Spyware Warrior Spyware Warrior
Help with Spyware, Hijacking & Other Internet Nuisances
 
FAQ :: Search :: Memberlist :: Usergroups :: Register
Profile :: Log in to check your private messages :: Log in

Malware?

 
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal
View previous topic :: View next topic  
Author Message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Thu Dec 24, 2015 12:25 pm    Post subject: Malware? Reply with quote

I cannot use windows update, videos are interrupted and some programs do not load properly. Here are the files requested. Any help is appreciated. Thank you.
DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20
Run by John at 12:22:00 on 2015-12-24
Microsoft Windows 10 Home 10.0.10586.0.1252.1.1033.18.8078.6368 [GMT -8:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\igfxCUIService.exe
C:\WINDOWS\SysWow64\IntelCpHeciSvc.exe
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\ASLDRSrv.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe
C:\Program Files\Intel\iCLS Client\HeciServer.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
C:\WINDOWS\system32\taskeng.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\WINDOWS\system32\taskhostw.exe
c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\ASUS\P4G\BatteryLife.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
C:\Program Files\Classic Shell\ClassicStartMenu.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\WINDOWS\system32\SettingSyncHost.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\system32\igfxTray.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
C:\WINDOWS\system32\taskhostw.exe
C:\Program Files (x86)\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = hxxp://www.foxnews.com/
uSearch Bar = Preserve
BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_32.dll
TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll
uRun: [SpybotPostWindows10UpgradeReInstall] "C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe"
uRun: [OneDrive] "C:\Users\John\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [HP Officejet Pro 8600 (NET)] "C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe" -deviceID "CN36RDXH2F05KC:NW" -scfn "HP Officejet Pro 8600 (NET)" -AutoStart 1
mRun: [Adobe Reader Speed Launcher] "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"
mRun: [ASUSPRP] "C:\Program Files (x86)\ASUS\APRP\APRP.EXE"
mRun: [RemoteControl10] "C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe"
mRun: [HP Software Update] C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\Users\John\AppData\Roaming\MICROS~1\Windows\STARTM~1\Programs\Startup\MONITO~1.LNK - C:\WINDOWS\System32\RunDll32.exe
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Root\Office16\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\Program Files (x86)\Microsoft Office\Root\Office16\ONBttnIE.dll/105
IE: Send to Bluetooth - C:\Program Files (x86)\Intel\Bluetooth\btSendToObject.htm
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIE.dll
IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\Office16\ONBttnIELinkedNotes.dll
Trusted Zone: localhost
Trusted Zone: webcompanion.com
DPF: {0E5F0222-96B9-11D3-8997-00104BD12D94} - hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
TCP: NameServer = 192.168.1.254
TCP: Interfaces\{224c079e-9089-4ecb-944a-901d157edb42} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{b393193f-e6b9-4f34-84eb-0f06eaeedb2f} : DHCPNameServer = 192.168.1.254
TCP: Interfaces\{b393193f-e6b9-4f34-84eb-0f06eaeedb2f}\75D4532316236666 : DHCPNameServer = 192.168.178.87
Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Lync Browser Helper: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-BHO: ExplorerBHO Class: {449D0D6E-2412-4E61-B68F-1CB625CD9E52} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-BHO: Microsoft OneDrive for Business Browser Helper: {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL
x64-BHO: ClassicIEBHO Class: {EA801577-E6AD-4BD5-8F71-4BE0154331A4} - C:\Program Files\Classic Shell\ClassicIEDLL_64.dll
x64-TB: Classic Explorer Bar: {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
x64-Run: [ACMON] C:\Program Files (x86)\ASUS\Splendid\ACMON.exe
x64-Run: [Classic Start Menu] "C:\Program Files\Classic Shell\ClassicStartMenu.exe" -autorun
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIE.dll
x64-IE: {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll
x64-IE: {56753E59-AF1D-4FBA-9E15-31557124ADA2} - C:\Program Files\Classic Shell\ClassicIE_32.exe
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesX64\Microsoft Office\Office16\ONBttnIELinkedNotes.dll
x64-Handler: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - <orphaned>
x64-Handler: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - <orphaned>
x64-Handler: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - <orphaned>
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2012-7-5 647736]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-29 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-29 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-29 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-29 218624]
R1 ATKWMIACPIIO;ATKWMIACPI Driver;C:\Program Files (x86)\ASUS\ATK Package\ATK WMIACPI\atkwmiacpi64.sys [2011-9-7 17536]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-29 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-29 8192]
R2 ASMMAP64;ASMMAP64;C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\ASMMAP64.sys [2009-7-2 15416]
R2 ASUS InstantOn;ASUS InstantOn Service;C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [2012-4-13 277120]
R2 ClickToRunSvc;Microsoft Office ClickToRun Service;C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe [2015-12-4 2748600]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-29 43944]
R2 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-29 43944]
R2 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [2015-7-26 25800]
R2 igfxCUIService1.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-10-29 330136]
R2 Intel(R) Capability Licensing Service Interface;Intel(R) Capability Licensing Service Interface;C:\Program Files\Intel\iCLS Client\HeciServer.exe [2012-4-20 635104]
R2 Intel(R) ME Service;Intel(R) ME Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [2012-12-25 129856]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-29 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-29 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
R3 AiCharger;ASUS Charger Driver;C:\WINDOWS\System32\drivers\AiCharger.sys [2012-7-24 17152]
R3 AMPPAL;Intel(r) Centrino(r) Wireless Bluetooth(r) + High Speed Virtual Adapter;C:\WINDOWS\System32\drivers\AmpPal.sys [2013-5-21 165344]
R3 BthLEEnum;Bluetooth Low Energy Driver;C:\WINDOWS\System32\drivers\BthLEEnum.sys [2015-10-29 245248]
R3 HIDSwitch;ASUS Wireless Radio Control;C:\WINDOWS\System32\drivers\AsHIDSwitch64.sys [2015-5-13 19976]
R3 ibtfltcoex;Intel Corporation;C:\WINDOWS\System32\drivers\ibtfltcoex.sys [2015-7-1 79632]
R3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-8-21 463112]
R3 iwdbus;IWD Bus Enumerator;C:\WINDOWS\System32\drivers\iwdbus.sys [2015-7-29 38976]
R3 L1C;NDIS Miniport Driver for Qualcomm Atheros AR81xx PCI-E Ethernet Controller;C:\WINDOWS\System32\drivers\L1C63x64.sys [2015-10-29 121344]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
R3 MBAMProtector;MBAMProtector;C:\WINDOWS\System32\drivers\mbam.sys [2015-7-2 25816]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-29 20480]
R3 NETwNe64;___ Intel(R) Wireless WiFi Link 5000 Series Adapter Driver for Windows 8 - 64 Bit;C:\WINDOWS\System32\drivers\NETwew01.sys [2015-10-29 3343872]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-29 43944]
R3 usb3Hub;USB-IF USB 3.0 Hub;C:\WINDOWS\System32\drivers\usb3Hub.sys [2012-11-29 47072]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-29 118112]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-29 364464]
R3 XHCIPort;USB-IF xHCI USB Host Controller;C:\WINDOWS\System32\drivers\xHCIPort.sys [2012-11-29 188896]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S2 jhi_service;Intel(R) Dynamic Application Loader Host Interface Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe [2012-12-25 166720]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-29 43944]
S2 MBAMService;MBAMService;C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [2015-7-2 1135416]
S2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-12-25 365376]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-29 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-29 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-29 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-29 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-29 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-29 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-29 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-12-11 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-29 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-29 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-29 43944]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-29 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-29 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-29 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-29 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-29 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-29 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-29 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-29 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-29 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-29 117760]
S3 intaud_WaveExtensible;Intel WiDi Audio Device;C:\WINDOWS\System32\drivers\intelaud.sys [2015-7-29 50240]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-29 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-29 26624]
S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-29 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-29 99168]
S3 MBAMWebAccessControl;MBAMWebAccessControl;C:\WINDOWS\System32\drivers\mwac.sys [2015-7-2 64216]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-29 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-29 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-29 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-29 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-29 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-29 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-29 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-29 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-29 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-29 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-29 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-29 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-29 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-29 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-29 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-29 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-10-29 254816]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-29 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-29 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-29 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-29 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-29 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-29 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-29 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-10-29 694784]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-29 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-29 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-29 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-29 43944]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-10-29 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-10-29 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
.
=============== Created Last 30 ================
.
2015-12-24 18:54:36 11154520 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{5FC1F4DB-AD7F-4094-BE81-4F6E2C2FA3CB}\mpengine.dll
2015-12-19 23:13:54 11154520 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-12-19 22:59:42 -------- d-----w- C:\Users\John\AppData\Local\WebDiscoverBrowser
2015-12-19 22:59:34 -------- d-----w- C:\Program Files\WebDiscoverBrowser
2015-12-19 22:58:26 -------- d-----w- C:\ProgramData\ba5bbb1e-64c5-1
2015-12-19 22:58:26 -------- d-----w- C:\ProgramData\ba5bbb1e-3a55-0
2015-12-19 22:57:29 -------- d-----w- C:\searchplugins
2015-12-19 22:57:23 -------- d-----w- C:\Program Files (x86)\Spybot - Search & Destroy
2015-12-19 22:57:16 -------- d-----w- C:\Users\John\AppData\Local\Lavasoft
2015-12-19 22:57:04 425744 ----a-w- C:\WINDOWS\System32\LavasoftTcpService64.dll
2015-12-19 22:57:04 345360 ----a-w- C:\WINDOWS\SysWow64\LavasoftTcpService.dll
2015-12-19 22:57:00 -------- d-----w- C:\Program Files (x86)\Lavasoft
2015-12-19 17:56:41 -------- d-----w- C:\Users\John\AppData\Roaming\com.pandora.desktop.66F690BC77738C95E986E1B4A197193F28756A21.1
2015-12-19 17:56:40 -------- d---a-w- C:\Program Files (x86)\Pandora
2015-12-18 00:07:56 -------- d-----w- C:\Users\John\AppData\Local\Microsoft Help
2015-12-18 00:04:52 88752 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.6366.2036\vcruntime140.dll
2015-12-18 00:04:52 635040 ----a-w- C:\Program Files\Common Files\Microsoft Shared\ClickToRun\Updates\16.0.6366.2036\msvcp140.dll
2015-12-17 23:53:14 -------- d-----w- C:\FRST
2015-12-17 23:44:37 -------- d-----w- C:\AdwCleaner
2015-12-15 18:35:31 -------- d-----w- C:\ProgramData\IntelDLM
2015-12-15 18:29:06 -------- d-----w- C:\Users\John\AppData\Local\Intel
2015-12-15 18:28:05 -------- d-----w- C:\Program Files (x86)\Intel Driver Update Utility
2015-12-12 17:02:59 -------- d--h--w- C:\$SysReset
2015-12-11 18:49:22 -------- d-----w- C:\WINDOWS\System32\SleepStudy
2015-12-11 17:14:59 586080 ----a-w- C:\WINDOWS\SysWow64\wimgapi.dll
2015-12-10 16:54:21 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{CDA948E2-4CD7-41F5-9222-2B0D99D67C2E}\gapaengine.dll
2015-12-10 16:37:48 -------- d-----w- C:\Users\John\AppData\Local\ActiveSync
2015-12-10 11:38:26 -------- d-sh--we C:\ProgramData\Documents
2015-12-10 11:28:05 -------- d-----w- C:\WINDOWS\System32\wbem\Performance
2015-12-10 11:24:04 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\good
2015-12-10 11:24:04 -------- d-----w- C:\WINDOWS\System32\wbem\MOF\bad
2015-12-10 11:11:01 72704 ----a-w- C:\WINDOWS\System32\OpenCL.DLL
2015-12-10 11:11:01 69120 ----a-w- C:\WINDOWS\SysWow64\OpenCL.DLL
2015-12-10 11:10:38 -------- d-----w- C:\Program Files (x86)\Common Files\Intel
2015-12-10 11:10:37 -------- d-----w- C:\Program Files (x86)\ASUS
2015-12-10 11:10:23 -------- d-----w- C:\ProgramData\SetupTPDriver
2015-12-10 11:10:06 -------- d-----w- C:\WINDOWS\System32\DAX2
2015-12-10 11:09:49 -------- d-----w- C:\Program Files\Realtek
2015-12-10 11:09:44 -------- d-----w- C:\WINDOWS\SysWow64\RTCOM
2015-12-10 11:09:28 2718208 ----a-w- C:\WINDOWS\SysWow64\PrintConfig.dll
2015-12-10 11:06:33 -------- d-----w- C:\WINDOWS\System32\wbem\MOF
2015-12-10 11:04:59 -------- d-sh--w- C:\Recovery
2015-12-10 11:04:56 -------- dc----w- C:\WINDOWS\Panther
2015-12-10 11:02:20 -------- d-----w- C:\Windows.old
2015-12-10 11:01:41 -------- d-----w- C:\WINDOWS\System32\Microsoft
2015-12-10 10:59:22 778936 ----a-w- C:\WINDOWS\SysWow64\PresentationNative_v0300.dll
2015-12-10 10:59:22 35480 ----a-w- C:\WINDOWS\SysWow64\TsWpfWrp.exe
2015-12-10 10:59:22 103120 ----a-w- C:\WINDOWS\SysWow64\PresentationCFFRasterizerNative_v0300.dll
2015-12-10 10:59:11 35480 ----a-w- C:\WINDOWS\System32\TsWpfWrp.exe
2015-12-10 10:59:11 124624 ----a-w- C:\WINDOWS\System32\PresentationCFFRasterizerNative_v0300.dll
2015-12-10 10:59:11 1166520 ----a-w- C:\WINDOWS\System32\PresentationNative_v0300.dll
2015-12-04 22:21:20 -------- d-----w- C:\Program Files\Microsoft Office 15
2015-12-04 14:55:16 202928 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\Source Engine\OSE.EXE
2015-12-04 14:54:58 354512 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\LICLUA.EXE
2015-12-04 14:54:58 16064 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE16\Office Setup Controller\pkeyconfig.companion.dll
.
==================== Find3M ====================
.
2015-12-12 17:31:03 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-12-10 16:35:25 451 ----a-w- C:\WINDOWS\System32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-12-09 22:19:58 95024 ----a-w- C:\WINDOWS\System32\drivers\dc3d.sys
2015-12-09 03:39:31 301728 ------w- C:\WINDOWS\System32\MpSigStub.exe
2015-12-07 04:57:01 973664 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2015-12-07 04:55:42 1281376 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2015-12-07 04:49:31 412512 ----a-w- C:\WINDOWS\System32\wifitask.exe
2015-12-07 04:47:58 116720 ----a-w- C:\WINDOWS\SysWow64\mfps.dll
2015-12-07 04:47:57 925064 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2015-12-07 04:47:57 898184 ----a-w- C:\WINDOWS\SysWow64\mfsrcsnk.dll
2015-12-07 04:47:54 716928 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
2015-12-07 04:45:46 264544 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2015-12-07 04:15:40 1035776 ----a-w- C:\WINDOWS\System32\XboxNetApiSvc.dll
2015-12-07 04:15:08 75776 ----a-w- C:\WINDOWS\System32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-07 04:10:37 824320 ----a-w- C:\WINDOWS\System32\WpcWebFilter.dll
2015-12-07 04:09:36 30208 ----a-w- C:\WINDOWS\System32\StorageUsage.dll
2015-12-07 04:09:27 92160 ----a-w- C:\WINDOWS\System32\policymanagerprecheck.dll
2015-12-07 04:09:07 133120 ----a-w- C:\WINDOWS\System32\flvprophandler.dll
2015-12-07 04:07:43 134656 ----a-w- C:\WINDOWS\System32\wificonnapi.dll
2015-12-07 04:07:34 77312 ----a-w- C:\WINDOWS\System32\ProvPluginEng.dll
2015-12-07 04:07:13 16984064 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-12-07 04:06:52 231936 ----a-w- C:\WINDOWS\System32\KnobsCore.dll
2015-12-07 04:06:38 199168 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2015-12-07 04:06:36 50176 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2015-12-07 04:06:32 572928 ----a-w- C:\WINDOWS\SysWow64\WpcWebFilter.dll
2015-12-07 04:05:28 36864 ----a-w- C:\WINDOWS\System32\BackgroundTransferHost.exe
2015-12-07 04:05:15 192000 ----a-w- C:\WINDOWS\System32\provisioningcsp.dll
2015-12-07 04:04:28 56320 ----a-w- C:\WINDOWS\System32\provtool.exe
2015-12-07 04:04:20 66560 ----a-w- C:\WINDOWS\System32\moshost.dll
2015-12-07 04:03:46 13017600 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2015-12-07 04:02:54 477696 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2015-12-07 04:02:49 161280 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe
2015-12-07 04:02:01 269824 ----a-w- C:\WINDOWS\System32\moshostcore.dll
2015-12-07 04:01:43 34304 ----a-w- C:\WINDOWS\SysWow64\BackgroundTransferHost.exe
2015-12-07 04:01:07 543232 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
2015-12-07 04:00:55 323072 ----a-w- C:\WINDOWS\System32\MSFlacDecoder.dll
2015-12-07 04:00:52 203776 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2015-12-07 04:00:51 210432 ----a-w- C:\WINDOWS\System32\wcmcsp.dll
2015-12-07 04:00:40 618496 ----a-w- C:\WINDOWS\System32\StorSvc.dll
2015-12-07 03:59:52 286208 ----a-w- C:\WINDOWS\System32\provhandlers.dll
2015-12-07 03:59:49 292352 ----a-w- C:\WINDOWS\System32\provengine.dll
2015-12-07 03:59:37 558080 ----a-w- C:\WINDOWS\System32\MBMediaManager.dll
2015-12-07 03:59:16 165376 ----a-w- C:\WINDOWS\System32\provdatastore.dll
2015-12-07 03:58:17 459776 ----a-w- C:\WINDOWS\System32\MapConfiguration.dll
2015-12-07 03:57:48 387072 ----a-w- C:\WINDOWS\System32\qdvd.dll
2015-12-07 03:57:40 409088 ----a-w- C:\WINDOWS\SysWow64\StoreAgent.dll
2015-12-07 03:57:28 270848 ----a-w- C:\WINDOWS\SysWow64\MSFlacDecoder.dll
2015-12-07 03:56:27 497152 ----a-w- C:\WINDOWS\System32\mfmkvsrcsnk.dll
2015-12-07 03:56:18 607232 ----a-w- C:\WINDOWS\System32\wcmsvc.dll
2015-12-07 03:55:38 7979008 ----a-w- C:\WINDOWS\System32\mos.dll
2015-12-07 03:55:02 346112 ----a-w- C:\WINDOWS\SysWow64\MapConfiguration.dll
2015-12-07 03:54:56 850432 ----a-w- C:\WINDOWS\System32\MapsStore.dll
2015-12-07 03:54:56 569856 ----a-w- C:\WINDOWS\SysWow64\qdvd.dll
2015-12-07 03:53:28 381952 ----a-w- C:\WINDOWS\SysWow64\mfmkvsrcsnk.dll
2015-12-07 03:51:16 1318912 ----a-w- C:\WINDOWS\System32\wifinetworkmanager.dll
2015-12-07 03:51:00 223232 ----a-w- C:\WINDOWS\System32\fveapibase.dll
2015-12-07 03:50:55 1131520 ----a-w- C:\WINDOWS\System32\Windows.Media.Audio.dll
2015-12-07 03:49:01 1105920 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Audio.dll
2015-12-07 03:48:02 6297088 ----a-w- C:\WINDOWS\SysWow64\mos.dll
2015-12-07 03:47:02 3428864 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2015-12-07 03:45:53 683008 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
2015-12-07 03:45:45 900608 ----a-w- C:\WINDOWS\System32\Windows.Networking.BackgroundTransfer.dll
2015-12-07 03:45:44 2582016 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2015-12-07 03:44:48 2796032 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2015-12-07 03:43:35 931328 ----a-w- C:\WINDOWS\System32\MSMPEG2ENC.DLL
2015-12-07 03:43:07 2598400 ----a-w- C:\WINDOWS\System32\NetworkMobileSettings.dll
2015-12-07 03:41:02 2061824 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2015-12-07 03:40:47 3593216 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2015-12-07 03:40:23 1995776 ----a-w- C:\WINDOWS\System32\ActiveSyncProvider.dll
2015-12-07 03:40:08 1706496 ----a-w- C:\WINDOWS\SysWow64\ActiveSyncProvider.dll
2015-12-07 03:39:24 764928 ----a-w- C:\WINDOWS\System32\fveapi.dll
2015-12-07 03:38:14 871936 ----a-w- C:\WINDOWS\SysWow64\MSMPEG2ENC.DLL
2015-12-07 03:33:04 375296 ----a-w- C:\WINDOWS\System32\MDEServer.exe
2015-12-07 03:32:46 126464 ----a-w- C:\WINDOWS\System32\dialserver.dll
2015-12-01 07:12:09 2152800 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2015-12-01 00:33:29 826872 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-12-01 00:33:29 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-11-25 01:12:46 408 ----a-w- C:\Users\John\AppData\Roaming\sp_data.sys
2015-11-24 12:07:40 1817160 ----a-w- C:\WINDOWS\System32\ntdll.dll
2015-11-24 11:06:29 1540768 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2015-11-24 10:26:50 1399224 ----a-w- C:\WINDOWS\System32\user32.dll
2015-11-24 10:01:57 2756096 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2015-11-24 09:54:15 7680 ----a-w- C:\WINDOWS\System32\readingviewresources.dll
2015-11-24 09:53:39 115200 ----a-w- C:\WINDOWS\System32\win32k.sys
2015-11-24 09:45:01 18944 ----a-w- C:\WINDOWS\System32\wshrm.dll
2015-11-24 09:37:04 147968 ----a-w- C:\WINDOWS\System32\drivers\rmcast.sys
2015-11-24 09:26:34 1337240 ----a-w- C:\WINDOWS\SysWow64\user32.dll
2015-11-24 09:19:35 182784 ----a-w- C:\WINDOWS\System32\shutdownux.dll
2015-11-24 09:12:41 523776 ----a-w- C:\WINDOWS\System32\catsrvut.dll
2015-11-24 08:58:24 604672 ----a-w- C:\WINDOWS\System32\vbscript.dll
2015-11-24 08:55:41 1393664 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2015-11-24 08:54:21 2756096 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2015-11-24 08:52:05 1717248 ----a-w- C:\WINDOWS\System32\GdiPlus.dll
2015-11-24 08:49:47 1648640 ----a-w- C:\WINDOWS\System32\comsvcs.dll
2015-11-24 08:14:34 415744 ----a-w- C:\WINDOWS\SysWow64\catsrvut.dll
2015-11-24 08:03:47 503296 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2015-11-24 07:59:27 1467392 ----a-w- C:\WINDOWS\SysWow64\GdiPlus.dll
2015-11-24 07:57:56 1328128 ----a-w- C:\WINDOWS\SysWow64\comsvcs.dll
2015-11-24 07:35:50 22393856 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-11-24 07:29:31 2352128 ----a-w- C:\WINDOWS\System32\authui.dll
.
============= FINISH: 12:23:34.89 ===============
.
UNLESS SPECIFICALLY INSTRUCTED, DO NOT POST THIS LOG.
IF REQUESTED, ZIP IT UP & ATTACH IT
.
DDS (Ver_2012-11-20.01)
.
Microsoft Windows 10 Home
Boot Device: \Device\HarddiskVolume1
Install Date: 12/10/2015 3:42:26 AM
System Uptime: 12/24/2015 10:43:25 AM (2 hours ago)
.
Motherboard: ASUSTeK COMPUTER INC. | | Q400A
Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz | SOCKET 0 | 2201/100mhz
.
==== Disk Partitions =========================
.
C: is FIXED (NTFS) - 677 GiB total, 618.9 GiB free.
D: is CDROM (CDFS)
.
==== Disabled Device Manager Items =============
.
==== System Restore Points ===================
.
RP4: 12/17/2015 3:38:28 AM - Windows Modules Installer
RP5: 12/19/2015 3:01:00 PM - Removed Playthru Player
RP6: 12/24/2015 9:03:28 AM - Windows Update
RP7: 12/24/2015 9:03:59 AM - Windows Update
.
==== Installed Programs ======================
.
Adobe AIR
Adobe Reader X (10.1.16) MUI
Adobe Refresh Manager
Alcor Micro USB Card Reader
ASUS Instant Connect
ASUS InstantOn
ASUS LifeFrame3
ASUS Live Update
ASUS Power4Gear Hybrid
ASUS Screen Saver
ASUS Smart Gesture
ASUS Splendid Video Enhancement Technology
ASUS Tutor
ASUS USB Charger Plus
ASUSDVD
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver
ATK Package
Bing Bar
Classic Shell
D3DX10
Google Earth
Google Update Helper
HP Customer Experience Enhancements
HP Officejet Pro 8600 Basic Device Software
HP Officejet Pro 8600 Help
HP Officejet Pro 8600 Product Improvement Study
HP Support Assistant
HP Support Solutions Framework
HP Update
I.R.I.S. OCR
Intel(R) Management Engine Components
Intel(R) PRO/Wireless Driver
Intel(R) Processor Graphics
Intel(R) SDK for OpenCL - CPU Only Runtime Package
Intel(R) WiDi
Intel® PROSet/Wireless Software
Intel® PROSet/Wireless WiFi Software
Intel® Trusted Connect Service Client
Malwarebytes Anti-Malware version 2.2.0.1024
Microsoft Application Error Reporting
Microsoft Mouse and Keyboard Center
Microsoft Office 365 - en-us
Microsoft SQL Server 2005 Compact Edition [ENU]
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219
Movie Maker
MSVCRT
MSVCRT Redists
MSVCRT110
MSVCRT110_amd64
Office 16 Click-to-Run Extensibility Component
Office 16 Click-to-Run Licensing Component
Office 16 Click-to-Run Localization Component
Pandora
Photo Common
Photo Gallery
Realtek High Definition Audio Driver
Sony Preset Manager 2.0d
Sony Sound Forge Audio Studio 8.0
Sound Forge Audio Studio 10.0
Waves Diamond Bundle 4.05
Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262)
Windows Live Communications Platform
Windows Live Essentials
Windows Live Installer
Windows Live Photo Common
Windows Live PIMT Platform
Windows Live SOXE
Windows Live SOXE Definitions
Windows Live UX Platform
Windows Live UX Platform Language Pack
WinFlash
.
==== Event Viewer Messages From Past Week ========
.
12/24/2015 9:41:02 AM, Error: Service Control Manager [7000] - The Windows Search service failed to start due to the following error: The system cannot find the path specified.
12/24/2015 9:40:49 AM, Error: Service Control Manager [7031] - The User Data Storage_59c6d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/24/2015 9:40:49 AM, Error: Service Control Manager [7031] - The User Data Access_59c6d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/24/2015 9:40:49 AM, Error: Service Control Manager [7031] - The Sync Host_59c6d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/24/2015 9:40:49 AM, Error: Service Control Manager [7031] - The Contact Data_59c6d service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/24/2015 9:40:32 AM, Error: Service Control Manager [7034] - The Intel(R) ME Service service terminated unexpectedly. It has done this 1 time(s).
12/24/2015 9:40:32 AM, Error: Service Control Manager [7034] - The HP Support Solutions Framework Service service terminated unexpectedly. It has done this 1 time(s).
12/24/2015 9:40:32 AM, Error: Service Control Manager [7034] - The ASUS InstantOn Service service terminated unexpectedly. It has done this 1 time(s).
12/24/2015 9:40:32 AM, Error: Service Control Manager [7034] - The Adobe Acrobat Update Service service terminated unexpectedly. It has done this 1 time(s).
12/24/2015 9:40:32 AM, Error: Service Control Manager [7031] - The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.
12/24/2015 9:40:32 AM, Error: Service Control Manager [7031] - The Windows Presentation Foundation Font Cache 3.0.0.0 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/24/2015 9:40:32 AM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Updating Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/24/2015 9:40:32 AM, Error: Service Control Manager [7031] - The Spybot-S&D 2 Security Center Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 60000 milliseconds: Restart the service.
12/24/2015 9:40:32 AM, Error: Service Control Manager [7031] - The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.
12/24/2015 9:40:32 AM, Error: Service Control Manager [7031] - The Microsoft Office ClickToRun Service service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/24/2015 9:40:32 AM, Error: Service Control Manager [7031] - The Intel(R) Capability Licensing Service Interface service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 0 milliseconds: Restart the service.
12/24/2015 9:40:31 AM, Error: Service Control Manager [7034] - The Intel(R) HD Graphics Control Panel Service service terminated unexpectedly. It has done this 1 time(s).
12/24/2015 9:40:31 AM, Error: Service Control Manager [7034] - The Intel(R) Content Protection HECI Service service terminated unexpectedly. It has done this 1 time(s).
12/24/2015 9:40:31 AM, Error: Service Control Manager [7034] - The ATKGFNEX Service service terminated unexpectedly. It has done this 1 time(s).
12/24/2015 9:40:31 AM, Error: Service Control Manager [7034] - The ASLDR Service service terminated unexpectedly. It has done this 1 time(s).
12/24/2015 10:46:21 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the UNS service to connect.
12/24/2015 10:46:21 AM, Error: Service Control Manager [7000] - The Intel(R) Management and Security Application User Notification Service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/24/2015 10:43:52 AM, Error: Service Control Manager [7000] - The jhi_service service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/24/2015 10:43:50 AM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the jhi_service service to connect.
12/24/2015 10:43:03 AM, Error: Service Control Manager [7031] - The User Data Storage_78d13 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/24/2015 10:43:03 AM, Error: Service Control Manager [7031] - The User Data Access_78d13 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/24/2015 10:43:03 AM, Error: Service Control Manager [7031] - The Sync Host_78d13 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/24/2015 10:43:03 AM, Error: Service Control Manager [7031] - The Contact Data_78d13 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/24/2015 10:43:03 AM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {D63B10C5-BB46-4990-A94F-E40B9D520160} and APPID {9CA88EE3-ACB7-47C8-AFC4-AB702511C276} to the user NT AUTHORITY\SYSTEM SID (S-1-5-18) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
12/23/2015 12:02:54 PM, Error: Microsoft-Windows-DistributedCOM [10016] - The application-specific permission settings do not grant Local Activation permission for the COM Server application with CLSID {9E175B6D-F52A-11D8-B9A5-505054503030} and APPID {9E175B9C-F52A-11D8-B9A5-505054503030} to the user JP\John SID (S-1-5-21-3936709736-1518792879-354126822-1001) from address LocalHost (Using LRPC) running in the application container Unavailable SID (Unavailable). This security permission can be modified using the Component Services administrative tool.
12/22/2015 8:49:55 AM, Error: Tcpip [4199] - The system detected an address conflict for IP address 192.168.1.9 with the system having network hardware address 28-57-67-ED-34-80. Network operations on this system may be disrupted as a result.
12/21/2015 9:42:45 AM, Error: Service Control Manager [7031] - The User Data Storage_3135c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/21/2015 9:42:45 AM, Error: Service Control Manager [7031] - The User Data Access_3135c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/21/2015 9:42:45 AM, Error: Service Control Manager [7031] - The Sync Host_3135c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/21/2015 9:42:45 AM, Error: Service Control Manager [7031] - The Contact Data_3135c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/19/2015 3:08:26 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the Intel(R) Management and Security Application User Notification Service service to connect.
12/19/2015 3:05:23 PM, Error: Service Control Manager [7009] - A timeout was reached (30000 milliseconds) while waiting for the SearchProtectionService service to connect.
12/19/2015 3:05:23 PM, Error: Service Control Manager [7000] - The SearchProtectionService service failed to start due to the following error: The service did not respond to the start or control request in a timely fashion.
12/19/2015 3:03:48 PM, Error: Service Control Manager [7031] - The User Data Storage_57dee service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/19/2015 3:03:48 PM, Error: Service Control Manager [7031] - The User Data Access_57dee service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/19/2015 3:03:48 PM, Error: Service Control Manager [7031] - The Sync Host_57dee service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/19/2015 3:03:48 PM, Error: Service Control Manager [7031] - The Contact Data_57dee service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/17/2015 3:46:29 PM, Error: Service Control Manager [7031] - The User Data Storage_33a01 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/17/2015 3:46:29 PM, Error: Service Control Manager [7031] - The User Data Access_33a01 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/17/2015 3:46:29 PM, Error: Service Control Manager [7031] - The Sync Host_33a01 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/17/2015 3:46:29 PM, Error: Service Control Manager [7031] - The Contact Data_33a01 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/17/2015 10:05:52 PM, Error: Service Control Manager [7031] - The User Data Storage_3d722 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/17/2015 10:05:52 PM, Error: Service Control Manager [7031] - The User Data Access_3d722 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/17/2015 10:05:52 PM, Error: Service Control Manager [7031] - The Sync Host_3d722 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
12/17/2015 10:05:52 PM, Error: Service Control Manager [7031] - The Contact Data_3d722 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.
.
==== End Of File ===========================
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Sun Dec 27, 2015 3:09 am    Post subject: Reply with quote

