Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ExtTag Browser Hijacker


  • This topic is locked This topic is locked
9 replies to this topic

#1 Merlot14

Merlot14

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 31 August 2015 - 12:27 PM

Hello All -

 

Here is my FRST log. Thanks for your help.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:30-08-2015
Ran by Mollie (administrator) on MOLLIE-PC (31-08-2015 10:19:01)
Running from C:\Users\Mollie\Desktop\Nick's Tools
Loaded Profiles: Mollie (Available Profiles: Mollie)
Platform: Windows 7 Professional Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRYSVC.EXE
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\BCMWLTRY.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe
(Hewlett-Packard Company) C:\Program Files (x86)\HP\Common\HPSupportSolutionsFrameworkService.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.13\GoogleCrashHandler64.exe
(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe
() C:\Program Files\NixSrv\NixSrv.exe
(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TosCoSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoService.exe
(Microsoft Corporation) C:\Windows\System32\rundll32.exe
() C:\Program Files\NixSrv\packages\19a63c00-2126-41cf-a2fd-b04d1f26c4ae\NixHost.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Broadcom Corporation) C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE
(Intel Corporation) C:\Windows\System32\igfxsrvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\FlashCards\TCrdMain.exe
() C:\Program Files\Toshiba\Power Saver\TPwrMain.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\Power Saver\TBatmgrTrayicon.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\Teco.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe
() C:\ProgramData\DataFile\Downloads\DV.exe
(TOSHIBA) C:\Program Files\Toshiba\FlashCards\Hotkey\TDUNotify\TDUSrv64.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe
() C:\Program Files\Toshiba\FlashCards\Hotkey\TCrdKBB.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\ToshibaServiceStation.exe
(Toshiba) C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TECO\TecoHook.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtSrv.exe
(Microsoft Corporation) C:\Windows\System32\GWX\GWX.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvUseMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeBtMng.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosLeSrvProvider.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtHSP.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosAVRC.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
(TOSHIBA CORPORATION.) C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
(TOSHIBA Corporation) C:\Program Files (x86)\Toshiba\TOSHIBA Service Station\TMachInfo.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSmartSrv.exe
(TOSHIBA Corporation) C:\Program Files\Toshiba\TOSHIBA HDD SSD Alert\TosSENotify.exe
() C:\ProgramData\ExtTag\ExtTag.exe
() C:\ProgramData\ExtTag\White-Plus.exe
(Hewlett-Packard Co.) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [] => [X]
HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13667032 2014-02-24] (Realtek Semiconductor)
HKLM\...\Run: [Broadcom Wireless Manager UI] => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.exe [8596480 2014-10-24] (Broadcom Corporation)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2810608 2014-02-21] (Synaptics Incorporated)
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\FlashCards\TCrdMain.exe [2853968 2014-02-25] (TOSHIBA Corporation)
HKLM\...\Run: [TPwrMain] => C:\Program Files\TOSHIBA\Power Saver\TPwrMain.EXE [595840 2012-03-02] ()
HKLM\...\Run: [BatteryManager] => C:\Program Files\TOSHIBA\Power Saver\TBatmgrTrayIcon.exe [287104 2014-02-25] (TOSHIBA Corporation)
HKLM\...\Run: [TSleepSrv] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Sleep Utility\TSleepSrv.exe [1500240 2013-04-16] (TOSHIBA)
HKLM\...\Run: [Teco] => C:\Program Files\TOSHIBA\TECO\Teco.exe [1604168 2013-11-26] (TOSHIBA Corporation)
HKLM\...\Run: [TosSENotify] => C:\Program Files\TOSHIBA\TOSHIBA HDD SSD Alert\TosWaitSrv.exe [711040 2013-08-20] (TOSHIBA Corporation)
HKLM\...\Run: [TosVolRegulator] => C:\Program Files\TOSHIBA\TosVolRegulator\TosVolRegulator.exe [24376 2009-11-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [USB3MON] => C:\Program Files (x86)\Intel\Intel® USB 3.0 eXtensible Host Controller Driver\Application\iusb3mon.exe [292848 2013-12-20] (Intel Corporation)
HKLM-x32\...\Run: [ITSecMng] => C:\Program Files (x86)\TOSHIBA\Bluetooth Toshiba Stack\ItSecMng.exe [80840 2011-04-01] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [ToshibaServiceStation] => C:\Program Files (x86)\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe [1298816 2011-07-11] (TOSHIBA Corporation)
HKLM-x32\...\Run: [ToshibaAppPlace] => C:\Program Files (x86)\Toshiba\Toshiba App Place\ToshibaAppPlace.exe [552960 2010-09-23] (Toshiba)
HKLM-x32\...\Run: [Adobe ARM] => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [1022152 2014-12-19] (Adobe Systems Incorporated)
Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-1652722684-191071495-755533906-1000\...\Run: [HP Officejet Pro 8600 (NET)] => C:\Program Files\HP\HP Officejet Pro 8600\Bin\ScanToPCActivationApp.exe [2676584 2011-09-09] (Hewlett-Packard Co.)
HKU\S-1-5-21-1652722684-191071495-755533906-1000\...\Run: [DV] => C:\ProgramData\DataFile\Downloads\DV.exe [277504 2015-08-11] ()
AppInit_DLLs: C:\ProgramData\ExtTag\WarmAnjob.dll => C:\ProgramData\ExtTag\WarmAnjob.dll [212992 2015-08-31] ()
AppInit_DLLs-x32: C:\ProgramData\ExtTag\Red-Strong.dll => C:\ProgramData\ExtTag\Red-Strong.dll [194560 2015-08-31] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Bluetooth Manager.lnk [2015-08-06]
ShortcutTarget: Bluetooth Manager.lnk -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe (TOSHIBA CORPORATION.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{77AC9998-31B2-46F1-A4F2-1B64FE84DE53}: [DhcpNameServer] 10.0.1.1
Tcpip\..\Interfaces\{DFE16F11-4C36-4212-90CA-0644AFE8AD71}: [DhcpNameServer] 10.0.1.1

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1652722684-191071495-755533906-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
HKU\S-1-5-21-1652722684-191071495-755533906-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
HKU\S-1-5-21-1652722684-191071495-755533906-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlpOkNS3oSLsLtAx80JG8S9jKKQ7vrOOkfSGlUtV_DIAEvMK0xOVwheR4ed9zBx4y0uTm0WfYxTITXVkI
HKU\S-1-5-21-1652722684-191071495-755533906-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
SearchScopes: HKLM -> DefaultScope {6AB28650-CD97-43C9-A2EA-69A64806DC0D} URL =
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> DefaultScope {ielnksrch} URL =
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
SearchScopes: HKLM-x32 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-1652722684-191071495-755533906-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1652722684-191071495-755533906-1000 -> {9143e921-7c9a-4d27-ac43-eaccc78cc55a} URL =
SearchScopes: HKU\S-1-5-21-1652722684-191071495-755533906-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-07-14] (Microsoft Corporation)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-07-14] (Microsoft Corporation)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office 15\root\Office15\URLREDIR.DLL [2015-07-14] (Microsoft Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:
========
FF ProfilePath: C:\Users\Mollie\AppData\Roaming\Mozilla\Firefox\Profiles\spgmq2oz.default
FF DefaultSearchEngine.US: findit
FF Homepage: C:\ProgramData\ExtTags\ff.HP
FF NewTab: C:\ProgramData\ExtTags\ff.NT
FF Plugin: @adobe.com/FlashPlayer -> C:\windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-12] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-12] ()
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=4.0.5 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2013-12-09] (Intel Corporation)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-12-26] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.13\npGoogleUpdate3.dll [2015-08-30] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2013-08-05] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2015-05-01] (Adobe Systems Inc.)
FF Plugin HKU\S-1-5-21-1652722684-191071495-755533906-1000: vidyo.com/VidyoWeb_1.1.1.00075 -> C:\Users\Mollie\AppData\Roaming\VidyoInc\VidyoWeb\1.1.1.00075\npVidyoWeb.dll [2015-02-05] (Vidyo, Inc.)
FF SearchPlugin: C:\Users\Mollie\AppData\Roaming\Mozilla\Firefox\Profiles\spgmq2oz.default\searchplugins\findit.xml [2015-08-31]
FF Extension: Screen Flip 1.0.1 - C:\Users\Mollie\AppData\Roaming\Mozilla\Firefox\Profiles\spgmq2oz.default\Extensions\{7c546926-b97d-4b3c-a787-098d892064ad}.xpi [2015-08-27]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2765496 2015-07-14] (Microsoft Corporation)
R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-04] ()
R2 ExtTag; C:\ProgramData\ExtTag\ExtTag.exe [33792 2015-08-27] () [File not signed]
S3 GamesAppIntegrationService; C:\Program Files (x86)\WildTangent Games\App\GamesAppIntegrationService.exe [227904 2014-02-25] (WildTangent)
R2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [747520 2013-08-27] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [828376 2013-08-27] (Intel® Corporation)
R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [131544 2013-12-09] (Intel Corporation)
R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [169432 2013-12-09] (Intel Corporation)
R2 NixSrv; C:\Program Files\NixSrv\NixSrv.exe [379904 2015-08-27] () [File not signed]
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-26] (Microsoft Corporation)
R2 wltrysvc; C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\bcmwltry.exe [5847552 2014-10-24] (Broadcom Corporation) [File not signed]

