F}] => (Allow) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{FF70AD59-6CA0-4EA7-A275-B90E277EA636}] => (Allow) C:\Users\Owner\AppData\Roaming\Dropbox\bin\Dropbox.exe FirewallRules: [{A652F003-1655-45FE-9394-E3327A32C88B}] => (Allow) LPort=35722 FirewallRules: [{835B5F82-B40A-4854-B13B-25DB445CA550}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{7DE9251C-E995-40F8-A165-176250141F38}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{754900F5-6F4A-4669-9953-8DCD4B67F430}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{411E0D03-542A-4C61-A673-993DD8C9F70A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [UDP Query User{713E7E7F-ABE7-4DB2-81A5-AA772ABCEDB3}C:\program files (x86)\windows lotto pro 2000\proupdt.exe] => (Allow) C:\program files (x86)\windows lotto pro 2000\proupdt.exe FirewallRules: [TCP Query User{8C64CA64-26B2-492B-944E-E5144076EA9A}C:\program files (x86)\windows lotto pro 2000\proupdt.exe] => (Allow) C:\program files (x86)\windows lotto pro 2000\proupdt.exe FirewallRules: [{C6BFC0D1-214F-43CE-A239-FC064B16220A}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe FirewallRules: [{A3A3A965-FCC8-4F63-9A96-C1D5CEB5BFB3}] => (Allow) C:\Program Files (x86)\Vuze\Azureus.exe FirewallRules: [TCP Query User{C3D24DE6-F3A6-440F-941F-38AB9557FC6D}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe FirewallRules: [UDP Query User{AEF458E0-5004-4AF6-A5C8-221F5F579ECD}C:\program files (x86)\vuze\azureus.exe] => (Block) C:\program files (x86)\vuze\azureus.exe FirewallRules: [{2A2EC369-1D22-41B9-83B1-90230FB3F031}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe FirewallRules: [{9A759A16-48EA-430A-845D-28744B6A4C9E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{0AE1AA7B-DA15-4E0D-A06E-5704203F9A48}] => (Allow) LPort=2869 FirewallRules: [{E519E499-895C-4146-A6AB-C5966EEFDA91}] => (Allow) LPort=1900 ==================== Restore Points ========================= 22-05-2016 21:20:55 Scheduled Checkpoint 26-05-2016 14:44:32 Windows Update 26-05-2016 14:45:44 Windows Update 02-06-2016 15:44:56 Scheduled Checkpoint 03-06-2016 10:13:43 JRT Pre-Junkware Removal ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (06/03/2016 10:23:32 AM) (Source: Windows Search Service) (EventID: 7010) (User: ) Description: The index cannot be initialized. Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (06/03/2016 10:23:32 AM) (Source: Windows Search Service) (EventID: 3058) (User: ) Description: The application cannot be initialized. Context: Windows Application Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (06/03/2016 10:23:32 AM) (Source: Windows Search Service) (EventID: 3028) (User: ) Description: The gatherer object cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (06/03/2016 10:23:32 AM) (Source: Windows Search Service) (EventID: 3029) (User: ) Description: The plug-in in <Search.TripoliIndexer> cannot be initialized. Context: Windows Application, SystemIndex Catalog Details: The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06) Error: (06/03/2016 10:23:30 AM) (Source: Windows Search Service) (EventID: 3057) (User: ) Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized. Context: Windows Application Details: (HRESULT : 0x8e5e0210) (0x8e5e0210) Error: (06/03/2016 10:23:30 AM) (Source: Windows Search Service) (EventID: 7042) (User: ) Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt. Details: The content index catalog is corrupt. 0xc0041801 (0xc0041801) Error: (06/03/2016 10:23:18 AM) (Source: Windows Search Service) (EventID: 7040) (User: ) Description: The search service has detected corrupted data files in the index {id=4810 - base\appmodel\search\search\ytrip\common\util\jetutil.cpp (203)}. The service will attempt to automatically correct this problem by rebuilding the index. Details: 0x8e5e0210 (0x8e5e0210) Error: (06/03/2016 10:23:18 AM) (Source: ESENT) (EventID: 455) (User: ) Description: SearchIndexer (5776) Windows: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb0059C.log. Error: (06/03/2016 10:21:10 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: svchost.exe, version: 10.0.10586.0, time stamp: 0x5632d7ba Faulting module name: ESENT.dll, version: 10.0.10586.212, time