Hi,
Ok lets try this again.

Please click on THIS link, and follow the instructions for installing TCRB and creating a backup of your Registry.

I need you to run further scans for me.
Please post each log separately to prevent it being cut off by the forum post size limiter.
Check each after you've posted it to make sure it's all present, if any log is cut off you'll have to post it in sections.


Please download AdwCleaner by Xplode onto your desktop.
  • Close all open programs and internet browsers.
  • Right click on adwcleaner.exe and select " Run as administrator " to run it.
  • Click on Scan.
  • When the scan has finished, click on Clean.
  • Your computer will be rebooted automatically. A text file will open after the restart.
  • Please post the content of that logfile with your next reply.
  • You can find the logfile at C:\AdwCleaner[S1].txt as well.

Next.

Please download FRST ... by Farbar, from the link below and save it to your Desktop.

For 32 bit Systems

For 64 bit Systems
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • When the tool opens click Yes to the disclaimer.
  • Press Scan button. ... When finished a log will be created, FRST.txt.
  • Please post the content of the FRST.txt in your next reply.
  • The first time the tool is run, it will create another log... Addition.txt.
  • Please post the content of the Addition.txt in your next reply.

Logs/Information to Post in your Next Reply
  • AdwCleaner log.
  • FRST.txt and Addition.txt contents.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Sun Dec 27, 2015 8:50 am    Post subject: logs Reply with quote

here are the logs requested. Thank you!

# AdwCleaner v5.026 - Logfile created 27/12/2015 at 08:42:05
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : John - JP
# Running from : C:\Users\John\Downloads\adwcleaner_5.026.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****