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\System32\drivers\bcbtums.sys [172760 2013-10-02] (Broadcom Corporation.)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28008 2013-11-21] (Intel Corporation)
R3 MEIx64; C:\Windows\System32\DRIVERS\TeeDriverx64.sys [100312 2013-12-09] (Intel Corporation)
R3 RSP2STOR; C:\Windows\System32\DRIVERS\RtsP2Stor.sys [293592 2014-02-11] (Realtek Semiconductor Corp.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [31472 2014-02-21] (Synaptics Incorporated)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-31 09:19 - 2015-08-31 09:19 - 00002377 _____ C:\windows\SysWOW64\findit.xml
2015-08-31 09:19 - 2015-08-31 09:19 - 00000000 ____D C:\ProgramData\ExtTags
2015-08-31 09:19 - 2015-08-31 09:19 - 00000000 ____D C:\ProgramData\ExtTag
2015-08-30 23:56 - 2015-08-31 09:00 - 00004858 _____ C:\Users\Mollie\Desktop\Rkill.txt
2015-08-30 13:58 - 2015-08-30 13:58 - 00003882 _____ C:\windows\System32\Tasks\Install Google Chrome
2015-08-29 09:51 - 2015-08-31 09:14 - 00001230 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tableau 9.0.lnk
2015-08-29 09:51 - 2015-08-31 09:14 - 00001224 _____ C:\Users\Public\Desktop\Tableau 9.0.lnk
2015-08-29 09:51 - 2015-08-29 09:52 - 00000000 ____D C:\ProgramData\FLEXnet
2015-08-29 09:51 - 2015-08-29 09:51 - 00000000 ____D C:\Users\Mollie\Documents\My Tableau Repository
2015-08-29 09:51 - 2015-08-29 09:51 - 00000000 ____D C:\Users\Mollie\AppData\Local\Tableau
2015-08-29 09:51 - 2015-08-29 09:51 - 00000000 ____D C:\Program Files\Common Files\Macrovision Shared
2015-08-29 09:50 - 2015-08-29 09:50 - 00000000 ____D C:\Program Files\Tableau
2015-08-29 09:44 - 2015-08-29 09:42 - 05389886 _____ C:\Users\Mollie\Downloads\TimeFrame Reporting.twbx
2015-08-29 09:42 - 2015-08-29 09:42 - 05389886 _____ C:\Users\Mollie\Desktop\TimeFrame Reporting.twbx
2015-08-29 09:42 - 2015-08-29 09:42 - 00000168 _____ C:\Users\Mollie\Desktop\Untitled attachment 00003.htm
2015-08-29 09:33 - 2015-08-29 09:33 - 00003278 _____ C:\windows\System32\Tasks\psv_n1n501lz
2015-08-28 13:09 - 2015-08-28 13:09 - 00001718 _____ C:\AdwCleaner[C5].txt
2015-08-28 13:08 - 2015-08-28 13:09 - 00001529 _____ C:\AdwCleaner[S5].txt
2015-08-28 12:27 - 2015-08-28 14:06 - 00000000 ____D C:\Users\Mollie\Desktop\Kyle 8.28 Bids
2015-08-28 11:57 - 2015-08-28 11:57 - 00001666 _____ C:\AdwCleaner[C4].txt
2015-08-28 11:57 - 2015-08-28 11:57 - 00001443 _____ C:\AdwCleaner[S4].txt
2015-08-28 11:52 - 2015-08-31 10:19 - 00000000 ____D C:\FRST
2015-08-28 11:28 - 2015-08-28 11:28 - 00001542 _____ C:\AdwCleaner[C3].txt
2015-08-28 11:27 - 2015-08-28 11:28 - 00001319 _____ C:\AdwCleaner[S3].txt
2015-08-28 11:21 - 2015-08-28 11:42 - 00000000 ____D C:\TDSSKiller_Quarantine
2015-08-28 11:07 - 2015-08-28 11:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-08-28 10:06 - 2015-08-28 10:06 - 00002970 _____ C:\windows\System32\Tasks\{3E972377-A9AE-4F90-9DBE-407BA4703F06}
2015-08-28 10:05 - 2015-08-28 10:05 - 00002970 _____ C:\windows\System32\Tasks\{6FCC6526-8966-4F85-990C-7E03D29CCBBC}
2015-08-28 10:05 - 2015-08-28 10:05 - 00002970 _____ C:\windows\System32\Tasks\{0183E017-C336-443B-A7BC-CCA7BE44029F}
2015-08-27 15:33 - 2015-08-31 10:18 - 00000000 ____D C:\Users\Mollie\Desktop\Nick's Tools
2015-08-27 15:28 - 2015-08-27 10:35 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Mollie\Desktop\rkill.exe
2015-08-27 15:25 - 2015-08-27 15:25 - 00001214 _____ C:\AdwCleaner[C2].txt
2015-08-27 15:23 - 2015-08-27 15:24 - 00001110 _____ C:\AdwCleaner[S2].txt
2015-08-27 14:55 - 2015-08-27 14:55 - 00006809 _____ C:\AdwCleaner[C1].txt
2015-08-27 14:54 - 2015-08-27 14:55 - 00006401 _____ C:\AdwCleaner[S1].txt
2015-08-27 14:54 - 2015-08-27 14:55 - 00000000 ____D C:\AdwCleaner
2015-08-27 14:21 - 2015-08-27 14:53 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-08-27 07:22 - 2015-08-27 14:26 - 00000000 ____D C:\ProgramData\DataFile
2015-08-27 07:21 - 2015-08-27 07:21 - 00000000 _____ C:\windows\SysWOW64\Number of results
2015-08-27 07:03 - 2015-08-27 13:43 - 00004744 _____ C:\windows\SysWOW64\Ooteeotoor.ini
2015-08-27 07:03 - 2015-08-27 13:43 - 00002456 _____ C:\windows\SysWOW64\OoteeotoorOff.ini
2015-08-27 07:03 - 2015-08-27 13:43 - 00002456 _____ C:\windows\system32\OoteeotoorOff.ini
2015-08-27 07:02 - 2015-08-27 07:02 - 00003646 _____ C:\windows\System32\Tasks\Teutqeug
2015-08-27 07:02 - 2015-08-27 07:02 - 00000000 ____D C:\windows\system32\abis
2015-08-27 06:56 - 2015-08-27 13:43 - 00000000 ____D C:\Program Files\NixSrv
2015-08-27 06:51 - 2015-08-27 11:25 - 00000004 _____ C:\windows\SysWOW64\029B560A371F4E00AB32838EBC01B9E7
2015-08-27 06:50 - 2009-06-10 14:00 - 00000824 _____ C:\windows\system32\Drivers\etc\hp.bak
2015-08-27 06:48 - 2015-08-27 06:48 - 00000000 ____D C:\Users\Mollie\AppData\Local\CEF
2015-08-27 06:47 - 2015-08-27 06:47 - 00000000 ____D C:\Users\Mollie\AppData\Roaming\c
2015-08-27 06:47 - 2015-08-27 06:47 - 00000000 ____D C:\ProgramData\u4c
2015-08-24 15:16 - 2015-08-24 15:20 - 00000000 ____D C:\Users\Mollie\Desktop\330 E Hamilton
2015-08-21 13:45 - 2015-08-21 13:46 - 00000000 ____D C:\Users\Mollie\Desktop\2490 Mariner
2015-08-21 12:16 - 2015-08-21 12:17 - 00000000 ____D C:\Users\Mollie\Desktop\890 Service St Skylights
2015-08-19 16:19 - 2015-08-10 18:20 - 25191936 _____ (Microsoft Corporation) C:\windows\system32\mshtml.dll
2015-08-19 16:19 - 2015-08-10 18:14 - 02724864 _____ (Microsoft Corporation) C:\windows\system32\mshtml.tlb
2015-08-19 16:19 - 2015-08-10 17:33 - 02724864 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.tlb
2015-08-19 16:19 - 2015-08-10 17:20 - 19871232 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtml.dll
2015-08-18 09:27 - 2015-08-31 09:15 - 00004726 _____ C:\windows\setupact.log
2015-08-18 09:27 - 2015-08-18 09:27 - 00000000 _____ C:\windows\setuperr.log
2015-08-18 09:26 - 2015-08-31 09:15 - 00900448 _____ C:\windows\PFRO.log
2015-08-13 19:04 - 2015-07-30 06:13 - 00124624 _____ (Microsoft Corporation) C:\windows\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-13 19:04 - 2015-07-30 06:13 - 00103120 _____ (Microsoft Corporation) C:\windows\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-12 09:49 - 2015-08-12 09:49 - 00023040 ___SH C:\Users\Mollie\Thumbs.db
2015-08-12 09:10 - 2015-07-20 17:12 - 00342736 _____ (Microsoft Corporation) C:\windows\SysWOW64\iedkcs32.dll
2015-08-12 09:10 - 2015-07-16 13:36 - 00048640 _____ (Microsoft Corporation) C:\windows\system32\ieetwproxystub.dll
2015-08-12 09:10 - 2015-07-16 13:35 - 02885632 _____ (Microsoft Corporation) C:\windows\system32\iertutil.dll
2015-08-12 09:10 - 2015-07-16 13:26 - 00034304 _____ (Microsoft Corporation) C:\windows\system32\iernonce.dll
2015-08-12 09:10 - 2015-07-16 13:21 - 00114688 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollector.exe
2015-08-12 09:10 - 2015-07-16 13:00 - 00077824 _____ (Microsoft Corporation) C:\windows\system32\JavaScriptCollectionAgent.dll
2015-08-12 09:10 - 2015-07-16 12:51 - 00504320 _____ (Microsoft Corporation) C:\windows\SysWOW64\vbscript.dll
2015-08-12 09:10 - 2015-07-16 12:50 - 00047616 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieetwproxystub.dll
2015-08-12 09:10 - 2015-07-16 12:45 - 02279424 _____ (Microsoft Corporation) C:\windows\SysWOW64\iertutil.dll
2015-08-12 09:10 - 2015-07-16 12:43 - 00030720 _____ (Microsoft Corporation) C:\windows\SysWOW64\iernonce.dll
2015-08-12 09:10 - 2015-07-16 12:35 - 00720384 _____ (Microsoft Corporation) C:\windows\system32\ie4uinit.exe
2015-08-12 09:10 - 2015-07-16 12:24 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\JavaScriptCollectionAgent.dll
2015-08-12 09:10 - 2015-07-16 12:19 - 00076288 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmled.dll
2015-08-12 09:10 - 2015-07-16 12:17 - 00285696 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtrans.dll
2015-08-12 09:10 - 2015-07-16 12:06 - 00689152 _____ (Microsoft Corporation) C:\windows\SysWOW64\msfeeds.dll
2015-08-12 09:10 - 2015-07-16 11:38 - 01310720 _____ (Microsoft Corporation) C:\windows\SysWOW64\urlmon.dll
2015-08-12 09:09 - 2015-07-20 17:39 - 00389840 _____ (Microsoft Corporation) C:\windows\system32\iedkcs32.dll
2015-08-12 09:09 - 2015-07-16 13:54 - 00004096 _____ (Microsoft Corporation) C:\windows\system32\ieetwcollectorres.dll
2015-08-12 09:09 - 2015-07-16 13:37 - 00066560 _____ (Microsoft Corporation) C:\windows\system32\iesetup.dll
2015-08-12 09:09 - 2015-07-16 13:36 - 00584192 _____ (Microsoft Corporation) C:\windows\system32\vbscript.dll
2015-08-12 09:09 - 2015-07-16 13:36 - 00417792 _____ (Microsoft Corporation) C:\windows\system32\html.iec
2015-08-12 09:09 - 2015-07-16 13:35 - 00088064 _____ (Microsoft Corporation) C:\windows\system32\MshtmlDac.dll
2015-08-12 09:09 - 2015-07-16 13:27 - 00054784 _____ (Microsoft Corporation) C:\windows\system32\jsproxy.dll
2015-08-12 09:09 - 2015-07-16 13:26 - 05923328 _____ (Microsoft Corporation) C:\windows\system32\jscript9.dll
2015-08-12 09:09 - 2015-07-16 13:23 - 00615936 _____ (Microsoft Corporation) C:\windows\system32\ieui.dll
2015-08-12 09:09 - 2015-07-16 13:21 - 00816640 _____ (Microsoft Corporation) C:\windows\system32\jscript.dll
2015-08-12 09:09 - 2015-07-16 13:21 - 00814080 _____ (Microsoft Corporation) C:\windows\system32\jscript9diag.dll
2015-08-12 09:09 - 2015-07-16 13:21 - 00144384 _____ (Microsoft Corporation) C:\windows\system32\ieUnatt.exe
2015-08-12 09:09 - 2015-07-16 13:12 - 00968704 _____ (Microsoft Corporation) C:\windows\system32\MsSpellCheckingFacility.exe
2015-08-12 09:09 - 2015-07-16 13:08 - 00490496 _____ (Microsoft Corporation) C:\windows\system32\dxtmsft.dll
2015-08-12 09:09 - 2015-07-16 12:55 - 00199680 _____ (Microsoft Corporation) C:\windows\system32\msrating.dll
2015-08-12 09:09 - 2015-07-16 12:54 - 00092160 _____ (Microsoft Corporation) C:\windows\system32\mshtmled.dll
2015-08-12 09:09 - 2015-07-16 12:51 - 00316928 _____ (Microsoft Corporation) C:\windows\system32\dxtrans.dll
2015-08-12 09:09 - 2015-07-16 12:51 - 00062464 _____ (Microsoft Corporation) C:\windows\SysWOW64\iesetup.dll
2015-08-12 09:09 - 2015-07-16 12:50 - 00341504 _____ (Microsoft Corporation) C:\windows\SysWOW64\html.iec
2015-08-12 09:09 - 2015-07-16 12:49 - 00064000 _____ (Microsoft Corporation) C:\windows\SysWOW64\MshtmlDac.dll
2015-08-12 09:09 - 2015-07-16 12:43 - 00047104 _____ (Microsoft Corporation) C:\windows\SysWOW64\jsproxy.dll
2015-08-12 09:09 - 2015-07-16 12:41 - 00479232 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieui.dll
2015-08-12 09:09 - 2015-07-16 12:39 - 00664064 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript.dll
2015-08-12 09:09 - 2015-07-16 12:39 - 00115712 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieUnatt.exe
2015-08-12 09:09 - 2015-07-16 12:38 - 00620032 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9diag.dll
2015-08-12 09:09 - 2015-07-16 12:36 - 00801280 _____ (Microsoft Corporation) C:\windows\system32\msfeeds.dll
2015-08-12 09:09 - 2015-07-16 12:34 - 14451200 _____ (Microsoft Corporation) C:\windows\system32\ieframe.dll
2015-08-12 09:09 - 2015-07-16 12:33 - 01359360 _____ (Microsoft Corporation) C:\windows\system32\mshtmlmedia.dll
2015-08-12 09:09 - 2015-07-16 12:32 - 02125824 _____ (Microsoft Corporation) C:\windows\system32\inetcpl.cpl
2015-08-12 09:09 - 2015-07-16 12:29 - 00418304 _____ (Microsoft Corporation) C:\windows\SysWOW64\dxtmsft.dll
2015-08-12 09:09 - 2015-07-16 12:20 - 00168960 _____ (Microsoft Corporation) C:\windows\SysWOW64\msrating.dll
2015-08-12 09:09 - 2015-07-16 12:12 - 04520448 _____ (Microsoft Corporation) C:\windows\SysWOW64\jscript9.dll
2015-08-12 09:09 - 2015-07-16 12:12 - 02427904 _____ (Microsoft Corporation) C:\windows\system32\wininet.dll
2015-08-12 09:09 - 2015-07-16 12:10 - 12856832 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieframe.dll
2015-08-12 09:09 - 2015-07-16 12:06 - 02052608 _____ (Microsoft Corporation) C:\windows\SysWOW64\inetcpl.cpl
2015-08-12 09:09 - 2015-07-16 12:05 - 01155072 _____ (Microsoft Corporation) C:\windows\SysWOW64\mshtmlmedia.dll
2015-08-12 09:09 - 2015-07-16 12:01 - 01545728 _____ (Microsoft Corporation) C:\windows\system32\urlmon.dll
2015-08-12 09:09 - 2015-07-16 11:49 - 00800768 _____ (Microsoft Corporation) C:\windows\system32\ieapfltr.dll
2015-08-12 09:09 - 2015-07-16 11:42 - 01951232 _____ (Microsoft Corporation) C:\windows\SysWOW64\wininet.dll
2015-08-12 09:09 - 2015-07-16 11:37 - 00710144 _____ (Microsoft Corporation) C:\windows\SysWOW64\ieapfltr.dll
2015-08-12 08:56 - 2015-07-28 13:09 - 00017344 _____ (Microsoft Corporation) C:\windows\system32\CompatTelRunner.exe
2015-08-12 08:56 - 2015-07-28 13:05 - 01116672 _____ (Microsoft Corporation) C:\windows\system32\appraiser.dll
2015-08-12 08:56 - 2015-07-28 13:05 - 00774656 _____ (Microsoft Corporation) C:\windows\system32\invagent.dll
2015-08-12 08:56 - 2015-07-28 13:05 - 00743424 _____ (Microsoft Corporation) C:\windows\system32\generaltel.dll
2015-08-12 08:56 - 2015-07-28 13:05 - 00437760 _____ (Microsoft Corporation) C:\windows\system32\devinv.dll
2015-08-12 08:56 - 2015-07-28 13:05 - 00227328 _____ (Microsoft Corporation) C:\windows\system32\aepdu.dll
2015-08-12 08:56 - 2015-07-28 13:05 - 00069120 _____ (Microsoft Corporation) C:\windows\system32\acmigration.dll
2015-08-12 08:56 - 2015-07-28 12:55 - 01148416 _____ (Microsoft Corporation) C:\windows\system32\aeinv.dll
2015-08-12 08:38 - 2015-07-15 11:15 - 05568960 _____ (Microsoft Corporation) C:\windows\system32\ntoskrnl.exe
2015-08-12 08:38 - 2015-07-15 11:15 - 00155584 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecpkg.sys
2015-08-12 08:38 - 2015-07-15 11:15 - 00095680 _____ (Microsoft Corporation) C:\windows\system32\Drivers\ksecdd.sys
2015-08-12 08:38 - 2015-07-15 11:15 - 00094656 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mountmgr.sys
2015-08-12 08:38 - 2015-07-15 11:12 - 01730496 _____ (Microsoft Corporation) C:\windows\system32\ntdll.dll
2015-08-12 08:38 - 2015-07-15 11:11 - 00362496 _____ (Microsoft Corporation) C:\windows\system32\wow64win.dll
2015-08-12 08:38 - 2015-07-15 11:11 - 00243712 _____ (Microsoft Corporation) C:\windows\system32\wow64.dll
2015-08-12 08:38 - 2015-07-15 11:11 - 00215040 _____ (Microsoft Corporation) C:\windows\system32\winsrv.dll
2015-08-12 08:38 - 2015-07-15 11:11 - 00210944 _____ (Microsoft Corporation) C:\windows\system32\wdigest.dll
2015-08-12 08:38 - 2015-07-15 11:11 - 00013312 _____ (Microsoft Corporation) C:\windows\system32\wow64cpu.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 01743360 _____ (Microsoft Corporation) C:\windows\system32\sysmain.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 01461760 _____ (Microsoft Corporation) C:\windows\system32\lsasrv.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 01216512 _____ (Microsoft Corporation) C:\windows\system32\rpcrt4.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 01163264 _____ (Microsoft Corporation) C:\windows\system32\kernel32.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 00729088 _____ (Microsoft Corporation) C:\windows\system32\kerberos.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 00503808 _____ (Microsoft Corporation) C:\windows\system32\srcore.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 00424960 _____ (Microsoft Corporation) C:\windows\system32\KernelBase.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 00342016 _____ (Microsoft Corporation) C:\windows\system32\schannel.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 00315392 _____ (Microsoft Corporation) C:\windows\system32\msv1_0.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 00309760 _____ (Microsoft Corporation) C:\windows\system32\ncrypt.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 00296960 _____ (Microsoft Corporation) C:\windows\system32\rstrui.exe
2015-08-12 08:38 - 2015-07-15 11:10 - 00136192 _____ (Microsoft Corporation) C:\windows\system32\sspicli.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 00112640 _____ (Microsoft Corporation) C:\windows\system32\smss.exe
2015-08-12 08:38 - 2015-07-15 11:10 - 00086528 _____ (Microsoft Corporation) C:\windows\system32\TSpkg.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 00050176 _____ (Microsoft Corporation) C:\windows\system32\srclient.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\cryptbase.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 00043520 _____ (Microsoft Corporation) C:\windows\system32\csrsrv.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 00031232 _____ (Microsoft Corporation) C:\windows\system32\lsass.exe
2015-08-12 08:38 - 2015-07-15 11:10 - 00029184 _____ (Microsoft Corporation) C:\windows\system32\sspisrv.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 00028160 _____ (Microsoft Corporation) C:\windows\system32\secur32.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 00022016 _____ (Microsoft Corporation) C:\windows\system32\credssp.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 00016384 _____ (Microsoft Corporation) C:\windows\system32\ntvdm64.dll
2015-08-12 08:38 - 2015-07-15 11:10 - 00011264 _____ (Microsoft Corporation) C:\windows\system32\msmmsp.dll
2015-08-12 08:38 - 2015-07-15 11:09 - 00338432 _____ (Microsoft Corporation) C:\windows\system32\conhost.exe
2015-08-12 08:38 - 2015-07-15 11:09 - 00064000 _____ (Microsoft Corporation) C:\windows\system32\auditpol.exe
2015-08-12 08:38 - 2015-07-15 11:05 - 00146432 _____ (Microsoft Corporation) C:\windows\system32\msaudite.dll
2015-08-12 08:38 - 2015-07-15 11:05 - 00060416 _____ (Microsoft Corporation) C:\windows\system32\msobjs.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00686080 _____ (Microsoft Corporation) C:\windows\system32\adtschema.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00006656 _____ (Microsoft Corporation) C:\windows\system32\apisetschema.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00006144 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00005120 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00004608 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00004096 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003584 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 11:00 - 00003072 ____H (Microsoft Corporation) C:\windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:59 - 03989952 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntkrnlpa.exe
2015-08-12 08:38 - 2015-07-15 10:59 - 03934656 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntoskrnl.exe
2015-08-12 08:38 - 2015-07-15 10:56 - 01311768 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntdll.dll
2015-08-12 08:38 - 2015-07-15 10:55 - 00248832 _____ (Microsoft Corporation) C:\windows\SysWOW64\schannel.dll
2015-08-12 08:38 - 2015-07-15 10:55 - 00172032 _____ (Microsoft Corporation) C:\windows\SysWOW64\wdigest.dll
2015-08-12 08:38 - 2015-07-15 10:55 - 00065536 _____ (Microsoft Corporation) C:\windows\SysWOW64\TSpkg.dll
2015-08-12 08:38 - 2015-07-15 10:55 - 00043008 _____ (Microsoft Corporation) C:\windows\SysWOW64\srclient.dll
2015-08-12 08:38 - 2015-07-15 10:55 - 00022016 _____ (Microsoft Corporation) C:\windows\SysWOW64\secur32.dll
2015-08-12 08:38 - 2015-07-15 10:54 - 00552960 _____ (Microsoft Corporation) C:\windows\SysWOW64\kerberos.dll
2015-08-12 08:38 - 2015-07-15 10:54 - 00259584 _____ (Microsoft Corporation) C:\windows\SysWOW64\msv1_0.dll
2015-08-12 08:38 - 2015-07-15 10:54 - 00221184 _____ (Microsoft Corporation) C:\windows\SysWOW64\ncrypt.dll
2015-08-12 08:38 - 2015-07-15 10:54 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\cryptbase.dll
2015-08-12 08:38 - 2015-07-15 10:54 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\setup16.exe
2015-08-12 08:38 - 2015-07-15 10:54 - 00017408 _____ (Microsoft Corporation) C:\windows\SysWOW64\credssp.dll
2015-08-12 08:38 - 2015-07-15 10:54 - 00014336 _____ (Microsoft Corporation) C:\windows\SysWOW64\ntvdm64.dll
2015-08-12 08:38 - 2015-07-15 10:53 - 01114112 _____ (Microsoft Corporation) C:\windows\SysWOW64\kernel32.dll
2015-08-12 08:38 - 2015-07-15 10:53 - 00665088 _____ (Microsoft Corporation) C:\windows\SysWOW64\rpcrt4.dll
2015-08-12 08:38 - 2015-07-15 10:53 - 00274944 _____ (Microsoft Corporation) C:\windows\SysWOW64\KernelBase.dll
2015-08-12 08:38 - 2015-07-15 10:53 - 00096768 _____ (Microsoft Corporation) C:\windows\SysWOW64\sspicli.dll
2015-08-12 08:38 - 2015-07-15 10:53 - 00050176 _____ (Microsoft Corporation) C:\windows\SysWOW64\auditpol.exe
2015-08-12 08:38 - 2015-07-15 10:53 - 00005120 _____ (Microsoft Corporation) C:\windows\SysWOW64\wow32.dll
2015-08-12 08:38 - 2015-07-15 10:49 - 00060416 _____ (Microsoft Corporation) C:\windows\SysWOW64\msobjs.dll
2015-08-12 08:38 - 2015-07-15 10:48 - 00146432 _____ (Microsoft Corporation) C:\windows\SysWOW64\msaudite.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00686080 _____ (Microsoft Corporation) C:\windows\SysWOW64\adtschema.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00006656 _____ (Microsoft Corporation) C:\windows\SysWOW64\apisetschema.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00005120 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00004096 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 10:44 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 09:46 - 00290816 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb10.sys
2015-08-12 08:38 - 2015-07-15 09:46 - 00159232 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb.sys
2015-08-12 08:38 - 2015-07-15 09:46 - 00129024 _____ (Microsoft Corporation) C:\windows\system32\Drivers\mrxsmb20.sys
2015-08-12 08:38 - 2015-07-15 09:37 - 00007680 _____ (Microsoft Corporation) C:\windows\SysWOW64\instnm.exe
2015-08-12 08:38 - 2015-07-15 09:37 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\user.exe
2015-08-12 08:38 - 2015-07-15 09:34 - 00006144 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 09:34 - 00004608 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 09:34 - 00003584 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-08-12 08:38 - 2015-07-15 09:34 - 00003072 ____H (Microsoft Corporation) C:\windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-08-12 08:37 - 2015-07-10 10:51 - 03722752 _____ (Microsoft Corporation) C:\windows\system32\mstscax.dll
2015-08-12 08:37 - 2015-07-10 10:51 - 00158720 _____ (Microsoft Corporation) C:\windows\system32\aaclient.dll
2015-08-12 08:37 - 2015-07-10 10:51 - 00044032 _____ (Microsoft Corporation) C:\windows\system32\tsgqec.dll
2015-08-12 08:37 - 2015-07-10 10:34 - 03221504 _____ (Microsoft Corporation) C:\windows\SysWOW64\mstscax.dll
2015-08-12 08:37 - 2015-07-10 10:34 - 00036864 _____ (Microsoft Corporation) C:\windows\SysWOW64\tsgqec.dll
2015-08-12 08:37 - 2015-07-10 10:33 - 00131584 _____ (Microsoft Corporation) C:\windows\SysWOW64\aaclient.dll
2015-08-12 08:36 - 2015-07-14 20:19 - 00052736 _____ (Microsoft Corporation) C:\windows\system32\basesrv.dll
2015-08-12 08:28 - 2015-07-30 11:06 - 02565120 _____ (Microsoft Corporation) C:\windows\system32\d3d10warp.dll
2015-08-12 08:28 - 2015-07-30 11:06 - 01648128 _____ (Microsoft Corporation) C:\windows\system32\DWrite.dll
2015-08-12 08:28 - 2015-07-30 11:06 - 01180160 _____ (Microsoft Corporation) C:\windows\system32\FntCache.dll
2015-08-12 08:28 - 2015-07-30 11:06 - 00100864 _____ (Microsoft Corporation) C:\windows\system32\fontsub.dll
2015-08-12 08:28 - 2015-07-30 11:06 - 00046080 _____ (Adobe Systems) C:\windows\system32\atmlib.dll
2015-08-12 08:28 - 2015-07-30 11:06 - 00041984 _____ (Microsoft Corporation) C:\windows\system32\lpk.dll
2015-08-12 08:28 - 2015-07-30 11:06 - 00014336 _____ (Microsoft Corporation) C:\windows\system32\dciman32.dll
2015-08-12 08:28 - 2015-07-30 10:57 - 01987584 _____ (Microsoft Corporation) C:\windows\SysWOW64\d3d10warp.dll
2015-08-12 08:28 - 2015-07-30 10:57 - 01251328 _____ (Microsoft Corporation) C:\windows\SysWOW64\DWrite.dll
2015-08-12 08:28 - 2015-07-30 10:57 - 00070656 _____ (Microsoft Corporation) C:\windows\SysWOW64\fontsub.dll
2015-08-12 08:28 - 2015-07-30 10:57 - 00034304 _____ (Adobe Systems) C:\windows\SysWOW64\atmlib.dll
2015-08-12 08:28 - 2015-07-30 10:57 - 00010240 _____ (Microsoft Corporation) C:\windows\SysWOW64\dciman32.dll
2015-08-12 08:28 - 2015-07-30 10:55 - 00025600 _____ (Microsoft Corporation) C:\windows\SysWOW64\lpk.dll
2015-08-12 08:28 - 2015-07-30 09:56 - 03208192 _____ (Microsoft Corporation) C:\windows\system32\win32k.sys
2015-08-12 08:28 - 2015-07-30 09:52 - 00372736 _____ (Adobe Systems Incorporated) C:\windows\system32\atmfd.dll
2015-08-12 08:28 - 2015-07-30 09:49 - 00299520 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\atmfd.dll
2015-08-12 08:28 - 2015-07-14 20:19 - 02004992 _____ (Microsoft Corporation) C:\windows\system32\msxml6.dll
2015-08-12 08:28 - 2015-07-14 20:19 - 01887232 _____ (Microsoft Corporation) C:\windows\system32\msxml3.dll
2015-08-12 08:28 - 2015-07-14 20:14 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml6r.dll
2015-08-12 08:28 - 2015-07-14 20:13 - 00002048 _____ (Microsoft Corporation) C:\windows\system32\msxml3r.dll
2015-08-12 08:28 - 2015-07-14 19:55 - 01390592 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6.dll
2015-08-12 08:28 - 2015-07-14 19:55 - 01241088 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3.dll
2015-08-12 08:28 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml6r.dll
2015-08-12 08:28 - 2015-07-14 19:51 - 00002048 _____ (Microsoft Corporation) C:\windows\SysWOW64\msxml3r.dll
2015-08-12 08:28 - 2015-07-01 13:49 - 00260096 _____ (Microsoft Corporation) C:\windows\system32\WebClnt.dll
2015-08-12 08:28 - 2015-07-01 13:48 - 00102912 _____ (Microsoft Corporation) C:\windows\system32\davclnt.dll
2015-08-12 08:28 - 2015-07-01 13:30 - 00206848 _____ (Microsoft Corporation) C:\windows\SysWOW64\WebClnt.dll
2015-08-12 08:28 - 2015-07-01 13:30 - 00082432 _____ (Microsoft Corporation) C:\windows\SysWOW64\davclnt.dll
2015-08-12 08:25 - 2015-07-10 10:51 - 14177280 _____ (Microsoft Corporation) C:\windows\system32\shell32.dll
2015-08-12 08:25 - 2015-07-10 10:34 - 12875776 _____ (Microsoft Corporation) C:\windows\SysWOW64\shell32.dll
2015-08-12 08:25 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\windows\system32\notepad.exe
2015-08-12 08:25 - 2015-07-09 10:57 - 00193536 _____ (Microsoft Corporation) C:\windows\notepad.exe
2015-08-12 08:25 - 2015-07-09 10:42 - 00179712 _____ (Microsoft Corporation) C:\windows\SysWOW64\notepad.exe
2015-08-12 08:17 - 2015-07-20 11:12 - 03154944 _____ (Microsoft Corporation) C:\windows\system32\wucltux.dll
2015-08-12 08:17 - 2015-07-20 11:12 - 02606080 _____ (Microsoft Corporation) C:\windows\system32\wuaueng.dll
2015-08-12 08:17 - 2015-07-20 11:12 - 00696320 _____ (Microsoft Corporation) C:\windows\system32\wuapi.dll
2015-08-12 08:17 - 2015-07-20 11:12 - 00192000 _____ (Microsoft Corporation) C:\windows\system32\wuwebv.dll
2015-08-12 08:17 - 2015-07-20 11:12 - 00139776 _____ (Microsoft Corporation) C:\windows\system32\wuauclt.exe
2015-08-12 08:17 - 2015-07-20 11:12 - 00098304 _____ (Microsoft Corporation) C:\windows\system32\wudriver.dll
2015-08-12 08:17 - 2015-07-20 11:12 - 00091136 _____ (Microsoft Corporation) C:\windows\system32\WinSetupUI.dll
2015-08-12 08:17 - 2015-07-20 11:12 - 00037888 _____ (Microsoft Corporation) C:\windows\system32\wups2.dll
2015-08-12 08:17 - 2015-07-20 11:12 - 00037376 _____ (Microsoft Corporation) C:\windows\system32\wuapp.exe
2015-08-12 08:17 - 2015-07-20 11:12 - 00036864 _____ (Microsoft Corporation) C:\windows\system32\wups.dll
2015-08-12 08:17 - 2015-07-20 11:12 - 00012288 _____ (Microsoft Corporation) C:\windows\system32\wu.upgrade.ps.dll
2015-08-12 08:17 - 2015-07-20 10:56 - 00566784 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapi.dll
2015-08-12 08:17 - 2015-07-20 10:56 - 00173056 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuwebv.dll
2015-08-12 08:17 - 2015-07-20 10:56 - 00093184 _____ (Microsoft Corporation) C:\windows\SysWOW64\wudriver.dll
2015-08-12 08:17 - 2015-07-20 10:56 - 00034816 _____ (Microsoft Corporation) C:\windows\SysWOW64\wuapp.exe
2015-08-12 08:17 - 2015-07-20 10:56 - 00030208 _____ (Microsoft Corporation) C:\windows\SysWOW64\wups.dll
2015-08-12 08:17 - 2015-05-09 11:26 - 00493504 _____ (Microsoft Corporation) C:\windows\system32\mcupdate_GenuineIntel.dll
2015-08-10 09:54 - 2015-08-10 09:54 - 00000000 ____D C:\Users\Mollie\Desktop\W30767
2015-08-06 11:53 - 2015-08-06 11:53 - 00000000 ____D C:\Users\Mollie\Documents\Bluetooth
2015-08-03 20:00 - 2015-08-24 08:07 - 00004980 _____ C:\windows\System32\Tasks\Microsoft Office 15 Sync Maintenance for Mollie-PC-Mollie Mollie-PC