stamp: 0x56fa1686 Exception code: 0xc0000602 Fault offset: 0x000000000022885f Faulting process id: 0x9dc Faulting application start time: 0xsvchost.exe0 Faulting application path: svchost.exe1 Faulting module path: svchost.exe2 Report Id: svchost.exe3 Faulting package full name: svchost.exe4 Faulting package-relative application ID: svchost.exe5 Error: (06/03/2016 10:21:09 AM) (Source: ESENT) (EventID: 908) (User: ) Description: svchost (2524) Terminating process due to non-recoverable failure: PV: 10.0.10586.0 SV: 10.0.10586.0 GLE: 0 ERR: -1603(fucb.cxx:359): dllentry.cxx(103) (ESENT[10.0.10586.0] RETAIL RTM MBCS) System errors: ============= Error: (06/03/2016 11:16:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (06/03/2016 11:16:05 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Owner\AppData\Local\Temp\ehdrv.sys Error: (06/03/2016 11:16:04 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Owner\AppData\Local\Temp\ehdrv.sys Error: (06/03/2016 11:16:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (06/03/2016 11:16:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (06/03/2016 11:16:04 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Owner\AppData\Local\Temp\ehdrv.sys Error: (06/03/2016 11:16:04 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (06/03/2016 11:16:04 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Owner\AppData\Local\Temp\ehdrv.sys Error: (06/03/2016 11:16:03 AM) (Source: Service Control Manager) (EventID: 7000) (User: ) Description: The eapihdrv service failed to start due to the following error: %%1275 Error: (06/03/2016 11:16:03 AM) (Source: Application Popup) (EventID: 1060) (User: ) Description: \??\C:\Users\Owner\AppData\Local\Temp\ehdrv.sys CodeIntegrity: =================================== Date: 2016-05-30 21:34:31.215 Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system. Date: 2016-05-28 15:47:37.654 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-28 15:47:37.629 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-28 15:47:37.589 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-28 15:47:37.517 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-28 15:47:37.443 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\ADODB\7.0.3300.0__b03f5f7f11d50a3a\ADODB.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-28 15:47:37.380 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\MSDATASRC\7.0.3300.0__b03f5f7f11d50a3a\MSDATASRC.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-28 15:47:36.132 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-28 15:47:35.375 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\stdole\7.0.3300.0__b03f5f7f11d50a3a\stdole.dll that did not meet the Microsoft signing level requirements. Date: 2016-05-28 15:40:25.905 Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe) attempted to load \Device\HarddiskVolume2\Windows\assembly\GAC\Microsoft.StdFormat\7.0.3300.0__b03f5f7f11d50a3a\Microsoft.StdFormat.dll that did not meet the Microsoft signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Core(TM) i5-3470 CPU @ 3.20GHz Percentage of memory in use: 68% Total physical RAM: 3981.39 MB Available physical RAM: 1259.73 MB Total Virtual: 8077.39 MB Available Virtual: 4875.71 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:465.22 GB) (Free:267.38 GB) NTFS Drive g: (New Volume) (Fixed) (Total:931.51 GB) (Free:528.19 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: E5B53E3F) Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS) Partition 2: (Not Active) - (Size=465.2 GB) - (Type=07 NTFS) Partition 3: (Not Active) - (Size=450 MB) - (Type=27) ======================================================== Disk: 1 (Size: 931.5 GB) (Disk ID: 45E406E1) Partition 1: (Not Active) - (Size=931.5 GB) - (Type=07 NTFS) ==================== End of Addition.txt ============================ Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 8, 2016 Root Admin ID:1044286 Share Posted June 8, 2016 Can you please attach the file so that I can open it in an editor to review. The web page does not render it very well and can sometimes post invalid content. Thank you Link to post Share on other sites More sharing options...
