Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

FBI Interpol Popup [Solved]


  • This topic is locked This topic is locked

#1
billesq

billesq

    New Member

  • Member
  • Pip
  • 5 posts

Hello,

 

I was on the Mozilla Firefox when I got a pop-up supposedly from the FBI/Interpol asking me to pay a $200 fine for violating some law.  While it popped up in a new tab (I was using Firefox on a Windows 10 machine that originally came with Windows 8), after closing Firefox and quickly reopening said browser, the pop-up remained.  However, after a restart, there is no pop-up and everything seems to be working fine.  However, I know of viruses like this that can do some serious damage and wanted to make sure that my family computer is as clean as possible.  If you can take a look, I would greatly appreciate it.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-09-2015 02
Ran by Newman (administrator) on NEWMAN-PC (14-09-2015 01:35:24)
Running from C:\Users\Newman\Desktop
Loaded Profiles: Newman (Available Profiles: Newman)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamresearch.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288 2014-07-30] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-14] (AVAST Software)
HKU\S-1-5-21-1159969180-2088883839-793877200-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1404248 2015-07-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1159969180-2088883839-793877200-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1159969180-2088883839-793877200-1001\...\Run: [OneDrive] => C:\Users\Newman\AppData\Local\Microsoft\OneDrive\OneDrive.exe [404064 2015-08-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64\FileSyncShell64.dll [2015-08-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64\FileSyncShell64.dll [2015-08-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64\FileSyncShell64.dll [2015-08-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-14] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\FileSyncShell.dll [2015-08-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\FileSyncShell.dll [2015-08-24] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\FileSyncShell.dll [2015-08-24] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk [2015-08-16]
ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0103cebc-9ce6-4eab-b894-39db6f0a6809}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{749e0c5a-0b60-4a0c-9d04-e522aa98358f}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{be5223c1-1540-43f9-b510-7c5a6071031d}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1159969180-2088883839-793877200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1159969180-2088883839-793877200-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-1159969180-2088883839-793877200-1001 -> DefaultScope {D81070C9-013F-4537-8541-9ACB6A5E5310} URL =
SearchScopes: HKU\S-1-5-21-1159969180-2088883839-793877200-1001 -> {D81070C9-013F-4537-8541-9ACB6A5E5310} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-14] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-14] (AVAST Software)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-05] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Newman\AppData\Roaming\Mozilla\Firefox\Profiles\omx0xtef.default-1442208028922
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-14]

Chrome:
=======
CHR HomePage: Default -> hxxp://tagzone/
CHR Profile: C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-22]
CHR Extension: (Google Drive) - C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-22]
CHR Extension: (YouTube) - C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-22]
CHR Extension: (Google Search) - C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-22]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2014-07-22]
CHR Extension: (Gmail) - C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-22]
CHR HKLM-x32\...\Chrome\Extension: [fmgckcapmffomaifonnhgkfdgljnkpgi] - <no Path/update_url>
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-14] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-07-30] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-30] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-07-30] (BlueStack Systems, Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-07-22] (WildTangent)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [754120 2015-07-29] (Garmin Ltd. or its subsidiaries)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-24] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-09-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-09-14] (AVAST Software)
R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-09-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-14] (AVAST Software)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-30] (BlueStack Systems)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3453144 2015-07-10] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-24] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [37904 2014-01-11] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [103712 2014-01-11] (Trend Micro Inc.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-14 01:35 - 2015-09-14 01:35 - 00020415 _____ C:\Users\Newman\Desktop\FRST.txt
2015-09-14 01:34 - 2015-09-14 01:35 - 00000000 ____D C:\FRST
2015-09-14 01:34 - 2015-09-14 01:34 - 02190848 _____ (Farbar) C:\Users\Newman\Desktop\FRST64.exe
2015-09-14 01:33 - 2015-09-14 01:33 - 02190848 _____ (Farbar) C:\Users\Newman\Downloads\FRST64.exe
2015-09-14 01:27 - 2015-09-14 01:28 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-14 01:27 - 2015-09-14 01:27 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Newman\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-14 01:27 - 2015-09-14 01:27 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-14 01:27 - 2015-09-14 01:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-14 01:27 - 2015-09-14 01:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-14 01:27 - 2015-09-14 01:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-14 01:27 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-14 01:27 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-14 01:27 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-14 01:23 - 2015-09-14 01:23 - 00016148 _____ C:\WINDOWS\system32\NEWMAN-PC_Newman_HistoryPrediction.bin
2015-09-14 01:16 - 2015-09-14 01:16 - 00000000 ____D C:\Users\Newman\AppData\Roaming\AVAST Software
2015-09-14 01:15 - 2015-09-14 01:15 - 01048344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-09-14 01:15 - 2015-09-14 01:15 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-09-14 01:15 - 2015-09-14 01:15 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-09-14 01:15 - 2015-09-14 01:15 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-09-14 01:15 - 2015-09-14 01:15 - 00150672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-09-14 01:15 - 2015-09-14 01:15 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-09-14 01:15 - 2015-09-14 01:15 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-09-14 01:15 - 2015-09-14 01:15 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-09-14 01:15 - 2015-09-14 01:15 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-09-14 01:15 - 2015-09-14 01:15 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-09-14 01:15 - 2015-09-14 01:15 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-09-14 01:15 - 2015-09-14 01:15 - 00001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-09-14 01:15 - 2015-09-14 01:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-14 01:13 - 2015-09-14 01:13 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-14 01:12 - 2015-09-14 01:13 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-14 01:12 - 2015-09-14 01:12 - 05685712 _____ (AVAST Software) C:\Users\Newman\Desktop\avast_free_antivirus_setup_online.exe
2015-09-12 19:36 - 2015-09-12 19:37 - 00285248 _____ C:\WINDOWS\Minidump\091215-47328-01.dmp
2015-09-08 21:40 - 2015-09-01 21:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-08 21:40 - 2015-09-01 20:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-08 21:40 - 2015-09-01 20:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-08 21:40 - 2015-08-27 02:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-08 21:40 - 2015-08-27 02:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-08 21:40 - 2015-08-27 02:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-08 21:40 - 2015-08-27 01:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-08 21:40 - 2015-08-27 01:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-08 21:40 - 2015-08-27 01:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-08 21:40 - 2015-08-27 01:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-08 21:40 - 2015-08-27 01:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-08 21:40 - 2015-08-27 01:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-08 21:40 - 2015-08-27 01:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-08 21:40 - 2015-08-27 01:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-08 21:40 - 2015-08-27 01:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-08 21:40 - 2015-08-27 01:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-08 21:40 - 2015-08-27 01:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-08 21:40 - 2015-08-27 01:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-08 21:40 - 2015-08-27 01:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-08 21:40 - 2015-08-27 01:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-08 21:40 - 2015-08-27 01:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-08 21:40 - 2015-08-27 01:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-08 21:40 - 2015-08-27 01:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-08 21:40 - 2015-08-27 01:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-08 21:40 - 2015-08-27 01:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-08 21:40 - 2015-08-27 01:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-08 21:40 - 2015-08-27 01:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-08 21:40 - 2015-08-27 01:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-08 21:40 - 2015-08-27 01:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-08 21:40 - 2015-08-27 01:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-08 21:40 - 2015-08-27 01:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-08 21:40 - 2015-08-27 01:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-01 23:03 - 2015-09-12 19:53 - 00008846 _____ C:\Users\Newman\Desktop\account balance.xlsx
2015-08-31 15:11 - 2015-08-31 15:12 - 00000000 ____D C:\Users\Newman\AppData\Local\MicrosoftEdge
2015-08-28 23:31 - 2015-08-20 02:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-28 23:30 - 2015-08-20 02:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-28 23:30 - 2015-08-20 02:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-28 23:30 - 2015-08-20 01:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-28 23:30 - 2015-08-20 01:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-28 23:30 - 2015-08-20 01:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-28 23:30 - 2015-08-20 01:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-28 23:30 - 2015-08-18 03:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 23:30 - 2015-08-18 03:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-28 23:30 - 2015-08-18 03:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-28 23:30 - 2015-08-18 03:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-28 23:30 - 2015-08-18 03:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-28 23:30 - 2015-08-18 03:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-28 23:30 - 2015-08-18 03:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-28 23:30 - 2015-08-18 03:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-28 23:30 - 2015-08-18 03:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-28 23:30 - 2015-08-18 03:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-28 23:30 - 2015-08-18 03:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-28 23:30 - 2015-08-18 02:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-28 23:30 - 2015-08-18 02:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-28 23:30 - 2015-08-18 02:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-28 23:30 - 2015-08-18 02:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-28 23:30 - 2015-08-18 02:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-28 23:30 - 2015-08-18 02:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-28 23:30 - 2015-08-18 02:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-28 23:30 - 2015-08-18 02:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-28 23:30 - 2015-08-18 02:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-28 23:30 - 2015-08-18 02:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-28 23:30 - 2015-08-18 02:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-28 23:30 - 2015-08-18 02:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-28 23:30 - 2015-08-18 02:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-28 23:30 - 2015-08-18 02:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-28 23:30 - 2015-08-18 02:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-28 23:30 - 2015-08-18 02:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-28 23:30 - 2015-08-18 02:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-28 23:30 - 2015-08-18 02:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-28 23:30 - 2015-08-18 02:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-28 23:30 - 2015-08-18 02:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-28 23:30 - 2015-08-18 02:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-28 23:30 - 2015-08-18 02:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-28 23:30 - 2015-08-18 00:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-27 14:24 - 2015-08-27 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-25 23:38 - 2015-09-12 19:36 - 1036474134 _____ C:\WINDOWS\MEMORY.DMP
2015-08-25 23:38 - 2015-08-25 23:38 - 00285248 _____ C:\WINDOWS\Minidump\082515-49515-01.dmp
2015-08-25 23:38 - 2015-08-25 23:38 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-24 11:33 - 2015-08-24 11:33 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-24 03:57 - 2015-08-24 00:38 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-24 03:51 - 2015-08-24 03:51 - 00000000 ____D C:\Windows.old
2015-08-24 03:50 - 2015-08-24 03:50 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 06305792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 05076480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 04760576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 04398080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 04350464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 03687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 03362816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02741760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01562968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01561872 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 01411072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-08-24 03:50 - 2015-08-24 03:50 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 01135312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-08-24 03:50 - 2015-08-24 03:50 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-08-24 03:50 - 2015-08-24 03:50 - 00934752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00750592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00695136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efscore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00521568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00505344 _____ C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00425824 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00082616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00061280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-08-24 03:49 - 2015-08-24 03:50 - 07051264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 06488312 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 05118024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 04611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02606080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02207744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02112512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01591856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01365072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01101792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00966424 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00902656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-08-24 03:49 - 2015-08-24 03:49 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00823336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00808856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00762896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-08-24 03:49 - 2015-08-24 03:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-24 03:49 - 2015-08-24 03:49 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-24 03:49 - 2015-08-24 03:49 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-24 03:49 - 2015-08-24 03:49 - 00335248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00325984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00290312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-08-24 03:49 - 2015-08-24 03:49 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-24 03:49 - 2015-08-24 03:49 - 00265480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00032768 _____ C:\WINDOWS\system32\LicenseManagerApi.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-08-24 03:43 - 2015-08-24 03:43 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-08-24 03:40 - 2015-08-24 03:40 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-24 03:40 - 2015-08-24 03:40 - 00000000 ____D C:\Program Files\MSBuild
2015-08-24 03:40 - 2015-08-24 03:40 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-08-24 03:40 - 2015-08-24 03:40 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-24 03:39 - 2015-06-17 22:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-08-24 03:39 - 2015-06-17 22:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-24 03:39 - 2015-06-17 22:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-08-24 03:39 - 2015-05-30 01:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-08-24 03:39 - 2015-05-30 01:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-24 03:39 - 2015-05-30 01:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-08-24 02:51 - 2015-08-24 02:51 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-08-24 00:45 - 2015-08-24 00:45 - 00002388 _____ C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-24 00:40 - 2015-08-24 00:40 - 00254152 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo33.dll
2015-08-24 00:39 - 2015-08-24 00:39 - 00420040 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2015-08-24 00:39 - 2015-08-24 00:39 - 00042696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2015-08-24 00:39 - 2015-08-24 00:39 - 00042184 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2015-08-24 00:39 - 2015-08-24 00:39 - 00000000 ____D C:\Users\Newman\AppData\Local\Publishers
2015-08-24 00:38 - 2015-08-24 00:38 - 00000000 ____D C:\Users\Newman\AppData\Local\NetworkTiles
2015-08-24 00:37 - 2015-09-02 21:42 - 00000000 ____D C:\Users\Newman\AppData\Local\Comms
2015-08-24 00:37 - 2015-08-24 00:37 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-08-24 00:36 - 2015-08-24 00:36 - 00000000 ____D C:\Users\Newman\AppData\Local\TileDataLayer
2015-08-24 00:35 - 2015-08-24 00:35 - 00000020 ___SH C:\Users\Newman\ntuser.ini
2015-08-24 00:34 - 2015-08-24 00:34 - 00000000 __SHD C:\Recovery
2015-08-24 00:31 - 2015-08-24 00:31 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-08-24 00:26 - 2015-09-12 19:54 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-24 00:20 - 2015-07-10 06:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-08-24 00:15 - 2015-08-24 00:15 - 00000000 ____D C:\Users\Default\AppData\Roaming\Garmin
2015-08-24 00:15 - 2015-08-24 00:15 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-08-24 00:15 - 2015-08-24 00:15 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Garmin
2015-08-24 00:15 - 2015-08-24 00:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-08-24 00:14 - 2015-08-24 00:14 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-24 00:08 - 2015-08-24 00:08 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-08-24 00:06 - 2015-09-04 09:03 - 00000000 ____D C:\Users\Newman
2015-08-24 00:06 - 2015-08-24 00:36 - 00000000 ___RD C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-24 00:06 - 2015-07-10 07:04 - 00000000 __RSD C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-24 00:06 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-24 00:06 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-24 00:06 - 2015-07-10 07:04 - 00000000 ____D C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-24 00:03 - 2015-08-24 00:03 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
2015-08-24 00:03 - 2015-08-24 00:03 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-08-24 00:03 - 2015-07-30 22:45 - 00072688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-08-24 00:03 - 2015-07-30 22:45 - 00069104 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-08-24 00:02 - 2015-08-24 00:08 - 00000000 ____D C:\Program Files\Intel
2015-08-24 00:02 - 2015-08-24 00:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-08-24 00:02 - 2015-08-24 00:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-08-24 00:02 - 2015-08-24 00:02 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-08-24 00:02 - 2015-08-24 00:02 - 00000000 ____D C:\WINDOWS\system32\DAX2
2015-08-24 00:01 - 2015-08-24 00:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-08-24 00:01 - 2015-08-24 00:01 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-08-24 00:01 - 2015-08-24 00:01 - 00000000 ____D C:\Program Files\Synaptics
2015-08-24 00:01 - 2015-08-24 00:01 - 00000000 ____D C:\Program Files\Realtek
2015-08-23 23:59 - 2015-08-24 00:00 - 00032422 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-08-23 23:58 - 2015-09-14 01:21 - 00012226 _____ C:\WINDOWS\PFRO.log
2015-08-23 23:15 - 2015-08-24 00:31 - 00006626 _____ C:\WINDOWS\comsetup.log
2015-08-23 23:14 - 2015-08-24 00:33 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2015-08-23 23:14 - 2015-08-24 00:33 - 00009528 _____ C:\WINDOWS\diagerr.xml
2015-08-16 19:59 - 2015-08-24 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA3100 Smart Wizard
2015-08-16 19:59 - 2015-08-16 19:59 - 00000906 _____ C:\Users\Public\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
2015-08-16 19:59 - 2015-08-16 19:59 - 00000000 ____D C:\Users\Newman\AppData\Roaming\InstallShield
2015-08-16 19:59 - 2015-08-16 19:59 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2015-08-16 19:59 - 2010-02-03 11:21 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
2015-08-16 19:59 - 2010-02-03 11:21 - 00096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\Packet.dll
2015-08-16 19:59 - 2010-02-03 11:21 - 00053299 _____ C:\WINDOWS\SysWOW64\pthreadVC.dll
2015-08-16 19:59 - 2010-02-03 11:21 - 00047632 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2015-08-16 19:59 - 2009-11-06 08:34 - 03888128 _____ (Broadcom Corporation) C:\WINDOWS\system32\SET8F58.tmp
2015-08-16 19:59 - 2009-11-06 08:31 - 01436920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SET95D3.tmp
2015-08-16 19:59 - 2007-01-19 18:24 - 00025312 _____ (Windows ® Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\SCMNdisP.sys
2015-08-15 20:25 - 2015-08-24 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-08-15 20:25 - 2015-08-15 20:25 - 00001917 _____ C:\Users\Public\Desktop\Garmin Express.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-14 01:25 - 2014-08-11 21:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-14 01:24 - 2015-07-10 08:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-14 01:24 - 2013-09-20 21:24 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-14 01:22 - 2015-07-10 08:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-14 01:21 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-14 01:21 - 2015-07-10 05:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-14 01:20 - 2015-02-15 00:57 - 00000000 ____D C:\Users\Newman\Desktop\Old Firefox Data
2015-09-14 00:48 - 2013-09-20 21:24 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-13 19:57 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-13 19:52 - 2014-01-11 21:07 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2A4459F1-E25F-4031-B95E-666FCFF103BF}
2015-09-12 20:02 - 2015-07-10 06:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-12 19:47 - 2015-07-10 08:20 - 00236696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-12 19:44 - 2015-07-10 09:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-12 19:44 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-12 19:44 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-10 18:07 - 2014-01-11 21:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-04 09:03 - 2014-01-11 23:17 - 00000000 ___DO C:\Users\Newman\SkyDrive
2015-09-04 09:00 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-09-03 19:49 - 2014-07-22 21:40 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-29 22:43 - 2013-09-20 21:24 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 22:43 - 2013-09-20 21:24 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-28 22:17 - 2014-01-11 21:00 - 00000000 ____D C:\Users\Newman\AppData\Local\Packages
2015-08-27 19:18 - 2014-08-11 15:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-26 18:37 - 2014-01-11 21:53 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-24 23:17 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-08-24 11:35 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\appcompat
2015-08-24 03:57 - 2015-07-10 07:04 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-08-24 03:51 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-24 03:51 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-24 03:51 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-08-24 03:51 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-24 03:51 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-08-24 03:51 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-08-24 03:51 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-08-24 03:51 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-08-24 00:45 - 2015-08-05 20:54 - 00000000 ___RD C:\Users\Newman\OneDrive
2015-08-24 00:41 - 2015-07-10 08:20 - 00016460 _____ C:\WINDOWS\setupact.log
2015-08-24 00:41 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-24 00:40 - 2015-07-30 22:39 - 01804696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-08-24 00:40 - 2015-07-30 22:39 - 00618696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2015-08-24 00:40 - 2015-07-30 22:39 - 00269000 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2015-08-24 00:39 - 2015-07-30 22:39 - 00764616 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2015-08-24 00:39 - 2015-07-30 22:39 - 00042696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2015-08-24 00:38 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-08-24 00:38 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-08-24 00:38 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-08-24 00:37 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-08-24 00:32 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Registration
2015-08-24 00:30 - 2014-08-11 21:41 - 00003828 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-24 00:30 - 2014-04-20 15:50 - 00003664 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2015-08-24 00:30 - 2014-01-11 21:06 - 00003708 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1159969180-2088883839-793877200-1001
2015-08-24 00:30 - 2013-09-20 21:11 - 00003238 _____ C:\WINDOWS\System32\Tasks\Resolution+ Setting Task
2015-08-24 00:30 - 2013-09-20 21:03 - 00003100 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2015-08-24 00:30 - 2013-09-20 21:00 - 00003240 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2015-08-24 00:30 - 2013-09-20 20:46 - 00003704 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1159969180-2088883839-793877200-500
2015-08-24 00:26 - 2015-07-10 07:04 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-24 00:17 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-08-24 00:16 - 2015-07-15 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-24 00:16 - 2015-07-15 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-24 00:16 - 2015-07-10 09:11 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-08-24 00:16 - 2015-07-10 05:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-24 00:16 - 2014-10-10 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-08-24 00:16 - 2014-08-01 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-08-24 00:16 - 2014-07-22 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-24 00:16 - 2014-04-20 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-24 00:16 - 2014-01-11 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-24 00:16 - 2014-01-11 22:08 - 00000000 ____D C:\ProgramData\Trend Micro
2015-08-24 00:16 - 2013-09-20 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-24 00:16 - 2013-09-20 21:01 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2015-08-24 00:16 - 2013-09-20 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS, Inc
2015-08-24 00:16 - 2013-09-13 00:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-24 00:16 - 2013-09-13 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2015-08-24 00:15 - 2015-07-10 07:05 - 00004362 _____ C:\WINDOWS\DtcInstall.log
2015-08-24 00:15 - 2013-08-22 09:36 - 00000000 ____D C:\Users\Default.migrated
2015-08-24 00:11 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\spool
2015-08-24 00:11 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-24 00:11 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-08-24 00:11 - 2014-01-26 02:31 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-08-24 00:11 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-08-24 00:11 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-08-24 00:09 - 2015-07-10 07:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-08-24 00:09 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-24 00:09 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\InputMethod
2015-08-24 00:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-08-24 00:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-08-24 00:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-08-24 00:08 - 2015-07-10 07:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-24 00:05 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-23 23:58 - 2015-07-10 05:05 - 00000000 __RHD C:\Users\Default
2015-08-23 23:24 - 2013-09-20 21:11 - 01874284 _____ C:\WINDOWS\WindowsUpdate (1).log
2015-08-23 23:14 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-22 22:50 - 2014-01-27 22:00 - 00000000 ____D C:\Users\Newman\AppData\Local\CrashDumps
2015-08-22 00:42 - 2014-08-04 21:20 - 00047104 ___SH C:\Users\Newman\Desktop\Thumbs.db
2015-08-21 21:33 - 2014-01-11 22:15 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-16 19:59 - 2013-09-13 00:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-16 00:28 - 2015-07-15 23:53 - 00000000 ____D C:\Users\Newman\AppData\Roaming\Skype
2015-08-15 20:26 - 2014-04-20 15:50 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-08-15 20:26 - 2013-09-20 21:11 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-15 00:34 - 2013-09-13 00:40 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-15 00:26 - 2014-04-20 16:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-15 00:26 - 2014-04-20 16:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