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-31 10:16 - 2014-12-11 21:56 - 00000000 ____D C:\Users\Mollie\Documents\Outlook Files
2015-08-31 10:04 - 2015-01-29 16:28 - 00000898 _____ C:\windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-31 09:31 - 2014-05-27 22:29 - 00000830 _____ C:\windows\Tasks\Adobe Flash Player Updater.job
2015-08-31 09:26 - 2009-07-13 21:45 - 00028592 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-08-31 09:26 - 2009-07-13 21:45 - 00028592 ____H C:\windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-08-31 09:19 - 2014-12-11 21:24 - 00001412 _____ C:\Users\Mollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Internet Explorer.lnk
2015-08-31 09:15 - 2015-01-29 16:28 - 00000894 _____ C:\windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-31 09:15 - 2009-07-13 22:08 - 00000006 ____H C:\windows\Tasks\SA.DAT
2015-08-31 09:14 - 2015-06-03 15:13 - 00002155 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-08-31 09:14 - 2014-12-16 13:17 - 00002188 _____ C:\Users\Mollie\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Microsoft OneDrive.lnk
2015-08-31 09:14 - 2014-12-16 09:17 - 00000950 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\I.R.I.S. OCR Registration.lnk
2015-08-31 09:14 - 2014-10-24 12:36 - 00002067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Toshiba Book Place.lnk
2015-08-31 09:14 - 2014-05-27 22:34 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk
2015-08-31 09:14 - 2014-05-27 21:24 - 00001333 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Media Center.lnk
2015-08-31 09:14 - 2014-05-27 21:24 - 00001314 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows DVD Maker.lnk
2015-08-31 09:14 - 2009-07-13 22:01 - 00001218 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Default Programs.lnk
2015-08-31 09:14 - 2009-07-13 21:57 - 00001511 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-31 09:14 - 2009-07-13 21:57 - 00001340 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Anytime Upgrade.lnk
2015-08-31 09:14 - 2009-07-13 21:57 - 00001292 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sidebar.lnk
2015-08-31 09:14 - 2009-07-13 21:57 - 00001234 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XPS Viewer.lnk
2015-08-31 09:14 - 2009-07-13 21:54 - 00001198 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Fax and Scan.lnk
2015-08-31 09:14 - 2009-07-13 21:49 - 00001246 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Windows Update.lnk
2015-08-31 09:14 - 2009-07-13 20:20 - 00000000 ____D C:\windows\PLA
2015-08-31 09:00 - 2015-03-13 08:21 - 00113880 _____ (Malwarebytes Corporation) C:\windows\system32\Drivers\MBAMSwissArmy.sys
2015-08-31 08:43 - 2014-10-24 11:42 - 02082710 _____ C:\windows\WindowsUpdate.log
2015-08-30 14:01 - 2009-07-13 22:13 - 00781790 _____ C:\windows\system32\PerfStringBackup.INI
2015-08-30 13:59 - 2015-01-29 16:28 - 00003894 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-30 13:59 - 2015-01-29 16:28 - 00003642 _____ C:\windows\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-28 14:57 - 2014-12-18 14:19 - 00000000 ____D C:\Users\Mollie\Desktop\Forms
2015-08-28 13:41 - 2009-07-13 20:20 - 00000000 ____D C:\windows\schemas
2015-08-28 13:03 - 2015-01-24 14:49 - 00000000 ____D C:\Users\Mollie\Desktop\Clean Up
2015-08-28 11:16 - 2009-07-13 20:20 - 00000000 ____D C:\windows\Registration
2015-08-28 10:06 - 2014-12-19 12:59 - 00000000 ____D C:\Users\Mollie\AppData\Local\CrashDumps
2015-08-28 10:00 - 2014-10-24 12:28 - 00000000 ____D C:\ProgramData\Norton
2015-08-28 10:00 - 2009-07-13 20:20 - 00000000 ____D C:\windows\LiveKernelReports
2015-08-28 09:08 - 2015-07-31 08:32 - 00000000 ____D C:\windows\System32\Tasks\Remediation
2015-08-27 15:18 - 2009-07-13 20:20 - 00000000 ____D C:\windows\tracing
2015-08-27 13:39 - 2009-07-13 20:20 - 00000000 ____D C:\windows\system32\NDF
2015-08-27 07:02 - 2014-05-27 21:30 - 00357888 _____ (Microsoft Corporation) C:\windows\system32\dnsapi.dll
2015-08-27 07:02 - 2014-05-27 21:30 - 00270336 _____ (Microsoft Corporation) C:\windows\SysWOW64\dnsapi.dll
2015-08-27 06:55 - 2009-07-13 20:20 - 00000000 ___HD C:\windows\system32\GroupPolicy
2015-08-27 06:55 - 2009-07-13 20:20 - 00000000 ____D C:\windows\SysWOW64\GroupPolicy
2015-08-26 14:55 - 2014-12-18 15:04 - 00000000 ____D C:\Users\Mollie\Desktop\Warranty Letter
2015-08-25 19:23 - 2014-12-29 10:03 - 00000000 ____D C:\Users\Mollie\Desktop\Mollie Statewide 2
2015-08-25 17:35 - 2014-12-18 14:16 - 00000000 ____D C:\Users\Mollie\Desktop\Al
2015-08-25 07:56 - 2014-12-16 13:10 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-08-24 15:52 - 2015-03-02 10:11 - 00000000 ____D C:\Users\Mollie\Desktop\Certificates 2015
2015-08-20 14:48 - 2014-12-18 15:00 - 00000000 ____D C:\Users\Mollie\Desktop\Roof Info
2015-08-20 09:35 - 2014-12-18 14:33 - 00000000 ____D C:\Users\Mollie\Desktop\Richard
2015-08-17 14:54 - 2014-12-18 14:22 - 00000000 ____D C:\Users\Mollie\Desktop\Mike C
2015-08-16 08:41 - 2014-12-18 14:16 - 00000000 ___RD C:\Users\Mollie\Desktop\Admin 2
2015-08-14 14:56 - 2014-12-18 15:04 - 00000000 ____D C:\Users\Mollie\Desktop\Sequoia
2015-08-14 11:33 - 2009-07-13 20:20 - 00000000 ____D C:\windows\rescache
2015-08-13 19:14 - 2009-07-13 21:45 - 00380416 _____ C:\windows\system32\FNTCACHE.DAT
2015-08-13 19:11 - 2014-12-13 15:41 - 00000000 ___SD C:\windows\system32\CompatTel
2015-08-13 19:11 - 2014-12-13 15:41 - 00000000 ____D C:\windows\system32\appraiser
2015-08-12 19:31 - 2014-12-18 14:22 - 00000000 ____D C:\Users\Mollie\Desktop\Kyle
2015-08-12 14:39 - 2014-12-18 14:24 - 00000000 ____D C:\Users\Mollie\Desktop\Permits AND Licenses
2015-08-12 11:42 - 2014-12-11 21:19 - 00000000 ____D C:\Users\Mollie
2015-08-12 10:31 - 2014-05-27 22:29 - 00778440 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerApp.exe
2015-08-12 10:31 - 2014-05-27 22:29 - 00142536 _____ (Adobe Systems Incorporated) C:\windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-12 10:31 - 2014-05-27 22:29 - 00003768 _____ C:\windows\System32\Tasks\Adobe Flash Player Updater
2015-08-11 13:48 - 2014-12-18 14:23 - 00000000 ____D C:\Users\Mollie\Desktop\Mike D
2015-08-07 14:50 - 2014-05-28 13:58 - 00000000 ____D C:\windows\Panther
2015-08-07 14:42 - 2015-07-10 06:39 - 00000000 ___HD C:\$Windows.~BT
2015-08-06 11:53 - 2014-12-11 21:24 - 00000000 ____D C:\Users\Mollie\AppData\Local\TOSHIBA
2015-08-06 11:53 - 2014-05-27 22:39 - 00000000 ____D C:\ProgramData\Toshiba
2015-08-02 17:23 - 2009-07-13 22:08 - 00032612 _____ C:\windows\Tasks\SCHEDLGU.TXT