sspm Posted June 8, 2016 Author ID:1044352 Share Posted June 8, 2016 Addition.txt Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 8, 2016 Root Admin ID:1044404 Share Posted June 8, 2016 Please download the attached fixlist.txt file and save it to the Desktop.NOTE. It's important that both files, FRST or FRST64 and fixlist.txt are in the same location or the fix will not work. NOTICE: This script was written specifically for this user, for use on this particular machine. Running this on another machine may cause damage to your operating system. Run FRST or FRST64 and press the Fix button just once and wait. If the tool needs a restart please make sure you let the system restart normally and let the tool complete its run after restart. The tool will make a log on the Desktop (Fixlog.txt). Please attach or post it to your next reply. Note: If the tool warned you about an outdated version please download and run the updated version. fixlist.txt Link to post Share on other sites More sharing options...
sspm Posted June 8, 2016 Author ID:1044465 Share Posted June 8, 2016 Log is attached. Fixlog.txt Link to post Share on other sites More sharing options...
sspm Posted June 9, 2016 Author ID:1044673 Share Posted June 9, 2016 Thanks for all your help and patience, this problem now appears to be fixed. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted June 10, 2016 Root Admin ID:1044676 Share Posted June 10, 2016 At this time there are no more signs of an infection on your system.However if you are still seeing any signs of an infection please let me know. Let's go ahead and remove the tools and logs we've used during this process. Most of the tools used are potentially dangerous to use unsupervised or if ran at the wrong time. They are often updated daily so if you went to use them again in the future they would be outdated anyways. The following procedures will implement some cleanup procedures to remove these tools. Download Delfix from here and save it to your desktop. (you may already have this) Ensure Remove disinfection tools is checked. Click the Run button. Reboot Any other programs or logs that are still remaining, you can manually delete. (right click.....Delete) IE: RogueKiller.exe, RKreport.txt, RK_Quarantine folder, C:\FRST folder, FRST-OlderVersion folder, MBAR folder, etc....AdwCleaner > just run the program and click uninstall. If there are any other left over Folders, Files, Logs then you can delete them on your own. Please visit the following link to see how to delete old System Restore Points. Please delete all of them and create a new one at this time.How to Delete System Protection Restore Points in Windows 7 and Windows 8 Remove all but the most recent Restore Point on Windows XP As Java seems to get exploited on a regular basis I advise not using Java if possible but to at least disable java in your web browsersHow do I disable Java in my web browser? - Disable Java A lot of reading here but if you take the time to read a bit of it you'll see why/how infections and general damage are so easily inflicted on the computer. There is also advice on how to prevent it and keep the system working well. Don't forget about good, solid backups of your data to an external drive that is not connected except when backing up your data. If you leave a backup drive connected and you do get infected it can easily damage, encrypt, delete, or corrupt your backups as well and then you'd lose all data. Nothing is 100% bulletproof but with a little bit of education you can certainly swing things in your favor. How Malware Spreads - How did I get infected Best Practices for Safe Computing - Prevention of Malware Infection Avoiding those unwanted free applications A close look at how Oracle installs deceptive software with Java updates IAC / Ask.com toolbars Malwarebytes Unpacked Blog If you're not currently using Malwarebytes Premium then you may want to consider purchasing the product which can also help greatly reduce the risk of a future infection. Link to post Share on other sites More sharing options...
Root Admin AdvancedSetup Posted November 24, 2016 Root Admin ID:1074395 Share Posted November 24, 2016 Glad we could help. :)If you need this topic reopened, please send a Private Message to any one of the moderating team members. Please include a link to this thread with your request. This applies only to the originator of this thread.Other members who need assistance please start your own topic in a new thread. Thanks! Link to post Share on other sites More sharing options...
Recommended Posts