Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Performance issues, browser issues. Non-standard or infected MBR.

- - - - - tech preview

  • Please log in to reply

#1
marknorth

marknorth

    New Member

  • Member
  • Pip
  • 2 posts

Hey everyone, first time here. Hoping someone can help.    My internet browsers run slow to a crash and burn.

 

 My startup time for my laptop jumped from 48 seconds to 3 1/2 minutes. My computer is acting like something

 

is using all my resources.  I have to restart constantly and I'm getting lots of error messages.

 

Anyway, here is the results of my Farbar recovery scan:

 

 

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:12-10-2015

Ran by Mark (administrator) on MARKS_COMPUTER (14-10-2015 09:27:25)

Running from C:\Users\Mark\Desktop

Loaded Profiles: Mark (Available Profiles: Mark & Administrator)

Platform: Windows 10 Home Insider Preview (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: IE)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Microsoft Corporation) C:\Windows\System32\dllhost.exe

(IObit) C:\Program Files (x86)\IObit\Advanced SystemCare 8\Suo10_SmartRAM.exe

() C:\Users\Mark\AppData\Roaming\Dashlane\Dashlane.exe

() C:\Users\Mark\AppData\Roaming\Dashlane\DashlanePlugin.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe

(Intel Corporation) C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

(Lenovo) C:\Users\Mark\AppData\Local\Apps\2.0\G98X6W2X.EHN\R2CENMCJ.JYO\lsb...tion_91a10ba61c75c82d_0001.0005_b11529cbca29c754\LSB.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe

() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.13251.0_x64__8wekyb3d8bbwe\Video.UI.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.9.25.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe

(Microsoft Corporation) C:\Windows\SystemApps\WindowsFeedback_cw5n1h2txyewy\FeedbackApp.Windows.exe

(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe

(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

 

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [287592 2013-08-22] (Intel Corporation)

HKLM\...\Policies\Explorer: [NoControlPanel] 0

HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\Run: [SmartRAM] => C:\Program Files (x86)\IObit\Advanced SystemCare 8\Suo10_SmartRAM.exe [535840 2014-09-02] (IObit)

HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\Run: [Dashlane] => C:\Users\Mark\AppData\Roaming\Dashlane\Dashlane.exe [227648 2015-09-03] ()

HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\Run: [DashlanePlugin] => C:\Users\Mark\AppData\Roaming\Dashlane\DashlanePlugin.exe [285504 2015-09-03] ()

HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\Run: [ToolwizCareFree] => C:\Program Files (x86)\ToolwizCareFree\ToolwizCares.exe [5274328 2015-08-29] (Toolwiz)

HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\Policies\Explorer: [NoInternetOpenWith] 0

HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\Policies\Explorer: [NoRecentDocsNetHood] 1

HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\Policies\Explorer: [NolowDiskSpaceChecks] 1

HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\SysWOW64\3Planesoft_Screensaver_Manager.scr [684032 2009-11-10] (3Planesoft)

ShellIconOverlayIdentifiers: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Mark\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64\FileSyncShell64.dll [2015-10-05] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Mark\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64\FileSyncShell64.dll [2015-10-05] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Mark\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\amd64\FileSyncShell64.dll [2015-10-05] (Microsoft Corporation)

ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File

ShellIconOverlayIdentifiers-x32: [ SkyDrive1] -> {F241C880-6982-4CE5-8CF7-7085BA96DA5A} => C:\Users\Mark\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\FileSyncShell.dll [2015-10-05] (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrive2] -> {A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E} => C:\Users\Mark\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\FileSyncShell.dll [2015-10-05] (Microsoft Corporation)

ShellIconOverlayIdentifiers-x32: [ SkyDrive3] -> {BBACC218-34EA-4666-9D7A-C78F2274A524} => C:\Users\Mark\AppData\Local\Microsoft\OneDrive\17.3.5951.0827_1\FileSyncShell.dll [2015-10-05] (Microsoft Corporation)

GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt

Tcpip\Parameters: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Tcpip\..\Interfaces\{17972036-390a-4376-b368-1b4d57b4a119}: [DhcpNameServer] 192.168.0.1 205.171.2.25

Tcpip\..\Interfaces\{2adb89f3-394c-46ae-a942-d4b6f8d4b2a8}: [DhcpNameServer] 68.105.28.11 68.105.29.11 68.105.28.12

Internet Explorer:

==================

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Local Page =

HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://home.lenovo.com

SearchScopes: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001 -> DefaultScope {84BBBBD8-3C05-4CD1-8D71-B03309E99298} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

SearchScopes: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =

SearchScopes: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001 -> {84BBBBD8-3C05-4CD1-8D71-B03309E99298} URL = hxxps://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:{language}:{referrer:source}&ie={inputEncoding?}&oe={outputEncoding?}

BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll [2015-08-28] (IObit)

BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)

BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-01-03] (Adobe Systems Incorporated)

BHO-x32: Dashlane BHO -> {42D79B50-CC4A-4A8E-860F-BE674AF053A2} -> C:\Users\Mark\AppData\Roaming\Dashlane\ie\Dashlanei.dll [2015-09-03] (Dashlane)

BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\ssv.dll [2015-09-06] (Oracle Corporation)

BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)

BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\jp2ssv.dll [2015-09-06] (Oracle Corporation)

BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2012-01-03] (Adobe Systems Incorporated)

Toolbar: HKLM-x32 - Dashlane Toolbar - {669695BC-A811-4A9D-8CDF-BA8C795F261C} - C:\Users\Mark\AppData\Roaming\Dashlane\ie\KWIEBar.dll [2015-09-03] (Dashlane)

Toolbar: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001 -> No Name - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - No File

Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)

FireFox:

========

FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-09-01] ()

FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-09-01] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-08-08] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-08-08] (Intel Corporation)

FF Plugin-x32: @java.com/DTPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\dtplugin\npDeployJava1.dll [2015-09-06] (Oracle Corporation)

FF Plugin-x32: @java.com/JavaPlugin,version=11.60.2 -> C:\Program Files (x86)\Java\jre1.8.0_60\bin\plugin2\npjp2.dll [2015-09-06] (Oracle Corporation)

FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-09-08] (Microsoft Corporation)

FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2012-01-03] (Adobe Systems Inc.)

FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn

FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2015-08-30]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2774104 2015-09-11] (Microsoft Corporation)

S3 ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()

S4 ETDService; C:\Program Files\Elantech\ETDService.exe [135072 2015-08-25] (ELAN Microelectronics Corp.)

R2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-08-22] (Intel Corporation)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-10-11] (Intel Corporation)

S3 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [733696 2013-05-11] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [822232 2013-05-11] (Intel® Corporation)

S3 Intel® Wireless Bluetooth® 4.0 Radio Management; C:\Program Files (x86)\Intel\Bluetooth\ibtrksrv.exe [157128 2013-08-02] (Intel Corporation)

S3 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-08-08] (Intel Corporation)

S4 Lenovo System Agent Service; C:\Program Files\Lenovo\iMController\SystemAgentService.exe [584632 2015-03-06] (LENOVO INCORPORATED.)

S4 LiveUpdateSvc; C:\Program Files (x86)\IObit\LiveUpdate\LiveUpdate.exe [2909472 2015-07-29] (IObit)

S3 LSCWinService; C:\Program Files\Lenovo\Lenovo Solution Center\App\LSCWinService.exe [271296 2015-08-17] (Lenovo)

S4 OneSyncSvc_35168; C:\WINDOWS\system32\svchost.exe [36696 2015-09-13] (Microsoft Corporation)

S4 OneSyncSvc_35168; C:\WINDOWS\SysWOW64\svchost.exe [30480 2015-09-13] (Microsoft Corporation)

S3 PimIndexMaintenanceSvc_35168; C:\WINDOWS\system32\svchost.exe [36696 2015-09-13] (Microsoft Corporation)

S3 PimIndexMaintenanceSvc_35168; C:\WINDOWS\SysWOW64\svchost.exe [30480 2015-09-13] (Microsoft Corporation)

S3 RichVideo64; C:\Program Files\CyberLink\Shared files\RichVideo64.exe [390632 2012-04-24] ()

S3 ss_conn_service; C:\Program Files (x86)\Samsung\USB Drivers\25_escape\conn\ss_conn_service.exe [743688 2015-05-20] (DEVGURU Co., LTD.)

S3 SystemUsageReportSvc_WILLAMETTE; C:\Program Files (x86)\Intel Driver Update Utility\SUR\SurSvc.exe [105112 2015-07-16] ()

S3 TieringEngineService; C:\Windows\system32\TieringEngineService.exe [290304 2015-09-13] (Microsoft Corporation)

S4 tzautoupdate; C:\Windows\system32\tzautoupdate.dll [87040 2015-09-13] (Microsoft Corporation)

S3 UnistoreSvc_35168; C:\WINDOWS\System32\svchost.exe [36696 2015-09-13] (Microsoft Corporation)

S3 UnistoreSvc_35168; C:\WINDOWS\SysWOW64\svchost.exe [30480 2015-09-13] (Microsoft Corporation)

S3 UserDataSvc_35168; C:\WINDOWS\system32\svchost.exe [36696 2015-09-13] (Microsoft Corporation)

S3 UserDataSvc_35168; C:\WINDOWS\SysWOW64\svchost.exe [30480 2015-09-13] (Microsoft Corporation)

S3 USER_ESRV_SVC_WILLAMETTE; C:\Program Files\Intel\SUR\WILLAMETTE\ESRV\esrv_svc.exe [413848 2015-07-16] ()

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [349088 2015-09-13] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [12928 2015-09-13] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 BCM43XX; C:\Windows\system32\DRIVERS\bcmwl63a.sys [7474864 2013-08-07] (Broadcom Corporation)

S3 bcmfn; C:\Windows\System32\drivers\bcmfn.sys [17656 2015-09-13] (Windows ® Win 7 DDK provider)

R1 BTOWSFF; C:\WINDOWS\System32\Drivers\BTOWSFF.sys [33024 2015-08-29] (Toolwiz.com)

R0 BTOWSVF; C:\Windows\System32\Drivers\BTOWSVF.sys [52480 2015-08-29] (Toolwiz.com)

R3 DFX11_1; C:\Windows\system32\drivers\dfx11_1x64.sys [28008 2012-12-13] (Windows ® Win 7 DDK provider)

R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-08-28] (REALiX™)

R0 KSafeDISK; C:\Windows\System32\Drivers\KSafeDISK.sys [52992 2015-08-29] (Toolwiz.com)

S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-16] (Malwarebytes Corporation)

R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-08-29] (Intel Corporation)

R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [402136 2015-08-28] (Realsil Semiconductor Corporation)

R3 rtsuvc; C:\Windows\system32\DRIVERS\rtsuvc.sys [3059928 2015-06-23] (Realtek Semiconductor Corp.)

S3 semav6msr64; C:\WINDOWS\system32\drivers\semav6msr64.sys [21984 2015-06-04] ()

R0 SmartDefragDriver; C:\Windows\System32\Drivers\SmartDefragDriver.sys [21184 2014-06-04] (IObit)

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [33960 1999-12-31] (Synaptics Incorporated)

S3 SWDUMon; C:\Windows\system32\DRIVERS\SWDUMon.sys [16056 2015-10-13] (SlimWare Utilities, Inc.)