==================== Files in the root of some directories =======

2015-08-27 06:56 - 2015-08-27 06:56 - 0000187 _____ () C:\Users\Mollie\AppData\Local\Xxx-line.exe.config
2014-12-16 09:11 - 2014-12-16 09:11 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-10-24 11:59 - 2014-10-24 11:59 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-02-27 14:25 - 2015-02-27 14:25 - 0000136 _____ () C:\ProgramData\Microsoft.SqlServer.Compact.400.32.bc

Some files in TEMP:
====================
C:\Users\Mollie\AppData\Local\Temp\fsdAAB2.exe
C:\Users\Mollie\AppData\Local\Temp\fsdB378.exe
C:\Users\Mollie\AppData\Local\Temp\SpOrder.dll
C:\Users\Mollie\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\windows\system32\winlogon.exe => File is digitally signed
C:\windows\system32\wininit.exe => File is digitally signed
C:\windows\SysWOW64\wininit.exe => File is digitally signed
C:\windows\explorer.exe => File is digitally signed
C:\windows\SysWOW64\explorer.exe => File is digitally signed
C:\windows\system32\svchost.exe => File is digitally signed
C:\windows\SysWOW64\svchost.exe => File is digitally signed
C:\windows\system32\services.exe => File is digitally signed
C:\windows\system32\User32.dll => File is digitally signed
C:\windows\SysWOW64\User32.dll => File is digitally signed
C:\windows\system32\userinit.exe => File is digitally signed
C:\windows\SysWOW64\userinit.exe => File is digitally signed
C:\windows\system32\rpcss.dll => File is digitally signed
C:\windows\system32\dnsapi.dll
[2014-05-27 21:30] - [2015-08-27 07:02] - 0357888 ____A (Microsoft Corporation) 0E4E27DDEC7F5282C284799613F814FC

C:\windows\SysWOW64\dnsapi.dll
[2014-05-27 21:30] - [2015-08-27 07:02] - 0270336 ____A (Microsoft Corporation) CF5C2D3562991284A5E75F928692D058

C:\windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-25 09:16

==================== End of FRST.txt ============================



BC AdBot (Login to Remove)

 


m

#2 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 AM

Posted 31 August 2015 - 01:07 PM

Hello, Welcome to BleepingComputer.
I'm nasdaq and will be helping you.

If you can please print this topic it will make it easier for you to follow the instructions and complete all of the necessary steps in the order listed.
===

Press the windows key Windows_Logo_key.gif+ r on your keyboard at the same time. This will open the RUN BOX.
Type Notepad and and click the OK key.
Please copy the entire contents of the code box below to the a new file.
 
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files\NixSrv\NixSrv.exe
() C:\Program Files\NixSrv\packages\19a63c00-2126-41cf-a2fd-b04d1f26c4ae\NixHost.exe
() C:\ProgramData\DataFile\Downloads\DV.exe
() C:\ProgramData\ExtTag\ExtTag.exe
() C:\ProgramData\ExtTag\White-Plus.exe
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1652722684-191071495-755533906-1000\...\Run: [DV] => C:\ProgramData\DataFile\Downloads\DV.exe [277504 2015-08-11] ()
AppInit_DLLs: C:\ProgramData\ExtTag\WarmAnjob.dll => C:\ProgramData\ExtTag\WarmAnjob.dll [212992 2015-08-31] ()
AppInit_DLLs-x32: C:\ProgramData\ExtTag\Red-Strong.dll => C:\ProgramData\ExtTag\Red-Strong.dll [194560 2015-08-31] ()
HKU\S-1-5-21-1652722684-191071495-755533906-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
HKU\S-1-5-21-1652722684-191071495-755533906-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
HKU\S-1-5-21-1652722684-191071495-755533906-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlpOkNS3oSLsLtAx80JG8S9jKKQ7vrOOkfSGlUtV_DIAEvMK0xOVwheR4ed9zBx4y0uTm0WfYxTITXVkI
HKU\S-1-5-21-1652722684-191071495-755533906-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1652722684-191071495-755533906-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1652722684-191071495-755533906-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
FF Homepage: C:\ProgramData\ExtTags\ff.HP
FF NewTab: C:\ProgramData\ExtTags\ff.NT
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: Screen Flip 1.0.1 - C:\Users\Mollie\AppData\Roaming\Mozilla\Firefox\Profiles\spgmq2oz.default\Extensions\{7c546926-b97d-4b3c-a787-098d892064ad}.xpi [2015-08-27]
R2 ExtTag; C:\ProgramData\ExtTag\ExtTag.exe [33792 2015-08-27] () [File not signed]
R2 NixSrv; C:\Program Files\NixSrv\NixSrv.exe [379904 2015-08-27] () [File not signed][/B]
C:\Users\Mollie\AppData\Local\Temp\fsdAAB2.exe
C:\Users\Mollie\AppData\Local\Temp\fsdB378.exe
C:\Users\Mollie\AppData\Local\Temp\SpOrder.dll
C:\Program Files\NixSrv
C:\ProgramData\DataFile\Downloads\DV.exe
C:\ProgramData\ExtTag
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll

End
Save the file as fixlist.txt in the same folder where the Farbar tool is running from.
The location is listed in the 3rd line of the Farbar log you have submitted.

Run FRST and click Fix only once and wait.

Restart the computer normally to reset the registry. <- Important.

The tool will create a log (Fixlog.txt) please post it to your reply.
===

Reset Internet Explorer:
Menu > Tools > Internet Options > Advanced Tab.
Click the Reset button on the bottom of the pane.
Click the Apply button.
Close IE.


Clean the Internet Explorer Cache.
https://kb.wisc.edu/page.php?id=15141

For IE 10, 11 follow the following instructions.
http://refreshyourcache.com/en/internet-explorer-11/
===

I also need to see the content of the Addition.txt file that was created by the Farbar tool.
Please post it.


How is the computer running now?

#3 Merlot14

Merlot14
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 31 August 2015 - 01:17 PM

Thanks nasdaq for your help.

 

Here is the Addition.txt:

Additional scan result of Farbar Recovery Scan Tool (x64) Version:28-08-2015
Ran by Mollie (2015-08-28 13:06:36)
Running from C:\Users\Mollie\Desktop\Nick's Tools
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-1652722684-191071495-755533906-500 - Administrator - Disabled)
Guest (S-1-5-21-1652722684-191071495-755533906-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-1652722684-191071495-755533906-1002 - Limited - Enabled)
Mollie (S-1-5-21-1652722684-191071495-755533906-1000 - Administrator - Enabled) => C:\Users\Mollie

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.11)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.11 - Adobe Systems Incorporated)
Bejeweled 3 (x32 Version: 2.2.0.97 - WildTangent) Hidden
Bluetooth Stack for Windows by Toshiba (HKLM\...\{CEBB6BFB-D708-4F99-A633-BC2600E01EF6}) (Version: v9.10.20(T) - TOSHIBA CORPORATION)
Broadcom Bluetooth Filter Driver Package (HKLM-x32\...\{DA310504-F4DD-4545-A975-DEA59B52329E}) (Version: 6.5.1.4900 - Toshiba Corporation)
Broadcom Wireless Utility (HKLM\...\{4CDA59B9-7AD3-4283-9F5C-BC469FF975B6}) (Version: 6.30.223.201 - Broadcom Corporation)
Bullzip PDF Printer 10.10.0.2307 (HKLM\...\Bullzip PDF Printer_is1) (Version: 10.10.0.2307 - Bullzip)
CCleaner (HKLM\...\CCleaner) (Version: 5.02 - Piriform)
Cut the Rope (x32 Version: 3.0.2.38 - WildTangent) Hidden
DTS Sound (HKLM-x32\...\{9B17BBEC-CF31-4C23-949E-E65A14365CE1}) (Version: 1.01.6200 - DTS, Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
HP Officejet Pro 8100 Basic Device Software (HKLM\...\{E6403545-8324-47B4-ADCD-4F8A4CD8A1E1}) (Version: 28.0.1321.0 - Hewlett-Packard Co.)
HP Officejet Pro 8600 Basic Device Software (HKLM\...\{2D5E3D2B-919F-407C-8757-E64827518BB6}) (Version: 25.0.619.0 - Hewlett-Packard Co.)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
I.R.I.S. OCR (HKLM-x32\...\{CA6BCA2F-EDEB-408F-850B-31404BE16A61}) (Version: 12.3.4.0 - HP)
Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 9.5.23.1766 - Intel Corporation)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3412 - Intel Corporation)
Intel(R) Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.9.0.1001 - Intel Corporation)
Intel(R) USB 3.0 eXtensible Host Controller Driver (HKLM-x32\...\{240C3DDD-C5E9-4029-9DF7-95650D040CF2}) (Version: 2.5.3.34 - Intel Corporation)
Jack of All Tribes (x32 Version: 2.2.0.97 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
Luxor Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft .NET Framework 4.5.1 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.50938 - Microsoft Corporation)
Microsoft Office Home and Business 2013 - en-us (HKLM\...\HomeBusinessRetail - en-us) (Version: 15.0.4745.1002 - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-1652722684-191071495-755533906-1000\...\OneDriveSetup.exe) (Version: 17.0.4023.1211 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{071c9b48-7c32-4621-a0ac-3f809523288f}) (Version: 8.0.56336 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4745.1002 - Microsoft Corporation) Hidden
Plants vs. Zombies - Game of the Year (x32 Version: 2.2.0.98 - WildTangent) Hidden
PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29077 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.78.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7195 - Realtek Semiconductor Corp.)
SHARP MX/MX-M Series PCL/PS Printer Driver (HKLM-x32\...\SHARP MX-2310U PCL PS Printer Driver) (Version: 1.00.000 - SHARP)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 18.1.3.0 - Synaptics Incorporated)
Toshiba App Place (HKLM-x32\...\{ED3CBA78-488F-4E8C-B33F-8E3BF4DDB4D2}) (Version: 1.0.6.3 - Toshiba)
TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.2 - TOSHIBA)
TOSHIBA Battery Manager (HKLM\...\{22C02670-53B4-4DEC-8BFE-E09720DF2904}) (Version: 9.0.4.64 - Toshiba Corporation)
Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)
TOSHIBA Disc Creator (HKLM\...\{5DA0E02F-970B-424B-BF41-513A5018E4C0}) (Version: 2.1.0.13 for x64 - TOSHIBA Corporation)
TOSHIBA eco Utility (HKLM\...\{F5AFF327-9B52-4E96-B5A0-BD2488A8EEC9}) (Version: 1.4.5.64 - Toshiba Corporation)
TOSHIBA Flash Cards (HKLM\...\{F5D089A2-3E02-4471-AA04-3C7B87A60BD4}) (Version: 9.0.5.6401 - Toshiba Corporation)
TOSHIBA Hardware Setup (HKLM-x32\...\{6D622295-07A8-4CB3-8E0E-6E3D7C782A7B}) (Version: 3.1.0.14 - TOSHIBA Corporation)
TOSHIBA HDD/SSD Alert (HKLM\...\{D4322448-B6AF-4316-B859-D8A0E84DCB38}) (Version: 3.1.64.15 - TOSHIBA Corporation)
TOSHIBA PC Diagnostic Tool (HKLM-x32\...\{F0794FA5-1809-4FC3-AA4E-48061281B5A2}) (Version: 9.0.3.6400 - Toshiba Corporation)
TOSHIBA Power Saver (HKLM\...\{4573FA6D-5FC1-4CA0-8D90-BAF9325B28ED}) (Version: 9.0.2.6402 - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 2.1.9.52040013 - Toshiba Corporation)
TOSHIBA Service Station (HKLM-x32\...\{AC6569FA-6919-442A-8552-073BE69E247A}) (Version: 2.2.13 - TOSHIBA)
TOSHIBA Sleep Utility (HKLM-x32\...\{472175F3-ACB2-4977-8CC8-EB971C24F245}) (Version: 2.0.1.3201 - Toshiba Corporation)
TOSHIBA Supervisor Password (HKLM-x32\...\{ACBD8468-50CB-4DD8-99AC-2367FD87460D}) (Version: 3.1.0.6 - TOSHIBA Corporation)
TOSHIBA System Driver (HKLM\...\{46754F5B-B496-4BCA-87E5-84ACF27FCE0F}) (Version: 9.0.2.6401 - Toshiba Corporation)
TOSHIBARegistration (HKLM-x32\...\{5AF550B4-BB67-4E7E-82F1-2C4300279050}) (Version: 1.1.0.1 - TOSHIBA)
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (Toshiba Games) (x32 Version: 4.0.10.20 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1652722684-191071495-755533906-1000_Classes\CLSID\{45C6AFA5-2C13-402f-BC5D-45CC8172EF6B}\InprocServer32 -> C:\Program Files (x86)\Toshiba\Bluetooth Toshiba Stack\sys\x64\TosBtExt.dll (TOSHIBA)
CustomCLSID: HKU\S-1-5-21-1652722684-191071495-755533906-1000_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Mollie\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1652722684-191071495-755533906-1000_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Mollie\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1652722684-191071495-755533906-1000_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Mollie\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1652722684-191071495-755533906-1000_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Mollie\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\SkyDriveShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-1652722684-191071495-755533906-1000_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Mollie\AppData\Local\Microsoft\SkyDrive\17.0.4023.1211\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

19-08-2015 16:19:26 Windows Update
27-08-2015 07:23:50 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
27-08-2015 11:03:55 JRT Pre-Junkware Removal
27-08-2015 11:22:38 JRT Pre-Junkware Removal
27-08-2015 14:22:33 Revo Uninstaller's restore point - agederar
27-08-2015 14:25:22 Revo Uninstaller's restore point - OnePCOptimizer
27-08-2015 14:27:15 Revo Uninstaller's restore point - Super Optimizer v3.2
27-08-2015 14:29:11 Revo Uninstaller's restore point - Search Protect
27-08-2015 14:30:04 Revo Uninstaller's restore point - s5mark
27-08-2015 14:32:56 Revo Uninstaller's restore point - Network packet analyzer
27-08-2015 14:33:48 Revo Uninstaller's restore point - Hades
27-08-2015 14:34:32 Revo Uninstaller's restore point - Malware Protection Live
27-08-2015 14:35:53 Revo Uninstaller's restore point - GeniusBox 2.0
27-08-2015 14:38:00 Revo Uninstaller's restore point - FlashBeat
27-08-2015 14:38:37 Revo Uninstaller's restore point - Disable Margin
27-08-2015 14:39:32 Revo Uninstaller's restore point - Disable Margin
27-08-2015 14:41:07 Revo Uninstaller's restore point - Disable Margin
27-08-2015 14:41:43 Revo Uninstaller's restore point - Coupoon version 1.0
27-08-2015 14:42:50 Revo Uninstaller's restore point - Consumer Input (remove only)
27-08-2015 14:44:11 Revo Uninstaller's restore point - CinePlus-1.44V27.08
27-08-2015 14:44:50 Revo Uninstaller's restore point - CinemaPlus_1.3dV27.08
27-08-2015 14:45:27 Revo Uninstaller's restore point - Cinema PlusV27.08
27-08-2015 14:46:04 Revo Uninstaller's restore point - AnySend
27-08-2015 14:47:00 Revo Uninstaller's restore point - VidyoWeb - 1.1.1.00075
27-08-2015 14:47:46 Revo Uninstaller's restore point - Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
27-08-2015 14:48:08 Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501
28-08-2015 11:59:35 JRT Pre-Junkware Removal

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2009-07-13 19:34 - 2009-06-10 14:00 - 00000824 ____A C:\windows\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {03F78B38-4236-4C34-9AD1-7805FD4BE401} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-12] (Adobe Systems Incorporated)
Task: {04FFCBCF-B1F0-4BD3-A677-135C3CF9836D} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTION
Task: {06948A4D-FB11-4F34-8024-FDED47B02486} - System32\Tasks\{3E972377-A9AE-4F90-9DBE-407BA4703F06} => Firefox.exe 
Task: {0B4EECB6-73D7-4D6B-AF21-0A9CD38F5343} - System32\Tasks\Remediation\AntimalwareMigrationTask => C:\Program Files\Common Files\AV\Norton Internet Security\Upgrade.exe [2015-07-27] (Symantec Corporation)
Task: {31DBB8C4-C325-4978-A414-33C029BDA371} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTION
Task: {495EAE55-C40F-4667-81F3-1BDADDAD9654} - System32\Tasks\Teutqeug => C:\Program Files\shopperz240820151333\Mitle.bat <==== ATTENTION
Task: {5AD37663-B9BB-4B68-A3BD-AC9CAD61ACC4} - System32\Tasks\{0183E017-C336-443B-A7BC-CCA7BE44029F} => Firefox.exe 
Task: {621B91FA-40A5-4D9B-9C2C-2553F2980726} - System32\Tasks\Microsoft Office 15 Sync Maintenance for Mollie-PC-Mollie Mollie-PC => C:\Program Files\Microsoft Office 15\Root\Office15\MsoSync.exe [2015-06-02] (Microsoft Corporation)
Task: {9825476E-E3C5-4B8C-A7CB-4F297C92D258} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-29] (Google Inc.)
Task: {A24D4491-F076-4586-A2EF-6C34ACD7844D} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {B2C8B27F-C9CB-46F9-B86B-CF634D14928C} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe invagent.dll,RunUpdate -noappraiser
Task: {B385653B-DEEA-465D-8DDC-144237FDB4BD} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-01-29] (Google Inc.)
Task: {B69BFCC5-6947-4F71-A9E9-075DF806AAF5} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-07-14] (Microsoft Corporation)
Task: {BAE8D896-F96A-4258-A5C2-83B1DAA795EC} - \bvxvbxvd -> No File <==== ATTENTION
Task: {DE733819-ABF3-4B61-A581-B1DEC623BE16} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-01-20] (Piriform Ltd)
Task: {EB7EBCEE-3EA5-43A7-822D-324D7FED82AD} - System32\Tasks\WIN-NA8CKVOR29E\Administrator - Start WLAN Tray Applet => C:\Program Files\Broadcom\Broadcom 802.11 Network Adapter\WLTRAY.EXE [2014-10-24] (Broadcom Corporation)
Task: {FC28F619-2A39-4FCA-A780-3A6211847F70} - System32\Tasks\{6FCC6526-8966-4F85-990C-7E03D29CCBBC} => Firefox.exe 

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-02-26 10:47 - 2015-01-27 08:29 - 08898720 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2011-08-22 14:19 - 2011-08-22 14:19 - 11204992 _____ () C:\Program Files\Toshiba\FlashCards\BlackPng.dll
2014-12-16 13:10 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-08-27 01:48 - 2015-08-27 01:48 - 00379904 _____ () C:\Program Files\NixSrv\NixSrv.exe
2014-10-24 11:50 - 2013-12-09 15:26 - 01242584 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\ACE.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\06811456.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\84605164.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\06811456.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\84605164.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ooteeotoor => ""="service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1652722684-191071495-755533906-1000\Control Panel\Desktop\\Wallpaper -> C:\Users\Mollie\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 10.0.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)


==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [{2EAC50DE-2D37-4598-8FC3-FD985E252766}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\DeviceSetup.exe
FirewallRules: [{C90354CE-5EE4-4E8D-894C-BC67193D5616}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8600\Bin\HPNetworkCommunicator.exe
FirewallRules: [{A3ABD791-3680-415B-B204-181328287250}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{96768970-6C22-4321-9A8D-B1A89B1F7068}] => (Allow) C:\Users\Mollie\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{CECFAA77-ABB6-41CA-B1F9-9A776A5EE150}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8100\Bin\DeviceSetup.exe
FirewallRules: [{9EC84374-6C46-4F57-995D-73C66DFFCDE1}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPNetworkCommunicator.exe
FirewallRules: [{A2E3E453-EC88-4487-AF97-A0DAC148592C}] => (Allow) C:\Program Files\HP\HP Officejet Pro 8100\Bin\HPNetworkCommunicatorCom.exe
FirewallRules: [TCP Query User{55EA0FD7-BC5D-4567-AB98-EBA45D61A812}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [UDP Query User{DC4EDC13-712B-4FED-B4CD-F385EF340073}C:\program files (x86)\mozilla firefox\firefox.exe] => (Block) C:\program files (x86)\mozilla firefox\firefox.exe
FirewallRules: [TCP Query User{46AC0ABE-2970-4950-A20B-B3C1DCAB905C}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [UDP Query User{9172F679-356E-4A2A-AA85-664C7EAAAA66}C:\program files (x86)\mozilla firefox\plugin-container.exe] => (Allow) C:\program files (x86)\mozilla firefox\plugin-container.exe
FirewallRules: [{8389E3E0-009D-4783-9EB3-C2DA4A8B20E7}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶楜敮灴屣湩瑥捰攮數
FirewallRules: [{A29EE46C-43F9-4566-99A8-117331468F72}] => (Allow) 㩃停潲牧浡䘠汩獥⠠㡸⤶楜敮灴屣敲瑳湩灴⹣硥e
FirewallRules: [{0842420C-B12C-451B-9BF2-CC6F77193DEB}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{B63C787E-03E7-43A1-AD5C-AB8ED3E58014}] => (Allow) C:\Users\Mollie\AppData\Local\Temp\nsv3F81.tmp\Installer-10687648.exe
FirewallRules: [{57578DA1-2FA4-4FCF-B4DC-99C1AF54CE12}] => (Allow) C:\Users\Mollie\AppData\Local\Temp\nsv3F81.tmp\Installer-10687648.exe

==================== Faulty Device Manager Devices =============

Name: Teredo Tunneling Pseudo-Interface
Description: Microsoft Teredo Tunneling Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Microsoft
Service: tunnel
Problem: : This device cannot start. (Code10)
Resolution: Device failed to start. Click "Update Driver" to update the drivers for this device.
On the "General Properties" tab of the device, click "Troubleshoot" to start the troubleshooting wizard.


==================== Event log errors: =========================

Application errors:
==================
Error: (08/28/2015 11:59:03 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
	(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (08/28/2015 11:58:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2015 11:53:45 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
	(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (08/28/2015 11:43:45 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
	(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (08/28/2015 11:43:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2015 11:39:58 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
	(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (08/28/2015 11:29:58 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
	(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (08/28/2015 11:29:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2015 11:23:38 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
	(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (08/28/2015 11:23:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


System errors:
=============
Error: (08/28/2015 12:19:30 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/28/2015 12:19:30 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\bcmihvsrv64.dll

Error: (08/28/2015 12:19:29 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/28/2015 12:19:29 PM) (Source: Microsoft-Windows-DNS-Client) (EventID: 1012) (User: NT AUTHORITY)
Description: There was an error while attempting to read the local hosts file.

Error: (08/28/2015 12:15:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\windows\System32\bcmihvsrv64.dll

Error: (08/28/2015 12:03:13 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Software Protection service, but this action failed with the following error: 
%%1056

Error: (08/28/2015 12:01:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) Dynamic Application Loader Host Interface Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/28/2015 12:01:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel(R) ME Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (08/28/2015 12:01:15 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Microsoft .NET Framework NGEN v4.0.30319_X64 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.

Error: (08/28/2015 12:01:15 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The TOSHIBA HDD SSD Alert Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office:
=========================
Error: (08/28/2015 11:59:03 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
	(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (08/28/2015 11:58:56 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2015 11:53:45 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
	(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (08/28/2015 11:43:45 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
	(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (08/28/2015 11:43:28 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2015 11:39:58 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
	(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (08/28/2015 11:29:58 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
	(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (08/28/2015 11:29:53 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003

Error: (08/28/2015 11:23:38 AM) (Source: Toshiba App Place) (EventID: 0) (User: )
Description: System.Net.WebException: The remote name could not be resolved: 'api.snappcloud.com'
Error Data:
	(no response)
Stack Trace:
   at System.Net.HttpWebRequest.EndGetResponse(IAsyncResult asyncResult)
   at SnappCloud.ActivationReminder.AraClient.GetResponseCallback[T](IAsyncResult result)

Error: (08/28/2015 11:23:21 AM) (Source: WinMgmt) (EventID: 10) (User: )
Description: //./root/CIMV2SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 990x80041003


==================== Memory info =========================== 

Processor: Intel(R) Core(TM) i7-4710HQ CPU @ 2.50GHz
Percentage of memory in use: 14%
Total physical RAM: 16300.17 MB
Available physical RAM: 13990.24 MB
Total Virtual: 32598.55 MB
Available Virtual: 30204.25 MB

==================== Drives ================================

Drive c: (TI10697500B) (Fixed) (Total:919.65 GB) (Free:817.05 GB) NTFS ==>[system with boot components (obtained from reading drive)]

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or Vista) (Size: 931.5 GB) (Disk ID: 07AF3E8E)
Partition 1: (Active) - (Size=1.5 GB) - (Type=27)
Partition 2: (Not Active) - (Size=919.7 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=10.4 GB) - (Type=17)

==================== End of Addition.txt ============================

And the fixlog after the fix:

Fix result of Farbar Recovery Scan Tool (x64) Version:31-08-2015
Ran by Mollie (2015-08-31 11:10:25) Run:1
Running from C:\Users\Mollie\Desktop\Nick's Tools
Loaded Profiles: Mollie (Available Profiles: Mollie)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start

CreateRestorePoint:
EmptyTemp:
CloseProcesses:

() C:\Program Files\NixSrv\NixSrv.exe
() C:\Program Files\NixSrv\packages\19a63c00-2126-41cf-a2fd-b04d1f26c4ae\NixHost.exe
() C:\ProgramData\DataFile\Downloads\DV.exe
() C:\ProgramData\ExtTag\ExtTag.exe
() C:\ProgramData\ExtTag\White-Plus.exe
HKLM\...\Run: [] => [X]
HKU\S-1-5-21-1652722684-191071495-755533906-1000\...\Run: [DV] => C:\ProgramData\DataFile\Downloads\DV.exe [277504 2015-08-11] ()
AppInit_DLLs: C:\ProgramData\ExtTag\WarmAnjob.dll => C:\ProgramData\ExtTag\WarmAnjob.dll [212992 2015-08-31] ()
AppInit_DLLs-x32: C:\ProgramData\ExtTag\Red-Strong.dll => C:\ProgramData\ExtTag\Red-Strong.dll [194560 2015-08-31] ()
HKU\S-1-5-21-1652722684-191071495-755533906-1000\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
HKU\S-1-5-21-1652722684-191071495-755533906-1000\Software\Microsoft\Internet Explorer\Main,Search Bar = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
HKU\S-1-5-21-1652722684-191071495-755533906-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlpOkNS3oSLsLtAx80JG8S9jKKQ7vrOOkfSGlUtV_DIAEvMK0xOVwheR4ed9zBx4y0uTm0WfYxTITXVkI
HKU\S-1-5-21-1652722684-191071495-755533906-1000\Software\Microsoft\Internet Explorer\Main,SearchAssistant = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
SearchScopes: HKLM-x32 -> ielnksrch URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1652722684-191071495-755533906-1000 -> DefaultScope {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
SearchScopes: HKU\S-1-5-21-1652722684-191071495-755533906-1000 -> {ielnksrch} URL = hxxp://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGKBUTxkij9_B2393LadXJcLO8eU68kGe4OfR6jUp9_VHiqBc4ZMZOv1T70NYEDl6ZhsPQF-pIda1WsiKpoB4C_CFlp8nWAvlSJhVQaVNNF9QHO44nhdvzGiSJ7DOkzV8JQD2CMNbLTk_iWT9k_MEPi-7mmIC5J4qwbGpkTBj&q={searchTerms}
FF Homepage: C:\ProgramData\ExtTags\ff.HP
FF NewTab: C:\ProgramData\ExtTags\ff.NT
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Extension: Screen Flip 1.0.1 - C:\Users\Mollie\AppData\Roaming\Mozilla\Firefox\Profiles\spgmq2oz.default\Extensions\{7c546926-b97d-4b3c-a787-098d892064ad}.xpi [2015-08-27]
R2 ExtTag; C:\ProgramData\ExtTag\ExtTag.exe [33792 2015-08-27] () [File not signed]
R2 NixSrv; C:\Program Files\NixSrv\NixSrv.exe [379904 2015-08-27] () [File not signed][/B]
C:\Users\Mollie\AppData\Local\Temp\fsdAAB2.exe
C:\Users\Mollie\AppData\Local\Temp\fsdB378.exe
C:\Users\Mollie\AppData\Local\Temp\SpOrder.dll
C:\Program Files\NixSrv
C:\ProgramData\DataFile\Downloads\DV.exe
C:\ProgramData\ExtTag
cmd: sfc /scanfile=C:\Windows\system32\dnsapi.dll
cmd: sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll

End
*****************

Restore point was successfully created.
Processes closed successfully.
[6048] C:\Program Files\NixSrv\NixSrv.exe => process closed successfully.
C:\Program Files\NixSrv\packages\19a63c00-2126-41cf-a2fd-b04d1f26c4ae\NixHost.exe => No running process found
C:\ProgramData\DataFile\Downloads\DV.exe => No running process found
C:\ProgramData\ExtTag\ExtTag.exe => No running process found
C:\ProgramData\ExtTag\White-Plus.exe => No running process found
HKLM\Software\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-1652722684-191071495-755533906-1000\Software\Microsoft\Windows\CurrentVersion\Run\\DV => value removed successfully
"C:\ProgramData\ExtTag\WarmAnjob.dll" => Value data removed successfully.
"C:\ProgramData\ExtTag\Red-Strong.dll" => Value data removed successfully.
HKU\S-1-5-21-1652722684-191071495-755533906-1000\Software\Microsoft\Internet Explorer\Main\\Search Page => value restored successfully
HKU\S-1-5-21-1652722684-191071495-755533906-1000\Software\Microsoft\Internet Explorer\Main\\Search Bar => value removed successfully
HKU\S-1-5-21-1652722684-191071495-755533906-1000\Software\Microsoft\Internet Explorer\Main\\Start Page => value restored successfully
HKU\S-1-5-21-1652722684-191071495-755533906-1000\Software\Microsoft\Internet Explorer\Main\\SearchAssistant => value removed successfully
"HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\ielnksrch" => key removed successfully
HKCR\Wow6432Node\CLSID\ielnksrch => key not found. 
HKU\S-1-5-21-1652722684-191071495-755533906-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value removed successfully
"HKU\S-1-5-21-1652722684-191071495-755533906-1000\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{ielnksrch}" => key removed successfully
HKCR\CLSID\{ielnksrch} => key not found. 
Firefox "homepage" removed successfully
Firefox "newtab" removed successfully
"HKLM\Software\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
"HKLM\Software\Wow6432Node\MozillaPlugins\@microsoft.com/GENUINE" => key removed successfully
C:\Users\Mollie\AppData\Roaming\Mozilla\Firefox\Profiles\spgmq2oz.default\Extensions\{7c546926-b97d-4b3c-a787-098d892064ad}.xpi => moved successfully
C:\Users\Mollie\AppData\Roaming\Mozilla\Firefox\Profiles\spgmq2oz.default\Extensions\{7c546926-b97d-4b3c-a787-098d892064ad}.xpi => path removed successfully
ExtTag => service removed successfully
NixSrv => service removed successfully
C:\Users\Mollie\AppData\Local\Temp\fsdAAB2.exe => moved successfully
C:\Users\Mollie\AppData\Local\Temp\fsdB378.exe => moved successfully
C:\Users\Mollie\AppData\Local\Temp\SpOrder.dll => moved successfully
C:\Program Files\NixSrv => moved successfully
C:\ProgramData\DataFile\Downloads\DV.exe => moved successfully
C:\ProgramData\ExtTag => moved successfully

=========  sfc /scanfile=C:\Windows\system32\dnsapi.dll =========




Windows Resource Protection found corrupt files and successfully repaired 

them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For 

example C:\Windows\Logs\CBS\CBS.log



The system file repair changes will take effect after the next reboot.


========= End of CMD: =========


=========  sfc /scanfile=C:\Windows\SysWOW64\dnsapi.dll =========




There is a system repair pending which requires reboot to complete.  Restart 

Windows and run sfc again.


========= End of CMD: =========

EmptyTemp: => 195 MB temporary data Removed.


The system needed a reboot.. 

==== End of Fixlog 11:11:14 ====

I reset IE. Will poke around to see if it is running better.



#4 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 AM

Posted 31 August 2015 - 01:24 PM

Windows Resource Protection found corrupt files and successfully repaired

them. Details are included in the CBS.Log windir\Logs\CBS\CBS.log. For

example C:\Windows\Logs\CBS\CBS.log


Can you please post the content of the CBS.log or attach it.
I would like to see what has been done.

#5 Merlot14

Merlot14
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 31 August 2015 - 01:28 PM

Now when I restarted - it is saying "This Copy of Windows is not genuine":

Here is the CBS.log

CBS.log:

2015-08-31 11:24:17, Info                  CBS    Starting TrustedInstaller initialization.
2015-08-31 11:24:17, Info                  CBS    Loaded Servicing Stack v6.1.7601.18766 with Core: C:\windows\winsxs\amd64_microsoft-windows-servicingstack_31bf3856ad364e35_6.1.7601.18766_none_675144b3de10d6f7\cbscore.dll
2015-08-31 11:24:18, Info                  CSI    00000001@2015/8/31:18:24:18.159 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fee38bf0dd @0x7fee3b798b5 @0x7fee3b434e3 @0xff10e97c @0xff10d799 @0xff10db2f)
2015-08-31 11:24:18, Info                  CSI    00000002@2015/8/31:18:24:18.159 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fee38bf0dd @0x7fee3bc6816 @0x7fee3b92b18 @0x7fee3b435b9 @0xff10e97c @0xff10d799)
2015-08-31 11:24:18, Info                  CSI    00000003@2015/8/31:18:24:18.159 WcpInitialize (wcp.dll version 0.0.0.6) called (stack @0x7fee38bf0dd @0x7fee44d8738 @0x7fee44d8866 @0xff10e474 @0xff10d7de @0xff10db2f)
2015-08-31 11:24:18, Info                  CBS    Ending TrustedInstaller initialization.
2015-08-31 11:24:18, Info                  CBS    Starting the TrustedInstaller main loop.
2015-08-31 11:24:18, Info                  CBS    TrustedInstaller service starts successfully.
2015-08-31 11:24:18, Info                  CBS    SQM: Initializing online with Windows opt-in: False
2015-08-31 11:24:18, Info                  CBS    SQM: Cleaning up report files older than 10 days.
2015-08-31 11:24:18, Info                  CBS    SQM: Requesting upload of all unsent reports.
2015-08-31 11:24:18, Info                  CBS    SQM: Failed to start upload with file pattern: C:\windows\servicing\sqm\*_std.sqm, flags: 0x2 [HRESULT = 0x80004005 - E_FAIL]
2015-08-31 11:24:18, Info                  CBS    SQM: Failed to start standard sample upload. [HRESULT = 0x80004005 - E_FAIL]
2015-08-31 11:24:18, Info                  CBS    SQM: Queued 0 file(s) for upload with pattern: C:\windows\servicing\sqm\*_all.sqm, flags: 0x6
2015-08-31 11:24:18, Info                  CBS    SQM: Warning: Failed to upload all unsent reports. [HRESULT = 0x80004005 - E_FAIL]
2015-08-31 11:24:18, Info                  CBS    No startup processing required, TrustedInstaller service was not set as autostart, or else a reboot is still pending.
2015-08-31 11:24:18, Info                  CBS    NonStart: Checking to ensure startup processing was not required.
2015-08-31 11:24:18, Info                  CSI    00000004 IAdvancedInstallerAwareStore_ResolvePendingTransactions (call 1) (flags = 00000004, progress = NULL, phase = 0, pdwDisposition = @0x158fe00
2015-08-31 11:24:18, Info                  CSI    00000005 Creating NT transaction (seq 1), objectname [6]"(null)"
2015-08-31 11:24:18, Info                  CSI    00000006 Created NT transaction (seq 1) result 0x00000000, handle @0x20c
2015-08-31 11:24:18, Info                  CSI    00000007@2015/8/31:18:24:18.237 CSI perf trace:
CSIPERF:TXCOMMIT;693
2015-08-31 11:24:18, Info                  CBS    NonStart: Success, startup processing not required as expected.
2015-08-31 11:24:18, Info                  CBS    Startup processing thread terminated normally
2015-08-31 11:24:18, Info                  CSI    00000008 CSI Store 4748144 (0x0000000000487370) initialized
2015-08-31 11:24:18, Info                  CBS    Session: 30467098_1068499018 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:18, Info                  CBS    Read out cached package applicability for package: Package_for_KB2840149~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 80, CurrentState:112
2015-08-31 11:24:18, Info                  CBS    Session: 30467098_1069123019 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:18, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:18, Info                  CBS    Session: 30467098_1069123020 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:18, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:18, Info                  CBS    Session: 30467098_1070215021 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:18, Info                  CBS    Read out cached package applicability for package: Package_for_KB2656356~31bf3856ad364e35~amd64~~6.1.1.1, ApplicableState: 80, CurrentState:112
2015-08-31 11:24:18, Info                  CBS    Session: 30467098_1071619024 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:18, Info                  CBS    Session: 30467098_1072243025 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:18, Info                  CBS    Read out cached package applicability for package: Package_for_KB2952664~31bf3856ad364e35~amd64~~6.1.13.3, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:18, Info                  CBS    Session: 30467098_1072243026 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:19, Info                  CBS    Session: 30467098_1082851043 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:19, Info                  CBS    Read out cached package applicability for package: Microsoft-Windows-IE-Spelling-Parent-Package-Brazilian-Portuguese~31bf3856ad364e35~~~11.2.9412.0, ApplicableState: 112, CurrentState:0
2015-08-31 11:24:22, Info                  CBS    Session: 30467098_1111711094 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:24, Info                  CBS    Read out cached package applicability for package: Package_for_KB3060716~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:24, Info                  CBS    Session: 30467098_1127467122 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:24, Info                  CBS    Read out cached package applicability for package: Package_for_KB3006137~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:24, Info                  CBS    Session: 30467098_1128247123 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:24, Info                  CBS    Read out cached package applicability for package: Package_for_KB3067903~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:24, Info                  CBS    Session: 30467098_1128715124 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:24, Info                  CBS    Read out cached package applicability for package: Package_for_KB981889~31bf3856ad364e35~amd64~~6.0.2.0, ApplicableState: 0, CurrentState:0
2015-08-31 11:24:25, Info                  CBS    Session: 30467098_1142599148 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:26, Info                  CBS    Read out cached package applicability for package: Package_for_KB3061518~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:27, Info                  CBS    Session: 30467098_1158199176 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:27, Info                  CBS    Read out cached package applicability for package: Package_for_KB3013410~31bf3856ad364e35~amd64~~6.1.1.2, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:27, Info                  CBS    Session: 30467098_1163347185 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:27, Info                  CBS    Read out cached package applicability for package: Package_for_KB3075226~31bf3856ad364e35~amd64~~6.1.1.1, ApplicableState: 0, CurrentState:0
2015-08-31 11:24:27, Info                  CBS    Session: 30467098_1163503185 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:27, Info                  CBS    Read out cached package applicability for package: Package_for_KB3078071~31bf3856ad364e35~amd64~~11.2.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:27, Info                  CBS    Session: 30467098_1163659185 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:32, Info                  CBS    Session: 30467098_1208275264 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:34, Info                  CBS    Read out cached package applicability for package: Package_for_KB3033929~31bf3856ad364e35~amd64~~6.1.1.1, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:34, Info                  CBS    Session: 30467098_1227619298 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:34, Info                  CBS    Read out cached package applicability for package: Package_for_KB2978742~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:36, Info                  CBS    Session: 30467098_1249459336 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:36, Info                  CBS    Read out cached package applicability for package: Package_for_KB3055642~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:36, Info                  CBS    Session: 30467098_1249771336 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:36, Info                  CBS    Read out cached package applicability for package: Package_for_KB3078601~31bf3856ad364e35~amd64~~6.1.1.5, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:36, Info                  CBS    Session: 30467098_1250707338 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:36, Info                  CBS    Read out cached package applicability for package: Package_for_KB3019978~31bf3856ad364e35~amd64~~6.1.1.2, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:36, Info                  CBS    Session: 30467098_1251019339 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:36, Info                  CBS    Read out cached package applicability for package: Package_for_KB2563227~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:36, Info                  CBS    Session: 30467098_1254295344 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:36, Info                  CBS    Read out cached package applicability for package: Package_for_KB2789645~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 80, CurrentState:112
2015-08-31 11:24:37, Info                  CBS    Session: 30467098_1260691356 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:37, Info                  CBS    Read out cached package applicability for package: Package_for_KB2607047~31bf3856ad364e35~amd64~~6.1.1.1, ApplicableState: 0, CurrentState:0
2015-08-31 11:24:40, Info                  CBS    Session: 30467098_1293451413 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:41, Info                  CBS    Read out cached package applicability for package: Package_for_KB2992611~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:41, Info                  CBS    Session: 30467098_1301407427 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:41, Info                  CBS    Read out cached package applicability for package: Package_for_KB2839894~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:41, Info                  CBS    Session: 30467098_1301875428 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:41, Info                  CBS    Read out cached package applicability for package: Package_for_KB2891804~31bf3856ad364e35~amd64~~6.1.1.1, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:41, Info                  CBS    Session: 30467098_1302343429 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:41, Info                  CBS    Read out cached package applicability for package: Package_for_KB2976897~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:41, Info                  CBS    Session: 30467098_1302499429 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:41, Info                  CBS    Read out cached package applicability for package: Package_for_KB2560656~31bf3856ad364e35~amd64~~6.1.1.2, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:41, Info                  CBS    Session: 30467098_1303123430 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:41, Info                  CBS    Read out cached package applicability for package: Package_for_KB2918077~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:41, Info                  CBS    Session: 30467098_1304527433 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:41, Info                  CBS    Read out cached package applicability for package: Package_for_KB3075851~31bf3856ad364e35~amd64~~6.1.1.4, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:42, Info                  CBS    Session: 30467098_1309675442 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:42, Info                  CBS    Read out cached package applicability for package: Package_for_KB2716513~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 64, CurrentState:0
2015-08-31 11:24:42, Info                  CBS    Session: 30467098_1313419448 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:42, Info                  CBS    Read out cached package applicability for package: Package_for_KB2489256~31bf3856ad364e35~amd64~~6.1.1.1, ApplicableState: 64, CurrentState:0
2015-08-31 11:24:42, Info                  CBS    Session: 30467098_1314043449 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:42, Info                  CBS    Read out cached package applicability for package: Package_for_KB3033890~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:43, Info                  CBS    Session: 30467098_1318255457 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:43, Info                  CBS    Read out cached package applicability for package: Package_for_KB2552343~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:45, Info                  CBS    Session: 30467098_1337287490 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:45, Info                  CBS    Read out cached package applicability for package: Package_for_KB3059317~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:45, Info                  CBS    Session: 30467098_1338067492 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:45, Info                  CBS    Read out cached package applicability for package: Package_for_KB3072305~31bf3856ad364e35~amd64~~6.1.1.2, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:45, Info                  CBS    Session: 30467098_1338379492 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:45, Info                  CBS    Read out cached package applicability for package: Package_for_KB3048761~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:0
2015-08-31 11:24:46, Info                  CBS    Session: 30467098_1348207509 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:46, Info                  CBS    Read out cached package applicability for package: Package_for_KB2943357~31bf3856ad364e35~amd64~~6.1.1.3, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:46, Info                  CBS    Session: 30467098_1352575517 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:46, Info                  CBS    Read out cached package applicability for package: Package_for_KB2620704~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:47, Info                  CBS    Session: 30467098_1363183536 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:47, Info                  CBS    Read out cached package applicability for package: Microsoft-Windows-PlatformUpdate-Win7-SRV08R2-Package-TopLevel~31bf3856ad364e35~amd64~~7.1.7601.16492, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:47, Info                  CBS    Session: 30467098_1363963537 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:47, Info                  CBS    Read out cached package applicability for package: Package_for_KB3020369~31bf3856ad364e35~amd64~~6.1.1.1, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:47, Info                  CBS    Session: 30467098_1364275538 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:47, Info                  CBS    Read out cached package applicability for package: Package_for_KB2763523~31bf3856ad364e35~amd64~~6.1.1.1, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:48, Info                  CBS    Session: 30467098_1371763551 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:48, Info                  CBS    Read out cached package applicability for package: Package_for_KB3075220~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:48, Info                  CBS    Session: 30467098_1373011553 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:48, Info                  CBS    Read out cached package applicability for package: Package_for_KB3079757~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1376599559 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Read out cached package applicability for package: Package_for_KB2515325~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1376755560 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1376755561 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1378783563 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1379875565 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381435568 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381435569 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381435570 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381435571 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381435572 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381435573 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591568 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591569 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591570 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591571 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591572 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591573 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591574 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591575 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591576 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591577 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591578 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591579 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591580 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591581 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591582 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591583 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591584 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591585 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591586 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591587 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591588 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381591589 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747568 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747569 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747570 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747571 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747572 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747573 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747574 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747575 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747576 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747577 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747578 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747579 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747580 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747581 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747582 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747583 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747584 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747585 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747586 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747587 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747588 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747589 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381747590 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903569 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903570 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903571 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903572 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903573 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903574 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903575 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903576 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903577 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903578 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903579 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903580 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903581 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903582 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903583 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903584 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903585 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903586 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903587 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903588 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903589 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1381903590 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059569 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059570 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059571 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059572 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059573 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059574 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059575 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059576 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059577 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059578 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059579 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059580 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059581 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059582 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059583 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059584 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059585 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059586 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059587 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059588 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059589 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059590 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382059591 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215569 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215570 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215571 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215572 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215573 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215574 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215575 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215576 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215577 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215578 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215579 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215580 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215581 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215582 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215583 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215584 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215585 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215586 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215587 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215588 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215589 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382215590 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371569 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371570 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371571 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371572 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371573 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371574 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371575 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371576 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371577 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371578 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371579 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371580 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371581 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371582 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371583 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371584 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371585 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371586 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371587 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371588 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371589 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371590 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382371591 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382527570 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382527571 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382527572 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382527573 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382527574 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382527575 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Failed to internally open package. [HRESULT = 0x800f0805 - CBS_E_INVALID_PACKAGE]
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1382527576 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1384399573 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Read out cached package applicability for package: Package_for_KB2957189~31bf3856ad364e35~amd64~~6.1.1.1, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:49, Info                  CBS    Session: 30467098_1384867574 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:49, Info                  CBS    Read out cached package applicability for package: Package_for_KB2718704~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 80, CurrentState:112
2015-08-31 11:24:50, Info                  CBS    Session: 30467098_1387207578 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:50, Info                  CBS    Read out cached package applicability for package: Package_for_KB2479943~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:50, Info                  CBS    Session: 30467098_1387207579 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:50, Info                  CBS    Read out cached package applicability for package: Microsoft-Windows-IE-Spelling-Parent-Package-Polish~31bf3856ad364e35~~~11.2.9412.0, ApplicableState: 112, CurrentState:0
2015-08-31 11:24:50, Info                  CBS    Session: 30467098_1387363578 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:50, Info                  CBS    Read out cached package applicability for package: Microsoft-Hyper-V-Integration-Services-Package~31bf3856ad364e35~amd64~~6.3.9600.17681, ApplicableState: 112, CurrentState:0
2015-08-31 11:24:50, Info                  CBS    Session: 30467098_1387831579 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:50, Info                  CBS    Read out cached package applicability for package: Package_for_KB2820331~31bf3856ad364e35~amd64~~6.1.1.1, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:53, Info                  CBS    Session: 30467098_1418251632 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:53, Info                  CBS    Read out cached package applicability for package: Package_for_KB3071756~31bf3856ad364e35~amd64~~6.1.1.2, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:53, Info                  CBS    Session: 30467098_1424491643 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:53, Info                  CBS    Read out cached package applicability for package: Package_for_KB2840631~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:53, Info                  CBS    Session: 30467098_1424647644 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:55, Info                  CBS    Session: 30467098_1437543670 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:55, Info                  CBS    Read out cached package applicability for package: Package_for_KB3068708~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:55, Info                  CBS    Session: 30467098_1444651681 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:55, Info                  CBS    Read out cached package applicability for package: Package_for_KB2631813~31bf3856ad364e35~amd64~~6.1.1.1, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:56, Info                  CBS    Session: 30467098_1446367684 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:56, Info                  CBS    Read out cached package applicability for package: Package_for_KB2640148~31bf3856ad364e35~amd64~~6.1.2.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:56, Info                  CBS    Session: 30467098_1446679684 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:56, Info                  CBS    Read out cached package applicability for package: Package_for_KB2894844~31bf3856ad364e35~amd64~~6.1.1.1, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:56, Info                  CBS    Session: 30467098_1447147685 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:56, Info                  CBS    Read out cached package applicability for package: Microsoft-Windows-IE-Spelling-Parent-Package-Spanish~31bf3856ad364e35~~~11.2.9412.0, ApplicableState: 112, CurrentState:0
2015-08-31 11:24:56, Info                  CBS    Session: 30467098_1447771686 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:56, Info                  CBS    Read out cached package applicability for package: Package_for_KB2547666~31bf3856ad364e35~amd64~~6.1.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:56, Info                  CBS    Session: 30467098_1448083687 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:56, Info                  CBS    Read out cached package applicability for package: Package_for_KB3087985~31bf3856ad364e35~amd64~~11.2.1.0, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:56, Info                  CBS    Session: 30467098_1450735691 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:56, Info                  CBS    Read out cached package applicability for package: Package_for_KB2798162~31bf3856ad364e35~amd64~~6.1.1.5, ApplicableState: 80, CurrentState:112
2015-08-31 11:24:56, Info                  CBS    Session: 30467098_1454323698 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:56, Info                  CBS    Read out cached package applicability for package: Package_for_KB3046002~31bf3856ad364e35~amd64~~6.1.1.3, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:56, Info                  CBS    Archived backup log: C:\windows\Logs\CBS\CbsPersist_20150831182417.cab.
2015-08-31 11:24:56, Info                  CBS    Session: 30467098_1455727700 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:56, Info                  CBS    Read out cached package applicability for package: Package_for_KB2957509~31bf3856ad364e35~amd64~~6.1.1.2, ApplicableState: 112, CurrentState:112
2015-08-31 11:24:56, Info                  CBS    Session: 30467098_1455883700 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:57, Info                  CBS    Read out cached package applicability for package: Package_for_KB2574819~31bf3856ad364e35~amd64~~6.1.2.0, ApplicableState: 112, CurrentState:0
2015-08-31 11:24:57, Info                  CBS    Session: 30467098_1462435712 initialized by client WindowsUpdateAgent.
2015-08-31 11:24:57, Info                  CBS    Read out cached package applicability for package: Microsoft-Windows-RDP-BlueIP-Package-TopLevel~31bf3856ad364e35~amd64~~7.2.7601.16415, ApplicableState: 112, CurrentState:0
2015-08-31 11:24:58, Info                  CBS    Session: 30467098_1471327727 initialized by client WindowsUpdateAgent.
2015-08-31 11:25:00, Info                  CBS    Trusted Installer signaled for shutdown, going to exit.
2015-08-31 11:25:00, Info                  CBS    Ending the TrustedInstaller main loop.
2015-08-31 11:25:00, Info                  CBS    Starting TrustedInstaller finalization.
2015-08-31 11:25:01, Info                  CBS    Ending TrustedInstaller finalization.



#6 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 AM

Posted 01 September 2015 - 06:58 AM

Restart the computer normally.

If you still get the error follow the fix on this page.

http://www.whatvwant.com/this-copy-of-windows-is-not-genuine-easy-solution/

#7 Merlot14

Merlot14
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:05:33 AM

Posted 01 September 2015 - 01:20 PM

Restart the computer normally.

If you still get the error follow the fix on this page.

http://www.whatvwant.com/this-copy-of-windows-is-not-genuine-easy-solution/

Both those commands had no effect on this problem. (SLMGR /REARM and SLMGR -REARM).

 

Still getting the screen saying "This copy of Windows is not genuine" and then the black desktop with the same message on bottom right.

 

I'll try to find my windows disk and do some sort of system repair.

 

Thanks.



#8 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 AM

Posted 02 September 2015 - 08:11 AM


Restore your Windows 7 to the Last good configuration
Follow the instructions on this page.

http://windows.microsoft.com/en-ca/windows/using-last-known-good-configuration#1TC=windows-7
<<<>>>

If that fails then try this.

Check the integrity of the operating system files.
How to run sfc /Scannow
http://support.microsoft.com/kb/929833

#9 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 AM

Posted 08 September 2015 - 07:58 AM

If all is well.

To learn more about how to protect yourself while on the internet read this little guide best security practices keep safe.
http://www.bleepingcomputer.com/forums/t/407147/answers-to-common-security-questions-best-practices/
===

#10 nasdaq

nasdaq

  • Malware Response Team
  • 38,238 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Montreal, QC. Canada
  • Local time:07:33 AM

Posted 14 September 2015 - 08:26 AM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users