==================== Files in the root of some directories =======

2015-07-15 18:14 - 2015-07-15 18:14 - 6420480 _____ () C:\Program Files (x86)\GUT168.tmp
2014-01-11 22:07 - 2014-01-11 22:07 - 0000036 _____ () C:\Users\Newman\AppData\Local\housecall.guid.cache
2014-10-10 19:39 - 2014-10-10 19:39 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-24 00:02 - 2015-08-24 00:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-08 03:05

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-09-2015 02
Ran by Newman (2015-09-14 01:36:19)
Running from C:\Users\Newman\Desktop
Windows 10 Home (X64) (2015-08-24 04:35:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1159969180-2088883839-793877200-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1159969180-2088883839-793877200-503 - Limited - Disabled)
Guest (S-1-5-21-1159969180-2088883839-793877200-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1159969180-2088883839-793877200-1003 - Limited - Enabled)
mlnew (S-1-5-21-1159969180-2088883839-793877200-1004 - Limited - Enabled)
Newman (S-1-5-21-1159969180-2088883839-793877200-1001 - Administrator - Enabled) => C:\Users\Newman

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BlueStacks Notification Center (HKLM-x32\...\{3C8602B0-C23B-4528-97FF-90546AD315E8}) (Version: 0.9.0.4201 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Elevated Installer (x32 Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express (HKLM-x32\...\{42f02a91-da9c-48e1-8dc5-37f4449db969}) (Version: 4.1.5.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
HP ENVY 4500 series Basic Device Software (HKLM\...\{38A08516-1847-43E4-8076-9540B60EC43B}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

24-08-2015 23:17:19 Windows Update
24-08-2015 23:17:59 Windows Update
28-08-2015 02:40:53 Windows Update
28-08-2015 02:41:50 Windows Update
31-08-2015 00:34:16 Windows Modules Installer
10-09-2015 18:01:28 Windows Update
14-09-2015 01:13:23 avast! antivirus system restore point