S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [45056 2015-09-13] (Microsoft Corporation)

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [40768 2015-09-13] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [288016 2015-09-13] (Microsoft Corporation)

R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [116496 2015-09-13] (Microsoft Corporation)

S3 WinRing0_1_2_0; C:\Program Files (x86)\IObit\Game Booster 3\Driver\WinRing0x64.sys [14544 2010-11-01] (OpenLibSys.org)

S3 wsvd; C:\Windows\system32\DRIVERS\wsvd.sys [102376 2012-06-13] ("CyberLink)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

 

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-14 09:27 - 2015-10-14 09:28 - 00017303 _____ C:\Users\Mark\Desktop\FRST.txt

2015-10-14 09:26 - 2015-10-14 09:27 - 00000000 ____D C:\FRST

2015-10-14 09:16 - 2015-10-14 09:26 - 02196480 _____ (Farbar) C:\Users\Mark\Desktop\FRST64.exe

2015-10-14 08:07 - 2015-10-14 08:09 - 82735790 _____ C:\Users\Mark\Downloads\5155671.mp4

2015-10-14 07:52 - 2015-10-14 08:00 - 85988203 _____ C:\Users\Mark\Downloads\4910450.mp4

2015-10-14 07:44 - 2015-10-14 07:44 - 00000000 ___HD C:\OneDriveTemp

2015-10-14 07:23 - 2015-10-14 07:23 - 00000000 ____D C:\Users\Mark\Documents\Lenovo

2015-10-14 07:23 - 2015-10-14 07:23 - 00000000 ____D C:\Users\Mark\Documents\CyberLink

2015-10-14 05:55 - 2015-10-14 09:25 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log

2015-10-14 05:34 - 2015-10-14 05:34 - 00001344 _____ C:\Users\Mark\Desktop\Win Fix.lnk

2015-10-13 23:09 - 2015-10-13 23:09 - 00000000 ____D C:\Users\Mark\AppData\Local\DFX

2015-10-13 23:08 - 2015-10-13 23:08 - 00001722 _____ C:\Users\Public\Desktop\DFX.lnk

2015-10-13 23:08 - 2015-10-13 23:08 - 00000000 ____D C:\Users\Mark\AppData\Roaming\vlc

2015-10-13 23:08 - 2015-10-13 23:08 - 00000000 ____D C:\Users\HomeGroupUser$\AppData\Roaming\vlc

2015-10-13 23:08 - 2015-10-13 23:08 - 00000000 ____D C:\Users\HomeGroupUser$

2015-10-13 23:08 - 2015-10-13 23:08 - 00000000 ____D C:\Users\Guest\AppData\Roaming\vlc

2015-10-13 23:08 - 2015-10-13 23:08 - 00000000 ____D C:\Users\Guest

2015-10-13 23:08 - 2015-10-13 23:08 - 00000000 ____D C:\Users\DefaultAccount\AppData\Roaming\vlc

2015-10-13 23:08 - 2015-10-13 23:08 - 00000000 ____D C:\Users\DefaultAccount

2015-10-13 23:08 - 2015-10-13 23:08 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\vlc

2015-10-13 23:08 - 2015-10-13 23:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DFX Audio Enhancer

2015-10-13 23:08 - 2015-10-13 23:08 - 00000000 ____D C:\Program Files (x86)\DFX

2015-10-13 23:05 - 2015-10-13 23:05 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Morphyre Visualizer

2015-10-13 23:05 - 2015-10-13 23:05 - 00000000 ____D C:\Users\Mark\AppData\Local\Morphyre

2015-10-13 23:05 - 2015-10-13 23:05 - 00000000 ____D C:\Program Files (x86)\Morphyre

2015-10-13 19:35 - 2015-10-13 19:36 - 00000000 ____D C:\Users\Mark\Documents\Credit

2015-10-13 19:34 - 2015-10-13 19:50 - 00000000 ____D C:\Users\Mark\Documents\Receipts

2015-10-13 19:33 - 2015-10-13 19:33 - 00001279 _____ C:\Users\Mark\Desktop\Documents - Shortcut.lnk

2015-10-13 18:35 - 2015-10-13 18:35 - 00001447 _____ C:\Users\Mark\Desktop\The Last Door Collector's Edition.lnk

2015-10-13 18:26 - 2015-10-13 18:26 - 00003282 _____ C:\WINDOWS\System32\Tasks\Game_Booster_AutoUpdate

2015-10-13 18:26 - 2015-10-13 18:26 - 00001278 _____ C:\Users\Public\Desktop\Switch to Gaming Mode.lnk

2015-10-13 18:26 - 2015-10-13 18:26 - 00001266 _____ C:\Users\Public\Desktop\Game Booster 3.lnk

2015-10-13 18:26 - 2015-10-13 18:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Game Booster 3

2015-10-13 18:24 - 2015-10-13 18:24 - 00002488 _____ C:\WINDOWS\System32\Tasks\Uninstaller_SkipUac_Mark

2015-10-13 18:24 - 2015-10-13 18:24 - 00000306 _____ C:\WINDOWS\Tasks\Uninstaller_SkipUac_Mark.job

2015-10-13 10:39 - 2015-10-13 10:39 - 82513920 _____ C:\WINDOWS\system32\config\software.regback

2015-10-13 09:55 - 2015-10-13 09:55 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat

2015-10-12 21:15 - 2015-10-12 21:15 - 00542984 _____ (ESGEJ) C:\Users\Mark\Downloads\1444709743.bin

2015-10-11 06:58 - 2015-10-11 06:58 - 22915568 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 17846272 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 12335600 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 11905432 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 11053048 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 10574992 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 08528896 _____ (Intel Corporation) C:\WINDOWS\system32\ig7icd64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 06513648 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig7icd32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 04637640 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 04371888 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe

2015-10-11 06:58 - 2015-10-11 06:58 - 04369816 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe

2015-10-11 06:58 - 2015-10-11 06:58 - 04025864 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAAC64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 03797424 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys

2015-10-11 06:58 - 2015-10-11 06:58 - 03672344 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 02506960 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiVAD64.exe

2015-10-11 06:58 - 2015-10-11 06:58 - 02037232 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 01995760 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 01793024 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 01768432 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 01470472 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 01156000 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 01151840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00970656 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe

2015-10-11 06:58 - 2015-10-11 06:58 - 00866824 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00680432 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00661000 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00618992 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00617992 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMux64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00556960 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe

2015-10-11 06:58 - 2015-10-11 06:58 - 00554928 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe

2015-10-11 06:58 - 2015-10-11 06:58 - 00541600 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe

2015-10-11 06:58 - 2015-10-11 06:58 - 00469216 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00444832 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe

2015-10-11 06:58 - 2015-10-11 06:58 - 00410528 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeAppv2_0.exe

2015-10-11 06:58 - 2015-10-11 06:58 - 00409520 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeApp.exe

2015-10-11 06:58 - 2015-10-11 06:58 - 00395168 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTray.exe

2015-10-11 06:58 - 2015-10-11 06:58 - 00394224 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00387056 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00378824 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00374272 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00357912 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00330136 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe

2015-10-11 06:58 - 2015-10-11 06:58 - 00329216 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00316245 _____ C:\WINDOWS\system32\DisplayAudiox64.cab

2015-10-11 06:58 - 2015-10-11 06:58 - 00296944 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00291744 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe

2015-10-11 06:58 - 2015-10-11 06:58 - 00285184 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00265712 _____ C:\WINDOWS\system32\igfxCPL.cpl

2015-10-11 06:58 - 2015-10-11 06:58 - 00262640 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00258456 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe

2015-10-11 06:58 - 2015-10-11 06:58 - 00232960 _____ C:\WINDOWS\system32\igdde64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00230384 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00229664 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00225288 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUtils64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00216552 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4276.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00205728 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe

2015-10-11 06:58 - 2015-10-11 06:58 - 00199088 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00194560 _____ C:\WINDOWS\SysWOW64\igdde32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00194368 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00193536 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00192520 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00188884 _____ C:\WINDOWS\system32\resTHA.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00181524 _____ C:\WINDOWS\system32\resELL.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00177300 _____ C:\WINDOWS\system32\resRUS.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00172528 _____ C:\WINDOWS\system32\igdail64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00169368 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00165808 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe

2015-10-11 06:58 - 2015-10-11 06:58 - 00163840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00163044 _____ C:\WINDOWS\system32\resARA.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00162500 _____ C:\WINDOWS\system32\resHEB.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00162484 _____ C:\WINDOWS\system32\resJPN.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00157860 _____ C:\WINDOWS\system32\resHUN.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00157844 _____ C:\WINDOWS\system32\resFRA.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00156100 _____ C:\WINDOWS\system32\resKOR.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00156020 _____ C:\WINDOWS\system32\resDEU.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00155988 _____ C:\WINDOWS\system32\resITA.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00155828 _____ C:\WINDOWS\system32\resROM.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00155716 _____ C:\WINDOWS\system32\resESN.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00155268 _____ C:\WINDOWS\system32\resPLK.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00155172 _____ C:\WINDOWS\system32\resSKY.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00154980 _____ C:\WINDOWS\system32\resNLD.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00154372 _____ C:\WINDOWS\system32\resPTB.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00154260 _____ C:\WINDOWS\system32\resTRK.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00154212 _____ C:\WINDOWS\system32\resCSY.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00154096 _____ C:\WINDOWS\SysWOW64\igdail32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00154084 _____ C:\WINDOWS\system32\resPTG.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00153620 _____ C:\WINDOWS\system32\resFIN.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00153236 _____ C:\WINDOWS\system32\resHRV.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00152772 _____ C:\WINDOWS\system32\resSVE.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00152644 _____ C:\WINDOWS\system32\resSLV.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00151668 _____ C:\WINDOWS\system32\resNOR.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00151156 _____ C:\WINDOWS\system32\resDAN.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00149812 _____ C:\WINDOWS\system32\resENU.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00148052 _____ C:\WINDOWS\system32\resCHT.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00147188 _____ C:\WINDOWS\system32\resCHS.cui

2015-10-11 06:58 - 2015-10-11 06:58 - 00143368 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCUMD64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00109064 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiLogServer64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00102912 _____ C:\WINDOWS\system32\IccLibDll_x64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00096752 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00078336 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00069616 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00042232 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00039424 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00020976 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00018944 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00018944 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00018944 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00015344 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00013824 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll

2015-10-11 06:58 - 2015-10-11 06:58 - 00002560 _____ C:\WINDOWS\system32\iglhxs64.vp

2015-10-08 17:03 - 2015-09-22 19:26 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-10-08 17:03 - 2015-09-22 19:26 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-10-07 05:44 - 2015-10-13 07:00 - 00000000 ___HD C:\$WINDOWS.~BT

2015-10-05 14:52 - 2015-10-14 07:41 - 00000270 _____ C:\WINDOWS\Tasks\ASC8_SkipUac_Mark.job

2015-10-05 14:52 - 2015-10-05 14:52 - 00002438 _____ C:\WINDOWS\System32\Tasks\ASC8_SkipUac_Mark

2015-10-05 12:21 - 2015-10-05 12:21 - 00000258 __RSH C:\ProgramData\ntuser.pol

2015-10-05 10:31 - 2015-10-05 10:31 - 83214336 _____ C:\WINDOWS\system32\config\SOFTWARE.iobit

2015-10-05 10:31 - 2015-10-05 10:31 - 00450560 _____ C:\WINDOWS\system32\config\DEFAULT.iobit

2015-10-05 10:31 - 2015-10-05 10:31 - 00098304 _____ C:\WINDOWS\system32\config\SAM.iobit

2015-10-05 10:31 - 2015-10-05 10:31 - 00028672 _____ C:\WINDOWS\system32\config\SECURITY.iobit

2015-10-05 04:13 - 2015-10-14 07:46 - 00000000 ____D C:\Users\Mark\AppData\Local\Deployment

2015-10-05 04:04 - 2015-10-05 04:04 - 00000020 ___SH C:\Users\Mark\ntuser.ini

2015-10-05 02:37 - 2015-10-13 07:02 - 00000000 ___DC C:\WINDOWS\Panther

2015-10-05 02:37 - 2015-10-05 01:49 - 00000000 __SHD C:\Recovery

2015-10-05 02:31 - 2015-10-05 02:31 - 00000000 ____D C:\Windows.old

2015-10-05 02:24 - 2015-10-05 02:24 - 00008192 _____ C:\WINDOWS\system32\config\userdiff

2015-10-05 02:22 - 2015-10-05 02:22 - 00000000 ____D C:\Program Files\Reference Assemblies

2015-10-05 02:22 - 2015-10-05 02:22 - 00000000 ____D C:\Program Files\MSBuild

2015-10-05 02:22 - 2015-10-05 02:22 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies

2015-10-05 02:22 - 2015-10-05 02:22 - 00000000 ____D C:\Program Files (x86)\MSBuild

2015-10-05 02:21 - 2015-08-11 22:16 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll

2015-10-05 02:21 - 2015-08-07 21:20 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll

2015-10-05 02:21 - 2015-07-08 19:35 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll

2015-10-05 02:21 - 2015-07-08 19:35 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe

2015-10-05 02:21 - 2015-05-29 19:29 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll

2015-10-05 02:21 - 2015-05-29 19:29 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe

2015-10-05 02:16 - 2015-10-14 07:42 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-10-05 02:01 - 2015-10-05 02:01 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia

2015-10-05 02:01 - 2015-10-05 02:01 - 00000000 ____D C:\Users\Default\AppData\Local\Pokki

2015-10-05 02:01 - 2015-10-05 02:01 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia

2015-10-05 02:01 - 2015-10-05 02:01 - 00000000 ____D C:\Users\Default User\AppData\Local\Pokki

2015-10-05 02:00 - 2015-10-05 02:00 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-10-05 01:56 - 2015-10-05 01:56 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate

2015-10-05 01:51 - 2015-10-14 05:24 - 00000000 ____D C:\Users\Mark

2015-10-05 01:51 - 2015-10-05 04:05 - 00000000 ___RD C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-10-05 01:51 - 2015-10-05 02:09 - 00000000 ____D C:\Users\Administrator

2015-10-05 01:51 - 2015-09-13 22:58 - 00000000 __RSD C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell

2015-10-05 01:51 - 2015-09-13 22:58 - 00000000 __RSD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell

2015-10-05 01:51 - 2015-09-13 22:57 - 00000000 ___RD C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-10-05 01:51 - 2015-09-13 22:57 - 00000000 ___RD C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-10-05 01:51 - 2015-09-13 22:57 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-10-05 01:51 - 2015-09-13 22:57 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories

2015-10-05 01:51 - 2015-09-13 22:57 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-10-05 01:51 - 2015-09-13 22:57 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-10-05 01:51 - 2015-09-13 22:57 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance

2015-10-05 01:47 - 2015-10-05 01:47 - 00000000 ____D C:\Analog

2015-10-05 01:46 - 2015-10-05 01:46 - 00001524 _____ C:\Users\Public\CAFADEBUG.log

2015-10-05 01:46 - 2015-10-05 01:46 - 00000000 ____D C:\WINDOWS\SysWOW64\sda

2015-10-05 01:46 - 2015-10-05 01:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Conexant

2015-10-05 01:46 - 2015-04-18 10:26 - 00427224 _____ (Conexant Systems, Inc.) C:\WINDOWS\SysWOW64\SASrv.exe

2015-10-05 01:46 - 2014-11-26 11:01 - 00004664 _____ C:\WINDOWS\system32\Drivers\CxSfPt.dat

2015-10-05 01:46 - 2013-07-25 14:39 - 00206552 _____ (Conexant Systems Inc.) C:\WINDOWS\system32\CxAudMsg64.exe

2015-10-05 01:45 - 2015-10-05 01:56 - 00000000 ____D C:\Program Files\Dolby Digital Plus

2015-10-05 01:45 - 2015-10-05 01:45 - 00000000 ____H C:\ProgramData\DP45977C.lfl

2015-10-05 01:44 - 2015-10-11 06:58 - 00072704 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL

2015-10-05 01:44 - 2015-10-11 06:58 - 00069120 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL

2015-10-05 01:44 - 2015-10-05 01:56 - 00000000 ____D C:\ProgramData\Conexant

2015-10-05 01:44 - 2015-10-05 01:56 - 00000000 ____D C:\Program Files\Intel

2015-10-05 01:44 - 2015-10-05 01:56 - 00000000 ____D C:\Program Files\Elantech

2015-10-05 01:44 - 2015-10-05 01:56 - 00000000 ____D C:\Program Files\CONEXANT

2015-10-05 01:43 - 2015-10-05 01:43 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf

2015-10-05 01:43 - 2015-10-05 01:43 - 00000000 ____D C:\Program Files\Synaptics

2015-10-05 01:40 - 2015-09-13 22:19 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll

2015-10-05 01:39 - 2015-10-05 02:05 - 00395736 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2015-10-05 01:39 - 2015-10-05 01:39 - 00033817 _____ C:\WINDOWS\system32\NetSetupMig.log

2015-10-04 10:55 - 2015-10-04 10:55 - 00001360 _____ C:\Users\Mark\Desktop\Smart RAM.lnk

2015-10-04 00:29 - 2015-10-04 00:29 - 00000000 ____D C:\Users\Mark\AppData\Local\Essentware

2015-10-04 00:26 - 2015-10-04 00:42 - 00000000 ____D C:\ProgramData\Essentware

2015-10-02 17:20 - 2015-10-02 17:20 - 00002114 _____ C:\Users\Mark\Desktop\FileHippo App Manager.lnk

2015-10-02 12:17 - 2015-10-02 12:19 - 00000000 ____D C:\Program Files\safe

2015-09-28 17:22 - 2015-06-23 18:38 - 03059928 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\rtsuvc.sys

2015-09-28 17:22 - 2015-06-23 18:33 - 00559832 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtCamX64.dll

2015-09-28 17:22 - 2015-06-23 18:33 - 00495320 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RtCamX.dll

2015-09-28 17:22 - 2015-06-01 14:58 - 05052120 _____ (Realtek semiconductor) C:\WINDOWS\RTFTrack.exe

2015-09-28 17:22 - 2015-03-24 13:51 - 02627288 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\RtCamU64.exe

2015-09-28 17:22 - 2014-10-20 21:02 - 01157563 _____ C:\WINDOWS\FTDataP.xml

2015-09-28 17:22 - 2014-10-20 21:02 - 00946032 _____ C:\WINDOWS\FTData.xml

2015-09-28 17:22 - 2014-10-20 21:02 - 00817241 _____ C:\WINDOWS\FTDataR1.xml

2015-09-28 17:22 - 2014-10-20 21:02 - 00817191 _____ C:\WINDOWS\FTDataR0.xml

2015-09-28 17:22 - 2014-10-09 16:40 - 01971928 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\SysWOW64\RsDecode.dll

2015-09-25 07:10 - 2015-10-14 09:07 - 00000000 _____ C:\Users\Mark\AppData\LocalLow\rightsCheck_1.txt

2015-09-25 07:04 - 2015-09-25 07:04 - 00001843 _____ C:\Users\Mark\Desktop\Dashlane.lnk

2015-09-25 07:04 - 2015-09-25 07:04 - 00000000 ____D C:\Users\Mark\AppData\LocalLow\Dashlane

2015-09-25 07:03 - 2015-10-05 01:55 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dashlane

2015-09-25 07:03 - 2015-09-25 07:04 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Dashlane

2015-09-25 07:03 - 2015-09-25 07:04 - 00000000 ____D C:\Program Files (x86)\Dashlane

2015-09-22 09:13 - 2015-09-22 09:13 - 00000144 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat

2015-09-18 14:34 - 2015-09-18 14:34 - 00002469 _____ C:\Users\Mark\Desktop\Flickr Uploadr.lnk

2015-09-18 14:02 - 2015-10-05 12:24 - 00000000 ____D C:\Users\Mark\AppData\Local\ActiveSync

2015-09-18 13:52 - 2015-09-18 13:52 - 00000000 ____D C:\Users\Mark\Documents\Fragments

2015-09-18 13:39 - 2015-09-18 13:39 - 00000000 ___RD C:\Users\Mark\3D Objects

2015-09-18 13:23 - 2015-10-05 04:14 - 00002391 _____ C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2015-09-16 08:29 - 2015-10-05 01:55 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flickr

2015-09-16 08:29 - 2015-09-16 08:29 - 00000000 ____D C:\Users\Mark\AppData\Local\IsolatedStorage

2015-09-16 08:29 - 2015-09-16 08:29 - 00000000 ____D C:\Users\Mark\AppData\Local\Flickr

2015-09-16 08:28 - 2015-09-18 14:34 - 00000000 ____D C:\Users\Mark\AppData\Local\FlickrUploadrWindows

2015-09-16 08:28 - 2015-09-16 08:29 - 00000000 ____D C:\Users\Mark\AppData\Local\SquirrelTemp

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-14 09:24 - 2015-09-03 22:03 - 00000000 ____D C:\Users\Mark\Downloads\tweaking

2015-10-14 08:43 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\system32\sru

2015-10-14 08:38 - 2015-09-05 06:56 - 00006431 _____ C:\WINDOWS\SysWOW64\The Lost Watch II NV.log

2015-10-14 07:44 - 2015-05-13 09:54 - 00000000 ____D C:\Users\Mark\OneDrive

2015-10-14 07:41 - 2015-09-13 21:31 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

2015-10-14 05:27 - 2015-09-05 10:12 - 00001172 _____ C:\Users\Mark\Desktop\Toolwiz Care.lnk

2015-10-14 05:12 - 2014-02-18 14:56 - 00004164 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{16426344-36EA-4882-9F34-CEF105EBF2E6}

2015-10-13 21:20 - 2015-09-05 06:58 - 00006113 _____ C:\WINDOWS\SysWOW64\Western Railway NV.log

2015-10-13 20:49 - 2015-09-05 06:53 - 00015647 _____ C:\WINDOWS\SysWOW64\Sun Village NV.log

2015-10-13 18:41 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\AppReadiness

2015-10-13 18:36 - 2014-02-18 14:16 - 00000000 ____D C:\Users\Mark\AppData\Local\Packages

2015-10-13 18:26 - 2015-08-28 07:34 - 00000000 ____D C:\Program Files (x86)\IObit

2015-10-13 10:57 - 2015-08-31 13:14 - 00016056 _____ (SlimWare Utilities, Inc.) C:\WINDOWS\system32\Drivers\SWDUMon.sys

2015-10-13 10:56 - 2015-08-30 18:51 - 00001059 _____ C:\Users\Public\Desktop\WinRAR.lnk

2015-10-13 10:56 - 2015-08-30 18:51 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR

2015-10-13 10:56 - 2015-08-30 18:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR

2015-10-13 10:49 - 2015-08-30 18:51 - 00000000 ____D C:\Program Files\WinRAR

2015-10-13 10:26 - 2015-08-31 12:14 - 00002281 _____ C:\Users\Public\Desktop\Advanced SystemCare 8.lnk

2015-10-12 17:26 - 2015-09-05 08:05 - 00000917 _____ C:\Users\Mark\Desktop\Start Tor Browser.lnk

2015-10-12 17:14 - 2015-09-04 15:20 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Riverpoint Writer

2015-10-12 11:42 - 2015-09-04 12:57 - 00006882 _____ C:\lxcz.log

2015-10-12 10:24 - 2015-09-13 22:11 - 00000000 ____D C:\WINDOWS\CbsTemp

2015-10-10 19:32 - 2015-08-03 11:39 - 00881036 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-10-10 15:38 - 2015-09-04 15:20 - 00002056 _____ C:\Users\Mark\Desktop\Riverpoint Writer.lnk

2015-10-10 15:33 - 2014-09-10 12:51 - 00000000 ____D C:\Users\Mark\AppData\Roaming\HpUpdate

2015-10-08 10:36 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\system32\restore

2015-10-06 22:36 - 2014-09-08 20:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013

2015-10-05 15:25 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\system32\NDF

2015-10-05 12:38 - 2015-08-29 14:41 - 00000000 ____D C:\Users\Mark\AppData\Local\ToolwizCareFree

2015-10-05 11:17 - 2014-02-23 22:29 - 00002940 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-1047955054-1064664553-3060372006-1004

2015-10-05 04:18 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\appcompat

2015-10-05 04:07 - 2015-09-13 22:56 - 00000000 ___RD C:\WINDOWS\PrintDialog

2015-10-05 04:07 - 2015-09-13 22:56 - 00000000 ___RD C:\WINDOWS\MiracastView

2015-10-05 04:06 - 2015-09-13 22:56 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel

2015-10-05 02:37 - 2015-09-13 22:57 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template

2015-10-05 02:31 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\rescache

2015-10-05 02:27 - 2015-09-13 21:31 - 00000000 __RHD C:\Users\Default

2015-10-05 02:26 - 2015-09-13 21:31 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM

2015-10-05 02:26 - 2015-08-03 10:39 - 00036198 _____ C:\WINDOWS\diagwrn.xml

2015-10-05 02:26 - 2015-08-03 10:39 - 00036198 _____ C:\WINDOWS\diagerr.xml

2015-10-05 02:17 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\Registration

2015-10-05 02:16 - 2015-08-03 11:52 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat

2015-10-05 02:13 - 2015-09-13 22:56 - 00000000 __RSD C:\WINDOWS\Media

2015-10-05 02:12 - 2015-09-13 22:56 - 00000000 __RHD C:\Users\Public\Libraries

2015-10-05 02:10 - 2013-10-18 21:45 - 00897442 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI

2015-10-05 02:01 - 2015-09-13 22:56 - 00000000 __RSD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell

2015-10-05 02:01 - 2015-09-13 22:56 - 00000000 __RSD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell

2015-10-05 02:01 - 2015-09-13 22:56 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-10-05 02:01 - 2015-09-13 22:56 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools

2015-10-05 02:01 - 2015-08-22 20:37 - 00000000 ____D C:\Users\Default.migrated

2015-10-05 01:58 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy

2015-10-05 01:58 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2015-10-05 01:58 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase

2015-10-05 01:58 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\system32\spool

2015-10-05 01:58 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\system32\oobe

2015-10-05 01:58 - 2015-08-30 13:48 - 00000000 ____D C:\WINDOWS\SysWOW64\Packages

2015-10-05 01:58 - 2013-10-18 21:44 - 00000000 ____D C:\WINDOWS\SysWOW64\Atheros_L1e

2015-10-05 01:58 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared

2015-10-05 01:58 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared

2015-10-05 01:57 - 2015-09-13 23:36 - 00000000 ____D C:\WINDOWS\DigitalLocker

2015-10-05 01:57 - 2015-09-13 22:56 - 00000000 ___RD C:\WINDOWS\PurchaseDialog

2015-10-05 01:57 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\system32\InputMethod

2015-10-05 01:57 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\PolicyDefinitions

2015-10-05 01:57 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\LiveKernelReports

2015-10-05 01:57 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\InputMethod

2015-10-05 01:57 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\IME

2015-10-05 01:57 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\Cursors

2015-10-05 01:57 - 2015-09-13 22:56 - 00000000 ____D C:\ProgramData\USOPrivate

2015-10-05 01:57 - 2015-09-06 11:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java

2015-10-05 01:57 - 2015-09-05 13:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Xirrus

2015-10-05 01:57 - 2015-09-05 06:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\3Planesoft

2015-10-05 01:57 - 2015-09-03 19:11 - 00000000 ____D C:\WINDOWS\system32\Icon Changer

2015-10-05 01:57 - 2015-08-31 18:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Leisure Suit Larry- Magna Cum Laude [GOG.com]

2015-10-05 01:57 - 2015-08-31 13:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Chipset Driver for Windows 10

2015-10-05 01:57 - 2015-08-31 12:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Advanced SystemCare 8

2015-10-05 01:57 - 2015-08-31 10:20 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe

2015-10-05 01:57 - 2015-08-30 19:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2

2015-10-05 01:57 - 2015-08-29 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ToolwizCareFree

2015-10-05 01:57 - 2015-08-29 10:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel Driver Update Utility

2015-10-05 01:57 - 2015-08-28 08:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dolby

2015-10-05 01:57 - 2015-08-28 07:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Smart Defrag 4

2015-10-05 01:57 - 2015-08-28 07:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner

2015-10-05 01:57 - 2014-09-10 12:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP

2015-10-05 01:57 - 2014-09-09 08:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung

2015-10-05 01:57 - 2014-03-01 21:24 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight

2015-10-05 01:57 - 2013-10-18 22:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lenovo

2015-10-05 01:57 - 2013-10-18 22:00 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 10

2015-10-05 01:57 - 2013-10-18 21:45 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel

2015-10-05 01:57 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\ADFS

2015-10-05 01:56 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\system32\Recovery

2015-10-05 01:56 - 2015-09-13 22:56 - 00000000 ____D C:\WINDOWS\system32\AppLocker

2015-10-05 01:56 - 2015-09-13 22:56 - 00000000 ____D C:\Program Files\Common Files\System

2015-10-05 01:56 - 2015-09-13 22:56 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2015-10-05 01:56 - 2013-08-22 08:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy

2015-10-05 01:55 - 2015-09-04 15:20 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Riverpoint Writer

2015-10-05 01:55 - 2015-08-29 10:11 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo

2015-10-05 01:55 - 2015-08-16 15:27 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\World of Warships

2015-10-05 01:55 - 2015-08-15 16:02 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon

2015-10-05 01:55 - 2015-02-18 15:41 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Amazon Cloud Drive

2015-10-05 01:53 - 2015-08-29 17:46 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages

2015-10-05 01:49 - 2015-09-13 21:31 - 00000000 ____D C:\WINDOWS\system32\Sysprep

2015-10-03 23:02 - 2015-08-28 07:35 - 00000000 ____D C:\ProgramData\ProductData

2015-10-02 17:20 - 2015-08-31 16:15 - 00000000 ____D C:\Program Files (x86)\FileHippo.com

2015-10-02 11:48 - 2015-02-18 15:41 - 00000000 ____D C:\Users\Mark\AppData\Local\Amazon Cloud Drive

2015-09-28 17:25 - 2014-02-18 15:58 - 00000000 ____D C:\ProgramData\Package Cache

2015-09-28 17:22 - 2013-10-18 21:45 - 00000000 ____D C:\Program Files (x86)\Realtek

2015-09-28 17:22 - 2013-10-18 21:44 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information

2015-09-28 15:05 - 2014-09-10 12:51 - 00002203 _____ C:\Users\Public\Desktop\HP Deskjet 1510 series.lnk

2015-09-25 04:01 - 2014-09-08 20:19 - 00000000 ____D C:\Program Files\Microsoft Office 15

2015-09-24 14:42 - 2015-09-05 08:05 - 00000000 ____D C:\Users\Mark\Desktop\Tor Browser

2015-09-24 09:20 - 2015-08-28 07:21 - 00000874 _____ C:\Users\Public\Desktop\CCleaner.lnk

2015-09-24 09:20 - 2015-08-28 07:21 - 00000000 ____D C:\Program Files\CCleaner

2015-09-24 01:58 - 2014-02-18 14:14 - 00000000 ____D C:\Users\Mark\AppData\Local\Pokki

2015-09-18 15:14 - 2014-02-18 17:18 - 00002178 _____ C:\Users\Public\Desktop\Lenovo PowerDVD 10.lnk

2015-09-18 15:13 - 2014-09-09 08:33 - 00002055 _____ C:\Users\Public\Desktop\Samsung Kies 3.lnk

2015-09-18 15:11 - 2013-10-18 22:05 - 00002290 _____ C:\Users\Public\Desktop\OneKey Recovery.lnk

2015-09-18 13:52 - 2014-02-18 14:16 - 00000000 ____D C:\Users\Mark\AppData\Roaming\Adobe

2015-09-18 04:53 - 2015-08-28 07:35 - 00000000 ____D C:\Users\Mark\AppData\LocalLow\IObit

2015-09-18 04:53 - 2015-08-28 07:34 - 00000000 ____D C:\Users\Mark\AppData\Roaming\IObit

2015-09-18 04:52 - 2015-08-29 17:45 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\IObit

2015-09-18 04:52 - 2015-08-29 17:45 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\IObit

2015-09-16 20:15 - 2015-09-11 17:27 - 00023040 ___SH C:\Users\Mark\Documents\Thumbs.db

2015-09-16 16:36 - 2015-09-01 16:03 - 00000000 ___RD C:\Users\Mark\Downloads\Wallpapers

2015-09-16 05:00 - 2015-08-30 13:59 - 00000000 ____D C:\ProgramData\AVAST Software

2015-09-16 03:54 - 2015-08-30 14:17 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

==================== Files in the root of some directories =======

2014-02-18 15:53 - 2014-02-18 15:53 - 0000854 _____ () C:\Users\Mark\AppData\Local\7396d5af-93b3-4d36-bfec-04bbd1449761.dat

2014-02-18 15:59 - 2014-02-18 15:59 - 0000230 _____ () C:\Users\Mark\AppData\Local\7503b544-1da1-41bd-9a97-c10e56473c87.dat

2014-02-18 15:59 - 2014-02-18 15:59 - 0000278 _____ () C:\Users\Mark\AppData\Local\819a5338-4e09-4bd6-934a-3195082a227b.dat

2015-01-15 17:03 - 2015-01-15 17:03 - 0000064 _____ () C:\Users\Mark\AppData\Local\97e87f60142e63a0fb6d740b838a8430

2014-02-18 15:59 - 2014-02-18 15:59 - 0000230 _____ () C:\Users\Mark\AppData\Local\9d7393b1-8d9b-4753-9e09-9b020bea1a7b.dat

2014-12-27 16:28 - 2015-03-27 15:19 - 0009216 _____ () C:\Users\Mark\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini

2014-09-10 12:47 - 2014-09-10 12:47 - 0000057 _____ () C:\ProgramData\Ament.ini

2015-10-05 01:45 - 2015-10-05 01:45 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

 

LastRegBack: 2015-10-05 01:38

==================== End of FRST.txt ============================

 

 

Here is the results of the additional test’s it ran.

 

 

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:12-10-2015

Ran by Mark (2015-10-14 09:28:34)

Running from C:\Users\Mark\Desktop

Windows 10 Home Insider Preview (X64) (2015-10-05 09:28:25)

Boot Mode: Normal

==========================================================

 

==================== Accounts: =============================

Administrator (S-1-5-21-1047955054-1064664553-3060372006-500 - Administrator - Disabled) => C:\Users\Administrator

DefaultAccount (S-1-5-21-1047955054-1064664553-3060372006-503 - Limited - Disabled)

Guest (S-1-5-21-1047955054-1064664553-3060372006-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-1047955054-1064664553-3060372006-1003 - Limited - Enabled)

Mark (S-1-5-21-1047955054-1064664553-3060372006-1001 - Administrator - Enabled) => C:\Users\Mark

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

3Planesoft Screensaver Manager 1.4 (HKLM-x32\...\3Planesoft Screensaver Manager_is1) (Version: 1.4 - 3Planesoft)

Adobe Acrobat X Pro - English, Français, Deutsch (HKLM-x32\...\{AC76BA86-1033-F400-7760-000000000005}) (Version: 10.1.2 - Adobe Systems)

Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 19.0.0.193 - Adobe Systems Incorporated)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)

Advanced SystemCare 8 (HKLM-x32\...\Advanced SystemCare 8_is1) (Version: 8.2.0 - IObit)

Amazon Cloud Drive (HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\Amazon Cloud Drive) (Version: 2.2.4.6 - Amazon Digital Services, LLC.)

Amazon Kindle (HKLM-x32\...\Amazon Kindle) (Version: - Amazon)

CCleaner (HKLM\...\CCleaner) (Version: 5.10 - Piriform)

Conexant HD Audio (HKLM\...\CNXT_AUDIO_HDA) (Version: 8.66.16.50 - Conexant)

CyberLink PowerDirector 10 (Version: 10.0.0.2810 - CyberLink Corp.) Hidden

Dashlane (HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\Dashlane) (Version: 3.5.2.91395 - Dashlane SAS)

Dependency Package Update (Version: 1.6.25.00 - Lenovo Inc.) Hidden

Dependency Package Update (Version: 1.6.29.00 - Lenovo Inc.) Hidden

Dependency Package Update (Version: 1.6.36.00 - Lenovo Inc.) Hidden

Dependency Package Update (x32 Version: 1.6.32.00 - Lenovo Group Limited) Hidden

DFX (HKLM-x32\...\DFX) (Version: 11.401.0.0 - Power Technology)

Dolby Digital Plus Advanced Audio (HKLM\...\{B0BFC63F-EA07-419E-960B-3FB2ED5DD0B2}) (Version: 7.6.5.1 - Dolby Laboratories Inc)

Energy Management (HKLM-x32\...\InstallShield_{D0956C11-0F60-43FE-99AD-524E833471BB}) (Version: 8.0.2.14 - Lenovo)

Energy Management (x32 Version: 8.0.2.14 - Lenovo) Hidden

FileHippo App Manager (HKLM-x32\...\FileHippo.com) (Version: - FileHippo.com)

Flickr Uploadr for Windows (HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\FlickrUploadrWindows) (Version: 0.9.94.252 - Flickr)

Game Booster 3 (HKLM-x32\...\Game Booster_is1) (Version: 3.4 - IObit)

Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden

Host App Service (HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\Pokki) (Version: 0.269.7.768 - Pokki)

HP Deskjet 1510 series Basic Device Software (HKLM\...\{D17E60E8-478A-4D4A-8147-21D481B5CA55}) (Version: 32.2.188.47710 - Hewlett-Packard Co.)

HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)

Intel Driver Update Utility (HKLM-x32\...\{ca4bc3a8-b99c-4416-90d8-351a8ceab458}) (Version: 2.2.0.2 - Intel)

Intel® Chipset Device Software (x32 Version: 10.1.1.8 - Intel® Corporation) Hidden

Intel® Driver Update Utility 2.2 (x32 Version: 2.2.0.1 - Intel) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.13.1706 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)

Intel® PROSet/Wireless Software for Bluetooth® Technology(patch version 3.0.1327.1) (HKLM\...\{302600C1-6BDF-4FD1-1307-148929CC1385}) (Version: 3.1.1307.0362 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.8.1.1000 - Intel Corporation)

IObit Uninstaller (HKLM-x32\...\IObitUninstall) (Version: 4.3.0.5 - IObit)

Java 8 Update 60 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218060F0}) (Version: 8.0.600.27 - Oracle Corporation)

Leisure Suit Larry - Magna Cum Laude (HKLM-x32\...\{A31289C6-04EF-4437-A35B-7CC96167145C}) (Version: 1.00.0001 - )

Leisure Suit Larry- Magna Cum Laude (HKLM-x32\...\GOGPACKLARRYMCL_is1) (Version: 2.0.0.3 - GOG.com)

Lenovo Dependency Package (HKLM\...\Lenovo Dependency Package_is1) (Version: 1.6.36.00 - Lenovo Group Limited)

Lenovo EasyCamera (HKLM-x32\...\{E399A5B3-ED53-4DEA-AF04-8011E1EB1EAC}) (Version: 10.0.10120.11107 - Realtek Semiconductor Corp.)

Lenovo OneKey Recovery (HKLM-x32\...\InstallShield_{46F4D124-20E5-4D12-BE52-EC177A7A4B42}) (Version: 8.0.0.2105 - CyberLink Corp.)

Lenovo OneKey Recovery (Version: 8.0.0.2105 - CyberLink Corp.) Hidden

Lenovo pointing device (HKLM\...\Elantech) (Version: 11.4.69.4 - ELAN Microelectronic Corp.)

Lenovo PowerDVD10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.5630.52 - CyberLink Corp.)

Lenovo PowerDVD10 (x32 Version: 10.0.5630.52 - CyberLink Corp.) Hidden

Lenovo Service Bridge (HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\cbe8636f7dd0cf1d) (Version: 1.5.0.0 - Lenovo)

Lenovo Solution Center (HKLM\...\{F925868A-2F2C-414B-A5A7-C613039CE9E4}) (Version: 3.1.001.00 - Lenovo)

Lenovo_Wireless_Driver (HKLM-x32\...\{5D642A72-8194-4A22-80DA-11FE610CCA8E}) (Version: 6.30.223.143 - Lenovo)

Logos 5 Prerequisites (HKLM-x32\...\{3B4DBF05-BB80-4C16-B007-4239B1F386E7}) (Version: 5.34.1627 - Logos Bible Software)

Logos Bible Software (HKLM-x32\...\{6E746566-C98F-4BE9-893F-1D2F75ABDD30}) (Version: 5.34.1629 - Logos Bible Software)

Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)

Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729 (HKLM-x32\...\{6AFCA4E1-9B78-3640-8F72-A7BF33448200}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)

Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Morphyre (HKLM-x32\...\Morphyre) (Version: - )

Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden

Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden

Power2Go (HKLM-x32\...\{40BF1E83-20EB-11D8-97C5-0009C5020658}) (Version: 5.6.0.10525 - CyberLink Corp.)

Qualcomm Atheros Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.21 - Qualcomm Atheros Inc.)

Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.2.9200.39048 - Realtek Semiconductor Corp.)

Riverpoint Writer (HKLM-x32\...\FF389026-F961-42C5-BACD-B4A3AA73E0F3) (Version: 2.0.0.12 - Apollo Group, Inc.)

Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)

Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden

SAMSUNG Mobile Modem Driver Set (HKLM\...\SAMSUNG Mobile Modem) (Version: - )

Samsung Mobile phone USB driver Drive Software (HKLM\...\Samsung Mobile phone USB driver Drive) (Version: - )

SAMSUNG Mobile USB Modem 1.0 Software (HKLM\...\SAMSUNG Mobile USB Modem 1.0) (Version: - )

SAMSUNG Mobile USB Modem Software (HKLM\...\SAMSUNG Mobile USB Modem) (Version: - )

Samsung PC Studio 3 USB Driver Installer (HKLM-x32\...\{EBA29752-DDD2-4B62-B2E3-9841F92A3E3A}) (Version: 3.2.0.70701 - Samsung Electronics Co., Ltd.)

Samsung USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.55.0 - Samsung Electronics Co., Ltd.)

SlimDrivers (HKLM-x32\...\{746AB259-6474-4111-8966-1C62F9A6E063}) (Version: 2.3.1 - SlimWare Utilities, Inc.)

Smart Defrag 4 (HKLM-x32\...\Smart Defrag 4_is1) (Version: 4.2 - IObit)

Sun Village NV 3D Screensaver 1.1 (HKLM-x32\...\Sun Village NV 3D Screensaver_is1) (Version: 1.1 - 3Planesoft)

The Lost Watch II NV 3D Screensaver 1.0 (HKLM-x32\...\The Lost Watch II NV 3D Screensaver_is1) (Version: 1.0 - 3Planesoft)

Toolwiz Care (HKLM-x32\...\ToolwizCareFree) (Version: 3.1.0.5500 - ToolWiz Care)

UserGuide (HKLM-x32\...\InstallShield_{F07C2CF8-4C53-4EC3-8162-A6221E36EB88}) (Version: 1.0.0.15 - Lenovo)

UserGuide (x32 Version: 1.0.0.15 - Lenovo) Hidden

Vuze (HKLM\...\8461-7759-5462-8226) (Version: 5.6.2.0 - Azureus Software, Inc.)

Western Railway NV 3D Screensaver 2.0 (HKLM-x32\...\Western Railway NV 3D Screensaver_is1) (Version: 2.0 - 3Planesoft)

Windows Driver Package - Lenovo (ACPIVPC) System (02/17/2013 9.52.0.776) (HKLM\...\35DD26BE48DAF4A9F35F969F3CB1E3E1435E661E) (Version: 02/17/2013 9.52.0.776 - Lenovo)

Windows Driver Package - Lenovo (WUDFRd) LenovoVhid (07/25/2013 10.30.0.288) (HKLM\...\6BCA401E9CBEED970D75F55FA5320F60D11984E9) (Version: 07/25/2013 10.30.0.288 - Lenovo)

WinRAR 5.30 beta 5 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.5 - win.rar GmbH)

World of Warships (HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\{1EAC1D02-C6AC-4FA6-9A44-96258C37C814na}_is1) (Version: - Wargaming.net)

Xirrus Wi-Fi Inspector (HKLM-x32\...\{BBB21AB1-2C45-435D-A05A-B563072E7B9B}) (Version: 1.2.1.4 - Xirrus)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

08-10-2015 10:36:10 Scheduled Checkpoint

12-10-2015 10:23:34 Windows Modules Installer

==================== Hosts content: ==========================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-31 11:00 - 2015-08-31 11:00 - 00001861 ____A C:\WINDOWS\system32\Drivers\etc\hosts

127.0.0.1 www.iobit.com

127.0.0.1 www.asc55.iobit.com

127.0.0.1 3dns.adobe.com 3dns-1.adobe.com 3dns-2.adobe.com 3dns-3.adobe.com 3dns-4.adobe.com activate.adobe.com activate-sea.adobe.com activate-sjc0.adobe.com activate.wip.adobe.com

127.0.0.1 activate.wip1.adobe.com activate.wip2.adobe.com activate.wip3.adobe.com activate.wip4.adobe.com adobe-dns.adobe.com adobe-dns-1.adobe.com adobe-dns-2.adobe.com adobe-dns-3.adobe.com adobe-dns-4.adobe.com

127.0.0.1 adobeereg.com practivate.adobe practivate.adobe.com practivate.adobe.newoa practivate.adobe.ntp practivate.adobe.ipp ereg.adobe.com ereg.wip.adobe.com ereg.wip1.adobe.com

127.0.0.1 ereg.wip2.adobe.com ereg.wip3.adobe.com ereg.wip4.adobe.com hl2rcv.adobe.com wip.adobe.com wip1.adobe.com wip2.adobe.com wip3.adobe.com wip4.adobe.com

127.0.0.1 www.adobeereg.com wwis-dubc1-vip60.adobe.com www.wip.adobe.com www.wip1.adobe.com

127.0.0.1 www.wip2.adobe.com www.wip3.adobe.com www.wip4.adobe.com wwis-dubc1-vip60.adobe.com crl.verisign.net CRL.VERISIGN.NET ood.opsource.net

There are 1 more lines.

 

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10D5C895-3B7B-4196-AA0B-DABAC5E333F6} - System32\Tasks\Game_Booster_AutoUpdate => C:\Program Files (x86)\IObit\Game Booster 3\AutoUpdate.exe [2015-10-13] ()

Task: {1A9C3806-5003-4580-BCB0-8675D7DD8881} - System32\Tasks\Lenovo\Lenovo Service Bridge\S-1-5-21-1047955054-1064664553-3060372006-1001 => Rundll32.exe dfshim.dll,ShOpenVerbShortcut C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Lenovo\Lenovo Service Bridge.appref-ms

Task: {1F000467-0CF4-4C79-BB76-BE4C370C83F8} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-09-11] (Microsoft Corporation)

Task: {22B7A178-F12B-4B28-8414-7988A12B38E7} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {307D838A-1101-4B99-B739-0960E4C150B6} - \Microsoft\Windows\Storage Tiers Management\Storage Tiers Optimization -> No File <==== ATTENTION

Task: {491C2C37-63BE-45AA-B698-A3BDF1BCDDBA} - \Microsoft\Windows\Storage Tiers Management\Storage Tiers Management Initialization -> No File <==== ATTENTION

Task: {54C20C7D-A430-4EA4-BD70-5B538E480084} - \Microsoft\Windows\DUSM\dusmtask -> No File <==== ATTENTION

Task: {5E3DB0A4-4110-43F0-9AB5-4087CFE75CCD} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)

Task: {670FAABD-349E-44C6-B37E-DD0E3796F5FF} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {77765387-EDA9-48A8-904D-8D0EFC5AF68D} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {7E4106FB-9171-4610-8891-F942C38B0E4D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

Task: {86F0029C-2903-4739-9CBE-25BF9EB6CC3D} - System32\Tasks\Lenovo\Dependency Package Auto Update => C:\Program Files\Lenovo\iMController\AutoUpdate.exe [2015-03-06] ()

Task: {8A406EC9-523D-4028-953E-E58608560B00} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {A154AF0A-2C01-489F-AC6B-DE03D14CAC56} - \Microsoft\Windows\License Manager\TempSignedLicenseExchange -> No File <==== ATTENTION

Task: {AF25EE58-18C9-430C-BA53-C23D92C296AF} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {AFC500B5-17A1-4962-8D19-3CA124F4F378} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-28] (Microsoft Corporation)

Task: {B0DBD154-29E0-44BB-B37D-AC457C8154A5} - \Microsoft\Windows\CertificateServicesClient\CryptoPolicyTask -> No File <==== ATTENTION

Task: {B355D481-B4A3-4BFD-B556-017309177262} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {CB9C9358-8418-44DF-965A-2D705AC50E51} - System32\Tasks\PDVDServ Task => C:\Program Files (x86)\Lenovo\PowerDVD10\PDVD10Serv.EXE [2013-03-08] (CyberLink Corp.)

Task: {CF4E5B7F-3753-4A05-A3E9-8A7EEF18281E} - System32\Tasks\GenericSettingsHandler\Windows-Credentials\RetrySyncTask_for_S-1-5-21-1047955054-1064664553-3060372006-1001

Task: {D3E41DDA-B15F-48C7-AB87-6235FA596289} - System32\Tasks\Lenovo\Lenovo Solution Center Launcher => C:\Program Files\lenovo\lenovo solution center\App\LSCService.exe [2015-08-17] (Lenovo)

Task: {D40922E3-1673-4517-8A3D-9FB7FE7D79D3} - System32\Tasks\Lenovo\Lenovo Customer Feedback Program => C:\Program Files\Lenovo\Customer Feedback Program\Lenovo.TVT.CustomerFeedback.Agent.exe

Task: {D6FE1257-1581-4445-AE36-756A0AD99DB9} - System32\Tasks\ASC8_SkipUac_Mark => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe [2015-05-08] (IObit)

Task: {DD28D925-3030-465D-8B4D-A9A38403292E} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {DE705366-20D2-4215-BFE1-5461AB11DBA0} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-09-11] (Microsoft Corporation)

Task: {DFB914CE-0A5B-45A1-B9C4-344786765563} - System32\Tasks\Lenovo\LSC\LSCHardwareScan => C:\Program Files\Lenovo\Lenovo Solution Center\LSC.exe [2015-08-17] ()

Task: {DFDB2177-41B7-4E48-B116-312CD13FC9BB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {E28427B9-7E63-47C4-A37B-6070252FEDA2} - \Microsoft\Windows\Application Experience\ProgramDataUpdater -> No File <==== ATTENTION

Task: {E896703B-0B67-4904-A0AA-60AEDEAC6B25} - System32\Tasks\Uninstaller_SkipUac_Mark => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe [2015-05-20] (IObit)

Task: {F37B914F-3FD9-4FD9-B236-1EFC98370EE7} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {FB4A149C-1923-440F-AF23-17CCDBB93193} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\ASC8_SkipUac_Mark.job => C:\Program Files (x86)\IObit\Advanced SystemCare 8\ASC.exe

Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_Mark.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe

==================== Loaded Modules (Whitelisted) ==============

2015-09-13 22:22 - 2015-09-13 22:22 - 00028672 _____ () C:\WINDOWS\SYSTEM32\efsext.dll

2015-09-13 22:23 - 2015-09-13 22:23 - 00149504 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll

2015-09-25 03:59 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll

2015-09-13 22:23 - 2015-09-13 22:23 - 02613504 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2015-09-13 22:23 - 2015-09-13 22:23 - 02613504 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2015-09-16 05:19 - 2015-08-11 20:15 - 08900672 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll

2015-09-13 22:19 - 2015-09-13 22:19 - 00476160 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2015-09-13 22:31 - 2015-09-13 22:31 - 07446016 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2015-09-13 22:31 - 2015-09-13 22:31 - 00559104 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2015-09-13 22:31 - 2015-09-13 22:31 - 01885184 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2015-09-13 22:31 - 2015-09-13 22:31 - 03761152 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2015-09-25 07:04 - 2015-09-03 08:48 - 00227648 _____ () C:\Users\Mark\AppData\Roaming\Dashlane\Dashlane.exe

2015-09-25 07:04 - 2015-09-03 08:48 - 00285504 _____ () C:\Users\Mark\AppData\Roaming\Dashlane\DashlanePlugin.exe

2015-10-04 06:14 - 2015-10-04 06:16 - 00012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

2015-10-04 06:14 - 2015-10-04 06:16 - 10814464 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll

2015-09-29 19:02 - 2015-09-29 19:03 - 08395776 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.9.25.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll

2015-09-29 19:02 - 2015-09-29 19:03 - 02311680 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.9.25.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll

2015-10-07 11:49 - 2015-10-07 11:49 - 06068736 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI.Xaml\24c00699afaf5b1f3eb9c34013860ad3\Windows.UI.Xaml.ni.dll

2015-10-07 11:49 - 2015-10-07 11:49 - 04212736 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.App640a3541#\755032d4f505f8511ff091bcb35fadfa\Windows.ApplicationModel.ni.dll

2015-10-07 11:49 - 2015-10-07 11:49 - 00302080 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Gloaae92e31#\4476e9fdc1b3b5976fe51a0b109a3862\Windows.Globalization.ni.dll

2015-10-07 11:49 - 2015-10-07 11:49 - 00497152 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Foundation\b379b9fc0b4248f2d1d0f58b01d6773b\Windows.Foundation.ni.dll

2015-10-07 11:49 - 2015-10-07 11:49 - 01193984 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Storage\29b4f6182c190fa8e7cf7d8af4870ba4\Windows.Storage.ni.dll

2015-10-07 11:49 - 2015-10-07 11:49 - 01808896 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Networking\9e7fd01840e6323a6d6d296977958961\Windows.Networking.ni.dll

2015-10-07 11:49 - 2015-10-07 11:49 - 00977920 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Security\cceb7c13430c510920c4075c20cfd09d\Windows.Security.ni.dll

2015-10-07 11:49 - 2015-10-07 11:49 - 01822208 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\46c65d39480e799a59047a0b9f8bad7f\Windows.UI.ni.dll

2015-10-07 11:50 - 2015-10-07 11:50 - 01243136 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Web\59f66782841d9f3f8abec09b1c2e519b\Windows.Web.ni.dll

2015-10-07 11:49 - 2015-10-07 11:49 - 00485888 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.System\77ff0aa28ea0b42ee5e4f82383fd55ba\Windows.System.ni.dll

2015-08-31 12:14 - 2013-01-15 18:48 - 00348992 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madExcept_.bpl

2015-08-31 12:14 - 2013-01-15 18:48 - 00183616 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madBasic_.bpl

2015-08-31 12:14 - 2013-01-15 18:48 - 00051008 _____ () C:\Program Files (x86)\IObit\Advanced SystemCare 8\madDisAsm_.bpl

2015-09-25 07:04 - 2015-09-03 08:44 - 00337728 _____ () C:\Users\Mark\AppData\Roaming\Dashlane\3.5.2.91395\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebugDll_win32.3.5.2.91395.dll

2015-09-25 07:04 - 2015-09-03 08:44 - 00421696 _____ () C:\Users\Mark\AppData\Roaming\Dashlane\3.5.2.91395\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWDebug.3.5.2.91395.dll

2015-09-25 07:04 - 2015-09-03 08:45 - 00443200 _____ () C:\Users\Mark\AppData\Roaming\Dashlane\3.5.2.91395\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWUtils.3.5.2.91395.dll

2015-09-25 07:04 - 2015-09-03 08:45 - 31364416 _____ () C:\Users\Mark\AppData\Roaming\Dashlane\3.5.2.91395\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWExternLib.3.5.2.91395.dll

2015-09-25 07:04 - 2015-09-03 08:45 - 00276288 _____ () C:\Users\Mark\AppData\Roaming\Dashlane\3.5.2.91395\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib_win.3.5.2.91395.dll

2015-09-25 07:04 - 2015-09-03 08:44 - 05763392 _____ () C:\Users\Mark\AppData\Roaming\Dashlane\3.5.2.91395\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWData.3.5.2.91395.dll

2015-09-25 07:04 - 2015-09-03 08:44 - 06979904 _____ () C:\Users\Mark\AppData\Roaming\Dashlane\3.5.2.91395\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWApplication.3.5.2.91395.dll

2015-09-25 07:04 - 2015-09-03 08:45 - 13231424 _____ () C:\Users\Mark\AppData\Roaming\Dashlane\3.5.2.91395\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLib.3.5.2.91395.dll

2015-09-25 07:04 - 2015-09-03 08:45 - 02072896 _____ () C:\Users\Mark\AppData\Roaming\Dashlane\3.5.2.91395\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\KWMainLibData.3.5.2.91395.dll

2015-09-25 07:04 - 2015-09-03 08:45 - 00338240 _____ () C:\Users\Mark\AppData\Roaming\Dashlane\3.5.2.91395\bin\Firefox_Extension\{442718d9-475e-452a-b3e1-fb1ee16b8e9f}\components\Kwift_DP.3.5.2.91395.dll

2014-02-18 21:48 - 2013-08-08 13:23 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\ACE.dll

2014-11-15 00:01 - 2014-11-15 00:01 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Temp:0CA8EFF8

AlternateDataStreams: C:\Users\Mark\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SpbCx.sys => ""="Driver"

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\SpbCx.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

 

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\008i.com -> 008i.com

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\008k.com -> 008k.com

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\00hq.com -> 00hq.com

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\0190-dialers.com -> 0190-dialers.com

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\01i.info -> 01i.info

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\05p.com -> 05p.com

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\0calories.net -> 0calories.net

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\0cj.net -> 0cj.net

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\0scan.com -> 0scan.com

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\1-domains-registrations.com -> 1-domains-registrations.com

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\1-se.com -> 1-se.com

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\1001movie.com -> 1001movie.com

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\1001night.biz -> 1001night.biz

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\100gal.net -> 100gal.net

IE restricted site: HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\100sexlinks.com -> 100sexlinks.com

There are 4788 more restricted sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Mark\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper

DNS Servers: 68.105.28.11 - 68.105.29.11

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run: => "cAudioFilterAgent"

HKLM\...\StartupApproved\Run: => "ETDCtrl"

HKLM\...\StartupApproved\Run: => "lxczbmgr.exe"

HKLM\...\StartupApproved\Run32: => "iTunesHelper"

HKLM\...\StartupApproved\Run32: => "QuickTime Task"

HKLM\...\StartupApproved\Run32: => "ApnTBMon"

HKLM\...\StartupApproved\Run32: => "BingDesktop"

HKLM\...\StartupApproved\Run32: => "HP Software Update"

HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"

HKLM\...\StartupApproved\Run32: => "MalwareProtectionLive"

HKLM\...\StartupApproved\Run32: => "ETDCtrl"

HKLM\...\StartupApproved\Run32: => "SmartAudio"

HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\StartupApproved\StartupFolder: => "Monitor Ink Alerts - HP Deskjet 1510 series.lnk"

HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\StartupApproved\StartupFolder: => "Send to OneNote.lnk"

HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\StartupApproved\Run: => "Pokki"

HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\StartupApproved\Run: => "Speech Recognition"

HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_96D28242BA1FDBE7F82E6712BD4F4597"

HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\StartupApproved\Run: => "Advanced SystemCare 8"

HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\...\StartupApproved\Run: => "FlickrUploadr"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [{45FAC2AE-2200-40E9-BDD1-2B260BB1FC11}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\HPNetworkCommunicatorCom.exe

FirewallRules: [{F956386F-DFAB-4444-8E47-74F05F335675}] => (Allow) C:\Program Files\HP\HP Deskjet 1510 series\Bin\USBSetup.exe

FirewallRules: [{51F3910A-0F41-4528-AB05-DF26539F0A8B}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe

FirewallRules: [{6BE9CC73-E92E-4595-B3E5-04A224349C38}] => (Allow) LPort=1900

FirewallRules: [{40AF3C18-2DAA-4CAD-B825-675547E7F896}] => (Allow) LPort=7900

FirewallRules: [{EF93CACC-BB33-44C7-B47D-03C3C8E1A260}] => (Allow) LPort=24234

FirewallRules: [{78CC959A-C72A-4FB9-9921-1ED18A6A2520}] => (Allow) LPort=7679

FirewallRules: [{9A86EC64-AADE-4EFE-AF6C-1D850E85A286}] => (Allow) LPort=7676

FirewallRules: [{123C35C3-94F0-477A-BEEF-2B89BFE9D863}] => (Allow) LPort=8643

FirewallRules: [{FF515A0E-A3E4-4E82-9CAF-516A70CB3AA1}] => (Allow) LPort=8743

FirewallRules: [{49E784DC-00EB-48C4-A9C4-B88DA998F3A5}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxczpswx.exe

FirewallRules: [{74310272-1BBC-42A9-A0D1-9E14F41E893B}] => (Allow) C:\Windows\System32\spool\drivers\x64\3\lxczpswx.exe

FirewallRules: [{2B7A6144-D7A0-4A91-85A6-6E763819A620}] => (Allow) C:\Windows\System32\lxczcoms.exe

FirewallRules: [{97CF5248-4086-4EDD-87E4-CD8D12ECD326}] => (Allow) C:\Windows\System32\lxczcoms.exe

FirewallRules: [{1A403553-056B-4902-AEDB-8BEA6E8AE2D4}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD10.EXE

FirewallRules: [{E499404D-6BA7-42CC-BC29-550C6E18B567}] => (Allow) C:\Program Files (x86)\Lenovo\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe

FirewallRules: [TCP Query User{9C5ABEDF-B74E-4DAA-A230-142C5593F663}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe

FirewallRules: [UDP Query User{05C48966-EE58-422C-BA86-898D2BF9A806}C:\games\world_of_warships\wowslauncher.exe] => (Allow) C:\games\world_of_warships\wowslauncher.exe

FirewallRules: [{C47A582F-CA01-4546-A84E-7A339D2975D5}] => (Allow) C:\Program Files\Vuze\Azureus.exe

FirewallRules: [{0023AF49-759C-48EB-9173-8F51753A75B1}] => (Allow) C:\Program Files\Vuze\Azureus.exe

FirewallRules: [TCP Query User{809D3679-669C-46FD-9DA3-F2A4FE2953E2}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe

FirewallRules: [UDP Query User{2681A7C6-F774-4230-B9B4-AE490E18A754}C:\program files\vuze\azureus.exe] => (Block) C:\program files\vuze\azureus.exe

FirewallRules: [TCP Query User{F586EC91-2C2B-44EA-8630-FB4B082B1BD9}C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe] => (Allow) C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe

FirewallRules: [UDP Query User{FAEEBA2B-4813-4CD3-8A25-513EE0D3D401}C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe] => (Allow) C:\program files (x86)\xirrus\xirrus wi-fi inspector\wifioperations.exe

FirewallRules: [TCP Query User{CF920C27-9190-4147-9394-E26F4AB18245}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe

FirewallRules: [UDP Query User{B9757535-D1FC-4670-B27B-50A6A341901D}C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe] => (Allow) C:\program files (x86)\java\jre1.8.0_60\bin\jp2launcher.exe

==================== Faulty Device Manager Devices =============

 

==================== Event log errors: =========================

Application errors:

==================

Error: (10/14/2015 07:41:01 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: explorer.exe, version: 10.0.10547.0, time stamp: 0x55f614f9

Faulting module name: windows.storage.dll, version: 10.0.10547.0, time stamp: 0x55f61c55

Exception code: 0xc0000005

Fault offset: 0x0000000000286db6

Faulting process id: 0x120c

Faulting application start time: 0xexplorer.exe0

Faulting application path: explorer.exe1

Faulting module path: explorer.exe2

Report Id: explorer.exe3

Faulting package full name: explorer.exe4

Faulting package-relative application ID: explorer.exe5

Error: (10/14/2015 07:40:27 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: PickerHost.exe, version: 10.0.10547.0, time stamp: 0x55f6189b

Faulting module name: windows.storage.dll, version: 10.0.10547.0, time stamp: 0x55f61c55

Exception code: 0xc0000005

Fault offset: 0x0000000000286db6

Faulting process id: 0x13b0

Faulting application start time: 0xPickerHost.exe0

Faulting application path: PickerHost.exe1

Faulting module path: PickerHost.exe2

Report Id: PickerHost.exe3

Faulting package full name: PickerHost.exe4

Faulting package-relative application ID: PickerHost.exe5

Error: (10/14/2015 07:39:45 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: PickerHost.exe, version: 10.0.10547.0, time stamp: 0x55f6189b

Faulting module name: windows.storage.dll, version: 10.0.10547.0, time stamp: 0x55f61c55

Exception code: 0xc0000005

Fault offset: 0x0000000000286db6

Faulting process id: 0xf40

Faulting application start time: 0xPickerHost.exe0

Faulting application path: PickerHost.exe1

Faulting module path: PickerHost.exe2

Report Id: PickerHost.exe3

Faulting package full name: PickerHost.exe4

Faulting package-relative application ID: PickerHost.exe5

Error: (10/13/2015 08:31:26 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )

Description: The handle is invalid

Error: (10/13/2015 08:31:26 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )

Description: The handle is invalid

Error: (10/13/2015 06:43:09 PM) (Source: ESENT) (EventID: 455) (User: )

Description: taskhostw (3276) WebCacheLocal: Error -1811 (0xfffff8ed) occurred while opening logfile C:\Users\Mark\AppData\Local\Microsoft\Windows\WebCache\V010006D.log.

Error: (10/13/2015 06:41:23 PM) (Source: AdvancedSystemCareService8) (EventID: 0) (User: )

Description: The handle is invalid

Error: (10/13/2015 06:39:05 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: explorer.exe, version: 10.0.10547.0, time stamp: 0x55f614f9

Faulting module name: windows.storage.dll, version: 10.0.10547.0, time stamp: 0x55f61c55

Exception code: 0xc0000005

Fault offset: 0x0000000000286db6

Faulting process id: 0x1da8

Faulting application start time: 0xexplorer.exe0

Faulting application path: explorer.exe1

Faulting module path: explorer.exe2

Report Id: explorer.exe3

Faulting package full name: explorer.exe4

Faulting package-relative application ID: explorer.exe5

Error: (10/13/2015 06:38:51 PM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: explorer.exe, version: 10.0.10547.0, time stamp: 0x55f614f9

Faulting module name: windows.storage.dll, version: 10.0.10547.0, time stamp: 0x55f61c55

Exception code: 0xc0000005

Fault offset: 0x0000000000286db6

Faulting process id: 0x2170

Faulting application start time: 0xexplorer.exe0

Faulting application path: explorer.exe1

Faulting module path: explorer.exe2

Report Id: explorer.exe3

Faulting package full name: explorer.exe4

Faulting package-relative application ID: explorer.exe5

Error: (10/13/2015 01:57:24 PM) (Source: Perflib) (EventID: 1010) (User: )

Description: C:\Windows\System32\winspool.drvSpooler8

 

System errors:

=============

Error: (10/14/2015 08:36:39 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)

Description: Installation Failure: Windows failed to install the following update with error 0x80070002: Windows Malicious Software Removal Tool for Windows Technical Preview and Server Technical Preview 2 x64 - October 2015 (KB890830).

Error: (10/14/2015 07:44:17 AM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.

Error: (10/14/2015 07:42:23 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Error Code: 126

Error: (10/14/2015 05:40:24 AM) (Source: DCOM) (EventID: 10016) (User: MARKS_COMPUTER)

Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}Marks_ComputerMarkS-1-5-21-1047955054-1064664553-3060372006-1001LocalHost (Using LRPC)Microsoft.WindowsStore_2015.9.25.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157

Error: (10/14/2015 05:25:16 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Error Code: 126

Error: (10/13/2015 08:32:38 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Error Code: 126

Error: (10/13/2015 06:42:37 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)

Description: WLAN Extensibility Module has failed to start.

Module Path: C:\WINDOWS\System32\bcmihvsrv64.dll

Error Code: 126

Error: (10/13/2015 12:08:57 PM) (Source: DCOM) (EventID: 10016) (User: MARKS_COMPUTER)

Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Marks_ComputerMarkS-1-5-21-1047955054-1064664553-3060372006-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/13/2015 12:08:57 PM) (Source: DCOM) (EventID: 10016) (User: MARKS_COMPUTER)

Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Marks_ComputerMarkS-1-5-21-1047955054-1064664553-3060372006-1001LocalHost (Using LRPC)UnavailableUnavailable

Error: (10/13/2015 12:08:57 PM) (Source: DCOM) (EventID: 10016) (User: MARKS_COMPUTER)

Description: application-specificLocalLaunch{7022A3B3-D004-4F52-AF11-E9E987FEE25F}{ADA41B3C-C6FD-4A08-8CC1-D6EFDE67BE7D}Marks_ComputerMarkS-1-5-21-1047955054-1064664553-3060372006-1001LocalHost (Using LRPC)UnavailableUnavailable

 

CodeIntegrity:

===================================

Date: 2015-10-14 04:42:50.778

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-14 04:42:50.767

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-14 04:42:50.134

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-14 04:42:50.115

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-14 04:42:31.573

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-14 04:42:31.563

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-14 04:42:30.854

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-14 04:42:30.771

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-14 04:28:27.765

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-14 04:28:27.748

Description: Code Integrity determined that a process (\Device\HarddiskVolume5\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume5\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

 

==================== Memory info ===========================

Processor: Intel® Core™ i5-3230M CPU @ 2.60GHz

Percentage of memory in use: 51%

Total physical RAM: 3993.77 MB

Available physical RAM: 1948.7 MB

Total Virtual: 4493.77 MB

Available Virtual: 2181.63 MB

==================== Drives ================================

Drive c: (Windows8_OS) (Fixed) (Total:893.22 GB) (Free:648.81 GB) NTFS

Drive d: (LENOVO) (Fixed) (Total:25 GB) (Free:24.9 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 931.5 GB) (Disk ID: 26FF69CD)

Partition: GPT.

==================== End of Addition.txt ============================

 

I appreciate any help I might get.....  

 


Edited by marknorth, 14 October 2015 - 06:19 PM.

  • 0

Advertisements


#2
marknorth

marknorth

    New Member

  • Topic Starter
  • Member
  • Pip
  • 2 posts

I just ran an “MBRCheck” I got from this site, and it tells me that

it found a non-standard or infected MBR.

 

Not Good.

 

Ran a rootkit program I also got here, “Tdsskiller”, and it found nothing.

 

Also ran “Adwcleaner_5.013” and it found a few things that it’s going to fix after I reboot now.

 

Here are the results from the “MBRCheck”

 

 

MBRCheck, version 1.2.3

© 2010, AD

 

Command-line:                                

Windows Version:                

Windows Information:                      (build 9200), 64-bit

Base Board Manufacturer:   LENOVO

BIOS Manufacturer:             LENOVO

System Manufacturer:                      LENOVO

System Product Name:                     20236

Logical Drives Mask:             0x0000001c

 

Kernel Drivers (total 170):

  0x5E21A000 \SystemRoot\system32\ntoskrnl.exe

  0x5E9CF000 \SystemRoot\system32\hal.dll

  0x5CD09000 \SystemRoot\system32\kd.dll

  0x4D440000 \SystemRoot\system32\mcupdate_GenuineIntel.dll

  0x4D4D0000 \SystemRoot\System32\drivers\werkernel.sys

  0x4D4E0000 \SystemRoot\System32\drivers\CLFS.SYS

  0x4D550000 \SystemRoot\System32\drivers\tm.sys

  0x4D580000 \SystemRoot\system32\PSHED.dll

  0x4D5A0000 \SystemRoot\system32\BOOTVID.dll

  0x4D5B0000 \SystemRoot\System32\drivers\cmimcext.sys

  0x4D5C0000 \SystemRoot\System32\drivers\ntosext.sys

  0x4CA00000 \SystemRoot\system32\CI.dll

  0x4CAA0000 \SystemRoot\System32\drivers\msrpc.sys

  0x4CB00000 \SystemRoot\System32\drivers\FLTMGR.SYS

  0x4CB70000 \SystemRoot\System32\drivers\ksecdd.sys

  0x4CBA0000 \SystemRoot\System32\drivers\clipsp.sys

  0x4CC40000 \SystemRoot\system32\drivers\Wdf01000.sys

  0x4CD10000 \SystemRoot\system32\drivers\WDFLDR.SYS

  0x4CD30000 \SystemRoot\System32\Drivers\acpiex.sys

  0x4CD60000 \SystemRoot\System32\Drivers\WppRecorder.sys

  0x4CD70000 \SystemRoot\System32\Drivers\cng.sys

  0x4CE10000 \SystemRoot\System32\drivers\ACPI.sys

  0x4CEA0000 \SystemRoot\System32\drivers\WMILIB.SYS

  0x4CEC0000 \SystemRoot\system32\drivers\WindowsTrustedRT.sys

  0x4CEE0000 \SystemRoot\System32\drivers\WindowsTrustedRTProxy.sys

  0x4CEF0000 \SystemRoot\system32\drivers\55723875.sys

  0x4CF40000 \SystemRoot\System32\drivers\pcw.sys

  0x4CF60000 \SystemRoot\System32\drivers\msisadrv.sys

  0x4CF70000 \SystemRoot\System32\drivers\pci.sys

  0x4CFD0000 \SystemRoot\System32\drivers\vdrvroot.sys

  0x4CFE0000 \SystemRoot\system32\drivers\pdc.sys

  0x4D000000 \SystemRoot\system32\drivers\CEA.sys

  0x4D020000 \SystemRoot\System32\drivers\partmgr.sys

  0x4D050000 \SystemRoot\System32\drivers\spaceport.sys

  0x4D0D0000 \SystemRoot\System32\drivers\volmgr.sys

  0x4D0F0000 \SystemRoot\System32\drivers\volmgrx.sys

  0x4D150000 \SystemRoot\System32\drivers\mountmgr.sys

  0x4D170000 \SystemRoot\System32\drivers\iaStorA.sys

  0x4DCB0000 \SystemRoot\System32\drivers\storport.sys

  0x4DD30000 \SystemRoot\System32\drivers\EhStorClass.sys

  0x4DD50000 \SystemRoot\System32\drivers\fileinfo.sys

  0x4DD70000 \SystemRoot\System32\Drivers\Wof.sys

  0x4DDB0000 \SystemRoot\system32\drivers\WdFilter.sys

  0x4D600000 \SystemRoot\System32\Drivers\NTFS.sys

  0x4D810000 \SystemRoot\System32\Drivers\Fs_Rec.sys

  0x4D820000 \SystemRoot\system32\drivers\ndis.sys

  0x4D950000 \SystemRoot\system32\drivers\NETIO.SYS

  0x4D9D0000 \SystemRoot\System32\Drivers\ksecpkg.sys

  0x4DA00000 \SystemRoot\System32\drivers\tcpip.sys

  0x4E640000 \SystemRoot\System32\drivers\fwpkclnt.sys

  0x4E6B0000 \SystemRoot\System32\drivers\wfplwfs.sys

  0x4E6E0000 \SystemRoot\System32\DRIVERS\fvevol.sys

  0x4E790000 \SystemRoot\System32\drivers\volsnap.sys

  0x4DE00000 \SystemRoot\System32\Drivers\SmartDefragDriver.sys

  0x4DE10000 \SystemRoot\System32\drivers\rdyboost.sys

  0x4DE60000 \SystemRoot\System32\Drivers\mup.sys

  0x4DE90000 \SystemRoot\System32\DRIVERS\LhdX64.sys

  0x4DEA0000 \SystemRoot\System32\Drivers\KSafeDISK.sys

  0x4DEC0000 \SystemRoot\System32\drivers\disk.sys

  0x4DEE0000 \SystemRoot\System32\drivers\CLASSPNP.SYS

  0x4DF40000 \SystemRoot\System32\Drivers\BTOWSVF.sys

  0x4DF70000 \SystemRoot\System32\Drivers\crashdmp.sys

  0x4E570000 \SystemRoot\System32\drivers\cdrom.sys

  0x4E5B0000 \??\C:\WINDOWS\System32\Drivers\BTOWSFF.sys

  0x4E5C0000 \SystemRoot\system32\drivers\filecrypt.sys

  0x4E5E0000 \SystemRoot\system32\drivers\tbs.sys

  0x4E5F0000 \SystemRoot\System32\Drivers\Null.SYS

  0x4E600000 \SystemRoot\System32\Drivers\Beep.SYS

  0x4E610000 \SystemRoot\System32\drivers\BasicDisplay.sys

  0x4DC60000 \SystemRoot\System32\drivers\watchdog.sys

  0x4F980000 \SystemRoot\System32\drivers\dxgkrnl.sys

  0x4FB70000 \SystemRoot\System32\drivers\BasicRender.sys

  0x4FB90000 \SystemRoot\System32\Drivers\Npfs.SYS

  0x4FBB0000 \SystemRoot\System32\Drivers\Msfs.SYS

  0x4FBC0000 \SystemRoot\system32\DRIVERS\tdx.sys

  0x4FBF0000 \SystemRoot\system32\DRIVERS\TDI.SYS

  0x4EC00000 \SystemRoot\System32\DRIVERS\netbt.sys

  0x4EC50000 \SystemRoot\system32\drivers\afd.sys

  0x4ECF0000 \SystemRoot\System32\drivers\vwififlt.sys

  0x4ED10000 \SystemRoot\System32\drivers\pacer.sys

  0x4ED40000 \SystemRoot\system32\drivers\netbios.sys

  0x4ED60000 \SystemRoot\system32\DRIVERS\rdbss.sys

  0x4EDD0000 \SystemRoot\system32\drivers\nsiproxy.sys

  0x4EDF0000 \SystemRoot\System32\drivers\npsvctrig.sys

  0x4EE00000 \SystemRoot\System32\drivers\mssmbios.sys

  0x4EE10000 \??\C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS

  0x4EE20000 \SystemRoot\System32\drivers\gpuenergydrv.sys

  0x4EE30000 \SystemRoot\System32\Drivers\dfsc.sys

  0x4EE80000 \SystemRoot\system32\DRIVERS\ahcache.sys

  0x4EEC0000 \SystemRoot\System32\DriverStore\FileRepository\compositebus.inf_amd64_e4914e3cc4632e7f\CompositeBus.sys

  0x4EEE0000 \SystemRoot\System32\drivers\kdnic.sys

  0x4EEF0000 \SystemRoot\System32\drivers\umbus.sys

  0x4EF10000 \SystemRoot\system32\DRIVERS\igdkmd64.sys

  0x4F2D0000 \SystemRoot\System32\drivers\USBXHCI.SYS

  0x4F330000 \SystemRoot\system32\drivers\ucx01000.sys

  0x4F370000 \SystemRoot\System32\drivers\TeeDriverW8x64.sys

  0x4F3A0000 \SystemRoot\System32\drivers\usbehci.sys

  0x4F3C0000 \SystemRoot\System32\drivers\USBPORT.SYS

  0x4F440000 \SystemRoot\System32\drivers\HDAudBus.sys

  0x4F460000 \SystemRoot\System32\drivers\portcls.sys

  0x4F4C0000 \SystemRoot\System32\drivers\drmk.sys

  0x4F4F0000 \SystemRoot\System32\drivers\ks.sys

  0x4F560000 \SystemRoot\System32\drivers\L1C63x64.sys

  0x508A0000 \SystemRoot\system32\DRIVERS\bcmwl63a.sys

  0x50FD0000 \SystemRoot\System32\drivers\vwifibus.sys

  0x50400000 \SystemRoot\System32\drivers\i8042prt.sys

  0x50430000 \SystemRoot\system32\DRIVERS\ETD.sys

  0x504B0000 \SystemRoot\System32\drivers\kbdclass.sys

  0x504D0000 \SystemRoot\System32\drivers\mouclass.sys

  0x504F0000 \SystemRoot\System32\drivers\AcpiVpc.sys

  0x50510000 \SystemRoot\System32\drivers\CmBatt.sys

  0x50520000 \SystemRoot\System32\drivers\BATTC.SYS

  0x50530000 \SystemRoot\system32\DRIVERS\Smb_driver_Intel.sys

  0x50540000 \SystemRoot\System32\drivers\intelppm.sys

  0x50570000 \SystemRoot\System32\drivers\NdisVirtualBus.sys

  0x505C0000 \SystemRoot\System32\DriverStore\FileRepository\swenum.inf_amd64_84056a812fc1cfc2\swenum.sys

  0x505D0000 \SystemRoot\System32\drivers\iwdbus.sys

  0x50620000 \SystemRoot\System32\drivers\rdpbus.sys

  0x50630000 \SystemRoot\System32\drivers\usbhub.sys

  0x506B0000 \SystemRoot\System32\drivers\USBD.SYS

  0x506C0000 \SystemRoot\System32\Drivers\fastfat.SYS

  0x50720000 \SystemRoot\System32\drivers\UsbHub3.sys

  0x4F590000 \SystemRoot\system32\drivers\CHDRT64.sys

  0x507B0000 \SystemRoot\system32\drivers\ksthunk.sys

  0x507C0000 \SystemRoot\system32\DRIVERS\IntcDAud.sys

  0x50840000 \SystemRoot\System32\drivers\usbccgp.sys

  0x50870000 \SystemRoot\System32\drivers\hidusb.sys

  0x50580000 \SystemRoot\System32\drivers\HIDCLASS.SYS

  0x505E0000 \SystemRoot\System32\drivers\HIDPARSE.SYS

  0x50600000 \SystemRoot\System32\drivers\kbdhid.sys

  0x50610000 \SystemRoot\System32\drivers\mouhid.sys

  0x4F720000 \SystemRoot\system32\Drivers\RtsUer.sys

  0x536A0000 \SystemRoot\system32\DRIVERS\rtsuvc.sys

  0xE7060000 \SystemRoot\System32\win32k.sys

  0xE6400000 \SystemRoot\System32\win32kfull.sys

  0xE6790000 \SystemRoot\System32\win32kbase.sys

  0x53510000 \SystemRoot\System32\Drivers\dump_diskdump.sys

  0x4DF90000 \SystemRoot\System32\Drivers\dump_iaStorA.sys

  0x532E0000 \SystemRoot\System32\Drivers\dump_dumpfve.sys

  0x53300000 \SystemRoot\System32\drivers\dxgmms1.sys

  0x53370000 \SystemRoot\System32\drivers\monitor.sys

  0x53380000 \SystemRoot\System32\drivers\dxgmms2.sys

  0xE6910000 \SystemRoot\System32\TSDDD.dll

  0xE6920000 \SystemRoot\System32\cdd.dll

  0x53410000 \SystemRoot\system32\drivers\WudfPf.sys

  0x53430000 \SystemRoot\system32\drivers\luafv.sys

  0x53460000 \SystemRoot\system32\drivers\storqosflt.sys

  0x53480000 \SystemRoot\System32\drivers\WUDFRd.sys

  0x534C0000 \SystemRoot\System32\drivers\mshidumdf.sys

  0x534D0000 \SystemRoot\system32\drivers\lltdio.sys

  0x53520000 \SystemRoot\system32\drivers\mslldp.sys

  0x53540000 \SystemRoot\system32\drivers\rspndr.sys

  0x53560000 \SystemRoot\system32\drivers\ndisuio.sys

  0x53580000 \SystemRoot\system32\DRIVERS\nwifi.sys

  0x4F790000 \SystemRoot\system32\drivers\HTTP.sys

  0x53610000 \SystemRoot\system32\DRIVERS\bowser.sys

  0x55550000 \SystemRoot\system32\DRIVERS\mrxsmb.sys

  0x53640000 \SystemRoot\system32\DRIVERS\mrxsmb20.sys

  0x53680000 \SystemRoot\System32\drivers\mpsdrv.sys

  0x4F890000 \SystemRoot\System32\DRIVERS\srvnet.sys

  0x4F8E0000 \SystemRoot\system32\DRIVERS\mrxsmb10.sys

  0x555D0000 \SystemRoot\system32\drivers\Ndu.sys

  0x50FE0000 \SystemRoot\system32\drivers\mmcss.sys

  0x4E250000 \SystemRoot\system32\drivers\peauth.sys

  0x4F930000 \SystemRoot\System32\drivers\tcpipreg.sys

  0x4E310000 \SystemRoot\System32\DRIVERS\srv2.sys

  0x4E3C0000 \SystemRoot\System32\DRIVERS\srv.sys

  0x4F950000 \SystemRoot\System32\drivers\condrv.sys

  0x4EE60000 \SystemRoot\System32\drivers\vwifimp.sys

  0x4E450000 \SystemRoot\system32\Drivers\WdNisDrv.sys

 

Processes (total 64):

       0 System Idle Process

       4 System

     380 C:\Windows\System32\smss.exe

     536 csrss.exe

     620 C:\Windows\System32\wininit.exe

     628 csrss.exe

     708 C:\Windows\System32\winlogon.exe

     756 C:\Windows\System32\services.exe

     776 C:\Windows\System32\lsass.exe

     860 C:\Windows\System32\svchost.exe

     908 C:\Windows\System32\svchost.exe

    1016 C:\Windows\System32\svchost.exe

     412 dwm.exe

     448 C:\Windows\System32\svchost.exe

     988 C:\Windows\System32\svchost.exe

    1048 C:\Windows\System32\svchost.exe

    1056 C:\Windows\System32\svchost.exe

    1164 C:\Windows\System32\svchost.exe

    1212 WUDFHost.exe

    1316 C:\Windows\System32\igfxCUIService.exe

    1520 C:\Windows\System32\svchost.exe

    1616 C:\Windows\System32\spoolsv.exe

    1736 C:\Windows\System32\svchost.exe

    1840 C:\Windows\System32\svchost.exe

    1848 C:\Windows\System32\svchost.exe

    1908 C:\Program Files\Windows Defender\MsMpEng.exe

    1952 dasHost.exe

    1180 C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe

    1872 C:\Program Files\Windows Defender\NisSrv.exe

    1888 C:\Windows\System32\svchost.exe

    3232 C:\Windows\System32\sihost.exe

    3248 C:\Windows\System32\taskhostw.exe

    3400 C:\Windows\System32\RuntimeBroker.exe

    3488 C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

    3588 C:\Windows\explorer.exe

    3876 C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe

    3984 C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe

    4108 C:\Windows\System32\igfxEM.exe

    4132 C:\Windows\System32\SearchIndexer.exe

    4348 C:\Windows\System32\igfxHK.exe

    4680 C:\Windows\System32\dllhost.exe

    4028 C:\Program Files (x86)\IObit\Advanced SystemCare 8\Suo10_SmartRAM.exe

     436 C:\Users\Mark\AppData\Roaming\Dashlane\Dashlane.exe

    4336 C:\Users\Mark\AppData\Roaming\Dashlane\DashlanePlugin.exe

    2956 C:\Users\Mark\AppData\Local\Microsoft\OneDrive\OneDrive.exe

    5100 C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe

    3340 C:\Users\Mark\AppData\Local\Apps\2.0\G98X6W2X.EHN\R2CENMCJ.JYO\lsb...tion_91a10ba61c75c82d_0001.0005_b11529cbca29c754\LSB.exe

    3688 C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe

    4172 C:\Program Files\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe

    4196 C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

    5664 C:\Windows\System32\SettingSyncHost.exe

    2784 fontdrvhost.exe

    6092 C:\Windows\explorer.exe

    5812 C:\Windows\System32\prevhost.exe

    5264 C:\Program Files\Internet Explorer\iexplore.exe

    5608 C:\Program Files (x86)\Internet Explorer\iexplore.exe

    5340 C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

    6680 C:\Program Files (x86)\Internet Explorer\iexplore.exe

    6528 C:\Windows\System32\svchost.exe

    6608 C:\Users\Mark\Downloads\tweaking\Anti-malware Tools\MBRCheck.exe

    7000 C:\Windows\System32\conhost.exe

    6200 C:\Windows\System32\dllhost.exe

    3992 C:\Windows\System32\SearchProtocolHost.exe

    2980 C:\Windows\System32\SearchFilterHost.exe

 

\\.\C: --> \\.\PhysicalDrive0 at offset 0x00000000`95500000  (NTFS)

\\.\D: --> \\.\PhysicalDrive0 at offset 0x000000df`e3500000  (NTFS)

 

PhysicalDrive0 Model Number: ST1000LM024HN-M101MBB, Rev: 2AR20002

 

      Size  Device Name          MBR Status

  --------------------------------------------

    931 GB  \\.\PhysicalDrive0   Unknown MBR code

            SHA1: 639AC5CDF8A5CF3245975932C6A4215450A7B98F

 

 

Found non-standard or infected MBR.

Enter 'Y' and hit ENTER for more options, or 'N' to exit:

 

Done!

 

 

 

Now I have to figure out how to fix my MBR. Not so easy or forgiving

if you don’t do it right.

 

Here are the results for the “Adwcleaner_5.013” program after it ran

and cleaned up some things.

 

 

# AdwCleaner v5.013 - Logfile created 14/10/2015 at 15:51:11

# Updated 09/10/2015 by Xplode

# Database : 2015-10-13.2 [Server]

# Operating system : Windows 10 Home Insider Preview  (x64)

# Username : Mark - MARKS_COMPUTER

# Running from : C:\Users\Mark\Downloads\tweaking\Anti-malware Tools\adwcleaner_5.013\adwcleaner_5.013.exe

# Option : Cleaning

# Support : http://toolslib.net/forum

 

***** [ Services ] *****

 

[-] Service Deleted : swdumon

 

***** [ Folders ] *****

 

[-] Folder Deleted : C:\ProgramData\~0

[-] Folder Deleted : C:\ProgramData\apn

[-] Folder Deleted : C:\Users\Administrator\AppData\Local\pokki

[-] Folder Deleted : C:\Users\Mark\AppData\Local\iLivid

[-] Folder Deleted : C:\Users\Mark\AppData\Local\Surf_Canyon

[-] Folder Deleted : C:\Users\Mark\AppData\Local\GeniusBox

[-] Folder Deleted : C:\Users\Mark\AppData\Local\pokki

[-] Folder Deleted : C:\Users\Mark\AppData\Local\slimware utilities inc

 

***** [ Files ] *****

 

[-] File Deleted : C:\WINDOWS\SysNative\drivers\swdumon.sys

 

***** [ DLLs ] *****

 

 

***** [ Shortcuts ] *****

 

 

***** [ Scheduled tasks ] *****

 

 

***** [ Registry ] *****

 

[-] Key Deleted : HKCU\Software\Classes\pokki

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{4D076AB4-7562-427A-B5D2-BD96E19DEE56}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{826D7151-8D99-434B-8540-082B8C2AE556}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{11549FE4-7C5A-4C17-9FC3-56FC5162A994}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{10921475-03CE-4E04-90CE-E2E7EF20C814}

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10921475-03CE-4E04-90CE-E2E7EF20C814}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{10921475-03CE-4E04-90CE-E2E7EF20C814}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8EEE}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{66EEF543-A9AC-4A9D-AA3C-1ED148AC8FFE}

[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{10921475-03CE-4E04-90CE-E2E7EF20C814}

[-] Key Deleted : HKCU\Software\powerpack

[-] Key Deleted : HKCU\Software\PRODUCTSETUP

[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc

[-] Key Deleted : HKCU\Software\SweetLabs App Platform

[-] Key Deleted : HKCU\Software\AppDataLow\Software\Settings Manager

[-] Key Deleted : HKCU\Software\AppDataLow\Software\Surf Canyon

[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\Surf Canyon

[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc

[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.

[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki

[!] Key Not Deleted : [x64] HKCU\Software\powerpack

[!] Key Not Deleted : [x64] HKCU\Software\PRODUCTSETUP

[!] Key Not Deleted : [x64] HKCU\Software\SlimWare Utilities Inc

[!] Key Not Deleted : [x64] HKCU\Software\SweetLabs App Platform

[!] Key Not Deleted : HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\Software\AppDataLow\Software\Settings Manager

[!] Key Not Deleted : HKU\S-1-5-21-1047955054-1064664553-3060372006-1001\Software\AppDataLow\Software\Surf Canyon

 

***** [ Web browsers ] *****

 

 

*************************

 

:: Winsock settings cleared

 

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [3519 bytes] ##########

 

I guess the next thing I need to learn to do is fix my MBR.


Edited by marknorth, 14 October 2015 - 05:34 PM.

  • 1






Similar Topics


Also tagged with one or more of these keywords: tech preview

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP