I accidentally ran a nasty program. I ran MalwareBytes and removed just about everything. On start up the malware attempts to run the deleted files and I get the error:
The module
"C\:Users\Jon\AppData\Local\Ufhmedia\zstnechc.dll"
failed to load.
Make sure the binary is stored at the specific path or debug it to check for problems with the binary or dependent .DLL files.
The specified module could not be found.
as well as:
The module
"C\:Users\Jon\AppData\Local\Asftworks\dlsxomtz.dll"
failed to load.
Make sure the binary is stored at the specific path or debug it to check for problems with the binary or dependent .DLL files.
The specified module could not be found.
I make this post to make sure my computer is clean and to try and get rid of these annoying messages, thank you.
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:25-05-2016 01
Ran by Jon (administrator) on JON-PC (27-05-2016 16:24:04)
Running from C:\Users\Jon\Desktop
Loaded Profiles: Jon (Available Profiles: Jon)
Platform: Windows 7 Ultimate Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
==================== Processes (Whitelisted) =================
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
(AMD) C:\Windows\System32\atiesrxx.exe
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Advanced Micro Devices, Inc.) C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe
(Valve Corporation) C:\Program Files (x86)\Steam\Steam.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Hammer & Chisel, Inc.) C:\Users\Jon\AppData\Local\Discord\app-0.0.290\Discord.exe
(Microsoft Corporation) C:\Windows\System32\regsvr32.exe
(Microsoft Corporation) C:\Windows\SysWOW64\regsvr32.exe
(Valve Corporation) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
(Valve Corporation) C:\Program Files (x86)\Common Files\Steam\SteamService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(Hammer & Chisel, Inc.) C:\Users\Jon\AppData\Local\Discord\app-0.0.290\Discord.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Hammer & Chisel, Inc.) C:\Users\Jon\AppData\Local\Discord\app-0.0.290\Discord.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(OldTimer Tools) C:\Users\Jon\Downloads\OTL.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Registry (Whitelisted) ===========================
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [176952 2016-03-19] (Apple Inc.)
HKLM\...\Run: [StartCN] => C:\Program Files\AMD\CNext\CNext\RadeonSettings.exe [5006536 2016-03-21] (Advanced Micro Devices, Inc.)
HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [291648 2012-05-20] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596504 2016-04-01] (Oracle Corporation)
HKU\S-1-5-21-1635779816-1293605588-1034340110-1000\...\Run: [Steam] => C:\Program Files (x86)\Steam\steam.exe [3077712 2016-04-29] (Valve Corporation)
HKU\S-1-5-21-1635779816-1293605588-1034340110-1000\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [51660416 2016-04-01] (Skype Technologies S.A.)
HKU\S-1-5-21-1635779816-1293605588-1034340110-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8721624 2016-05-13] (Piriform Ltd)
HKU\S-1-5-21-1635779816-1293605588-1034340110-1000\...\Run: [Discord] => C:\Users\Jon\AppData\Local\Discord\app-0.0.290\Discord.exe [57924280 2016-05-06] (Hammer & Chisel, Inc.)
HKU\S-1-5-21-1635779816-1293605588-1034340110-1000\...\Run: [Asftworks] => regsvr32.exe C:\Users\Jon\AppData\Local\Asftworks\dlsxomtz.dll <===== ATTENTION
HKU\S-1-5-21-1635779816-1293605588-1034340110-1000\...\Run: [Erqhtion] => C:\Windows\SysWOW64\regsvr32.exe C:\Users\Jon\AppData\Local\Ufhmedia\zstnechc.dll
HKU\S-1-5-21-1635779816-1293605588-1034340110-1000\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [11264 2009-07-13] (Microsoft Corporation)
==================== Internet (Whitelisted) ====================
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
Tcpip\Parameters: [DhcpNameServer] 167.206.245.135 167.206.245.136
Tcpip\..\Interfaces\{EA0FBBC1-9DE6-4972-A07E-D5EABD58B3C9}: [DhcpNameServer] 167.206.245.135 167.206.245.136
Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_91\bin\ssv.dll [2016-05-23] (Oracle Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office15\URLREDIR.DLL [2014-01-23] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-05-23] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files (x86)\Microsoft Office\Office15\OCHelper.dll [2016-03-15] (Microsoft Corporation)
BHO-x32: Java Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\ssv.dll [2016-04-19] (Oracle Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office15\URLREDIR.DLL [2014-01-22] (Microsoft Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files (x86)\Microsoft Office\Office15\GROOVEEX.DLL [2016-04-12] (Microsoft Corporation)
BHO-x32: Java Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\jp2ssv.dll [2016-04-19] (Oracle Corporation)
Handler: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office\Office15\MSOSB.DLL [2015-02-17] (Microsoft Corporation)
FireFox:
========
FF ProfilePath: C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\g9kr2mlw.default
FF Plugin: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-05-23] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-05-23] (Oracle Corporation)
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~1\MICROS~3\Office15\NPSPWRAP.DLL [2014-01-23] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.2 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2016-01-20] (VideoLAN)
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1224194.dll [2016-02-19] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2016-03-08] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\dtplugin\npDeployJava1.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.91.2 -> C:\Program Files (x86)\Java\jre1.8.0_91\bin\plugin2\npjp2.dll [2016-04-19] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files (x86)\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-11-18] (Microsoft Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-11] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~2\Office15\NPSPWRAP.DLL [2014-01-22] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\npMeetingJoinPluginOC.dll [2015-11-18] (Microsoft Corporation)
FF Plugin ProgramFiles/Appdata: C:\Program Files (x86)\mozilla firefox\plugins\nppdf32.dll [2016-05-03] (Adobe Systems Inc.)
FF Extension: System.Runtime.Remoting.Metadata.W3cXsd2001.SoapNonNegativeInteger - C:\Users\Jon\AppData\Roaming\Mozilla\Firefox\Profiles\g9kr2mlw.default\Extensions\{6842E855-F1A6-655E-5ED6-9C31E416D105} [2016-05-26] [not signed]
Chrome:
=======
CHR Plugin: (Native Client) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\ppGoogleNaClPluginChrome.dll => No File
CHR Plugin: (Chrome PDF Viewer) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\pdf.dll => No File
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\gcswf32.dll => No File
CHR Plugin: (Google Update) - C:\Program Files (x86)\Google\Update\1.3.21.99\npGoogleUpdate3.dll => No File
CHR Profile: C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (YouTube) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-04-13]
CHR Extension: (uBlock Origin) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\cjpalhdlnbpafiamejdnhcphjbkeiagm [2016-05-05]
CHR Extension: (LoL Stream Browser) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\edidfaijmhpefkbnobdcepampbncgejp [2016-04-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-13]
CHR Extension: (Gmail) - C:\Users\Jon\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-04-13]
==================== Services (Whitelisted) ========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [83768 2016-03-02] (Apple Inc.)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [330136 2015-08-27] (Intel Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
===================== Drivers (Whitelisted) ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
U5 UnlockerDriver5; C:\Program Files\Unlocker\UnlockerDriver5.sys [12352 2010-07-01] ()
S3 VGPU; System32\drivers\rdvgkmd.sys [X]
==================== NetSvcs (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== One Month Created files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-27 16:24 - 2016-05-27 16:24 - 00012794 _____ C:\Users\Jon\Desktop\FRST.txt
2016-05-27 16:23 - 2016-05-27 16:24 - 00000000 ____D C:\FRST
2016-05-27 16:21 - 2016-05-27 16:21 - 02383360 _____ (Farbar) C:\Users\Jon\Desktop\FRST64.exe
2016-05-27 16:15 - 2016-05-27 16:15 - 00602112 _____ (OldTimer Tools) C:\Users\Jon\Downloads\OTL.exe
2016-05-27 16:07 - 2016-05-27 16:07 - 00000000 ____D C:\Windows\System32\Tasks\WPD
2016-05-27 12:39 - 2016-05-27 12:39 - 00000000 ____D C:\Windows\System32\Tasks\OfficeSoftwareProtectionPlatform
2016-05-27 12:25 - 2016-05-27 12:25 - 00111520 _____ C:\Users\Jon\AppData\Local\GDIPFONTCACHEV1.DAT
2016-05-27 12:18 - 2016-05-27 12:18 - 00433080 _____ C:\Windows\system32\FNTCACHE.DAT
2016-05-26 18:57 - 2016-05-26 18:57 - 01536968 _____ C:\Users\Jon\Downloads\New WinRAR archive.rar
2016-05-26 18:57 - 2016-05-26 18:57 - 00268376 _____ C:\Users\Jon\Downloads\winmd5free.zip
2016-05-26 18:53 - 2016-05-26 18:53 - 00000000 _____ C:\Windows\bazooka
2016-05-26 18:50 - 2016-05-26 19:50 - 00000000 ____D C:\Program Files (x86)\Windows Loader
2016-05-26 18:36 - 2016-05-26 18:36 - 00000000 ____D C:\Users\Jon\Desktop\School Stuff
2016-05-26 17:44 - 2016-03-29 12:15 - 36579840 _____ C:\Users\Jon\Desktop\Prime 95.exe
2016-05-26 17:43 - 2016-05-26 17:43 - 00001262 _____ C:\Users\Jon\Desktop\FurMark.lnk
2016-05-26 17:43 - 2016-05-26 17:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Geeks3D
2016-05-26 17:43 - 2016-05-26 17:43 - 00000000 ____D C:\Program Files (x86)\Geeks3D
2016-05-26 15:45 - 2016-05-26 15:45 - 00000045 _____ C:\Windows\SysWOW64\initdebug.nfo
2016-05-26 15:42 - 2016-05-26 15:42 - 00000930 _____ C:\Users\Public\Desktop\CPUID HWMonitor.lnk
2016-05-26 15:42 - 2016-05-26 15:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CPUID
2016-05-26 15:42 - 2016-05-26 15:42 - 00000000 ____D C:\Program Files\CPUID
2016-05-26 15:25 - 2016-05-26 18:31 - 00000000 ____D C:\Windows\Minidump
2016-05-23 17:18 - 2016-05-23 19:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Visiv
2016-05-23 17:05 - 2016-05-23 17:05 - 00110144 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2016-05-23 17:05 - 2016-05-23 17:05 - 00000000 ____D C:\Program Files\Java
2016-05-23 15:14 - 2016-05-23 15:14 - 00000000 ____D C:\Users\Jon\AppData\Roaming\ACAMPREF
2016-05-23 15:14 - 2001-02-16 09:51 - 00000724 _____ C:\Windows\wacam.ini
2016-05-15 02:52 - 2016-05-26 18:37 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Acrylic Wi-Fi Home
2016-05-15 02:52 - 2016-05-26 18:37 - 00000000 ____D C:\Program Files\Acrylic Wi-Fi Home
2016-05-15 02:01 - 2016-05-15 02:01 - 00000000 __SHD C:\Users\Jon\AppData\Local\ms-drivers
2016-05-15 02:01 - 2016-05-15 02:01 - 00000000 __SHD C:\Users\Jon\AppData\Local\icsxml
2016-05-15 02:01 - 2016-05-15 02:01 - 00000000 __SHD C:\ProgramData\DIBsection
2016-05-15 02:01 - 2016-05-15 02:01 - 00000000 ____D C:\Users\Jon\AppData\Local\MetaGeek,_LLC
2016-05-10 17:38 - 2016-05-10 17:38 - 00013406 ____H C:\Users\Jon\Desktop\~WRL0004.tmp
2016-05-10 16:04 - 2016-04-23 13:08 - 00394960 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2016-05-10 16:04 - 2016-04-23 12:24 - 00346312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2016-05-10 16:04 - 2016-04-23 01:25 - 25816064 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-05-10 16:04 - 2016-04-23 01:16 - 02724864 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2016-05-10 16:04 - 2016-04-23 01:16 - 00004096 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollectorres.dll
2016-05-10 16:04 - 2016-04-23 01:01 - 00066560 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2016-05-10 16:04 - 2016-04-23 01:00 - 02893312 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-05-10 16:04 - 2016-04-23 01:00 - 00571904 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2016-05-10 16:04 - 2016-04-23 01:00 - 00417792 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2016-05-10 16:04 - 2016-04-23 01:00 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\MshtmlDac.dll
2016-05-10 16:04 - 2016-04-23 01:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\ieetwproxystub.dll
2016-05-10 16:04 - 2016-04-23 00:52 - 00054784 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-05-10 16:04 - 2016-04-23 00:51 - 00034304 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2016-05-10 16:04 - 2016-04-23 00:48 - 00615936 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2016-05-10 16:04 - 2016-04-23 00:47 - 00817664 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2016-05-10 16:04 - 2016-04-23 00:47 - 00814080 _____ (Microsoft Corporation) C:\Windows\system32\jscript9diag.dll
2016-05-10 16:04 - 2016-04-23 00:47 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\ieUnatt.exe
2016-05-10 16:04 - 2016-04-23 00:47 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\ieetwcollector.exe
2016-05-10 16:04 - 2016-04-23 00:46 - 06052352 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-05-10 16:04 - 2016-04-23 00:40 - 00968704 _____ (Microsoft Corporation) C:\Windows\system32\MsSpellCheckingFacility.exe
2016-05-10 16:04 - 2016-04-23 00:36 - 00489984 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2016-05-10 16:04 - 2016-04-23 00:29 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\JavaScriptCollectionAgent.dll
2016-05-10 16:04 - 2016-04-23 00:27 - 00107520 _____ (Microsoft Corporation) C:\Windows\system32\inseng.dll
2016-05-10 16:04 - 2016-04-23 00:25 - 00199680 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2016-05-10 16:04 - 2016-04-23 00:24 - 00092160 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2016-05-10 16:04 - 2016-04-23 00:21 - 00315392 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2016-05-10 16:04 - 2016-04-23 00:20 - 02724864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2016-05-10 16:04 - 2016-04-23 00:20 - 00152064 _____ (Microsoft Corporation) C:\Windows\system32\occache.dll
2016-05-10 16:04 - 2016-04-23 00:11 - 20350464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-05-10 16:04 - 2016-04-23 00:09 - 00262144 _____ (Microsoft Corporation) C:\Windows\system32\webcheck.dll
2016-05-10 16:04 - 2016-04-23 00:08 - 00497152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2016-05-10 16:04 - 2016-04-23 00:08 - 00062464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2016-05-10 16:04 - 2016-04-23 00:08 - 00047616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieetwproxystub.dll
2016-05-10 16:04 - 2016-04-23 00:07 - 00725504 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2016-05-10 16:04 - 2016-04-23 00:07 - 00341504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2016-05-10 16:04 - 2016-04-23 00:07 - 00064000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MshtmlDac.dll
2016-05-10 16:04 - 2016-04-23 00:06 - 01359360 _____ (Microsoft Corporation) C:\Windows\system32\mshtmlmedia.dll
2016-05-10 16:04 - 2016-04-23 00:06 - 00806400 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2016-05-10 16:04 - 2016-04-23 00:05 - 02131968 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2016-05-10 16:04 - 2016-04-23 00:04 - 02285568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-05-10 16:04 - 2016-04-23 00:02 - 00047104 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-05-10 16:04 - 2016-04-23 00:01 - 00030720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2016-05-10 16:04 - 2016-04-23 00:00 - 15415808 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-05-10 16:04 - 2016-04-22 23:59 - 00476160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2016-05-10 16:04 - 2016-04-22 23:58 - 00663552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2016-05-10 16:04 - 2016-04-22 23:58 - 00620032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9diag.dll
2016-05-10 16:04 - 2016-04-22 23:58 - 00115712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieUnatt.exe
2016-05-10 16:04 - 2016-04-22 23:51 - 02596864 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-05-10 16:04 - 2016-04-22 23:50 - 00416256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2016-05-10 16:04 - 2016-04-22 23:45 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JavaScriptCollectionAgent.dll
2016-05-10 16:04 - 2016-04-22 23:44 - 00091136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inseng.dll
2016-05-10 16:04 - 2016-04-22 23:43 - 00168960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2016-05-10 16:04 - 2016-04-22 23:41 - 00076288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2016-05-10 16:04 - 2016-04-22 23:40 - 00279040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2016-05-10 16:04 - 2016-04-22 23:39 - 01547776 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-05-10 16:04 - 2016-04-22 23:39 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\occache.dll
2016-05-10 16:04 - 2016-04-22 23:36 - 04611072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-05-10 16:04 - 2016-04-22 23:33 - 00230400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\webcheck.dll
2016-05-10 16:04 - 2016-04-22 23:31 - 00693248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2016-05-10 16:04 - 2016-04-22 23:30 - 02056192 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2016-05-10 16:04 - 2016-04-22 23:30 - 01155072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmlmedia.dll
2016-05-10 16:04 - 2016-04-22 23:28 - 00800768 _____ (Microsoft Corporation) C:\Windows\system32\ieapfltr.dll
2016-05-10 16:04 - 2016-04-22 23:26 - 13811200 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-05-10 16:04 - 2016-04-22 23:12 - 02121216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-05-10 16:04 - 2016-04-22 23:09 - 01312256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-05-10 16:04 - 2016-04-22 23:07 - 00710144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieapfltr.dll
2016-05-10 16:04 - 2016-04-14 09:49 - 00603648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d10level9.dll
2016-05-10 16:04 - 2016-04-14 09:21 - 00647680 _____ (Microsoft Corporation) C:\Windows\system32\d3d10level9.dll
2016-05-10 16:04 - 2016-04-09 03:01 - 00986344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-05-10 16:04 - 2016-04-09 03:01 - 00264936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-05-10 16:04 - 2016-04-09 02:58 - 00002048 _____ (Microsoft Corporation) C:\Windows\system32\tzres.dll
2016-05-10 16:04 - 2016-04-09 02:57 - 00405504 _____ (Microsoft Corporation) C:\Windows\system32\gdi32.dll
2016-05-10 16:04 - 2016-04-09 02:57 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\cdd.dll
2016-05-10 16:04 - 2016-04-09 02:54 - 00312832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\gdi32.dll
2016-05-10 16:04 - 2016-04-09 02:54 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\tzres.dll
2016-05-10 16:04 - 2016-04-09 01:49 - 03217408 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2016-05-10 16:04 - 2016-04-06 11:27 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2016-05-10 16:00 - 2016-04-09 03:02 - 00631176 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-05-10 16:00 - 2016-04-09 03:01 - 05546216 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-05-10 16:00 - 2016-04-09 03:01 - 00706280 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-05-10 16:00 - 2016-04-09 03:01 - 00154344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2016-05-10 16:00 - 2016-04-09 03:01 - 00095464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2016-05-10 16:00 - 2016-04-09 02:59 - 03998952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2016-05-10 16:00 - 2016-04-09 02:59 - 03943144 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2016-05-10 16:00 - 2016-04-09 02:59 - 01732864 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-05-10 16:00 - 2016-04-09 02:58 - 01212928 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2016-05-10 16:00 - 2016-04-09 02:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2016-05-10 16:00 - 2016-04-09 02:58 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2016-05-10 16:00 - 2016-04-09 02:58 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2016-05-10 16:00 - 2016-04-09 02:58 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2016-05-10 16:00 - 2016-04-09 02:58 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2016-05-10 16:00 - 2016-04-09 02:58 - 00210432 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2016-05-10 16:00 - 2016-04-09 02:58 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2016-05-10 16:00 - 2016-04-09 02:58 - 00135680 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2016-05-10 16:00 - 2016-04-09 02:58 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2016-05-10 16:00 - 2016-04-09 02:58 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2016-05-10 16:00 - 2016-04-09 02:58 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2016-05-10 16:00 - 2016-04-09 02:58 - 00028672 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2016-05-10 16:00 - 2016-04-09 02:58 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2016-05-10 16:00 - 2016-04-09 02:58 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 01464320 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 01314112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 01163264 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00880640 _____ (Microsoft Corporation) C:\Windows\system32\advapi32.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00419840 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00059904 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00666112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00644096 _____ (Microsoft Corporation) C:\Windows\SysWOW64\advapi32.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00171520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 02:54 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 01:52 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2016-05-10 16:00 - 2016-04-09 01:52 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-05-10 16:00 - 2016-04-09 01:52 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2016-05-10 16:00 - 2016-04-09 01:51 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2016-05-10 16:00 - 2016-04-09 01:48 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2016-05-10 16:00 - 2016-04-09 01:47 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2016-05-10 16:00 - 2016-04-09 01:44 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-05-10 16:00 - 2016-04-09 01:44 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-05-10 16:00 - 2016-04-09 01:44 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2016-05-10 16:00 - 2016-04-09 01:43 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2016-05-10 16:00 - 2016-04-09 01:43 - 00030720 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2016-05-10 16:00 - 2016-04-09 01:42 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2016-05-10 16:00 - 2016-04-09 01:38 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2016-05-10 16:00 - 2016-04-09 01:38 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2016-05-10 16:00 - 2016-04-09 01:38 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2016-05-10 16:00 - 2016-04-09 01:38 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2016-05-10 16:00 - 2016-04-09 01:37 - 00036352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2016-05-10 16:00 - 2016-04-09 01:37 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 01:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 01:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2016-05-10 16:00 - 2016-04-09 01:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2016-05-10 15:57 - 2016-04-09 00:20 - 01230848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WindowsCodecs.dll
2016-05-10 15:57 - 2016-04-08 23:52 - 01424896 _____ (Microsoft Corporation) C:\Windows\system32\WindowsCodecs.dll
==================== One Month Modified files and folders ========
(If an entry is included in the fixlist, the file/folder will be moved.)
2016-05-27 16:23 - 2016-04-13 21:18 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Skype
2016-05-27 16:22 - 2016-04-13 20:35 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-05-27 16:14 - 2009-07-14 00:45 - 00022736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2016-05-27 16:14 - 2009-07-14 00:45 - 00022736 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2016-05-27 16:07 - 2016-04-13 21:18 - 00000000 __SHD C:\Users\Jon\IntelGraphicsProfiles
2016-05-27 16:07 - 2016-04-13 21:02 - 00000000 ____D C:\Program Files (x86)\Steam
2016-05-27 16:06 - 2016-04-13 20:35 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-05-27 16:06 - 2009-07-14 01:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-05-27 12:51 - 2016-04-13 22:09 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-05-26 20:26 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\inf
2016-05-26 18:41 - 2016-04-13 21:25 - 00000822 _____ C:\Users\Public\Desktop\CCleaner.lnk
2016-05-26 17:43 - 2016-04-13 21:18 - 00000000 ____D C:\Users\Jon\AppData\Local\AMD
2016-05-26 17:37 - 2016-04-14 10:27 - 00416502 _____ C:\Windows\system32\perfh011.dat
2016-05-26 17:37 - 2016-04-14 10:27 - 00121884 _____ C:\Windows\system32\perfc011.dat
2016-05-26 17:37 - 2016-04-14 10:18 - 00509138 _____ C:\Windows\system32\perfh006.dat
2016-05-26 17:37 - 2016-04-14 10:18 - 00098442 _____ C:\Windows\system32\perfc006.dat
2016-05-26 17:37 - 2016-04-14 09:58 - 00398066 _____ C:\Windows\system32\prfh0404.dat
2016-05-26 17:37 - 2016-04-14 09:58 - 00114874 _____ C:\Windows\system32\prfc0404.dat
2016-05-26 17:37 - 2016-04-14 09:50 - 00713604 _____ C:\Windows\system32\prfh0416.dat
2016-05-26 17:37 - 2016-04-14 09:50 - 00147440 _____ C:\Windows\system32\prfc0416.dat
2016-05-26 17:37 - 2016-04-14 09:43 - 00728742 _____ C:\Windows\system32\prfh0816.dat
2016-05-26 17:37 - 2016-04-14 09:43 - 00152690 _____ C:\Windows\system32\prfc0816.dat
2016-05-26 17:37 - 2016-04-14 09:37 - 00740082 _____ C:\Windows\system32\perfh015.dat
2016-05-26 17:37 - 2016-04-14 09:37 - 00155656 _____ C:\Windows\system32\perfc015.dat
2016-05-26 17:37 - 2016-04-14 09:31 - 00656406 _____ C:\Windows\system32\perfh01F.dat
2016-05-26 17:37 - 2016-04-14 09:31 - 00139784 _____ C:\Windows\system32\perfc01F.dat
2016-05-26 17:37 - 2016-04-14 09:19 - 00380894 _____ C:\Windows\system32\prfh0804.dat
2016-05-26 17:37 - 2016-04-14 09:19 - 00119376 _____ C:\Windows\system32\prfc0804.dat
2016-05-26 17:37 - 2016-04-14 08:57 - 00724324 _____ C:\Windows\system32\perfh019.dat
2016-05-26 17:37 - 2016-04-14 08:57 - 00150626 _____ C:\Windows\system32\perfc019.dat
2016-05-26 17:37 - 2016-04-14 08:51 - 00494238 _____ C:\Windows\system32\perfh014.dat
2016-05-26 17:37 - 2016-04-14 08:51 - 00095188 _____ C:\Windows\system32\perfc014.dat
2016-05-26 17:37 - 2016-04-14 08:46 - 00606712 _____ C:\Windows\system32\perfh008.dat
2016-05-26 17:37 - 2016-04-14 08:46 - 00110912 _____ C:\Windows\system32\perfc008.dat
2016-05-26 17:37 - 2016-04-14 08:40 - 00663444 _____ C:\Windows\system32\perfh01D.dat
2016-05-26 17:37 - 2016-04-14 08:40 - 00142258 _____ C:\Windows\system32\perfc01D.dat
2016-05-26 17:37 - 2016-04-14 08:34 - 00428148 _____ C:\Windows\system32\perfh012.dat
2016-05-26 17:37 - 2016-04-14 08:34 - 00120168 _____ C:\Windows\system32\perfc012.dat
2016-05-26 17:37 - 2016-04-14 08:28 - 00668564 _____ C:\Windows\system32\perfh005.dat
2016-05-26 17:37 - 2016-04-14 08:28 - 00141210 _____ C:\Windows\system32\perfc005.dat
2016-05-26 17:37 - 2016-04-14 08:14 - 00743222 _____ C:\Windows\system32\perfh013.dat
2016-05-26 17:37 - 2016-04-14 08:14 - 00152886 _____ C:\Windows\system32\perfc013.dat
2016-05-26 17:37 - 2016-04-14 08:04 - 00481226 _____ C:\Windows\system32\perfh00B.dat
2016-05-26 17:37 - 2016-04-14 08:04 - 00101304 _____ C:\Windows\system32\perfc00B.dat
2016-05-26 17:37 - 2016-04-14 07:59 - 00683478 _____ C:\Windows\system32\perfh00E.dat
2016-05-26 17:37 - 2016-04-14 07:59 - 00171058 _____ C:\Windows\system32\perfc00E.dat
2016-05-26 17:37 - 2016-04-14 07:49 - 00745180 _____ C:\Windows\system32\perfh00A.dat
2016-05-26 17:37 - 2016-04-14 07:49 - 00158258 _____ C:\Windows\system32\perfc00A.dat
2016-05-26 17:37 - 2016-04-14 07:35 - 00392068 _____ C:\Windows\system32\perfh00D.dat
2016-05-26 17:37 - 2016-04-14 07:35 - 00084542 _____ C:\Windows\system32\perfc00D.dat
2016-05-26 17:37 - 2016-04-14 07:20 - 00739770 _____ C:\Windows\system32\perfh010.dat
2016-05-26 17:37 - 2016-04-14 07:20 - 00146630 _____ C:\Windows\system32\perfc010.dat
2016-05-26 17:37 - 2016-04-14 07:15 - 00745440 _____ C:\Windows\system32\perfh00C.dat
2016-05-26 17:37 - 2016-04-14 07:15 - 00478738 _____ C:\Windows\system32\perfh001.dat
2016-05-26 17:37 - 2016-04-14 07:15 - 00149364 _____ C:\Windows\system32\perfc00C.dat
2016-05-26 17:37 - 2016-04-14 07:15 - 00094556 _____ C:\Windows\system32\perfc001.dat
2016-05-26 17:37 - 2016-04-14 07:06 - 00696932 _____ C:\Windows\system32\perfh007.dat
2016-05-26 17:37 - 2016-04-14 07:06 - 00148900 _____ C:\Windows\system32\perfc007.dat
2016-05-26 17:37 - 2009-07-14 01:13 - 17429204 _____ C:\Windows\system32\PerfStringBackup.INI
2016-05-26 16:13 - 2016-04-13 22:23 - 00000000 ____D C:\Users\Jon\AppData\Roaming\discord
2016-05-23 19:09 - 2016-04-13 20:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2016-05-23 17:05 - 2016-04-13 21:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2016-05-19 14:46 - 2016-04-26 16:39 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-05-13 15:23 - 2016-04-13 20:36 - 00002195 _____ C:\Users\Jon\Desktop\Google Chrome.lnk
2016-05-12 15:45 - 2016-04-26 16:40 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-05-11 21:19 - 2016-04-13 20:16 - 00000000 ____D C:\Windows\system32\appraiser
2016-05-11 17:45 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\rescache
2016-05-11 15:17 - 2016-04-13 20:35 - 00003894 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-05-11 15:17 - 2016-04-13 20:35 - 00003642 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
2016-05-11 14:41 - 2010-11-21 03:16 - 00000000 ____D C:\Program Files\Windows Journal
2016-05-11 14:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\lv-LV
2016-05-11 14:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\lt-LT
2016-05-11 14:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\SysWOW64\et-EE
2016-05-11 14:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\lv-LV
2016-05-11 14:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\lt-LT
2016-05-11 14:41 - 2009-07-13 23:20 - 00000000 ____D C:\Windows\system32\et-EE
2016-05-10 20:31 - 2016-04-26 17:25 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2016-05-10 20:31 - 2009-07-13 22:34 - 00000478 _____ C:\Windows\win.ini
2016-05-10 20:26 - 2016-04-13 15:56 - 00000000 ____D C:\Windows\system32\MRT
2016-05-10 20:20 - 2016-04-13 15:55 - 139319312 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-05-06 06:39 - 2016-04-13 22:23 - 00002152 _____ C:\Users\Jon\Desktop\Discord.lnk
2016-05-06 06:39 - 2016-04-13 22:23 - 00000000 ____D C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Hammer & Chisel, Inc
2016-05-06 06:39 - 2016-04-13 22:22 - 00000000 ____D C:\Users\Jon\AppData\Local\Discord
2016-05-06 06:38 - 2016-04-13 22:22 - 00000000 ____D C:\Users\Jon\AppData\Local\SquirrelTemp
2016-05-05 22:05 - 2016-04-13 19:29 - 00000000 ___SD C:\Windows\SysWOW64\GWX
2016-05-05 22:05 - 2016-04-13 19:29 - 00000000 ___SD C:\Windows\system32\GWX
2016-04-30 15:09 - 2016-04-26 16:33 - 00000000 ____D C:\Users\Jon\Desktop\Old Computer
2016-04-27 21:15 - 2016-04-13 20:59 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
==================== Files in the root of some directories =======
2014-11-05 20:00 - 2014-11-05 20:00 - 0051057 _____ () C:\Users\Jon\AppData\Roaming\Delta.d
2009-09-21 19:00 - 2009-09-21 19:00 - 0001497 _____ () C:\Users\Jon\AppData\Roaming\Shanghai.q8M
==================== Bamital & volsnap =================
(There is no automatic fix for files that do not pass verification.)
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
LastRegBack: 2016-05-08 18:27
==================== End of FRST.txt ============================
Additional scan result of Farbar Recovery Scan Tool (x64) Version:25-05-2016 01
Ran by Jon (2016-05-27 16:24:41)
Running from C:\Users\Jon\Desktop
Windows 7 Ultimate Service Pack 1 (X64) (2016-04-13 10:46:23)
Boot Mode: Normal
==========================================================
==================== Accounts: =============================
Administrator (S-1-5-21-1635779816-1293605588-1034340110-500 - Administrator - Disabled)
Guest (S-1-5-21-1635779816-1293605588-1034340110-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1635779816-1293605588-1034340110-1002 - Limited - Enabled)
Jon (S-1-5-21-1635779816-1293605588-1034340110-1000 - Administrator - Enabled) => C:\Users\Jon
==================== Security Center ========================
(If an entry is included in the fixlist, it will be removed.)
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
==================== Installed Programs ======================
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.016.20041 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 21.0.0.198 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.2 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.2.4.194 - Adobe Systems, Inc.)
AMD Install Manager (HKLM\...\AMD Catalyst Install Manager) (Version: 9.0.000.4 - Advanced Micro Devices, Inc.)
Apple Application Support (32-bit) (HKLM-x32\...\{FE5C2FAA-118D-4509-B51D-3F71CC9E1B3E}) (Version: 4.3 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{2937FD88-C9D6-4B82-B539-37CD0A572F42}) (Version: 4.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{2E4AF2A6-50EA-4260-9BA4-5E582D11879A}) (Version: 9.3.0.15 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
Brother MFC-255CW (HKLM-x32\...\{65BEDBE7-5BBC-4EFF-B813-F06A6276DDDD}) (Version: 1.00 - Brother)
Catalyst Control Center Next Localization BR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CHT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization CS (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization DE (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization EL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization ES (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FI (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization FR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization HU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization IT (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization JA (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization KO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization NO (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization PL (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization RU (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization SV (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TH (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
Catalyst Control Center Next Localization TR (Version: 2016.0321.1015.16463 - Advanced Micro Devices, Inc.) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.18 - Piriform)
CDBurnerXP (HKLM\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.6.6059 - CDBurnerXP)
Championify version 1.3.3 (HKLM-x32\...\{1AE5DA33-DB00-453C-9190-FB14C0BBDBE7}_is1) (Version: 1.3.3 - Dustin Blackman)
CPUID HWMonitor 1.28 (HKLM\...\CPUID HWMonitor_is1) (Version: - )
Discord (HKU\S-1-5-21-1635779816-1293605588-1034340110-1000\...\Discord) (Version: 0.0.290 - Hammer & Chisel, Inc.)
Geeks3D FurMark 1.17.0.0 (HKLM-x32\...\{2397CAD4-2263-4CD0-96BE-E43A980B9C9A}_is1) (Version: - Geeks3D)
Google Chrome (HKLM-x32\...\{22773B3E-818C-3DE5-8CBD-2FF73D97A2F4}) (Version: 50.0.2661.75 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.21.99 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 1.0.5.235 - Intel Corporation)
iTunes (HKLM\...\{A31C5565-90D9-4615-AE13-94D86C3836C7}) (Version: 12.3.3.17 - Apple Inc.)
Java 8 Update 91 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418091F0}) (Version: 8.0.910.14 - Oracle Corporation)
Java 8 Update 91 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218091F0}) (Version: 8.0.910.14 - Oracle Corporation)
League of Legends (HKLM-x32\...\League of Legends 3.0.1) (Version: 3.0.1 - Riot Games)
League of Legends (x32 Version: 3.0.1 - Riot Games) Hidden
Malwarebytes Anti-Malware version 2.2.1.1043 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.1.1043 - Malwarebytes)
Microsoft .NET Framework 4.6.1 (čeština) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1029) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (dansk) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1030) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Deutsch) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1031) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (español) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 3082) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Français) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1036) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Italiano) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1040) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Nederlands) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1043) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (norsk språkpakke) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1044) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Polski) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1045) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Português do Brasil) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1046) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Português) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2070) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (suomi) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1035) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (svenska) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1053) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Türkçe) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1055) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Ελληνικά) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1032) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (Русский) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1049) (Version: 4.6.01055 - Корпорация Майкрософт)
Microsoft .NET Framework 4.6.1 (עברית) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1037) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (العربية) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1025) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (한국어) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1042) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (日本語) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1041) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET Framework 4.6.1 (简体中文) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 2052) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft .NET-keretrendszer 4.6.1 (magyar) (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1038) (Version: 4.6.01055 - Microsoft Corporation)
Microsoft Office Professional Plus 2013 (HKLM\...\Office15.PROPLUS) (Version: 15.0.4569.1506 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{6ce5bae9-d3ca-4b99-891a-1dc6c118a5fc}) (Version: 8.0.59192 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 45.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 45.0.2 (x86 en-US)) (Version: 45.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 45.0.2 - Mozilla)
Outils de vérification linguistique 2013 de Microsoft Office - Français (Version: 15.0.4569.1506 - Microsoft Corporation) Hidden
qBittorrent 3.3.4 (HKLM-x32\...\qBittorrent) (Version: 3.3.4 - The qBittorrent project)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (HKLM\...\{90150000-0011-0000-1000-0000000FF1CE}_Office15.PROPLUS_{D82063A8-7C8C-4C3B-A9BB-95138CA55D26}) (Version: - Microsoft)
Service Pack 1 for Microsoft Office 2013 (KB2850036) 64-Bit Edition (Version: - Microsoft) Hidden
Skype™ 7.22 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.22.108 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unlocker 1.9.2 (HKLM\...\Unlocker) (Version: 1.9.2 - Cedrick Collomb)
Update for Skype for Business 2015 (KB3039776) 64-Bit Edition (HKLM\...\{90150000-012B-0409-1000-0000000FF1CE}_Office15.PROPLUS_{0FA8AE0C-69AE-4F60-A1AB-F79C6BA5A999}) (Version: - Microsoft)
VirusTotal Uploader 2.2 (HKLM-x32\...\VTUploader) (Version: - )
VLC media player (HKLM\...\VLC media player) (Version: 2.2.2 - VideoLAN)
Vulkan Run Time Libraries 1.0.3.1 (HKLM\...\VulkanRT1.0.3.1) (Version: 1.0.3.1 - LunarG, Inc.)
WinRAR 5.31 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.31.0 - win.rar GmbH)
==================== Custom CLSID (Whitelisted): ==========================
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
==================== Scheduled Tasks (Whitelisted) =============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
Task: {1C7DCA9C-6410-47E9-AEC7-7F4573E825FE} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {1DDC2B8A-EDF0-460C-8F8C-2687E8E7511D} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office\Office15\msoia.exe [2014-01-23] (Microsoft Corporation)
Task: {3ED0C1E0-9C7B-4CF2-A765-37D6222188E4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-13] (Google Inc.)
Task: {40427944-A37C-4366-891E-F3DD7118EF58} - System32\Tasks\AMD Updater => C:\Program Files\AMD\CIM\\Bin64\InstallManagerApp.exe [2016-03-21] (Advanced Micro Devices, Inc.)
Task: {866D48B6-9D53-4B17-9B91-0D044593050F} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
Task: {9BC4E168-F049-4CE6-AE85-29179209ECCB} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-05-13] (Piriform Ltd)
Task: {E505B9CD-5200-43B5-BABD-6BBCF3636769} - System32\Tasks\Microsoft\Office\Office 15 Subscription Heartbeat => C:\Program Files\Common Files\Microsoft Shared\Office15\OLicenseHeartbeat.exe [2014-01-23] (Microsoft Corporation)
Task: {EC9FA9CF-134D-48F4-836F-69CED635984E} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-13] (Google Inc.)
Task: {F00BA9A0-A0B6-45CF-8822-E49949A913C2} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2016-04-22] (Adobe Systems Incorporated)
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
==================== Shortcuts =============================
(The entries could be listed to be restored or removed.)
==================== Loaded Modules (Whitelisted) ==============
2016-02-09 14:40 - 2016-02-09 14:40 - 08901184 _____ () C:\Program Files\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2010-07-15 00:44 - 2010-07-15 00:44 - 00020032 _____ () C:\Program Files\Unlocker\UnlockerCOM.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 00092472 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2016-03-18 22:56 - 2016-03-18 22:56 - 01329936 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-06-25 17:34 - 2015-06-25 17:34 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick.2\qtquick2plugin.dll
2015-06-25 17:37 - 2015-06-25 17:37 - 00739840 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-06-25 17:35 - 2015-06-25 17:35 - 00014336 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Window.2\windowplugin.dll
2015-06-25 17:38 - 2015-06-25 17:38 - 00071168 _____ () C:\Program Files\AMD\CNext\CNext\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-06-25 16:53 - 2015-06-25 16:53 - 00011776 _____ () C:\Program Files\AMD\CNext\CNext\libEGL.dll
2015-06-25 16:51 - 2015-06-25 16:51 - 02013696 _____ () C:\Program Files\AMD\CNext\CNext\libGLESv2.dll
2016-05-13 15:23 - 2016-05-10 23:49 - 02224280 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libglesv2.dll
2016-05-13 15:23 - 2016-05-10 23:49 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\50.0.2661.102\libegl.dll
2016-03-21 09:49 - 2016-03-21 09:49 - 00186368 _____ () C:\Windows\SysWOW64\GameManager32.dll
2016-04-13 21:19 - 2016-04-29 16:10 - 00785920 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2016-04-13 21:19 - 2015-07-03 12:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2016-04-13 21:19 - 2015-07-03 12:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2016-04-13 21:19 - 2015-07-03 12:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2016-04-13 21:19 - 2016-04-29 20:10 - 02549840 _____ () C:\Program Files (x86)\Steam\video.dll
2016-04-13 21:19 - 2016-02-08 19:14 - 02549760 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2016-04-13 21:19 - 2016-02-08 19:14 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2016-04-13 21:19 - 2016-02-08 19:14 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2016-04-13 21:19 - 2016-02-08 19:14 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2016-04-13 21:19 - 2016-02-08 19:14 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2016-04-13 21:19 - 2016-04-29 20:10 - 00829008 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2016-04-13 21:19 - 2016-02-17 18:25 - 00281088 _____ () C:\Program Files (x86)\Steam\openvr_api.dll
2016-02-09 14:41 - 2016-02-09 14:41 - 08901184 _____ () C:\Program Files (x86)\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2016-05-06 06:38 - 2016-05-06 01:40 - 02757304 _____ () C:\Users\Jon\AppData\Local\Discord\app-0.0.290\libdiscord.dll
2016-05-06 06:38 - 2016-05-06 06:38 - 01746104 _____ () C:\Users\Jon\AppData\Local\Discord\app-0.0.290\ffmpeg.dll
2016-05-06 06:38 - 2016-05-06 01:40 - 00112312 _____ () \\?\C:\Users\Jon\AppData\Local\Discord\app-0.0.290\resources\node_modules\discord_overlay\discord_overlay.node
2016-04-13 21:19 - 2016-04-27 21:00 - 49825056 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-05-06 06:38 - 2016-05-06 01:40 - 01843896 _____ () C:\Users\Jon\AppData\Local\Discord\app-0.0.290\libglesv2.dll
2016-05-06 06:38 - 2016-05-06 01:40 - 00020664 _____ () C:\Users\Jon\AppData\Local\Discord\app-0.0.290\libegl.dll
2016-05-27 16:07 - 2016-05-27 16:07 - 00140800 _____ () \\?\C:\Users\Jon\AppData\Local\Temp\23A6.tmp.node
==================== Alternate Data Streams (Whitelisted) =========
(If an entry is included in the fixlist, only the ADS will be removed.)
==================== Safe Mode (Whitelisted) ===================
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
==================== Association (Whitelisted) ===============
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
==================== Internet Explorer trusted/restricted ===============
(If an entry is included in the fixlist, it will be removed from the registry.)
==================== Hosts content: ===============================
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
2009-07-13 22:34 - 2009-06-10 17:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
==================== Other Areas ============================
(Currently there is no automatic fix for this section.)
HKU\S-1-5-21-1635779816-1293605588-1034340110-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Jon\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 167.206.245.135 - 167.206.245.136
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
==================== MSCONFIG/TASK MANAGER disabled items ==
(Currently there is no automatic fix for this section.)
==================== FirewallRules (Whitelisted) ===============
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
FirewallRules: [{B7D04CF4-BD50-4A77-8525-58659D8B2E25}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4976587F-784E-4DF7-8346-BCC80B81CC36}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{D914C6F2-6D24-49E4-844A-A49C115760D0}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{AC6894E4-35C0-4CDB-AF31-E012DEBF9FB4}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{BA2B5C17-AB6F-4132-B62D-20D9F20AC8E2}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{FFB6081A-F70F-49B5-9172-C96222F5648F}] => (Allow) C:\Program Files (x86)\qBittorrent\qbittorrent.exe
FirewallRules: [{93233FA0-76DE-4B36-82F9-5BC6203B97BC}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{57D98AC8-9826-403A-B51D-2AE9571F3B86}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5C3F3263-30B9-4B45-8686-F457FF6F2DAF}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{43E739A1-E74B-4095-890A-6D40AD667299}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{C7E621D6-D1D8-4019-82E9-C294DEB56146}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{60A76F44-3CF3-41F0-ACBA-689EAA934338}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{FC898F01-CCE2-4CF2-93BD-EF7379E9C21C}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{1AB89C9A-A739-4F8F-9ECD-0737E62E92C8}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E29B8DFF-D122-4A57-9E56-99E8C09A946D}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{65893314-3934-42E4-AB31-87E5DD29F827}] => (Allow) C:\Program Files\Microsoft Office\Office15\lync.exe
FirewallRules: [{51F38140-BD89-42B4-8220-C4FA65D1AB7E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{2F107149-D53B-4A9F-9B40-712516DFBF5E}] => (Allow) C:\Program Files\Microsoft Office\Office15\UcMapi.exe
FirewallRules: [{19FB2B3F-F9A3-4188-AE7D-0349A01A1BC3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
==================== Restore Points =========================
22-05-2016 15:26:44 Scheduled Checkpoint
23-05-2016 17:17:57 Installed notation player 3
23-05-2016 19:09:01 Removed notation player 3
26-05-2016 15:59:00 Installed Microsoft Fix it 50688
26-05-2016 18:39:17 Windows Update
==================== Faulty Device Manager Devices =============
==================== Event log errors: =========================
Application errors:
==================
Error: (05/27/2016 12:39:14 PM) (Source: Office 2013 Licensing Service) (EventID: 0) (User: )
Description: Subscription licensing service failed: -1073418154
Error: (05/27/2016 12:36:36 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program NOTEPAD.EXE version 6.1.7601.18917 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Action Center control panel.
Process ID: 1678
Start Time: 01d1b835e91e803b
Termination Time: 10
Application Path: C:\Windows\system32\NOTEPAD.EXE
Report Id: 2bcc412e-2429-11e6-88fc-3085a99cbfbf
Error: (05/26/2016 07:02:40 PM) (Source: Software Protection Platform Service) (EventID: 1010) (User: )
Description: Acquisition of Rights Account Certificate failed. hr=0x80072EE7
Error: (05/26/2016 07:02:40 PM) (Source: Software Protection Platform Service) (EventID: 8200) (User: )
Description: License acquisition failure details.
hr=0x80072EE7
Error: (05/26/2016 06:39:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CreateVssExamineWriterMetadata. hr = 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
.
Operation:
Writer Exposing its Metadata
Context:
Execution Context: Requestor
Writer Instance ID: {44741033-7C4A-4EA5-965E-141FB1548B24}
Writer Class Id: {E8132975-6F93-4464-A53E-1050253AE220}
Writer Name: System Writer
Error: (05/26/2016 06:39:25 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine XML document is too long. hr = 0x80070018, The program issued a command but the command length is incorrect.
.
Operation:
Writer Exposing its Metadata
Context:
Execution Context: Requestor
Writer Instance ID: {44741033-7C4A-4EA5-965E-141FB1548B24}
Writer Class Id: {E8132975-6F93-4464-A53E-1050253AE220}
Writer Name: System Writer
Error: (05/26/2016 06:39:17 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CreateVssExamineWriterMetadata. hr = 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
.
Operation:
Writer Exposing its Metadata
Context:
Execution Context: Requestor
Writer Instance ID: {44741033-7C4A-4EA5-965E-141FB1548B24}
Writer Class Id: {E8132975-6F93-4464-A53E-1050253AE220}
Writer Name: System Writer
Error: (05/26/2016 06:39:17 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine XML document is too long. hr = 0x80070018, The program issued a command but the command length is incorrect.
.
Operation:
Writer Exposing its Metadata
Context:
Execution Context: Requestor
Writer Instance ID: {44741033-7C4A-4EA5-965E-141FB1548B24}
Writer Class Id: {E8132975-6F93-4464-A53E-1050253AE220}
Writer Name: System Writer
Error: (05/26/2016 03:59:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine CreateVssExamineWriterMetadata. hr = 0x80042302, A Volume Shadow Copy Service component encountered an unexpected error.
Check the Application event log for more information.
.
Operation:
Writer Exposing its Metadata
Context:
Execution Context: Requestor
Writer Instance ID: {CBF94D5C-15B1-4EE5-85FF-6ABCBC391823}
Writer Class Id: {E8132975-6F93-4464-A53E-1050253AE220}
Writer Name: System Writer
Error: (05/26/2016 03:59:08 PM) (Source: VSS) (EventID: 8193) (User: )
Description: Volume Shadow Copy Service error: Unexpected error calling routine XML document is too long. hr = 0x80070018, The program issued a command but the command length is incorrect.
.
Operation:
Writer Exposing its Metadata
Context:
Execution Context: Requestor
Writer Instance ID: {CBF94D5C-15B1-4EE5-85FF-6ABCBC391823}
Writer Class Id: {E8132975-6F93-4464-A53E-1050253AE220}
Writer Name: System Writer
System errors:
=============
Error: (05/26/2016 07:16:48 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Windows Update service hung on starting.
Error: (05/26/2016 07:11:00 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}
Error: (05/26/2016 06:41:13 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Logitech - Other hardware - USB Input Device (Logitech Download Assistant).
Error: (05/26/2016 04:12:14 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 4:09:44 PM on 5/26/2016 was unexpected.
Error: (05/26/2016 03:25:57 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Windows Presentation Foundation Font Cache 3.0.0.0 service failed to start due to the following error:
%%1053
Error: (05/26/2016 03:25:57 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Windows Presentation Foundation Font Cache 3.0.0.0 service to connect.
Error: (05/26/2016 03:25:07 PM) (Source: BugCheck) (EventID: 1001) (User: )
Description: 0x000000f4 (0x0000000000000003, 0xfffffa8009d75060, 0xfffffa8009d75340, 0xfffff800031d2e40)C:\Windows\MEMORY.DMP052616-28392-01
Error: (05/26/2016 03:24:59 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 3:21:28 PM on 5/26/2016 was unexpected.
Error: (05/25/2016 10:44:31 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:43:04 PM on 5/25/2016 was unexpected.
Error: (05/25/2016 10:31:22 PM) (Source: EventLog) (EventID: 6008) (User: )
Description: The previous system shutdown at 10:29:37 PM on 5/25/2016 was unexpected.
==================== Memory info ===========================
Processor: Intel® Core i5-3470 CPU @ 3.20GHz
Percentage of memory in use: 37%
Total physical RAM: 8075.79 MB
Available physical RAM: 5061.64 MB
Total Virtual: 16149.76 MB
Available Virtual: 13020.33 MB
==================== Drives ================================
Drive c: () (Fixed) (Total:465.66 GB) (Free:385.75 GB) NTFS
Drive e: (GRMCULXFRER_EN_DVD) (Removable) (Total:3.72 GB) (Free:0.57 GB) NTFS
==================== MBR & Partition Table ==================
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: A0CAA515)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
========================================================
Disk: 1 (Size: 3.7 GB) (Disk ID: 2DBD3213)
Partition 1: (Active) - (Size=3.7 GB) - (Type=07 NTFS)
==================== End of Addition.txt ============================