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0BB941A3-0BAA-46D5-83AF-27ED5810DFF1} - \Titanium BTC -> No File <==== ATTENTION
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {3100D5D4-BC12-4232-81C6-8E8E7C5B6676} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {3E18B6DC-33BF-40B8-A9F1-0E8FA3C634AF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-14] (AVAST Software)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {41415C15-CADD-4E5A-8315-CBCD3FBC4F5E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {477FE3C4-0AD9-40CA-B1F5-1E3AAAD4C2A4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {47A951FC-1232-4732-807C-DF2F6F714DCF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {4B5734D8-7F45-4BC3-AB00-ADDC419C66E6} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {59396DCA-C661-43B9-A384-245AE90CA8EC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {5E53D75B-437C-444B-9F5A-1AF762F4987A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-14] (Adobe Systems Incorporated)
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {77DE3130-9B5D-40D5-9E78-2D354FF886D2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {78450E66-0B75-4196-8CD2-5788E7E38979} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-07-29] ()
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {7BF45ED4-71E7-4380-9218-D5AC88A768EB} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {84047F62-0433-4932-ABBF-E1636AD95C10} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8D5779B4-1EE1-48F0-80CA-0DE079A30E2B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-24] (Microsoft Corporation)
Task: {8FD157D1-AF6A-4981-99A1-9D6FE6DFAE6F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {95F56AC8-3CF0-4188-BFA1-E57C2F76F0EC} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {98458778-E3CE-44B0-ABDE-E9211D87C8A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9CD7C969-0D90-4832-9588-2F52F5840C84} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-11-07] (TOSHIBA Corporation)
Task: {A0767AF2-12A7-4288-B887-9E05C3009BF6} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-24] (Synaptics Incorporated)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {BC958DFE-ECEC-4AAD-B762-FD0D9B165496} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C585364A-4AA1-4120-BCC3-979032C3FEDE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {D105DE7E-55C3-424A-BBB0-D43A6FA740EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E86645AA-FE0B-4F0F-8104-2FD8E22885C9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EB4810A6-C9F1-48AB-87FA-9B6AE2D90703} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {EE89A9F6-6280-4AF4-92FA-1774402D1737} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
Task: {F1EE4AFD-A681-4F6F-AFDB-1E197040C9DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {F916D58D-6AAA-41D0-947C-676A5A26F5AD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-24 03:49 - 2015-08-24 03:49 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-07-22 17:56 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-08-16 19:59 - 2010-08-26 17:48 - 00285152 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2015-08-28 23:30 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 23:30 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-10-21 01:18 - 2015-08-05 20:54 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-10 06:59 - 2015-07-10 06:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2015-08-16 19:59 - 2010-08-26 17:47 - 04577760 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2015-09-14 01:15 - 2015-09-14 01:15 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-14 01:15 - 2015-09-14 01:15 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-14 01:15 - 2015-09-14 01:15 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091301\algo.dll
2015-08-16 19:59 - 2010-07-09 16:38 - 00331776 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2015-08-16 19:59 - 2010-02-03 11:31 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2015-09-14 01:15 - 2015-09-14 01:15 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-20 20:52 - 2013-09-03 19:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Newman\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1159969180-2088883839-793877200-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Newman\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\1615952.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-1159969180-2088883839-793877200-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-1159969180-2088883839-793877200-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{B890F490-0B5A-496F-B795-31E5C8A14D0B}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3687DACC-87E8-4A65-B73B-E157A668B1E7}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{6B220E4C-9D5B-4FAF-99D7-997E7E6D3081}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{44CC1E1D-C0E3-404B-915E-BFE805641561}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{18CBBDFD-A536-46C2-94D3-30A6DE33BE54}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [{6E3B2D97-0C5B-42A3-9647-880193500DC2}] => (Allow) LPort=5357
FirewallRules: [{C235CD3C-3800-4135-A763-1E301D36A1CF}] => (Allow) C:\Program Files\HP\HP ENVY 4500 series\Bin\DeviceSetup.exe
FirewallRules: [{E90EEA4D-0263-489C-AA47-70D7732CBCAA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{15C0CB4A-361D-4A35-87FC-C016791629F4}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{B9C3BF78-E630-4D89-9720-1AF643361F4F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{64DE934D-CB77-4AB2-942F-FF7178F148D9}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [UDP Query User{3F497B3B-C8DD-4392-8729-F6846166A006}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [TCP Query User{56E5107C-72D6-44FA-A280-4C1A58D1EBB9}C:\games\world_of_tanks\worldoftanks.exe] => (Allow) C:\games\world_of_tanks\worldoftanks.exe
FirewallRules: [UDP Query User{D56C34F5-03C4-4EFE-8ABC-79BC1A84CB00}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [TCP Query User{A8D1C1FC-92D1-42A0-9582-A0C21ADB75F0}C:\games\world_of_tanks\wotlauncher.exe] => (Allow) C:\games\world_of_tanks\wotlauncher.exe
FirewallRules: [UDP Query User{7E719A76-8472-4859-A735-EEF7F4DA435E}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [TCP Query User{2641EDE7-FDE6-47F4-B91D-7573A9DC185B}C:\games\world_of_warplanes\wowplauncher.exe] => (Allow) C:\games\world_of_warplanes\wowplauncher.exe
FirewallRules: [{39A24803-C9E0-4291-B526-E4517CAE46FE}] => (Allow) C:\Users\Newman\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{2D0ED844-A52E-4BBC-AC70-119EB4909488}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2015 01:26:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OHub.exe, version: 16.0.6208.2350, time stamp: 0x55ef4ce2
Faulting module name: Mso30Imm.dll, version: 16.0.6125.1000, time stamp: 0x55dc751f
Exception code: 0xc0000005
Fault offset: 0x00000000000123e5
Faulting process id: 0x154c
Faulting application start time: 0xOHub.exe0
Faulting application path: OHub.exe1
Faulting module path: OHub.exe2
Report Id: OHub.exe3
Faulting package full name: OHub.exe4
Faulting package-relative application ID: OHub.exe5

Error: (09/14/2015 01:25:35 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (09/14/2015 01:21:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NEWMAN-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (09/14/2015 01:13:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (09/14/2015 12:53:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 40.0.3.5716, time stamp: 0x55ddb213
Faulting module name: mozglue.dll, version: 40.0.3.5716, time stamp: 0x55dda062
Exception code: 0x80000003
Fault offset: 0x0000e250
Faulting process id: 0xa9c0
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (09/14/2015 12:53:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: plugin-container.exe, version: 40.0.3.5716, time stamp: 0x55ddb213
Faulting module name: mozglue.dll, version: 40.0.3.5716, time stamp: 0x55dda062
Exception code: 0x80000003
Fault offset: 0x0000e250
Faulting process id: 0x1448
Faulting application start time: 0xplugin-container.exe0
Faulting application path: plugin-container.exe1
Faulting module path: plugin-container.exe2
Report Id: plugin-container.exe3
Faulting package full name: plugin-container.exe4
Faulting package-relative application ID: plugin-container.exe5

Error: (09/13/2015 07:49:17 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (09/13/2015 07:48:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Newman-PC.local already in use; will try Newman-PC-2.local instead

Error: (09/13/2015 07:48:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Newman-PC.local. Addr 192.168.0.19

Error: (09/13/2015 07:48:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.19:5353   16 Newman-PC.local. AAAA 2601:0046:C701:4B30:B4C9:2F8B:5917:6E8A


System errors:
=============
Error: (09/14/2015 01:27:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (09/14/2015 01:27:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (09/14/2015 01:27:38 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (09/14/2015 01:27:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (09/14/2015 01:27:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (09/14/2015 01:27:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (09/14/2015 01:27:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (09/14/2015 01:27:37 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (09/14/2015 01:27:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (09/14/2015 01:27:36 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office:
=========================
Error: (09/14/2015 01:26:53 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: OHub.exe16.0.6208.235055ef4ce2Mso30Imm.dll16.0.6125.100055dc751fc000000500000000000123e5154c01d0eeade8924997C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6208.23501.0_x64__8wekyb3d8bbwe\OHub.exeC:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6208.23501.0_x64__8wekyb3d8bbwe\Mso30Imm.dll418ecc15-1a81-4d49-bf8c-b0b8db39d87cMicrosoft.MicrosoftOfficeHub_17.6208.23501.0_x64__8wekyb3d8bbweMicrosoft.MicrosoftOfficeHub

Error: (09/14/2015 01:25:35 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (09/14/2015 01:21:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: NEWMAN-PC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141

Error: (09/14/2015 01:13:34 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (09/14/2015 12:53:45 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe40.0.3.571655ddb213mozglue.dll40.0.3.571655dda062800000030000e250a9c001d0eea947c30ffcC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dll44816867-2e0e-403e-80a8-b17c442fb697

Error: (09/14/2015 12:53:15 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: plugin-container.exe40.0.3.571655ddb213mozglue.dll40.0.3.571655dda062800000030000e250144801d0ee9cb3133f3bC:\Program Files (x86)\Mozilla Firefox\plugin-container.exeC:\Program Files (x86)\Mozilla Firefox\mozglue.dll11759cd2-2ef3-4c07-af11-90ef61633952

Error: (09/13/2015 07:49:17 PM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.ArgumentOutOfRangeException: Number must be either non-negative and less than or equal to Int32.MaxValue or -1.
Parameter name: dueTime
Stack Trace:
   at System.Threading.Timer..ctor(TimerCallback callback, Object state, Int32 dueTime, Int32 period)
   at System.Timers.Timer.set_Enabled(Boolean value)
   at SnappCloud.ActivationReminder.AraClient.PostInit()
   at SnappCloud.ActivationReminder.Program.Main(String[] args)

Error: (09/13/2015 07:48:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: Local Hostname Newman-PC.local already in use; will try Newman-PC-2.local instead

Error: (09/13/2015 07:48:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister    4 Newman-PC.local. Addr 192.168.0.19

Error: (09/13/2015 07:48:25 PM) (Source: Bonjour Service) (EventID: 100) (User: )
Description: mDNSCoreReceiveResponse: Received from 192.168.0.19:5353   16 Newman-PC.local. AAAA 2601:0046:C701:4B30:B4C9:2F8B:5917:6E8A


CodeIntegrity:
===================================
  Date: 2015-09-14 00:38:25.954
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-14 00:38:25.937
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-14 00:38:25.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-14 00:38:25.897
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-14 00:38:25.883
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-14 00:38:25.846
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-14 00:38:25.319
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-14 00:38:25.201
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-12 02:20:05.040
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-12 02:20:04.992
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 35%
Total physical RAM: 6023.27 MB
Available physical RAM: 3896.97 MB
Total Virtual: 6983.27 MB
Available Virtual: 4850.35 MB

==================== Drives ================================

Drive c: (TI10673200G) (Fixed) (Total:688.43 GB) (Free:582.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


Edited by billesq, 13 September 2015 - 11:53 PM.

  • 0

Advertisements


#2
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello, billesq. Welcome to Geeks to Go! My nickname is Nevan and I will be helping you getting your system back on its electronic feet.

Before we get started, please keep these things in mind:
  • Always read every part of my post carefully. If you don't, you may do something wrong and there could be more problems to solve.
  • If your security programs give you any warnings when using tools I asked you to, don't be afraid. Every tool I provide to you is 100% safe.
  • Only run tools that I ask you to. Some of them can be dangerous to your system as they have much power.
  • You should save or print my instructions. It is possible that we will be using Safe mode, which will cut you off from your internet connection and without access to them, you might be stuck.
  • Malware removal is a complicated process that takes multiple steps to be completed. Don't give up, be patient.
  • The tools we are going to use and your software may cause unwanted interactions. Because of that, I recommend you to make backups of any important files from your machine before proceeding as they might be lost.
  • I recommend you to stay with me until I tell you that we are done. It is important because when your system does not show any bad symptoms anymore it does not mean that it is 100% clean.
  • Your time to reply is limited. If you don't reply within 3 days, your topic will be closed and you will have to request it to be reopened by contacting one of Moderator group members with the link to this topic.
  • Every program I ask you to download should be saved to and run from desktop. If you don't know how to choose the direction of where a download is saved, check this site. You can also just copy these programs to your desktop manually and then run them from there.
  • Remember that the fixes I give you are only for your machine. Using it on other systems may (and probably will) cause problems.
  • Finally, if you have any questions or are unsure about something, just ask. I will not blame you for it. It is better to ask rather than regret it later.
Let's get started :)

 
Cases like this are usually caused by infected websites and usually don't do any harm to the system, and so it is here. I don't see any infections in the log, but we'll do some checks just to make sure :)

Please follow the instructions below.

Step #1
4rr98tz.png FRST Fix
  • Download attached fixlist.txt file to your desktop.
    Attached File  fixlist.txt   2.61KB   99 downloads
    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system
  • Right click FRST64.exe on your desktop and click Run as administrator.
  • Press the Fix button just once and wait.
    NOTE: It's important that both FRST64.exe and fixlist.txt are in the same location or the fix will not work.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished, FRST will generate a log on the desktop (Fixlog.txt). Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #2
INQmTSa.png Junkware Removal Tool
  • Download Junkware Removal Tool to your Desktop
  • Close any open windows
  • Disable your Antivirus program (click here if you don't know how to do this)
  • Double click JRT.exe on your desktop to run it
  • Click any button to start the scan
  • Wait for Junkware Removal Tool to finish the scan
  • When the scan is finished, JRT.txt will be saved to your desktop and it will automatically open
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
 
Step #3
LHBIenm.pngAdwCleaner
  • Download AdwCleaner to your Desktop.
  • Close any open windows
  • Double click AdwCleaner.exe on your desktop to run it
  • Click the OvD9RYN.png button
  • Wait for AdwCleaner to finish the scan
  • When the scan is finished, there will be "Pending. Please uncheck elements you don't want to remove" message. Leave everything as it is and click 5W2Ci1o.png button.
  • When the cleaning is finished, the program will ask you to reboot the system. Please do so.
  • Once your machine has rebooted, a Notepad window will be opened. If it won't, you can find it in C:\AdwCleaner. The report will be saved as AdwCleaner[C1].txt.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
EOEdyWG.png Things that should appear in your next post:
  • Fixlog.txt log content
  • JRT.txt log content
  • AdwCleaner log content

  • 0

#3
billesq

billesq

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

So far everything seems normal.  Here are the logs you requested:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:13-09-2015 02
Ran by Newman (2015-09-14 17:28:36) Run:1
Running from C:\Users\Newman\Desktop
Loaded Profiles: Newman (Available Profiles: Newman)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
CreateRestorePoint:
HKLM-x32\...\Run: [] => [X]
SearchScopes: HKU\S-1-5-21-1159969180-2088883839-793877200-1001 -> DefaultScope {D81070C9-013F-4537-8541-9ACB6A5E5310} URL =
SearchScopes: HKU\S-1-5-21-1159969180-2088883839-793877200-1001 -> {D81070C9-013F-4537-8541-9ACB6A5E5310} URL =
CHR HKLM-x32\...\Chrome\Extension: [fmgckcapmffomaifonnhgkfdgljnkpgi] - <no Path/update_url>
2015-07-15 18:14 - 2015-07-15 18:14 - 6420480 _____ () C:\Program Files (x86)\GUT168.tmp
Task: {0BB941A3-0BAA-46D5-83AF-27ED5810DFF1} - \Titanium BTC -> No File <==== ATTENTION
Task: {477FE3C4-0AD9-40CA-B1F5-1E3AAAD4C2A4} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {47A951FC-1232-4732-807C-DF2F6F714DCF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {59396DCA-C661-43B9-A384-245AE90CA8EC} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {84047F62-0433-4932-ABBF-E1636AD95C10} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8D5779B4-1EE1-48F0-80CA-0DE079A30E2B} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {8FD157D1-AF6A-4981-99A1-9D6FE6DFAE6F} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {BC958DFE-ECEC-4AAD-B762-FD0D9B165496} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {D105DE7E-55C3-424A-BBB0-D43A6FA740EA} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {E86645AA-FE0B-4F0F-8104-2FD8E22885C9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {EB4810A6-C9F1-48AB-87FA-9B6AE2D90703} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {F1EE4AFD-A681-4F6F-AFDB-1E197040C9DF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
EmptyTemp:
CMD: bitsadmin /reset /allusers
cmd: netsh advfirewall reset
cmd: netsh advfirewall set allprofiles state on
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F
Reg: Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
Reg: Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F
CMD: netsh advfirewall reset
CMD: netsh advfirewall set allprofiles state ON
CMD: ipconfig /flushdns
CMD: netsh winsock reset catalog
CMD: netsh int ip reset c:\resetlog.txt
CMD: ipconfig /release
CMD: ipconfig /renew
CMD: netsh int ipv4 reset
CMD: netsh int ipv6 reset
*****************

Processes closed successfully.
Restore point was successfully created.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1159969180-2088883839-793877200-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1159969180-2088883839-793877200-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{D81070C9-013F-4537-8541-9ACB6A5E5310}" => key removed successfully
HKCR\CLSID\{D81070C9-013F-4537-8541-9ACB6A5E5310} => key not found.
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\fmgckcapmffomaifonnhgkfdgljnkpgi" => key removed successfully
C:\Program Files (x86)\GUT168.tmp => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0BB941A3-0BAA-46D5-83AF-27ED5810DFF1}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0BB941A3-0BAA-46D5-83AF-27ED5810DFF1}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Titanium BTC => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{477FE3C4-0AD9-40CA-B1F5-1E3AAAD4C2A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{477FE3C4-0AD9-40CA-B1F5-1E3AAAD4C2A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{47A951FC-1232-4732-807C-DF2F6F714DCF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{47A951FC-1232-4732-807C-DF2F6F714DCF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{59396DCA-C661-43B9-A384-245AE90CA8EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{59396DCA-C661-43B9-A384-245AE90CA8EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{84047F62-0433-4932-ABBF-E1636AD95C10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{84047F62-0433-4932-ABBF-E1636AD95C10}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8D5779B4-1EE1-48F0-80CA-0DE079A30E2B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8D5779B4-1EE1-48F0-80CA-0DE079A30E2B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8FD157D1-AF6A-4981-99A1-9D6FE6DFAE6F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8FD157D1-AF6A-4981-99A1-9D6FE6DFAE6F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BC958DFE-ECEC-4AAD-B762-FD0D9B165496}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BC958DFE-ECEC-4AAD-B762-FD0D9B165496}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D105DE7E-55C3-424A-BBB0-D43A6FA740EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D105DE7E-55C3-424A-BBB0-D43A6FA740EA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E86645AA-FE0B-4F0F-8104-2FD8E22885C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E86645AA-FE0B-4F0F-8104-2FD8E22885C9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{EB4810A6-C9F1-48AB-87FA-9B6AE2D90703}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{EB4810A6-C9F1-48AB-87FA-9B6AE2D90703}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{F1EE4AFD-A681-4F6F-AFDB-1E197040C9DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{F1EE4AFD-A681-4F6F-AFDB-1E197040C9DF}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully

=========  bitsadmin /reset /allusers =========


BITSADMIN version 3.0 [ 7.8.10240 ]
BITS administration utility.
© Copyright 2000-2006 Microsoft Corp.

BITSAdmin is deprecated and is not guaranteed to be available in future versions of Windows.
Administrative tools for the BITS service are now provided by BITS PowerShell cmdlets.

Unable to cancel {4185B4F2-B60E-4DB4-B7BE-34AF4E827797}.
0 out of 1 jobs canceled.

========= End of CMD: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state on =========

Ok.


========= End of CMD: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\StartupApproved" /F =========

The operation completed successfully.



========= End of Reg: =========


========= Reg Delete "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

ERROR: The system was unable to find the specified registry key or value.


========= End of Reg: =========


========= Reg Add "HKLM\SOFTWARE\Microsoft\Shared Tools\MSConfig\startupreg" /F =========

The operation completed successfully.



========= End of Reg: =========


=========  netsh advfirewall reset =========

Ok.


========= End of CMD: =========


=========  netsh advfirewall set allprofiles state ON =========

Ok.


========= End of CMD: =========


=========  ipconfig /flushdns =========


Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========= End of CMD: =========


=========  netsh winsock reset catalog =========


Sucessfully reset the Winsock Catalog.
You must restart the computer in order to complete the reset.


========= End of CMD: =========


=========  netsh int ip reset c:\resetlog.txt =========

Resetting Global, OK!
Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========


=========  ipconfig /release =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi 2:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2601:46:c701:4b30:9c0:9d2:11a6:8d1f
   IPv6 Address. . . . . . . . . . . : 2601:46:c701:4b30:e246:9aff:fe12:65c4
   Temporary IPv6 Address. . . . . . : 2601:46:c701:4b30:1915:a892:bb5f:ffcc
   Link-local IPv6 Address . . . . . : fe80::9c0:9d2:11a6:8d1f%2
   Default Gateway . . . . . . . . . : fe80::210:18ff:fede:ad05%2

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:20:b39:3f57:ffec
   Link-local IPv6 Address . . . . . : fe80::20:b39:3f57:ffec%4
   Default Gateway . . . . . . . . . :

========= End of CMD: =========


=========  ipconfig /renew =========


Windows IP Configuration

No operation can be performed on Ethernet while it has its media disconnected.
No operation can be performed on Wi-Fi while it has its media disconnected.

Ethernet adapter Ethernet:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

Wireless LAN adapter Wi-Fi 2:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2601:46:c701:4b30:9c0:9d2:11a6:8d1f
   IPv6 Address. . . . . . . . . . . : 2601:46:c701:4b30:e246:9aff:fe12:65c4
   Temporary IPv6 Address. . . . . . : 2601:46:c701:4b30:1915:a892:bb5f:ffcc
   Link-local IPv6 Address . . . . . : fe80::9c0:9d2:11a6:8d1f%2
   IPv4 Address. . . . . . . . . . . : 192.168.0.19
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Default Gateway . . . . . . . . . : fe80::210:18ff:fede:ad05%2
                                       192.168.0.1

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:4b0:100f:3f57:ffec
   Link-local IPv6 Address . . . . . : fe80::4b0:100f:3f57:ffec%4
   Default Gateway . . . . . . . . . :

Tunnel adapter isatap.{0103CEBC-9CE6-4EAB-B894-39DB6F0A6809}:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :

========= End of CMD: =========


=========  netsh int ipv4 reset =========

Resetting Interface, OK!
Resetting , failed.
Access is denied.

Restart the computer to complete this action.


========= End of CMD: =========


=========  netsh int ipv6 reset =========

Resetting Interface, OK!
Resetting Neighbor, OK!
Resetting Path, OK!
Resetting , failed.
Access is denied.

Resetting , OK!
Resetting , OK!
Restart the computer to complete this action.


========= End of CMD: =========

EmptyTemp: => 1 GB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 17:31:17 ====

 

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.1 (09.08.2015:1)
OS: Windows 10 Home x64
Ran by Newman on Mon 09/14/2015 at 17:42:00.59
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




~~~ Services



~~~ Tasks



~~~ Registry Values



~~~ Registry Keys



~~~ Files



~~~ Folders



~~~ Chrome


[C:\Users\Newman\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Newman\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

[C:\Users\Newman\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Newman\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:
[]





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on Mon 09/14/2015 at 17:47:55.97
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 

# AdwCleaner v5.007 - Logfile created 14/09/2015 at 17:50:38
# Updated 08/09/2015 by Xplode
# Database : 2015-09-10.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Newman - NEWMAN-PC
# Running from : C:\Users\Newman\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [831 bytes] ##########
 


  • 0

#4
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

So far everything seems normal.

Like I said, it's probably just one-time event.

Some more checks to do. Please perform the following instructions.

Step #1
JHlUMFt.png Malwarebytes Anti-Malware

I can see that you currently have Malwarebytes Anti-Malware installed on your computer. We'll use it.
  • Launch Malwarebytes Anti-Malware
  • In Database version section, click Update Now
  • Once the update is done, click Settings>Detection and Protection
  • Make sure that all three boxes under Detection Options are checked
    vG7pLOy.png
  • Go back to Dashboard and click the big, green Scan Now button.
  • Wait for Malwarebytes Anti-Malware to finish the scan
  • If the program will detect anything, click Remove Selected. The program might want to reboot the system. Allow it it wants to.
  • Once the deletion is done (or after reboot), go to History, select Application Logs and click the latest Scan Log.
  • Click Export, then click Copy to Clipboard.
  • Paste (CTRL+V) the log into your next reply.
 
Step #2
jyv2Te8.png ESET Online Scanner
  • Note: This step can only be done using Internet Explorer, Google Chrome or Mozilla Firefox
  • Disable your Antivirus program (click here if you don't know how to do this).
  • Visit ESET site
  • Click RYa1k8g.png
  • When using:
    • Internet Explorer:
      • Accept the Terms of Use and click Start
      • Allow the running of add-on
    • Other browsers:
      • Download esetsmartinstaller_enu.exe that you'll be given link to
      • Double click esetsmartinstaller_enu.exe
      • Allow the Terms of Use and click Start
  • Make sure that the options are set as the example below:
    temh2Om.png
  • Click Start
  • The program will begin to download it's virus database. The speed may vary depending on your Internet connection.
  • When completed, the program will begin to scan. This may take several hours. Please, be patient.
  • Do not do anything on your machine as it may interrupt the scan
  • When the scan is done, click Finish
  • A log.txt file will be created at C:\Program Files (x86)\ESET\ESET Online Scanner. Open it using Notepad.
  • Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.
Remember to enable your Antivirus program once you're done!

 
Step #3
4rr98tz.pngFRST Scan
  • Right click FRST64.exe on your Desktop and click Run as administrator. When the tool opens click Yes to disclaimer.
  • Make sure that Addition.txt is checked and press the Scan button.
  • It will produce two logs - one called FRST.txt and another one called Addition.txt in the same directory the tool is run from.
  • Select all (CTRL+A) the content of the logs, copy them (CTRL+C) and paste (CTRL+V) them into your next reply.
 
EOEdyWG.png Things that should appear in your next post:
  • Malwarebytes Anti-Malware log content
  • ESET Online Scanner log content
  • FRST.txt log content
  • Addition.txt log content

  • 0

#5
billesq

billesq

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

Malwarebytes Anti-Malware
www.malwarebytes.org

Scan Date: 9/14/2015
Scan Time: 6:53 PM
Logfile:
Administrator: Yes

Version: 2.1.8.1057
Malware Database: v2015.09.14.06
Rootkit Database: v2015.08.16.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled

OS: Windows 10
CPU: x64
File System: NTFS
User: Newman

Scan Type: Threat Scan
Result: Completed
Objects Scanned: 382004
Time Elapsed: 31 min, 59 sec

Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled

Processes: 0
(No malicious items detected)

Modules: 0
(No malicious items detected)

Registry Keys: 0
(No malicious items detected)

Registry Values: 0
(No malicious items detected)

Registry Data: 0
(No malicious items detected)

Folders: 0
(No malicious items detected)

Files: 0
(No malicious items detected)

Physical Sectors: 0
(No malicious items detected)


(end)

 

[email protected] as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ac29acc142aaf5459ae88cec40e9b279
# end=init
# utc_time=2015-09-15 12:39:18
# local_time=2015-09-14 08:39:18 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 25763
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=ac29acc142aaf5459ae88cec40e9b279
# end=updated
# utc_time=2015-09-15 12:41:36
# local_time=2015-09-14 08:41:36 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=ac29acc142aaf5459ae88cec40e9b279
# engine=25763
# end=stopped
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-09-15 01:58:29
# local_time=2015-09-14 09:58:29 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1='avast! Antivirus'
# compatibility_mode=783 16777213 71 88 0 3265620 0 0
# compatibility_mode_1=''
# compatibility_mode=5893 16776574 100 94 7559 4834721 0 0
# scanned=212654
# found=0
# cleaned=0
# scan_time=4612
 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:13-09-2015 02
Ran by Newman (administrator) on NEWMAN-PC (14-09-2015 22:00:56)
Running from C:\Users\Newman\Desktop
Loaded Profiles: Newman (Available Profiles: Newman)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
(BlueStack Systems, Inc.) C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
() C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
(Hewlett-Packard) C:\Program Files (x86)\HP\HP Software Update\hpwuschd2.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
(WildTangent) C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296520 2013-09-11] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [178016 2013-08-21] (TOSHIBA Corporation)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-08-17] (TOSHIBA Corporation)
HKLM\...\Run: [HotKeysCmds] => "C:\Windows\system32\hkcmd.exe"
HKLM\...\Run: [Persistence] => "C:\Windows\system32\igfxpers.exe"
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170280 2015-07-11] (Apple Inc.)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-08-24] (Synaptics Incorporated)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [BlueStacks Agent] => C:\Program Files (x86)\BlueStacks\HD-Agent.exe [835288 2014-07-30] (BlueStack Systems, Inc.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [6111824 2015-09-14] (AVAST Software)
HKU\S-1-5-21-1159969180-2088883839-793877200-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1404248 2015-07-29] (Garmin Ltd. or its subsidiaries)
HKU\S-1-5-21-1159969180-2088883839-793877200-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31682144 2015-03-25] (Skype Technologies S.A.)
HKU\S-1-5-21-1159969180-2088883839-793877200-1001\...\Run: [OneDrive] => C:\Users\Newman\AppData\Local\Microsoft\OneDrive\OneDrive.exe [405584 2015-09-14] (Microsoft Corporation)
HKU\S-1-5-21-1159969180-2088883839-793877200-1001\...\RunOnce: [Uninstall C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1\amd64"
HKU\S-1-5-21-1159969180-2088883839-793877200-1001\...\RunOnce: [Uninstall C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5930.0814_1"
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll [2015-09-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2015-09-14] (AVAST Software)
ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-14] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\FileSyncShell.dll [2015-09-14] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WNA3100 Smart Wizard.lnk [2015-08-16]
ShortcutTarget: NETGEAR WNA3100 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{0103cebc-9ce6-4eab-b894-39db6f0a6809}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{749e0c5a-0b60-4a0c-9d04-e522aa98358f}: [DhcpNameServer] 75.75.75.75 75.75.76.76
Tcpip\..\Interfaces\{be5223c1-1540-43f9-b510-7c5a6071031d}: [DhcpNameServer] 75.75.75.75 75.75.76.76

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1159969180-2088883839-793877200-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1159969180-2088883839-793877200-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2015-09-14] (AVAST Software)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-08-11] (Microsoft Corporation)
BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2015-09-14] (AVAST Software)
DPF: HKLM-x32 {166B1BCA-3F9C-11CF-8075-444553540000} hxxp://download.macromedia.com/pub/shockwave/cabs/director/sw.cab
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-08-05] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\Newman\AppData\Roaming\Mozilla\Firefox\Profiles\omx0xtef.default-1442208028922
FF DefaultSearchEngine.US: Google
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-14] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-14] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1219160.dll [2015-07-23] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-01-06] ()
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-09-03] (Intel Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-01-14] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-29] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\1\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-06-29] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [{BBB77B49-9FF4-4d5c-8FE2-92B1D6CD696C}] - C:\Program Files\Trend Micro\AMSP\module\20013\FxExt\firefoxextension
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files\AVAST Software\Avast\WebRep\FF
FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2015-09-14]

Chrome:
=======
CHR HomePage: Default -> hxxp://tagzone/
CHR Profile: C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-07-22]
CHR Extension: (Google Drive) - C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-07-22]
CHR Extension: (YouTube) - C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-07-22]
CHR Extension: (Google Search) - C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-07-22]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-08-14]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-07-22]
CHR Extension: (Trend Micro Toolbar) - C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Extensions\ohhcpmplhhiiaoiddkfboafbhiknefdf [2014-07-22]
CHR Extension: (Gmail) - C:\Users\Newman\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-07-22]
CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2015-09-14]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [146600 2015-09-14] (AVAST Software)
S2 BstHdAndroidSvc; C:\Program Files (x86)\BlueStacks\HD-Service.exe [409304 2014-07-30] (BlueStack Systems, Inc.)
R2 BstHdLogRotatorSvc; C:\Program Files (x86)\BlueStacks\HD-LogRotatorService.exe [384728 2014-07-30] (BlueStack Systems, Inc.)
R2 BstHdUpdaterSvc; C:\Program Files (x86)\BlueStacks\HD-UpdaterService.exe [777944 2014-07-30] (BlueStack Systems, Inc.)
S2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2768472 2015-08-11] (Microsoft Corporation)
S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [19792 2013-09-10] ()
R2 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-07-22] (WildTangent)
S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [754120 2015-07-29] (Garmin Ltd. or its subsidiaries)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-07-30] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-09-03] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-09-03] (Intel Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-24] (Synaptics Incorporated)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WSWNA3100; C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe [285152 2010-08-26] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [28656 2015-09-14] (AVAST Software)
R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [90968 2015-09-14] (AVAST Software)
R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [93528 2015-09-14] (AVAST Software)
R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [65224 2015-09-14] (AVAST Software)
R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1048344 2015-09-14] (AVAST Software)
R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [447944 2015-09-14] (AVAST Software)
S2 aswStm; C:\Windows\system32\drivers\aswStm.sys [150672 2015-09-14] (AVAST Software)
R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [274808 2015-09-14] (AVAST Software)
S2 BstHdDrv; C:\Program Files (x86)\BlueStacks\HD-Hypervisor-amd64.sys [122072 2014-07-30] (BlueStack Systems)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-14] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [99288 2013-09-03] (Intel Corporation)
S3 NPF; C:\Windows\system32\DRIVERS\npf.sys [47632 2010-02-03] (CACE Technologies, Inc.)
R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-07-03] (Realsil Semiconductor Corporation)
R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3453144 2015-07-10] (Realtek Semiconductor Corporation                           )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-24] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
S0 tmel; C:\Windows\System32\DRIVERS\tmel.sys [37904 2014-01-11] (Trend Micro Inc.)
R2 tmusa; C:\Windows\system32\DRIVERS\tmusa.sys [103712 2014-01-11] (Trend Micro Inc.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-14 21:58 - 2015-09-14 21:58 - 00016148 _____ C:\WINDOWS\system32\NEWMAN-PC_Newman_HistoryPrediction.bin
2015-09-14 20:39 - 2015-09-14 20:39 - 00000000 ____D C:\Program Files (x86)\ESET
2015-09-14 20:38 - 2015-09-14 20:39 - 02870984 _____ (ESET) C:\Users\Newman\Desktop\esetsmartinstaller_enu.exe
2015-09-14 17:56 - 2015-09-14 17:50 - 00000909 _____ C:\Users\Newman\Desktop\AdwCleaner[C1].txt
2015-09-14 17:49 - 2015-09-14 17:50 - 00000000 ____D C:\AdwCleaner
2015-09-14 17:49 - 2015-09-14 17:49 - 01660416 _____ C:\Users\Newman\Desktop\AdwCleaner.exe
2015-09-14 17:47 - 2015-09-14 17:47 - 00001069 _____ C:\Users\Newman\Desktop\JRT.txt
2015-09-14 17:39 - 2015-09-14 17:41 - 01800104 _____ (Malwarebytes Corporation) C:\Users\Newman\Desktop\JRT.exe
2015-09-14 01:36 - 2015-09-14 01:36 - 00045599 _____ C:\Users\Newman\Desktop\Addition.txt
2015-09-14 01:35 - 2015-09-14 22:01 - 00020382 _____ C:\Users\Newman\Desktop\FRST.txt
2015-09-14 01:34 - 2015-09-14 22:00 - 00000000 ____D C:\FRST
2015-09-14 01:34 - 2015-09-14 01:34 - 02190848 _____ (Farbar) C:\Users\Newman\Desktop\FRST64.exe
2015-09-14 01:33 - 2015-09-14 01:33 - 02190848 _____ (Farbar) C:\Users\Newman\Downloads\FRST64.exe
2015-09-14 01:27 - 2015-09-14 20:33 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-14 01:27 - 2015-09-14 01:27 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Newman\Downloads\mbam-setup-2.1.8.1057.exe
2015-09-14 01:27 - 2015-09-14 01:27 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-09-14 01:27 - 2015-09-14 01:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-09-14 01:27 - 2015-09-14 01:27 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-09-14 01:27 - 2015-09-14 01:27 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-09-14 01:27 - 2015-06-18 08:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-09-14 01:27 - 2015-06-18 08:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-09-14 01:27 - 2015-06-18 08:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys
2015-09-14 01:16 - 2015-09-14 01:16 - 00000000 ____D C:\Users\Newman\AppData\Roaming\AVAST Software
2015-09-14 01:15 - 2015-09-14 01:15 - 01048344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
2015-09-14 01:15 - 2015-09-14 01:15 - 00447944 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswSP.sys
2015-09-14 01:15 - 2015-09-14 01:15 - 00378880 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
2015-09-14 01:15 - 2015-09-14 01:15 - 00274808 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswVmm.sys
2015-09-14 01:15 - 2015-09-14 01:15 - 00150672 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
2015-09-14 01:15 - 2015-09-14 01:15 - 00093528 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
2015-09-14 01:15 - 2015-09-14 01:15 - 00090968 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswMonFlt.sys
2015-09-14 01:15 - 2015-09-14 01:15 - 00065224 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
2015-09-14 01:15 - 2015-09-14 01:15 - 00043112 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
2015-09-14 01:15 - 2015-09-14 01:15 - 00028656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
2015-09-14 01:15 - 2015-09-14 01:15 - 00004006 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
2015-09-14 01:15 - 2015-09-14 01:15 - 00001978 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
2015-09-14 01:15 - 2015-09-14 01:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVAST Software
2015-09-14 01:13 - 2015-09-14 01:13 - 00000000 ____D C:\Program Files\AVAST Software
2015-09-14 01:12 - 2015-09-14 01:13 - 00000000 ____D C:\ProgramData\AVAST Software
2015-09-12 19:36 - 2015-09-12 19:37 - 00285248 _____ C:\WINDOWS\Minidump\091215-47328-01.dmp
2015-09-08 21:40 - 2015-09-01 21:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-08 21:40 - 2015-09-01 20:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-08 21:40 - 2015-09-01 20:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-08 21:40 - 2015-08-27 02:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-08 21:40 - 2015-08-27 02:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-08 21:40 - 2015-08-27 02:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-08 21:40 - 2015-08-27 01:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-08 21:40 - 2015-08-27 01:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-08 21:40 - 2015-08-27 01:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-08 21:40 - 2015-08-27 01:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-08 21:40 - 2015-08-27 01:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-08 21:40 - 2015-08-27 01:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-08 21:40 - 2015-08-27 01:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-08 21:40 - 2015-08-27 01:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-08 21:40 - 2015-08-27 01:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-08 21:40 - 2015-08-27 01:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-08 21:40 - 2015-08-27 01:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-08 21:40 - 2015-08-27 01:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-08 21:40 - 2015-08-27 01:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-08 21:40 - 2015-08-27 01:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-08 21:40 - 2015-08-27 01:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-08 21:40 - 2015-08-27 01:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-08 21:40 - 2015-08-27 01:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-08 21:40 - 2015-08-27 01:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-08 21:40 - 2015-08-27 01:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-08 21:40 - 2015-08-27 01:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-08 21:40 - 2015-08-27 01:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-08 21:40 - 2015-08-27 01:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-08 21:40 - 2015-08-27 01:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-08 21:40 - 2015-08-27 01:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-08 21:40 - 2015-08-27 01:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-08 21:40 - 2015-08-27 01:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-09-01 23:03 - 2015-09-14 21:25 - 00008918 _____ C:\Users\Newman\Desktop\account balance.xlsx
2015-08-31 15:11 - 2015-08-31 15:12 - 00000000 ____D C:\Users\Newman\AppData\Local\MicrosoftEdge
2015-08-28 23:31 - 2015-08-20 02:02 - 22324656 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-28 23:30 - 2015-08-20 02:07 - 08019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-28 23:30 - 2015-08-20 02:06 - 00609592 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-28 23:30 - 2015-08-20 01:26 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-28 23:30 - 2015-08-20 01:21 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-28 23:30 - 2015-08-20 01:16 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-28 23:30 - 2015-08-20 01:13 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-28 23:30 - 2015-08-18 03:56 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 23:30 - 2015-08-18 03:55 - 00373072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBXHCI.SYS
2015-08-28 23:30 - 2015-08-18 03:54 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-28 23:30 - 2015-08-18 03:27 - 01771592 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-28 23:30 - 2015-08-18 03:24 - 00963920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-28 23:30 - 2015-08-18 03:13 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\system32\WlanMediaManager.dll
2015-08-28 23:30 - 2015-08-18 03:13 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2015-08-28 23:30 - 2015-08-18 03:12 - 02225664 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-28 23:30 - 2015-08-18 03:07 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-08-28 23:30 - 2015-08-18 03:04 - 01234944 _____ (Microsoft Corporation) C:\WINDOWS\system32\aitstatic.exe
2015-08-28 23:30 - 2015-08-18 03:04 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-28 23:30 - 2015-08-18 02:59 - 01294336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcnwiz.dll
2015-08-28 23:30 - 2015-08-18 02:59 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnApi.dll
2015-08-28 23:30 - 2015-08-18 02:58 - 00187392 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-08-28 23:30 - 2015-08-18 02:58 - 00117760 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafWCN.dll
2015-08-28 23:30 - 2015-08-18 02:58 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWCN.dll
2015-08-28 23:30 - 2015-08-18 02:58 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnNetsh.dll
2015-08-28 23:30 - 2015-08-18 02:57 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2015-08-28 23:30 - 2015-08-18 02:56 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BthRadioMedia.dll
2015-08-28 23:30 - 2015-08-18 02:55 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-28 23:30 - 2015-08-18 02:54 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2015-08-28 23:30 - 2015-08-18 02:54 - 00247296 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-28 23:30 - 2015-08-18 02:52 - 01888768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-28 23:30 - 2015-08-18 02:50 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-28 23:30 - 2015-08-18 02:49 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-28 23:30 - 2015-08-18 02:49 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2015-08-28 23:30 - 2015-08-18 02:49 - 00246272 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2015-08-28 23:30 - 2015-08-18 02:36 - 01226752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wcnwiz.dll
2015-08-28 23:30 - 2015-08-18 02:35 - 00100352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WcnApi.dll
2015-08-28 23:30 - 2015-08-18 02:35 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fdWCN.dll
2015-08-28 23:30 - 2015-08-18 02:34 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfdprov.dll
2015-08-28 23:30 - 2015-08-18 02:29 - 01593344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-28 23:30 - 2015-08-18 02:26 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2015-08-28 23:30 - 2015-08-18 00:44 - 00008847 _____ C:\WINDOWS\system32\ResPriHMImageList
2015-08-27 14:24 - 2015-08-27 19:18 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-08-25 23:38 - 2015-09-12 19:36 - 1036474134 _____ C:\WINDOWS\MEMORY.DMP
2015-08-25 23:38 - 2015-08-25 23:38 - 00285248 _____ C:\WINDOWS\Minidump\082515-49515-01.dmp
2015-08-25 23:38 - 2015-08-25 23:38 - 00000000 ____D C:\WINDOWS\Minidump
2015-08-24 11:33 - 2015-08-24 11:33 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-08-24 03:57 - 2015-08-24 00:38 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-24 03:51 - 2015-08-24 03:51 - 00000000 ____D C:\Windows.old
2015-08-24 03:50 - 2015-08-24 03:50 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 06305792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 05076480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 04760576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 04398080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 04350464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 04048808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 03687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 03362816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02741760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 01916928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01820672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01562968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01561872 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 01411072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-08-24 03:50 - 2015-08-24 03:50 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01178112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 01135312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 01106432 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01087296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-08-24 03:50 - 2015-08-24 03:50 - 00996352 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00993104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-08-24 03:50 - 2015-08-24 03:50 - 00934752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00918320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00893440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApiPublic.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00778752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00750592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00695136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApiPublic.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00642560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efscore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00586752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00563200 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00521568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00505344 _____ C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00425824 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00413184 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00404480 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00292856 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00274432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00243800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 00235520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00159744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPermissions.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeParserTask.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00082616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFrameworkInternalPS.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00061280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-24 03:50 - 2015-08-24 03:50 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringclient.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tetheringclient.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuautoappupdate.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-08-24 03:50 - 2015-08-24 03:50 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-08-24 03:49 - 2015-08-24 03:50 - 07051264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 16706560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 13024768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 06488312 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 05118024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 04611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 03527168 _____ (Microsoft Corporation) C:\WINDOWS\system32\tquery.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02748416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tquery.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02606080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02207744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02112512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01591856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01365072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 01101792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00966424 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00902656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-08-24 03:49 - 2015-08-24 03:49 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00823336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00808856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00762896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-08-24 03:49 - 2015-08-24 03:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-24 03:49 - 2015-08-24 03:49 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00554744 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-24 03:49 - 2015-08-24 03:49 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00454000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00442208 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storport.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchProtocolHost.exe
2015-08-24 03:49 - 2015-08-24 03:49 - 00335248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00325984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00290312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-08-24 03:49 - 2015-08-24 03:49 - 00280576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchProtocolHost.exe
2015-08-24 03:49 - 2015-08-24 03:49 - 00265480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00186368 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00080720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\stornvme.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2015-08-24 03:49 - 2015-08-24 03:49 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00032768 _____ C:\WINDOWS\system32\LicenseManagerApi.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-08-24 03:49 - 2015-08-24 03:49 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-08-24 03:43 - 2015-08-24 03:43 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-08-24 03:40 - 2015-08-24 03:40 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-24 03:40 - 2015-08-24 03:40 - 00000000 ____D C:\Program Files\MSBuild
2015-08-24 03:40 - 2015-08-24 03:40 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-08-24 03:40 - 2015-08-24 03:40 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-24 03:39 - 2015-06-17 22:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-08-24 03:39 - 2015-06-17 22:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-24 03:39 - 2015-06-17 22:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-08-24 03:39 - 2015-05-30 01:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-08-24 03:39 - 2015-05-30 01:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-24 03:39 - 2015-05-30 01:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-08-24 02:51 - 2015-08-24 02:51 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-08-24 00:45 - 2015-09-14 20:35 - 00002388 _____ C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-24 00:40 - 2015-08-24 00:40 - 00254152 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo33.dll
2015-08-24 00:39 - 2015-08-24 00:39 - 00420040 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2015-08-24 00:39 - 2015-08-24 00:39 - 00042696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2015-08-24 00:39 - 2015-08-24 00:39 - 00042184 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys
2015-08-24 00:39 - 2015-08-24 00:39 - 00000000 ____D C:\Users\Newman\AppData\Local\Publishers
2015-08-24 00:38 - 2015-08-24 00:38 - 00000000 ____D C:\Users\Newman\AppData\Local\NetworkTiles
2015-08-24 00:37 - 2015-09-02 21:42 - 00000000 ____D C:\Users\Newman\AppData\Local\Comms
2015-08-24 00:37 - 2015-08-24 00:37 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-08-24 00:36 - 2015-08-24 00:36 - 00000000 ____D C:\Users\Newman\AppData\Local\TileDataLayer
2015-08-24 00:35 - 2015-08-24 00:35 - 00000020 ___SH C:\Users\Newman\ntuser.ini
2015-08-24 00:34 - 2015-08-24 00:34 - 00000000 __SHD C:\Recovery
2015-08-24 00:31 - 2015-08-24 00:31 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-08-24 00:26 - 2015-09-12 19:54 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-24 00:20 - 2015-07-10 06:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-08-24 00:15 - 2015-08-24 00:15 - 00000000 ____D C:\Users\Default\AppData\Roaming\Garmin
2015-08-24 00:15 - 2015-08-24 00:15 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2015-08-24 00:15 - 2015-08-24 00:15 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Garmin
2015-08-24 00:15 - 2015-08-24 00:15 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2015-08-24 00:14 - 2015-08-24 00:14 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-24 00:08 - 2015-08-24 00:08 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-08-24 00:06 - 2015-09-14 20:33 - 00000000 ____D C:\Users\Newman
2015-08-24 00:06 - 2015-08-24 00:36 - 00000000 ___RD C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-24 00:06 - 2015-07-10 07:04 - 00000000 __RSD C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-24 00:06 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-24 00:06 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-24 00:06 - 2015-07-10 07:04 - 00000000 ____D C:\Users\Newman\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-24 00:03 - 2015-08-24 00:03 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_bcmwlhigh664_01009.Wdf
2015-08-24 00:03 - 2015-08-24 00:03 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-08-24 00:03 - 2015-07-30 22:45 - 00072688 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-08-24 00:03 - 2015-07-30 22:45 - 00069104 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-08-24 00:02 - 2015-08-24 00:08 - 00000000 ____D C:\Program Files\Intel
2015-08-24 00:02 - 2015-08-24 00:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_TeeDriverx64_01011.Wdf
2015-08-24 00:02 - 2015-08-24 00:02 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-08-24 00:02 - 2015-08-24 00:02 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-08-24 00:02 - 2015-08-24 00:02 - 00000000 ____D C:\WINDOWS\system32\DAX2