*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C3].txt - [653 bytes] ##########
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:27-12-2015
Ran by John (administrator) on JP (27-12-2015 08:46:24)
Running from C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\77OHI5KH
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6508.23761.0_x64__8wekyb3d8bbwe\HubTaskHost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163520 2015-04-09] (IvoSoft)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3936709736-1518792879-354126822-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3936709736-1518792879-354126822-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2015-12-21]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{224c079e-9089-4ecb-944a-901d157edb42}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{b393193f-e6b9-4f34-84eb-0f06eaeedb2f}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3936709736-1518792879-354126822-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.foxnews.com/
SearchScopes: HKU\S-1-5-21-3936709736-1518792879-354126822-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3936709736-1518792879-354126822-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-17] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-17] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-04-09] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-04-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-12-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-17]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-17]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-17]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-17]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-17]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-17]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2748600 2015-12-04] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-29] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-29] (Intel Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-27 08:39 - 2015-12-27 08:39 - 01743360 _____ C:\Users\John\Downloads\adwcleaner_5.026.exe
2015-12-27 08:38 - 2015-12-27 08:38 - 00002310 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-12-27 08:38 - 2015-12-27 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-12-27 08:38 - 2015-12-27 08:38 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-12-21 10:02 - 2015-12-21 10:02 - 00200249 _____ C:\Users\John\Documents\Scan0003.pdf
2015-12-21 10:01 - 2015-12-21 10:01 - 00200344 _____ C:\Users\John\Documents\Scan0002.pdf
2015-12-19 14:59 - 2015-12-19 15:09 - 00000000 ____D C:\Program Files\WebDiscoverBrowser
2015-12-19 14:59 - 2015-12-19 14:59 - 00000000 ____D C:\Users\John\AppData\Local\WebDiscoverBrowser
2015-12-19 14:58 - 2015-12-19 14:58 - 00023168 _____ C:\WINDOWS\System32\Tasks\{040B0B47-040B-0478-0B11-0B79787A117E}
2015-12-19 14:58 - 2015-12-19 14:58 - 00000000 ____D C:\ProgramData\ba5bbb1e-64c5-1
2015-12-19 14:58 - 2015-12-19 14:58 - 00000000 ____D C:\ProgramData\ba5bbb1e-3a55-0
2015-12-19 14:57 - 2015-12-19 15:09 - 00000000 ____D C:\Users\John\AppData\Local\Lavasoft
2015-12-19 14:57 - 2015-12-19 15:07 - 00000262 _____ C:\Prefs.js
2015-12-19 14:57 - 2015-12-19 15:07 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2015-12-19 14:57 - 2015-12-19 15:04 - 00002936 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-12-19 14:57 - 2015-12-19 15:04 - 00002936 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-12-19 14:57 - 2015-12-19 14:57 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-12-19 14:57 - 2015-12-19 14:57 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-12-19 14:57 - 2015-12-19 14:57 - 00000000 ____D C:\Users\John\AppData\Roaming\Lavasoft
2015-12-19 14:57 - 2015-12-19 14:57 - 00000000 ____D C:\searchplugins
2015-12-19 14:57 - 2015-12-19 14:57 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-12-19 14:56 - 2015-12-19 14:56 - 00000000 ____D C:\ProgramData\Lavasoft
2015-12-19 09:56 - 2015-12-19 09:56 - 00000000 ____D C:\Users\John\AppData\Roaming\com.pandora.desktop.66F690BC77738C95E986E1B4A197193F28756A21.1
2015-12-19 09:56 - 2015-12-19 09:56 - 00000000 ____D C:\Program Files (x86)\Pandora
2015-12-18 08:17 - 2015-12-27 08:38 - 00032854 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2015-12-17 16:07 - 2015-12-17 16:08 - 00000000 ____D C:\Users\John\AppData\Local\Microsoft Help
2015-12-17 16:05 - 2015-12-17 16:06 - 00000000 ____D C:\Users\John\Documents\Posey Studios
2015-12-17 15:53 - 2015-12-27 08:46 - 00000000 ____D C:\FRST
2015-12-17 15:44 - 2015-12-27 08:42 - 00000000 ____D C:\AdwCleaner
2015-12-17 12:15 - 2015-12-06 20:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-17 12:15 - 2015-12-06 20:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-17 12:15 - 2015-12-06 20:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-17 12:15 - 2015-12-06 20:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-17 12:15 - 2015-12-06 20:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-17 12:15 - 2015-12-06 20:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-17 12:15 - 2015-12-06 20:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-17 12:15 - 2015-12-06 20:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-17 12:15 - 2015-12-06 20:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-17 12:15 - 2015-12-06 20:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-17 12:15 - 2015-12-06 20:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-17 12:15 - 2015-12-06 20:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-17 12:15 - 2015-12-06 20:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-17 12:15 - 2015-12-06 20:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-17 12:15 - 2015-12-06 20:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-17 12:15 - 2015-12-06 20:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-17 12:15 - 2015-12-06 20:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-17 12:15 - 2015-12-06 20:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-17 12:15 - 2015-12-06 20:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-17 12:15 - 2015-12-06 20:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-17 12:15 - 2015-12-06 20:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-17 12:15 - 2015-12-06 20:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-17 12:15 - 2015-12-06 20:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-17 12:15 - 2015-12-06 20:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-17 12:15 - 2015-12-06 20:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-17 12:15 - 2015-12-06 20:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-17 12:15 - 2015-12-06 20:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-17 12:15 - 2015-12-06 20:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-17 12:15 - 2015-12-06 20:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-17 12:15 - 2015-12-06 20:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-17 12:15 - 2015-12-06 20:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-17 12:15 - 2015-12-06 20:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-17 12:15 - 2015-12-06 20:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-17 12:15 - 2015-12-06 20:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-17 12:15 - 2015-12-06 19:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-17 12:15 - 2015-12-06 19:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-17 12:15 - 2015-12-06 19:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-17 12:15 - 2015-12-06 19:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-17 12:15 - 2015-12-06 19:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-17 12:15 - 2015-12-06 19:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-17 12:15 - 2015-12-06 19:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-17 12:15 - 2015-12-06 19:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-17 12:15 - 2015-12-06 19:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-17 12:15 - 2015-12-06 19:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-17 12:15 - 2015-12-06 19:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 19:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-17 12:15 - 2015-12-06 19:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-17 12:15 - 2015-12-06 19:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-17 12:15 - 2015-12-06 19:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-17 12:15 - 2015-12-06 19:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-17 12:15 - 2015-12-06 19:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 19:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-17 12:15 - 2015-12-06 19:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-17 12:15 - 2015-12-06 19:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-17 12:15 - 2015-12-06 19:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-17 12:15 - 2015-12-06 19:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-17 12:15 - 2015-12-06 19:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-17 12:15 - 2015-12-06 19:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-17 12:15 - 2015-12-06 19:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-17 12:15 - 2015-12-06 19:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-17 12:15 - 2015-12-06 19:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-17 12:15 - 2015-12-06 19:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-17 12:15 - 2015-12-06 19:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-17 12:15 - 2015-12-06 19:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-17 12:15 - 2015-12-06 19:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-17 12:15 - 2015-12-06 19:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-17 12:15 - 2015-12-06 19:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-17 12:15 - 2015-12-06 19:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-17 12:15 - 2015-12-06 19:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-17 12:15 - 2015-12-06 19:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-17 12:15 - 2015-12-06 19:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-15 10:35 - 2015-12-15 10:35 - 00000000 ____D C:\ProgramData\IntelDLM
2015-12-15 10:29 - 2015-12-15 10:29 - 00000000 ____D C:\Users\John\AppData\Local\Intel
2015-12-15 10:28 - 2015-12-15 11:35 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2015-12-12 09:02 - 2015-12-12 09:03 - 00000000 ___HD C:\$SysReset
2015-12-11 10:49 - 2015-12-11 10:49 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-11 09:15 - 2015-11-30 23:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-11 09:15 - 2015-11-24 04:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-11 09:15 - 2015-11-24 03:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-11 09:15 - 2015-11-24 00:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-11 09:15 - 2015-11-24 00:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-11 09:15 - 2015-11-24 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-11 09:15 - 2015-11-23 23:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-11 09:15 - 2015-11-23 23:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-11 09:15 - 2015-11-23 23:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-11 09:15 - 2015-11-23 23:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-11 09:15 - 2015-11-22 02:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-11 09:15 - 2015-11-22 02:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-11 09:15 - 2015-11-22 02:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-11 09:15 - 2015-11-22 02:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-11 09:15 - 2015-11-22 02:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-11 09:15 - 2015-11-22 02:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-11 09:15 - 2015-11-22 02:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-11 09:15 - 2015-11-22 01:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-11 09:15 - 2015-11-22 01:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-11 09:15 - 2015-11-22 01:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-11 09:15 - 2015-11-22 01:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-11 09:15 - 2015-11-22 01:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-11 09:15 - 2015-11-22 01:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-11 09:15 - 2015-11-22 01:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-11 09:15 - 2015-11-22 01:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-11 09:15 - 2015-11-22 01:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-11 09:15 - 2015-11-22 01:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-11 09:15 - 2015-11-22 01:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-11 09:15 - 2015-11-22 01:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-11 09:15 - 2015-11-22 01:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-11 09:15 - 2015-11-22 01:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-11 09:15 - 2015-11-22 01:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-11 09:15 - 2015-11-22 01:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-11 09:15 - 2015-11-22 01:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-11 09:15 - 2015-11-22 01:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-11 09:15 - 2015-11-22 01:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-11 09:15 - 2015-11-22 01:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-11 09:15 - 2015-11-22 01:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-11 09:15 - 2015-11-22 01:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-11 09:15 - 2015-11-22 01:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-11 09:15 - 2015-11-22 01:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-11 09:15 - 2015-11-22 01:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-11 09:15 - 2015-11-22 01:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-11 09:15 - 2015-11-22 01:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-11 09:15 - 2015-11-22 01:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-11 09:15 - 2015-11-22 01:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-11 09:15 - 2015-11-22 01:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-11 09:15 - 2015-11-22 01:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-11 09:15 - 2015-11-22 01:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-11 09:15 - 2015-11-22 01:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-11 09:15 - 2015-11-22 01:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-11 09:15 - 2015-11-22 01:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-11 09:15 - 2015-11-22 01:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-11 09:15 - 2015-11-22 01:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-11 09:15 - 2015-11-22 01:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-11 09:15 - 2015-11-22 01:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-11 09:15 - 2015-11-22 01:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-11 09:15 - 2015-11-22 01:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-11 09:15 - 2015-11-22 01:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-11 09:15 - 2015-11-20 21:29 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-11 09:15 - 2015-11-12 22:43 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-11 09:15 - 2015-11-12 22:42 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-11 09:15 - 2015-11-12 22:41 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-11 09:15 - 2015-11-12 22:33 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-11 09:15 - 2015-11-12 22:21 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-11 09:15 - 2015-11-12 22:21 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-11 09:15 - 2015-11-12 22:18 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-11 09:15 - 2015-11-12 22:09 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-11 09:15 - 2015-11-12 21:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-11 09:15 - 2015-11-12 21:57 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-11 09:15 - 2015-11-12 21:39 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-11 09:15 - 2015-11-12 21:29 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-11 09:15 - 2015-11-12 21:19 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-11 09:15 - 2015-11-05 01:13 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-11 09:15 - 2015-11-05 01:10 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-11 09:15 - 2015-11-05 00:18 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-11 09:15 - 2015-11-05 00:15 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-11 09:14 - 2015-11-24 02:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-11 09:14 - 2015-11-24 02:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-11 09:14 - 2015-11-24 01:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-11 09:14 - 2015-11-24 01:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-11 09:14 - 2015-11-24 01:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-11 09:14 - 2015-11-24 01:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-11 09:14 - 2015-11-24 01:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-11 09:14 - 2015-11-24 01:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-11 09:14 - 2015-11-24 01:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-11 09:14 - 2015-11-24 00:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-11 09:14 - 2015-11-24 00:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-11 09:14 - 2015-11-24 00:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-11 09:14 - 2015-11-24 00:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-11 09:14 - 2015-11-23 23:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-11 09:14 - 2015-11-23 23:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-11 09:14 - 2015-11-23 23:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-11 09:14 - 2015-11-23 23:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-11 09:14 - 2015-11-22 02:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-11 09:14 - 2015-11-22 02:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-11 09:14 - 2015-11-22 02:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-11 09:14 - 2015-11-22 02:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-11 09:14 - 2015-11-22 02:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-11 09:14 - 2015-11-22 02:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-11 09:14 - 2015-11-22 02:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-11 09:14 - 2015-11-22 02:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-11 09:14 - 2015-11-22 02:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-11 09:14 - 2015-11-22 02:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-11 09:14 - 2015-11-22 02:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-11 09:14 - 2015-11-22 02:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-11 09:14 - 2015-11-22 01:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-11 09:14 - 2015-11-22 01:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-11 09:14 - 2015-11-22 01:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-11 09:14 - 2015-11-22 01:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-11 09:14 - 2015-11-22 01:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-11 09:14 - 2015-11-22 01:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-11 09:14 - 2015-11-22 01:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-11 09:14 - 2015-11-22 01:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-11 09:14 - 2015-11-22 01:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-11 09:14 - 2015-11-22 01:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-11 09:14 - 2015-11-22 01:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-11 09:14 - 2015-11-22 01:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-11 09:14 - 2015-11-22 01:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-11 09:14 - 2015-11-22 01:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-11 09:14 - 2015-11-22 01:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-11 09:14 - 2015-11-22 01:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-11 09:14 - 2015-11-22 01:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-11 09:14 - 2015-11-22 01:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-11 09:14 - 2015-11-22 01:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-11 09:14 - 2015-11-22 01:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-11 09:14 - 2015-11-22 01:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-11 09:14 - 2015-11-22 01:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-11 09:14 - 2015-11-22 01:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-11 09:14 - 2015-11-22 01:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-11 09:14 - 2015-11-22 01:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-11 09:14 - 2015-11-22 01:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-11 09:14 - 2015-11-22 01:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-11 09:14 - 2015-11-22 01:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-11 09:14 - 2015-11-22 01:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-11 09:14 - 2015-11-22 01:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-11 09:14 - 2015-11-22 01:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-11 09:14 - 2015-11-22 01:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-11 09:14 - 2015-11-22 01:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-11 09:14 - 2015-11-22 01:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-11 09:14 - 2015-11-22 01:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-11 09:14 - 2015-11-22 01:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-11 09:14 - 2015-11-22 01:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-11 09:14 - 2015-11-22 01:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-11 09:14 - 2015-11-22 01:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-11 09:14 - 2015-11-22 01:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-11 09:14 - 2015-11-22 01:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-11 09:14 - 2015-11-22 01:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-11 09:14 - 2015-11-22 01:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-11 09:14 - 2015-11-22 01:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-11 09:14 - 2015-11-22 01:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-11 09:14 - 2015-11-22 01:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-11 09:14 - 2015-11-22 01:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-11 09:14 - 2015-11-22 01:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-11 09:14 - 2015-11-22 01:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-11 09:14 - 2015-11-22 01:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-11 09:14 - 2015-11-22 01:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-11 09:14 - 2015-11-22 01:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-11 09:14 - 2015-11-22 01:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-11 09:14 - 2015-11-22 01:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-11 09:14 - 2015-11-22 01:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-11 09:14 - 2015-11-22 01:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-11 09:14 - 2015-11-22 01:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-11 09:14 - 2015-11-22 01:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-11 09:14 - 2015-11-22 01:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-11 09:14 - 2015-11-22 01:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-11 09:14 - 2015-11-22 01:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-11 09:14 - 2015-11-22 01:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-11 09:14 - 2015-11-22 01:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-11 09:14 - 2015-11-20 22:21 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-11 09:14 - 2015-11-20 22:02 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-11 09:14 - 2015-11-20 21:44 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-11 09:14 - 2015-11-20 21:07 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-11 09:14 - 2015-11-12 22:55 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-11 09:14 - 2015-11-12 22:51 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-11 09:14 - 2015-11-12 22:51 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-11 09:14 - 2015-11-12 22:51 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-11 09:14 - 2015-11-12 22:43 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-11 09:14 - 2015-11-12 22:43 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-11 09:14 - 2015-11-12 22:43 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-11 09:14 - 2015-11-12 22:43 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-11 09:14 - 2015-11-12 22:42 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-11 09:14 - 2015-11-12 22:42 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-11 09:14 - 2015-11-12 22:33 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-11 09:14 - 2015-11-12 22:33 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-11 09:14 - 2015-11-12 22:32 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-11 09:14 - 2015-11-12 22:21 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-11 09:14 - 2015-11-12 22:21 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-11 09:14 - 2015-11-12 22:21 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-11 09:14 - 2015-11-12 22:21 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-11 09:14 - 2015-11-12 22:07 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-11 09:14 - 2015-11-12 22:06 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-11 09:14 - 2015-11-12 22:05 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-11 09:14 - 2015-11-12 22:05 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-11 09:14 - 2015-11-12 22:05 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-11 09:14 - 2015-11-12 22:05 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-11 09:14 - 2015-11-12 22:04 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-11 09:14 - 2015-11-12 22:04 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-11 09:14 - 2015-11-12 22:04 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-11 09:14 - 2015-11-12 22:03 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-11 09:14 - 2015-11-12 22:00 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-11 09:14 - 2015-11-12 21:59 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-11 09:14 - 2015-11-12 21:58 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-11 09:14 - 2015-11-12 21:56 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-11 09:14 - 2015-11-12 21:55 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-11 09:14 - 2015-11-12 21:54 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-11 09:14 - 2015-11-12 21:53 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-11 09:14 - 2015-11-12 21:50 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-11 09:14 - 2015-11-12 21:49 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-11 09:14 - 2015-11-12 21:40 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-11 09:14 - 2015-11-12 21:40 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-11 09:14 - 2015-11-12 21:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-11 09:14 - 2015-11-12 21:33 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-11 09:14 - 2015-11-12 21:30 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-11 09:14 - 2015-11-12 21:30 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-11 09:14 - 2015-11-12 21:27 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-11 09:14 - 2015-11-12 21:23 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-11 09:14 - 2015-11-05 04:05 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-11 09:14 - 2015-11-05 02:40 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-11 09:14 - 2015-11-05 02:25 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-11 09:14 - 2015-11-05 02:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-11 09:14 - 2015-11-05 02:08 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-11 09:14 - 2015-11-05 02:04 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-11 09:14 - 2015-11-05 02:00 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-11 09:14 - 2015-11-05 01:44 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-11 09:14 - 2015-11-05 01:41 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-11 09:14 - 2015-11-05 01:03 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-11 09:14 - 2015-11-05 01:02 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-11 09:14 - 2015-11-05 00:59 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-11 09:14 - 2015-11-05 00:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-11 09:14 - 2015-11-05 00:42 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-10 08:37 - 2015-12-10 08:37 - 00000000 ____D C:\Users\John\AppData\Local\ActiveSync
2015-12-10 08:35 - 2015-12-10 08:35 - 00000020 ___SH C:\Users\John\ntuser.ini
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default\My Documents
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-12-10 03:32 - 2015-12-27 08:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-10 03:22 - 2015-12-10 03:22 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-12-10 03:22 - 2015-12-10 03:22 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-12-10 03:21 - 2015-12-10 03:21 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-10 03:16 - 2015-12-10 03:22 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-12-10 03:14 - 2015-12-27 08:43 - 00000000 ____D C:\Users\John
2015-12-10 03:14 - 2015-12-10 03:14 - 00000000 _SHDL C:\Users\John\My Documents
2015-12-10 03:14 - 2015-12-10 03:14 - 00000000 _SHDL C:\Users\John\Documents\My Videos
2015-12-10 03:14 - 2015-12-10 03:14 - 00000000 _SHDL C:\Users\John\Documents\My Pictures
2015-12-10 03:14 - 2015-12-10 03:14 - 00000000 _SHDL C:\Users\John\Documents\My Music
2015-12-10 03:11 - 2015-10-29 12:33 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-12-10 03:11 - 2015-10-29 12:33 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-12-10 03:10 - 2015-12-10 03:17 - 00000000 ____D C:\Program Files\Intel
2015-12-10 03:10 - 2015-12-10 03:17 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-12-10 03:10 - 2015-12-10 03:10 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-12-10 03:10 - 2015-12-10 03:10 - 00000000 ____D C:\WINDOWS\system32\DAX2
2015-12-10 03:10 - 2015-12-10 03:10 - 00000000 ____D C:\ProgramData\SetupTPDriver
2015-12-10 03:09 - 2015-12-10 03:09 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-12-10 03:09 - 2015-12-10 03:09 - 00000000 ____D C:\Program Files\Realtek
2015-12-10 03:09 - 2015-10-29 23:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-10 03:05 - 2015-12-12 08:49 - 00337440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-10 03:04 - 2015-12-10 06:00 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-10 03:02 - 2015-12-10 03:02 - 00000000 ____D C:\Windows.old
2015-12-10 03:01 - 2015-12-10 03:01 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-10 03:00 - 2015-12-10 03:00 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-10 03:00 - 2015-12-10 03:00 - 00000000 ____D C:\Program Files\MSBuild
2015-12-10 03:00 - 2015-12-10 03:00 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-10 03:00 - 2015-12-10 03:00 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-10 02:59 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-10 02:59 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-10 02:59 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-10 02:59 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-10 02:59 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-10 02:59 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-04 14:22 - 2015-12-10 08:41 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-12-04 14:22 - 2015-12-10 03:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2015-12-04 14:22 - 2015-12-04 14:22 - 00002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-12-04 14:22 - 2015-12-04 14:22 - 00002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-12-04 14:22 - 2015-12-04 14:22 - 00002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-12-04 14:22 - 2015-12-04 14:22 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-12-04 14:22 - 2015-12-04 14:22 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-12-04 14:22 - 2015-12-04 14:22 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-12-04 14:21 - 2015-12-04 14:22 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-04 08:42 - 2015-12-04 08:47 - 06968048 _____ (IvoSoft) C:\Users\John\Downloads\ClassicShellSetup_4_2_5.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-27 08:44 - 2015-06-17 12:47 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-27 08:44 - 2015-04-15 10:52 - 00000000 ____D C:\Users\John\AppData\Local\ClassicShell
2015-12-27 08:43 - 2015-08-02 21:32 - 00000000 __SHD C:\Users\John\IntelGraphicsProfiles
2015-12-27 08:42 - 2015-10-29 22:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-27 08:13 - 2015-06-17 12:47 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-27 07:11 - 2015-04-17 0
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Mon Dec 28, 2015 3:10 am    Post subject: Reply with quote

Hi,
The FRST.txt log you posted has been cut off by the forum post limiter, post it again in full.
I also need you to post the FRST Addition.txt, Please post each log separately.
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Mon Dec 28, 2015 8:51 am    Post subject: frst txt Reply with quote

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:28-12-2015
Ran by John (administrator) on JP (28-12-2015 08:49:45)
Running from C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\C2L82YRP
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
() C:\Program Files\WindowsApps\32988BernardoZamora.Dummy2_1.12.1.32_neutral__1fgex2kbsn6g8\Solitaire.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163520 2015-04-09] (IvoSoft)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3936709736-1518792879-354126822-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3936709736-1518792879-354126822-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2015-12-21]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{224c079e-9089-4ecb-944a-901d157edb42}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{b393193f-e6b9-4f34-84eb-0f06eaeedb2f}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3936709736-1518792879-354126822-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.foxnews.com/
SearchScopes: HKU\S-1-5-21-3936709736-1518792879-354126822-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3936709736-1518792879-354126822-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-17] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-17] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-04-09] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-04-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-12-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-17]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-17]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-17]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-17]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-17]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-17]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2748600 2015-12-04] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-29] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-29] (Intel Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-27 13:06 - 2015-12-27 13:06 - 00000000 ____D C:\Users\John\AppData\LocalLow\Temp
2015-12-27 08:39 - 2015-12-27 08:39 - 01743360 _____ C:\Users\John\Downloads\adwcleaner_5.026.exe
2015-12-27 08:38 - 2015-12-27 08:38 - 00002310 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-12-27 08:38 - 2015-12-27 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-12-27 08:38 - 2015-12-27 08:38 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-12-21 10:02 - 2015-12-21 10:02 - 00200249 _____ C:\Users\John\Documents\Scan0003.pdf
2015-12-21 10:01 - 2015-12-21 10:01 - 00200344 _____ C:\Users\John\Documents\Scan0002.pdf
2015-12-19 14:59 - 2015-12-19 15:09 - 00000000 ____D C:\Program Files\WebDiscoverBrowser
2015-12-19 14:59 - 2015-12-19 14:59 - 00000000 ____D C:\Users\John\AppData\Local\WebDiscoverBrowser
2015-12-19 14:58 - 2015-12-19 14:58 - 00023168 _____ C:\WINDOWS\System32\Tasks\{040B0B47-040B-0478-0B11-0B79787A117E}
2015-12-19 14:58 - 2015-12-19 14:58 - 00000000 ____D C:\ProgramData\ba5bbb1e-64c5-1
2015-12-19 14:58 - 2015-12-19 14:58 - 00000000 ____D C:\ProgramData\ba5bbb1e-3a55-0
2015-12-19 14:57 - 2015-12-19 15:09 - 00000000 ____D C:\Users\John\AppData\Local\Lavasoft
2015-12-19 14:57 - 2015-12-19 15:07 - 00000262 _____ C:\Prefs.js
2015-12-19 14:57 - 2015-12-19 15:07 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2015-12-19 14:57 - 2015-12-19 15:04 - 00002936 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-12-19 14:57 - 2015-12-19 15:04 - 00002936 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-12-19 14:57 - 2015-12-19 14:57 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-12-19 14:57 - 2015-12-19 14:57 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-12-19 14:57 - 2015-12-19 14:57 - 00000000 ____D C:\Users\John\AppData\Roaming\Lavasoft
2015-12-19 14:57 - 2015-12-19 14:57 - 00000000 ____D C:\searchplugins
2015-12-19 14:57 - 2015-12-19 14:57 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-12-19 14:56 - 2015-12-19 14:56 - 00000000 ____D C:\ProgramData\Lavasoft
2015-12-19 09:56 - 2015-12-19 09:56 - 00000000 ____D C:\Users\John\AppData\Roaming\com.pandora.desktop.66F690BC77738C95E986E1B4A197193F28756A21.1
2015-12-19 09:56 - 2015-12-19 09:56 - 00000000 ____D C:\Program Files (x86)\Pandora
2015-12-18 08:17 - 2015-12-27 08:38 - 00032854 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2015-12-17 16:07 - 2015-12-17 16:08 - 00000000 ____D C:\Users\John\AppData\Local\Microsoft Help
2015-12-17 16:05 - 2015-12-17 16:06 - 00000000 ____D C:\Users\John\Documents\Posey Studios
2015-12-17 15:53 - 2015-12-28 08:49 - 00000000 ____D C:\FRST
2015-12-17 15:44 - 2015-12-27 08:42 - 00000000 ____D C:\AdwCleaner
2015-12-17 12:15 - 2015-12-06 20:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-17 12:15 - 2015-12-06 20:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-17 12:15 - 2015-12-06 20:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-17 12:15 - 2015-12-06 20:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-17 12:15 - 2015-12-06 20:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-17 12:15 - 2015-12-06 20:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-17 12:15 - 2015-12-06 20:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-17 12:15 - 2015-12-06 20:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-17 12:15 - 2015-12-06 20:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-17 12:15 - 2015-12-06 20:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-17 12:15 - 2015-12-06 20:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-17 12:15 - 2015-12-06 20:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-17 12:15 - 2015-12-06 20:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-17 12:15 - 2015-12-06 20:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-17 12:15 - 2015-12-06 20:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-17 12:15 - 2015-12-06 20:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-17 12:15 - 2015-12-06 20:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-17 12:15 - 2015-12-06 20:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-17 12:15 - 2015-12-06 20:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-17 12:15 - 2015-12-06 20:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-17 12:15 - 2015-12-06 20:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-17 12:15 - 2015-12-06 20:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-17 12:15 - 2015-12-06 20:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-17 12:15 - 2015-12-06 20:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-17 12:15 - 2015-12-06 20:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-17 12:15 - 2015-12-06 20:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-17 12:15 - 2015-12-06 20:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-17 12:15 - 2015-12-06 20:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-17 12:15 - 2015-12-06 20:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-17 12:15 - 2015-12-06 20:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-17 12:15 - 2015-12-06 20:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-17 12:15 - 2015-12-06 20:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-17 12:15 - 2015-12-06 20:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-17 12:15 - 2015-12-06 20:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-17 12:15 - 2015-12-06 19:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-17 12:15 - 2015-12-06 19:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-17 12:15 - 2015-12-06 19:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-17 12:15 - 2015-12-06 19:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-17 12:15 - 2015-12-06 19:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-17 12:15 - 2015-12-06 19:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-17 12:15 - 2015-12-06 19:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-17 12:15 - 2015-12-06 19:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-17 12:15 - 2015-12-06 19:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-17 12:15 - 2015-12-06 19:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-17 12:15 - 2015-12-06 19:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 19:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-17 12:15 - 2015-12-06 19:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-17 12:15 - 2015-12-06 19:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-17 12:15 - 2015-12-06 19:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-17 12:15 - 2015-12-06 19:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-17 12:15 - 2015-12-06 19:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 19:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-17 12:15 - 2015-12-06 19:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-17 12:15 - 2015-12-06 19:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-17 12:15 - 2015-12-06 19:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-17 12:15 - 2015-12-06 19:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-17 12:15 - 2015-12-06 19:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-17 12:15 - 2015-12-06 19:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-17 12:15 - 2015-12-06 19:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-17 12:15 - 2015-12-06 19:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-17 12:15 - 2015-12-06 19:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-17 12:15 - 2015-12-06 19:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-17 12:15 - 2015-12-06 19:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-17 12:15 - 2015-12-06 19:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-17 12:15 - 2015-12-06 19:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-17 12:15 - 2015-12-06 19:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-17 12:15 - 2015-12-06 19:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-17 12:15 - 2015-12-06 19:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-17 12:15 - 2015-12-06 19:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-17 12:15 - 2015-12-06 19:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-17 12:15 - 2015-12-06 19:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-15 10:35 - 2015-12-15 10:35 - 00000000 ____D C:\ProgramData\IntelDLM
2015-12-15 10:29 - 2015-12-15 10:29 - 00000000 ____D C:\Users\John\AppData\Local\Intel
2015-12-15 10:28 - 2015-12-15 11:35 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2015-12-12 09:02 - 2015-12-12 09:03 - 00000000 ___HD C:\$SysReset
2015-12-11 10:49 - 2015-12-11 10:49 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-11 09:15 - 2015-11-30 23:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-11 09:15 - 2015-11-24 04:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-11 09:15 - 2015-11-24 03:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-11 09:15 - 2015-11-24 00:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-11 09:15 - 2015-11-24 00:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-11 09:15 - 2015-11-24 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-11 09:15 - 2015-11-23 23:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-11 09:15 - 2015-11-23 23:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-11 09:15 - 2015-11-23 23:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-11 09:15 - 2015-11-23 23:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-11 09:15 - 2015-11-22 02:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-11 09:15 - 2015-11-22 02:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-11 09:15 - 2015-11-22 02:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-11 09:15 - 2015-11-22 02:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-11 09:15 - 2015-11-22 02:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-11 09:15 - 2015-11-22 02:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-11 09:15 - 2015-11-22 02:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-11 09:15 - 2015-11-22 01:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-11 09:15 - 2015-11-22 01:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-11 09:15 - 2015-11-22 01:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-11 09:15 - 2015-11-22 01:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-11 09:15 - 2015-11-22 01:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-11 09:15 - 2015-11-22 01:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-11 09:15 - 2015-11-22 01:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-11 09:15 - 2015-11-22 01:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-11 09:15 - 2015-11-22 01:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-11 09:15 - 2015-11-22 01:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-11 09:15 - 2015-11-22 01:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-11 09:15 - 2015-11-22 01:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-11 09:15 - 2015-11-22 01:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-11 09:15 - 2015-11-22 01:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-11 09:15 - 2015-11-22 01:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-11 09:15 - 2015-11-22 01:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-11 09:15 - 2015-11-22 01:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-11 09:15 - 2015-11-22 01:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-11 09:15 - 2015-11-22 01:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-11 09:15 - 2015-11-22 01:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-11 09:15 - 2015-11-22 01:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-11 09:15 - 2015-11-22 01:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-11 09:15 - 2015-11-22 01:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-11 09:15 - 2015-11-22 01:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-11 09:15 - 2015-11-22 01:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-11 09:15 - 2015-11-22 01:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-11 09:15 - 2015-11-22 01:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-11 09:15 - 2015-11-22 01:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-11 09:15 - 2015-11-22 01:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-11 09:15 - 2015-11-22 01:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-11 09:15 - 2015-11-22 01:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-11 09:15 - 2015-11-22 01:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-11 09:15 - 2015-11-22 01:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-11 09:15 - 2015-11-22 01:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-11 09:15 - 2015-11-22 01:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-11 09:15 - 2015-11-22 01:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-11 09:15 - 2015-11-22 01:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-11 09:15 - 2015-11-22 01:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-11 09:15 - 2015-11-22 01:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-11 09:15 - 2015-11-22 01:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-11 09:15 - 2015-11-22 01:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-11 09:15 - 2015-11-22 01:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-11 09:15 - 2015-11-20 21:29 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-11 09:15 - 2015-11-12 22:43 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-11 09:15 - 2015-11-12 22:42 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-11 09:15 - 2015-11-12 22:41 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-11 09:15 - 2015-11-12 22:33 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-11 09:15 - 2015-11-12 22:21 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-11 09:15 - 2015-11-12 22:21 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-11 09:15 - 2015-11-12 22:18 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-11 09:15 - 2015-11-12 22:09 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-11 09:15 - 2015-11-12 21:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-11 09:15 - 2015-11-12 21:57 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-11 09:15 - 2015-11-12 21:39 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-11 09:15 - 2015-11-12 21:29 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-11 09:15 - 2015-11-12 21:19 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-11 09:15 - 2015-11-05 01:13 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-11 09:15 - 2015-11-05 01:10 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-11 09:15 - 2015-11-05 00:18 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-11 09:15 - 2015-11-05 00:15 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-11 09:14 - 2015-11-24 02:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-11 09:14 - 2015-11-24 02:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-11 09:14 - 2015-11-24 01:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-11 09:14 - 2015-11-24 01:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-11 09:14 - 2015-11-24 01:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-11 09:14 - 2015-11-24 01:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-11 09:14 - 2015-11-24 01:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-11 09:14 - 2015-11-24 01:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-11 09:14 - 2015-11-24 01:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-11 09:14 - 2015-11-24 00:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-11 09:14 - 2015-11-24 00:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-11 09:14 - 2015-11-24 00:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-11 09:14 - 2015-11-24 00:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-11 09:14 - 2015-11-23 23:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-11 09:14 - 2015-11-23 23:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-11 09:14 - 2015-11-23 23:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-11 09:14 - 2015-11-23 23:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-11 09:14 - 2015-11-22 02:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-11 09:14 - 2015-11-22 02:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-11 09:14 - 2015-11-22 02:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-11 09:14 - 2015-11-22 02:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-11 09:14 - 2015-11-22 02:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-11 09:14 - 2015-11-22 02:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-11 09:14 - 2015-11-22 02:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-11 09:14 - 2015-11-22 02:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-11 09:14 - 2015-11-22 02:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-11 09:14 - 2015-11-22 02:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-11 09:14 - 2015-11-22 02:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-11 09:14 - 2015-11-22 02:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-11 09:14 - 2015-11-22 01:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-11 09:14 - 2015-11-22 01:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-11 09:14 - 2015-11-22 01:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-11 09:14 - 2015-11-22 01:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-11 09:14 - 2015-11-22 01:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-11 09:14 - 2015-11-22 01:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-11 09:14 - 2015-11-22 01:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-11 09:14 - 2015-11-22 01:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-11 09:14 - 2015-11-22 01:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-11 09:14 - 2015-11-22 01:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-11 09:14 - 2015-11-22 01:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-11 09:14 - 2015-11-22 01:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-11 09:14 - 2015-11-22 01:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-11 09:14 - 2015-11-22 01:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-11 09:14 - 2015-11-22 01:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-11 09:14 - 2015-11-22 01:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-11 09:14 - 2015-11-22 01:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-11 09:14 - 2015-11-22 01:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-11 09:14 - 2015-11-22 01:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-11 09:14 - 2015-11-22 01:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-11 09:14 - 2015-11-22 01:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-11 09:14 - 2015-11-22 01:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-11 09:14 - 2015-11-22 01:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-11 09:14 - 2015-11-22 01:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-11 09:14 - 2015-11-22 01:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-11 09:14 - 2015-11-22 01:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-11 09:14 - 2015-11-22 01:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-11 09:14 - 2015-11-22 01:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-11 09:14 - 2015-11-22 01:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-11 09:14 - 2015-11-22 01:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-11 09:14 - 2015-11-22 01:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-11 09:14 - 2015-11-22 01:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-11 09:14 - 2015-11-22 01:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-11 09:14 - 2015-11-22 01:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-11 09:14 - 2015-11-22 01:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-11 09:14 - 2015-11-22 01:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-11 09:14 - 2015-11-22 01:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-11 09:14 - 2015-11-22 01:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-11 09:14 - 2015-11-22 01:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-11 09:14 - 2015-11-22 01:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-11 09:14 - 2015-11-22 01:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-11 09:14 - 2015-11-22 01:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-11 09:14 - 2015-11-22 01:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-11 09:14 - 2015-11-22 01:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-11 09:14 - 2015-11-22 01:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-11 09:14 - 2015-11-22 01:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-11 09:14 - 2015-11-22 01:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-11 09:14 - 2015-11-22 01:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-11 09:14 - 2015-11-22 01:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-11 09:14 - 2015-11-22 01:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-11 09:14 - 2015-11-22 01:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-11 09:14 - 2015-11-22 01:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-11 09:14 - 2015-11-22 01:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-11 09:14 - 2015-11-22 01:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-11 09:14 - 2015-11-22 01:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-11 09:14 - 2015-11-22 01:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-11 09:14 - 2015-11-22 01:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-11 09:14 - 2015-11-22 01:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-11 09:14 - 2015-11-22 01:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-11 09:14 - 2015-11-22 01:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-11 09:14 - 2015-11-22 01:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-11 09:14 - 2015-11-22 01:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-11 09:14 - 2015-11-22 01:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-11 09:14 - 2015-11-20 22:21 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-11 09:14 - 2015-11-20 22:02 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-11 09:14 - 2015-11-20 21:44 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-11 09:14 - 2015-11-20 21:07 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-11 09:14 - 2015-11-12 22:55 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-11 09:14 - 2015-11-12 22:51 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-11 09:14 - 2015-11-12 22:51 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-11 09:14 - 2015-11-12 22:51 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-11 09:14 - 2015-11-12 22:43 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-11 09:14 - 2015-11-12 22:43 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-11 09:14 - 2015-11-12 22:43 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-11 09:14 - 2015-11-12 22:43 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-11 09:14 - 2015-11-12 22:42 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-11 09:14 - 2015-11-12 22:42 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-11 09:14 - 2015-11-12 22:33 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-11 09:14 - 2015-11-12 22:33 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-11 09:14 - 2015-11-12 22:32 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-11 09:14 - 2015-11-12 22:21 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-11 09:14 - 2015-11-12 22:21 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-11 09:14 - 2015-11-12 22:21 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-11 09:14 - 2015-11-12 22:21 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-11 09:14 - 2015-11-12 22:07 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-11 09:14 - 2015-11-12 22:06 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-11 09:14 - 2015-11-12 22:05 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-11 09:14 - 2015-11-12 22:05 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-11 09:14 - 2015-11-12 22:05 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-11 09:14 - 2015-11-12 22:05 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-11 09:14 - 2015-11-12 22:04 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-11 09:14 - 2015-11-12 22:04 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-11 09:14 - 2015-11-12 22:04 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-11 09:14 - 2015-11-12 22:03 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-11 09:14 - 2015-11-12 22:00 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-11 09:14 - 2015-11-12 21:59 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-11 09:14 - 2015-11-12 21:58 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-11 09:14 - 2015-11-12 21:56 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-11 09:14 - 2015-11-12 21:55 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-11 09:14 - 2015-11-12 21:54 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-11 09:14 - 2015-11-12 21:53 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-11 09:14 - 2015-11-12 21:50 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-11 09:14 - 2015-11-12 21:49 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-11 09:14 - 2015-11-12 21:40 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-11 09:14 - 2015-11-12 21:40 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-11 09:14 - 2015-11-12 21:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-11 09:14 - 2015-11-12 21:33 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-11 09:14 - 2015-11-12 21:30 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-11 09:14 - 2015-11-12 21:30 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-11 09:14 - 2015-11-12 21:27 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-11 09:14 - 2015-11-12 21:23 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-11 09:14 - 2015-11-05 04:05 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-11 09:14 - 2015-11-05 02:40 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-11 09:14 - 2015-11-05 02:25 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-11 09:14 - 2015-11-05 02:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-11 09:14 - 2015-11-05 02:08 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-11 09:14 - 2015-11-05 02:04 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-11 09:14 - 2015-11-05 02:00 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-11 09:14 - 2015-11-05 01:44 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-11 09:14 - 2015-11-05 01:41 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-11 09:14 - 2015-11-05 01:03 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-11 09:14 - 2015-11-05 01:02 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-11 09:14 - 2015-11-05 00:59 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-11 09:14 - 2015-11-05 00:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-11 09:14 - 2015-11-05 00:42 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-10 08:37 - 2015-12-10 08:37 - 00000000 ____D C:\Users\John\AppData\Local\ActiveSync
2015-12-10 08:35 - 2015-12-10 08:35 - 00000020 ___SH C:\Users\John\ntuser.ini
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default\My Documents
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-12-10 03:32 - 2015-12-27 08:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-10 03:22 - 2015-12-10 03:22 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-12-10 03:22 - 2015-12-10 03:22 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-12-10 03:21 - 2015-12-10 03:21 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-10 03:16 - 2015-12-10 03:22 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-12-10 03:14 - 2015-12-27 08:43 - 00000000 ____D C:\Users\John
2015-12-10 03:14 - 2015-12-10 03:14 - 00000000 _SHDL C:\Users\John\My Documents
2015-12-10 03:14 - 2015-12-10 03:14 - 00000000 _SHDL C:\Users\John\Documents\My Videos
2015-12-10 03:14 - 2015-12-10 03:14 - 00000000 _SHDL C:\Users\John\Documents\My Pictures
2015-12-10 03:14 - 2015-12-10 03:14 - 00000000 _SHDL C:\Users\John\Documents\My Music
2015-12-10 03:11 - 2015-10-29 12:33 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-12-10 03:11 - 2015-10-29 12:33 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-12-10 03:10 - 2015-12-10 03:17 - 00000000 ____D C:\Program Files\Intel
2015-12-10 03:10 - 2015-12-10 03:17 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-12-10 03:10 - 2015-12-10 03:10 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-12-10 03:10 - 2015-12-10 03:10 - 00000000 ____D C:\WINDOWS\system32\DAX2
2015-12-10 03:10 - 2015-12-10 03:10 - 00000000 ____D C:\ProgramData\SetupTPDriver
2015-12-10 03:09 - 2015-12-10 03:09 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-12-10 03:09 - 2015-12-10 03:09 - 00000000 ____D C:\Program Files\Realtek
2015-12-10 03:09 - 2015-10-29 23:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-10 03:05 - 2015-12-12 08:49 - 00337440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-10 03:04 - 2015-12-10 06:00 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-10 03:02 - 2015-12-10 03:02 - 00000000 ____D C:\Windows.old
2015-12-10 03:01 - 2015-12-10 03:01 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-10 03:00 - 2015-12-10 03:00 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-10 03:00 - 2015-12-10 03:00 - 00000000 ____D C:\Program Files\MSBuild
2015-12-10 03:00 - 2015-12-10 03:00 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-10 03:00 - 2015-12-10 03:00 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-10 02:59 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-10 02:59 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-10 02:59 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-10 02:59 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-10 02:59 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-10 02:59 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-04 14:22 - 2015-12-10 08:41 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-12-04 14:22 - 2015-12-10 03:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2015-12-04 14:22 - 2015-12-04 14:22 - 00002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-12-04 14:22 - 2015-12-04 14:22 - 00002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-12-04 14:22 - 2015-12-04 14:22 - 00002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-12-04 14:22 - 2015-12-04 14:22 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-12-04 14:22 - 2015-12-04 14:22 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-12-04 14:22 - 2015-12-04 14:22 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-12-04 14:21 - 2015-12-04 14:22 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-04 08:42 - 2015-12-04 08:47 - 06968048 _____ (IvoSoft) C:\Users\John\Downloads\ClassicShellSetup_4_2_5.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-28 08:46 - 2015-04-15 10:52 - 00000000 ____D C:\Users\John\AppData\Local\ClassicShell
2015-12-28 08:29 - 2015-04-17 08:43 - 00004138 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6B462D2-735E-42DD-82CB-5ED9A0D80FFA}
2015-12-28 08:13 - 2015-06-17 12:47 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-27 09:13 - 2015-06-17 12:47 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-27 08:50 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-27 08:50 - 2015-08-02 21:27 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-27 08:48 - 2015-10-29 22:28 - 00000000 ____D C:\Windows
2015-12-27 08:43 - 2015-08-02 21:32 - 00000000 __SHD C:\Users\John\IntelGraphicsProfiles
2015-12-27
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Mon Dec 28, 2015 8:52 am    Post subject: FRST addition Reply with quote

here you go.
Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-12-2015
Ran by John (2015-12-28 08:50:11)
Running from C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\C2L82YRP
Windows 10 Home (X64) (2015-12-10 11:42:26)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-3936709736-1518792879-354126822-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-3936709736-1518792879-354126822-503 - Limited - Disabled)
Guest (S-1-5-21-3936709736-1518792879-354126822-501 - Limited - Disabled)
John (S-1-5-21-3936709736-1518792879-354126822-1001 - Administrator - Enabled) => C:\Users\John

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 18.0.0.199 - Adobe Systems Incorporated)
Adobe Reader X (10.1.16) MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AA0000000001}) (Version: 10.1.16 - Adobe Systems Incorporated)
Alcor Micro USB Card Reader (HKLM-x32\...\AmUStor) (Version: 3.8.142.61628 - Alcor Micro Corp.)
Alcor Micro USB Card Reader (x32 Version: 3.8.142.61628 - Alcor Micro Corp.) Hidden
ASUS Instant Connect (HKLM-x32\...\{89ECB85A-D933-4CEA-9116-5CBC9C2ED95B}) (Version: 1.2.8 - ASUS)
ASUS InstantOn (HKLM-x32\...\{749F674B-2674-47E8-879C-5626A06B2A91}) (Version: 3.0.4 - ASUS)
ASUS LifeFrame3 (HKLM-x32\...\{1DBD1F12-ED93-49C0-A7CC-56CBDE488158}) (Version: 3.1.9 - ASUS)
ASUS Live Update (HKLM-x32\...\{FA540E67-095C-4A1B-97BA-4D547DEC9AF4}) (Version: 3.1.8 - ASUS)
ASUS Power4Gear Hybrid (HKLM\...\{9B6239BF-4E85-4590-8D72-51E30DB1A9AA}) (Version: 2.0.4 - ASUS)
ASUS Screen Saver (HKLM\...\{0FBEEDF8-30FA-4FA3-B31F-C9C7E7E8DFA2}) (Version: 1.0.1 - ASUS)
ASUS Smart Gesture (HKLM-x32\...\{4D3286A6-F6AB-498A-82A4-E4F040529F3D}) (Version: 4.0.5 - ASUS)
ASUS Splendid Video Enhancement Technology (HKLM-x32\...\{0969AF05-4FF6-4C00-9406-43599238DE0D}) (Version: 1.03.0004 - ASUS)
ASUS Tutor (HKLM-x32\...\{58172D66-2F69-4215-9AEC-ED8196023736}) (Version: 1.0.8 - ASUS)
ASUS USB Charger Plus (HKLM-x32\...\{A859E3E5-C62F-4BFA-AF1D-2B95E03166AF}) (Version: 2.1.4 - ASUS)
ASUSDVD (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4126.52 - CyberLink Corp.)
ASUSDVD (x32 Version: 10.0.4126.52 - CyberLink Corp.) Hidden
Atheros Communications Inc.(R) AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.4 - Atheros Communications Inc.)
ATK Package (HKLM-x32\...\{AB5C933E-5C7D-4D30-B314-9C83A49B94BE}) (Version: 1.0.0023 - ASUS)
Bing Bar (HKLM-x32\...\{3611CA6C-5FCA-4900-A329-6A118123CCFC}) (Version: 7.1.355.0 - Microsoft Corporation)
Classic Shell (HKLM\...\{7C129CF8-199F-4269-AAEE-60B5D8D716E2}) (Version: 4.2.1 - IvoSoft)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{791A06E2-340F-43B0-8FAB-62D151339362}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Help (HKLM-x32\...\{46235FF7-2CBE-4A84-BEDA-87348D1F7850}) (Version: 28.0.0 - Hewlett Packard)
HP Officejet Pro 8600 Product Improvement Study (HKLM\...\{2BF5E9CC-C55D-4B0F-ACAF-FFE77F333CD8}) (Version: 28.0.1315.0 - Hewlett-Packard Co.)
HP Support Assistant (HKLM-x32\...\{61EB474B-67A6-47F4-B1B7-386851BAB3D0}) (Version: 8.1.40.3 - Hewlett-Packard Company)
HP Support Solutions Framework (HKLM-x32\...\{F6A11738-3EE4-4573-AEA5-6CD5D491C167}) (Version: 12.0.30.219 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)
Intel(R) WiDi (HKLM\...\{23D486D4-FBE0-40F3-A245-E4D56D094764}) (Version: 3.5.41.0 - Intel Corporation)
Intel® PROSet/Wireless Software (HKLM-x32\...\{c9967fbd-e3c3-4ed0-992a-5b33260f2944}) (Version: 16.1.5 - Intel Corporation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 16.0.6366.2036 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3505.0912 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Extensibility Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Licensing Component (Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Office 16 Click-to-Run Localization Component (x32 Version: 16.0.6326.1010 - Microsoft Corporation) Hidden
Pandora (HKLM-x32\...\com.pandora.desktop.66F690BC77738C95E986E1B4A197193F28756A21.1) (Version: 2.0.10 - Pandora Media, Inc)
Pandora (x32 Version: 2.0.10 - Pandora Media, Inc) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Sony Preset Manager 2.0d (HKLM-x32\...\{89486DE4-7CE1-4E2D-BBF0-734F85ACD108}) (Version: 2.0.30 - Sony)
Sony Sound Forge Audio Studio 8.0 (HKLM-x32\...\{D1313CC8-09D6-43C5-8C06-6363EEFFA1AA}) (Version: 8.0.36 - Sony)
Sound Forge Audio Studio 10.0 (HKLM-x32\...\{BC208D90-4643-11E3-987B-F04DA23A5C58}) (Version: 10.0.252 - Sony)
Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
Waves Diamond Bundle 4.05 (HKLM-x32\...\Waves Diamond Bundle 4.05) (Version: - )
Windows Driver Package - ASUS (ATP) Mouse (06/17/2015 1.0.0.262) (HKLM\...\14588A15B66655338DBCC021FFA81E31DC281859) (Version: 06/17/2015 1.0.0.262 - ASUS)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3505.0912 - Microsoft Corporation)
WinFlash (HKLM-x32\...\{8F21291E-0444-4B1D-B9F9-4370A73E346D}) (Version: 2.41.1 - ASUS)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-3936709736-1518792879-354126822-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-3936709736-1518792879-354126822-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {073257F0-AC4F-4A2C-BD4C-2A3CCBED5A3F} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
Task: {0CC2580A-A574-4183-AFA6-8896D584B8AC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0FEBF0B1-8446-4858-9CA6-C0A9F2AACE45} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {115851CD-F27B-41B9-9A75-59F2E249FC4D} - System32\Tasks\Hewlett-Packard\HP Active Health\HP Active Health Scan (HPSA) => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {1698CDDE-B3F4-45B7-A422-2FDC4D92E68B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {2718C6F9-6179-4D35-901A-0BA3A3C2D84A} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Active Health Launcher => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPActiveHealth\ActiveHealth.exe [2015-11-04] (Hewlett-Packard)
Task: {285C86FE-3A76-43E0-B527-02D88F106AE7} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {36D2332C-CEFE-427B-A37E-4463044DF00D} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {42331337-D173-4F24-8882-D08D946BDEB4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-17] (Google Inc.)
Task: {514AF2D7-368E-44AE-80DB-5A5882E4F808} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Assistant Quick Start => C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSF.exe [2015-09-28] (Hewlett-Packard Company)
Task: {51B51258-6E6F-47FE-A13E-9937B98FACFA} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {55BBC00A-052B-4FC0-93EE-56DE8A4C6062} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5C8D27AA-A69C-445A-87EA-57D96B3E83B1} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {61817C26-D844-4362-965C-FD0131B741EB} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {6340E5DF-0B32-4223-8299-E0016C9755F0} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-08] (Microsoft Corporation)
Task: {66547BA6-ABC2-48D0-B8CF-932329B095D4} - System32\Tasks\Hewlett-Packard\HP Support Assistant\HP Support Solutions Framework Updater => C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\Modules\HPSSFUpdater.exe [2015-09-28] (Hewlett-Packard)
Task: {822FE6DD-344B-4A57-81CA-2570E5DB2DF0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {91EF118C-9B60-4DCA-ADEF-7A8689F8F568} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {96720131-59E3-40E4-AEBA-F4D7D5E2C9B8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {AC8A30AC-8432-4AE2-B3CC-91A74053A060} - System32\Tasks\ASUS USB Charger Plus => C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe [2012-07-24] (ASUSTek Computer Inc.)
Task: {BB133AD8-AC3D-4670-8A52-9266B1FEFD9D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {BCDB0CB5-5FE3-4E04-B55A-FD7404A6CD8E} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => c:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {C3DAE900-3045-4D8B-AB1D-47F72A87F62C} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeC2RClient.exe [2015-12-04] (Microsoft Corporation)
Task: {CFD53C33-AD39-4827-A29C-226503A89836} - System32\Tasks\HPCeeScheduleForJohn => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe [2015-06-16] (Hewlett-Packard)
Task: {D8C1A4A5-488C-45A2-88A3-C43B24F9A219} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {D8CF9AE4-211C-4193-A102-988BCC8A44AD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-17] (Google Inc.)
Task: {DBD40010-3B85-46B2-B76E-83A6F7BF536E} - System32\Tasks\ASUS Smart Gesture Launcher => C:\Program Files (x86)\ASUS\ASUS Smart Gesture\AsTPCenter\x64\AsusTPLauncher.exe
Task: {E03AD979-71D1-42B0-8835-3D214001BF26} - System32\Tasks\HPCustParticipation HP Officejet Pro 8600 => C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPCustPartic.exe [2012-10-17] (Hewlett-Packard Co.)
Task: {E4BBB49A-34C6-405B-934B-4BEEC1C20F23} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files (x86)\Microsoft Office\root\vfs\ProgramFilesCommonx86\Microsoft Shared\Office16\OLicenseHeartbeat.exe [2015-12-17] (Microsoft Corporation)
Task: {ED344FF2-076A-4FD2-8A1C-8920ABCE112D} - System32\Tasks\ASUS P4G => C:\Program Files\ASUS\P4G\BatteryLife.exe [2012-08-24] (ASUS)
Task: {F2861DF0-9AB6-4781-BF4B-1828DDC332DE} - System32\Tasks\ASUS Live Update => C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe [2012-07-25] (ASUSTeK Computer Inc.)
Task: {F6538C54-6167-4462-A904-BBC9A42FF45E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F7A7D413-AF4D-40D6-A437-7A1E9498D542} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job => C:\Program Files (x86)\Hewlett-Packard\HP Ceement\HPCEE.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-04 03:30 - 2015-12-04 03:52 - 00162472 _____ () C:\Program Files\Common Files\Microsoft Shared\ClickToRun\ApiClient.dll
2015-12-11 09:15 - 2015-11-22 02:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-11 09:15 - 2015-11-22 02:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-17 16:14 - 2015-12-17 16:14 - 08903848 _____ () C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\1033\GrooveIntlResource.dll
2015-12-16 22:09 - 2015-12-16 22:10 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2012-08-24 17:26 - 2012-08-24 17:26 - 00031360 _____ () C:\Program Files\ASUS\P4G\DevMng.dll
2015-12-17 12:15 - 2015-12-06 20:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-17 12:15 - 2015-12-06 20:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-17 12:15 - 2015-12-06 19:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-17 12:15 - 2015-12-06 19:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-17 12:15 - 2015-12-06 19:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-17 12:15 - 2015-12-06 19:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-10-05 09:46 - 2015-10-05 09:46 - 00179712 _____ () C:\Program Files\WindowsApps\32988BernardoZamora.Dummy2_1.12.1.32_neutral__1fgex2kbsn6g8\Solitaire.exe
2015-12-10 09:23 - 2015-12-10 09:23 - 00012800 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
2015-12-10 09:23 - 2015-12-10 09:23 - 11542016 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
2015-11-19 21:12 - 2015-11-19 21:12 - 00258560 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
2015-12-16 22:09 - 2015-12-16 22:10 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-16 22:09 - 2015-12-16 22:10 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-18 08:54 - 2015-12-18 08:54 - 00583680 _____ () C:\Users\John\AppData\Local\Packages\32988bernardozamora.dummy2_1fgex2kbsn6g8\AC\Microsoft\CLR_v4.0_32\NativeImages\Solitaire\ac6fc38355dbed27075672eae461c20b\Solitaire.ni.exe
2015-12-17 16:58 - 2015-12-17 16:58 - 04388864 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI.Xaml\6759588a98f22a223cca58e25a3fa4a9\Windows.UI.Xaml.ni.dll
2015-12-17 16:58 - 2015-12-17 16:58 - 02921472 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.App640a3541#\b65fdfe33ab6e610cffbb42830b95c00\Windows.ApplicationModel.ni.dll
2015-12-17 16:58 - 2015-12-17 16:58 - 00335360 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\2db06033b228e6dda5c6fe72b7c2e134\Windows.Foundation.ni.dll
2015-12-17 16:58 - 2015-12-17 16:58 - 01400320 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.UI\21d0dfa9f957a4be63dd75c252df25bf\Windows.UI.ni.dll
2015-12-17 16:58 - 2015-12-17 16:58 - 00821248 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Storage\1356ae96a3e87dc2b89d4dfde8fb2db6\Windows.Storage.ni.dll
2015-12-17 16:58 - 2015-12-17 16:58 - 00327680 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Data\a58a8617c9f77539daad9dbaea1e30f3\Windows.Data.ni.dll
2015-12-17 16:58 - 2015-12-17 16:58 - 00670720 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Security\f93623bb292a41301c63d2de3fef3d0a\Windows.Security.ni.dll
2015-12-17 16:59 - 2015-12-17 16:59 - 00219648 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Gloaae92e31#\94198a4b5f558ec93934b73169ea0969\Windows.Globalization.ni.dll
2015-12-17 16:58 - 2015-12-17 16:58 - 00318976 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.System\470b9c02678b756397e94391c627cbd5\Windows.System.ni.dll
2015-12-17 16:59 - 2015-12-17 16:59 - 01232896 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Networking\2cc274f0a90c57a845556072e2fc317a\Windows.Networking.ni.dll
2015-12-17 16:58 - 2015-12-17 16:58 - 03154432 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Devices\52e2255e6fbd7b1a8a153dcb8ab573a5\Windows.Devices.ni.dll
2015-12-17 16:59 - 2015-12-17 16:59 - 00686080 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Graphics\f246378baae603aee2e267ab6131a84e\Windows.Graphics.ni.dll
2015-12-17 16:07 - 2015-12-17 16:11 - 01064104 _____ () C:\Program Files (x86)\Microsoft Office\Root\Office16\ADDINS\UmOutlookAddin.dll
2015-12-17 16:08 - 2015-12-17 16:08 - 00149160 _____ () C:\Program Files (x86)\Microsoft Office\root\Office16\JitV.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-3936709736-1518792879-354126822-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-3936709736-1518792879-354126822-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-3936709736-1518792879-354126822-1001\...\pckeeper.com -> hxxp://app.pckeeper.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 05:25 - 2013-08-22 05:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-3936709736-1518792879-354126822-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\John\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\asus.jpg
DNS Servers: 192.168.1.254
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "ACMON"
HKLM\...\StartupApproved\Run: => "BTMTrayAgent"
HKLM\...\StartupApproved\Run32: => "RemoteControl10"
HKLM\...\StartupApproved\Run32: => "HP Software Update"
HKU\S-1-5-21-3936709736-1518792879-354126822-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk"
HKU\S-1-5-21-3936709736-1518792879-354126822-1001\...\StartupApproved\Run: => "SpybotPostWindows10UpgradeReInstall"
HKU\S-1-5-21-3936709736-1518792879-354126822-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-3936709736-1518792879-354126822-1001\...\StartupApproved\Run: => "HP Officejet Pro 8600 (NET)"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{815F5445-4194-4D6E-A9AE-2DFB54E10EC0}] => (Allow) C:\Program Files (x86)\Microsoft Office\root\Office16\outlook.exe
FirewallRules: [{C09A075C-A1DD-4457-9EE6-C4A1F573E69D}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [{2B223772-7829-452A-AA98-533E21EF417E}] => (Allow) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPPSdr\HPDiagnosticCoreUI.exe
FirewallRules: [UDP Query User{C288D291-F489-405A-8458-F3FC82B56C8C}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [TCP Query User{2155AE21-3676-48DD-A687-D2F3882E1112}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{6918740D-7F68-481B-941F-8375C4291737}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{151B0E6E-2494-4ABB-B912-B165CBA1E6AA}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [UDP Query User{B03849CA-C090-4EDA-9071-0958458DE377}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [TCP Query User{DBB02FDF-5E97-47DF-8341-07C8F2BFD1AA}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicatorcom.exe
FirewallRules: [UDP Query User{1E1BCD67-66A0-4E27-95A0-8E42F9215AC3}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe
FirewallRules: [TCP Query User{EB3F016D-8779-4462-8637-EC41B865A8EB}C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe] => (Allow) C:\program files\hp\hp officejet pro 8600\bin\hpnetworkcommunicator.exe

==================== Restore Points =========================

17-12-2015 03:38:28 Windows Modules Installer
19-12-2015 15:01:00 Removed Playthru Player
24-12-2015 09:03:28 Windows Update
24-12-2015 09:03:59 Windows Update

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/27/2015 11:41:14 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (12/27/2015 10:00:19 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.10586.20, time stamp: 0x56541caa
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x08080808
Faulting process id: 0x2178
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (12/27/2015 09:39:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: IEXPLORE.EXE, version: 11.0.10586.20, time stamp: 0x56541caa
Faulting module name: Flash.ocx, version: 20.0.0.228, time stamp: 0x56512b7f
Exception code: 0xc0000005
Fault offset: 0x00332fef
Faulting process id: 0x1788
Faulting application start time: 0xIEXPLORE.EXE0
Faulting application path: IEXPLORE.EXE1
Faulting module path: IEXPLORE.EXE2
Report Id: IEXPLORE.EXE3
Faulting package full name: IEXPLORE.EXE4
Faulting package-relative application ID: IEXPLORE.EXE5

Error: (12/27/2015 08:46:53 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: JP)
Description: Activation of app 32988BernardoZamora.Dummy2_1fgex2kbsn6g8!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (12/26/2015 11:41:13 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (12/25/2015 11:41:13 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (12/25/2015 10:54:31 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.10586.20 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 52c

Start Time: 01d13fa9e784128d

Termination Time: 0

Application Path: C:\Program Files\Internet Explorer\iexplore.exe

Report Id: 7da03fb2-ab9d-11e5-bed2-606c667646b0

Faulting package full name:

Faulting package-relative application ID:

Error: (12/25/2015 10:51:51 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program iexplore.exe version 11.0.10586.20 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1708

Start Time: 01d13fa949808730

Termination Time: 31

Application Path: C:\Program Files (x86)\Internet Explorer\iexplore.exe

Report Id: 21e76112-ab9d-11e5-bed2-606c667646b0

Faulting package full name:

Faulting package-relative application ID:

Error: (12/24/2015 11:41:14 PM) (Source: Office 2016 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418220

Error: (12/24/2015 09:04:04 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.


System errors:
=============
Error: (12/27/2015 08:46:53 AM) (Source: DCOM) (EventID: 10010) (User: JP)
Description: App

Error: (12/27/2015 08:46:40 AM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (12/27/2015 08:45:51 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Intel(R) Management and Security Application User Notification Service service failed to start due to the following error:
%%1053

Error: (12/27/2015 08:45:51 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the UNS service to connect.

Error: (12/27/2015 08:43:05 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The jhi_service service failed to start due to the following error:
%%1053

Error: (12/27/2015 08:43:05 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the jhi_service service to connect.

Error: (12/27/2015 08:42:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_2a7a9c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/27/2015 08:42:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_2a7a9c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/27/2015 08:42:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_2a7a9c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/27/2015 08:42:15 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_2a7a9c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.


CodeIntegrity:
===================================
Date: 2015-12-17 16:35:03.145
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-17 15:49:12.745
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-17 03:56:43.126
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-15 11:40:49.263
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-15 11:24:12.219
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-12 08:50:15.320
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-11 16:17:45.642
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-10 08:41:22.500
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-10 03:40:54.562
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-10 03:32:11.091
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume4\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i7-3632QM CPU @ 2.20GHz
Percentage of memory in use: 32%
Total physical RAM: 8077.7 MB
Available physical RAM: 5458.23 MB
Total Virtual: 9357.7 MB
Available Virtual: 6762.75 MB

==================== Drives ================================

Drive c: (OS) (Fixed) (Total:676.55 GB) (Free:618.82 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive d: (Adobe Audition) (CDROM) (Total:0.09 GB) (Free:0 GB) CDFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 115DA0F7)

Partition: GPT.

==================== End of Addition.txt ============================
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Tue Dec 29, 2015 3:52 am    Post subject: Reply with quote

Hi,
Sorry but the FRST.txt log you posted has been cut off by the forum post limiter again.
I need to see the whole log, please insure that it's all included this time.
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Tue Dec 29, 2015 8:42 am    Post subject: frst log Reply with quote

looks like it is all there. Thank you.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-12-2015
Ran by John (administrator) on JP (29-12-2015 08:40:40)
Running from C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\77OHI5KH
Loaded Profiles: John (Available Profiles: John)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\AsLdrSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ATK Package\ATKGFNEX\GFNEXSrv.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe
(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\ClickToRun\OfficeClickToRun.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\HControl.exe
(ASUS) C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnWMI.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Hotkey\KBFiltr.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATKOSD2\ATKOSD2.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\ATK Package\ATK Media\DMedia.exe
(IvoSoft) C:\Program Files\Classic Shell\ClassicStartMenu.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(ASUSTek Computer Inc.) C:\Program Files (x86)\ASUS\USBChargerPlus\USBChargerPlus.exe
(ASUS) C:\Program Files\ASUS\P4G\BatteryLife.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(ASUSTeK Computer Inc.) C:\Program Files (x86)\ASUS\ASUS Live Update\LiveUpdate.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Microsoft Corporation) C:\Windows\SysWOW64\dllhost.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1208.10480.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
(Microsoft Corporation) C:\Windows\ImmersiveControlPanel\SystemSettings.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\NetworkUXBroker.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsAlarms_10.1512.58020.0_x64__8wekyb3d8bbwe\Time.exe
(Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\root\Office16\OUTLOOK.EXE
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [ACMON] => C:\Program Files (x86)\ASUS\Splendid\ACMON.exe [107192 2012-08-24] (ASUS)
HKLM\...\Run: [Classic Start Menu] => C:\Program Files\Classic Shell\ClassicStartMenu.exe [163520 2015-04-09] (IvoSoft)
HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe [40336 2015-09-24] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [ASUSPRP] => C:\Program Files (x86)\ASUS\APRP\APRP.EXE [3187360 2012-11-23] (ASUSTek Computer Inc.)
HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [91432 2012-03-28] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3936709736-1518792879-354126822-1001\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
HKU\S-1-5-21-3936709736-1518792879-354126822-1001\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2573416 2012-10-17] (Hewlett-Packard Co.)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\amd64\FileSyncShell64.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\John\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileSyncShell.dll [2015-12-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ShareOverlay] -> {594D4122-1F87-41E2-96C7-825FB4796516} => C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
Startup: C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk [2015-12-21]
ShortcutTarget: Monitor Ink Alerts - HP Officejet Pro 8600 (Network).lnk -> C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPStatusBL.dll (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{224c079e-9089-4ecb-944a-901d157edb42}: [DhcpNameServer] 192.168.1.254
Tcpip\..\Interfaces\{b393193f-e6b9-4f34-84eb-0f06eaeedb2f}: [DhcpNameServer] 192.168.1.254

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-3936709736-1518792879-354126822-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.foxnews.com/
SearchScopes: HKU\S-1-5-21-3936709736-1518792879-354126822-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3936709736-1518792879-354126822-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: Lync Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\OCHelper.dll [2015-12-17] (Microsoft Corporation)
BHO: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
BHO: Microsoft OneDrive for Business Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\root\VFS\ProgramFilesX64\Microsoft Office\Office16\GROOVEEX.DLL [2015-12-17] (Microsoft Corporation)
BHO: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_64.dll [2015-04-09] (IvoSoft)
BHO-x32: ExplorerBHO Class -> {449D0D6E-2412-4E61-B68F-1CB625CD9E52} -> C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
BHO-x32: ClassicIEBHO Class -> {EA801577-E6AD-4BD5-8F71-4BE0154331A4} -> C:\Program Files\Classic Shell\ClassicIEDLL_32.dll [2015-04-09] (IvoSoft)
Toolbar: HKLM - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer64.dll [2015-04-09] (IvoSoft)
Toolbar: HKLM-x32 - Classic Explorer Bar - {553891B7-A0D5-4526-BE18-D3CE461D6310} - C:\Program Files\Classic Shell\ClassicExplorer32.dll [2015-04-09] (IvoSoft)
DPF: HKLM-x32 {0E5F0222-96B9-11D3-8997-00104BD12D94} hxxp://utilities.pcpitstop.com/Nirvana/controls/pcmatic.cab
Handler-x32: mso-minsb-roaming.16 - {83C25742-A9F7-49FB-9138-434302C88D07} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)
Handler-x32: mso-minsb.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)
Handler-x32: osf-roaming.16 - {42089D2D-912D-4018-9087-2B87803E93FB} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)
Handler-x32: osf.16 - {5504BE45-A83B-4808-900A-3A5C36E7F77A} - C:\Program Files (x86)\Microsoft Office\root\Office16\MSOSB.DLL [2015-12-17] (Microsoft Corporation)

FireFox:
========
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.42 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-06-06] (Intel Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files (x86)\Microsoft Office\root\Office16\NPSPWRAP.DLL [2015-12-17] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3505.0912 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-09-12] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-02] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 10.0\Reader\AIR\nppdf32.dll [2015-09-24] (Adobe Systems Inc.)

Chrome:
=======
CHR Profile: C:\Users\John\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-04-17]
CHR Extension: (Google Docs) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-04-17]
CHR Extension: (Google Drive) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-04-17]
CHR Extension: (YouTube) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-04-17]
CHR Extension: (Google Search) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-04-17]
CHR Extension: (Google Sheets) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-04-17]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-04-17]
CHR Extension: (Google Wallet) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-17]
CHR Extension: (Gmail) - C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-04-17]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ASUS InstantOn; C:\Program Files (x86)\ASUS\ASUS InstantOn\InsOnSrv.exe [277120 2012-04-13] (ASUS)
R2 ClickToRunSvc; C:\Program Files\Common Files\Microsoft Shared\ClickToRun\OfficeClickToRun.exe [2748600 2015-12-04] (Microsoft Corporation)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hewlett-Packard\HP Support Solutions\HPSupportSolutionsFrameworkService.exe [25800 2015-09-28] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-29] (Intel Corporation)
R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [129856 2012-06-27] (Intel Corporation)
S2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [166720 2012-06-25] (Intel Corporation)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 kbfiltr; C:\Windows\System32\drivers\kbfiltr.sys [14992 2012-08-01] ( )
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 NETwNe64; C:\Windows\System32\drivers\NETwew01.sys [3343872 2015-10-29] (Intel Corporation)
R3 usb3Hub; C:\Windows\System32\drivers\usb3Hub.sys [47072 2012-11-29] (Windows (R) Win 7 DDK provider)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
R3 XHCIPort; C:\Windows\System32\drivers\XHCIPort.sys [188896 2012-11-29] (Windows (R) Win 7 DDK provider)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-27 13:06 - 2015-12-27 13:06 - 00000000 ____D C:\Users\John\AppData\LocalLow\Temp
2015-12-27 08:39 - 2015-12-27 08:39 - 01743360 _____ C:\Users\John\Downloads\adwcleaner_5.026.exe
2015-12-27 08:38 - 2015-12-27 08:38 - 00002310 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
2015-12-27 08:38 - 2015-12-27 08:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
2015-12-27 08:38 - 2015-12-27 08:38 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
2015-12-21 10:02 - 2015-12-21 10:02 - 00200249 _____ C:\Users\John\Documents\Scan0003.pdf
2015-12-21 10:01 - 2015-12-21 10:01 - 00200344 _____ C:\Users\John\Documents\Scan0002.pdf
2015-12-19 14:59 - 2015-12-19 15:09 - 00000000 ____D C:\Program Files\WebDiscoverBrowser
2015-12-19 14:59 - 2015-12-19 14:59 - 00000000 ____D C:\Users\John\AppData\Local\WebDiscoverBrowser
2015-12-19 14:58 - 2015-12-19 14:58 - 00023168 _____ C:\WINDOWS\System32\Tasks\{040B0B47-040B-0478-0B11-0B79787A117E}
2015-12-19 14:58 - 2015-12-19 14:58 - 00000000 ____D C:\ProgramData\ba5bbb1e-64c5-1
2015-12-19 14:58 - 2015-12-19 14:58 - 00000000 ____D C:\ProgramData\ba5bbb1e-3a55-0
2015-12-19 14:57 - 2015-12-19 15:09 - 00000000 ____D C:\Users\John\AppData\Local\Lavasoft
2015-12-19 14:57 - 2015-12-19 15:07 - 00000262 _____ C:\Prefs.js
2015-12-19 14:57 - 2015-12-19 15:07 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy
2015-12-19 14:57 - 2015-12-19 15:04 - 00002936 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-12-19 14:57 - 2015-12-19 15:04 - 00002936 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-12-19 14:57 - 2015-12-19 14:57 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-12-19 14:57 - 2015-12-19 14:57 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-12-19 14:57 - 2015-12-19 14:57 - 00000000 ____D C:\Users\John\AppData\Roaming\Lavasoft
2015-12-19 14:57 - 2015-12-19 14:57 - 00000000 ____D C:\searchplugins
2015-12-19 14:57 - 2015-12-19 14:57 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-12-19 14:56 - 2015-12-19 14:56 - 00000000 ____D C:\ProgramData\Lavasoft
2015-12-19 09:56 - 2015-12-19 09:56 - 00000000 ____D C:\Users\John\AppData\Roaming\com.pandora.desktop.66F690BC77738C95E986E1B4A197193F28756A21.1
2015-12-19 09:56 - 2015-12-19 09:56 - 00000000 ____D C:\Program Files (x86)\Pandora
2015-12-18 08:17 - 2015-12-27 08:38 - 00032854 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
2015-12-17 16:07 - 2015-12-17 16:08 - 00000000 ____D C:\Users\John\AppData\Local\Microsoft Help
2015-12-17 16:05 - 2015-12-17 16:06 - 00000000 ____D C:\Users\John\Documents\Posey Studios
2015-12-17 15:53 - 2015-12-29 08:40 - 00000000 ____D C:\FRST
2015-12-17 15:44 - 2015-12-27 08:42 - 00000000 ____D C:\AdwCleaner
2015-12-17 12:15 - 2015-12-06 20:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-17 12:15 - 2015-12-06 20:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-17 12:15 - 2015-12-06 20:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-17 12:15 - 2015-12-06 20:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-17 12:15 - 2015-12-06 20:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-17 12:15 - 2015-12-06 20:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-17 12:15 - 2015-12-06 20:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-17 12:15 - 2015-12-06 20:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-17 12:15 - 2015-12-06 20:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-17 12:15 - 2015-12-06 20:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-17 12:15 - 2015-12-06 20:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-17 12:15 - 2015-12-06 20:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-17 12:15 - 2015-12-06 20:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-17 12:15 - 2015-12-06 20:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-17 12:15 - 2015-12-06 20:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-17 12:15 - 2015-12-06 20:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-17 12:15 - 2015-12-06 20:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-17 12:15 - 2015-12-06 20:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-17 12:15 - 2015-12-06 20:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-17 12:15 - 2015-12-06 20:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-17 12:15 - 2015-12-06 20:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-17 12:15 - 2015-12-06 20:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-17 12:15 - 2015-12-06 20:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-17 12:15 - 2015-12-06 20:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-17 12:15 - 2015-12-06 20:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-17 12:15 - 2015-12-06 20:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-17 12:15 - 2015-12-06 20:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-17 12:15 - 2015-12-06 20:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-17 12:15 - 2015-12-06 20:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-17 12:15 - 2015-12-06 20:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-17 12:15 - 2015-12-06 20:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-17 12:15 - 2015-12-06 20:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-17 12:15 - 2015-12-06 20:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-17 12:15 - 2015-12-06 20:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-17 12:15 - 2015-12-06 20:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-17 12:15 - 2015-12-06 20:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-17 12:15 - 2015-12-06 19:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-17 12:15 - 2015-12-06 19:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-17 12:15 - 2015-12-06 19:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-17 12:15 - 2015-12-06 19:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-17 12:15 - 2015-12-06 19:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-17 12:15 - 2015-12-06 19:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-17 12:15 - 2015-12-06 19:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-17 12:15 - 2015-12-06 19:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-17 12:15 - 2015-12-06 19:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-17 12:15 - 2015-12-06 19:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-17 12:15 - 2015-12-06 19:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 19:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-17 12:15 - 2015-12-06 19:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-17 12:15 - 2015-12-06 19:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-17 12:15 - 2015-12-06 19:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-17 12:15 - 2015-12-06 19:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-17 12:15 - 2015-12-06 19:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-17 12:15 - 2015-12-06 19:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-17 12:15 - 2015-12-06 19:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-17 12:15 - 2015-12-06 19:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-17 12:15 - 2015-12-06 19:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-17 12:15 - 2015-12-06 19:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-17 12:15 - 2015-12-06 19:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-17 12:15 - 2015-12-06 19:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-17 12:15 - 2015-12-06 19:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-17 12:15 - 2015-12-06 19:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-17 12:15 - 2015-12-06 19:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-17 12:15 - 2015-12-06 19:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-17 12:15 - 2015-12-06 19:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-17 12:15 - 2015-12-06 19:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-17 12:15 - 2015-12-06 19:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-17 12:15 - 2015-12-06 19:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-17 12:15 - 2015-12-06 19:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-17 12:15 - 2015-12-06 19:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-17 12:15 - 2015-12-06 19:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-17 12:15 - 2015-12-06 19:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-17 12:15 - 2015-12-06 19:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-15 10:35 - 2015-12-15 10:35 - 00000000 ____D C:\ProgramData\IntelDLM
2015-12-15 10:29 - 2015-12-15 10:29 - 00000000 ____D C:\Users\John\AppData\Local\Intel
2015-12-15 10:28 - 2015-12-15 11:35 - 00000000 ____D C:\Program Files (x86)\Intel Driver Update Utility
2015-12-12 09:02 - 2015-12-12 09:03 - 00000000 ___HD C:\$SysReset
2015-12-11 10:49 - 2015-12-11 10:49 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-12-11 09:15 - 2015-11-30 23:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-11 09:15 - 2015-11-24 04:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-11 09:15 - 2015-11-24 03:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-11 09:15 - 2015-11-24 00:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-11 09:15 - 2015-11-24 00:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-11 09:15 - 2015-11-24 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-11 09:15 - 2015-11-23 23:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-11 09:15 - 2015-11-23 23:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-11 09:15 - 2015-11-23 23:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-11 09:15 - 2015-11-23 23:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-11 09:15 - 2015-11-22 02:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-11 09:15 - 2015-11-22 02:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-11 09:15 - 2015-11-22 02:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-11 09:15 - 2015-11-22 02:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-11 09:15 - 2015-11-22 02:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-11 09:15 - 2015-11-22 02:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-11 09:15 - 2015-11-22 02:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-11 09:15 - 2015-11-22 01:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-11 09:15 - 2015-11-22 01:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-11 09:15 - 2015-11-22 01:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-11 09:15 - 2015-11-22 01:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-11 09:15 - 2015-11-22 01:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-11 09:15 - 2015-11-22 01:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-11 09:15 - 2015-11-22 01:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-11 09:15 - 2015-11-22 01:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-11 09:15 - 2015-11-22 01:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-11 09:15 - 2015-11-22 01:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-11 09:15 - 2015-11-22 01:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-11 09:15 - 2015-11-22 01:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-11 09:15 - 2015-11-22 01:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-11 09:15 - 2015-11-22 01:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-11 09:15 - 2015-11-22 01:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-11 09:15 - 2015-11-22 01:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-11 09:15 - 2015-11-22 01:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-11 09:15 - 2015-11-22 01:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-11 09:15 - 2015-11-22 01:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-11 09:15 - 2015-11-22 01:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-11 09:15 - 2015-11-22 01:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-11 09:15 - 2015-11-22 01:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-11 09:15 - 2015-11-22 01:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-11 09:15 - 2015-11-22 01:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-11 09:15 - 2015-11-22 01:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-11 09:15 - 2015-11-22 01:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-11 09:15 - 2015-11-22 01:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-11 09:15 - 2015-11-22 01:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-11 09:15 - 2015-11-22 01:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-11 09:15 - 2015-11-22 01:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-11 09:15 - 2015-11-22 01:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-11 09:15 - 2015-11-22 01:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-11 09:15 - 2015-11-22 01:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-11 09:15 - 2015-11-22 01:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-11 09:15 - 2015-11-22 01:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-11 09:15 - 2015-11-22 01:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-11 09:15 - 2015-11-22 01:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-11 09:15 - 2015-11-22 01:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-11 09:15 - 2015-11-22 01:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-11 09:15 - 2015-11-22 01:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-11 09:15 - 2015-11-22 01:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-11 09:15 - 2015-11-22 01:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-11 09:15 - 2015-11-20 21:29 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-11 09:15 - 2015-11-12 22:43 - 00586208 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-12-11 09:15 - 2015-11-12 22:42 - 00516544 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-12-11 09:15 - 2015-11-12 22:41 - 22572632 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-12-11 09:15 - 2015-11-12 22:33 - 00911648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomp.dll
2015-12-11 09:15 - 2015-11-12 22:21 - 00511320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-12-11 09:15 - 2015-11-12 22:21 - 00454056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-12-11 09:15 - 2015-11-12 22:18 - 21125408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-12-11 09:15 - 2015-11-12 22:09 - 00675064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dcomp.dll
2015-12-11 09:15 - 2015-11-12 21:58 - 11545088 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-12-11 09:15 - 2015-11-12 21:57 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneProviders.dll
2015-12-11 09:15 - 2015-11-12 21:39 - 02444288 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-12-11 09:15 - 2015-11-12 21:29 - 09918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-12-11 09:15 - 2015-11-12 21:19 - 02001408 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-12-11 09:15 - 2015-11-05 01:13 - 00969728 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-12-11 09:15 - 2015-11-05 01:10 - 00803840 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-12-11 09:15 - 2015-11-05 00:18 - 00791552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-12-11 09:15 - 2015-11-05 00:15 - 00647168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-12-11 09:14 - 2015-11-24 02:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-11 09:14 - 2015-11-24 02:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-11 09:14 - 2015-11-24 01:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-11 09:14 - 2015-11-24 01:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-11 09:14 - 2015-11-24 01:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-11 09:14 - 2015-11-24 01:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-11 09:14 - 2015-11-24 01:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-11 09:14 - 2015-11-24 01:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-11 09:14 - 2015-11-24 01:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-11 09:14 - 2015-11-24 00:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-11 09:14 - 2015-11-24 00:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-11 09:14 - 2015-11-24 00:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-11 09:14 - 2015-11-24 00:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-11 09:14 - 2015-11-23 23:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-11 09:14 - 2015-11-23 23:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-11 09:14 - 2015-11-23 23:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-11 09:14 - 2015-11-23 23:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-11 09:14 - 2015-11-22 02:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-11 09:14 - 2015-11-22 02:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-11 09:14 - 2015-11-22 02:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-11 09:14 - 2015-11-22 02:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-11 09:14 - 2015-11-22 02:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-11 09:14 - 2015-11-22 02:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-11 09:14 - 2015-11-22 02:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-11 09:14 - 2015-11-22 02:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-11 09:14 - 2015-11-22 02:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-11 09:14 - 2015-11-22 02:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-11 09:14 - 2015-11-22 02:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-11 09:14 - 2015-11-22 02:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-11 09:14 - 2015-11-22 01:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-11 09:14 - 2015-11-22 01:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-11 09:14 - 2015-11-22 01:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-11 09:14 - 2015-11-22 01:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-11 09:14 - 2015-11-22 01:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-11 09:14 - 2015-11-22 01:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-11 09:14 - 2015-11-22 01:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-11 09:14 - 2015-11-22 01:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-11 09:14 - 2015-11-22 01:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-11 09:14 - 2015-11-22 01:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-11 09:14 - 2015-11-22 01:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-11 09:14 - 2015-11-22 01:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-11 09:14 - 2015-11-22 01:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-11 09:14 - 2015-11-22 01:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-11 09:14 - 2015-11-22 01:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-11 09:14 - 2015-11-22 01:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-11 09:14 - 2015-11-22 01:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-11 09:14 - 2015-11-22 01:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-11 09:14 - 2015-11-22 01:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-11 09:14 - 2015-11-22 01:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-11 09:14 - 2015-11-22 01:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-11 09:14 - 2015-11-22 01:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-11 09:14 - 2015-11-22 01:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-11 09:14 - 2015-11-22 01:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-11 09:14 - 2015-11-22 01:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-11 09:14 - 2015-11-22 01:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-11 09:14 - 2015-11-22 01:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-11 09:14 - 2015-11-22 01:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-11 09:14 - 2015-11-22 01:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-11 09:14 - 2015-11-22 01:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-11 09:14 - 2015-11-22 01:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-11 09:14 - 2015-11-22 01:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-11 09:14 - 2015-11-22 01:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-11 09:14 - 2015-11-22 01:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-11 09:14 - 2015-11-22 01:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-11 09:14 - 2015-11-22 01:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-11 09:14 - 2015-11-22 01:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-11 09:14 - 2015-11-22 01:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-11 09:14 - 2015-11-22 01:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-11 09:14 - 2015-11-22 01:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-11 09:14 - 2015-11-22 01:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-11 09:14 - 2015-11-22 01:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-11 09:14 - 2015-11-22 01:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-11 09:14 - 2015-11-22 01:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-11 09:14 - 2015-11-22 01:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-11 09:14 - 2015-11-22 01:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-11 09:14 - 2015-11-22 01:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-11 09:14 - 2015-11-22 01:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-11 09:14 - 2015-11-22 01:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-11 09:14 - 2015-11-22 01:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-11 09:14 - 2015-11-22 01:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-11 09:14 - 2015-11-22 01:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-11 09:14 - 2015-11-22 01:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-11 09:14 - 2015-11-22 01:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-11 09:14 - 2015-11-22 01:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-11 09:14 - 2015-11-22 01:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-11 09:14 - 2015-11-22 01:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-11 09:14 - 2015-11-22 01:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-11 09:14 - 2015-11-22 01:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-11 09:14 - 2015-11-22 01:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-11 09:14 - 2015-11-22 01:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-11 09:14 - 2015-11-22 01:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-11 09:14 - 2015-11-22 01:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-11 09:14 - 2015-11-22 01:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-11 09:14 - 2015-11-22 01:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-11 09:14 - 2015-11-22 01:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-11 09:14 - 2015-11-20 22:21 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-11 09:14 - 2015-11-20 22:02 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-11 09:14 - 2015-11-20 21:44 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-11 09:14 - 2015-11-20 21:07 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-11 09:14 - 2015-11-12 22:55 - 00035680 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-12-11 09:14 - 2015-11-12 22:51 - 00698208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-12-11 09:14 - 2015-11-12 22:51 - 00523616 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-12-11 09:14 - 2015-11-12 22:51 - 00334736 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanager.dll
2015-12-11 09:14 - 2015-11-12 22:43 - 00536768 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-12-11 09:14 - 2015-11-12 22:43 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2015-12-11 09:14 - 2015-11-12 22:43 - 00110032 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDump.dll
2015-12-11 09:14 - 2015-11-12 22:43 - 00035656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-12-11 09:14 - 2015-11-12 22:42 - 00408128 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2015-12-11 09:14 - 2015-11-12 22:42 - 00088392 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-12-11 09:14 - 2015-11-12 22:33 - 00586080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-12-11 09:14 - 2015-11-12 22:33 - 00092352 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-12-11 09:14 - 2015-11-12 22:32 - 00296488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\policymanager.dll
2015-12-11 09:14 - 2015-11-12 22:21 - 00405048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-12-11 09:14 - 2015-11-12 22:21 - 00366224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AUDIOKSE.dll
2015-12-11 09:14 - 2015-11-12 22:21 - 00073360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-12-11 09:14 - 2015-11-12 22:21 - 00032040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-12-11 09:14 - 2015-11-12 22:07 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-12-11 09:14 - 2015-11-12 22:06 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemovableMediaProvisioningPlugin.dll
2015-12-11 09:14 - 2015-11-12 22:05 - 00122368 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-12-11 09:14 - 2015-11-12 22:05 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\system32\BarcodeProvisioningPlugin.dll
2015-12-11 09:14 - 2015-11-12 22:05 - 00043520 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.proxy.dll
2015-12-11 09:14 - 2015-11-12 22:05 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringconfigsp.dll
2015-12-11 09:14 - 2015-11-12 22:04 - 00089600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NFCProvisioningPlugin.dll
2015-12-11 09:14 - 2015-11-12 22:04 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2015-12-11 09:14 - 2015-11-12 22:04 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\IcsEntitlementHost.exe
2015-12-11 09:14 - 2015-11-12 22:03 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-12-11 09:14 - 2015-11-12 22:00 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzautoupdate.dll
2015-12-11 09:14 - 2015-11-12 21:59 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2015-12-11 09:14 - 2015-11-12 21:58 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-12-11 09:14 - 2015-11-12 21:56 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-12-11 09:14 - 2015-11-12 21:55 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-12-11 09:14 - 2015-11-12 21:54 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-12-11 09:14 - 2015-11-12 21:53 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2015-12-11 09:14 - 2015-11-12 21:50 - 01063424 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-12-11 09:14 - 2015-11-12 21:49 - 00674816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-12-11 09:14 - 2015-11-12 21:40 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2015-12-11 09:14 - 2015-11-12 21:40 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.proxy.dll
2015-12-11 09:14 - 2015-11-12 21:34 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppCapture.dll
2015-12-11 09:14 - 2015-11-12 21:33 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-12-11 09:14 - 2015-11-12 21:30 - 00334336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-12-11 09:14 - 2015-11-12 21:30 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-12-11 09:14 - 2015-11-12 21:27 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2015-12-11 09:14 - 2015-11-12 21:23 - 00490496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-12-11 09:14 - 2015-11-05 04:05 - 00118624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
2015-12-11 09:14 - 2015-11-05 02:40 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-12-11 09:14 - 2015-11-05 02:25 - 00578912 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
2015-12-11 09:14 - 2015-11-05 02:08 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dciman32.dll
2015-12-11 09:14 - 2015-11-05 02:08 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lpk.dll
2015-12-11 09:14 - 2015-11-05 02:04 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-12-11 09:14 - 2015-11-05 02:00 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2015-12-11 09:14 - 2015-11-05 01:44 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-12-11 09:14 - 2015-11-05 01:41 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-12-11 09:14 - 2015-11-05 01:03 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\lpk.dll
2015-12-11 09:14 - 2015-11-05 01:02 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dciman32.dll
2015-12-11 09:14 - 2015-11-05 00:59 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-12-11 09:14 - 2015-11-05 00:55 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2015-12-11 09:14 - 2015-11-05 00:42 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-12-10 08:37 - 2015-12-10 08:37 - 00000000 ____D C:\Users\John\AppData\Local\ActiveSync
2015-12-10 08:35 - 2015-12-10 08:35 - 00000020 ___SH C:\Users\John\ntuser.ini
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default\My Documents
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default\Documents\My Videos
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default\Documents\My Pictures
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default\Documents\My Music
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default User\Documents\My Videos
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default User\Documents\My Pictures
2015-12-10 03:38 - 2015-12-10 03:38 - 00000000 _SHDL C:\Users\Default User\Documents\My Music
2015-12-10 03:32 - 2015-12-27 08:43 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-10 03:22 - 2015-12-10 03:22 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-12-10 03:22 - 2015-12-10 03:22 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-12-10 03:21 - 2015-12-10 03:21 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-12-10 03:16 - 2015-12-10 03:22 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-12-10 03:14 - 2015-12-27 08:43 - 00000000 ____D C:\Users\John
2015-12-10 03:14 - 2015-12-10 03:14 - 00000000 _SHDL C:\Users\John\My Documents
2015-12-10 03:14 - 2015-12-10 03:14 - 00000000 _SHDL C:\Users\John\Documents\My Videos
2015-12-10 03:14 - 2015-12-10 03:14 - 00000000 _SHDL C:\Users\John\Documents\My Pictures
2015-12-10 03:14 - 2015-12-10 03:14 - 00000000 _SHDL C:\Users\John\Documents\My Music
2015-12-10 03:11 - 2015-10-29 12:33 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-12-10 03:11 - 2015-10-29 12:33 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-12-10 03:10 - 2015-12-10 03:17 - 00000000 ____D C:\Program Files\Intel
2015-12-10 03:10 - 2015-12-10 03:17 - 00000000 ____D C:\Program Files (x86)\ASUS
2015-12-10 03:10 - 2015-12-10 03:10 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-12-10 03:10 - 2015-12-10 03:10 - 00000000 ____D C:\WINDOWS\system32\DAX2
2015-12-10 03:10 - 2015-12-10 03:10 - 00000000 ____D C:\ProgramData\SetupTPDriver
2015-12-10 03:09 - 2015-12-10 03:09 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-12-10 03:09 - 2015-12-10 03:09 - 00000000 ____D C:\Program Files\Realtek
2015-12-10 03:09 - 2015-10-29 23:17 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-12-10 03:05 - 2015-12-12 08:49 - 00337440 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-10 03:04 - 2015-12-10 06:00 - 00000000 ___DC C:\WINDOWS\Panther
2015-12-10 03:02 - 2015-12-10 03:02 - 00000000 ____D C:\Windows.old
2015-12-10 03:01 - 2015-12-10 03:01 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-12-10 03:00 - 2015-12-10 03:00 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-12-10 03:00 - 2015-12-10 03:00 - 00000000 ____D C:\Program Files\MSBuild
2015-12-10 03:00 - 2015-12-10 03:00 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-12-10 03:00 - 2015-12-10 03:00 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-12-10 02:59 - 2015-10-23 17:47 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-12-10 02:59 - 2015-10-23 17:47 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-12-10 02:59 - 2015-10-23 17:47 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-12-10 02:59 - 2015-10-23 17:46 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-12-10 02:59 - 2015-10-23 17:46 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-12-10 02:59 - 2015-10-23 17:45 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-12-04 14:22 - 2015-12-10 08:41 - 00002451 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Outlook 2016.lnk
2015-12-04 14:22 - 2015-12-10 03:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2016 Tools
2015-12-04 14:22 - 2015-12-04 14:22 - 00002495 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Word 2016.lnk
2015-12-04 14:22 - 2015-12-04 14:22 - 00002494 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PowerPoint 2016.lnk
2015-12-04 14:22 - 2015-12-04 14:22 - 00002458 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Access 2016.lnk
2015-12-04 14:22 - 2015-12-04 14:22 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Excel 2016.lnk
2015-12-04 14:22 - 2015-12-04 14:22 - 00002445 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Publisher 2016.lnk
2015-12-04 14:22 - 2015-12-04 14:22 - 00002437 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\OneNote 2016.lnk
2015-12-04 14:21 - 2015-12-04 14:22 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-04 08:42 - 2015-12-04 08:47 - 06968048 _____ (IvoSoft) C:\Users\John\Downloads\ClassicShellSetup_4_2_5.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-29 08:39 - 2015-04-15 10:52 - 00000000 ____D C:\Users\John\AppData\Local\ClassicShell
2015-12-29 08:13 - 2015-06-17 12:47 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-29 03:50 - 2015-04-17 08:43 - 00004138 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6B462D2-735E-42DD-82CB-5ED9A0D80FFA}
2015-12-28 18:15 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-28 18:15 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-28 09:13 - 2015-06-17 12:47
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Tue Dec 29, 2015 8:44 am    Post subject: here it the last of it Reply with quote

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-29 08:39 - 2015-04-15 10:52 - 00000000 ____D C:\Users\John\AppData\Local\ClassicShell
2015-12-29 08:13 - 2015-06-17 12:47 - 00000912 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-29 03:50 - 2015-04-17 08:43 - 00004138 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{D6B462D2-735E-42DD-82CB-5ED9A0D80FFA}
2015-12-28 18:15 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-28 18:15 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-28 09:13 - 2015-06-17 12:47 - 00000908 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-28 08:50 - 2015-10-29 22:28 - 00000000 ____D C:\Windows
2015-12-27 08:50 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-27 08:50 - 2015-08-02 21:27 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-27 08:43 - 2015-08-02 21:32 - 00000000 __SHD C:\Users\John\IntelGraphicsProfiles
2015-12-27 08:42 - 2015-10-29 22:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-12-26 17:14 - 2015-11-17 17:52 - 00003222 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForJohn
2015-12-26 17:14 - 2015-11-17 17:52 - 00000334 _____ C:\WINDOWS\Tasks\HPCeeScheduleForJohn.job
2015-12-24 10:43 - 2015-08-24 14:17 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-12-24 10:43 - 2015-06-22 07:30 - 00000085 _____ C:\WINDOWS\wininit.ini
2015-12-24 10:42 - 2015-08-24 14:45 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-12-19 16:02 - 2015-04-17 20:27 - 00000000 ____D C:\Users\John\AppData\Local\Google
2015-12-19 09:56 - 2015-06-12 11:24 - 00000940 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pandora.lnk
2015-12-19 09:56 - 2015-06-12 11:24 - 00000928 _____ C:\Users\Public\Desktop\Pandora.lnk
2015-12-17 16:35 - 2015-10-29 23:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-17 16:34 - 2012-11-23 07:06 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-17 16:19 - 2015-04-15 10:33 - 00000000 ____D C:\Users\John\AppData\Local\Packages
2015-12-17 15:46 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-17 15:46 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-17 15:46 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-17 12:51 - 2015-10-29 23:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-17 11:14 - 2015-10-12 19:06 - 00000000 ____D C:\Users\John\AppData\Local\ElevatedDiagnostics
2015-12-15 11:35 - 2015-04-15 10:45 - 00000000 ____D C:\ProgramData\Package Cache
2015-12-15 11:35 - 2012-12-25 07:25 - 00000000 ____D C:\ProgramData\P4G
2015-12-15 11:26 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\registration
2015-12-13 14:49 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-13 04:28 - 2015-09-16 05:51 - 00000000 ___RD C:\Users\John\3D Objects
2015-12-12 09:31 - 2015-07-02 19:16 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-12 08:54 - 2015-04-15 11:21 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-12 08:47 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-12 08:47 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-12 08:47 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-12-12 08:47 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-12-12 08:46 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-12-12 08:46 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-12-11 03:55 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\appcompat
2015-12-10 08:50 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\DevicesFlow
2015-12-10 08:40 - 2015-08-02 21:36 - 00002396 _____ C:\Users\John\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-10 08:40 - 2015-04-17 08:37 - 00000000 ___RD C:\Users\John\OneDrive
2015-12-10 08:36 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-12-10 08:36 - 2015-10-29 23:24 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-12-10 08:36 - 2015-08-10 12:03 - 00000000 ____D C:\ProgramData\ASUS Smart Gesture
2015-12-10 08:35 - 2015-08-02 21:31 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-12-10 03:39 - 2015-10-29 22:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-12-10 03:37 - 2015-04-17 08:13 - 00019053 _____ C:\WINDOWS\diagwrn.xml
2015-12-10 03:37 - 2015-04-17 08:13 - 00019053 _____ C:\WINDOWS\diagerr.xml
2015-12-10 03:35 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-12-10 03:32 - 2015-08-10 09:06 - 00002672 _____ C:\WINDOWS\System32\Tasks\HPCustParticipation HP Officejet Pro 8600
2015-12-10 03:32 - 2015-08-10 07:46 - 00002862 _____ C:\WINDOWS\System32\Tasks\ASUS Smart Gesture Launcher
2015-12-10 03:32 - 2015-06-24 17:35 - 00002954 _____ C:\WINDOWS\System32\Tasks\Adobe Acrobat Update Task
2015-12-10 03:32 - 2015-06-17 12:47 - 00003424 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-10 03:32 - 2015-06-17 12:47 - 00003200 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-10 03:32 - 2015-04-17 08:25 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-12-10 03:32 - 2015-04-15 13:06 - 00002420 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-12-10 03:32 - 2015-04-15 13:06 - 00002394 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-12-10 03:32 - 2015-04-15 13:06 - 00002392 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-12-10 03:32 - 2015-04-15 13:06 - 00002378 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-12-10 03:32 - 2015-04-15 13:05 - 00002376 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-12-10 03:32 - 2015-04-15 10:43 - 00002938 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-3936709736-1518792879-354126822-1001
2015-12-10 03:32 - 2012-12-25 07:26 - 00002372 _____ C:\WINDOWS\System32\Tasks\ASUS USB Charger Plus
2015-12-10 03:32 - 2012-12-25 07:25 - 00002502 _____ C:\WINDOWS\System32\Tasks\ASUS Live Update
2015-12-10 03:32 - 2012-12-25 07:25 - 00002456 _____ C:\WINDOWS\System32\Tasks\ASUS P4G
2015-12-10 03:30 - 2015-10-29 23:24 - 00000000 __RHD C:\Users\Public\Libraries
2015-12-10 03:22 - 2015-10-29 23:24 - 00000000 ___SD C:\WINDOWS\Downloaded Program Files
2015-12-10 03:22 - 2015-08-10 09:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-12-10 03:22 - 2015-08-10 08:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-12-10 03:22 - 2015-07-10 01:05 - 00000000 ____D C:\Users\Default.migrated
2015-12-10 03:22 - 2015-07-02 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-12-10 03:22 - 2015-04-15 13:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-12-10 03:22 - 2015-04-15 10:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Classic Shell
2015-12-10 03:22 - 2012-12-25 07:17 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2015-12-10 03:22 - 2012-11-23 07:09 - 00000000 ____D C:\WINDOWS\en
2015-12-10 03:22 - 2012-11-23 07:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-12-10 03:19 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-12-10 03:19 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-12-10 03:19 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-12-10 03:19 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-12-10 03:19 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-12-10 03:19 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-12-10 03:19 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\spool
2015-12-10 03:19 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-12-10 03:19 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-12-10 03:19 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-12-10 03:19 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-12-10 03:19 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\IME
2015-12-10 03:19 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-12-10 03:19 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-12-10 03:19 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-12-10 03:19 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-12-10 03:19 - 2012-12-25 07:23 - 00000000 ___HD C:\WINDOWS\system32\WLANProfiles
2015-12-10 03:17 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-10 03:17 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\InputMethod
2015-12-10 03:17 - 2015-10-29 23:24 - 00000000 ____D C:\ProgramData\USOPrivate
2015-12-10 03:17 - 2015-10-29 23:24 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-12-10 03:17 - 2015-09-09 11:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-12-10 03:17 - 2013-08-22 07:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-12-10 03:17 - 2012-12-25 07:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUSDVD
2015-12-10 03:17 - 2012-12-25 07:15 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-12-10 03:13 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-10 03:05 - 2015-10-30 01:13 - 00000000 ____D C:\WINDOWS\ServiceProfiles
2015-12-10 03:04 - 2015-10-29 23:24 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-12-10 02:45 - 2015-10-30 01:42 - 00000000 ___HD C:\$WINDOWS.~BT
2015-12-09 14:19 - 2015-09-10 13:24 - 00095024 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dc3d.sys
2015-12-08 19:39 - 2015-04-15 13:34 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-08 18:01 - 2015-05-13 05:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-08 18:00 - 2015-04-15 11:37 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-11-30 16:33 - 2015-10-29 23:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-11-30 16:33 - 2015-10-29 23:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

==================== Files in the root of some directories =======

2015-04-15 10:36 - 2015-11-24 17:12 - 0000408 _____ () C:\Users\John\AppData\Roaming\sp_data.sys
2015-06-26 07:42 - 2015-06-26 07:42 - 0000017 _____ () C:\Users\John\AppData\Local\resmon.resmoncfg
2015-08-10 09:04 - 2015-08-10 09:04 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-12-10 03:10 - 2015-12-10 03:10 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2012-11-23 07:07 - 2012-09-07 03:40 - 0000256 _____ () C:\ProgramData\SetStretch.cmd
2012-11-23 07:07 - 2009-07-22 02:04 - 0024576 _____ () C:\ProgramData\SetStretch.exe
2012-11-23 07:07 - 2012-09-07 03:37 - 0000103 _____ () C:\ProgramData\SetStretch.VBS

Some files in TEMP:
====================
C:\Users\John\AppData\Local\Temp\sqlite3.dll
C:\Users\John\AppData\Local\Temp\{623E12CD-4CDC-490D-A1AF-BD7159AE7D21}.dll
C:\Users\John\AppData\Local\Temp\{D42B7DFF-4D03-4FAF-912D-43E0D8697446}.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-20 10:45

==================== End of FRST.txt ============================
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Tue Dec 29, 2015 10:17 am    Post subject: Reply with quote

Hi,
Quote:
looks like it is all there.

Yes, the log was complete this time.
There is no sign of malware in your logs, but we need to tidy a few things up.
Quote:
Running from C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE\77OHI5KH

First thing i need you to do is move FRST.exe to your Desktop, it's currently saved to the above location.
If it's not saved on to your desktop this fix will fail.
If you don't know how to move it download FRST.exe again, and save it to your desktop this time.
Once you have done that continue with the instructions below.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.

    • Copy and Paste the following script into Notepad, Do not include the word Code:

    Code:

    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
    SearchScopes: HKU\S-1-5-21-3936709736-1518792879-354126822-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3936709736-1518792879-354126822-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    2015-12-19 14:57 - 2015-12-19 15:04 - 00002936 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
    2015-12-19 14:57 - 2015-12-19 15:04 - 00002936 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
    2015-12-19 14:57 - 2015-12-19 14:57 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
    2015-12-19 14:57 - 2015-12-19 14:57 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
    2015-12-19 14:57 - 2015-12-19 14:57 - 00000000 ____D C:\Users\John\AppData\Roaming\Lavasoft
    2015-12-19 14:57 - 2015-12-19 14:57 - 00000000 ____D C:\Program Files (x86)\Lavasoft
    2015-12-19 14:56 - 2015-12-19 14:56 - 00000000 ____D C:\ProgramData\Lavasoft
    C:\Users\John\AppData\Local\Temp\sqlite3.dll
    C:\Users\John\AppData\Local\Temp\{623E12CD-4CDC-490D-A1AF-BD7159AE7D21}.dll
    C:\Users\John\AppData\Local\Temp\{D42B7DFF-4D03-4FAF-912D-43E0D8697446}.dll
    ask: {0CC2580A-A574-4183-AFA6-8896D584B8AC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {0FEBF0B1-8446-4858-9CA6-C0A9F2AACE45} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {1698CDDE-B3F4-45B7-A422-2FDC4D92E68B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {55BBC00A-052B-4FC0-93EE-56DE8A4C6062} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {822FE6DD-344B-4A57-81CA-2570E5DB2DF0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {91EF118C-9B60-4DCA-ADEF-7A8689F8F568} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {96720131-59E3-40E4-AEBA-F4D7D5E2C9B8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {BB133AD8-AC3D-4670-8A52-9266B1FEFD9D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {D8C1A4A5-488C-45A2-88A3-C43B24F9A219} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {F6538C54-6167-4462-A904-BBC9A42FF45E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {F7A7D413-AF4D-40D6-A437-7A1E9498D542} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns

  • Save it next to FRST.exe on your Desktop as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

Next.

Please download Farbar Service Scanner ... by Farbar and save it to your Desktop.
  • Double click FSS.exe to run it. (Vista - W7 - W8 - W10 users: Please right click on FSS.exe and select Run As Administrator).
  • Select the following options ....

    • Security Center/Action Center
    • Windows Update
    • Other Services

  • Press the Scan button.
  • When finished, a text file named FSS.txt will be created on your desktop.
  • Please post the content of that Notepad file in your next reply.

Logs/Information to Post in your Next Reply
  • FRST Fixlog.txt.
  • FSS.txt.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Tue Dec 29, 2015 11:47 am    Post subject: logs requested Reply with quote

Fix result of Farbar Recovery Scan Tool (x64) Version:29-12-2015
Ran by John (2015-12-29 11:39:21) Run:1
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Boot Mode: Normal
==============================================

fixlist content:
*****************
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-3936709736-1518792879-354126822-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3936709736-1518792879-354126822-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
2015-12-19 14:57 - 2015-12-19 15:04 - 00002936 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-12-19 14:57 - 2015-12-19 15:04 - 00002936 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-12-19 14:57 - 2015-12-19 14:57 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-12-19 14:57 - 2015-12-19 14:57 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-12-19 14:57 - 2015-12-19 14:57 - 00000000 ____D C:\Users\John\AppData\Roaming\Lavasoft
2015-12-19 14:57 - 2015-12-19 14:57 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-12-19 14:56 - 2015-12-19 14:56 - 00000000 ____D C:\ProgramData\Lavasoft
C:\Users\John\AppData\Local\Temp\sqlite3.dll
C:\Users\John\AppData\Local\Temp\{623E12CD-4CDC-490D-A1AF-BD7159AE7D21}.dll
C:\Users\John\AppData\Local\Temp\{D42B7DFF-4D03-4FAF-912D-43E0D8697446}.dll
ask: {0CC2580A-A574-4183-AFA6-8896D584B8AC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {0FEBF0B1-8446-4858-9CA6-C0A9F2AACE45} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {1698CDDE-B3F4-45B7-A422-2FDC4D92E68B} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {55BBC00A-052B-4FC0-93EE-56DE8A4C6062} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {822FE6DD-344B-4A57-81CA-2570E5DB2DF0} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {91EF118C-9B60-4DCA-ADEF-7A8689F8F568} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {96720131-59E3-40E4-AEBA-F4D7D5E2C9B8} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {BB133AD8-AC3D-4670-8A52-9266B1FEFD9D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {D8C1A4A5-488C-45A2-88A3-C43B24F9A219} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {F6538C54-6167-4462-A904-BBC9A42FF45E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {F7A7D413-AF4D-40D6-A437-7A1E9498D542} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Hosts:
EmptyTemp:
CMD: ipconfig /flushdns



*****************

"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKU\S-1-5-21-3936709736-1518792879-354126822-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-3936709736-1518792879-354126822-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini => moved successfully
C:\WINDOWS\system32\LavasoftTcpServiceOff.ini => moved successfully
C:\WINDOWS\system32\LavasoftTcpService64.dll => moved successfully
C:\WINDOWS\SysWOW64\LavasoftTcpService.dll => moved successfully
C:\Users\John\AppData\Roaming\Lavasoft => moved successfully
C:\Program Files (x86)\Lavasoft => moved successfully
C:\ProgramData\Lavasoft => moved successfully
C:\Users\John\AppData\Local\Temp\sqlite3.dll => moved successfully
C:\Users\John\AppData\Local\Temp\{623E12CD-4CDC-490D-A1AF-BD7159AE7D21}.dll => moved successfully
C:\Users\John\AppData\Local\Temp\{D42B7DFF-4D03-4FAF-912D-43E0D8697446}.dll => moved successfully
ask: {0CC2580A-A574-4183-AFA6-8896D584B8AC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION => Error: No automatic fix found for this entry.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0FEBF0B1-8446-4858-9CA6-C0A9F2AACE45}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0FEBF0B1-8446-4858-9CA6-C0A9F2AACE45}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1698CDDE-B3F4-45B7-A422-2FDC4D92E68B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1698CDDE-B3F4-45B7-A422-2FDC4D92E68B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{55BBC00A-052B-4FC0-93EE-56DE8A4C6062}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{55BBC00A-052B-4FC0-93EE-56DE8A4C6062}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{822FE6DD-344B-4A57-81CA-2570E5DB2DF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{822FE6DD-344B-4A57-81CA-2570E5DB2DF0}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{91EF118C-9B60-4DCA-ADEF-7A8689F8F568}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{91EF118C-9B60-4DCA-ADEF-7A8689F8F568}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{96720131-59E3-40E4-AEBA-F4D7D5E2C9B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{96720131-59E3-40E4-AEBA-F4D7D5E2C9B8}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BB133AD8-AC3D-4670-8A52-9266B1FEFD9D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BB133AD8-AC3D-4670-8A52-9266B1FEFD9D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{D8C1A4A5-488C-45A2-88A3-C43B24F9A219}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D8C1A4A5-488C-45A2-88A3-C43B24F9A219}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F6538C54-6167-4462-A904-BBC9A42FF45E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F6538C54-6167-4462-A904-BBC9A42FF45E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F7A7D413-AF4D-40D6-A437-7A1E9498D542}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F7A7D413-AF4D-40D6-A437-7A1E9498D542}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 128.4 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 11:39:35 ====

Farbar Service Scanner Version: 10-06-2014
Ran by John (administrator) on 29-12-2015 at 11:45:58
Running from "C:\Users\John\Desktop"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************



Security Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Other Services:
==============


File Check:
========
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Wed Dec 30, 2015 7:00 am    Post subject: Reply with quote

Hi,
Good work, With regards to your Windows update problem.
Follow the instructions in the link below to run a Windows Update troubleshooter.
Once done let me know if it solves the problem.

http://windows.microsoft.com/en-gb/windows/troubleshoot-problems-installing-updates#1TC=windows-7
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Wed Dec 30, 2015 9:04 am    Post subject: not working Reply with quote

The fix you sent says: "The Microsoft Fix it does not apply to your operating system or application version." Microsoft fix it 50123.

my problems are still not remedied. Videos are interrupted, programs do not load completely, I have more pop-ups including for for PC Keeper. any ideas??? Thanks
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Wed Dec 30, 2015 10:10 am    Post subject: Reply with quote

Quote:
The fix you sent says: "The Microsoft Fix it does not apply to your operating system or application version.

My apologies, that fix was for windows 7 not 10.
From my research there seems to be a lot of people who are having problems updating Windows 10.
I will have to direct you to a forum who deal with this type of problem, we deal solely in malware removal.
Quote:
I have more pop-ups including for for PC Keeper.

You didn't say that you were getting pop-ups before, Which browser are you using when you see pop-ups?
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Wed Dec 30, 2015 10:52 am    Post subject: Reply with quote

I thought I had put that in my initial query. I like to use IE 11 as I find the new Edge browser not as easy to use.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Wed Dec 30, 2015 11:13 am    Post subject: Reply with quote

posefish wrote:
I thought I had put that in my initial query. I like to use IE 11 as I find the new Edge browser not as easy to use.

Ok try this then let me know if you're still seeing the pop-ups.

Reset - Internet Explorer
  • Launch Internet Explorer.
  • Under the Tools menu, click on Internet Options.
  • In the pop-up Internet Options window, click on the Advanced tab and then click on the Reset button.
  • Tick the Delete Personal Settings option.
  • Then click on the Reset button to process the browser reset.
  • When complete, click the Close button.
  • Click on the OK button in the Internet Explorer restart reminder window.
  • Restart Internet Explorer.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Wed Dec 30, 2015 12:37 pm    Post subject: Reply with quote

I still get pop-ups, can't use Windows Update from the tools menu, videos still are interrupted. Thank you!
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Thu Dec 31, 2015 3:27 am    Post subject: Reply with quote

Hi,

First please Disable any Antivirus you have active, as shown in This topic.
Note: Don't forget to re-enable it after the scan.

Next please download zoek.exe and save it to your desktop.
  • Close any open browsers.
  • Right click on zoek.exe and select " Run as administrator " to run it.
  • Please wait while the tool starts. It will appear to be doing nothing and may take a few seconds to come up.
  • Click the More Options button below the large panel and check the box:

    • Auto Clean

  • Click on Run script button
  • Please wait patiently (it may take a few minutes) until a log report will open (this may be after reboot, if required)
  • Copy (Ctrl +C) and paste (Ctrl +V) the contents of the opened entire report back here.

    Note: It will also create a log in the C:\ directory named "zoek-results.log"

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Thu Dec 31, 2015 9:33 am    Post subject: Reply with quote

Here is the zoek info:

Zoek.exe v5.0.0.1 Updated 31-December-2015
Tool run by John on Thu 12/31/2015 at 9:11:13.02.
Microsoft Windows 10 Home 10.0.10586 x64
Running in: Normal Mode Internet Access Detected
Launched: C:\Users\John\Desktop\zoek.exe [Scan all users] [Checkboxes used]

==== System Restore Info ======================

12/31/2015 9:12:28 AM Zoek.exe System Restore Point Created Successfully.

==== Empty Folders Check ======================

C:\PROGRA~2\Cisco deleted successfully
C:\PROGRA~3\Comms deleted successfully
C:\Users\John\AppData\Local\ActiveSync deleted successfully
C:\Users\John\AppData\Local\EmieBrowserModeList deleted successfully
C:\Users\John\AppData\Local\EmieSiteList deleted successfully
C:\Users\John\AppData\Local\EmieUserList deleted successfully
C:\Users\John\AppData\Local\Lavasoft deleted successfully
C:\Users\John\AppData\Local\NetworkTiles deleted successfully

==== Deleting CLSID Registry Keys ======================


==== Deleting CLSID Registry Values ======================


==== Deleting Services ======================


==== Deleting Files \ Folders ======================

C:\PROGRA~2\Cisco not found
C:\Prefs.js deleted
C:\PROGRA~3\SetStretch.VBS deleted
C:\PROGRA~3\{ECA9D0D4-7782-4B7F-96E2-FDB0CF0A57D5} deleted
C:\PROGRA~3\Package Cache deleted
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\LavasoftTcpService deleted
C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Search.lnk deleted
C:\WINDOWS\wininit.ini deleted

==== Chromium Look ======================

Chrome Hotword Shared Module - John\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg

==== Set IE to Default ======================

Old Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.foxnews.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"

New Values:
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main]
"Start Page"="http://www.foxnews.com/"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes]
"DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"

==== All HKLM and HKCU SearchScopes ======================

HKLM\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
HKLM\Wow6432Node\SearchScopes "DefaultScope"="{0633EE93-D776-472f-A0FF-E1416B8B2E3A}"
HKLM\Wow6432Node\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&amp;form=IE10TR&amp;src=IE10TR&amp;pc=ASU2JS
HKCU\SearchScopes "DefaultScope"="{012E1000-F331-11DB-8314-0800200C9A66}"
HKCU\SearchScopes\{012E1000-F331-11DB-8314-0800200C9A66} - http://www.google.com/search?q={searchTerms}
HKCU\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} - http://www.bing.com/search?q={searchTerms}&src=IE-SearchBox&FORM=IE8SRC

==== Empty IE Cache ======================

C:\WINDOWS\system32\config\systemprofile\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5 emptied successfully
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\Low\Content.IE5 emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\WINDOWS\sysWOW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\Content.IE5 emptied successfully
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\Users\John\AppData\Local\Microsoft\Windows\INetCache\Low\IE emptied successfully
C:\WINDOWS\SysNative\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully
C:\WINDOWS\sysWoW64\config\systemprofile\AppData\Local\Microsoft\Windows\INetCache\IE emptied successfully

==== Empty FireFox Cache ======================

No FireFox Profiles found

==== Empty Chrome Cache ======================

C:\Users\John\AppData\Local\Google\Chrome\User Data\Default\Cache emptied successfully
C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache emptied successfully

==== Empty All Flash Cache ======================

No Flash Cache Found

==== Empty All Java Cache ======================

No Java Cache Found

==== C:\zoek_backup content ======================

C:\zoek_backup (files=20 folders=12 120163915 bytes)

==== Empty Temp Folders ======================

C:\WINDOWS\Temp will be emptied at reboot

==== After Reboot ======================

==== Empty Temp Folders ======================

C:\WINDOWS\Temp successfully emptied
C:\Users\John\AppData\Local\Temp successfully emptied

==== Empty Recycle Bin ======================

C:\$RECYCLE.BIN successfully emptied

==== EOF on Thu 12/31/2015 at 9:30:23.44 ======================
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Thu Dec 31, 2015 10:38 am    Post subject: Reply with quote

Are you still getting pop-ups?
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Thu Dec 31, 2015 10:48 am    Post subject: Reply with quote

nothing seems to have changed. Can't access Windows Update, pop-ups coming once in a while, video and audio is interrupted or doesn't play. I've checked and updated drivers for audio.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Thu Dec 31, 2015 12:08 pm    Post subject: Reply with quote

There is nothing in your logs so far that would explain the problems you're having.
Did these problems start after you installed Windows 10?

Please run this scan for me.

ESET online scannner

Note: You can use either Internet Explorer or Mozilla FireFox for this scan.

Note: If you are using Windows Vista or Windows 7, open your browser by right-clicking on its icon and select 'Run as administrator' to perform this scan.

  • First please Disable any Antivirus you have active, as shown in This topic.
  • Note: Don't forget to re-enable it after the scan.
  • Next hold down Control then click on the following link to open a new window to ESET online scannner
    Quote:
    Note: If using Mozilla Firefox you will need to download esetsmartinstaller_enu.exe when prompted then double click on it to install.
    All of the below instructions are compatible with either Internet Explorer or Mozilla FireFox.

  • When prompted allow the Add-On/Active X to install.
  • Click on Run ESET Online Scanner, then elect the option YES, I accept the Terms of Use, then click Start.
  • Make sure that the option Remove found threats is NOT checked, and the option Scan archives is checked.
  • Now click on Advanced Settings and select the following:
    • Scan for potentially unwanted applications
    • Scan for potentially unsafe applications
    • Enable Anti-Stealth Technology
  • Now click on Start.
  • The virus signature database... will begin to download. Be patient this make take some time depending on the speed of your Internet Connection.
  • When completed the Online Scan will begin automatically.
  • Do not touch either the Mouse or keyboard during the scan otherwise it may stall.
  • When completed select Uninstall application on close if you so wish, make sure you copy the logfile first!
  • Now click on Finish.
  • Use notepad to open the logfile located at C:\Program Files\ESET\EsetOnlineScanner\log.txt.
  • Copy and paste that log as a reply to this topic.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Fri Jan 01, 2016 10:43 am    Post subject: Reply with quote

there appears to be a threat. This is all I could get from the .txt file:
C:\Program Files\WebDiscoverBrowser\1.259.2\isa.dll a variant of Win32/WebBar.D potentially unwanted application thanks and happy new year!
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Sat Jan 02, 2016 3:27 am    Post subject: Reply with quote

Hi,
Quote:
thanks and happy new year!

You're welcome, and Happy new year to you to.
Quote:
Did these problems start after you installed Windows 10?

You didn't answer me question, Did the problems your having start after you installed Windows 10?
Quote:
there appears to be a threat. This is all I could get from the .txt file:

I doubt if this is the cause of your problems, but we will remove it and see.

  • Click Start
  • Type notepad.exe in the search programs and files box and click Enter.
  • A blank Notepad page should open.

    • Copy and Paste the following script into Notepad, Do not include the word Code:

    Code:

    Task: {0CC2580A-A574-4183-AFA6-8896D584B8AC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    C:\Program Files\WebDiscoverBrowser\1.259.2\isa.dll

    Hosts:
    EmptyTemp:
    CMD: ipconfig /flushdns

  • Save it next to FRST.exe on your Desktop as filename fixlist.txt
  • NOTE: It's important that both files, FRST/FRST64 and fixlist.txt are saved in the same location or the fix will not work.
  • Right-click FRST.exe and select " Run as administrator " to run it.
  • Press the Fix button just once. Then wait.
  • When finished, it will create a Fixlog.txt log on your Desktop.
  • Please post the content of the Fixlog.txt in your next reply.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Sat Jan 02, 2016 7:27 am    Post subject: Reply with quote

Hi and yes it seemed to come up after the Windows 10 upgrade. Here is the requested log:
Fix result of Farbar Recovery Scan Tool (x64) Version:29-12-2015
Ran by John (2016-01-02 07:23:31) Run:2
Running from C:\Users\John\Desktop
Loaded Profiles: John (Available Profiles: John)
Boot Mode: Normal
==============================================

fixlist content:
*****************
Task: {0CC2580A-A574-4183-AFA6-8896D584B8AC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
C:\Program Files\WebDiscoverBrowser\1.259.2\isa.dll

Hosts:
EmptyTemp:
CMD: ipconfig /flushdns
*****************

"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0CC2580A-A574-4183-AFA6-8896D584B8AC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CC2580A-A574-4183-AFA6-8896D584B8AC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
C:\Program Files\WebDiscoverBrowser\1.259.2\isa.dll => moved successfully
C:\Windows\System32\Drivers\etc\hosts => moved successfully
Hosts restored successfully.

========= ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========

EmptyTemp: => 28 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 07:23:34 ====
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Sat Jan 02, 2016 8:45 am    Post subject: Reply with quote

Hi,
It was a long shot but are you still having the all the problems you described?
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Sat Jan 02, 2016 12:18 pm    Post subject: Reply with quote

I still cannot access Windows Update from my browser. Video/audio is interrupted. Sounds like time to save everything and reset?
any other magic up your sleeve??? thanks
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Sun Jan 03, 2016 3:40 am    Post subject: Reply with quote

posefish wrote:
I still cannot access Windows Update from my browser. Video/audio is interrupted. Sounds like time to save everything and reset?
any other magic up your sleeve??? thanks

Are you still getting the pop-ups when using Internet Explorer ?
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Sun Jan 03, 2016 8:07 am    Post subject: Reply with quote

I am getting pop-ups once in awhile, but better than before. The issue remains with the video/audio interruptions. Internet connection is fine, but video and audio is not great.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Sun Jan 03, 2016 9:33 am    Post subject: Reply with quote

Ok lets try this.
When done let me know if it solves any of the problems you're having.

Go Here, look for step 3 to download and run the Windows Update Troubleshooter.

Next.

As you have Malwarebytes' Anti-Malware installed on your computer. Could you please do a scan using these settings:
  • Launch Malwarebytes then click Update Now.
  • Press the Scan Settings icon on the top bar of the MBAM interface, make sure Threat Scan is checked.
  • Press the Scan Now >> button.
  • When the scan is finished:
  • If clean, a message will be displayed "The scan completed successfully! No malicious items were detected!"
  • If infections were found, click the Quarantine all button.
  • Press the View detailed log >> link to display the results log.
  • Press the Copy to Clipboard button.
  • Copy and paste the scan results in your next reply and exit MBAM.

Next.

Please download Junkware Removal Tool and save it to your desktop.
  • Shut down your protection software as shown in This topic now to avoid potential conflicts.
  • Run the tool by double-clicking it. If you are using Windows Vista, Seven, Eight, right-mouse click it and select Run as Administrator.
  • The tool will open and start scanning your system.
  • Please be patient as this can take a while to complete depending on your system's specifications.
  • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
  • Please post the contents of JRT.txt into your next reply.

Logs/Information to Post in your Next Reply
  • Malwarebytes log.
  • JRT.txt.
  • Please give me an update on your computers performance.

_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Sun Jan 03, 2016 10:57 am    Post subject: Reply with quote

I still can't open Windows update from the browsers. Not sure if I'm getting automatic updates. audio is still compromised. there is a click in the sound.

Here are the logs you want:
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by John (Administrator) on Sun 01/03/2016 at 10:43:25.75
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 2

Successfully deleted: C:\Users\John\AppData\Roaming\sp_data.sys (File)
Successfully deleted: C:\WINDOWS\prefetch\DRIVERUPDATEUI.EXE-A933B2EF.pf (File)



Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Sun 01/03/2016 at 10:44:45.31
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 1/3/2016
Scan Time: 10:22 AM
Logfile: malwarebytes.txt
Administrator: Yes

Version: 2.2.0.1024
Malware Database: v2016.01.03.05
Rootkit Database: v2015.12.26.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: John

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 334573
Time Elapsed: 13 min, 18 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 9
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{2869831e-57d4-41fe-8330-aad9ad2c6554}, Quarantined, [e35e7cb97f1afd39062bfe7a6a98e020],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{2869831E-57D4-41FE-8330-AAD9AD2C6554}, Quarantined, [e35e7cb97f1afd39062bfe7a6a98e020],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{2869831E-57D4-41FE-8330-AAD9AD2C6554}, Quarantined, [e35e7cb97f1afd39062bfe7a6a98e020],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\APPID\{9317b373-f854-47a9-b384-bf199504f5e9}, Quarantined, [0140d95c1d7cd462161a433502001de3],
PUP.Optional.Yontoo, HKLM\SOFTWARE\WOW6432NODE\CLASSES\APPID\{9317B373-F854-47A9-B384-BF199504F5E9}, Quarantined, [0140d95c1d7cd462161a433502001de3],
PUP.Optional.Yontoo, HKLM\SOFTWARE\CLASSES\WOW6432NODE\APPID\{9317B373-F854-47A9-B384-BF199504F5E9}, Quarantined, [0140d95c1d7cd462161a433502001de3],
PUP.Optional.WebDiscoverBrowser, HKLM\SOFTWARE\WebDiscoverBrowser, Quarantined, [033e0e272079b77f368c8491cd37c739],
PUP.Optional.PlayThruPlayer, HKU\S-1-5-21-3936709736-1518792879-354126822-1001\SOFTWARE\PlaythruPlayer, Quarantined, [d1709c99851477bf7acdf0d026dd946c],
PUP.Optional.WebDiscoverBrowser, HKU\S-1-5-21-3936709736-1518792879-354126822-1001\SOFTWARE\WebDiscoverBrowser, Quarantined, [c67bc96cb9e0d95d1fa07b9ab054e020],

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 12
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Cache, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\recovery, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\recovery\101.3.28.17, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\recovery\101.3.28.17\_metadata, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],

Files: 40
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Cookies-journal, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Certificate Revocation Lists, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Local State, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Bloom, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Bloom Prefix Set, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Cookies, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Csd Whitelist, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Download, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Download Whitelist, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing Extension Blacklist, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Safe Browsing IP Blacklist, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\ChromeDWriteFontCache, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Favicons, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\History, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\History-journal, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Preferences, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\README, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Secure Preferences, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Top Sites, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Visited Links, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Web Data, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Storage\chrome-extension_pafkbggdmjlpgkdkcbjmhmfcdpncadgh_0.localstorage, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\000006.log, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\LOCK, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\LOG, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension Rules\MANIFEST-000001, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\000006.ldb, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\000007.log, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\LOCK, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\LOG, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Extension State\MANIFEST-000001, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000006.ldb, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\000007.log, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOCK, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\LOG, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\Default\Local Extension Settings\pafkbggdmjlpgkdkcbjmhmfcdpncadgh\MANIFEST-000001, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\recovery\101.3.28.17\ChromeRecovery.exe, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\recovery\101.3.28.17\manifest.fingerprint, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\recovery\101.3.28.17\manifest.json, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],
PUP.Optional.WebDiscoverBrowser, C:\Users\John\AppData\Local\WebDiscoverBrowser\User Data\recovery\101.3.28.17\_metadata\verified_contents.json, Quarantined, [fb463ff6dfba0e28045effbcac565ba5],

Physical Sectors: 0
(No malicious items detected)


(end)
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Mon Jan 04, 2016 3:35 am    Post subject: Reply with quote

Hi,
Are you still getting the pop-ups when using Internet Explorer ?
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Mon Jan 04, 2016 8:36 am    Post subject: Reply with quote

Pop-ups seem to be disabled. Still cannot access update from browser and video/audio is still not completely fixed. Anything else we can try? Thanks
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Mon Jan 04, 2016 9:41 am    Post subject: Reply with quote

posefish wrote:
Pop-ups seem to be disabled. Still cannot access update from browser and video/audio is still not completely fixed. Anything else we can try? Thanks
As far as i can tell your remaining problems are not malware related.
I think those problems are related to the W10 upgrade you performed.
As this is a dedicated Malware Removal site, (we specialises solely in the removal of Malware). I'm afraid i will have to direct you to experts elsewhere.
Here are some excellent "General Computer Help" forums, where they have people trained to deal with non-Malware related issues.

Please don't think that I'm abandoning you, I'm just directing you towards sources of help which I feel are more likely to resolve your problems.
If anyone asks if you've been checked for malware, please feel free to refer them to this topic.

Lets tidy up and remove the tools we used to clean your computer.

Please download delfix and save it to your desktop.
  • Right-click on delfix.exe and select " Run as administrator " to run it.
  • Check the following boxes then click on Run.

    • Remove disinfection tools

  • All tools we used to clean your computer should be gone now.
  • You can now delete any tools/logs we used if they remain on your computer.

Protection Programs
Don't forget to re-enable any protection programs we disabled during your fix.

I would be grateful if you could reply to this post so that I know you have read it and, if you've no other questions, the thread can be closed.

Safe surfing!
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
posefish
Warrior


Joined: 14 Oct 2011
Last Visit: 05 Jan 2016
Posts: 73

PostPosted: Mon Jan 04, 2016 12:15 pm    Post subject: Reply with quote

"Thank you for all your help. I'll try and few things on my own and see if I can avoid from re-doing the whole operating system.
Back to top
View user's profile Send private message
Cypher
Moderator


Joined: 05 Jul 2009
Last Visit: 11 Mar 2017
Posts: 5041
Location: Land Of The Leprechauns

PostPosted: Tue Jan 05, 2016 3:16 am    Post subject: Reply with quote

Hi,
Quote:
Thank you for all your help

You're welcome, I'm just sorry we were not able to solve all your problems.
Quote:
I'll try and few things on my own and see if I can avoid from re-doing the whole operating system.

If i were you i would uninstall Windows 10 and see if that solves your problems.
http://www.howtogeek.com/220723/how-to-uninstall-windows-10-and-downgrade-to-windows-7-or-8.1/

If not a reformat might be your only option unfortunately.

As your malware problems appear to be resolved i will close this topic.

Good luck.

This Topic is Now Closed
_________________
Admin/Teacher at Malware Removal University
Member of UNITE
Back to top
View user's profile Send private message
Display posts from previous:   
Post new topic   This topic is locked: you cannot edit posts or make replies.    Spyware Warrior Forum Index -> Help with spyware removal All times are GMT - 8 Hours
Page 1 of 1

 
Jump to:  
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum
You cannot vote in polls in this forum



smartBlue Style © 2002 Smartor
Powered by phpBB © 2001, 2002 phpBB Group