2015-08-24 00:01 - 2015-08-24 00:01 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-08-24 00:01 - 2015-08-24 00:01 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-08-24 00:01 - 2015-08-24 00:01 - 00000000 ____D C:\Program Files\Synaptics
2015-08-24 00:01 - 2015-08-24 00:01 - 00000000 ____D C:\Program Files\Realtek
2015-08-23 23:59 - 2015-08-24 00:00 - 00032422 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-08-23 23:58 - 2015-09-14 17:32 - 00013166 _____ C:\WINDOWS\PFRO.log
2015-08-23 23:15 - 2015-08-24 00:31 - 00006626 _____ C:\WINDOWS\comsetup.log
2015-08-23 23:14 - 2015-08-24 00:33 - 00009528 _____ C:\WINDOWS\diagwrn.xml
2015-08-23 23:14 - 2015-08-24 00:33 - 00009528 _____ C:\WINDOWS\diagerr.xml
2015-08-16 19:59 - 2015-08-24 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WNA3100 Smart Wizard
2015-08-16 19:59 - 2015-08-16 19:59 - 00000906 _____ C:\Users\Public\Desktop\NETGEAR WNA3100 Smart Wizard.lnk
2015-08-16 19:59 - 2015-08-16 19:59 - 00000000 ____D C:\Users\Newman\AppData\Roaming\InstallShield
2015-08-16 19:59 - 2015-08-16 19:59 - 00000000 ____D C:\Program Files (x86)\NETGEAR
2015-08-16 19:59 - 2010-02-03 11:21 - 00281104 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\wpcap.dll
2015-08-16 19:59 - 2010-02-03 11:21 - 00096784 _____ (CACE Technologies, Inc.) C:\WINDOWS\SysWOW64\Packet.dll
2015-08-16 19:59 - 2010-02-03 11:21 - 00053299 _____ C:\WINDOWS\SysWOW64\pthreadVC.dll
2015-08-16 19:59 - 2010-02-03 11:21 - 00047632 _____ (CACE Technologies, Inc.) C:\WINDOWS\system32\Drivers\npf.sys
2015-08-16 19:59 - 2009-11-06 08:34 - 03888128 _____ (Broadcom Corporation) C:\WINDOWS\system32\SET8F58.tmp
2015-08-16 19:59 - 2009-11-06 08:31 - 01436920 _____ (Microsoft Corporation) C:\WINDOWS\system32\SET95D3.tmp
2015-08-16 19:59 - 2007-01-19 18:24 - 00025312 _____ (Windows ® Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\SCMNdisP.sys
2015-08-15 20:25 - 2015-08-24 00:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Garmin
2015-08-15 20:25 - 2015-08-15 20:25 - 00001917 _____ C:\Users\Public\Desktop\Garmin Express.lnk

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-09-14 21:48 - 2013-09-20 21:24 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-09-14 21:33 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-09-14 21:25 - 2014-08-11 21:41 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-09-14 20:51 - 2014-01-11 22:15 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-09-14 20:35 - 2014-01-11 23:17 - 00000000 __RDO C:\Users\Newman\SkyDrive
2015-09-14 20:34 - 2015-07-10 08:22 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-09-14 20:33 - 2013-09-20 21:24 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-09-14 20:32 - 2015-07-10 08:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-09-14 17:51 - 2015-07-10 05:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-09-14 17:38 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-09-14 08:41 - 2014-01-11 21:07 - 00004156 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{2A4459F1-E25F-4031-B95E-666FCFF103BF}
2015-09-14 01:20 - 2015-02-15 00:57 - 00000000 ____D C:\Users\Newman\Desktop\Old Firefox Data
2015-09-12 20:02 - 2015-07-10 06:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-09-12 19:47 - 2015-07-10 08:20 - 00236696 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-12 19:44 - 2015-07-10 09:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-12 19:44 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-09-12 19:44 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-10 18:07 - 2014-01-11 21:53 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-04 09:00 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-09-03 19:49 - 2014-07-22 21:40 - 00002271 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-08-29 22:43 - 2013-09-20 21:24 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-29 22:43 - 2013-09-20 21:24 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-28 22:17 - 2014-01-11 21:00 - 00000000 ____D C:\Users\Newman\AppData\Local\Packages
2015-08-27 19:18 - 2014-08-11 15:19 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-08-26 18:37 - 2014-01-11 21:53 - 134753440 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-24 23:17 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-08-24 11:35 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\appcompat
2015-08-24 03:57 - 2015-07-10 07:04 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-08-24 03:51 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-24 03:51 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-24 03:51 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-08-24 03:51 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-24 03:51 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-08-24 03:51 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-08-24 03:51 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-08-24 03:51 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-08-24 00:45 - 2015-08-05 20:54 - 00000000 ___RD C:\Users\Newman\OneDrive
2015-08-24 00:41 - 2015-07-10 08:20 - 00016460 _____ C:\WINDOWS\setupact.log
2015-08-24 00:41 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-24 00:40 - 2015-07-30 22:39 - 01804696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-08-24 00:40 - 2015-07-30 22:39 - 00618696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2015-08-24 00:40 - 2015-07-30 22:39 - 00269000 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2015-08-24 00:39 - 2015-07-30 22:39 - 00764616 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2015-08-24 00:39 - 2015-07-30 22:39 - 00042696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2015-08-24 00:38 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-08-24 00:38 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-08-24 00:38 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-08-24 00:37 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-08-24 00:32 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Registration
2015-08-24 00:30 - 2014-08-11 21:41 - 00003828 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player Updater
2015-08-24 00:30 - 2014-04-20 15:50 - 00003664 _____ C:\WINDOWS\System32\Tasks\GarminUpdaterTask
2015-08-24 00:30 - 2014-01-11 21:06 - 00003708 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1159969180-2088883839-793877200-1001
2015-08-24 00:30 - 2013-09-20 21:11 - 00003238 _____ C:\WINDOWS\System32\Tasks\Resolution+ Setting Task
2015-08-24 00:30 - 2013-09-20 21:03 - 00003100 _____ C:\WINDOWS\System32\Tasks\Synaptics TouchPad Enhancements
2015-08-24 00:30 - 2013-09-20 21:00 - 00003240 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2015-08-24 00:30 - 2013-09-20 20:46 - 00003704 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1159969180-2088883839-793877200-500
2015-08-24 00:26 - 2015-07-10 07:04 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-24 00:17 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-08-24 00:16 - 2015-07-15 23:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-24 00:16 - 2015-07-15 22:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-24 00:16 - 2015-07-10 09:11 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-08-24 00:16 - 2015-07-10 05:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-24 00:16 - 2014-10-10 19:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-08-24 00:16 - 2014-08-01 17:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\BlueStacks
2015-08-24 00:16 - 2014-07-22 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-24 00:16 - 2014-04-20 16:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-24 00:16 - 2014-01-11 22:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-24 00:16 - 2014-01-11 22:08 - 00000000 ____D C:\ProgramData\Trend Micro
2015-08-24 00:16 - 2013-09-20 21:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2015-08-24 00:16 - 2013-09-20 21:01 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e
2015-08-24 00:16 - 2013-09-20 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DTS, Inc
2015-08-24 00:16 - 2013-09-13 00:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-08-24 00:16 - 2013-09-13 00:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TOSHIBA
2015-08-24 00:15 - 2015-07-10 07:05 - 00004362 _____ C:\WINDOWS\DtcInstall.log
2015-08-24 00:15 - 2013-08-22 09:36 - 00000000 ____D C:\Users\Default.migrated
2015-08-24 00:11 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\spool
2015-08-24 00:11 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-24 00:11 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-08-24 00:11 - 2014-01-26 02:31 - 00000000 ____D C:\WINDOWS\SysWOW64\Adobe
2015-08-24 00:11 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-08-24 00:11 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-08-24 00:09 - 2015-07-10 07:04 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-08-24 00:09 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-24 00:09 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\InputMethod
2015-08-24 00:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-08-24 00:09 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-08-24 00:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-08-24 00:08 - 2015-07-10 07:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-24 00:05 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-23 23:58 - 2015-07-10 05:05 - 00000000 __RHD C:\Users\Default
2015-08-23 23:24 - 2013-09-20 21:11 - 01874284 _____ C:\WINDOWS\WindowsUpdate (1).log
2015-08-23 23:14 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-22 22:50 - 2014-01-27 22:00 - 00000000 ____D C:\Users\Newman\AppData\Local\CrashDumps
2015-08-22 00:42 - 2014-08-04 21:20 - 00047104 ___SH C:\Users\Newman\Desktop\Thumbs.db
2015-08-16 19:59 - 2013-09-13 00:41 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-08-16 00:28 - 2015-07-15 23:53 - 00000000 ____D C:\Users\Newman\AppData\Roaming\Skype
2015-08-15 20:26 - 2014-04-20 15:50 - 00000000 ____D C:\Program Files (x86)\Garmin
2015-08-15 20:26 - 2013-09-20 21:11 - 00000000 ____D C:\ProgramData\Package Cache
2015-08-15 00:34 - 2013-09-13 00:40 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-15 00:26 - 2014-04-20 16:38 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-15 00:26 - 2014-04-20 16:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight

==================== Files in the root of some directories =======

2014-01-11 22:07 - 2014-01-11 22:07 - 0000036 _____ () C:\Users\Newman\AppData\Local\housecall.guid.cache
2014-10-10 19:39 - 2014-10-10 19:39 - 0000057 _____ () C:\ProgramData\Ament.ini
2015-08-24 00:02 - 2015-08-24 00:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-08 03:05

==================== End of FRST.txt ============================

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:13-09-2015 02
Ran by Newman (2015-09-14 22:02:27)
Running from C:\Users\Newman\Desktop
Windows 10 Home (X64) (2015-08-24 04:35:06)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1159969180-2088883839-793877200-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1159969180-2088883839-793877200-503 - Limited - Disabled)
Guest (S-1-5-21-1159969180-2088883839-793877200-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1159969180-2088883839-793877200-1003 - Limited - Enabled)
mlnew (S-1-5-21-1159969180-2088883839-793877200-1004 - Limited - Enabled)
Newman (S-1-5-21-1159969180-2088883839-793877200-1001 - Administrator - Enabled) => C:\Users\Newman

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: avast! Antivirus (Disabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: avast! Antivirus (Disabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.03)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.03 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.12) (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AB0000000001}) (Version: 11.0.12 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.9.160 - Adobe Systems, Inc.)
ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 10.3.2225 - AVAST Software)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
BlueStacks Notification Center (HKLM-x32\...\{3C8602B0-C23B-4528-97FF-90546AD315E8}) (Version: 0.9.0.4201 - BlueStack Systems, Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{AF312B06-5C5C-468E-89B3-BE6DE2645722}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{0A4EF0E6-A912-4CDE-A7F3-6E56E7C13A2F}) (Version: 1.1.6 - Cisco Systems, Inc.)
DTS Sound (HKLM-x32\...\{2DFA9084-CEB3-4A48-B9F7-9038FEF1B8F4}) (Version: 1.01.2700 - DTS, Inc.)
Elevated Installer (x32 Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
Garmin Express (HKLM-x32\...\{42f02a91-da9c-48e1-8dc5-37f4449db969}) (Version: 4.1.5.0 - Garmin Ltd or its subsidiaries)
Garmin Express (x32 Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden
Garmin Express Tray (x32 Version: 4.1.5.0 - Garmin Ltd or its subsidiaries) Hidden
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 45.0.2454.85 - Google Inc.)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.25.5 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.13 - Google Inc.) Hidden
HP ENVY 4500 series Basic Device Software (HKLM\...\{38A08516-1847-43E4-8076-9540B60EC43B}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)
HP ENVY 4500 series Help (HKLM-x32\...\{95BECC50-22B4-4FCA-8A2E-BF77713E6D3A}) (Version: 30.0.0 - Hewlett Packard)
HP FWUpdateEDO2 (HKLM-x32\...\{415FA9AD-DA10-4ABE-97B6-5051D4795C90}) (Version: 1.2.0.0 - Hewlett-Packard)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.14.1724 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3308 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.0.1016 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4753.1002 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Mozilla Firefox 40.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 40.0.3 (x86 en-US)) (Version: 40.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 40.0.3.5716 - Mozilla)
NETGEAR WNA3100 wireless USB 2.0 adapter (HKLM-x32\...\{C2425F91-1F7B-4037-9A05-9F290184798D}) (Version: 1.01.206 - NETGEAR)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39052 - Realtek Semiconductor Corp.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
REALTEK Wireless LAN Driver (HKLM-x32\...\InstallShield_{95F38874-065A-40AB-AFC1-B764B192FFE7}) (Version: 2.00.0002 - REALTEK Semiconductor Corp.)
REALTEK Wireless LAN Driver (x32 Version: 2.00.0002 - REALTEK Semiconductor Corp.) Hidden
Skype™ 7.3 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.3.101 - Skype Technologies S.A.)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM\...\{21A63CA3-75C0-4E56-B602-B7CD2EF6B621}) (Version: 9.0.2.4 - Toshiba Corporation)
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.17.0 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.2.0.6404 - Toshiba Corporation)
TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.1.0002.6401 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.1.0.14 - Toshiba Corporation)
TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.9.3 - TOSHIBA)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.1.02.55065006 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{FBFCEEA5-96EA-4C8E-9262-43CBBEBAE413}) (Version: 2.6.8 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{A74C9CC1-2211-4A75-A688-6F7CFE2C2B12}) (Version: 1.00.02 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0032 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.1.2.32001 - Toshiba Corporation)
TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)
TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.27.102 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.6 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.11.2 - WildTangent) Hidden
Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)
Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB  (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)
World of Tanks (HKLM-x32\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C812NA}_is1) (Version:  - Wargaming.net)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1159969180-2088883839-793877200-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Newman\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

24-08-2015 23:17:19 Windows Update
24-08-2015 23:17:59 Windows Update
28-08-2015 02:40:53 Windows Update
28-08-2015 02:41:50 Windows Update
31-08-2015 00:34:16 Windows Modules Installer
10-09-2015 18:01:28 Windows Update
14-09-2015 01:13:23 avast! antivirus system restore point
14-09-2015 17:28:43 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {3E18B6DC-33BF-40B8-A9F1-0E8FA3C634AF} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2015-09-14] (AVAST Software)
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {41415C15-CADD-4E5A-8315-CBCD3FBC4F5E} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {4B5734D8-7F45-4BC3-AB00-ADDC419C66E6} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {5E53D75B-437C-444B-9F5A-1AF762F4987A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-14] (Adobe Systems Incorporated)
Task: {6E65DD0D-6A96-4618-8ABB-5CB3A88A131E} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-08-11] (Microsoft Corporation)
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78450E66-0B75-4196-8CD2-5788E7E38979} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-07-29] ()
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {7BF45ED4-71E7-4380-9218-D5AC88A768EB} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.9.0.14\SymErr.exe
Task: {82545DBE-0161-4C70-8B4E-048AA1CB5CC4} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-08-11] (Microsoft Corporation)
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-24] (Microsoft Corporation)
Task: {95F56AC8-3CF0-4188-BFA1-E57C2F76F0EC} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-07-31] (TOSHIBA Corporation)
Task: {98458778-E3CE-44B0-ABDE-E9211D87C8A4} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {9CD7C969-0D90-4832-9588-2F52F5840C84} - System32\Tasks\Resolution+ Setting Task => C:\Program Files\Toshiba\TOSHIBA Smart View Utility\Plugins\ResolutionPlus\TosRegPermissionChg.exe [2013-11-07] (TOSHIBA Corporation)
Task: {A0767AF2-12A7-4288-B887-9E05C3009BF6} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-24] (Synaptics Incorporated)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C585364A-4AA1-4120-BCC3-979032C3FEDE} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {EE89A9F6-6280-4AF4-92FA-1774402D1737} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-06-24] (Realtek Semiconductor)
Task: {F916D58D-6AAA-41D0-947C-676A5A26F5AD} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-24 03:49 - 2015-08-24 03:49 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-16 19:59 - 2010-08-26 17:48 - 00285152 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvc.exe
2015-08-28 23:30 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 23:30 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-09-14 20:50 - 2015-08-11 23:15 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-07-10 06:59 - 2015-07-10 06:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-08-24 03:50 - 2015-08-24 03:50 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2012-07-18 19:38 - 2012-07-18 19:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2015-08-16 19:59 - 2010-08-26 17:47 - 04577760 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WNA3100.exe
2015-09-14 01:15 - 2015-09-14 01:15 - 00102864 _____ () C:\Program Files\AVAST Software\Avast\log.dll
2015-09-14 01:15 - 2015-09-14 01:15 - 00123976 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
2015-09-14 17:34 - 2015-09-14 17:34 - 02962944 _____ () C:\Program Files\AVAST Software\Avast\defs\15091401\algo.dll
2015-08-16 19:59 - 2010-07-09 16:38 - 00331776 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiLib.dll
2015-08-16 19:59 - 2010-02-03 11:31 - 00282624 _____ () C:\Program Files (x86)\NETGEAR\WNA3100\WifiSvcLib.dll
2015-09-14 01:15 - 2015-09-14 01:15 - 40540672 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
2013-09-20 20:52 - 2013-09-03 19:52 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Newman\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1159969180-2088883839-793877200-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Newman\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\1615952.jpg
DNS Servers: 75.75.75.75 - 75.75.76.76
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "BlueStacks Agent"
HKU\S-1-5-21-1159969180-2088883839-793877200-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"
HKU\S-1-5-21-1159969180-2088883839-793877200-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (09/14/2015 09:59:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (09/14/2015 09:24:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OfficeClickToRun.exe, version: 15.0.4753.1000, time stamp: 0x55ca8b0c
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000374
Fault offset: 0x00000000000ea28c
Faulting process id: 0x1994
Faulting application start time: 0xOfficeClickToRun.exe0
Faulting application path: OfficeClickToRun.exe1
Faulting module path: OfficeClickToRun.exe2
Report Id: OfficeClickToRun.exe3
Faulting package full name: OfficeClickToRun.exe4
Faulting package-relative application ID: OfficeClickToRun.exe5

Error: (09/14/2015 08:51:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OfficeClickToRun.exe, version: 15.0.4753.1000, time stamp: 0x55ca8b0c
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000374
Fault offset: 0x00000000000ea28c
Faulting process id: 0x1d94
Faulting application start time: 0xOfficeClickToRun.exe0
Faulting application path: OfficeClickToRun.exe1
Faulting module path: OfficeClickToRun.exe2
Report Id: OfficeClickToRun.exe3
Faulting package full name: OfficeClickToRun.exe4
Faulting package-relative application ID: OfficeClickToRun.exe5

Error: (09/14/2015 08:51:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OfficeClickToRun.exe, version: 15.0.4753.1000, time stamp: 0x55ca8b0c
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000374
Fault offset: 0x00000000000ea28c
Faulting process id: 0x1e30
Faulting application start time: 0xOfficeClickToRun.exe0
Faulting application path: OfficeClickToRun.exe1
Faulting module path: OfficeClickToRun.exe2
Report Id: OfficeClickToRun.exe3
Faulting package full name: OfficeClickToRun.exe4
Faulting package-relative application ID: OfficeClickToRun.exe5

Error: (09/14/2015 08:51:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OfficeClickToRun.exe, version: 15.0.4753.1000, time stamp: 0x55ca8b0c
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000374
Fault offset: 0x00000000000ea28c
Faulting process id: 0xf8c
Faulting application start time: 0xOfficeClickToRun.exe0
Faulting application path: OfficeClickToRun.exe1
Faulting module path: OfficeClickToRun.exe2
Report Id: OfficeClickToRun.exe3
Faulting package full name: OfficeClickToRun.exe4
Faulting package-relative application ID: OfficeClickToRun.exe5

Error: (09/14/2015 08:39:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (09/14/2015 08:39:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (09/14/2015 08:39:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (09/14/2015 08:39:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.

Error: (09/14/2015 08:38:41 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifest.


System errors:
=============
Error: (09/14/2015 09:24:46 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 4 time(s).

Error: (09/14/2015 08:51:36 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 3 time(s).

Error: (09/14/2015 08:51:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 2 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/14/2015 08:51:33 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft Office ClickToRun Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 0 milliseconds: Restart the service.

Error: (09/14/2015 08:41:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (09/14/2015 08:41:33 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Newman\AppData\Local\Temp\ehdrv.sys

Error: (09/14/2015 08:41:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (09/14/2015 08:41:33 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Newman\AppData\Local\Temp\ehdrv.sys

Error: (09/14/2015 08:41:33 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error:
%%1275

Error: (09/14/2015 08:41:33 PM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\Newman\AppData\Local\Temp\ehdrv.sys


Microsoft Office:
=========================
Error: (09/14/2015 09:59:46 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifestC:\Program Files (x86)\ESET\ESET Online Scanner\ESETSmartInstaller.exe

Error: (09/14/2015 09:24:44 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OfficeClickToRun.exe15.0.4753.100055ca8b0cntdll.dll10.0.10240.1643055c59f92c000037400000000000ea28c199401d0ef5541383ff4C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exeC:\WINDOWS\SYSTEM32\ntdll.dll0e06cd03-0956-41ee-8217-fd273f074b68

Error: (09/14/2015 08:51:35 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OfficeClickToRun.exe15.0.4753.100055ca8b0cntdll.dll10.0.10240.1643055c59f92c000037400000000000ea28c1d9401d0ef50ab7eecabC:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exeC:\WINDOWS\SYSTEM32\ntdll.dll825c6462-a6e3-4e5a-bb78-ee6d9bc27812

Error: (09/14/2015 08:51:34 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OfficeClickToRun.exe15.0.4753.100055ca8b0cntdll.dll10.0.10240.1643055c59f92c000037400000000000ea28c1e3001d0ef50aa9692f3C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exeC:\WINDOWS\SYSTEM32\ntdll.dlla009da01-7d67-4507-8839-3116a35f9430

Error: (09/14/2015 08:51:31 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: OfficeClickToRun.exe15.0.4753.100055ca8b0cntdll.dll10.0.10240.1643055c59f92c000037400000000000ea28cf8c01d0ef50a1edf8bbC:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exeC:\WINDOWS\SYSTEM32\ntdll.dll032e29e9-5b9d-4d13-9267-39f03cba219b

Error: (09/14/2015 08:39:04 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifestc:\users\newman\desktop\esetsmartinstaller_enu.exe

Error: (09/14/2015 08:39:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifestC:\Users\Newman\Desktop\esetsmartinstaller_enu.exe

Error: (09/14/2015 08:39:02 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifestC:\Users\Newman\Desktop\esetsmartinstaller_enu.exe

Error: (09/14/2015 08:39:01 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifestC:\Users\Newman\Desktop\esetsmartinstaller_enu.exe

Error: (09/14/2015 08:38:41 PM) (Source: SideBySide) (EventID: 78) (User: )
Description: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_f41f7b285750ef43.manifestC:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10240.16384_none_3bccb1ff6bcd1849.manifestC:\Users\Newman\Desktop\esetsmartinstaller_enu.exe


CodeIntegrity:
===================================
  Date: 2015-09-14 00:38:25.954
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-14 00:38:25.937
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-14 00:38:25.921
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-14 00:38:25.897
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-14 00:38:25.883
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-14 00:38:25.846
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-14 00:38:25.319
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-14 00:38:25.201
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-12 02:20:05.040
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

  Date: 2015-09-12 02:20:04.992
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz
Percentage of memory in use: 35%
Total physical RAM: 6023.27 MB
Available physical RAM: 3866.64 MB
Total Virtual: 6983.27 MB
Available Virtual: 4728.64 MB

==================== Drives ================================

Drive c: (TI10673200G) (Fixed) (Total:688.43 GB) (Free:582.41 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================


  • 0

#6
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Hello again, billesq

Everything looks good. We're almost done :)

Let's check if you have any outdated programs on your system.

bABuPc2.pngSecurity Check

Download Security Check from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.
NOTE: If SecurityCheck aborts and you get the following message: UNSUPPORTED OPERATING SYSTEM! ABORTED! try rebooting the system and then run SecurityCheck again.

 
As your logs look good, could you tell me if you have any other problems with your system that you'd like to mention?

 
EOEdyWG.png Things that should appear in your next post:
  • Checkup.txt log content
  • Answer to my question

  • 0

#7
billesq

billesq

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

No other problems to report as of right now.  Thank you for your assistance, even if it was a false alarm!

 

 Results of screen317's Security Check version 1.008  
   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:``````````````
 Windows Firewall Enabled!  
Windows Defender   
avast! Antivirus   
 Antivirus up to date!   
`````````Anti-malware/Other Utilities Check:`````````
 Adobe Flash Player     18.0.0.232  
 Adobe Reader XI  
 Mozilla Firefox (40.0.3)
 Google Chrome (44.0.2403.157)
 Google Chrome (45.0.2454.85)
````````Process Check: objlist.exe by Laurent````````  
 Malwarebytes Anti-Malware mbamservice.exe  
 Malwarebytes Anti-Malware mbam.exe  
 Malwarebytes Anti-Malware mbamscheduler.exe   
 AVAST Software Avast AvastSvc.exe  
 AVAST Software Avast avastui.exe  
`````````````````System Health check`````````````````
 Total Fragmentation on Drive C:  %
````````````````````End of Log``````````````````````
 


  • 0

#8
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

Thank you for your assistance, even if it was a false alarm!

My pleasure :)

Good news. Your system looks clean and we can delete the tools that we've used. I've also prepared some tips for you to stay safe in the future.

 
DelFix
Now that your system looks clean, we can clear system restore points and malware removal tools that we've used. To do that, download and run Delfix.
  • Note: Make sure that the following options are checked:
    • Remove disinfection tools
    • Create registry backup
    • Purge system restore
    • Reset System Settings
k0dPuvD.png
After the cleaning is done, DelFix.txt will be opened in Notepad. If it won't, you can find it in C:\ directory. Select all (CTRL+A) the content of the log, copy it (CTRL+C) and paste (CTRL+V) it into your next reply.

Also, delete any other .exe .txt, .bat .reg or .zip files that we used and are remaining and empty the Recycle bin.

 
Uninstalling programs

Go to Start Menu>Control Panel>Programs>Uninstall a program (or Control Panel>Programs and Features if using icon view) and remove ESET Online Scanner v3

 
Preventing Re-Infection

As prevention is better than cure, I have listed some tips for you to stay safe on the internet in the future. Make a good use of them.

 
Adobe products have to always be updated, because they also are being used to infect your computer.
  • If you want to update Adobe Flash Player, visit this site.
  • If you want to update Adobe Reader, visit this site.
  • Warning!: Make sure to uncheck Optional offer box when downloading Adobe products or you will install an adware on your computer.
 
Turning on Automatic Updates is a crucial security measure. Keeping them out-of-date is like begging to get your system infected.
  • Click Start > Control Panel > System and Security > Windows Update
  • Under Windows Update click Turn automatic updating on or off
  • Make sure that your settings are set so that you will receive updates automatically and click OK.
 
Heimdal Free is one of programs that can check for out-of-date programs on your computer. You can get it here.

 
Recommendations for security programs
  • Malwarebytes' Anti-Malware is a new and powerful anti-malware tool. It is totally free but for real-time protection you will have to pay a small one-time fee.
  • WinPatrol as a robust security monitor will alert you to hijackings, malware attacks and critical changes made to your computer without your permission. WinPatrol takes a snapshot of your critical system resources and alerts you to any changes that may occur without your knowledge.
  • NoScript is a Firefox add-on that increases safety during surfing online by blocking malicious scripts.
  • Unchecky will help you to avoid adware and PUPs by automatically removing checkmarks for these when installing programs.
  • Web of Trust is an add-on for multiple browsers that warns you before entering websites with bad reputation.
 
Cryptolocker prevention
Cryptolocker is a new ransomware that heavily encrypts your important files. At the moment there are no programs that can decrypt these files. You can read how to protect against it here.

 
For some good tips about how to prevent infection in the future, visit this site.

 

Remember to post the Delfix log :)


  • 0

#9
billesq

billesq

    New Member

  • Topic Starter
  • Member
  • Pip
  • 5 posts

# DelFix v1.010 - Logfile created 16/09/2015 at 17:53:33
# Updated 26/04/2015 by Xplode
# Username : Newman - NEWMAN-PC
# Operating System : Windows 10 Home  (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Newman\Desktop\Addition.txt
Deleted : C:\Users\Newman\Desktop\AdwCleaner.exe
Deleted : C:\Users\Newman\Desktop\AdwCleaner[C1].txt
Deleted : C:\Users\Newman\Desktop\Fixlog.txt
Deleted : C:\Users\Newman\Desktop\FRST.txt
Deleted : C:\Users\Newman\Desktop\FRST64.exe
Deleted : C:\Users\Newman\Desktop\JRT.exe
Deleted : C:\Users\Newman\Desktop\JRT.txt
Deleted : C:\Users\Newman\Desktop\log.txt
Deleted : C:\Users\Newman\Desktop\SecurityCheck.exe
Deleted : C:\Users\Newman\Downloads\FRST64.exe
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #1 [Windows Update | 08/25/2015 03:17:19]
Deleted : RP #2 [Windows Update | 08/25/2015 03:17:59]
Deleted : RP #3 [Windows Update | 08/28/2015 06:40:53]
Deleted : RP #4 [Windows Update | 08/28/2015 06:41:50]
Deleted : RP #5 [Windows Modules Installer | 08/31/2015 04:34:16]
Deleted : RP #6 [Windows Update | 09/10/2015 22:01:28]
Deleted : RP #7 [avast! antivirus system restore point | 09/14/2015 05:13:23]
Deleted : RP #9 [Restore Point Created by FRST | 09/14/2015 21:28:43]
Deleted : RP #10 [Garmin Express | 09/15/2015 23:44:24]

New restore point created !

~ Resetting system settings ... OK

########## - EOF - ##########
 


Edited by billesq, 16 September 2015 - 03:57 PM.

  • 0

#10
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts
Alright, it looks like we're done.

Stay safe :wave:
  • 0

#11
Nevan

Nevan

    Trusted Helper

  • Malware Removal
  • 1,765 posts

Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.


  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP