Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware attack: Disabled internet, Anti-Virus, Installations, Applications


  • This topic is locked This topic is locked
12 replies to this topic

#1 masterkindew

masterkindew

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 06 October 2015 - 07:20 PM

Recently my computer has been infected with a substantial malware problem. I'm running windows 10 home on a laptop for school. It is a 64 bit system, but any other specs I can provide if needed. It has trashed my registry it seems, attached itself to the dnsapi.dll file rendering some installs and programs to not run at all or crash (including Malwarebytes, AVG, and school related programs), and also has blocked all of my internet access to most applications/web browsers except microsoft edge. I'm guessing its an older type of malware/virus since I'm able to use edge still, to access the internet. Any help to rid of this burden and save my computer would be more than appreciated haha.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Tyler Prada (administrator) on TYLER (06-10-2015 19:58:10)
Running from C:\Users\Tyler Prada\Downloads
Loaded Profiles: Tyler Prada (Available Profiles: Tyler Prada)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: IE)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Pokki) C:\Users\Tyler Prada\AppData\Local\Pokki\Engine\ServiceHostAppUpdater.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Spotify Ltd) C:\Users\Tyler Prada\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(i-Funbox.com) C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe
(Spotify Ltd) C:\Users\Tyler Prada\AppData\Roaming\Spotify\Spotify.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(VMware, Inc.) C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Spotify Ltd) C:\Users\Tyler Prada\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(Spotify Ltd) C:\Users\Tyler Prada\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Tyler Prada\AppData\Roaming\Spotify\Spotify.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\AAM Updates Notifier.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Pokki) C:\Users\Tyler Prada\AppData\Local\Pokki\Engine\ServiceHostApp.exe
(Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
(Pokki) C:\Users\Tyler Prada\AppData\Local\Pokki\Engine\ServiceHostApp.exe
(Pokki) C:\Users\Tyler Prada\AppData\Local\Pokki\Engine\ServiceStartMenuIndexer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Solvusoft Corporation) C:\Program Files (x86)\WinThruster\WinThruster.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\System32\DataExchangeHost.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
() C:\Program Files\WindowsApps\EnnovaResearch.ToshibaPlaces_3.2.34.0_x64__3s2an63h56yee\Places.Tapas.UI.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-08-03] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
HKLM-x32\...\Run: [vmware-tray.exe] => C:\Program Files (x86)\VMware\VMware Workstation\vmware-tray.exe [104128 2015-08-14] (VMware, Inc.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\Run: [Spotify Web Helper] => C:\Users\Tyler Prada\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2025016 2015-09-17] (Spotify Ltd)
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\Run: [iFunBox] => C:\Program Files (x86)\i-Funbox DevTeam\iFunBox_x64.exe [2769408 2015-07-13] (i-Funbox.com)
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\Run: [Spotify] => C:\Users\Tyler Prada\AppData\Roaming\Spotify\Spotify.exe [7571000 2015-09-17] (Spotify Ltd)
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\RunOnce: [Uninstall C:\Users\Tyler Prada\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tyler Prada\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\RunOnce: [Uninstall C:\Users\Tyler Prada\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tyler Prada\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1"
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\RunOnce: [Uninstall C:\Users\Tyler Prada\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tyler Prada\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [232960 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnk [2014-09-29]
ShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-01-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:62039;https=127.0.0.1:62039
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.214.126.138
Tcpip\..\Interfaces\{4a534bdd-d687-4d09-a0c7-b21455c0b441}: [DhcpNameServer] 10.214.126.138
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-1764133201-2714899247-942173242-1001 -> {CE377BFA-1271-4C04-8747-45A9AC0B805A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} ->  No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-07-10] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn [2015-10-04]
 
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-10]
CHR Extension: (Google Drive) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-10]
CHR Extension: (YouTube) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-10]
CHR Extension: (Google Search) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-10]
CHR Extension: (HQCinema Pro 2.1V18.08) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh [2015-08-27]
CHR Extension: (Google Docs Offline) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (AdBlock) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Cinema PlusV27.08) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi [2015-08-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-10]
CHR Extension: (Gmail) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-31]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-31]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [456000 2015-05-06] (Amazon Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-07-31] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2768472 2015-08-11] (Microsoft Corporation)
S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-03] ()
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [399120 2014-06-17] (Hauppauge Computer Works, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2015-10-02] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
S2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
S2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
S2 NixSrv; C:\Program Files\NixSrv\NixSrv.exe [379904 2015-08-27] () [File not signed]
U2 OneSyncSvc_Session12; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session12; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session12; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session12; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-12-10] (Razer, Inc.)
S2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-03] (Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
U3 UnistoreSvc_Session12; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session12; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session12; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session12; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S2 VMwareHostd; C:\Program Files (x86)\VMware\VMware Workstation\vmware-hostd.exe [12465344 2015-08-14] ()
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
S2 MBAMScheduler; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe" [X]
S2 MBAMService; "C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe" [X]
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-06-28] (Qualcomm Atheros Communications, Inc.)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
S3 GENERICDRV; C:\Program Files (x86)\UEFI WinFlash\amifldrv64.sys [15640 2012-07-27] ()
S3 hcwE5bda; C:\Windows\system32\drivers\hcwE5bda.sys [969048 2014-04-29] (Hauppauge Computer Work, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-09-22] (Malwarebytes Corporation)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R1 MpKsla2989d6b; C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{E0523E0E-1267-4D8F-9F3E-88B62CC324B7}\MpKsla2989d6b.sys [44928 2015-10-06] (Microsoft Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp.)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2013-12-10] (Razer, Inc.)
R3 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2013-12-10] (Razer, Inc.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-03] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-04] ()
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-08-04] (VMware, Inc.)
R2 vstor2-mntapi20-shared; C:\Windows\SysWow64\drivers\vstor2-mntapi20-shared.sys [34520 2015-07-09] (VMware, Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S1 bsdriver; \??\C:\WINDOWS\system32\drivers\bsdriver.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-06 19:58 - 2015-10-06 19:59 - 00029707 _____ C:\Users\Tyler Prada\Downloads\FRST.txt
2015-10-06 19:54 - 2015-10-06 19:58 - 00000000 ____D C:\FRST
2015-10-06 19:53 - 2015-10-06 19:54 - 02193920 _____ (Farbar) C:\Users\Tyler Prada\Downloads\FRST64.exe
2015-10-06 19:51 - 2015-10-06 19:52 - 01697792 _____ (Farbar) C:\Users\Tyler Prada\Downloads\FRST.exe
2015-10-06 19:34 - 2015-10-06 19:34 - 00016148 _____ C:\WINDOWS\system32\TYLER_Tyler Prada_HistoryPrediction.bin
2015-10-06 16:59 - 2015-10-06 16:59 - 04880712 _____ C:\Users\Tyler Prada\Downloads\rrsetup.exe
2015-10-06 16:59 - 2015-10-06 16:59 - 00001339 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Registry Repair.lnk
2015-10-06 16:59 - 2015-10-06 16:59 - 00001327 _____ C:\Users\Public\Desktop\Registry Repair.lnk
2015-10-06 16:59 - 2015-10-06 16:59 - 00000000 ____D C:\Users\Tyler Prada\AppData\Roaming\GlarySoft
2015-10-06 16:59 - 2015-10-06 16:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Glarysoft
2015-10-06 16:59 - 2015-10-06 16:59 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2015-10-06 16:57 - 2015-10-06 16:57 - 00083019 _____ C:\Users\Tyler Prada\Downloads\dnsapi (1).zip
2015-10-06 16:57 - 2015-10-06 16:57 - 00000000 ____D C:\Users\Tyler Prada\Desktop\dnsapi (1)
2015-10-06 16:52 - 2015-10-06 16:55 - 00000000 ____D C:\Users\Tyler Prada\Desktop\dnsapi
2015-10-06 16:50 - 2015-10-06 16:51 - 00084150 _____ C:\Users\Tyler Prada\Downloads\dnsapi.zip
2015-10-06 16:48 - 2015-10-06 16:48 - 01187712 _____ (Uniblue Systems Limited ) C:\Users\Tyler Prada\Downloads\pcmechanicpm.exe
2015-10-06 16:37 - 2015-10-06 16:37 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\AvgSetupLog
2015-10-06 16:37 - 2015-10-06 16:37 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\Avg
2015-10-06 16:35 - 2015-10-06 16:37 - 02894872 _____ (AVG Technologies) C:\Users\Tyler Prada\Downloads\AVG_PCTuneUp_932.exe
2015-10-06 16:33 - 2015-10-06 16:33 - 02349825 _____ C:\Users\Tyler Prada\Downloads\Setup Installer (Right Click and select extract).rar
2015-10-06 16:21 - 2015-10-06 16:21 - 00003164 _____ C:\WINDOWS\System32\Tasks\WinThruster
2015-10-06 16:21 - 2015-10-06 16:21 - 00003108 _____ C:\WINDOWS\System32\Tasks\WinThruster_UPDATES
2015-10-06 16:21 - 2015-10-06 16:21 - 00002952 _____ C:\WINDOWS\System32\Tasks\WinThruster_DEFAULT
2015-10-06 16:21 - 2015-10-06 16:21 - 00001123 _____ C:\Users\Public\Desktop\WinThruster.lnk
2015-10-06 16:21 - 2015-10-06 16:21 - 00000306 _____ C:\WINDOWS\Tasks\WinThruster_UPDATES.job
2015-10-06 16:21 - 2015-10-06 16:21 - 00000298 _____ C:\WINDOWS\Tasks\WinThruster_DEFAULT.job
2015-10-06 16:21 - 2015-10-06 16:21 - 00000000 ____D C:\Users\Tyler Prada\AppData\Roaming\Solvusoft
2015-10-06 16:21 - 2015-10-06 16:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinThruster
2015-10-06 16:21 - 2015-10-06 16:21 - 00000000 ____D C:\Program Files (x86)\WinThruster
2015-10-06 16:21 - 2012-10-15 17:02 - 00019888 _____ (solvusoft) C:\WINDOWS\system32\roboot64.exe
2015-10-06 16:20 - 2015-10-06 16:20 - 03895432 _____ (solvusoft Corporation ) C:\Users\Tyler Prada\Downloads\Setup_WinThruster_2015.exe
2015-10-06 16:10 - 2015-10-06 16:10 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Tyler Prada\Downloads\sh-remover.exe
2015-10-04 10:17 - 2015-10-04 22:21 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-04 10:17 - 2015-10-04 10:17 - 18801736 _____ C:\Users\Tyler Prada\Downloads\RogueKiller.exe
2015-10-04 10:17 - 2015-10-04 10:17 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-04 09:51 - 2015-10-04 09:51 - 00000000 ____D C:\Users\Tyler Prada\Desktop\mbam-chameleon-3.1.25.0
2015-10-04 09:50 - 2015-10-04 09:51 - 06383209 _____ C:\Users\Tyler Prada\Downloads\mbam-chameleon-3.1.25.0.zip
2015-10-04 09:47 - 2015-10-06 19:51 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-04 09:38 - 2015-10-04 09:38 - 00000932 _____ C:\WINDOWS\PFRO.log
2015-10-04 09:05 - 2015-10-04 09:06 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Tyler Prada\Downloads\tdsskiller.exe
2015-10-04 08:47 - 2015-10-04 09:35 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Tyler Prada\Downloads\mbam-setup-2.1.8.1057 (2).exe
2015-10-04 08:47 - 2015-10-04 08:47 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Tyler Prada\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-10-04 08:38 - 2015-10-04 10:10 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-10-04 08:30 - 2015-10-04 08:30 - 00000000 ____D C:\WINDOWS\pss
2015-10-02 17:53 - 2015-10-02 17:53 - 00469776 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin98ip.dll
2015-10-02 17:53 - 2015-10-02 17:53 - 00466736 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin98itp.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 22915560 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 17847784 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 11905432 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 11054568 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 10574992 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 08528888 _____ (Intel Corporation) C:\WINDOWS\system32\ig7icd64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 04025864 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAAC64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 03670824 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 02508480 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiVAD64.exe
2015-10-02 17:51 - 2015-10-02 17:51 - 02035712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 01994240 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 01793024 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 01766912 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 01468952 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 01155992 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 01153360 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00866824 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00661000 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00617464 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00616472 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMux64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00467696 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00444832 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2015-10-02 17:51 - 2015-10-02 17:51 - 00392704 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00385528 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00378824 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00375784 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00359432 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00329208 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00295416 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00290216 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2015-10-02 17:51 - 2015-10-02 17:51 - 00264192 _____ C:\WINDOWS\system32\igfxCPL.cpl
2015-10-02 17:51 - 2015-10-02 17:51 - 00234472 _____ C:\WINDOWS\system32\igdde64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00229664 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00228864 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00225288 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUtils64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00215032 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4276.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00204200 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2015-10-02 17:51 - 2015-10-02 17:51 - 00200608 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00194552 _____ C:\WINDOWS\SysWOW64\igdde32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00194360 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00193536 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00191000 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00188884 _____ C:\WINDOWS\system32\resTHA.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00181524 _____ C:\WINDOWS\system32\resELL.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00177300 _____ C:\WINDOWS\system32\resRUS.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00171000 _____ C:\WINDOWS\system32\igdail64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00169368 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00163840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00163044 _____ C:\WINDOWS\system32\resARA.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00162500 _____ C:\WINDOWS\system32\resHEB.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00162484 _____ C:\WINDOWS\system32\resJPN.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00157860 _____ C:\WINDOWS\system32\resHUN.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00157844 _____ C:\WINDOWS\system32\resFRA.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00156100 _____ C:\WINDOWS\system32\resKOR.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00156020 _____ C:\WINDOWS\system32\resDEU.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00155988 _____ C:\WINDOWS\system32\resITA.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00155828 _____ C:\WINDOWS\system32\resROM.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00155716 _____ C:\WINDOWS\system32\resESN.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00155268 _____ C:\WINDOWS\system32\resPLK.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00155172 _____ C:\WINDOWS\system32\resSKY.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00154980 _____ C:\WINDOWS\system32\resNLD.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00154372 _____ C:\WINDOWS\system32\resPTB.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00154260 _____ C:\WINDOWS\system32\resTRK.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00154212 _____ C:\WINDOWS\system32\resCSY.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00154088 _____ C:\WINDOWS\SysWOW64\igdail32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00154084 _____ C:\WINDOWS\system32\resPTG.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00153620 _____ C:\WINDOWS\system32\resFIN.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00153236 _____ C:\WINDOWS\system32\resHRV.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00152772 _____ C:\WINDOWS\system32\resSVE.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00152644 _____ C:\WINDOWS\system32\resSLV.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00151668 _____ C:\WINDOWS\system32\resNOR.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00151156 _____ C:\WINDOWS\system32\resDAN.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00149812 _____ C:\WINDOWS\system32\resENU.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00148052 _____ C:\WINDOWS\system32\resCHT.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00147188 _____ C:\WINDOWS\system32\resCHS.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00143368 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCUMD64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00107544 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiLogServer64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00096744 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00078328 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00072696 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00069112 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00068088 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00040712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00039416 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00020456 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00019456 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00018944 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00018936 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00013824 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00013816 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00002560 _____ C:\WINDOWS\system32\iglhxs64.vp
2015-10-02 17:50 - 2015-10-02 17:51 - 06513640 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig7icd32.dll
2015-10-02 17:50 - 2015-10-02 17:50 - 04371880 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2015-10-02 17:50 - 2015-10-02 17:50 - 04368296 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2015-10-02 17:50 - 2015-10-02 17:50 - 00969128 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2015-10-02 17:50 - 2015-10-02 17:50 - 00555440 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2015-10-02 17:50 - 2015-10-02 17:50 - 00554920 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2015-10-02 17:50 - 2015-10-02 17:50 - 00409512 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeApp.exe
2015-10-02 17:50 - 2015-10-02 17:50 - 00409008 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeAppv2_0.exe
2015-10-02 17:50 - 2015-10-02 17:50 - 00316245 _____ C:\WINDOWS\system32\DisplayAudiox64.cab
2015-10-02 17:50 - 2015-10-02 17:50 - 00165800 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2015-10-02 17:50 - 2015-10-02 17:50 - 00102912 _____ C:\WINDOWS\system32\IccLibDll_x64.dll
2015-10-02 16:36 - 2015-10-02 16:36 - 00000000 ___HD C:\$SysReset
2015-09-25 12:52 - 2015-09-25 12:52 - 00022512 _____ C:\Users\Tyler Prada\Downloads\arabella.zip
2015-09-24 20:00 - 2015-09-24 20:00 - 00003074 _____ C:\Users\Tyler Prada\Downloads\final.sql
2015-09-23 13:05 - 2015-10-02 17:06 - 00000000 ____D C:\Program Files (x86)\Plantronics
2015-09-22 20:22 - 2015-10-02 17:06 - 00000000 ____D C:\Program Files (x86)\Ginger
2015-09-22 20:22 - 2015-09-22 20:22 - 00000000 ____D C:\Users\Tyler Prada\AppData\Roaming\Acapela Group
2015-09-22 20:21 - 2015-09-22 20:22 - 00007943 _____ C:\GingerSetup.log
2015-09-22 20:21 - 2015-09-22 20:22 - 00005481 _____ C:\GingerSetupHelper.log
2015-09-22 20:16 - 2015-09-22 20:16 - 00881640 _____ (Ginger Software) C:\Users\Tyler Prada\Downloads\Ginger.exe
2015-09-21 14:19 - 2015-09-21 14:19 - 00000000 ____D C:\Users\Tyler Prada\Desktop\Walls
2015-09-17 15:15 - 2015-09-17 15:15 - 00094763 _____ C:\Users\Tyler Prada\Desktop\Final_Project.zip
2015-09-16 17:17 - 2015-09-16 17:17 - 00000000 ___RD C:\Users\Tyler Prada\3D Objects
2015-09-16 16:32 - 2015-09-16 16:32 - 00495210 _____ C:\Users\Tyler Prada\Downloads\HwcYWCi9.txt
2015-09-16 16:27 - 2015-09-16 16:27 - 00000088 _____ C:\WINDOWS\system32\Drivers\etc\edgeadblock.log
2015-09-16 16:25 - 2015-09-16 16:25 - 06162288 _____ ( ) C:\Users\Tyler Prada\Downloads\adblockplusie-1.4.exe
2015-09-16 16:25 - 2015-09-16 16:25 - 00087203 _____ C:\Users\Tyler Prada\Downloads\EdgeAdblock_10.zip
2015-09-16 16:25 - 2015-09-16 16:25 - 00087203 _____ C:\Users\Tyler Prada\Downloads\EdgeAdblock_10 (1).zip
2015-09-13 08:31 - 2015-09-13 08:31 - 00150605 _____ C:\Users\Tyler Prada\Downloads\WaterFall Clinic MAP.vsdx
2015-09-11 15:40 - 2015-09-11 15:40 - 00037142 _____ C:\Users\Tyler Prada\Downloads\Sequence Diagram (HR).vsdx
2015-09-11 15:40 - 2015-09-11 15:40 - 00034452 _____ C:\Users\Tyler Prada\Downloads\Use Case Diagram (HR).vsdx
2015-09-10 14:24 - 2015-09-10 14:24 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-09-10 14:03 - 2015-09-10 14:03 - 00000000 ____D C:\Program Files (x86)\MSECache
2015-09-10 14:02 - 2015-09-10 14:03 - 32448168 _____ (Microsoft Corporation) C:\Users\Tyler Prada\Downloads\visioconverter-en-us.exe
2015-09-10 13:54 - 2015-09-10 13:54 - 00774656 _____ C:\Users\Tyler Prada\Downloads\SDM_EN (1).msi
2015-09-10 13:54 - 2015-09-10 13:54 - 00000183 _____ C:\Users\Tyler Prada\Downloads\100357089704 (1).sdx
2015-09-10 13:50 - 2015-09-10 13:52 - 00000000 ____D C:\Users\Tyler Prada\AppData\Roaming\VMware
2015-09-10 13:50 - 2015-09-10 13:52 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\VMware
2015-09-10 13:48 - 2015-09-10 13:48 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-09-10 13:47 - 2015-08-04 01:10 - 00075512 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vsock.sys
2015-09-10 13:47 - 2015-08-04 01:10 - 00068288 _____ (VMware, Inc.) C:\WINDOWS\system32\vsocklib.dll
2015-09-10 13:47 - 2015-08-04 01:10 - 00064192 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vsocklib.dll
2015-09-10 13:46 - 2015-08-14 14:03 - 00934080 _____ (VMware, Inc.) C:\WINDOWS\system32\vnetlib64.dll
2015-09-10 13:46 - 2015-08-14 14:03 - 00391872 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnat.exe
2015-09-10 13:46 - 2015-08-14 14:03 - 00358080 _____ (VMware, Inc.) C:\WINDOWS\SysWOW64\vmnetdhcp.exe
2015-09-10 13:46 - 2015-08-14 14:03 - 00066752 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmx86.sys
2015-09-10 13:46 - 2015-08-14 13:43 - 00026816 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\vmnetuserif.sys
2015-09-10 13:46 - 2015-08-11 19:27 - 00057536 _____ (VMware, Inc.) C:\WINDOWS\system32\Drivers\hcmon.sys
2015-09-10 13:45 - 2015-10-02 17:06 - 00000000 ____D C:\Program Files\Common Files\VMware
2015-09-10 13:45 - 2015-09-10 13:45 - 00001287 _____ C:\Users\Public\Desktop\VMware Workstation Pro.lnk
2015-09-10 13:45 - 2015-09-10 13:45 - 00001024 _____ C:\WINDOWS\SysWOW64\%TMP%
2015-09-10 13:44 - 2015-10-02 17:06 - 00000000 ____D C:\Program Files (x86)\VMware
2015-09-10 13:44 - 2015-10-02 16:49 - 00000000 ____D C:\ProgramData\VMware
2015-09-10 13:40 - 2015-09-10 13:41 - 306299040 _____ (VMware, Inc.) C:\Users\Tyler Prada\Downloads\VMware-workstation-full-12.0.0-2985596.exe
2015-09-09 14:40 - 2015-09-09 14:40 - 00005153 _____ C:\Users\Tyler Prada\Desktop\wk6_Prada.zip
2015-09-09 14:33 - 2015-09-01 21:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-09 14:33 - 2015-09-01 20:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-09 14:33 - 2015-09-01 20:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-09 14:33 - 2015-08-27 02:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 14:33 - 2015-08-27 02:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-09 14:33 - 2015-08-27 02:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-09 14:33 - 2015-08-27 01:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 14:33 - 2015-08-27 01:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 14:33 - 2015-08-27 01:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-09 14:33 - 2015-08-27 01:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 14:33 - 2015-08-27 01:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 14:33 - 2015-08-27 01:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 14:33 - 2015-08-27 01:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 14:33 - 2015-08-27 01:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 14:33 - 2015-08-27 01:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 14:33 - 2015-08-27 01:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 14:33 - 2015-08-27 01:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 14:33 - 2015-08-27 01:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-09 14:33 - 2015-08-27 01:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-09 14:33 - 2015-08-27 01:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 14:33 - 2015-08-27 01:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 14:33 - 2015-08-27 01:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 14:33 - 2015-08-27 01:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 14:33 - 2015-08-27 01:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-09 14:33 - 2015-08-27 01:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 14:33 - 2015-08-27 01:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 14:33 - 2015-08-27 01:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 14:33 - 2015-08-27 01:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 14:33 - 2015-08-27 01:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 14:33 - 2015-08-27 01:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 14:33 - 2015-08-27 01:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 14:33 - 2015-08-27 01:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-06 20:00 - 2014-08-07 13:00 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\Pokki
2015-10-06 19:59 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-06 19:47 - 2014-05-17 10:28 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-06 19:31 - 2014-09-19 17:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-06 17:58 - 2014-08-26 20:11 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\CrashDumps
2015-10-06 16:21 - 2015-07-31 13:07 - 01064082 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-06 16:01 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-06 16:01 - 2014-12-10 14:31 - 00000000 ____D C:\Users\Tyler Prada\AppData\Roaming\Spotify
2015-10-06 16:00 - 2014-10-21 15:27 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\Adobe
2015-10-06 15:59 - 2014-08-07 17:33 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4942A5B4-7510-410C-A50D-735B59B400C9}
2015-10-06 15:58 - 2014-08-26 20:45 - 00003875 _____ C:\WINDOWS\system32\lvcoinst.log
2015-10-06 15:57 - 2014-12-10 14:32 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\Spotify
2015-10-06 15:57 - 2014-08-07 13:05 - 00002217 _____ C:\Users\Tyler Prada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
2015-10-06 15:56 - 2015-08-27 13:15 - 00001052 _____ C:\WINDOWS\Tasks\MandvDL7OHsHrPHG1an4oY.job
2015-10-06 15:56 - 2014-05-17 10:28 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-04 10:12 - 2015-07-10 08:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-04 10:12 - 2015-07-10 05:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-04 10:11 - 2015-08-27 13:49 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-04 09:37 - 2015-05-08 14:16 - 00000000 ____D C:\Users\Tyler Prada\AppData\Roaming\uTorrent
2015-10-04 09:37 - 2014-08-07 14:40 - 00000000 ____D C:\Users\Tyler Prada\AppData\Roaming\TeamViewer
2015-10-04 09:19 - 2014-05-17 10:28 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-04 08:28 - 2015-07-31 14:21 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-10-02 18:32 - 2015-07-10 06:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-02 17:51 - 2015-07-31 13:03 - 00072696 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-10-02 17:51 - 2015-07-31 13:03 - 00069112 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-10-02 17:51 - 2015-07-11 00:51 - 00540080 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2015-10-02 17:51 - 2015-07-11 00:51 - 00393640 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTray.exe
2015-10-02 17:51 - 2015-07-11 00:51 - 00328624 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2015-10-02 17:51 - 2015-07-11 00:51 - 00256936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2015-10-02 17:51 - 2015-07-11 00:50 - 03797424 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2015-10-02 17:51 - 2015-07-11 00:49 - 12334072 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll
2015-10-02 17:51 - 2015-07-11 00:49 - 04637640 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll
2015-10-02 17:51 - 2015-07-11 00:46 - 00678912 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2015-10-02 17:51 - 2015-07-11 00:46 - 00285184 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2015-10-02 17:51 - 2015-07-11 00:46 - 00261112 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2015-10-02 17:23 - 2014-08-08 06:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-02 17:12 - 2015-07-31 13:09 - 00000000 ____D C:\Users\Tyler Prada
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 __RSD C:\WINDOWS\Media
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ___SD C:\WINDOWS\system32\Nui
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system\Speech
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\IME
2015-10-02 17:07 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-10-02 17:07 - 2014-08-10 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-10-02 17:07 - 2014-05-17 10:30 - 00000000 ____D C:\ProgramData\Norton
2015-10-02 17:07 - 2014-05-17 10:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-02 17:06 - 2014-08-10 09:37 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-10-02 16:53 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\registration
2015-10-02 16:50 - 2014-08-07 13:01 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\Packages
2015-10-02 16:17 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-30 21:57 - 2014-08-08 06:48 - 00000000 ____D C:\Users\Tyler Prada\OneDrive
2015-09-22 18:31 - 2015-08-27 13:49 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-09-21 12:48 - 2015-01-06 16:03 - 00228590 _____ C:\WINDOWS\hpwins05.dat
2015-09-21 12:48 - 2015-01-06 16:03 - 00003375 _____ C:\ProgramData\hpzinstall.log
2015-09-21 12:47 - 2013-08-22 09:25 - 00000127 _____ C:\WINDOWS\win.ini
2015-09-17 16:02 - 2014-10-21 16:19 - 00000132 _____ C:\Users\Tyler Prada\AppData\Roaming\Adobe PNG Format CC Prefs
2015-09-16 16:13 - 2015-07-31 14:32 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\MicrosoftEdge
2015-09-16 14:42 - 2014-05-17 10:28 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 14:42 - 2014-05-17 10:28 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 12:12 - 2015-07-10 07:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 12:12 - 2015-07-10 07:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 16:30 - 2015-01-23 14:49 - 00000000 ____D C:\Users\Tyler Prada\Documents\Visual Studio 2013
2015-09-13 10:25 - 2014-08-07 14:39 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\Google
2015-09-10 14:49 - 2015-07-10 08:20 - 04968688 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-09-10 14:46 - 2015-07-10 09:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 14:46 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-10 14:24 - 2014-03-19 16:23 - 00095016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dc3d.sys
2015-09-10 13:59 - 2014-12-07 15:57 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\Microsoft Help
2015-09-10 13:54 - 2015-01-23 14:00 - 00003211 _____ C:\Users\Tyler Prada\Desktop\Shortcut to SecureDownloadManager.exe.lnk
2015-09-10 13:49 - 2014-12-07 15:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-10 13:48 - 2014-12-07 16:00 - 00000039 _____ C:\WINDOWS\vbaddin.ini
2015-09-10 13:45 - 2015-07-31 13:07 - 01078224 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-09-09 16:00 - 2014-08-10 12:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-09 14:16 - 2015-07-31 14:34 - 00002363 _____ C:\Users\Tyler Prada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
 
==================== Files in the root of some directories =======
 
2015-03-19 16:40 - 2015-03-19 16:44 - 0000132 _____ () C:\Users\Tyler Prada\AppData\Roaming\Adobe OpenEXR Format CC Prefs
2014-10-21 16:19 - 2015-09-17 16:02 - 0000132 _____ () C:\Users\Tyler Prada\AppData\Roaming\Adobe PNG Format CC Prefs
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Tyler Prada\AppData\Roaming\MandvDL7OHsHrPHG1an4oY
2015-08-27 13:14 - 2015-08-27 13:14 - 0000064 _____ () C:\Users\Tyler Prada\AppData\Local\83217340847f5221d8441ac494f42e3e
2015-03-12 15:58 - 2015-03-12 16:02 - 0001456 _____ () C:\Users\Tyler Prada\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-10-21 15:00 - 2014-10-21 15:00 - 0076722 _____ () C:\Users\Tyler Prada\AppData\Local\recently-used.xbel
2015-08-27 13:14 - 2015-08-27 13:14 - 0000187 _____ () C:\Users\Tyler Prada\AppData\Local\Streetice.exe.config
2015-07-31 13:04 - 2015-07-31 13:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-06 16:03 - 2015-09-21 12:48 - 0003375 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Tyler Prada\AppData\Local\Temp\dllnt_dump.dll
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll
[2015-07-10 07:00] - [2015-08-27 13:19] - 0680256 ____A (Microsoft Corporation) D72F00D038CAF288009C8A7FC3BA2B11
 
C:\WINDOWS\SysWOW64\dnsapi.dll IS MISSING <==== ATTENTION
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2015-10-06 16:18
 
==================== End of FRST.txt ============================

 

Attached Files



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:42 PM

Posted 07 October 2015 - 03:29 AM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

frst.pngfrstsearch.png
  • Start FRST with Administrator privileges.
  • Write the following text into the Search textbox:
dnsapi.dll
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 masterkindew

masterkindew
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 07 October 2015 - 06:47 AM

Hello, first I'd like to say thank you for your swift reply. Also I did the search for dnsapi.dll in FRST and this is what is had come up with.

 
Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Tyler Prada (2015-10-07 07:39:46)
Running from C:\Users\Tyler Prada\Desktop
Boot Mode: Normal
 
================== Search Files: "dnsapi.dll" =============
 
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_a7e0cfc0f233a685\dnsapi.dll
[2015-07-10 07:00][2015-07-10 07:00] 0534064 ____N (Microsoft Corporation) BB5BBD0E4D04047585E4ED0F07AA51E7 [File is digitally signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_9d8c256ebdd2e48a\dnsapi.dll
[2015-07-10 07:00][2015-07-10 07:00] 0680256 ____N (Microsoft Corporation) C287D0E32771E3222A444DC527A29477 [File is digitally signed]
 
C:\Windows\System32\dnsapi.dll
[2015-07-10 07:00][2015-08-27 13:19] 0680256 ____A (Microsoft Corporation) D72F00D038CAF288009C8A7FC3BA2B11 [File not signed]
 
====== End of Search ======



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:42 PM

Posted 07 October 2015 - 10:13 AM

Hi, you're welcome. :)

Please be patient, the next step can take some time.

Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    CMD: sfc /scannow
    CMD: findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 masterkindew

masterkindew
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 07 October 2015 - 05:29 PM

Alright, I have followed the next process, and this is what was put in the fixlog:

 

Fix result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Tyler Prada (2015-10-07 17:51:41) Run:1
Running from C:\Users\Tyler Prada\Desktop
Loaded Profiles: Tyler Prada (Available Profiles: Tyler Prada)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
CMD: sfc /scannow
CMD: findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt"
*****************
 
Processes closed successfully.
 
=========  sfc /scannow =========
 

 
 
 B e g i n n i n g   s y s t e m   s c a n .     T h i s   p r o c e s s   w i l l   t a k e   s o m e   t i m e .
 
 
 
 
 
 B e g i n n i n g   v e r i f i c a t i o n   p h a s e   o f   s y s t e m   s c a n .
 
 
 V e r i f i c a t i o n   0 %   c o m p l e t e . V e r i f i c a t i o n   1 %   c o m p l e t e . V e r i f i c a t i o n   1 %   c o m p l e t e . V e r i f i c a t i o n   2 %   c o m p l e t e . V e r i f i c a t i o n   2 %   c o m p l e t e . V e r i f i c a t i o n   3 %   c o m p l e t e . V e r i f i c a t i o n   3 %   c o m p l e t e . V e r i f i c a t i o n   4 %   c o m p l e t e . V e r i f i c a t i o n   5 %   c o m p l e t e . V e r i f i c a t i o n   5 %   c o m p l e t e . V e r i f i c a t i o n   6 %   c o m p l e t e . V e r i f i c a t i o n   6 %   c o m p l e t e . V e r i f i c a t i o n   7 %   c o m p l e t e . V e r i f i c a t i o n   7 %   c o m p l e t e . V e r i f i c a t i o n   8 %   c o m p l e t e . V e r i f i c a t i o n   8 %   c o m p l e t e . V e r i f i c a t i o n   9 %   c o m p l e t e . V e r i f i c a t i o n   1 0 %   c o m p l e t e . V e r i f i c a t i o n   1 0 %   c o m p l e t e . V e r i f i c a t i o n   1 1 %   c o m p l e t e . V e r i f i c a t i o n   1 1 %   c o m p l e t e . V e r i f i c a t i o n   1 2 %   c o m p l e t e . V e r i f i c a t i o n   1 2 %   c o m p l e t e . V e r i f i c a t i o n   1 3 %   c o m p l e t e . V e r i f i c a t i o n   1 4 %   c o m p l e t e . V e r i f i c a t i o n   1 4 %   c o m p l e t e . V e r i f i c a t i o n   1 5 %   c o m p l e t e . V e r i f i c a t i o n   1 5 %   c o m p l e t e . V e r i f i c a t i o n   1 6 %   c o m p l e t e . V e r i f i c a t i o n   1 6 %   c o m p l e t e . V e r i f i c a t i o n   1 7 %   c o m p l e t e . V e r i f i c a t i o n   1 7 %   c o m p l e t e . V e r i f i c a t i o n   1 8 %   c o m p l e t e . V e r i f i c a t i o n   1 9 %   c o m p l e t e . V e r i f i c a t i o n   1 9 %   c o m p l e t e . V e r i f i c a t i o n   2 0 %   c o m p l e t e . V e r i f i c a t i o n   2 0 %   c o m p l e t e . V e r i f i c a t i o n   2 1 %   c o m p l e t e . V e r i f i c a t i o n   2 1 %   c o m p l e t e . V e r i f i c a t i o n   2 2 %   c o m p l e t e . V e r i f i c a t i o n   2 2 %   c o m p l e t e . V e r i f i c a t i o n   2 3 %   c o m p l e t e . V e r i f i c a t i o n   2 4 %   c o m p l e t e . V e r i f i c a t i o n   2 4 %   c o m p l e t e . V e r i f i c a t i o n   2 5 %   c o m p l e t e . V e r i f i c a t i o n   2 5 %   c o m p l e t e . V e r i f i c a t i o n   2 6 %   c o m p l e t e . V e r i f i c a t i o n   2 6 %   c o m p l e t e . V e r i f i c a t i o n   2 7 %   c o m p l e t e . V e r i f i c a t i o n   2 8 %   c o m p l e t e . V e r i f i c a t i o n   2 8 %   c o m p l e t e . V e r i f i c a t i o n   2 9 %   c o m p l e t e . V e r i f i c a t i o n   2 9 %   c o m p l e t e . V e r i f i c a t i o n   3 0 %   c o m p l e t e . V e r i f i c a t i o n   3 0 %   c o m p l e t e . V e r i f i c a t i o n   3 1 %   c o m p l e t e . V e r i f i c a t i o n   3 1 %   c o m p l e t e . V e r i f i c a t i o n   3 2 %   c o m p l e t e . V e r i f i c a t i o n   3 3 %   c o m p l e t e . V e r i f i c a t i o n   3 3 %   c o m p l e t e . V e r i f i c a t i o n   3 4 %   c o m p l e t e . V e r i f i c a t i o n   3 4 %   c o m p l e t e . V e r i f i c a t i o n   3 5 %   c o m p l e t e . V e r i f i c a t i o n   3 5 %   c o m p l e t e . V e r i f i c a t i o n   3 6 %   c o m p l e t e . V e r i f i c a t i o n   3 6 %   c o m p l e t e . V e r i f i c a t i o n   3 7 %   c o m p l e t e . V e r i f i c a t i o n   3 8 %   c o m p l e t e . V e r i f i c a t i o n   3 8 %   c o m p l e t e . V e r i f i c a t i o n   3 9 %   c o m p l e t e . V e r i f i c a t i o n   3 9 %   c o m p l e t e . V e r i f i c a t i o n   4 0 %   c o m p l e t e . V e r i f i c a t i o n   4 0 %   c o m p l e t e . V e r i f i c a t i o n   4 1 %   c o m p l e t e . V e r i f i c a t i o n   4 2 %   c o m p l e t e . V e r i f i c a t i o n   4 2 %   c o m p l e t e . V e r i f i c a t i o n   4 3 %   c o m p l e t e . V e r i f i c a t i o n   4 3 %   c o m p l e t e . V e r i f i c a t i o n   4 4 %   c o m p l e t e . V e r i f i c a t i o n   4 4 %   c o m p l e t e . V e r i f i c a t i o n   4 5 %   c o m p l e t e . V e r i f i c a t i o n   4 5 %   c o m p l e t e . V e r i f i c a t i o n   4 6 %   c o m p l e t e . V e r i f i c a t i o n   4 7 %   c o m p l e t e . V e r i f i c a t i o n   4 7 %   c o m p l e t e . V e r i f i c a t i o n   4 8 %   c o m p l e t e . V e r i f i c a t i o n   4 8 %   c o m p l e t e . V e r i f i c a t i o n   4 9 %   c o m p l e t e . V e r i f i c a t i o n   4 9 %   c o m p l e t e . V e r i f i c a t i o n   5 0 %   c o m p l e t e . V e r i f i c a t i o n   5 0 %   c o m p l e t e . V e r i f i c a t i o n   5 1 %   c o m p l e t e . V e r i f i c a t i o n   5 2 %   c o m p l e t e . V e r i f i c a t i o n   5 2 %   c o m p l e t e . V e r i f i c a t i o n   5 3 %   c o m p l e t e . V e r i f i c a t i o n   5 3 %   c o m p l e t e . V e r i f i c a t i o n   5 4 %   c o m p l e t e . V e r i f i c a t i o n   5 4 %   c o m p l e t e . V e r i f i c a t i o n   5 5 %   c o m p l e t e . V e r i f i c a t i o n   5 6 %   c o m p l e t e . V e r i f i c a t i o n   5 6 %   c o m p l e t e . V e r i f i c a t i o n   5 7 %   c o m p l e t e . V e r i f i c a t i o n   5 7 %   c o m p l e t e . V e r i f i c a t i o n   5 8 %   c o m p l e t e . V e r i f i c a t i o n   5 8 %   c o m p l e t e . V e r i f i c a t i o n   5 9 %   c o m p l e t e . V e r i f i c a t i o n   5 9 %   c o m p l e t e . V e r i f i c a t i o n   6 0 %   c o m p l e t e . V e r i f i c a t i o n   6 1 %   c o m p l e t e . V e r i f i c a t i o n   6 1 %   c o m p l e t e . V e r i f i c a t i o n   6 2 %   c o m p l e t e . V e r i f i c a t i o n   6 2 %   c o m p l e t e . V e r i f i c a t i o n   6 3 %   c o m p l e t e . V e r i f i c a t i o n   6 3 %   c o m p l e t e . V e r i f i c a t i o n   6 4 %   c o m p l e t e . V e r i f i c a t i o n   6 4 %   c o m p l e t e . V e r i f i c a t i o n   6 5 %   c o m p l e t e . V e r i f i c a t i o n   6 6 %   c o m p l e t e . V e r i f i c a t i o n   6 6 %   c o m p l e t e . V e r i f i c a t i o n   6 7 %   c o m p l e t e . V e r i f i c a t i o n   6 7 %   c o m p l e t e . V e r i f i c a t i o n   6 8 %   c o m p l e t e . V e r i f i c a t i o n   6 8 %   c o m p l e t e . V e r i f i c a t i o n   6 9 %   c o m p l e t e . V e r i f i c a t i o n   7 0 %   c o m p l e t e . V e r i f i c a t i o n   7 0 %   c o m p l e t e . V e r i f i c a t i o n   7 1 %   c o m p l e t e . V e r i f i c a t i o n   7 1 %   c o m p l e t e . V e r i f i c a t i o n   7 2 %   c o m p l e t e . V e r i f i c a t i o n   7 2 %   c o m p l e t e . V e r i f i c a t i o n   7 3 %   c o m p l e t e . V e r i f i c a t i o n   7 3 %   c o m p l e t e . V e r i f i c a t i o n   7 4 %   c o m p l e t e . V e r i f i c a t i o n   7 5 %   c o m p l e t e . V e r i f i c a t i o n   7 5 %   c o m p l e t e . V e r i f i c a t i o n   7 6 %   c o m p l e t e . V e r i f i c a t i o n   7 6 %   c o m p l e t e . V e r i f i c a t i o n   7 7 %   c o m p l e t e . V e r i f i c a t i o n   7 7 %   c o m p l e t e . V e r i f i c a t i o n   7 8 %   c o m p l e t e . V e r i f i c a t i o n   7 8 %   c o m p l e t e . V e r i f i c a t i o n   7 9 %   c o m p l e t e . V e r i f i c a t i o n   8 0 %   c o m p l e t e . V e r i f i c a t i o n   8 0 %   c o m p l e t e . V e r i f i c a t i o n   8 1 %   c o m p l e t e . V e r i f i c a t i o n   8 1 %   c o m p l e t e . V e r i f i c a t i o n   8 2 %   c o m p l e t e . V e r i f i c a t i o n   8 2 %   c o m p l e t e . V e r i f i c a t i o n   8 3 %   c o m p l e t e . V e r i f i c a t i o n   8 4 %   c o m p l e t e . V e r i f i c a t i o n   8 4 %   c o m p l e t e . V e r i f i c a t i o n   8 5 %   c o m p l e t e . V e r i f i c a t i o n   8 5 %   c o m p l e t e . V e r i f i c a t i o n   8 6 %   c o m p l e t e . V e r i f i c a t i o n   8 6 %   c o m p l e t e . V e r i f i c a t i o n   8 7 %   c o m p l e t e . V e r i f i c a t i o n   8 7 %   c o m p l e t e . V e r i f i c a t i o n   8 8 %   c o m p l e t e . V e r i f i c a t i o n   8 9 %   c o m p l e t e . V e r i f i c a t i o n   8 9 %   c o m p l e t e . V e r i f i c a t i o n   9 0 %   c o m p l e t e . V e r i f i c a t i o n   9 0 %   c o m p l e t e . V e r i f i c a t i o n   9 1 %   c o m p l e t e . V e r i f i c a t i o n   9 1 %   c o m p l e t e . V e r i f i c a t i o n   9 2 %   c o m p l e t e . V e r i f i c a t i o n   9 2 %   c o m p l e t e . V e r i f i c a t i o n   9 3 %   c o m p l e t e . V e r i f i c a t i o n   9 4 %   c o m p l e t e . V e r i f i c a t i o n   9 4 %   c o m p l e t e . V e r i f i c a t i o n   9 5 %   c o m p l e t e . V e r i f i c a t i o n   9 5 %   c o m p l e t e . V e r i f i c a t i o n   9 6 %   c o m p l e t e . V e r i f i c a t i o n   9 6 %   c o m p l e t e . V e r i f i c a t i o n   9 7 %   c o m p l e t e . V e r i f i c a t i o n   9 8 %   c o m p l e t e . V e r i f i c a t i o n   9 8 %   c o m p l e t e . V e r i f i c a t i o n   9 9 %   c o m p l e t e . V e r i f i c a t i o n   9 9 %   c o m p l e t e . V e r i f i c a t i o n   1 0 0 %   c o m p l e t e .
 
 
 
 
 W i n d o w s   R e s o u r c e   P r o t e c t i o n   f o u n d   c o r r u p t   f i l e s   a n d   s u c c e s s f u l l y   r e p a i r e d  
 
 
 t h e m .   D e t a i l s   a r e   i n c l u d e d   i n   t h e   C B S . L o g   w i n d i r \ L o g s \ C B S \ C B S . l o g .   F o r  
 
 
 e x a m p l e   C : \ W i n d o w s \ L o g s \ C B S \ C B S . l o g .   N o t e   t h a t   l o g g i n g   i s   c u r r e n t l y   n o t  
 
 
 s u p p o r t e d   i n   o f f l i n e   s e r v i c i n g   s c e n a r i o s .
 
 
 
 
 
 T h e   s y s t e m   f i l e   r e p a i r   c h a n g e s   w i l l   t a k e   e f f e c t   a f t e r   t h e   n e x t   r e b o o t .
 
 
 
========= End of CMD: =========
 

=========  findstr /c:"[SR]" %windir%\logs\cbs\cbs.log >> "%userprofile%\desktop\sfcdetails.txt" =========
 
2015-10-07 17:51:52, Info                  CSI    0000000a [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:51:52, Info                  CSI    0000000b [SR] Beginning Verify and Repair transaction
2015-10-07 17:52:00, Info                  CSI    00000070 [SR] Verify complete
2015-10-07 17:52:00, Info                  CSI    00000071 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:52:00, Info                  CSI    00000072 [SR] Beginning Verify and Repair transaction
2015-10-07 17:52:05, Info                  CSI    000000d7 [SR] Verify complete
2015-10-07 17:52:05, Info                  CSI    000000d8 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:52:05, Info                  CSI    000000d9 [SR] Beginning Verify and Repair transaction
2015-10-07 17:52:10, Info                  CSI    0000013e [SR] Verify complete
2015-10-07 17:52:10, Info                  CSI    0000013f [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:52:10, Info                  CSI    00000140 [SR] Beginning Verify and Repair transaction
2015-10-07 17:52:15, Info                  CSI    000001a5 [SR] Verify complete
2015-10-07 17:52:16, Info                  CSI    000001a6 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:52:16, Info                  CSI    000001a7 [SR] Beginning Verify and Repair transaction
2015-10-07 17:52:23, Info                  CSI    0000020c [SR] Verify complete
2015-10-07 17:52:23, Info                  CSI    0000020d [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:52:23, Info                  CSI    0000020e [SR] Beginning Verify and Repair transaction
2015-10-07 17:52:29, Info                  CSI    00000273 [SR] Verify complete
2015-10-07 17:52:29, Info                  CSI    00000274 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:52:29, Info                  CSI    00000275 [SR] Beginning Verify and Repair transaction
2015-10-07 17:52:37, Info                  CSI    000002dc [SR] Verify complete
2015-10-07 17:52:38, Info                  CSI    000002dd [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:52:38, Info                  CSI    000002de [SR] Beginning Verify and Repair transaction
2015-10-07 17:52:46, Info                  CSI    00000348 [SR] Verify complete
2015-10-07 17:52:46, Info                  CSI    00000349 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:52:46, Info                  CSI    0000034a [SR] Beginning Verify and Repair transaction
2015-10-07 17:52:54, Info                  CSI    000003af [SR] Verify complete
2015-10-07 17:52:54, Info                  CSI    000003b0 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:52:54, Info                  CSI    000003b1 [SR] Beginning Verify and Repair transaction
2015-10-07 17:52:59, Info                  CSI    00000416 [SR] Verify complete
2015-10-07 17:52:59, Info                  CSI    00000417 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:52:59, Info                  CSI    00000418 [SR] Beginning Verify and Repair transaction
2015-10-07 17:53:04, Info                  CSI    0000047d [SR] Verify complete
2015-10-07 17:53:04, Info                  CSI    0000047e [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:53:04, Info                  CSI    0000047f [SR] Beginning Verify and Repair transaction
2015-10-07 17:53:10, Info                  CSI    000004e4 [SR] Verify complete
2015-10-07 17:53:10, Info                  CSI    000004e5 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:53:10, Info                  CSI    000004e6 [SR] Beginning Verify and Repair transaction
2015-10-07 17:53:17, Info                  CSI    0000054b [SR] Verify complete
2015-10-07 17:53:17, Info                  CSI    0000054c [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:53:17, Info                  CSI    0000054d [SR] Beginning Verify and Repair transaction
2015-10-07 17:53:25, Info                  CSI    000005b2 [SR] Verify complete
2015-10-07 17:53:25, Info                  CSI    000005b3 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:53:25, Info                  CSI    000005b4 [SR] Beginning Verify and Repair transaction
2015-10-07 17:53:32, Info                  CSI    00000619 [SR] Verify complete
2015-10-07 17:53:32, Info                  CSI    0000061a [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:53:32, Info                  CSI    0000061b [SR] Beginning Verify and Repair transaction
2015-10-07 17:53:37, Info                  CSI    00000680 [SR] Verify complete
2015-10-07 17:53:37, Info                  CSI    00000681 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:53:37, Info                  CSI    00000682 [SR] Beginning Verify and Repair transaction
2015-10-07 17:53:43, Info                  CSI    000006e7 [SR] Verify complete
2015-10-07 17:53:43, Info                  CSI    000006e8 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:53:43, Info                  CSI    000006e9 [SR] Beginning Verify and Repair transaction
2015-10-07 17:53:50, Info                  CSI    00000750 [SR] Verify complete
2015-10-07 17:53:50, Info                  CSI    00000751 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:53:50, Info                  CSI    00000752 [SR] Beginning Verify and Repair transaction
2015-10-07 17:53:57, Info                  CSI    000007bd [SR] Verify complete
2015-10-07 17:53:57, Info                  CSI    000007be [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:53:57, Info                  CSI    000007bf [SR] Beginning Verify and Repair transaction
2015-10-07 17:54:01, Info                  CSI    00000824 [SR] Verify complete
2015-10-07 17:54:01, Info                  CSI    00000825 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:54:01, Info                  CSI    00000826 [SR] Beginning Verify and Repair transaction
2015-10-07 17:54:04, Info                  CSI    0000088c [SR] Verify complete
2015-10-07 17:54:05, Info                  CSI    0000088d [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:54:05, Info                  CSI    0000088e [SR] Beginning Verify and Repair transaction
2015-10-07 17:54:08, Info                  CSI    000008fc [SR] Verify complete
2015-10-07 17:54:09, Info                  CSI    000008fd [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:54:09, Info                  CSI    000008fe [SR] Beginning Verify and Repair transaction
2015-10-07 17:54:12, Info                  CSI    00000967 [SR] Verify complete
2015-10-07 17:54:13, Info                  CSI    00000968 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:54:13, Info                  CSI    00000969 [SR] Beginning Verify and Repair transaction
2015-10-07 17:54:19, Info                  CSI    000009d4 [SR] Verify complete
2015-10-07 17:54:20, Info                  CSI    000009d5 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:54:20, Info                  CSI    000009d6 [SR] Beginning Verify and Repair transaction
2015-10-07 17:54:33, Info                  CSI    00000a59 [SR] Verify complete
2015-10-07 17:54:33, Info                  CSI    00000a5a [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:54:33, Info                  CSI    00000a5b [SR] Beginning Verify and Repair transaction
2015-10-07 17:54:44, Info                  CSI    00000acd [SR] Verify complete
2015-10-07 17:54:45, Info                  CSI    00000ace [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:54:45, Info                  CSI    00000acf [SR] Beginning Verify and Repair transaction
2015-10-07 17:54:53, Info                  CSI    00000b3b [SR] Verify complete
2015-10-07 17:54:54, Info                  CSI    00000b3c [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:54:54, Info                  CSI    00000b3d [SR] Beginning Verify and Repair transaction
2015-10-07 17:55:02, Info                  CSI    00000bb1 [SR] Verify complete
2015-10-07 17:55:03, Info                  CSI    00000bb2 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:55:03, Info                  CSI    00000bb3 [SR] Beginning Verify and Repair transaction
2015-10-07 17:55:16, Info                  CSI    00000c25 [SR] Verify complete
2015-10-07 17:55:16, Info                  CSI    00000c26 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:55:16, Info                  CSI    00000c27 [SR] Beginning Verify and Repair transaction
2015-10-07 17:55:27, Info                  CSI    00000c8e [SR] Verify complete
2015-10-07 17:55:28, Info                  CSI    00000c8f [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:55:28, Info                  CSI    00000c90 [SR] Beginning Verify and Repair transaction
2015-10-07 17:55:38, Info                  CSI    00000cf5 [SR] Verify complete
2015-10-07 17:55:38, Info                  CSI    00000cf6 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:55:38, Info                  CSI    00000cf7 [SR] Beginning Verify and Repair transaction
2015-10-07 17:55:45, Info                  CSI    00000d5c [SR] Verify complete
2015-10-07 17:55:45, Info                  CSI    00000d5d [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:55:45, Info                  CSI    00000d5e [SR] Beginning Verify and Repair transaction
2015-10-07 17:56:02, Info                  CSI    00000dc8 [SR] Verify complete
2015-10-07 17:56:02, Info                  CSI    00000dc9 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:56:02, Info                  CSI    00000dca [SR] Beginning Verify and Repair transaction
2015-10-07 17:56:15, Info                  CSI    00000e7b [SR] Verify complete
2015-10-07 17:56:15, Info                  CSI    00000e7c [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:56:15, Info                  CSI    00000e7d [SR] Beginning Verify and Repair transaction
2015-10-07 17:56:28, Info                  CSI    00000f36 [SR] Verify complete
2015-10-07 17:56:28, Info                  CSI    00000f37 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:56:28, Info                  CSI    00000f38 [SR] Beginning Verify and Repair transaction
2015-10-07 17:56:39, Info                  CSI    00000fdb [SR] Verify complete
2015-10-07 17:56:39, Info                  CSI    00000fdc [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:56:39, Info                  CSI    00000fdd [SR] Beginning Verify and Repair transaction
2015-10-07 17:56:51, Info                  CSI    00001053 [SR] Verify complete
2015-10-07 17:56:51, Info                  CSI    00001054 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:56:51, Info                  CSI    00001055 [SR] Beginning Verify and Repair transaction
2015-10-07 17:57:00, Info                  CSI    000010d0 [SR] Verify complete
2015-10-07 17:57:00, Info                  CSI    000010d1 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:57:00, Info                  CSI    000010d2 [SR] Beginning Verify and Repair transaction
2015-10-07 17:57:09, Info                  CSI    00001158 [SR] Verify complete
2015-10-07 17:57:09, Info                  CSI    00001159 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:57:09, Info                  CSI    0000115a [SR] Beginning Verify and Repair transaction
2015-10-07 17:57:18, Info                  CSI    000011cc [SR] Verify complete
2015-10-07 17:57:18, Info                  CSI    000011cd [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:57:18, Info                  CSI    000011ce [SR] Beginning Verify and Repair transaction
2015-10-07 17:57:26, Info                  CSI    00001238 [SR] Verify complete
2015-10-07 17:57:26, Info                  CSI    00001239 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:57:26, Info                  CSI    0000123a [SR] Beginning Verify and Repair transaction
2015-10-07 17:57:32, Info                  CSI    00001253 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\WINDOWS\System32"\[l:20{10}]"dnsapi.dll" from store
2015-10-07 17:57:35, Info                  CSI    000012a4 [SR] Verify complete
2015-10-07 17:57:36, Info                  CSI    000012a5 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:57:36, Info                  CSI    000012a6 [SR] Beginning Verify and Repair transaction
2015-10-07 17:57:45, Info                  CSI    00001322 [SR] Verify complete
2015-10-07 17:57:45, Info                  CSI    00001323 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:57:45, Info                  CSI    00001324 [SR] Beginning Verify and Repair transaction
2015-10-07 17:57:56, Info                  CSI    000013af [SR] Verify complete
2015-10-07 17:57:56, Info                  CSI    000013b0 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:57:56, Info                  CSI    000013b1 [SR] Beginning Verify and Repair transaction
2015-10-07 17:58:09, Info                  CSI    0000144a [SR] Verify complete
2015-10-07 17:58:09, Info                  CSI    0000144b [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:58:09, Info                  CSI    0000144c [SR] Beginning Verify and Repair transaction
2015-10-07 17:58:29, Info                  CSI    00001534 [SR] Verify complete
2015-10-07 17:58:29, Info                  CSI    00001535 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:58:29, Info                  CSI    00001536 [SR] Beginning Verify and Repair transaction
2015-10-07 17:58:39, Info                  CSI    000015aa [SR] Verify complete
2015-10-07 17:58:39, Info                  CSI    000015ab [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:58:39, Info                  CSI    000015ac [SR] Beginning Verify and Repair transaction
2015-10-07 17:58:46, Info                  CSI    00001619 [SR] Verify complete
2015-10-07 17:58:46, Info                  CSI    0000161a [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:58:46, Info                  CSI    0000161b [SR] Beginning Verify and Repair transaction
2015-10-07 17:58:59, Info                  CSI    000016e2 [SR] Verify complete
2015-10-07 17:59:00, Info                  CSI    000016e3 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:59:00, Info                  CSI    000016e4 [SR] Beginning Verify and Repair transaction
2015-10-07 17:59:06, Info                  CSI    00001751 [SR] Verify complete
2015-10-07 17:59:06, Info                  CSI    00001752 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:59:06, Info                  CSI    00001753 [SR] Beginning Verify and Repair transaction
2015-10-07 17:59:10, Info                  CSI    000017b8 [SR] Verify complete
2015-10-07 17:59:11, Info                  CSI    000017b9 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:59:11, Info                  CSI    000017ba [SR] Beginning Verify and Repair transaction
2015-10-07 17:59:20, Info                  CSI    0000182e [SR] Verify complete
2015-10-07 17:59:20, Info                  CSI    0000182f [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:59:20, Info                  CSI    00001830 [SR] Beginning Verify and Repair transaction
2015-10-07 17:59:24, Info                  CSI    00001895 [SR] Verify complete
2015-10-07 17:59:25, Info                  CSI    00001896 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:59:25, Info                  CSI    00001897 [SR] Beginning Verify and Repair transaction
2015-10-07 17:59:34, Info                  CSI    0000197e [SR] Verify complete
2015-10-07 17:59:35, Info                  CSI    0000197f [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:59:35, Info                  CSI    00001980 [SR] Beginning Verify and Repair transaction
2015-10-07 17:59:47, Info                  CSI    000019f8 [SR] Verify complete
2015-10-07 17:59:48, Info                  CSI    000019f9 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:59:48, Info                  CSI    000019fa [SR] Beginning Verify and Repair transaction
2015-10-07 17:59:57, Info                  CSI    00001a77 [SR] Verify complete
2015-10-07 17:59:58, Info                  CSI    00001a78 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 17:59:58, Info                  CSI    00001a79 [SR] Beginning Verify and Repair transaction
2015-10-07 18:00:05, Info                  CSI    00001aea [SR] Verify complete
2015-10-07 18:00:06, Info                  CSI    00001aeb [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:00:06, Info                  CSI    00001aec [SR] Beginning Verify and Repair transaction
2015-10-07 18:00:19, Info                  CSI    00001ba5 [SR] Verify complete
2015-10-07 18:00:19, Info                  CSI    00001ba6 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:00:19, Info                  CSI    00001ba7 [SR] Beginning Verify and Repair transaction
2015-10-07 18:00:33, Info                  CSI    00001c2b [SR] Verify complete
2015-10-07 18:00:33, Info                  CSI    00001c2c [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:00:33, Info                  CSI    00001c2d [SR] Beginning Verify and Repair transaction
2015-10-07 18:00:44, Info                  CSI    00001c9f [SR] Verify complete
2015-10-07 18:00:44, Info                  CSI    00001ca0 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:00:44, Info                  CSI    00001ca1 [SR] Beginning Verify and Repair transaction
2015-10-07 18:00:54, Info                  CSI    00001d13 [SR] Verify complete
2015-10-07 18:00:54, Info                  CSI    00001d14 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:00:54, Info                  CSI    00001d15 [SR] Beginning Verify and Repair transaction
2015-10-07 18:01:20, Info                  CSI    00001ddf [SR] Verify complete
2015-10-07 18:01:20, Info                  CSI    00001de0 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:01:20, Info                  CSI    00001de1 [SR] Beginning Verify and Repair transaction
2015-10-07 18:01:30, Info                  CSI    00001e66 [SR] Verify complete
2015-10-07 18:01:30, Info                  CSI    00001e67 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:01:30, Info                  CSI    00001e68 [SR] Beginning Verify and Repair transaction
2015-10-07 18:01:37, Info                  CSI    00001ed5 [SR] Verify complete
2015-10-07 18:01:37, Info                  CSI    00001ed6 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:01:37, Info                  CSI    00001ed7 [SR] Beginning Verify and Repair transaction
2015-10-07 18:01:43, Info                  CSI    00001f43 [SR] Verify complete
2015-10-07 18:01:43, Info                  CSI    00001f44 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:01:43, Info                  CSI    00001f45 [SR] Beginning Verify and Repair transaction
2015-10-07 18:01:53, Info                  CSI    00001fea [SR] Verify complete
2015-10-07 18:01:53, Info                  CSI    00001feb [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:01:53, Info                  CSI    00001fec [SR] Beginning Verify and Repair transaction
2015-10-07 18:02:01, Info                  CSI    0000205c [SR] Verify complete
2015-10-07 18:02:01, Info                  CSI    0000205d [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:02:01, Info                  CSI    0000205e [SR] Beginning Verify and Repair transaction
2015-10-07 18:02:10, Info                  CSI    000020d1 [SR] Verify complete
2015-10-07 18:02:10, Info                  CSI    000020d2 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:02:10, Info                  CSI    000020d3 [SR] Beginning Verify and Repair transaction
2015-10-07 18:02:17, Info                  CSI    00002148 [SR] Verify complete
2015-10-07 18:02:18, Info                  CSI    00002149 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:02:18, Info                  CSI    0000214a [SR] Beginning Verify and Repair transaction
2015-10-07 18:02:25, Info                  CSI    000021c2 [SR] Verify complete
2015-10-07 18:02:25, Info                  CSI    000021c3 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:02:25, Info                  CSI    000021c4 [SR] Beginning Verify and Repair transaction
2015-10-07 18:02:35, Info                  CSI    00002246 [SR] Verify complete
2015-10-07 18:02:36, Info                  CSI    00002247 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:02:36, Info                  CSI    00002248 [SR] Beginning Verify and Repair transaction
2015-10-07 18:02:45, Info                  CSI    000022d3 [SR] Verify complete
2015-10-07 18:02:45, Info                  CSI    000022d4 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:02:45, Info                  CSI    000022d5 [SR] Beginning Verify and Repair transaction
2015-10-07 18:02:53, Info                  CSI    0000234b [SR] Verify complete
2015-10-07 18:02:54, Info                  CSI    0000234c [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:02:54, Info                  CSI    0000234d [SR] Beginning Verify and Repair transaction
2015-10-07 18:03:02, Info                  CSI    000023bc [SR] Verify complete
2015-10-07 18:03:02, Info                  CSI    000023bd [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:03:02, Info                  CSI    000023be [SR] Beginning Verify and Repair transaction
2015-10-07 18:03:08, Info                  CSI    00002429 [SR] Verify complete
2015-10-07 18:03:08, Info                  CSI    0000242a [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:03:08, Info                  CSI    0000242b [SR] Beginning Verify and Repair transaction
2015-10-07 18:03:16, Info                  CSI    000024a5 [SR] Verify complete
2015-10-07 18:03:16, Info                  CSI    000024a6 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:03:16, Info                  CSI    000024a7 [SR] Beginning Verify and Repair transaction
2015-10-07 18:03:23, Info                  CSI    0000250d [SR] Verify complete
2015-10-07 18:03:23, Info                  CSI    0000250e [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:03:23, Info                  CSI    0000250f [SR] Beginning Verify and Repair transaction
2015-10-07 18:03:30, Info                  CSI    0000257d [SR] Verify complete
2015-10-07 18:03:30, Info                  CSI    0000257e [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:03:30, Info                  CSI    0000257f [SR] Beginning Verify and Repair transaction
2015-10-07 18:03:44, Info                  CSI    00002609 [SR] Verify complete
2015-10-07 18:03:44, Info                  CSI    0000260a [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:03:44, Info                  CSI    0000260b [SR] Beginning Verify and Repair transaction
2015-10-07 18:03:53, Info                  CSI    0000267c [SR] Verify complete
2015-10-07 18:03:53, Info                  CSI    0000267d [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:03:53, Info                  CSI    0000267e [SR] Beginning Verify and Repair transaction
2015-10-07 18:04:04, Info                  CSI    000026fb [SR] Verify complete
2015-10-07 18:04:05, Info                  CSI    000026fc [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:04:05, Info                  CSI    000026fd [SR] Beginning Verify and Repair transaction
2015-10-07 18:04:19, Info                  CSI    0000279d [SR] Verify complete
2015-10-07 18:04:19, Info                  CSI    0000279e [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:04:19, Info                  CSI    0000279f [SR] Beginning Verify and Repair transaction
2015-10-07 18:04:32, Info                  CSI    0000281d [SR] Verify complete
2015-10-07 18:04:32, Info                  CSI    0000281e [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:04:32, Info                  CSI    0000281f [SR] Beginning Verify and Repair transaction
2015-10-07 18:04:40, Info                  CSI    0000288a [SR] Verify complete
2015-10-07 18:04:40, Info                  CSI    0000288b [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:04:40, Info                  CSI    0000288c [SR] Beginning Verify and Repair transaction
2015-10-07 18:04:49, Info                  CSI    00002900 [SR] Verify complete
2015-10-07 18:04:50, Info                  CSI    00002901 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:04:50, Info                  CSI    00002902 [SR] Beginning Verify and Repair transaction
2015-10-07 18:05:01, Info                  CSI    00002971 [SR] Verify complete
2015-10-07 18:05:01, Info                  CSI    00002972 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:05:01, Info                  CSI    00002973 [SR] Beginning Verify and Repair transaction
2015-10-07 18:05:11, Info                  CSI    000029ea [SR] Verify complete
2015-10-07 18:05:12, Info                  CSI    000029eb [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:05:12, Info                  CSI    000029ec [SR] Beginning Verify and Repair transaction
2015-10-07 18:05:20, Info                  CSI    00002a59 [SR] Verify complete
2015-10-07 18:05:20, Info                  CSI    00002a5a [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:05:20, Info                  CSI    00002a5b [SR] Beginning Verify and Repair transaction
2015-10-07 18:05:31, Info                  CSI    00002acf [SR] Verify complete
2015-10-07 18:05:31, Info                  CSI    00002ad0 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:05:31, Info                  CSI    00002ad1 [SR] Beginning Verify and Repair transaction
2015-10-07 18:05:39, Info                  CSI    00002b4a [SR] Verify complete
2015-10-07 18:05:40, Info                  CSI    00002b4b [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:05:40, Info                  CSI    00002b4c [SR] Beginning Verify and Repair transaction
2015-10-07 18:05:48, Info                  CSI    00002bc1 [SR] Verify complete
2015-10-07 18:05:48, Info                  CSI    00002bc2 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:05:48, Info                  CSI    00002bc3 [SR] Beginning Verify and Repair transaction
2015-10-07 18:05:54, Info                  CSI    00002c35 [SR] Verify complete
2015-10-07 18:05:54, Info                  CSI    00002c36 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:05:54, Info                  CSI    00002c37 [SR] Beginning Verify and Repair transaction
2015-10-07 18:06:00, Info                  CSI    00002cab [SR] Verify complete
2015-10-07 18:06:01, Info                  CSI    00002cac [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:06:01, Info                  CSI    00002cad [SR] Beginning Verify and Repair transaction
2015-10-07 18:06:11, Info                  CSI    00002d17 [SR] Verify complete
2015-10-07 18:06:11, Info                  CSI    00002d18 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:06:11, Info                  CSI    00002d19 [SR] Beginning Verify and Repair transaction
2015-10-07 18:06:20, Info                  CSI    00002d7e [SR] Verify complete
2015-10-07 18:06:21, Info                  CSI    00002d7f [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:06:21, Info                  CSI    00002d80 [SR] Beginning Verify and Repair transaction
2015-10-07 18:06:32, Info                  CSI    00002df9 [SR] Verify complete
2015-10-07 18:06:32, Info                  CSI    00002dfa [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:06:32, Info                  CSI    00002dfb [SR] Beginning Verify and Repair transaction
2015-10-07 18:06:50, Info                  CSI    00002ef7 [SR] Verify complete
2015-10-07 18:06:50, Info                  CSI    00002ef8 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:06:50, Info                  CSI    00002ef9 [SR] Beginning Verify and Repair transaction
2015-10-07 18:06:56, Info                  CSI    00002f64 [SR] Verify complete
2015-10-07 18:06:56, Info                  CSI    00002f65 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:06:56, Info                  CSI    00002f66 [SR] Beginning Verify and Repair transaction
2015-10-07 18:07:07, Info                  CSI    00002fee [SR] Verify complete
2015-10-07 18:07:07, Info                  CSI    00002fef [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:07:07, Info                  CSI    00002ff0 [SR] Beginning Verify and Repair transaction
2015-10-07 18:07:12, Info                  CSI    00003056 [SR] Verify complete
2015-10-07 18:07:12, Info                  CSI    00003057 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:07:12, Info                  CSI    00003058 [SR] Beginning Verify and Repair transaction
2015-10-07 18:07:21, Info                  CSI    000030bd [SR] Verify complete
2015-10-07 18:07:21, Info                  CSI    000030be [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:07:21, Info                  CSI    000030bf [SR] Beginning Verify and Repair transaction
2015-10-07 18:07:29, Info                  CSI    00003127 [SR] Verify complete
2015-10-07 18:07:29, Info                  CSI    00003128 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:07:29, Info                  CSI    00003129 [SR] Beginning Verify and Repair transaction
2015-10-07 18:07:38, Info                  CSI    0000318f [SR] Verify complete
2015-10-07 18:07:38, Info                  CSI    00003190 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:07:38, Info                  CSI    00003191 [SR] Beginning Verify and Repair transaction
2015-10-07 18:07:46, Info                  CSI    000031f7 [SR] Verify complete
2015-10-07 18:07:46, Info                  CSI    000031f8 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:07:46, Info                  CSI    000031f9 [SR] Beginning Verify and Repair transaction
2015-10-07 18:07:51, Info                  CSI    0000325e [SR] Verify complete
2015-10-07 18:07:52, Info                  CSI    0000325f [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:07:52, Info                  CSI    00003260 [SR] Beginning Verify and Repair transaction
2015-10-07 18:07:57, Info                  CSI    000032c7 [SR] Verify complete
2015-10-07 18:07:58, Info                  CSI    000032c8 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:07:58, Info                  CSI    000032c9 [SR] Beginning Verify and Repair transaction
2015-10-07 18:08:03, Info                  CSI    0000332f [SR] Verify complete
2015-10-07 18:08:03, Info                  CSI    00003330 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:08:03, Info                  CSI    00003331 [SR] Beginning Verify and Repair transaction
2015-10-07 18:08:08, Info                  CSI    00003397 [SR] Verify complete
2015-10-07 18:08:08, Info                  CSI    00003398 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:08:08, Info                  CSI    00003399 [SR] Beginning Verify and Repair transaction
2015-10-07 18:08:15, Info                  CSI    00003401 [SR] Verify complete
2015-10-07 18:08:16, Info                  CSI    00003402 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:08:16, Info                  CSI    00003403 [SR] Beginning Verify and Repair transaction
2015-10-07 18:08:22, Info                  CSI    0000348e [SR] Verify complete
2015-10-07 18:08:22, Info                  CSI    0000348f [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:08:22, Info                  CSI    00003490 [SR] Beginning Verify and Repair transaction
2015-10-07 18:08:29, Info                  CSI    000034f5 [SR] Verify complete
2015-10-07 18:08:29, Info                  CSI    000034f6 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:08:29, Info                  CSI    000034f7 [SR] Beginning Verify and Repair transaction
2015-10-07 18:08:38, Info                  CSI    00003565 [SR] Verify complete
2015-10-07 18:08:38, Info                  CSI    00003566 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:08:38, Info                  CSI    00003567 [SR] Beginning Verify and Repair transaction
2015-10-07 18:08:56, Info                  CSI    000035cc [SR] Verify complete
2015-10-07 18:08:56, Info                  CSI    000035cd [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:08:56, Info                  CSI    000035ce [SR] Beginning Verify and Repair transaction
2015-10-07 18:09:03, Info                  CSI    00003634 [SR] Verify complete
2015-10-07 18:09:04, Info                  CSI    00003635 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:09:04, Info                  CSI    00003636 [SR] Beginning Verify and Repair transaction
2015-10-07 18:09:10, Info                  CSI    0000369e [SR] Verify complete
2015-10-07 18:09:10, Info                  CSI    0000369f [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:09:10, Info                  CSI    000036a0 [SR] Beginning Verify and Repair transaction
2015-10-07 18:09:15, Info                  CSI    00003705 [SR] Verify complete
2015-10-07 18:09:16, Info                  CSI    00003706 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:09:16, Info                  CSI    00003707 [SR] Beginning Verify and Repair transaction
2015-10-07 18:09:29, Info                  CSI    00003772 [SR] Verify complete
2015-10-07 18:09:29, Info                  CSI    00003773 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:09:29, Info                  CSI    00003774 [SR] Beginning Verify and Repair transaction
2015-10-07 18:09:39, Info                  CSI    000037e9 [SR] Verify complete
2015-10-07 18:09:39, Info                  CSI    000037ea [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:09:39, Info                  CSI    000037eb [SR] Beginning Verify and Repair transaction
2015-10-07 18:09:44, Info                  CSI    00003850 [SR] Verify complete
2015-10-07 18:09:44, Info                  CSI    00003851 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:09:44, Info                  CSI    00003852 [SR] Beginning Verify and Repair transaction
2015-10-07 18:09:52, Info                  CSI    000038bc [SR] Verify complete
2015-10-07 18:09:52, Info                  CSI    000038bd [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:09:52, Info                  CSI    000038be [SR] Beginning Verify and Repair transaction
2015-10-07 18:09:58, Info                  CSI    0000394e [SR] Verify complete
2015-10-07 18:09:58, Info                  CSI    0000394f [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:09:58, Info                  CSI    00003950 [SR] Beginning Verify and Repair transaction
2015-10-07 18:10:04, Info                  CSI    000039c0 [SR] Verify complete
2015-10-07 18:10:04, Info                  CSI    000039c1 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:10:04, Info                  CSI    000039c2 [SR] Beginning Verify and Repair transaction
2015-10-07 18:10:10, Info                  CSI    00003a29 [SR] Verify complete
2015-10-07 18:10:10, Info                  CSI    00003a2a [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:10:10, Info                  CSI    00003a2b [SR] Beginning Verify and Repair transaction
2015-10-07 18:10:14, Info                  CSI    00003a90 [SR] Verify complete
2015-10-07 18:10:15, Info                  CSI    00003a91 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:10:15, Info                  CSI    00003a92 [SR] Beginning Verify and Repair transaction
2015-10-07 18:10:20, Info                  CSI    00003af9 [SR] Verify complete
2015-10-07 18:10:20, Info                  CSI    00003afa [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:10:20, Info                  CSI    00003afb [SR] Beginning Verify and Repair transaction
2015-10-07 18:10:26, Info                  CSI    00003b62 [SR] Verify complete
2015-10-07 18:10:26, Info                  CSI    00003b63 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:10:26, Info                  CSI    00003b64 [SR] Beginning Verify and Repair transaction
2015-10-07 18:10:36, Info                  CSI    00003bdf [SR] Verify complete
2015-10-07 18:10:36, Info                  CSI    00003be0 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:10:36, Info                  CSI    00003be1 [SR] Beginning Verify and Repair transaction
2015-10-07 18:10:42, Info                  CSI    00003c4f [SR] Verify complete
2015-10-07 18:10:42, Info                  CSI    00003c50 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:10:42, Info                  CSI    00003c51 [SR] Beginning Verify and Repair transaction
2015-10-07 18:10:50, Info                  CSI    00003ce6 [SR] Verify complete
2015-10-07 18:10:50, Info                  CSI    00003ce7 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:10:50, Info                  CSI    00003ce8 [SR] Beginning Verify and Repair transaction
2015-10-07 18:10:54, Info                  CSI    00003cf3 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\WINDOWS\SysWOW64"\[l:20{10}]"dnsapi.dll" from store
2015-10-07 18:10:58, Info                  CSI    00003d51 [SR] Verify complete
2015-10-07 18:10:58, Info                  CSI    00003d52 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:10:58, Info                  CSI    00003d53 [SR] Beginning Verify and Repair transaction
2015-10-07 18:11:06, Info                  CSI    00003dd6 [SR] Verify complete
2015-10-07 18:11:06, Info                  CSI    00003dd7 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:11:06, Info                  CSI    00003dd8 [SR] Beginning Verify and Repair transaction
2015-10-07 18:11:16, Info                  CSI    00003e7c [SR] Verify complete
2015-10-07 18:11:16, Info                  CSI    00003e7d [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:11:16, Info                  CSI    00003e7e [SR] Beginning Verify and Repair transaction
2015-10-07 18:11:21, Info                  CSI    00003ee3 [SR] Verify complete
2015-10-07 18:11:21, Info                  CSI    00003ee4 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:11:21, Info                  CSI    00003ee5 [SR] Beginning Verify and Repair transaction
2015-10-07 18:11:26, Info                  CSI    00003f4c [SR] Verify complete
2015-10-07 18:11:26, Info                  CSI    00003f4d [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:11:26, Info                  CSI    00003f4e [SR] Beginning Verify and Repair transaction
2015-10-07 18:11:32, Info                  CSI    00003fc0 [SR] Verify complete
2015-10-07 18:11:32, Info                  CSI    00003fc1 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:11:32, Info                  CSI    00003fc2 [SR] Beginning Verify and Repair transaction
2015-10-07 18:11:43, Info                  CSI    00004036 [SR] Verify complete
2015-10-07 18:11:43, Info                  CSI    00004037 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:11:43, Info                  CSI    00004038 [SR] Beginning Verify and Repair transaction
2015-10-07 18:11:53, Info                  CSI    000040ab [SR] Verify complete
2015-10-07 18:11:53, Info                  CSI    000040ac [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:11:53, Info                  CSI    000040ad [SR] Beginning Verify and Repair transaction
2015-10-07 18:12:02, Info                  CSI    00004136 [SR] Verify complete
2015-10-07 18:12:02, Info                  CSI    00004137 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:12:02, Info                  CSI    00004138 [SR] Beginning Verify and Repair transaction
2015-10-07 18:12:09, Info                  CSI    000041b0 [SR] Verify complete
2015-10-07 18:12:09, Info                  CSI    000041b1 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:12:09, Info                  CSI    000041b2 [SR] Beginning Verify and Repair transaction
2015-10-07 18:12:17, Info                  CSI    00004230 [SR] Verify complete
2015-10-07 18:12:17, Info                  CSI    00004231 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:12:17, Info                  CSI    00004232 [SR] Beginning Verify and Repair transaction
2015-10-07 18:12:25, Info                  CSI    000042ac [SR] Verify complete
2015-10-07 18:12:26, Info                  CSI    000042ad [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:12:26, Info                  CSI    000042ae [SR] Beginning Verify and Repair transaction
2015-10-07 18:12:36, Info                  CSI    00004332 [SR] Verify complete
2015-10-07 18:12:36, Info                  CSI    00004333 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:12:36, Info                  CSI    00004334 [SR] Beginning Verify and Repair transaction
2015-10-07 18:12:46, Info                  CSI    000043b7 [SR] Verify complete
2015-10-07 18:12:46, Info                  CSI    000043b8 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:12:46, Info                  CSI    000043b9 [SR] Beginning Verify and Repair transaction
2015-10-07 18:12:54, Info                  CSI    0000443e [SR] Verify complete
2015-10-07 18:12:54, Info                  CSI    0000443f [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:12:54, Info                  CSI    00004440 [SR] Beginning Verify and Repair transaction
2015-10-07 18:13:04, Info                  CSI    000044a9 [SR] Verify complete
2015-10-07 18:13:04, Info                  CSI    000044aa [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:13:04, Info                  CSI    000044ab [SR] Beginning Verify and Repair transaction
2015-10-07 18:13:18, Info                  CSI    000045e9 [SR] Verify complete
2015-10-07 18:13:18, Info                  CSI    000045ea [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:13:18, Info                  CSI    000045eb [SR] Beginning Verify and Repair transaction
2015-10-07 18:13:26, Info                  CSI    00004654 [SR] Verify complete
2015-10-07 18:13:26, Info                  CSI    00004655 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:13:26, Info                  CSI    00004656 [SR] Beginning Verify and Repair transaction
2015-10-07 18:13:33, Info                  CSI    000046bb [SR] Verify complete
2015-10-07 18:13:33, Info                  CSI    000046bc [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:13:33, Info                  CSI    000046bd [SR] Beginning Verify and Repair transaction
2015-10-07 18:13:38, Info                  CSI    00004724 [SR] Verify complete
2015-10-07 18:13:39, Info                  CSI    00004725 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:13:39, Info                  CSI    00004726 [SR] Beginning Verify and Repair transaction
2015-10-07 18:13:48, Info                  CSI    000047da [SR] Verify complete
2015-10-07 18:13:48, Info                  CSI    000047db [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:13:48, Info                  CSI    000047dc [SR] Beginning Verify and Repair transaction
2015-10-07 18:13:59, Info                  CSI    000048b6 [SR] Verify complete
2015-10-07 18:13:59, Info                  CSI    000048b7 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:13:59, Info                  CSI    000048b8 [SR] Beginning Verify and Repair transaction
2015-10-07 18:14:07, Info                  CSI    0000492e [SR] Verify complete
2015-10-07 18:14:07, Info                  CSI    0000492f [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:14:07, Info                  CSI    00004930 [SR] Beginning Verify and Repair transaction
2015-10-07 18:14:14, Info                  CSI    0000499a [SR] Verify complete
2015-10-07 18:14:14, Info                  CSI    0000499b [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:14:14, Info                  CSI    0000499c [SR] Beginning Verify and Repair transaction
2015-10-07 18:14:21, Info                  CSI    00004a1a [SR] Verify complete
2015-10-07 18:14:21, Info                  CSI    00004a1b [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:14:21, Info                  CSI    00004a1c [SR] Beginning Verify and Repair transaction
2015-10-07 18:14:32, Info                  CSI    00004af6 [SR] Verify complete
2015-10-07 18:14:32, Info                  CSI    00004af7 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:14:32, Info                  CSI    00004af8 [SR] Beginning Verify and Repair transaction
2015-10-07 18:14:43, Info                  CSI    00004bc0 [SR] Verify complete
2015-10-07 18:14:43, Info                  CSI    00004bc1 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:14:43, Info                  CSI    00004bc2 [SR] Beginning Verify and Repair transaction
2015-10-07 18:14:50, Info                  CSI    00004c2f [SR] Verify complete
2015-10-07 18:14:50, Info                  CSI    00004c30 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:14:50, Info                  CSI    00004c31 [SR] Beginning Verify and Repair transaction
2015-10-07 18:14:59, Info                  CSI    00004cb1 [SR] Verify complete
2015-10-07 18:15:00, Info                  CSI    00004cb2 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:15:00, Info                  CSI    00004cb3 [SR] Beginning Verify and Repair transaction
2015-10-07 18:15:09, Info                  CSI    00004d67 [SR] Verify complete
2015-10-07 18:15:09, Info                  CSI    00004d68 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:15:09, Info                  CSI    00004d69 [SR] Beginning Verify and Repair transaction
2015-10-07 18:15:17, Info                  CSI    00004dd3 [SR] Verify complete
2015-10-07 18:15:17, Info                  CSI    00004dd4 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:15:17, Info                  CSI    00004dd5 [SR] Beginning Verify and Repair transaction
2015-10-07 18:15:28, Info                  CSI    00004eaf [SR] Verify complete
2015-10-07 18:15:29, Info                  CSI    00004eb0 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:15:29, Info                  CSI    00004eb1 [SR] Beginning Verify and Repair transaction
2015-10-07 18:15:36, Info                  CSI    00004f48 [SR] Verify complete
2015-10-07 18:15:36, Info                  CSI    00004f49 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:15:36, Info                  CSI    00004f4a [SR] Beginning Verify and Repair transaction
2015-10-07 18:15:42, Info                  CSI    00004fb2 [SR] Verify complete
2015-10-07 18:15:42, Info                  CSI    00004fb3 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:15:42, Info                  CSI    00004fb4 [SR] Beginning Verify and Repair transaction
2015-10-07 18:15:48, Info                  CSI    0000501e [SR] Verify complete
2015-10-07 18:15:49, Info                  CSI    0000501f [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:15:49, Info                  CSI    00005020 [SR] Beginning Verify and Repair transaction
2015-10-07 18:15:54, Info                  CSI    0000508b [SR] Verify complete
2015-10-07 18:15:54, Info                  CSI    0000508c [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:15:54, Info                  CSI    0000508d [SR] Beginning Verify and Repair transaction
2015-10-07 18:16:02, Info                  CSI    000050fe [SR] Verify complete
2015-10-07 18:16:02, Info                  CSI    000050ff [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:16:02, Info                  CSI    00005100 [SR] Beginning Verify and Repair transaction
2015-10-07 18:16:09, Info                  CSI    0000516f [SR] Verify complete
2015-10-07 18:16:09, Info                  CSI    00005170 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:16:09, Info                  CSI    00005171 [SR] Beginning Verify and Repair transaction
2015-10-07 18:16:16, Info                  CSI    000051dc [SR] Verify complete
2015-10-07 18:16:16, Info                  CSI    000051dd [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:16:16, Info                  CSI    000051de [SR] Beginning Verify and Repair transaction
2015-10-07 18:16:22, Info                  CSI    00005246 [SR] Verify complete
2015-10-07 18:16:22, Info                  CSI    00005247 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:16:22, Info                  CSI    00005248 [SR] Beginning Verify and Repair transaction
2015-10-07 18:16:28, Info                  CSI    000052b0 [SR] Verify complete
2015-10-07 18:16:28, Info                  CSI    000052b1 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:16:28, Info                  CSI    000052b2 [SR] Beginning Verify and Repair transaction
2015-10-07 18:16:37, Info                  CSI    0000533a [SR] Verify complete
2015-10-07 18:16:38, Info                  CSI    0000533b [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:16:38, Info                  CSI    0000533c [SR] Beginning Verify and Repair transaction
2015-10-07 18:16:43, Info                  CSI    000053a3 [SR] Verify complete
2015-10-07 18:16:44, Info                  CSI    000053a4 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:16:44, Info                  CSI    000053a5 [SR] Beginning Verify and Repair transaction
2015-10-07 18:16:54, Info                  CSI    0000540d [SR] Verify complete
2015-10-07 18:16:54, Info                  CSI    0000540e [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:16:54, Info                  CSI    0000540f [SR] Beginning Verify and Repair transaction
2015-10-07 18:17:01, Info                  CSI    00005475 [SR] Verify complete
2015-10-07 18:17:01, Info                  CSI    00005476 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:17:01, Info                  CSI    00005477 [SR] Beginning Verify and Repair transaction
2015-10-07 18:17:10, Info                  CSI    000054dd [SR] Verify complete
2015-10-07 18:17:11, Info                  CSI    000054de [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:17:11, Info                  CSI    000054df [SR] Beginning Verify and Repair transaction
2015-10-07 18:17:16, Info                  CSI    00005545 [SR] Verify complete
2015-10-07 18:17:17, Info                  CSI    00005546 [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:17:17, Info                  CSI    00005547 [SR] Beginning Verify and Repair transaction
2015-10-07 18:17:23, Info                  CSI    000055ae [SR] Verify complete
2015-10-07 18:17:23, Info                  CSI    000055af [SR] Verifying 100 (0x0000000000000064) components
2015-10-07 18:17:23, Info                  CSI    000055b0 [SR] Beginning Verify and Repair transaction
2015-10-07 18:17:31, Info                  CSI    00005618 [SR] Verify complete
2015-10-07 18:17:31, Info                  CSI    00005619 [SR] Verifying 52 (0x0000000000000034) components
2015-10-07 18:17:31, Info                  CSI    0000561a [SR] Beginning Verify and Repair transaction
2015-10-07 18:17:35, Info                  CSI    0000564f [SR] Verify complete
2015-10-07 18:17:35, Info                  CSI    00005650 [SR] Repairing 2 components
2015-10-07 18:17:35, Info                  CSI    00005651 [SR] Beginning Verify and Repair transaction
2015-10-07 18:17:35, Info                  CSI    00005653 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\WINDOWS\System32"\[l:20{10}]"dnsapi.dll" from store
2015-10-07 18:17:35, Info                  CSI    00005657 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\WINDOWS\SysWOW64"\[l:20{10}]"dnsapi.dll" from store
2015-10-07 18:17:35, Info                  CSI    0000565b [SR] Repair complete
2015-10-07 18:17:35, Info                  CSI    0000565c [SR] Committing transaction
2015-10-07 18:17:35, Info                  CSI    00005660 [SR] Unable to complete Verify and Repair transaction because some of the files that need to be repaired are in use. A reboot is required to complete this operation.
2015-10-07 18:17:35, Info                  CSI    00005661 [SR] Repairing 2 components
2015-10-07 18:17:35, Info                  CSI    00005662 [SR] Beginning Verify and Repair transaction
2015-10-07 18:17:36, Info                  CSI    00005664 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\WINDOWS\System32"\[l:20{10}]"dnsapi.dll" from store
2015-10-07 18:17:36, Info                  CSI    00005668 [SR] Repairing corrupted file [ml:48{24},l:46{23}]"\??\C:\WINDOWS\SysWOW64"\[l:20{10}]"dnsapi.dll" from store
2015-10-07 18:17:36, Info                  CSI    0000566c [SR] Repair complete
 
========= End of CMD: =========
 
 
 
The system needed a reboot..
 
==== End of Fixlog 18:17:41 ====


#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:42 PM

Posted 07 October 2015 - 05:31 PM

Hi,

Step 1

frst.pngfrstsearch.png
  • Start FRST with Administrator privileges.
  • Write the following text into the Search textbox:
dnsapi.dll
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 masterkindew

masterkindew
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 07 October 2015 - 05:52 PM

Alright, here is the new search file contents:

 

Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Tyler Prada (2015-10-07 18:38:16)
Running from C:\Users\Tyler Prada\Desktop
Boot Mode: Normal
 
================== Search Files: "dnsapi.dll" =============
 
C:\Windows\WinSxS\wow64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_a7e0cfc0f233a685\dnsapi.dll
[2015-07-10 07:00][2015-07-10 07:00] 0534064 ____A (Microsoft Corporation) BB5BBD0E4D04047585E4ED0F07AA51E7 [File is digitally signed]
 
C:\Windows\WinSxS\amd64_microsoft-windows-dns-client-minwin_31bf3856ad364e35_10.0.10240.16384_none_9d8c256ebdd2e48a\dnsapi.dll
[2015-07-10 07:00][2015-07-10 07:00] 0680256 ____A (Microsoft Corporation) C287D0E32771E3222A444DC527A29477 [File is digitally signed]
 
C:\Windows\SysWOW64\dnsapi.dll
[2015-07-10 07:00][2015-07-10 07:00] 0534064 ____A (Microsoft Corporation) BB5BBD0E4D04047585E4ED0F07AA51E7 [File is digitally signed]
 
C:\Windows\System32\dnsapi.dll
[2015-07-10 07:00][2015-07-10 07:00] 0680256 ____A (Microsoft Corporation) C287D0E32771E3222A444DC527A29477 [File is digitally signed]
 
====== End of Search ======


#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:42 PM

Posted 07 October 2015 - 05:57 PM

:thumbup2:
 
 
Step 1
  • Please download and install revouninstaller.pngRevo Uninstaller Free
    note: there is no need to click anything on that page, the download will start automatically
  • Double click Revo Uninstaller to run it
  • From the list of programs double click on the listed program(s) to remove it:
    Search Protect
    WinThruster
  • When prompted if you want to uninstall click Yes
  • Be sure the Moderate option is selected then click Next
  • The program will run, If prompted again click Yes
  • When the built-in uninstaller is finished click on Next
  • Once the program has searched for leftovers click Next
  • Check the items in bold only on the list then click Delete
    note: you may have to expand some folders by clicking the "+" mark
  • When prompted click on Yes and then on Next
  • Put a check on any folders that are found and select Delete
  • When prompted select Yes then Next
  • Once done click Finish
Step 2

Please download adwcleaner.png AdwCleaner (by Xplode) and save it to your Desktop.
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Cleaning button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 3

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 4

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 masterkindew

masterkindew
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 07 October 2015 - 08:03 PM

These are all the documents from the programs that were run:

 

# AdwCleaner v5.011 - Logfile created 07/10/2015 at 19:08:50
# Updated 07/10/2015 by Xplode
# Database : 2015-10-07.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : Tyler Prada - TYLER
# Running from : C:\Users\Tyler Prada\Downloads\adwcleaner_5.011.exe
# Option : Cleaning
# Support : http://toolslib.net/forum
 
***** [ Services ] *****
 
[-] Service Deleted : bsdriver
[-] Service Deleted : NixSrv
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Program Files\NixSrv
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\ProgramData\pokki
[-] Folder Deleted : C:\ProgramData\{442c5040-b13d-0ff4-442c-c5040b134102}
[-] Folder Deleted : C:\Users\Tyler Prada\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Tyler Prada\AppData\Local\pokki
[-] Folder Deleted : C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\lkadffjmnaiokkdncgdlecdegajoiemi
[-] Folder Deleted : C:\Users\Tyler Prada\AppData\LocalLow\{D2020D47-707D-4E26-B4D9-739C4F4C2E9A}
[-] Folder Deleted : C:\Users\Tyler Prada\AppData\Roaming\Solvusoft
 
***** [ Files ] *****
 
[-] File Deleted : C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
[-] File Deleted : C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0.localstorage
[-] File Deleted : C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\databases\chrome-extension_lkadffjmnaiokkdncgdlecdegajoiemi_0
[-] File Deleted : C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Local Extension Settings\lkadffjmnaiokkdncgdlecdegajoiemi
[-] File Deleted : C:\Users\Tyler Prada\AppData\Roaming\Microsoft\Internet Explorer\Quick Launch\User Pinned\TaskBar\Pokki Start Menu.lnk
[-] File Deleted : C:\Users\Tyler Prada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Youtube.lnk
[-] File Deleted : C:\Users\Tyler Prada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Pokki Start Menu.lnk
[-] File Deleted : C:\WINDOWS\SysNative\roboot64.exe
 
***** [ DLLs ] *****
 

***** [ Shortcuts ] *****
 

***** [ Scheduled tasks ] *****
 
[-] Task Deleted : Pokki
[-] Task Deleted : runTask
[-] Task Deleted : updateTask
 
***** [ Registry ] *****
 
[-] Key Deleted : HKCU\Software\Classes\pokki
[-] Key Deleted : HKCU\Software\Classes\AllFileSystemObjects\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Directory\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\Drive\shell\pokki
[-] Key Deleted : HKCU\Software\Classes\lnkfile\shell\pokki
[-] Value Deleted : HKLM\SOFTWARE\Classes\.xht\OpenWithProgIDs [CRSBRWSHTML]
[-] Value Deleted : HKLM\SOFTWARE\Classes\.webp\OpenWithProgIDs [CRSBRWSHTML]
[-] Value Deleted : HKLM\SOFTWARE\Classes\.shtml\OpenWithProgIDs [CRSBRWSHTML]
[-] Key Deleted : HKLM\SOFTWARE\Classes\Crossbrowse
[-] Key Deleted : HKLM\SOFTWARE\4428e313-6199-483c-86f1-94420b92878d
[-] Key Deleted : HKLM\SOFTWARE\4d1129e3-e42e-488c-b2ab-0abae847731f
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_c84ed94178c62e6b7accc5a222a50f54957768f2
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_d25e316a7812ebb3c4f8e18291ce53ba535b8659
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{425F4ABF-B8E4-402D-9E49-06E494EB8DBF}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3278F5CF-48F3-4253-A6BB-004CE84AF492}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{3B5702BA-7F4C-4D1A-B026-1E9A01D43978}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{577975B8-C40E-43E6-B0DE-4C6B44088B52}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{69F256DF-BA98-45E9-86EA-FC3CFECF9D30}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6E87FC94-9866-49B9-8E93-5736D6DE3DD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7E49F793-B3CD-4BF7-8419-B34B8BD30E61}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{834469E3-CA2B-4F21-A5CA-4F6F4DBCDE87}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{8529FAA3-5BFD-43C1-AB35-B53C4B96C6E5}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{ADBC39BE-3D20-4333-8D99-E91EB1B62474}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{E06CA7F5-BA34-4FF6-8D24-B1BDC594D91F}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{F6421EE5-A5BE-4D31-81D5-C16B7BF48E4C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{FD8E81D0-F5FE-4CB1-9AEA-1E163D2BAB78}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{7D8DAE88-BC05-4578-8C29-E541FFBA5757}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{6EDBF8C0-C94C-4A13-956F-E393BCA5BA4B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{2A563926-CF4B-4363-A760-F71E46205B7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A8F7D0A5-7074-40B8-9BDC-1174BDD0A132}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{D14D64BC-A0E4-42E3-BB72-FB41EA43C198}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{DD1F043F-ABC8-4643-8B95-D2C5B22BB019}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{E3F3E8F9-F747-4DD6-BA6B-82A6CE1E0860}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{ED0B64D4-BF27-4521-AD27-190F49BF5EA7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{023E9EC8-B147-40EB-B0B3-DF90618FB371}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0522D9A4-4D57-437D-978D-E5B3B6C9005D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{07F41522-AF7D-4F26-B394-094F059FDB8A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{0C40F472-7407-4467-8914-1DEA7C326972}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{212E6D43-6062-492A-B8CC-144669FF11ED}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{224FE662-1E6D-4BC0-AEBB-9E2FB4057BE9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3A807417-B46D-4D37-8C9A-19AC6DE204F9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{3CC60715-D6C5-429D-830E-43FA3F86C61D}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{4517D94C-19BA-46FA-BE66-2A30CEAC4A85}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{555D7146-94A8-4C94-AE76-C39CDC7F7705}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{59D188FA-757A-424E-8C93-F58FFD896BD7}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{8120D9D6-785C-4413-9C0C-DF2028C56FAD}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{823AE2EB-E62C-4847-B192-C99B91B92416}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B4F7CFE-987D-410E-A8E4-20182E0B3C24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9B9A45F4-18FC-484A-BACA-076D78273D8E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A6D54287-7939-466A-8579-92546D946C8C}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{A78EDAFB-926F-4D93-AB13-8232D7378EB1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{5E89ACE9-E16B-499A-87B4-0DBF742404C1}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{9C4EFBD5-1ADF-41E6-BE26-AF44326E30E4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\CLSID\{A2970C7C-8392-4E6F-8B51-B763CF38E13C}
[-] Key Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Compete
[-] Key Deleted : HKCU\Software\AppDataLow\Software\SmartWeb
[-] Key Deleted : HKLM\SOFTWARE\AppDataLow\SOFTWARE\_CrossriderRegNamePlaceHolder_
[-] Key Deleted : HKLM\SOFTWARE\GlobalUpdate
[-] Key Deleted : HKLM\SOFTWARE\Uniblue
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki
[!] Key Not Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Uninstall\Pokki_Start_Menu
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[-] Key Deleted : [x64] HKLM\SOFTWARE\InstalledBrowserExtensions
[-] Key Deleted : [x64] HKLM\SOFTWARE\WebBar
[!] Key Not Deleted : HKU\.DEFAULT\Software\AppDataLow\Software\Compete
[!] Key Not Deleted : HKU\S-1-5-21-1764133201-2714899247-942173242-1001\Software\AppDataLow\Software\Compete
[!] Key Not Deleted : HKU\S-1-5-21-1764133201-2714899247-942173242-1001\Software\AppDataLow\Software\SmartWeb
[!] Key Not Deleted : HKU\S-1-5-18\Software\AppDataLow\Software\Compete
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com
[-] [C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : Trovi.com
[-] [C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : trovi.search
[-] [C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : booedmolknjekdopkepjjeckmjkdpfgl
[-] [C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : flpcjncodpafbgdpnkljologafpionhb
[-] [C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : lkadffjmnaiokkdncgdlecdegajoiemi
 
*************************
 
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [9617 bytes] ##########
 

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 10/7/2015
Scan Time: 8:23 PM
Logfile:
Administrator: Yes
 
Version: 0.0.0.0000
Malware Database: v2015.10.07.06
Rootkit Database: v2015.10.06.01
License: Premium
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: Tyler Prada
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 469078
Time Elapsed: 55 min, 25 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 0
(No malicious items detected)
 
Physical Sectors: 0
(No malicious items detected)
 

(end)
 
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:04-10-2015
Ran by Tyler Prada (administrator) on TYLER (07-10-2015 20:51:21)
Running from C:\Users\Tyler Prada\Desktop
Loaded Profiles: Tyler Prada (Available Profiles: Tyler Prada)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Amazon Inc.) C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Microsoft Corporation) C:\Windows\SysWOW64\svchost.exe
(Intel® Corporation) C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe
(Microsoft Corporation) C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Razer, Inc.) C:\Program Files (x86)\Razer\Core\64bit\RzOvlMon.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
(Microsoft Corporation) C:\Program Files\Microsoft SQL Server\90\Shared\sqlwriter.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Toshiba Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Malwarebytes Corporation) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Symantec Corporation) C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\nst.exe
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
(Intel Corporation) C:\Windows\System32\igfxTray.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Spotify Ltd) C:\Users\Tyler Prada\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(TomTom) C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe
(Spotify Ltd) C:\Users\Tyler Prada\AppData\Roaming\Spotify\Spotify.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe
(TOSHIBA CORPORATION) C:\Program Files (x86)\Toshiba\Utilities\KeNotify.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
(TOSHIBA) C:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TDUSrv64.exe
(Hauppauge Computer Works, Inc.) C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
(Spotify Ltd) C:\Users\Tyler Prada\AppData\Roaming\Spotify\SpotifyCrashService.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqste08.exe
(Hewlett-Packard Co.) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqbam08.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqgpc01.exe
(Spotify Ltd) C:\Users\Tyler Prada\AppData\Roaming\Spotify\Spotify.exe
(Spotify Ltd) C:\Users\Tyler Prada\AppData\Roaming\Spotify\Spotify.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe
(Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\csisyncclient.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\root\office15\msosync.exe
 

==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2556768 2013-10-08] (TOSHIBA Corporation)
HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [179288 2014-01-04] (TOSHIBA Corporation)
HKLM\...\Run: [TSSSrv] => C:\Program Files (x86)\TOSHIBA\System Setting\TSSSrv.exe [296008 2013-10-21] (TOSHIBA Corporation)
HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [500936 2015-07-22] (Adobe Systems Incorporated)
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-08-03] (Synaptics Incorporated)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-08-13] (Apple Inc.)
HKLM-x32\...\Run: [KeNotify] => C:\Program Files (x86)\TOSHIBA\Utilities\KeNotify.exe [34160 2013-08-05] (TOSHIBA CORPORATION)
HKLM-x32\...\Run: [TSVU] => c:\Program Files\TOSHIBA\TOSHIBA Smart View Utility\TosSmartViewLauncher.exe [516512 2013-07-23] (TOSHIBA)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [60712 2015-05-15] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2014-01-17] (Apple Inc.)
HKLM-x32\...\Run: [ArcSoft Connection Service] => C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACDaemon.exe
HKLM-x32\...\Run: [AdobeCEPServiceManager] => C:\Program Files (x86)\Common Files\Adobe\CEPServiceManager4\CEPServiceManager.exe [1039248 2013-03-13] (Adobe Systems Incorporated)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [7416088 2015-02-19] (Piriform Ltd)
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [30878816 2014-12-11] (Skype Technologies S.A.)
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\Run: [Spotify Web Helper] => C:\Users\Tyler Prada\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2541160 2015-10-07] (Spotify Ltd)
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\Run: [MyDriveConnect.exe] => C:\Program Files (x86)\MyDrive Connect\MyDriveConnect.exe [1792376 2014-10-03] (TomTom)
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\Run: [Spotify] => C:\Users\Tyler Prada\AppData\Roaming\Spotify\Spotify.exe [7660648 2015-10-07] (Spotify Ltd)
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\RunOnce: [Uninstall C:\Users\Tyler Prada\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tyler Prada\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1\amd64"
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\RunOnce: [Uninstall C:\Users\Tyler Prada\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tyler Prada\AppData\Local\Microsoft\OneDrive\17.3.5907.0716_1"
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\RunOnce: [Uninstall C:\Users\Tyler Prada\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Tyler Prada\AppData\Local\Microsoft\OneDrive\17.3.5930.0814\amd64"
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\WINDOWS\system32\ssText3d.scr [232960 2015-07-10] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2015-07-29] (Google)
ShellIconOverlayIdentifiers: [ AccExtIco1] -> {AB9CF9F8-8A96-4F9D-BF21-CE85714C3A47} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco2] -> {853B7E05-C47D-4985-909A-D0DC5C6D7303} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
ShellIconOverlayIdentifiers: [ AccExtIco3] -> {42D38F2E-98E9-4382-B546-E24E4D6D04BB} => C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll [2015-07-22] ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Hauppauge Device Properties.lnk [2014-09-29]
ShortcutTarget: Hauppauge Device Properties.lnk -> C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDCTrayTool.exe (Hauppauge Computer Works, Inc.)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\HP Digital Imaging Monitor.lnk [2015-01-06]
ShortcutTarget: HP Digital Imaging Monitor.lnk -> C:\Program Files (x86)\Hp\Digital Imaging\bin\hpqtra08.exe (Hewlett-Packard Co.)
BootExecute: autocheck autochk * sdnclean64.exe
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
ProxyEnable: [.DEFAULT] => Proxy is enabled.
ProxyServer: [.DEFAULT] => http=127.0.0.1:62039;https=127.0.0.1:62039
Hosts: There are more than one entry in Hosts. See Hosts section of Addition.txt
Tcpip\Parameters: [DhcpNameServer] 10.214.126.138
Tcpip\..\Interfaces\{4a534bdd-d687-4d09-a0c7-b21455c0b441}: [DhcpNameServer] 10.214.126.138
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://toshiba13.msn.com/?pc=TNJB
HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://toshiba13.msn.com/?pc=TNJB
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://mystart.toshiba.com
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com
SearchScopes: HKU\S-1-5-21-1764133201-2714899247-942173242-1001 -> {CE377BFA-1271-4C04-8747-45A9AC0B805A} URL =
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-08-04] (Microsoft Corporation)
BHO: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} ->  No File
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-09-11] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\ssv.dll [2015-01-21] (Oracle Corporation)
BHO-x32: Norton Identity Protection -> {AB4C7833-A6EC-433f-B9FE-6B14B1A2F836} -> C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\jp2ssv.dll [2015-01-21] (Oracle Corporation)
Toolbar: HKLM - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine64\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Toolbar: HKLM-x32 - Norton Identity Safe Toolbar - {A13C2648-91D4-4bf3-BC6D-0079707C4389} - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\coIEPlg.dll [2015-06-26] (Symantec Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-02-03] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_19_0_0_185.dll [2015-09-21] ()
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MIF5BA~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll [2015-07-23] (Adobe Systems)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_185.dll [2015-09-21] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-07-30] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\dtplugin\npDeployJava1.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.31.2 -> C:\Program Files (x86)\Java\jre1.8.0_31\bin\plugin2\npjp2.dll [2015-01-21] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2014-08-08] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-16] (Google Inc.)
FF Plugin-x32: @WildTangent.com/GamesAppPresenceDetector,Version=1.0 -> C:\Program Files (x86)\WildTangent Games\App\BrowserIntegration\Registered\0\NP_wtapp.dll [2015-07-10] ()
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2014-12-03] (Adobe Systems Inc.)
FF Plugin-x32: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect32.dll [2015-07-23] (Adobe Systems)
FF HKLM-x32\...\Firefox\Extensions: [{F04D2D30-776C-4d02-8627-8E4385ECA58D}] - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn
FF Extension: Norton Identity Safe Toolbar - C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\coFFPlgn [2015-10-07]
 
Chrome:
=======
CHR HomePage: Default -> hxxp://www.google.com/
CHR StartupUrls: Default -> "hxxp://www.google.com/"
CHR Profile: C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2014-08-10]
CHR Extension: (Google Drive) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2014-08-10]
CHR Extension: (YouTube) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2014-08-10]
CHR Extension: (Google Search) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-08-10]
CHR Extension: (HQCinema Pro 2.1V18.08) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\gegdfeiahlfolhcfioipjlkombmgbakh [2015-08-27]
CHR Extension: (Google Docs Offline) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-03]
CHR Extension: (AdBlock) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2014-08-10]
CHR Extension: (Chrome Hotword Shared Module) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\lccekmodgklaepjeofjdjpbminllajkg [2015-03-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-08-10]
CHR Extension: (Gmail) - C:\Users\Tyler Prada\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2014-08-10]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-31]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [nppllibpnmahfaklnpggkibhkapjkeob] - C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\Exts\Chrome.crx [2015-03-31]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 Amazon 1Button App Service; C:\Program Files (x86)\Amazon\Amazon1ButtonApp\Amazon1ButtonService64.Exe [456000 2015-05-06] (Amazon Inc.)
R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-05-29] (Apple Inc.)
S3 c2wts; C:\Program Files\Windows Identity Foundation\v3.5\c2wtshost.exe [5632 2015-07-31] (Microsoft Corporation)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2768472 2015-08-11] (Microsoft Corporation)
S2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [21840 2014-03-03] ()
S3 fussvc; C:\Program Files (x86)\Windows Kits\8.1\App Certification Kit\fussvc.exe [142336 2014-02-20] (Microsoft Corporation) [File not signed]
R3 HcwDevCentralService; C:\Program Files (x86)\Hauppauge\DeviceCentral\HcwDevCentralService.exe [399120 2014-06-17] (Hauppauge Computer Works, Inc.)
R2 HPSLPSVC; C:\Program Files (x86)\HP\Digital Imaging\bin\HPSLPSVC64.DLL [1039360 2011-08-18] (Hewlett-Packard Co.) [File not signed]
S2 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89864 2014-12-11] (Hewlett-Packard Company)
R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328624 2015-10-02] (Intel Corporation)
R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\TXE Components\TCS\HeciServer.exe [733696 2013-07-01] (Intel® Corporation) [File not signed]
S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\TXE Components\TCS\SocketHeciServer.exe [822232 2013-07-01] (Intel® Corporation)
R2 IpOverUsbSvc; C:\Program Files (x86)\Common Files\Microsoft Shared\Phone Tools\CoreCon\11.0\bin\IpOverUsbSvc.exe [22744 2014-10-15] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1871160 2015-06-18] (Malwarebytes Corporation)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1133880 2015-06-18] (Malwarebytes Corporation)
R2 MSSQL$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\sqlservr.exe [57617752 2009-03-30] (Microsoft Corporation)
R2 NCO; C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\NST.exe [131144 2015-03-05] (Symantec Corporation)
R2 Net Driver HPZ12; C:\Windows\System32\HPZinw12.dll [71680 2010-08-06] (Hewlett-Packard) [File not signed]
U2 OneSyncSvc_Session12; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U2 OneSyncSvc_Session12; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session12; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 PimIndexMaintenanceSvc_Session12; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
R2 Pml Driver HPZ12; C:\Windows\System32\HPZipm12.dll [89600 2010-08-06] (Hewlett-Packard) [File not signed]
R2 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2013-12-10] (Razer, Inc.)
R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
S4 SQLAgent$SQLEXPRESS; C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\Binn\SQLAGENT.EXE [427880 2009-03-30] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-03] (Synaptics Incorporated)
S3 Te.Service; C:\Program Files (x86)\Windows Kits\8.1\Testing\Runtimes\TAEF\Wex.Services.exe [119808 2013-08-22] (Microsoft Corporation) [File not signed]
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [5611280 2015-08-07] (TeamViewer GmbH)
U3 UnistoreSvc_Session12; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UnistoreSvc_Session12; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session12; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
U3 UserDataSvc_Session12; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 VsEtwService120; C:\Program Files\Microsoft Visual Studio 12.0\Common7\Packages\Debugger\Services\VsEtwService.exe [89232 2014-07-22] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R3 athr; C:\Windows\System32\drivers\athw10x.sys [4325544 2015-06-28] (Qualcomm Atheros Communications, Inc.)
R1 ccSet_NST; C:\Windows\system32\drivers\NSTx64\7DE070B0.02A\ccSetx64.sys [162392 2013-09-27] (Symantec Corporation)
S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2012-09-25] (Windows ® Win 7 DDK provider)
S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2012-09-25] (Windows ® Win 7 DDK provider)
S3 GENERICDRV; C:\Program Files (x86)\UEFI WinFlash\amifldrv64.sys [15640 2012-07-27] ()
S3 hcwE5bda; C:\Windows\system32\drivers\hcwE5bda.sys [969048 2014-04-29] (Hauppauge Computer Work, Inc.)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-06-18] (Malwarebytes Corporation)
R3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-10-07] (Malwarebytes Corporation)
R3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-06-18] (Malwarebytes Corporation)
R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-06-22] (Corel Corporation)
R3 RSP2STOR; C:\Windows\system32\DRIVERS\RtsP2Stor.sys [310528 2015-06-09] (Realtek Semiconductor Corp.)
R3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2013-12-10] (Razer, Inc.)
R3 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2013-12-10] (Razer, Inc.)
R3 SensorsSimulatorDriver; C:\Windows\system32\DRIVERS\WUDFRd.sys [214016 2015-07-10] (Microsoft Corporation)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-03] (Synaptics Incorporated)
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [54424 2015-07-29] (Toshiba Corporation)
U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-04] ()
R3 TXEIx64; C:\Windows\System32\drivers\TXEIx64.sys [88592 2014-01-15] (Intel Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 vmci; \SystemRoot\System32\drivers\vmci.sys [X]
S3 VMnetAdapter; \SystemRoot\system32\DRIVERS\vmnetadapter.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 

==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-07 20:51 - 2015-10-07 20:52 - 00028219 _____ C:\Users\Tyler Prada\Desktop\FRST.txt
2015-10-07 20:51 - 2015-10-07 20:51 - 00000000 ___HD C:\OneDriveTemp
2015-10-07 20:50 - 2015-10-07 20:50 - 00016148 _____ C:\WINDOWS\system32\TYLER_Tyler Prada_HistoryPrediction.bin
2015-10-07 20:35 - 2015-10-07 20:36 - 00010758 _____ C:\Users\Tyler Prada\Desktop\pastepost.txt
2015-10-07 19:20 - 2015-10-07 19:20 - 00001182 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-10-07 19:20 - 2015-10-07 19:20 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-07 19:19 - 2015-10-07 19:19 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Tyler Prada\Downloads\mbam-setup-2.1.8.1057.exe
2015-10-07 19:06 - 2015-10-07 19:08 - 00000000 ____D C:\AdwCleaner
2015-10-07 19:06 - 2015-10-07 19:06 - 01681920 _____ C:\Users\Tyler Prada\Downloads\adwcleaner_5.011.exe
2015-10-07 19:00 - 2015-10-07 19:00 - 00001348 _____ C:\Users\Tyler Prada\Desktop\Revo Uninstaller.lnk
2015-10-07 19:00 - 2015-10-07 19:00 - 00000000 ____D C:\Program Files (x86)\VS Revo Group
2015-10-07 18:58 - 2015-10-07 18:59 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Tyler Prada\Downloads\revosetup.exe
2015-10-07 18:50 - 2015-10-07 18:50 - 00000967 _____ C:\WINDOWS\system32\Drivers\rtkhdasetting.zip
2015-10-07 18:50 - 2015-10-07 18:50 - 00000039 _____ C:\WINDOWS\setupact.log
2015-10-07 18:50 - 2015-10-07 18:50 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-10-07 18:49 - 2015-10-07 18:50 - 00000000 ____D C:\WINDOWS\LastGood.Tmp
2015-10-07 18:48 - 2015-10-07 18:48 - 72133624 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoRes64.dat
2015-10-07 18:48 - 2015-10-07 18:48 - 07183136 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEP64A.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 07106408 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPP64A.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 05347944 _____ (Nahimic Inc) C:\WINDOWS\system32\NAHIMICAPOlfx.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 03686140 _____ C:\WINDOWS\system32\Drivers\RTAIODAT.DAT
2015-10-07 18:48 - 2015-10-07 18:48 - 03309264 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkApi64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 03271984 _____ (Fortemedia Corporation) C:\WINDOWS\system32\FMAPO64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 03009240 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtPgEx64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 02719992 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTSnMg64.cpl
2015-10-07 18:48 - 2015-10-07 18:48 - 02120816 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\WavesGUILib64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 02061920 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioEQ64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 01993304 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPD64A.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 01806456 _____ (DTS) C:\WINDOWS\system32\DTSS2SpeakerDLL64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 01771240 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RCoInstII64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 01615240 _____ (DTS) C:\WINDOWS\system32\DTSS2HeadphoneDLL64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 01530872 _____ (DTS) C:\WINDOWS\system32\DTSBoostDLL64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 01406136 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosade.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 01368264 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RTCOM64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 01357848 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxSpeechAPO64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 01232768 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO5064.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 01186392 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO4064.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 01142712 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\slcnt64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 01018656 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVoiceAPO2064.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00982248 _____ (Sony Corporation) C:\WINDOWS\system32\SFSS_APO.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00981240 _____ (DTS, Inc.) C:\WINDOWS\system32\sl3apo64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00940640 _____ (Sony Corporation) C:\WINDOWS\system32\MISS_APO.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00905048 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaeapo64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00891416 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo264.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00765120 _____ (DTS, Inc.) C:\WINDOWS\system32\sltech64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00760728 _____ (DTS) C:\WINDOWS\system32\DTSBassEnhancementDLL64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00744056 _____ (DTS) C:\WINDOWS\system32\DTSSymmetryDLL64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00724752 _____ (DTS) C:\WINDOWS\system32\DTSVoiceClarityDLL64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00696072 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO30.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00695552 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxVolumeSDAPO.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00659872 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtDataProc64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00633872 _____ (Knowles Acoustics ) C:\WINDOWS\system32\KAAPORT64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00613176 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tosasfapo64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00590152 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAC64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00548864 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSX64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00527824 _____ (DTS) C:\WINDOWS\system32\DTSU2PLFX64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00518984 _____ (DTS) C:\WINDOWS\system32\DTSNeoPCDLL64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00516752 _____ (DTS) C:\WINDOWS\system32\DTSU2PGFX64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00461968 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EED64A.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00459536 _____ (DTS) C:\WINDOWS\system32\DTSLimiterDLL64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00456888 _____ (DTS) C:\WINDOWS\system32\DTSGainCompensatorDLL64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00442256 _____ (DTS) C:\WINDOWS\system32\DTSU2PREC64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00402504 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEP64A.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00355496 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtlCPAPI64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00343800 _____ (Waves Audio Ltd.) C:\WINDOWS\system32\MaxxAudioAPO20.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00342176 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPO64A.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00336328 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DAA64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00334808 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RP3DHT64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00286968 _____ (Dolby Laboratories) C:\WINDOWS\system32\DDPA64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00269504 _____ (TODO: <Company name>) C:\WINDOWS\system32\slprp64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00268008 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPO64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00266416 _____ (DTS) C:\WINDOWS\system32\DTSLFXAPO64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00265464 _____ (DTS) C:\WINDOWS\system32\DTSGFXAPONS64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00242768 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFNHK64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00235032 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tossaemaxapo64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00234232 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSTSH64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00228536 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEED64A.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00221656 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSHP64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00208680 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCfg64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00185920 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\toseaeapo64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00179520 _____ (SRS Labs, Inc.) C:\WINDOWS\system32\SRSWOW64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00168936 _____ (TOSHIBA Corporation) C:\WINDOWS\system32\tadefxapo.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00163472 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEL64A.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00145712 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEA64A.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00132544 _____ (Real Sound Lab SIA) C:\WINDOWS\system32\CONEQMSAPOGUILibrary.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00128816 _____ C:\WINDOWS\system32\AcpiServiceVnA64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00128512 _____ (Andrea Electronics Corporation) C:\WINDOWS\system32\AERTAR64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00122240 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEL64A.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00114008 _____ C:\WINDOWS\system32\audioLibVc.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00102064 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFCOM64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00097976 _____ (Dolby Laboratories, Inc.) C:\WINDOWS\system32\RTEEG64A.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00097912 _____ (Synopsys, Inc.) C:\WINDOWS\system32\SFAPO64.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00096184 _____ (Virage Logic Corporation / Sonic Focus) C:\WINDOWS\SysWOW64\SFCOM.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00095688 _____ (Dolby Laboratories) C:\WINDOWS\system32\R4EEG64A.dll
2015-10-07 18:48 - 2015-10-07 18:48 - 00086616 _____ (TOSHIBA CORPORATION.) C:\WINDOWS\system32\tepeqapo64.dll
2015-10-07 07:39 - 2015-10-07 18:45 - 00001123 _____ C:\Users\Tyler Prada\Desktop\Search.txt
2015-10-06 20:00 - 2015-10-06 20:02 - 00074303 _____ C:\Users\Tyler Prada\Downloads\Addition.txt
2015-10-06 19:58 - 2015-10-06 20:02 - 00063069 _____ C:\Users\Tyler Prada\Downloads\FRST.txt
2015-10-06 19:54 - 2015-10-07 20:51 - 00000000 ____D C:\FRST
2015-10-06 19:53 - 2015-10-06 19:54 - 02193920 _____ (Farbar) C:\Users\Tyler Prada\Desktop\FRST64.exe
2015-10-06 19:51 - 2015-10-06 19:52 - 01697792 _____ (Farbar) C:\Users\Tyler Prada\Downloads\FRST.exe
2015-10-06 16:59 - 2015-10-07 07:35 - 00000000 ____D C:\Users\Tyler Prada\AppData\Roaming\GlarySoft
2015-10-06 16:59 - 2015-10-07 07:35 - 00000000 ____D C:\Program Files (x86)\Glarysoft
2015-10-06 16:59 - 2015-10-06 16:59 - 04880712 _____ C:\Users\Tyler Prada\Downloads\rrsetup.exe
2015-10-06 16:57 - 2015-10-06 16:57 - 00083019 _____ C:\Users\Tyler Prada\Downloads\dnsapi (1).zip
2015-10-06 16:57 - 2015-10-06 16:57 - 00000000 ____D C:\Users\Tyler Prada\Desktop\dnsapi (1)
2015-10-06 16:52 - 2015-10-06 16:55 - 00000000 ____D C:\Users\Tyler Prada\Desktop\dnsapi
2015-10-06 16:50 - 2015-10-06 16:51 - 00084150 _____ C:\Users\Tyler Prada\Downloads\dnsapi.zip
2015-10-06 16:37 - 2015-10-06 16:37 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\AvgSetupLog
2015-10-06 16:37 - 2015-10-06 16:37 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\Avg
2015-10-06 16:35 - 2015-10-06 16:37 - 02894872 _____ (AVG Technologies) C:\Users\Tyler Prada\Downloads\AVG_PCTuneUp_932.exe
2015-10-06 16:20 - 2015-10-06 16:20 - 03895432 _____ (solvusoft Corporation ) C:\Users\Tyler Prada\Downloads\Setup_WinThruster_2015.exe
2015-10-06 16:10 - 2015-10-06 16:10 - 03237248 _____ (Enigma Software Group USA, LLC.) C:\Users\Tyler Prada\Downloads\sh-remover.exe
2015-10-04 10:17 - 2015-10-04 22:21 - 00000000 ____D C:\ProgramData\RogueKiller
2015-10-04 10:17 - 2015-10-04 10:17 - 18801736 _____ C:\Users\Tyler Prada\Downloads\RogueKiller.exe
2015-10-04 10:17 - 2015-10-04 10:17 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-10-04 09:51 - 2015-10-04 09:51 - 00000000 ____D C:\Users\Tyler Prada\Desktop\mbam-chameleon-3.1.25.0
2015-10-04 09:50 - 2015-10-04 09:51 - 06383209 _____ C:\Users\Tyler Prada\Downloads\mbam-chameleon-3.1.25.0.zip
2015-10-04 09:47 - 2015-10-07 20:39 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-04 09:38 - 2015-10-07 20:37 - 00003198 _____ C:\WINDOWS\PFRO.log
2015-10-04 09:05 - 2015-10-04 09:06 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Tyler Prada\Downloads\tdsskiller.exe
2015-10-04 08:47 - 2015-10-04 09:35 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Tyler Prada\Downloads\mbam-setup-2.1.8.1057 (2).exe
2015-10-04 08:47 - 2015-10-04 08:47 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Tyler Prada\Downloads\mbam-setup-2.1.8.1057 (1).exe
2015-10-04 08:38 - 2015-10-04 10:10 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-10-04 08:30 - 2015-10-04 08:30 - 00000000 ____D C:\WINDOWS\pss
2015-10-02 17:53 - 2015-10-02 17:53 - 00469776 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin98ip.dll
2015-10-02 17:53 - 2015-10-02 17:53 - 00466736 _____ (Microsoft Corporation) C:\WINDOWS\system32\coin98itp.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 22915560 _____ (Intel Corporation) C:\WINDOWS\system32\igdfcl64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 17847784 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdfcl32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 11905432 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igd10iumd32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 11054568 _____ (Intel Corporation) C:\WINDOWS\system32\igdumdim64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 10574992 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdumdim32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 08528888 _____ (Intel Corporation) C:\WINDOWS\system32\ig7icd64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 04025864 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAAC64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 03670824 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdusc32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 02508480 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiVAD64.exe
2015-10-02 17:51 - 2015-10-02 17:51 - 02035712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmjit64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 01994240 _____ (Intel Corporation) C:\WINDOWS\system32\igdrcl64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 01793024 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdrcl32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 01766912 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmjit32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 01468952 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSecureSourceFilter64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 01155992 _____ (Intel Corporation) C:\WINDOWS\system32\iglhsip64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 01153360 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhsip32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00866824 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiWinNextAgent64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00661000 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiAudioFilter64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00617464 _____ (Intel Corporation) C:\WINDOWS\system32\MetroIntelGenericUIFramework.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00616472 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMux64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00467696 _____ (Intel Corporation) C:\WINDOWS\system32\igdmd64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00444832 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUMS64.exe
2015-10-02 17:51 - 2015-10-02 17:51 - 00392704 _____ (Intel Corporation) C:\WINDOWS\system32\igfxOSP.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00385528 _____ (Intel Corporation) C:\WINDOWS\system32\IntelOpenCL64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00378824 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdmd32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00375784 _____ (Intel Corporation) C:\WINDOWS\system32\igdbcl64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00359432 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiSilenceFilter64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00329208 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igdbcl32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00295416 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelOpenCL32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00290216 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\IntelCpHeciSvc.exe
2015-10-02 17:51 - 2015-10-02 17:51 - 00264192 _____ C:\WINDOWS\system32\igfxCPL.cpl
2015-10-02 17:51 - 2015-10-02 17:51 - 00234472 _____ C:\WINDOWS\system32\igdde64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00229664 _____ (Intel Corporation) C:\WINDOWS\system32\iglhcp64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00228864 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDTCM.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00225288 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiUtils64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00215032 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCoIn_v4276.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00204200 _____ (Intel Corporation) C:\WINDOWS\system32\igfxext.exe
2015-10-02 17:51 - 2015-10-02 17:51 - 00200608 _____ (Intel Corporation) C:\WINDOWS\system32\igfxcmrt64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00194552 _____ C:\WINDOWS\SysWOW64\igdde32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00194360 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\iglhcp32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00193536 _____ (Intel Corporation) C:\WINDOWS\system32\igfx11cmrt64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00191000 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiDDEAgent64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00188884 _____ C:\WINDOWS\system32\resTHA.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00181524 _____ C:\WINDOWS\system32\resELL.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00177300 _____ C:\WINDOWS\system32\resRUS.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00171000 _____ C:\WINDOWS\system32\igdail64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00169368 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxcmrt32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00163840 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfx11cmrt32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00163044 _____ C:\WINDOWS\system32\resARA.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00162500 _____ C:\WINDOWS\system32\resHEB.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00162484 _____ C:\WINDOWS\system32\resJPN.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00157860 _____ C:\WINDOWS\system32\resHUN.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00157844 _____ C:\WINDOWS\system32\resFRA.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00156100 _____ C:\WINDOWS\system32\resKOR.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00156020 _____ C:\WINDOWS\system32\resDEU.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00155988 _____ C:\WINDOWS\system32\resITA.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00155828 _____ C:\WINDOWS\system32\resROM.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00155716 _____ C:\WINDOWS\system32\resESN.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00155268 _____ C:\WINDOWS\system32\resPLK.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00155172 _____ C:\WINDOWS\system32\resSKY.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00154980 _____ C:\WINDOWS\system32\resNLD.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00154372 _____ C:\WINDOWS\system32\resPTB.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00154260 _____ C:\WINDOWS\system32\resTRK.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00154212 _____ C:\WINDOWS\system32\resCSY.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00154088 _____ C:\WINDOWS\SysWOW64\igdail32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00154084 _____ C:\WINDOWS\system32\resPTG.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00153620 _____ C:\WINDOWS\system32\resFIN.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00153236 _____ C:\WINDOWS\system32\resHRV.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00152772 _____ C:\WINDOWS\system32\resSVE.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00152644 _____ C:\WINDOWS\system32\resSLV.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00151668 _____ C:\WINDOWS\system32\resNOR.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00151156 _____ C:\WINDOWS\system32\resDAN.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00149812 _____ C:\WINDOWS\system32\resENU.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00148052 _____ C:\WINDOWS\system32\resCHT.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00147188 _____ C:\WINDOWS\system32\resCHS.cui
2015-10-02 17:51 - 2015-10-02 17:51 - 00143368 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiMCUMD64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00107544 _____ (Intel Corporation) C:\WINDOWS\system32\IntelWiDiLogServer64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00096744 _____ C:\WINDOWS\system32\igfxCUIServicePS.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00078328 _____ ( ) C:\WINDOWS\system32\igfxDHLibv2_0.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00072696 _____ (Khronos Group) C:\WINDOWS\system32\Intel_OpenCL_ICD64.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00069112 _____ (Khronos Group) C:\WINDOWS\SysWOW64\Intel_OpenCL_ICD32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00068088 _____ ( ) C:\WINDOWS\system32\igfxDHLib.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00040712 _____ (Intel Corporation) C:\WINDOWS\system32\igfxexps.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00039416 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\igfxexps32.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00020456 _____ ( ) C:\WINDOWS\system32\igfxEMLib.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00019456 _____ ( ) C:\WINDOWS\system32\igfxDILib.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00018944 _____ ( ) C:\WINDOWS\system32\igfxEMLibv2_0.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00018936 _____ ( ) C:\WINDOWS\system32\igfxDILibv2_0.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00013824 _____ ( ) C:\WINDOWS\system32\igfxLHMLib.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00013816 _____ ( ) C:\WINDOWS\system32\igfxLHMLibv2_0.dll
2015-10-02 17:51 - 2015-10-02 17:51 - 00002560 _____ C:\WINDOWS\system32\iglhxs64.vp
2015-10-02 17:50 - 2015-10-02 17:51 - 06513640 _____ (Intel Corporation) C:\WINDOWS\SysWOW64\ig7icd32.dll
2015-10-02 17:50 - 2015-10-02 17:50 - 04371880 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv4_0.exe
2015-10-02 17:50 - 2015-10-02 17:50 - 04368296 _____ (Intel Corporation) C:\WINDOWS\system32\Gfxv2_0.exe
2015-10-02 17:50 - 2015-10-02 17:50 - 00969128 _____ (Intel Corporation) C:\WINDOWS\system32\GfxUIEx.exe
2015-10-02 17:50 - 2015-10-02 17:50 - 00555440 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyApp.exe
2015-10-02 17:50 - 2015-10-02 17:50 - 00554920 _____ (Intel Corporation) C:\WINDOWS\system32\DPTopologyAppv2_0.exe
2015-10-02 17:50 - 2015-10-02 17:50 - 00409512 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeApp.exe
2015-10-02 17:50 - 2015-10-02 17:50 - 00409008 _____ (Intel Corporation) C:\WINDOWS\system32\CustomModeAppv2_0.exe
2015-10-02 17:50 - 2015-10-02 17:50 - 00316245 _____ C:\WINDOWS\system32\DisplayAudiox64.cab
2015-10-02 17:50 - 2015-10-02 17:50 - 00165800 _____ (Intel Corporation) C:\WINDOWS\system32\difx64.exe
2015-10-02 17:50 - 2015-10-02 17:50 - 00102912 _____ C:\WINDOWS\system32\IccLibDll_x64.dll
2015-10-02 16:36 - 2015-10-02 16:36 - 00000000 ___HD C:\$SysReset
2015-09-25 12:52 - 2015-09-25 12:52 - 00022512 _____ C:\Users\Tyler Prada\Downloads\arabella.zip
2015-09-24 20:00 - 2015-09-24 20:00 - 00003074 _____ C:\Users\Tyler Prada\Downloads\final.sql
2015-09-23 13:05 - 2015-10-02 17:06 - 00000000 ____D C:\Program Files (x86)\Plantronics
2015-09-22 20:22 - 2015-10-02 17:06 - 00000000 ____D C:\Program Files (x86)\Ginger
2015-09-22 20:22 - 2015-09-22 20:22 - 00000000 ____D C:\Users\Tyler Prada\AppData\Roaming\Acapela Group
2015-09-22 20:21 - 2015-09-22 20:22 - 00007943 _____ C:\GingerSetup.log
2015-09-22 20:21 - 2015-09-22 20:22 - 00005481 _____ C:\GingerSetupHelper.log
2015-09-22 20:16 - 2015-09-22 20:16 - 00881640 _____ (Ginger Software) C:\Users\Tyler Prada\Downloads\Ginger.exe
2015-09-21 14:19 - 2015-09-21 14:19 - 00000000 ____D C:\Users\Tyler Prada\Desktop\Walls
2015-09-17 15:15 - 2015-09-17 15:15 - 00094763 _____ C:\Users\Tyler Prada\Desktop\Final_Project.zip
2015-09-16 17:17 - 2015-09-16 17:17 - 00000000 ___RD C:\Users\Tyler Prada\3D Objects
2015-09-16 16:32 - 2015-09-16 16:32 - 00495210 _____ C:\Users\Tyler Prada\Downloads\HwcYWCi9.txt
2015-09-16 16:27 - 2015-09-16 16:27 - 00000088 _____ C:\WINDOWS\system32\Drivers\etc\edgeadblock.log
2015-09-16 16:25 - 2015-09-16 16:25 - 06162288 _____ ( ) C:\Users\Tyler Prada\Downloads\adblockplusie-1.4.exe
2015-09-16 16:25 - 2015-09-16 16:25 - 00087203 _____ C:\Users\Tyler Prada\Downloads\EdgeAdblock_10.zip
2015-09-16 16:25 - 2015-09-16 16:25 - 00087203 _____ C:\Users\Tyler Prada\Downloads\EdgeAdblock_10 (1).zip
2015-09-13 08:31 - 2015-09-13 08:31 - 00150605 _____ C:\Users\Tyler Prada\Downloads\WaterFall Clinic MAP.vsdx
2015-09-11 15:40 - 2015-09-11 15:40 - 00037142 _____ C:\Users\Tyler Prada\Downloads\Sequence Diagram (HR).vsdx
2015-09-11 15:40 - 2015-09-11 15:40 - 00034452 _____ C:\Users\Tyler Prada\Downloads\Use Case Diagram (HR).vsdx
2015-09-10 14:24 - 2015-09-10 14:24 - 01795952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-09-10 14:03 - 2015-09-10 14:03 - 00000000 ____D C:\Program Files (x86)\MSECache
2015-09-10 14:02 - 2015-09-10 14:03 - 32448168 _____ (Microsoft Corporation) C:\Users\Tyler Prada\Downloads\visioconverter-en-us.exe
2015-09-10 13:54 - 2015-09-10 13:54 - 00774656 _____ C:\Users\Tyler Prada\Downloads\SDM_EN (1).msi
2015-09-10 13:54 - 2015-09-10 13:54 - 00000183 _____ C:\Users\Tyler Prada\Downloads\100357089704 (1).sdx
2015-09-10 13:50 - 2015-09-10 13:52 - 00000000 ____D C:\Users\Tyler Prada\AppData\Roaming\VMware
2015-09-10 13:50 - 2015-09-10 13:52 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\VMware
2015-09-10 13:48 - 2015-09-10 13:48 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-09-10 13:45 - 2015-09-10 13:45 - 00001024 _____ C:\WINDOWS\SysWOW64\%TMP%
2015-09-10 13:44 - 2015-10-02 16:49 - 00000000 ____D C:\ProgramData\VMware
2015-09-10 13:40 - 2015-09-10 13:41 - 306299040 _____ (VMware, Inc.) C:\Users\Tyler Prada\Downloads\VMware-workstation-full-12.0.0-2985596.exe
2015-09-09 14:40 - 2015-09-09 14:40 - 00005153 _____ C:\Users\Tyler Prada\Desktop\wk6_Prada.zip
2015-09-09 14:33 - 2015-09-01 21:20 - 00077400 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-09-09 14:33 - 2015-09-01 20:25 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-09-09 14:33 - 2015-09-01 20:25 - 01382912 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-09-09 14:33 - 2015-08-27 02:36 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-09-09 14:33 - 2015-08-27 02:32 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-09-09 14:33 - 2015-08-27 02:04 - 21874688 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-09-09 14:33 - 2015-08-27 01:59 - 02880032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-09-09 14:33 - 2015-08-27 01:55 - 24594944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-09-09 14:33 - 2015-08-27 01:54 - 00541248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-09-09 14:33 - 2015-08-27 01:54 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-09-09 14:33 - 2015-08-27 01:51 - 02350592 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-09-09 14:33 - 2015-08-27 01:51 - 01774592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-09-09 14:33 - 2015-08-27 01:49 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-09-09 14:33 - 2015-08-27 01:47 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-09-09 14:33 - 2015-08-27 01:43 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-09-09 14:33 - 2015-08-27 01:43 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-09-09 14:33 - 2015-08-27 01:42 - 00596480 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2015-09-09 14:33 - 2015-08-27 01:42 - 00578560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-09-09 14:33 - 2015-08-27 01:42 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.PicturePassword.dll
2015-09-09 14:33 - 2015-08-27 01:42 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll
2015-09-09 14:33 - 2015-08-27 01:39 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-09-09 14:33 - 2015-08-27 01:23 - 19324416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-09-09 14:33 - 2015-08-27 01:23 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-09-09 14:33 - 2015-08-27 01:16 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-09-09 14:33 - 2015-08-27 01:16 - 02153472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-09-09 14:33 - 2015-08-27 01:16 - 01612288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-09-09 14:33 - 2015-08-27 01:12 - 00650752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-09-09 14:33 - 2015-08-27 01:12 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-09-09 14:33 - 2015-08-27 01:11 - 00484352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2015-09-09 14:33 - 2015-08-27 01:11 - 00139776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll
2015-09-09 14:33 - 2015-08-27 01:09 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-09-09 14:33 - 2015-08-27 01:08 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-10-07 20:51 - 2014-08-26 20:45 - 00008285 _____ C:\WINDOWS\system32\lvcoinst.log
2015-10-07 20:51 - 2014-08-08 06:48 - 00000000 ____D C:\Users\Tyler Prada\OneDrive
2015-10-07 20:47 - 2014-05-17 10:28 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-07 20:45 - 2014-12-10 14:31 - 00000000 ____D C:\Users\Tyler Prada\AppData\Roaming\Spotify
2015-10-07 20:40 - 2014-12-10 14:32 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\Spotify
2015-10-07 20:39 - 2015-08-27 13:49 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-07 20:39 - 2015-08-27 13:15 - 00001052 _____ C:\WINDOWS\Tasks\MandvDL7OHsHrPHG1an4oY.job
2015-10-07 20:39 - 2014-05-17 10:28 - 00000914 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-07 20:37 - 2015-07-10 08:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-07 20:37 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-10-07 20:37 - 2015-07-10 05:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-10-07 20:36 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-07 20:31 - 2014-09-19 17:24 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
2015-10-07 19:20 - 2015-08-27 13:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-07 18:50 - 2015-07-31 13:03 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-10-07 18:50 - 2014-05-17 10:02 - 00003192 _____ C:\WINDOWS\System32\Tasks\RTKCPL
2015-10-07 18:48 - 2015-06-24 22:59 - 03023120 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RltkAPO64.dll
2015-10-07 18:48 - 2015-06-24 22:57 - 04599528 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\Drivers\RTKVHD64.sys
2015-10-07 18:48 - 2015-06-24 22:57 - 00035440 _____ (Realtek Semiconductor Corp.) C:\WINDOWS\system32\RtkCoLDR64.dll
2015-10-07 18:30 - 2014-08-07 13:05 - 00002355 _____ C:\Users\Tyler Prada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk
2015-10-07 18:24 - 2014-08-26 20:11 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\CrashDumps
2015-10-07 18:20 - 2015-07-10 08:20 - 04968408 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-07 18:10 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-07 17:49 - 2014-08-07 17:33 - 00004158 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4942A5B4-7510-410C-A50D-735B59B400C9}
2015-10-07 07:36 - 2015-05-25 17:03 - 00000000 ____D C:\Program Files (x86)\Vector Magic
2015-10-07 07:34 - 2014-05-17 10:17 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-07 07:32 - 2015-07-13 18:21 - 00000000 ____D C:\Users\Tyler Prada\AppData\Roaming\iFunbox_UserCache
2015-10-07 07:32 - 2015-07-13 18:15 - 00000000 ____D C:\Program Files (x86)\iExplorer
2015-10-07 07:31 - 2014-10-21 15:27 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\Adobe
2015-10-06 16:21 - 2015-07-31 13:07 - 01064082 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-04 09:37 - 2015-05-08 14:16 - 00000000 ____D C:\Users\Tyler Prada\AppData\Roaming\uTorrent
2015-10-04 09:37 - 2014-08-07 14:40 - 00000000 ____D C:\Users\Tyler Prada\AppData\Roaming\TeamViewer
2015-10-04 09:19 - 2014-05-17 10:28 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-04 08:28 - 2015-07-31 14:21 - 00000451 _____ C:\WINDOWS\system32\{F33C3B9B-72AF-418A-B3FD-560646F7CDA2}.bat
2015-10-02 18:32 - 2015-07-10 06:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-02 17:51 - 2015-07-31 13:03 - 00072696 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.DLL
2015-10-02 17:51 - 2015-07-31 13:03 - 00069112 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.DLL
2015-10-02 17:51 - 2015-07-11 00:51 - 00540080 _____ (Intel Corporation) C:\WINDOWS\system32\igfxEM.exe
2015-10-02 17:51 - 2015-07-11 00:51 - 00393640 _____ (Intel Corporation) C:\WINDOWS\system32\igfxTray.exe
2015-10-02 17:51 - 2015-07-11 00:51 - 00328624 _____ (Intel Corporation) C:\WINDOWS\system32\igfxCUIService.exe
2015-10-02 17:51 - 2015-07-11 00:51 - 00256936 _____ (Intel Corporation) C:\WINDOWS\system32\igfxHK.exe
2015-10-02 17:51 - 2015-07-11 00:50 - 03797424 _____ (Intel Corporation) C:\WINDOWS\system32\Drivers\igdkmd64.sys
2015-10-02 17:51 - 2015-07-11 00:49 - 12334072 _____ (Intel Corporation) C:\WINDOWS\system32\igd10iumd64.dll
2015-10-02 17:51 - 2015-07-11 00:49 - 04637640 _____ (Intel Corporation) C:\WINDOWS\system32\igdusc64.dll
2015-10-02 17:51 - 2015-07-11 00:46 - 00678912 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDH.dll
2015-10-02 17:51 - 2015-07-11 00:46 - 00285184 _____ (Intel Corporation) C:\WINDOWS\system32\igfxDI.dll
2015-10-02 17:51 - 2015-07-11 00:46 - 00261112 _____ (Intel Corporation) C:\WINDOWS\system32\igfxLHM.dll
2015-10-02 17:23 - 2014-08-08 06:44 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-10-02 17:12 - 2015-07-31 13:09 - 00000000 ____D C:\Users\Tyler Prada
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 __RSD C:\WINDOWS\Media
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ___SD C:\WINDOWS\system32\Nui
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system\Speech
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-02 17:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\IME
2015-10-02 17:07 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-10-02 17:07 - 2014-08-10 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Notepad++
2015-10-02 17:07 - 2014-05-17 10:30 - 00000000 ____D C:\ProgramData\Norton
2015-10-02 17:06 - 2014-08-10 09:37 - 00000000 ____D C:\Program Files (x86)\Notepad++
2015-10-02 16:53 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\registration
2015-10-02 16:50 - 2014-08-07 13:01 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\Packages
2015-10-02 16:17 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-09-21 12:48 - 2015-01-06 16:03 - 00228590 _____ C:\WINDOWS\hpwins05.dat
2015-09-21 12:48 - 2015-01-06 16:03 - 00003375 _____ C:\ProgramData\hpzinstall.log
2015-09-21 12:47 - 2013-08-22 09:25 - 00000127 _____ C:\WINDOWS\win.ini
2015-09-17 16:02 - 2014-10-21 16:19 - 00000132 _____ C:\Users\Tyler Prada\AppData\Roaming\Adobe PNG Format CC Prefs
2015-09-16 16:13 - 2015-07-31 14:32 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\MicrosoftEdge
2015-09-16 14:42 - 2014-05-17 10:28 - 00003976 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-09-16 14:42 - 2014-05-17 10:28 - 00003744 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-09-15 12:12 - 2015-07-10 07:06 - 00812008 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-09-15 12:12 - 2015-07-10 07:06 - 00178152 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-09-14 16:30 - 2015-01-23 14:49 - 00000000 ____D C:\Users\Tyler Prada\Documents\Visual Studio 2013
2015-09-13 10:25 - 2014-08-07 14:39 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\Google
2015-09-10 14:46 - 2015-07-10 09:14 - 00000000 ____D C:\Program Files\Windows Journal
2015-09-10 14:46 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-09-10 14:24 - 2014-03-19 16:23 - 00095016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dc3d.sys
2015-09-10 13:59 - 2014-12-07 15:57 - 00000000 ____D C:\Users\Tyler Prada\AppData\Local\Microsoft Help
2015-09-10 13:54 - 2015-01-23 14:00 - 00003211 _____ C:\Users\Tyler Prada\Desktop\Shortcut to SecureDownloadManager.exe.lnk
2015-09-10 13:49 - 2014-12-07 15:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-09-10 13:48 - 2014-12-07 16:00 - 00000039 _____ C:\WINDOWS\vbaddin.ini
2015-09-10 13:45 - 2015-07-31 13:07 - 01078224 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-09-09 16:00 - 2014-08-10 12:17 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-09-09 14:16 - 2015-07-31 14:34 - 00002363 _____ C:\Users\Tyler Prada\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
 
==================== Files in the root of some directories =======
 
2015-03-19 16:40 - 2015-03-19 16:44 - 0000132 _____ () C:\Users\Tyler Prada\AppData\Roaming\Adobe OpenEXR Format CC Prefs
2014-10-21 16:19 - 2015-09-17 16:02 - 0000132 _____ () C:\Users\Tyler Prada\AppData\Roaming\Adobe PNG Format CC Prefs
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Tyler Prada\AppData\Roaming\MandvDL7OHsHrPHG1an4oY
2015-08-27 13:14 - 2015-08-27 13:14 - 0000064 _____ () C:\Users\Tyler Prada\AppData\Local\83217340847f5221d8441ac494f42e3e
2015-03-12 15:58 - 2015-03-12 16:02 - 0001456 _____ () C:\Users\Tyler Prada\AppData\Local\Adobe Save for Web 13.0 Prefs
2014-10-21 15:00 - 2014-10-21 15:00 - 0076722 _____ () C:\Users\Tyler Prada\AppData\Local\recently-used.xbel
2015-08-27 13:14 - 2015-08-27 13:14 - 0000187 _____ () C:\Users\Tyler Prada\AppData\Local\Streetice.exe.config
2015-07-31 13:04 - 2015-07-31 13:04 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
2015-01-06 16:03 - 2015-09-21 12:48 - 0003375 _____ () C:\ProgramData\hpzinstall.log
 
Some files in TEMP:
====================
C:\Users\Tyler Prada\AppData\Local\Temp\dllnt_dump.dll
C:\Users\Tyler Prada\AppData\Local\Temp\oct7A3E.tmp.exe
C:\Users\Tyler Prada\AppData\Local\Temp\sqlite3.dll
 

==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed
 

LastRegBack: 2015-10-06 16:18
 
==================== End of FRST.txt ============================
 
Additional scan result of Farbar Recovery Scan Tool (x64) Version:04-10-2015
Ran by Tyler Prada (2015-10-07 20:53:09)
Running from C:\Users\Tyler Prada\Desktop
Windows 10 Home (X64) (2015-07-31 18:21:13)
Boot Mode: Normal
==========================================================
 

==================== Accounts: =============================
 
Administrator (S-1-5-21-1764133201-2714899247-942173242-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1764133201-2714899247-942173242-503 - Limited - Disabled)
Guest (S-1-5-21-1764133201-2714899247-942173242-501 - Limited - Disabled)
Tyler Prada (S-1-5-21-1764133201-2714899247-942173242-1001 - Administrator - Enabled) => C:\Users\Tyler Prada
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Spybot - Search and Destroy (Enabled - Out of date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
µTorrent (HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\uTorrent) (Version: 3.4.3.40760 - BitTorrent Inc.)
64 Bit HP CIO Components Installer (Version: 7.2.8 - Hewlett-Packard) Hidden
7500_7600_7700_Help1 (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
Action! (HKLM-x32\...\Mirillis Action!) (Version: 1.19.2 - Mirillis)
Adobe Audition CC (HKLM-x32\...\{DE1E055B-679C-42F8-B114-7B6ED0B8ED95}) (Version: 6.0 - Adobe Systems Incorporated)
Adobe Dreamweaver CC 2015 (HKLM-x32\...\{EE2A0AA8-0386-11E5-8603-BC82F5DB1A71}) (Version: 16.0.0 - Adobe Systems Incorporated)
Adobe Flash Player 19 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 19.0.0.185 - Adobe Systems Incorporated)
Adobe Photoshop CC (HKLM-x32\...\{2D99B50E-431D-4AA8-85C1-172A6F8BCF09}) (Version: 14.0 - Adobe Systems Incorporated)
Adobe Reader XI (11.0.10)  MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.10 - Adobe Systems Incorporated)
Adobe Update Management Tool (HKLM-x32\...\{534A7A1A-7102-4AF6-23EA-7CD279C7B625}_is1) (Version: 6.2 - PainteR)
Amazon 1Button App (HKLM-x32\...\{5095145F-A690-405A-9ABF-69C7A7319834}) (Version: 2.2.2 - Amazon)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Application Insights Tools for Visual Studio 2013 (x32 Version: 2.4 - Microsoft Corporation) Hidden
ArcSoft ShowBiz (HKLM-x32\...\{4653DA78-3DB2-4F38-A35D-675CA0AF49CA}) (Version:  - ArcSoft)
Atheros Driver Installation Program (HKLM-x32\...\{C3A32068-8AB1-4327-BB16-BED9C6219DC7}) (Version: 10.0 - Atheros)
Audacity 2.0.5 (HKLM-x32\...\Audacity_is1) (Version: 2.0.5 - Audacity Team)
AzureTools.Notifications (x32 Version: 2.1.10731.1602 - Microsoft Corporation) Hidden
Behaviors SDK (Windows Phone) for Visual Studio 2013 (x32 Version: 12.0.50716.0 - Microsoft Corporation) Hidden
Behaviors SDK (Windows) for Visual Studio 2013 (x32 Version: 12.0.50429.0 - Microsoft Corporation) Hidden
bl (x32 Version: 1.0.0 - Your Company Name) Hidden
Blasterball 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
Blend for Visual Studio 2013 (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio 2013 ENU resources (x32 Version: 12.0.41002.1 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for .NET 4.5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Blend for Visual Studio SDK for Silverlight 5 (x32 Version: 3.0.40218.0 - Microsoft Corporation) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
bpd_scan_Carrier (x32 Version: 3.00.0000 - Hewlett-Packard) Hidden
BPDSoftware (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
BPDSoftware_Ini (x32 Version: 1.00.0000 - Hewlett-Packard) Hidden
BufferChm (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Build Tools - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - amd64 (Version: 12.0.31101 - Microsoft Corporation) Hidden
Build Tools Language Resources - x86 (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
CCleaner (HKLM\...\CCleaner) (Version: 5.03 - Piriform)
Cheat Engine 6.4 (HKLM-x32\...\Cheat Engine 6.4_is1) (Version:  - Cheat Engine)
Cisco Packet Tracer 6.2 Student (HKLM-x32\...\Cisco Packet Tracer 6.2 Student_is1) (Version:  - Cisco Systems, Inc.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.3817.05 - CyberLink Corp.)
Destinations (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
DeviceDiscovery (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
Digital Pass Launcher (HKLM-x32\...\{2359C6E9-DE4F-4FDA-9C12-AE6EFC2EE330}) (Version: 1.0.0.0 - TOSHIBA America Information Systems, Inc)
DocProc (x32 Version: 140.0.185.000 - Hewlett-Packard) Hidden
Dotfuscator and Analytics Community Edition (x32 Version: 5.5.4954.46574 - PreEmptive Solutions) Hidden
DTS Sound (HKLM-x32\...\{9B17BBEC-CF31-4C23-949E-E65A14365CE1}) (Version: 1.01.6100 - DTS, Inc.)
Entity Framework 6.1.1 Tools  for Visual Studio 2013 (HKLM-x32\...\{85253F13-EE42-4850-A3A5-79B90E92D7AC}) (Version: 12.0.30610.0 - Microsoft Corporation)
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
Fax (x32 Version: 140.0.307.000 - Hewlett-Packard) Hidden
GIMP 2.8.10 (HKLM\...\GIMP-2_is1) (Version: 2.8.10 - The GIMP Team)
Google Drive (HKLM-x32\...\{12ADFB82-D5A3-43E4-B2F4-FCD9B690315B}) (Version: 1.24.9931.5480 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
GPBaseService2 (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
Hauppauge Capture (HKLM-x32\...\Hauppauge Capture) (Version: 1.0.32168 - Hauppauge Computer Works)
Hauppauge Device Central (HKLM-x32\...\Hauppauge Device Central) (Version: 1.3.32167 - Hauppauge Computer Works, Inc.)
HP Customer Participation Program 14.0 (HKLM\...\HPExtendedCapabilities) (Version: 14.0 - HP)
HP Imaging Device Functions 14.0 (HKLM\...\HP Imaging Device Functions) (Version: 14.0 - HP)
HP OfficeJet L7300/L7500/7600/7700 (HKLM\...\{E6A512D4-E5FB-4D42-8E83-D87F3A760802}) (Version: 14.0 - HP)
HP Solution Center 14.0 (HKLM\...\HP Solution Center & Imaging Support Tools) (Version: 14.0 - HP)
HP Support Solutions Framework (HKLM-x32\...\{E35601C0-BA8E-4F32-919A-C7EF4CA81F67}) (Version: 11.51.0048 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{912D30CF-F39E-4B31-AD9A-123C6B794EE2}) (Version: 5.005.002.002 - Hewlett-Packard)
HPDiagnosticAlert (x32 Version: 1.00.0001 - Microsoft) Hidden
HPProductAssistant (x32 Version: 140.0.298.000 - Hewlett-Packard) Hidden
HPSSupply (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
IIS 8.0 Express (HKLM\...\{7BF61FA9-BDFB-4563-98AD-FCB0DA28CCC7}) (Version: 8.0.1557 - Microsoft Corporation)
IIS Express Application Compatibility Database for x64 (HKLM\...\{9f4f4a9b-eec5-4906-92fe-d1f43ccf5c8d}.sdb) (Version:  - )
IIS Express Application Compatibility Database for x86 (HKLM\...\{fdfba1f3-74ae-4255-9c10-a0f552b4610f}.sdb) (Version:  - )
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4276 - Intel Corporation)
Intel® Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{BFEAB774-C7DC-4032-B05A-DA5F7CB7B365}) (Version: 12.2.2.25 - Apple Inc.)
Java 8 Update 31 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218031F0}) (Version: 8.0.310 - Oracle Corporation)
Kindle Previewer (HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\KindlePreviewer) (Version: 2.94 - Amazon)
Kit SDK de vérification de Visual Studio 2012 - fra (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
L7500 (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
LAME v3.99.3 (for Windows) (HKLM-x32\...\LAME_is1) (Version:  - )
LocalESPC Dev12 (x32 Version: 8.100.25984 - Microsoft Corporation) Hidden
LocalESPCui for en-us Dev12 (x32 Version: 8.100.25984 - Microsoft) Hidden
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
MarketResearch (x32 Version: 140.0.212.000 - Hewlett-Packard) Hidden
Memory Profiler (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
Microsoft .NET Framework 4 Multi-Targeting Pack (HKLM-x32\...\{CFEF48A8-BFB8-3EAC-8BA5-DE4F8AA267CE}) (Version: 4.0.30319 - Microsoft Corporation)
Microsoft .NET Framework 4.5 Multi-Targeting Pack (HKLM-x32\...\{56E962F0-4FB0-3C67-88DB-9EAA6EEFC493}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5 SDK (HKLM-x32\...\{4AE57014-05C4-4864-A13D-86517A7E1BA4}) (Version: 4.5.50710 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (ENU) (HKLM-x32\...\{D3517C62-68A5-37CF-92F7-93C029A89681}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 Multi-Targeting Pack (HKLM-x32\...\{6A0C6700-EA93-372C-8871-DCCF13D160A4}) (Version: 4.5.50932 - Microsoft Corporation)
Microsoft .NET Framework 4.5.1 SDK (HKLM-x32\...\{19A5926D-66E1-46FC-854D-163AA10A52D3}) (Version: 4.5.51641 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 - Visual Studio 2010 Tools (HKLM-x32\...\{40416836-56CC-4C0E-A6AF-5C34BADCE483}) (Version: 2.0.50217.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 2 (HKLM-x32\...\{DD8FF2F3-0D97-4CF3-AF78-FA0E1B242244}) (Version: 2.0.60926.0 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Exchange Web Services Managed API 2.1 (HKLM-x32\...\{24CA683D-8174-4EBF-AD4D-3F2DD7814716}) (Version: 15.0.847.30 - Microsoft Corporation)
Microsoft Help Viewer 1.1 (HKLM\...\Microsoft Help Viewer 1.1) (Version: 1.1.40219 - Microsoft Corporation)
Microsoft Help Viewer 2.1 (HKLM-x32\...\Microsoft Help Viewer 2.1) (Version: 2.1.21005 - Microsoft Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office Developer Tools for Visual Studio 2013 - November 2014 Update (HKLM-x32\...\{ac415136-ae46-4301-b23e-6559062bfa7b}) (Version: 12.0.31105.0 - Microsoft Corporation)
Microsoft Office Home and Student 2013 - en-us (HKLM\...\HomeStudentRetail - en-us) (Version: 15.0.4753.1003 - Microsoft Corporation)
Microsoft Report Viewer 2012 Runtime (HKLM-x32\...\{9CCE40CE-A9E6-4916-8729-B008558EEF3F}) (Version: 11.0.2100.60 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft Silverlight 5 SDK (HKLM-x32\...\{E1FBB3D4-ADB0-4949-B101-855DA061C735}) (Version: 5.0.61118.0 - Microsoft Corporation)
Microsoft SQL Server 2008 (64-bit) (HKLM\...\Microsoft SQL Server 10 Release) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2008 Browser (HKLM-x32\...\{C688457E-03FD-4941-923B-A27F4D42A7DD}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 Native Client (HKLM\...\{BBDE8A3D-64A2-43A6-95F3-C27B87DF7AC1}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Framework (HKLM-x32\...\{0DDCEC37-369C-484B-B16D-B4413FD42FB9}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Data-Tier Application Project (HKLM-x32\...\{E5AE9031-79A5-4627-9641-BEFA82819B08}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (HKLM-x32\...\{83F2B8F4-5CF3-4BE9-9772-9543EAE4AC5F}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Management Objects (x64) (HKLM\...\{DA67488A-2689-4F10-B90F-D2F6977509D6}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 R2 Transact-SQL Language Service (HKLM-x32\...\{78C3657E-742C-40B1-9F53-E5A921D40F17}) (Version: 10.50.1447.4 - Microsoft Corporation)
Microsoft SQL Server 2008 Setup Support Files  (HKLM\...\{B40EE88B-400A-4266-A17B-E3DE64E94431}) (Version: 10.1.2731.0 - Microsoft Corporation)
Microsoft SQL Server 2012 (64-bit) (HKLM\...\Microsoft SQL Server SQLServer2012) (Version:  - Microsoft Corporation)
Microsoft SQL Server 2012 Command Line Utilities  (HKLM\...\{58FED865-4F13-408D-A5BF-996019C4B936}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (HKLM-x32\...\{1B876496-B3A2-4D22-9B12-B608A3FD4B8B}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Data-Tier App Framework  (x64) (HKLM\...\{A6BA243E-85A3-4635-A269-32949C98AC7F}) (Version: 11.1.2902.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Express LocalDB  (HKLM\...\{6C026A91-640F-4A23-8B68-05D589CC6F18}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (HKLM-x32\...\{2F7DBBE6-8EBC-495C-9041-46A772F4E311}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Management Objects  (x64) (HKLM\...\{43A5C316-9521-49C3-B9B6-FCE5E1005DF0}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Native Client  (HKLM\...\{3965C9F9-9B9A-4391-AC4B-8388210D3AA0}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Policies  (HKLM-x32\...\{DC487E40-046E-42A9-9C7C-5D2B1A7EB211}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Setup (English) (HKLM\...\{977887EC-1C9B-47FA-8489-88E5E7F43D5E}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL Compiler Service  (HKLM\...\{3D3F1CCD-2C87-4DDD-9B8C-CC0EB429E04D}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 Transact-SQL ScriptDom  (HKLM\...\{E721A8AA-2632-4798-B439-6D4C8A689BB8}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft SQL Server 2012 T-SQL Language Service  (HKLM-x32\...\{04DD7AF4-A6D3-4E30-9BB9-3B3670719234}) (Version: 11.1.3000.0 - Microsoft Corporation)
Microsoft SQL Server 2014 Express LocalDB  (HKLM\...\{AB8DE9BA-19E1-446A-BCFA-6B3DA9751E21}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (HKLM-x32\...\{2774595F-BC2A-4B12-A25B-0C37A37049B0}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Management Objects  (x64) (HKLM\...\{1F9EB3B6-AED7-4AA7-B8F1-8E314B74B2A5}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 Transact-SQL ScriptDom  (HKLM\...\{020CDFE0-C127-4047-B571-37C82396B662}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server 2014 T-SQL Language Service  (HKLM-x32\...\{47D08E7A-92A1-489B-B0BF-415516497BCE}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{3A9FC03D-C685-4831-94CF-4EDFD3749497}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 3.5 SP2 x64 ENU (HKLM\...\{D4AD39AD-091E-4D33-BB2B-59F6FCB8ADC3}) (Version: 3.5.8080.0 - Microsoft Corporation)
Microsoft SQL Server Compact 4.0 SP1 x64 ENU (HKLM\...\{78909610-D229-459C-A936-25D92283D3FD}) (Version: 4.0.8876.1 - Microsoft Corporation)
Microsoft SQL Server Data Tools - enu (12.0.41012.0) (HKLM-x32\...\{AC8E0CF4-42A1-4151-B684-97CF6FD726CF}) (Version: 12.0.41012.0 - Microsoft Corporation)
Microsoft SQL Server Data Tools Build Utilities - enu (12.0.30919.1) (HKLM-x32\...\{6781FF9B-E87D-4A03-9373-A55A288B83FA}) (Version: 12.0.30919.1 - Microsoft Corporation)
Microsoft SQL Server Database Publishing Wizard 1.4 (HKLM-x32\...\{ACE28263-76A4-4BF5-B6F4-8BD719595969}) (Version: 10.1.2512.8 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (HKLM-x32\...\{C3F6F200-6D7B-4879-B9EE-700C0CE1FCDA}) (Version: 10.51.2500.0 - Microsoft Corporation)
Microsoft SQL Server System CLR Types (x64) (HKLM\...\{4701DEDE-1888-49E0-BAE5-857875924CA2}) (Version: 10.50.1600.1 - Microsoft Corporation)
Microsoft SQL Server VSS Writer (HKLM\...\{0826F9E4-787E-481D-83E0-BC6A57B056D5}) (Version: 10.1.2531.0 - Microsoft Corporation)
Microsoft Sync Framework Runtime v1.0 SP1 (x64) (HKLM\...\{8438EC02-B8A9-462D-AC72-1B521349C001}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework SDK v1.0 SP1 (HKLM-x32\...\{0E3DFC64-CC49-4BE2-8C9C-58EF129675DB}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Framework Services v1.0 SP1 (x64) (HKLM\...\{034106B5-54B7-467F-B477-5B7DBB492624}) (Version: 1.0.3010.0 - Microsoft Corporation)
Microsoft Sync Services for ADO.NET v2.0 SP1 (x64) (HKLM\...\{1D1CEEF8-3741-45BD-8E77-963E1DEBDDD3}) (Version: 2.0.3010.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (HKLM-x32\...\{070C38AC-05CE-43DF-9A20-141332F6AB2B}) (Version: 11.1.3366.16 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2012 (x64) (HKLM\...\{DEB263CA-0386-4648-8382-FB78DBFA2C5F}) (Version: 11.2.5058.0 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM\...\{8C06D6DB-A391-4686-B050-99CC522A7843}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft System CLR Types for SQL Server 2014 (HKLM-x32\...\{4AEB505C-95E1-4964-9B64-8D27F3186D30}) (Version: 12.0.2000.8 - Microsoft Corporation)
Microsoft Team Foundation Server 2010 Object Model - ENU (HKLM\...\Microsoft Team Foundation Server 2010 Object Model - ENU) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visio Compatibility Pack (HKLM-x32\...\{95150000-005B-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1509 - Microsoft Corporation)
Microsoft Visio Premium 2010 (HKLM\...\Office14.VISIO) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (x64) (HKLM\...\{ad8a2fa1-06e7-4b0d-927d-6e54b3d31028}) (Version: 8.0.61000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Designtime - 10.0.30319 (HKLM\...\{F5079164-1DB9-3BDA-853B-F78AF67CE071}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Runtime - 10.0.30319 (HKLM\...\{94D70749-4281-39AC-AD90-B56A0E0A402E}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Runtime - 10.0.40219 (HKLM-x32\...\{5D9ED403-94DE-3BA0-B1D6-71F4BDA412E6}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d07b0db5-8dad-40e1-be90-88026298a46b}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{2749c485-3a8b-4533-92ff-7cf6e8221cff}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual F# 2.0 Runtime (HKLM-x32\...\{729A3000-BC8A-3B74-BA5D-5068FE12D70C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 ADO.NET Entity Framework Tools (HKLM-x32\...\{14DD7530-CCD2-3798-B37D-3839ED6A441C}) (Version: 10.0.30319 - Microsoft Corporation)
Microsoft Visual Studio 2010 Shell (Isolated) - ENU (HKLM-x32\...\{D64B6984-242F-32BC-B008-752806E5FC44}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Microsoft Visual Studio Macro Tools (HKLM-x32\...\Microsoft Visual Studio Macro Tools) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Professional 2013 (HKLM-x32\...\{02a877fe-5dac-4ac0-b869-4b9da00f651c}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Web Deploy 3.5 (HKLM\...\{69A998C5-00A9-42CA-AB4E-C31CFFCD9251}) (Version: 3.1237.1763 - Microsoft Corporation)
Microsoft Web Platform Installer 5.0 (HKLM\...\{4D84C195-86F0-4B34-8FDE-4A17EB41306A}) (Version: 5.0.50430.0 - Microsoft Corporation)
Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)
Minutor (HKLM-x32\...\{C23318A7-DFCC-4838-9434-6150A53A5ABF}) (Version: 2.0.1 - Sean Kasun)
MPM (HKLM-x32\...\{B5A4C902-1636-48DB-8E38-F0DB102DDB59}) (Version: 1.00.0000 - Hewlett-Packard)
MyDriveConnect 3.3.0.1812 (HKLM-x32\...\MyDriveConnect) (Version: 3.3.0.1812 - TomTom)
Network64 (Version: 140.0.306.000 - Hewlett-Packard) Hidden
Norton Identity Safe (HKLM-x32\...\NST) (Version: 2014.7.11.42 - Symantec Corporation)
Notepad++ (HKLM-x32\...\Notepad++) (Version: 6.8.1 - Notepad++ Team)
OCR Software by I.R.I.S. 14.0 (HKLM\...\HPOCR) (Version: 14.0 - HP)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4753.1003 - Microsoft Corporation) Hidden
Open XML SDK 2.5 for Microsoft Office (x32 Version: 2.5.5631 - Microsoft Corporation) Hidden
PDF Settings CC (x32 Version: 12.0 - Adobe Systems Incorporated) Hidden
Perfect Uninstaller v6.3.4.0 (HKLM\...\Perfect Uninstaller_is1) (Version:  - www.PerfectUninstaller.com)
ph (x32 Version: 1.0.0 - Your Company Name) Hidden
PowreShellIntegration.Notifications (x32 Version: 2.5.21003.1603 - Microsoft Corporation) Hidden
PreEmptive Analytics Visual Studio Components (x32 Version: 1.2.3197.1 - PreEmptive Solutions) Hidden
Prerequisites for SSDT  (HKLM-x32\...\{21373064-AD95-48DB-A32E-0D9E08EF7355}) (Version: 12.0.2000.8 - Microsoft Corporation)
Prerequisites for SSDT  (HKLM-x32\...\{35C1D9D6-87C0-46A3-B1B4-EDBCC063221C}) (Version: 11.1.3000.0 - Microsoft Corporation)
ProductContext (x32 Version: 140.0.001.000 - Hewlett-Packard) Hidden
Python Tools Redirection Template (x32 Version: 1.3 - Microsoft Corporation) Hidden
QuickTime 7 (HKLM-x32\...\{111EE7DF-FC45-40C7-98A7-753AC46B12FB}) (Version: 7.75.80.95 - Apple Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.56 - Razer Inc)
Realtek Card Reader (HKLM-x32\...\{5BC2B5AB-80DE-4E83-B8CF-426902051D0A}) (Version: 6.3.9600.29075 - Realtek Semiconductor Corp.)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.24.1218.2013 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7592 - Realtek Semiconductor Corp.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
Scan (x32 Version: 140.0.253.000 - Hewlett-Packard) Hidden
SDK de comprobación de Visual Studio 2012 - esn (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
Secure Download Manager (HKLM-x32\...\{E040B65B-8683-4228-8C33-D44A141E40EA}) (Version: 3.1.60 - Kivuto Solutions Inc.)
Service Pack 1 for SQL Server 2008 (KB968369) (64-bit) (HKLM\...\KB968369) (Version: 10.1.2531.0 - Microsoft Corporation)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (HKLM\...\{90140000-0057-0000-1000-0000000FF1CE}_Office14.VISIO_{3C578F10-F74F-4655-B2A6-9F88A6C415E8}) (Version:  - Microsoft)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 64-Bit Edition (Version:  - Microsoft) Hidden
Service Pack 2 for SQL Server 2012 (KB2958429) (64-bit) (HKLM\...\KB2958429) (Version: 11.2.5058.0 - Microsoft Corporation)
SharePoint Client Components (HKLM\...\{95150003-1163-0409-1000-0000000FF1CE}) (Version: 15.0.4641.1002 - Microsoft Corporation)
SharePoint Client Components (HKLM\...\{95160002-1163-0409-1000-0000000FF1CE}) (Version: 16.0.3104.1200 - Microsoft Corporation)
Shop for HP Supplies (HKLM\...\Shop for HP Supplies) (Version: 14.0 - HP)
Skype™ 7.0 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.0.102 - Skype Technologies S.A.)
SolutionCenter (x32 Version: 140.0.299.000 - Hewlett-Packard) Hidden
Spotify (HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\Spotify) (Version: 1.0.15.133.gf21970bd - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
SQL Server 2012 Client Tools (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Common Files (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
SQL Server 2012 Management Studio (Version: 11.2.5058.0 - Microsoft Corporation) Hidden
Sql Server Customer Experience Improvement Program (Version: 10.1.2531.0 - Microsoft Corporation) Hidden
Status (x32 Version: 140.0.342.000 - Hewlett-Packard) Hidden
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)
Team Explorer for Microsoft Visual Studio 2013 (x32 Version: 12.0.21005 - Microsoft Corporation) Hidden
TeamViewer 10 (HKLM-x32\...\TeamViewer) (Version: 10.0.45862 - TeamViewer)
Toolbox (x32 Version: 140.0.596.000 - Hewlett-Packard) Hidden
TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.18.0 - Toshiba Corporation)
TOSHIBA Display Utility (HKLM\...\{F64E9295-E1B3-4EEA-86D3-AF44A0087B06}) (Version: 1.1.16.0 - Toshiba Corporation)
TOSHIBA eco Utility (HKLM\...\{94D2A899-0C34-4420-880E-AE337E635AB0}) (Version: 2.4.2.6403 - Toshiba Corporation)
TOSHIBA Flash Cards Support Utility (HKLM-x32\...\InstallShield_{620BBA5E-F848-4D56-8BDA-584E44584C5E}) (Version: 1.51.81.2C - TOSHIBA CORPORATION)
TOSHIBA Function Key (HKLM\...\{1844CFE2-EBA3-490A-8A5E-9BFC646342FD}) (Version: 1.1.5.6402 - Toshiba Corporation)
TOSHIBA Password Utility (HKLM-x32\...\InstallShield_{59358FD4-252B-4B38-AB81-955C491A494F}) (Version: 2.0.0.15C - Toshiba Corporation)
TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.2.00.56006005 - Toshiba Corporation)
TOSHIBA Service Station (HKLM\...\{BFE4C813-4DD4-4B1C-97F4-76A459055C8D}) (Version: 2.6.13 - Toshiba Corporation)
TOSHIBA Start (HKLM-x32\...\{4F0F44AF-90E9-4A6E-9E82-354A3AB79F22}) (Version: 1.0.0.2 - TOSHIBA America Information Systems, Inc)
TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0033 - Toshiba Corporation)
TOSHIBA System Settings (HKLM-x32\...\{4D57ED72-6B01-40BD-9CA9-012B8FC09CEB}) (Version: 2.0.1.32003 - Toshiba Corporation)
TrayApp (x32 Version: 140.0.297.000 - Hewlett-Packard) Hidden
TypeScript Power Tool (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
TypeScript Tools for Microsoft Visual Studio 2013 (x32 Version: 1.0.5.0 - Microsoft Corporation) Hidden
UltraUXThemePatcher (HKLM-x32\...\UltraUXThemePatcher) (Version: 2.5.3.0 - Manuel Hoefs (Zottel))
Update Installer for WildTangent Games App (x32 Version:  - WildTangent) Hidden
Utility Common Driver (x32 Version: 1.0.53.3 - Compal) Hidden
Vegas Pro 13.0 (64-bit) (HKLM\...\{D0360940-CCC6-11E3-B9C6-F04DA23A5C58}) (Version: 13.0.310 - Sony)
Visual Studio 2010 Prerequisites - English (HKLM\...\{662014D2-0450-37ED-ABAE-157C88127BEB}) (Version: 10.0.30319 - Microsoft Corporation)
Visual Studio 2010 Tools for SQL Server Compact 3.5 SP2 ENU (HKLM-x32\...\{112C23F2-C036-4D40-BED4-0CB47BF5555C}) (Version: 4.0.8080.0 - Microsoft Corporation)
Visual Studio 2013 Update 4 (KB2829760) (HKLM-x32\...\{53d408db-eb91-43fb-9d8f-167681c19763}) (Version: 12.0.31101 - Microsoft Corporation)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
VS Update core components (x32 Version: 12.0.31101 - Microsoft Corporation) Hidden
WCF Data Services 5.6.0 Runtime (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF Data Services Tools for Microsoft Visual Studio 2013 (x32 Version: 5.6.61587.0 - Microsoft Corporation) Hidden
WCF RIA Services V1.0 SP2 (HKLM-x32\...\{5D8DD6A8-C4D7-4554-93F9-F1CC28C72600}) (Version: 4.1.62812.0 - Microsoft Corporation)
Web Deployment Tool (HKLM\...\{0F37D969-1260-419E-B308-EF7D29ABDE20}) (Version: 1.1.0618 - Microsoft Corporation)
WebReg (x32 Version: 140.0.297.017 - Hewlett-Packard) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.14 - WildTangent) Hidden
Windows Phone 8.1 Emulators - ENU (HKLM-x32\...\{166a69f6-6512-47ea-a342-17d954fc059a}) (Version: 12.0.31010.0 - Microsoft Corporation)
WinRAR 5.10 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.10.0 - win.rar GmbH)
Workflow Manager Client 1.0 (HKLM\...\{A5ABAF5F-B5B6-44B3-B69F-2E13DC60FC9F}) (Version: 2.0.40131.0 - Microsoft Corporation)
Workflow Manager Tools 1.0 for Visual Studio (HKLM\...\{A79F6653-6AF1-4AF2-BC15-F5D6C05E1E6A}) (Version: 2.0.40326.0 - Microsoft Corporation)
Пакет Visual Studio 2012 Verification SDK - rus (x32 Version: 12.0.30501 - Microsoft Corporation) Hidden
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-1764133201-2714899247-942173242-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-1764133201-2714899247-942173242-1001_Classes\CLSID\{e8c77137-e224-5791-b6e9-ff0305797a13}\InprocServer32 -> C:\Program Files (x86)\Adobe\Adobe Creative Cloud\Utils\npAdobeAAMDetect64.dll (Adobe Systems)
 
==================== Restore Points =========================
 
06-10-2015 16:34:33 WinThruster Tue, Oct 06, 15  16:34
07-10-2015 19:00:54 Revo Uninstaller's restore point - Search Protect
 
==================== Hosts content: ==========================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2013-08-22 09:25 - 2015-10-04 08:56 - 00351076 ____A C:\WINDOWS\system32\Drivers\etc\hosts
127.0.0.1 localhost
127.0.0.1 localhost.localdomain
255.255.255.255 broadcasthost
127.0.0.1 local
127.0.0.1 goatse.cx       # More information on sites such as
127.0.0.1 www.goatse.cx   # these can be found in this article
127.0.0.1 oralse.cx       # en.wikipedia.org/wiki/List_of_shock_sites
127.0.0.1 www.oralse.cx
127.0.0.1 goatse.ca
127.0.0.1 www.goatse.ca
127.0.0.1 oralse.ca
127.0.0.1 www.oralse.ca
127.0.0.1 goat.cx
127.0.0.1 www.goat.cx
127.0.0.1 goatse.ru
127.0.0.1 www.goatse.ru127.0.0.1 1girl1pitcher.com
127.0.0.1 1girl1pitcher.org
127.0.0.1 1guy1cock.com
127.0.0.1 1man1jar.org
127.0.0.1 1man2needles.com
127.0.0.1 1priest1nun.com
127.0.0.1 2girls1cup.com
127.0.0.1 2girls1cup-free.com
127.0.0.1 2girls1cup.nl
127.0.0.1 2girls1cup.ws
127.0.0.1 2girls1finger.com
127.0.0.1 2girls1finger.org
127.0.0.1 2guys1stump.org
127.0.0.1 3guys1hammer.ws
 
There are 1000 more lines.
 

==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {038A4D62-0936-4495-8A39-3716E164E267} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-09-24] (TOSHIBA Corporation)
Task: {09D5C9FE-6AFB-4AD5-AEE2-763191D27B8C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {189024CA-B6BE-4095-849C-59AE25F92EFB} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {1A954799-00E2-4AD2-962E-AF0372A42625} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk
Task: {1BB8387E-F29D-4088-809B-DC826F6AE3D4} - System32\Tasks\Norton Identity Safe\Norton Error Processor => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {1E386976-C983-4283-AC26-89FCB7058B43} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {28B957A4-DF7A-429B-B284-710C145A6783} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {2B2E3FD8-D2A9-418F-8EE8-5A2B42268781} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {2F5FE3B9-2140-40F7-8B58-E9F2F93B5CA0} - System32\Tasks\RTKCPL => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [2015-10-07] (Realtek Semiconductor)
Task: {36D45620-1374-4579-9966-7E0A34A698C9} - System32\Tasks\AdobeAAMUpdater-1.0-Tyler-Tyler Prada => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2015-07-22] (Adobe Systems Incorporated)
Task: {3D1A9570-0AFE-42D3-A887-C2389660481A} - System32\Tasks\Radqyvm => C:\Program Files\groover250820151255\Janmo.bat
Task: {3ED6EA83-CCD5-4171-B99B-20BD979E582B} - System32\Tasks\Norton Identity Safe\Norton Error Analyzer => C:\Program Files (x86)\Norton Identity Safe\Engine\2014.7.11.42\SymErr.exe [2014-01-30] (Symantec Corporation)
Task: {3F267FFF-F60B-4900-B388-18C319B0CB0D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-26] (Microsoft Corporation)
Task: {40323259-5E95-4A66-92E8-E31944EBFF82} - System32\Tasks\Ruofapsum => C:\ProgramData\Ruofapsum\1.0.4.1\asowitno.exe
Task: {41FAF1D9-BCF7-4A0D-9A54-25EC36A0AF63} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {4BE6CBB8-7E38-4B3E-914A-CE8C07BDB0F4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {50D8BC87-B0C8-4876-A702-6275F9A71C24} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-08-11] (Microsoft Corporation)
Task: {58818C05-E493-4DC9-91A1-7E7D2BD8532E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5E206617-25A9-44A9-910B-DB617A10097E} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File <==== ATTENTION
Task: {6164F434-27D5-4C74-BC23-D3EAEF1D08FB} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File <==== ATTENTION
Task: {62E47648-F244-41C5-9A0E-FA67E2E0CC76} - System32\Tasks\{BB5B9FA7-B273-4C12-8DF6-55352975F9B9} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S <==== ATTENTION
Task: {68B57A74-12BA-41AA-85D1-EAFDDFA441F6} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {701F9D78-B930-437C-8C68-159C32F96138} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {77B8A486-AECE-4E52-91BA-2A5E6EF4133D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {7FD1BABC-2564-4E85-8679-A117459A31EE} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {8963D093-2A30-48D8-8CAC-F50A0A60C5D4} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-28] (Google Inc.)
Task: {A1BEF988-5C2E-4678-BB2C-02D3760AB825} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
Task: {A22B44C4-9267-4659-8EE8-77DEE43F72D4} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-02-19] (Piriform Ltd)
Task: {AFA80FC1-A832-4184-977A-BB81C29F95DA} - \bvxvbxvd -> No File <==== ATTENTION
Task: {B23DF3C2-C5C3-4564-8F8C-2C806C6FB63F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {B295AF26-8251-4F15-AAFE-5256D28B6BCC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {B9502D5C-E40E-4744-B6E0-AEBC2505DFEA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {BBA30DB4-646F-4E52-BE01-949F2AEA8355} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {D1489A00-7CEA-4AA5-8AB3-96FD09B4D686} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-09-21] (Adobe Systems Incorporated)
Task: {E1430868-B009-42DD-ADD0-38B25432992D} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
Task: {E76ECCE8-5935-4194-BE0B-2B0BE13F0070} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-03] (Synaptics Incorporated)
Task: {FDE618D1-6DCE-4FA0-B34E-4406DC8EB036} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-08-11] (Microsoft Corporation)
Task: {FE407C4E-13DF-43DB-A893-E1347A4E6E33} - System32\Tasks\MandvDL7OHsHrPHG1an4oY => C:\Users\Tyler Prada\AppData\Roaming\MandvDL7OHsHrPHG1an4oY.exe <==== ATTENTION
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => C:\WINDOWS\explorer.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\MandvDL7OHsHrPHG1an4oY.job => C:\Users\Tyler Prada\AppData\Roaming\MandvDL7OHsHrPHG1an4oY.exe <==== ATTENTION
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-07-10 07:00 - 2015-07-10 07:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-07-31 16:48 - 2015-07-31 16:48 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-05-15 16:26 - 2015-05-15 16:26 - 01346344 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-08-19 17:42 - 2015-08-11 05:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-08-08 06:44 - 2014-05-20 09:19 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-08-28 15:31 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-28 15:31 - 2015-08-18 03:56 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-22 01:02 - 2015-07-22 01:02 - 00803488 _____ () C:\Program Files (x86)\Adobe\Adobe Creative Cloud\CoreSyncExtension\CoreSync_x64.dll
2015-08-12 14:50 - 2015-08-02 21:09 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-31 16:48 - 2015-07-31 16:48 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-08-12 14:50 - 2015-08-02 21:09 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-08-19 17:42 - 2015-08-11 04:58 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-07-10 06:59 - 2015-07-10 06:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-12 14:50 - 2015-08-02 21:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-08-12 14:50 - 2015-08-02 21:14 - 00882688 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-08-12 14:50 - 2015-08-02 21:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2015-09-15 14:27 - 2015-09-15 14:27 - 01752576 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.UI\8f320c4a308d2e39c6aa40c7cdf4ce49\Windows.UI.ni.dll
2015-09-15 14:27 - 2015-09-15 14:27 - 00476160 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_64\Windows.Data\c9ee06962fd760bac20a48a49086c5a4\Windows.Data.ni.dll
2015-08-27 13:24 - 2014-05-13 12:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
2015-08-27 13:24 - 2014-05-13 12:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
2015-08-27 13:24 - 2014-05-13 12:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
2015-08-27 13:24 - 2012-08-23 10:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
2015-08-27 13:24 - 2012-04-03 17:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
2014-10-03 08:04 - 2014-10-03 08:04 - 00026488 _____ () C:\Program Files (x86)\MyDrive Connect\DeviceDetection.dll
2014-10-03 08:04 - 2014-10-03 08:04 - 00087416 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterBase.dll
2014-10-03 08:04 - 2014-10-03 08:04 - 00398712 _____ () C:\Program Files (x86)\MyDrive Connect\TomTomSupporterProxy.dll
2015-03-09 12:39 - 2015-10-07 19:15 - 50680424 _____ () C:\Users\Tyler Prada\AppData\Roaming\Spotify\libcef.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2015-03-09 12:39 - 2015-10-07 19:15 - 01882728 _____ () C:\Users\Tyler Prada\AppData\Roaming\Spotify\libglesv2.dll
2015-03-09 12:39 - 2015-10-07 19:15 - 00083048 _____ () C:\Users\Tyler Prada\AppData\Roaming\Spotify\libegl.dll
2014-11-22 20:05 - 2014-11-22 20:05 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\VFS\ProgramFilesCommonX86\Microsoft Shared\OFFICE15\AppVIsvStream32.dll
2014-11-22 20:04 - 2014-11-22 20:04 - 00316576 _____ () C:\Program Files\Microsoft Office 15\Root\Office15\AppVIsvStream32.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 

==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Kufnemgawj => ""="service"
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 

==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\amazon.com -> www.amazon.com
 

==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\transcodedwallpaper.jpg
DNS Servers: 10.214.126.138
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
HKLM\...\StartupApproved\Run32: => "ArcSoft Connection Service"
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\...\StartupApproved\Run: => "Skype"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [UDP Query User{D8E0E196-A4F7-4EEC-8B9A-D0A008E4F194}C:\users\tyler prada\desktop\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\tyler prada\desktop\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [TCP Query User{F93D51AF-1302-47B0-951B-C9A4CE9CE11C}C:\users\tyler prada\desktop\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe] => (Allow) C:\users\tyler prada\desktop\minecraft\runtime\jre-x64\1.8.0_25\bin\javaw.exe
FirewallRules: [{6E5FFAF3-A766-45ED-9608-6E3821241FAC}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{68A08D8E-CB0C-46BC-972D-C8E6537CDCF8}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{D16303E3-43E9-4EF0-B975-B601B3556123}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{5F6ACF6B-2299-4BDF-86CA-64F038C1DB6E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{CE225496-26B2-4930-A947-F006C7E5A67F}] => (Allow) C:\Users\Tyler Prada\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{35B071D6-D64F-4194-B9DB-1687856A2978}] => (Allow) C:\Users\Tyler Prada\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [UDP Query User{8699175D-5B7B-434F-BDAE-86D34E20161C}C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe
FirewallRules: [TCP Query User{D8113E1C-ED49-40F1-9B94-F0E14B40DCF5}C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe] => (Allow) C:\program files (x86)\cisco packet tracer 6.2sv\bin\packettracer6.exe
FirewallRules: [{FA436ED0-6768-40EF-A0DE-A4E013A06DD2}] => (Allow) LPort=12292
FirewallRules: [{CC89E6A7-954F-46FC-BA34-75B44A64FFAC}] => (Allow) C:\Program Files (x86)\Microsoft Visual Studio 12.0\Common7\IDE\devenv.exe
FirewallRules: [{852BEA52-FBE0-4ED0-9554-CD95EDABA3FF}] => (Allow) C:\Program Files (x86)\HP\hp software update\hpwucli.exe
FirewallRules: [{6625649A-4674-4F9C-8667-C1F6DDD84AF9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgh.exe
FirewallRules: [{DF59044E-25CC-4C85-B3FD-1E7B0DC46F50}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqusgm.exe
FirewallRules: [{315F99A2-7AA5-4F40-981B-1500757BAC7B}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgpc01.exe
FirewallRules: [{53EE3CDB-3D99-4E74-8F25-E5DD08A478CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqgplgtupl.exe
FirewallRules: [{4152D2DA-9C28-4DFF-9893-2BC8ED2D62CE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqfxt08.exe
FirewallRules: [{4BD8BB39-354B-40AB-AB0E-27B7C3D59949}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxs08.exe
FirewallRules: [{FF2E0871-CCC7-4F8E-A0DF-55C36F0E40C8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpiscnapp.exe
FirewallRules: [{30687548-FD65-4AAE-9AD1-0D6C433CA8D8}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpoews01.exe
FirewallRules: [{A4AD85ED-72E0-4A65-9342-835902CE1FD9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpzwiz01.exe
FirewallRules: [{2A4D6163-21B8-48C5-8211-628FF72E4B8E}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpfccopy.exe
FirewallRules: [{3DDBD0EC-6361-4E5B-B44D-2A6717F381EE}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqkygrp.exe
FirewallRules: [{CBAED865-3C24-4D6E-959F-48AF5EC1F705}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposid01.exe
FirewallRules: [{AEB607DC-D7B0-4E77-88B1-9EAE39D5CE87}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hposfx08.exe
FirewallRules: [{C8B0BCB5-42FF-47C2-89B7-3379DF7D3AB9}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpofxm08.exe
FirewallRules: [{2645228D-8E61-40AB-AB20-38B99FAD4793}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqste08.exe
FirewallRules: [{86DA0EDD-6CCC-47A4-BC73-D5F58616CA27}] => (Allow) C:\Program Files (x86)\HP\Digital Imaging\bin\hpqtra08.exe
FirewallRules: [{3C08A232-97C6-450E-ADE9-944108ED7652}] => (Allow) C:\Users\Tyler Prada\AppData\Local\Temp\7zS7F68\setup\hpznui40.exe
FirewallRules: [UDP Query User{3113E2C5-70E8-42DA-BEF1-F22A99C6AA6F}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [TCP Query User{8BB98AED-8A59-4B14-B52F-21F11746DAB7}C:\program files (x86)\skype\phone\skype.exe] => (Allow) C:\program files (x86)\skype\phone\skype.exe
FirewallRules: [UDP Query User{ADD2F2BC-230D-4899-965A-47F7E841B64B}C:\users\tyler prada\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tyler prada\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{3A865665-E3CA-406B-963C-F4BE7261DB50}C:\users\tyler prada\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\tyler prada\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{7A8728D4-3B40-4F49-A1D5-58703843EF11}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [TCP Query User{FABC059D-E998-4B28-AF6E-E8012FA2CF3A}C:\program files\sony\vegas pro 13.0\vegas130.exe] => (Allow) C:\program files\sony\vegas pro 13.0\vegas130.exe
FirewallRules: [{2A5D4466-71B6-4D2F-8298-D3FAA2E45470}] => (Allow) C:\Users\Tyler Prada\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{EFE6A6E0-EBFE-45D7-86B4-B0328A86F557}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD12\Movie\PowerDVD Cinema\PowerDVDCinema12.exe
FirewallRules: [TCP Query User{AAB78665-6CC9-468B-8432-48B07D9C65F7}G:\neit_folder\q4\web_development\xampp\xampp\xampp\apache\bin\httpd.exe] => (Allow) G:\neit_folder\q4\web_development\xampp\xampp\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{C9032E41-5ABA-4DBA-A6B9-2F4D30A03719}G:\neit_folder\q4\web_development\xampp\xampp\xampp\apache\bin\httpd.exe] => (Allow) G:\neit_folder\q4\web_development\xampp\xampp\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{FFD9CDFC-BC21-4AC1-912F-2FCFA77C0221}G:\neit_folder\q4\web_development\xampp\xampp\xampp\mysql\bin\mysqld.exe] => (Allow) G:\neit_folder\q4\web_development\xampp\xampp\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{EB9BCCFF-1205-4CEE-A46E-6AA61612BE69}G:\neit_folder\q4\web_development\xampp\xampp\xampp\mysql\bin\mysqld.exe] => (Allow) G:\neit_folder\q4\web_development\xampp\xampp\xampp\mysql\bin\mysqld.exe
FirewallRules: [{30E167C8-A81A-4BE8-B690-6D826F217FB0}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{771FB765-022E-49A0-9BC8-2D58C7956171}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{F5E118CD-2F62-4075-ACF7-49C268F44A54}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{03E36064-BEF7-44EE-8975-58AA5EF1B981}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{BA106656-42D7-4189-94E6-FB4DEFCC0BDD}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{A1D84882-3140-4F10-9C95-B079F10FC8DA}] => (Allow) C:\Program Files (x86)\Adobe\Adobe Dreamweaver CC 2014\Dreamweaver.exe
FirewallRules: [{78168E46-79ED-4F2E-816E-02081D052FE5}] => (Allow) C:\Program Files\Adobe\Adobe Dreamweaver CC 2015\Dreamweaver.exe
FirewallRules: [{43D34004-BF3F-48ED-996C-242ABB08A020}] => (Allow) C:\Program Files\Adobe\Adobe Dreamweaver CC 2015\Dreamweaver.exe
FirewallRules: [{96D394F0-7CFB-4D45-9BA5-FAE7AB797078}] => (Allow) C:\Program Files\Adobe\Adobe Dreamweaver CC 2015\Dreamweaver.exe
FirewallRules: [{2DD522BD-0CBB-464E-AE8E-B8EDFD3B8D78}] => (Allow) C:\Program Files\Adobe\Adobe Dreamweaver CC 2015\Dreamweaver.exe
FirewallRules: [TCP Query User{9673BFBE-B0BB-4616-8392-FA5491425F3F}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Block) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [UDP Query User{D33EB378-D359-43C8-BA88-53EB95457C96}C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe] => (Block) C:\program files\adobe\adobe dreamweaver cc 2015\node\node.exe
FirewallRules: [TCP Query User{9B6DF29A-3E47-48DB-A50D-CCE257AA525F}C:\users\tyler prada\desktop\books\kindlepreviewer2.94\lib\touchlibs\webreader.exe] => (Allow) C:\users\tyler prada\desktop\books\kindlepreviewer2.94\lib\touchlibs\webreader.exe
FirewallRules: [UDP Query User{1D4F9BB2-F263-49A3-99BB-96D8DF4E37C6}C:\users\tyler prada\desktop\books\kindlepreviewer2.94\lib\touchlibs\webreader.exe] => (Allow) C:\users\tyler prada\desktop\books\kindlepreviewer2.94\lib\touchlibs\webreader.exe
FirewallRules: [{F0B18DD8-39DF-4384-9AAD-D6A0CD09CD18}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [TCP Query User{8809A76D-8734-4260-A013-639300F6D1B3}G:\neit_folder\q4\web_development\xampp\xampp\apache\bin\httpd.exe] => (Allow) G:\neit_folder\q4\web_development\xampp\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{2AFF4734-6427-4E6F-B126-836A377D9CDF}G:\neit_folder\q4\web_development\xampp\xampp\apache\bin\httpd.exe] => (Allow) G:\neit_folder\q4\web_development\xampp\xampp\apache\bin\httpd.exe
FirewallRules: [TCP Query User{AB971034-6B38-4ED1-9178-45A6501F2E2D}G:\neit_folder\q4\web_development\xampp\xampp\mysql\bin\mysqld.exe] => (Allow) G:\neit_folder\q4\web_development\xampp\xampp\mysql\bin\mysqld.exe
FirewallRules: [UDP Query User{1D5B6516-E533-44A0-9820-E8CB01911BDB}G:\neit_folder\q4\web_development\xampp\xampp\mysql\bin\mysqld.exe] => (Allow) G:\neit_folder\q4\web_development\xampp\xampp\mysql\bin\mysqld.exe
FirewallRules: [{C06884C6-4999-4A8C-8861-C80D6D27C095}] => (Allow) C:\Program Files (x86)\Max Driver Updater\maxdu.exe
FirewallRules: [{1304E542-BC53-43B6-99DB-6722EAB03A12}] => (Allow) C:\Program Files (x86)\Crossbrowse\Crossbrowse\Application\crossbrowse.exe
FirewallRules: [{44F97121-5687-40FB-90B2-BCC0169E6C6A}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{476BD545-EAE2-4A53-AE7D-66E295D1A193}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{9B677450-B945-46A0-9649-B927AFA357DC}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{A79D0B20-12B1-42A7-90F1-D2167FBB81E6}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service
StandardProfile\AuthorizedApplications: [C:\WINDOWS\TEMP\e54qhqsj.exe] => Enabled:Policy
 
==================== Faulty Device Manager Devices =============
 

==================== Event log errors: =========================
 
Application errors:
==================
Error: (10/07/2015 08:44:33 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5868) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (10/07/2015 08:44:33 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5868) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (10/07/2015 08:44:23 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5868) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (10/07/2015 08:44:23 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5868) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (10/07/2015 08:44:12 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5868) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (10/07/2015 08:44:12 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5868) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (10/07/2015 08:44:02 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5868) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (10/07/2015 08:44:02 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5868) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 
Error: (10/07/2015 08:43:52 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5868) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.
 
Error: (10/07/2015 08:43:52 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5868) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ".  The create file operation will fail with error -1032 (0xfffffbf8).
 

System errors:
=============
Error: (10/07/2015 08:41:56 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)
Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}
 
Error: (10/07/2015 08:38:31 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The HP Support Solutions Framework Service service failed to start due to the following error:
%%1053
 
Error: (10/07/2015 08:38:31 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the HP Support Solutions Framework Service service to connect.
 
Error: (10/07/2015 08:38:30 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The DTS APO Service service failed to start due to the following error:
%%1053
 
Error: (10/07/2015 08:38:30 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the DTS APO Service service to connect.
 
Error: (10/07/2015 08:36:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session1 service to connect.
 
Error: (10/07/2015 08:36:49 PM) (Source: Service Control Manager) (EventID: 7009) (User: )
Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_Session1 service to connect.
 
Error: (10/07/2015 08:36:40 PM) (Source: DCOM) (EventID: 10010) (User: TYLER)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca
 
Error: (10/07/2015 08:36:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (10/07/2015 08:36:38 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 

CodeIntegrity:
===================================
  Date: 2015-10-07 19:07:13.329
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 19:07:13.304
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 19:07:12.689
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 19:07:12.663
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 19:06:34.719
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 19:06:34.686
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 18:48:09.249
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 18:43:32.654
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 18:43:32.521
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 
  Date: 2015-10-07 17:53:57.226
  Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Windows\System32\dnsapi.dll that did not meet the Custom 3 / Antimalware signing level requirements.
 

==================== Memory info ===========================
 
Processor: Intel® Pentium® CPU N3530 @ 2.16GHz
Percentage of memory in use: 30%
Total physical RAM: 8078.79 MB
Available physical RAM: 5602.74 MB
Total Virtual: 9358.79 MB
Available Virtual: 6666.51 MB
 
==================== Drives ================================
 
Drive c: (TI10695300B) (Fixed) (Total:455 GB) (Free:333.56 GB) NTFS
Drive e: (My Passport) (Fixed) (Total:465.73 GB) (Free:446.5 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: 00000000)
 
Partition: GPT.
 
========================================================
Disk: 1 (MBR Code: Windows XP) (Size: 465.7 GB) (Disk ID: 0004A183)
Partition 1: (Not Active) - (Size=465.7 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Edited by masterkindew, 07 October 2015 - 08:04 PM.


#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:42 PM

Posted 08 October 2015 - 04:10 AM

Hi,

Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    HKLM-x32\...\Run: [] => [X]
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    RemoveProxy:
    HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
    HKU\S-1-5-21-1764133201-2714899247-942173242-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction 
    SearchScopes: HKU\S-1-5-21-1764133201-2714899247-942173242-1001 -> {CE377BFA-1271-4C04-8747-45A9AC0B805A} URL =
    BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} ->  No File
    cmd: type "C:\Program Files\groover250820151255\Janmo.bat"
    C:\Program Files\groover250820151255
    Task: {09D5C9FE-6AFB-4AD5-AEE2-763191D27B8C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File 
    Task: {1A954799-00E2-4AD2-962E-AF0372A42625} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk
    Task: {1E386976-C983-4283-AC26-89FCB7058B43} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File 
    Task: {28B957A4-DF7A-429B-B284-710C145A6783} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File 
    Task: {3D1A9570-0AFE-42D3-A887-C2389660481A} - System32\Tasks\Radqyvm => C:\Program Files\groover250820151255\Janmo.bat
    C:\ProgramData\Ruofapsum
    Task: {40323259-5E95-4A66-92E8-E31944EBFF82} - System32\Tasks\Ruofapsum => C:\ProgramData\Ruofapsum\1.0.4.1\asowitno.exe
    Task: {41FAF1D9-BCF7-4A0D-9A54-25EC36A0AF63} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File 
    Task: {4BE6CBB8-7E38-4B3E-914A-CE8C07BDB0F4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File 
    Task: {58818C05-E493-4DC9-91A1-7E7D2BD8532E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File 
    Task: {5E206617-25A9-44A9-910B-DB617A10097E} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File 
    Task: {6164F434-27D5-4C74-BC23-D3EAEF1D08FB} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File 
    Task: {62E47648-F244-41C5-9A0E-FA67E2E0CC76} - System32\Tasks\{BB5B9FA7-B273-4C12-8DF6-55352975F9B9} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S 
    Task: {77B8A486-AECE-4E52-91BA-2A5E6EF4133D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File 
    Task: {AFA80FC1-A832-4184-977A-BB81C29F95DA} - \bvxvbxvd -> No File 
    Task: {B23DF3C2-C5C3-4564-8F8C-2C806C6FB63F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File 
    Task: {B295AF26-8251-4F15-AAFE-5256D28B6BCC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File 
    Task: {B9502D5C-E40E-4744-B6E0-AEBC2505DFEA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File 
    Task: {BBA30DB4-646F-4E52-BE01-949F2AEA8355} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File 
    C:\Users\Tyler Prada\AppData\Roaming\MandvDL7OHsHrPHG1an4oY.exe
    Task: {FE407C4E-13DF-43DB-A893-E1347A4E6E33} - System32\Tasks\MandvDL7OHsHrPHG1an4oY => C:\Users\Tyler Prada\AppData\Roaming\MandvDL7OHsHrPHG1an4oY.exe 
    Task: C:\WINDOWS\Tasks\MandvDL7OHsHrPHG1an4oY.job => C:\Users\Tyler Prada\AppData\Roaming\MandvDL7OHsHrPHG1an4oY.exe 
    StandardProfile\AuthorizedApplications: [C:\WINDOWS\TEMP\e54qhqsj.exe] => Enabled:Policy
    CreaterestorePoint:
    EmptyTemp:
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.

Please post it to your reply.

Step 2

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:

settings.png

  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.

esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif

Step 3

Don't remove on your own anything that HitmanPro detects!
This scanner, as it is a really good for checking, has been known for deleting files instead of curing them, which in some cases may render the machine unbootable.
Any removals will be done manually after careful analysis of the scan results!


Please download hitmanpro_32.pngHitmanPro 32-bit / HitmanPro 64-bit by SurfRight and save it to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click onhitmanpro.pngicon and select admin.PNGRun as Administrator to start the tool.
  • If the program won't run please run it while holding down the left CTRL key until it's loaded!
  • Click on the Next button (1). You must agree with the terms of EULA (2 - if asked).
  • Check the box beside "No, I only want to perform a one-time scan to check this computer" and click on the Next button. (3)
  • The program will start to scan the computer. It would only take several minutes.
  • When the scan is done click on Save Log (4) and close HitmanPro! (5)
  • Copy and paste the content of the log file in your next reply.

hitman.gif


Edited by deeprybka, 08 October 2015 - 04:12 AM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 masterkindew

masterkindew
  • Topic Starter

  • Members
  • 7 posts
  • OFFLINE
  •  
  • Local time:04:42 PM

Posted 08 October 2015 - 09:09 PM

Alright here is the next bulk of logs

 

Fix result of Farbar Recovery Scan Tool (x64) Version:08-10-2015
Ran by Tyler Prada (2015-10-08 16:14:29) Run:2
Running from C:\Users\Tyler Prada\Desktop
Loaded Profiles: Tyler Prada &  (Available Profiles: Tyler Prada)
Boot Mode: Normal
==============================================
 
fixlist content:
*****************
CloseProcesses:
HKLM-x32\...\Run: [] => [X]
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
RemoveProxy:
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction
SearchScopes: HKU\S-1-5-21-1764133201-2714899247-942173242-1001 -> {CE377BFA-1271-4C04-8747-45A9AC0B805A} URL =
BHO: No Name -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} ->  No File
cmd: type "C:\Program Files\groover250820151255\Janmo.bat"
C:\Program Files\groover250820151255
Task: {09D5C9FE-6AFB-4AD5-AEE2-763191D27B8C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File
Task: {1A954799-00E2-4AD2-962E-AF0372A42625} - System32\Tasks\iolo System Checkup => C:\ProgramData\iolo\scustask.lnk
Task: {1E386976-C983-4283-AC26-89FCB7058B43} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File
Task: {28B957A4-DF7A-429B-B284-710C145A6783} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File
Task: {3D1A9570-0AFE-42D3-A887-C2389660481A} - System32\Tasks\Radqyvm => C:\Program Files\groover250820151255\Janmo.bat
C:\ProgramData\Ruofapsum
Task: {40323259-5E95-4A66-92E8-E31944EBFF82} - System32\Tasks\Ruofapsum => C:\ProgramData\Ruofapsum\1.0.4.1\asowitno.exe
Task: {41FAF1D9-BCF7-4A0D-9A54-25EC36A0AF63} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File
Task: {4BE6CBB8-7E38-4B3E-914A-CE8C07BDB0F4} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File
Task: {58818C05-E493-4DC9-91A1-7E7D2BD8532E} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File
Task: {5E206617-25A9-44A9-910B-DB617A10097E} - \WordSurfer Auto Updater 1.10.0.19 Pending Update -> No File
Task: {6164F434-27D5-4C74-BC23-D3EAEF1D08FB} - \WordSurfer Auto Updater 1.10.0.19 Core -> No File
Task: {62E47648-F244-41C5-9A0E-FA67E2E0CC76} - System32\Tasks\{BB5B9FA7-B273-4C12-8DF6-55352975F9B9} => pcalua.exe -a C:\PROGRA~2\SearchProtect\Main\bin\uninstall.exe -c /S
Task: {77B8A486-AECE-4E52-91BA-2A5E6EF4133D} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File
Task: {AFA80FC1-A832-4184-977A-BB81C29F95DA} - \bvxvbxvd -> No File
Task: {B23DF3C2-C5C3-4564-8F8C-2C806C6FB63F} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File
Task: {B295AF26-8251-4F15-AAFE-5256D28B6BCC} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File
Task: {B9502D5C-E40E-4744-B6E0-AEBC2505DFEA} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File
Task: {BBA30DB4-646F-4E52-BE01-949F2AEA8355} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File
C:\Users\Tyler Prada\AppData\Roaming\MandvDL7OHsHrPHG1an4oY.exe
Task: {FE407C4E-13DF-43DB-A893-E1347A4E6E33} - System32\Tasks\MandvDL7OHsHrPHG1an4oY => C:\Users\Tyler Prada\AppData\Roaming\MandvDL7OHsHrPHG1an4oY.exe
Task: C:\WINDOWS\Tasks\MandvDL7OHsHrPHG1an4oY.job => C:\Users\Tyler Prada\AppData\Roaming\MandvDL7OHsHrPHG1an4oY.exe
StandardProfile\AuthorizedApplications: [C:\WINDOWS\TEMP\e54qhqsj.exe] => Enabled:Policy
CreaterestorePoint:
EmptyTemp:
*****************
 
Processes closed successfully.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
 
========= RemoveProxy: =========
 
"HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1764133201-2714899247-942173242-1001\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
"HKU\S-1-5-21-1764133201-2714899247-942173242-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Policies\Microsoft\Internet Explorer" => key removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyEnable => value removed successfully
HKU\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Internet Settings\\ProxyServer => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\.DEFAULT\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
HKU\S-1-5-21-1764133201-2714899247-942173242-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\DefaultConnectionSettings => value removed successfully
HKU\S-1-5-21-1764133201-2714899247-942173242-1001-{ED1FC765-E35E-4C3D-BF15-2C2B11260CE4}-0\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\Connections\\SavedLegacySettings => value removed successfully
 

========= End of RemoveProxy: =========
 
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
HKU\S-1-5-21-1764133201-2714899247-942173242-1001\SOFTWARE\Policies\Microsoft\Internet Explorer => key not found.
"HKU\S-1-5-21-1764133201-2714899247-942173242-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{CE377BFA-1271-4C04-8747-45A9AC0B805A}" => key removed successfully
HKCR\CLSID\{CE377BFA-1271-4C04-8747-45A9AC0B805A} => key not found.
"HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Browser Helper Objects\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
"HKCR\CLSID\{B4F3A835-0E21-4959-BA22-42B3008E02FF}" => key removed successfully
 
=========  type "C:\Program Files\groover250820151255\Janmo.bat" =========
 
The system cannot find the path specified.
 
========= End of CMD: =========
 
"C:\Program Files\groover250820151255" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{09D5C9FE-6AFB-4AD5-AEE2-763191D27B8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09D5C9FE-6AFB-4AD5-AEE2-763191D27B8C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1A954799-00E2-4AD2-962E-AF0372A42625}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1A954799-00E2-4AD2-962E-AF0372A42625}" => key removed successfully
C:\WINDOWS\System32\Tasks\iolo System Checkup => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\iolo System Checkup" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{1E386976-C983-4283-AC26-89FCB7058B43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1E386976-C983-4283-AC26-89FCB7058B43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{28B957A4-DF7A-429B-B284-710C145A6783}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{28B957A4-DF7A-429B-B284-710C145A6783}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3D1A9570-0AFE-42D3-A887-C2389660481A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3D1A9570-0AFE-42D3-A887-C2389660481A}" => key removed successfully
C:\WINDOWS\System32\Tasks\Radqyvm => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Radqyvm" => key removed successfully
"C:\ProgramData\Ruofapsum" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Boot\{40323259-5E95-4A66-92E8-E31944EBFF82}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{40323259-5E95-4A66-92E8-E31944EBFF82}" => key removed successfully
C:\WINDOWS\System32\Tasks\Ruofapsum => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Ruofapsum" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{41FAF1D9-BCF7-4A0D-9A54-25EC36A0AF63}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{41FAF1D9-BCF7-4A0D-9A54-25EC36A0AF63}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{4BE6CBB8-7E38-4B3E-914A-CE8C07BDB0F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{4BE6CBB8-7E38-4B3E-914A-CE8C07BDB0F4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{58818C05-E493-4DC9-91A1-7E7D2BD8532E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{58818C05-E493-4DC9-91A1-7E7D2BD8532E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5E206617-25A9-44A9-910B-DB617A10097E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5E206617-25A9-44A9-910B-DB617A10097E}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Pending Update => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{6164F434-27D5-4C74-BC23-D3EAEF1D08FB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{6164F434-27D5-4C74-BC23-D3EAEF1D08FB}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\WordSurfer Auto Updater 1.10.0.19 Core => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{62E47648-F244-41C5-9A0E-FA67E2E0CC76}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{62E47648-F244-41C5-9A0E-FA67E2E0CC76}" => key removed successfully
C:\WINDOWS\System32\Tasks\{BB5B9FA7-B273-4C12-8DF6-55352975F9B9} => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\{BB5B9FA7-B273-4C12-8DF6-55352975F9B9}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{77B8A486-AECE-4E52-91BA-2A5E6EF4133D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{77B8A486-AECE-4E52-91BA-2A5E6EF4133D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AFA80FC1-A832-4184-977A-BB81C29F95DA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AFA80FC1-A832-4184-977A-BB81C29F95DA}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\bvxvbxvd => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B23DF3C2-C5C3-4564-8F8C-2C806C6FB63F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B23DF3C2-C5C3-4564-8F8C-2C806C6FB63F}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{B295AF26-8251-4F15-AAFE-5256D28B6BCC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B295AF26-8251-4F15-AAFE-5256D28B6BCC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{B9502D5C-E40E-4744-B6E0-AEBC2505DFEA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{B9502D5C-E40E-4744-B6E0-AEBC2505DFEA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{BBA30DB4-646F-4E52-BE01-949F2AEA8355}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BBA30DB4-646F-4E52-BE01-949F2AEA8355}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"C:\Users\Tyler Prada\AppData\Roaming\MandvDL7OHsHrPHG1an4oY.exe" => File/Folder not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FE407C4E-13DF-43DB-A893-E1347A4E6E33}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FE407C4E-13DF-43DB-A893-E1347A4E6E33}" => key removed successfully
C:\WINDOWS\System32\Tasks\MandvDL7OHsHrPHG1an4oY => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\MandvDL7OHsHrPHG1an4oY" => key removed successfully
C:\WINDOWS\Tasks\MandvDL7OHsHrPHG1an4oY.job => moved successfully
HKLM\SYSTEM\CurrentControlSet\services\SharedAccess\Parameters\FirewallPolicy\StandardProfile\AuthorizedApplications\List\\C:\WINDOWS\TEMP\e54qhqsj.exe => value removed successfully
Restore point was successfully created.
EmptyTemp: => 440.5 MB temporary data Removed.
 

The system needed a reboot..
 
==== End of Fixlog 16:16:46 ====
 
ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3840fd420ee45d428865894d14f49d87
# end=init
# utc_time=2015-10-08 08:29:09
# local_time=2015-10-08 04:29:09 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT
Update Init
Update Download
Update Finalize
Updated modules version: 26147
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=3840fd420ee45d428865894d14f49d87
# end=updated
# utc_time=2015-10-08 08:31:55
# local_time=2015-10-08 04:31:55 (-0500, Eastern Daylight Time)
# country="United States"
# osver=6.2.9200 NT
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=3840fd420ee45d428865894d14f49d87
# engine=26147
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-10-09 01:42:54
# local_time=2015-10-08 09:42:54 (-0500, Eastern Daylight Time)
# country="United States"
# lang=1033
# osver=6.2.9200 NT
# compatibility_mode_1=''
# compatibility_mode=5893 16776573 100 94 0 6907386 0 0
# scanned=370011
# found=15
# cleaned=0
# scan_time=18658
sh=1D5D45161C35E675EB5AA119A7A0E412EA42E662 ft=1 fh=ac122242aa03ac97 vn="a variant of MSIL/Amonetize.AA potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files\NixSrv\NixSrv.exe.vir"
sh=9CE5F659BDD89907624541CB98681224CA75D886 ft=1 fh=9b9a5086efdbb0a1 vn="a variant of Win64/Systweak.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\WINDOWS\SysNative\roboot64.exe.vir"
sh=C28052B54F49AACF8660C7759B076341257F2241 ft=0 fh=0000000000000000 vn="JS/Toolbar.Crossrider.I potentially unwanted application" ac=I fn="C:\Users\Tyler Prada\AppData\Roaming\MandvDL7OHsHrPHG1an4oY"
sh=26E10EFC88D516E8CF534198C956BE1BFC590D15 ft=1 fh=d2cf3574a5c7d32c vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Tyler Prada\AppData\Roaming\uTorrent\updates\3.4.3_40298.exe"
sh=10F0341426298CFE8A09D9D28B4017910F70C6F8 ft=1 fh=b3e94e69645d32f6 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="C:\Users\Tyler Prada\Desktop\MK Studios\MK.Old\Sony Vegas Pro 13.0 build 310 (64 bit) (patch KHG) [ChingLiu]\Patch KHG\vegas.pro.13.0.(64-bit)-patch.exe"
sh=C942D9E23ACF66B9A96A3354EB574279092AF096 ft=1 fh=d19a4424818350b8 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Tyler Prada\Downloads\ccsetup418.exe"
sh=B6B12E4F8E59C61EC67A5E17DEDA7EA5B2FEF364 ft=1 fh=65d7fe9609cd6c74 vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Tyler Prada\Downloads\ccsetup500.exe"
sh=976D24D060C8F9B655B5EC01472194B9DA6C190C ft=1 fh=1966d8d77ea974eb vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Tyler Prada\Downloads\ccsetup503.exe"
sh=663733032C04386F3781C077791489E21B032B72 ft=1 fh=60cfcd37ac4caf8c vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Tyler Prada\Downloads\CheatEngine64.exe"
sh=494132D25396533622D9AA38EA7AAFEC76834783 ft=0 fh=0000000000000000 vn="a variant of Win32/OutBrowse.CL potentially unwanted application" ac=I fn="C:\Users\Tyler Prada\Downloads\RegexMagic 2.1.1 Portable Full Version.rar.rar"
sh=824D27FA6BFEAAC783B0F1281163CEE3C986DAB3 ft=1 fh=b44dbfe8753433e2 vn="a variant of Win32/Systweak potentially unwanted application" ac=I fn="C:\Users\Tyler Prada\Downloads\Setup_WinThruster_2015.exe"
sh=26E10EFC88D516E8CF534198C956BE1BFC590D15 ft=1 fh=d2cf3574a5c7d32c vn="a variant of Win32/OpenCandy.C potentially unsafe application" ac=I fn="C:\Users\Tyler Prada\Downloads\uTorrent.exe"
sh=F97EA687B45FC5E7DB6758D024CDA66BEAB420E1 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.DW potentially unsafe application" ac=I fn="C:\Users\Tyler Prada\Downloads\Vector Magic Desktop Edition 1.15 + _ @ www.SoftwaresPatch.com.rar"
sh=EE30C5FE1FEDE7E61076FE765713C74DB6ACF622 ft=0 fh=0000000000000000 vn="a variant of Win32/Keygen.HA potentially unsafe application" ac=I fn="E:\$RECYCLE.BIN\S-1-5-21-34644298-872688718-1319927536-1000\$RPU9B3A\Adobe Premiere Pro CC 7.2.2.rar"
sh=10F0341426298CFE8A09D9D28B4017910F70C6F8 ft=1 fh=b3e94e69645d32f6 vn="a variant of Win32/HackTool.Patcher.AD potentially unsafe application" ac=I fn="E:\Software Programs\Sony Vegas Pro 13.0 build 310 (64 bit) (patch KHG) [ChingLiu]\Patch KHG\vegas.pro.13.0.(64-bit)-patch.exe"
 
HitmanPro 3.7.10.248
www.hitmanpro.com
 
   Computer name . . . . : TYLER
   Windows . . . . . . . : 10.0.0.10240.X64/4
   User name . . . . . . : TYLER\Tyler Prada
   UAC . . . . . . . . . : Enabled
   License . . . . . . . : Free
 
   Scan date . . . . . . : 2015-10-08 21:51:52
   Scan mode . . . . . . : Normal
   Scan duration . . . . : 11m 26s
   Disk access mode  . . : Direct disk access (SRB)
   Cloud . . . . . . . . : Internet
   Reboot  . . . . . . . : No
 
   Threats . . . . . . . : 2
   Traces  . . . . . . . : 48
 
   Objects scanned . . . : 2,509,123
   Files scanned . . . . : 49,936
   Remnants scanned  . . : 544,308 files / 1,914,879 keys
 
Malware _____________________________________________________________________
 
   C:\Users\Tyler Prada\Desktop\MK Studios\MK.Old\Sony Vegas Pro 13.0 build 310 (64 bit) (patch KHG) [ChingLiu]\Patch KHG\vegas.pro.13.0.(64-bit)-patch.exe
      Size . . . . . . . : 899,072 bytes
      Age  . . . . . . . : 340.2 days (2014-11-02 16:04:28)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : E4B70283AC7BF50BC038F501FF19343C111BF1246B3E5E75744A736745ED22A5
    > Bitdefender  . . . : Gen:Variant.Kazy.365498
      Fuzzy  . . . . . . : 114.0
 
   C:\Users\Tyler Prada\Downloads\Setup_WinThruster_2015.exe
      Size . . . . . . . : 3,895,432 bytes
      Age  . . . . . . . : 2.2 days (2015-10-06 16:20:18)
      Entropy  . . . . . : 8.0
      SHA-256  . . . . . : FDF3986C74C09FD70DB0FA811F3F4603F869F281B2C4917323A38AC7ED5F7557
      Product  . . . . . : WinThruster                                                
      Publisher  . . . . : solvusoft Corporation                                      
      Description  . . . : WinThruster                                                
      Version  . . . . . : WinThruster
      RSA Key Size . . . : 2048
      LanguageID . . . . : 0
      Authenticode . . . : Valid
    > Kaspersky  . . . . : not-a-virus:RiskTool.Win32.Tuneup.c
      Fuzzy  . . . . . . : 106.0
      Forensic Cluster
          0.0s C:\Users\Tyler Prada\Downloads\Setup_WinThruster_2015.exe
          1.5s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
          1.5s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\5080DC7A65DB6A5960ECD874088F3328_BC00434159DAE8351451CCE9C748F5D7
          1.7s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\MetaData\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_3072ECE9F0C1726B48B9EAAAA6B6C7B6
          1.7s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\Microsoft\CryptnetUrlCache\Content\D2B5168CDD0EBF4C0C8EA1C3A1FAE07F_3072ECE9F0C1726B48B9EAAAA6B6C7B6
          2.2s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\39\21286108FFD378AF.dat
 

Suspicious files ____________________________________________________________
 
   C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\INetCache\IE\SWEO8SLI\FRST64[1].exe
      Size . . . . . . . : 2,194,944 bytes
      Age  . . . . . . . : 0.2 days (2015-10-08 16:14:24)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C71A17F855D73AB42D760200C8D7FF888650A20B6BCFF38A76748E285F1FDE40
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -112.6s C:\Windows\SoftwareDistribution\Download\342f2e293bb9acbc7df87f6ed140a173\
         -111.3s C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe.xml
         -110.2s C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20151008.160432.418.4.etl
         -109.3s C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe.xml
         -108.7s C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe.xml
         -102.1s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\
         -102.1s C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\
         -102.1s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\S-1-5-18.recovery
         -91.3s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\
         -91.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\
         -91.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\animations\
         -90.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\
         -90.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\Accounts\
         -90.8s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\InlineDetails\
         -90.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\Music\
         -90.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\Music1\
         -89.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\Playback\Controls\
         -89.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\Playback\
         -89.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\Playback\Playlist\
         -89.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\Settings\
         -89.3s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\shell\
         -89.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\controls\
         -89.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\controls\AppBar\
         -88.5s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\controls\Music\
         -88.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\controls\Music1\
         -88.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\controls\NowPlaying\
         -87.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\controls\TransportControls\
         -87.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Fonts\
         -87.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Framework\
         -87.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Framework\data\
         -86.8s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\
         -86.8s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\AppIcons\contrast-black\
         -86.8s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\AppIcons\
         -86.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\AppIcons\contrast-white\
         -86.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\CloudDialog\
         -86.6s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\Demo\
         -86.5s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\Devices\
         -86.5s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\Devices\contrast-black\
         -86.4s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\Devices\contrast-white\
         -86.3s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\ExploreUpsell\
         -86.3s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\FUE\
         -86.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\GenericIcons\
         -86.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\GenericIcons\Music8_1\
         -86.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\GenericIcons\Music8_1\contrast-black\
         -86.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\GenericIcons\Music8_1\contrast-white\
         -86.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\ListStripes\
         -86.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\LoadingCardTemplateBg\
         -86.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\NowPlaying\
         -86.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\PassUpsell\
         -85.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\SubscriptionSignup\
         -85.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\ThirdParty\
         -85.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\ThirdParty\contrast-black\
         -85.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\ThirdParty\contrast-white\
         -85.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\Tiles\
         -85.8s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\Tiles\MusicNowPlaying\
         -85.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\TransportControls\
         -85.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\WebDialogResize\
         -85.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\WebDialogResize\contrast-black\
         -85.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\WebDialogResize\contrast-white\
         -84.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Models\
         -84.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\SkipMerge\
         -84.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Styles\
         -84.8s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\ViewModels\
         -84.8s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\ViewModels\Music\
         -84.3s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\ViewModels\Music1\
         -84.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\ViewModels\Search\
         -84.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\WinJS\
         -84.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\WinJS\css\
         -84.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\WinJS\js\
         -84.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\WinJS\win\
         -84.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\
         -83.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\CloudDialog\
         -83.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\
         -83.5s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\Devices\contrast-black\
         -83.5s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\Devices\
         -83.4s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\Devices\contrast-white\
         -83.4s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\ExploreUpsell\
         -83.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\GenericIcons\
         -83.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\ListStripes\
         -83.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\LoadingCardTemplateBg\
         -83.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\SubscriptionSignup\
         -83.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\ThirdParty\
         -83.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\ThirdParty\contrast-black\
         -83.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\ThirdParty\contrast-white\
         -83.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\Tiles\
         -83.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\WebDialogResize\
         -83.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\WebDialogResize\contrast-black\
         -83.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\WebDialogResize\contrast-white\
         -82.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\
         -82.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml
         -82.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml
         -82.8s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x
         -82.5s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\
         -82.4s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\
         -82.4s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\S-1-5-18.recovery
         -82.4s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\AppxManifest.xml
         -82.3s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml
         -82.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\AppxMetadata\
         -82.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
         -82.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\AppxSignature.p7x
         -82.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\shell\RateAndReviewService.js
         -82.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\EntCommon.dll
         -82.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\EntPlat.dll
         -82.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\EntSyncFx.dll
         -82.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\main_merged.js
         -82.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Microsoft.Entertainment.Instrumentation.Providers.dll
         -82.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Microsoft.Entertainment.winmd
         -61.7s C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\INetCache\IE\SWEO8SLI\clients[1].txt
         -58.5s C:\Windows\SoftwareDistribution\Download\26098ba8d5727083c7e2f9f18b692a45\
         -57.2s C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe.xml
         -53.8s C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe.xml
         -50.5s C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20151008.160432.418.5.etl
         -49.0s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_2015.6306.42251.0_neutral_~_8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.recovery
         -48.5s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.recovery
         -46.6s C:\Program Files (x86)\Norton Identity Safe\NortonData\2014.7.8.23\Definitions\WebProtectionDefs\20151008.010\
         -45.9s C:\Program Files (x86)\Norton Identity Safe\NortonData\2014.7.8.23\Definitions\WebProtectionDefs\20151008.010\Catalog.dat
         -45.5s C:\Program Files (x86)\Norton Identity Safe\NortonData\2014.7.8.23\Definitions\WebProtectionDefs\20151008.010\v.grd
         -45.5s C:\Program Files (x86)\Norton Identity Safe\NortonData\2014.7.8.23\Definitions\WebProtectionDefs\20151008.010\v.sig
         -45.5s C:\Program Files (x86)\Norton Identity Safe\NortonData\2014.7.8.23\Definitions\WebProtectionDefs\20151008.010\virscan1.dat
         -42.9s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\
         -42.8s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\
         -42.7s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\en-us\
         -42.7s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\
         -41.3s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\
         -41.3s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\
         -41.3s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\S-1-5-18.recovery
         -41.3s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\contrast-black\
         -41.3s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\contrast-white\
         -41.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\AppxManifest.xml
         -41.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\AppxBlockMap.xml
         -40.6s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\AppxSignature.p7x
         -40.4s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\
         -40.4s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\microsoft.system.package.metadata\
         -40.4s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\S-1-5-18.recovery
         -40.2s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\officehubxaml\
         -40.2s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\officehubxaml\view\
         -40.2s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\officehubxaml\view\controls\
         -40.1s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\xaml\
         -40.1s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\xaml\mso\
         -40.1s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\XMLOffKeys\
         -40.0s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\
         -39.9s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml
         -39.8s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml
         -39.4s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x
         -39.3s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\
         -39.2s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\
         -39.1s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\S-1-5-18.recovery
         -39.1s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\AppxManifest.xml
         -39.0s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml
         -38.9s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\AppxMetadata\
         -38.9s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
         -38.8s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\AppxSignature.p7x
         -38.7s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\adalrt.dll
         -38.7s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\en-gb\
         -38.7s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\CsiImm.dll
         -38.7s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\en-gb\msointl30_winrt.dll
         -38.7s C:\Users\Tyler Prada\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\
         -38.7s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\en-gb\msointlimm.dll
         -38.7s C:\Users\Tyler Prada\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\ActivationStore\
         -38.7s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\en-gb\officeHubIntl.dll
         -38.7s C:\Users\Tyler Prada\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat
         -38.6s C:\Users\Tyler Prada\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1
         -38.6s C:\Users\Tyler Prada\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\en-us\msointl30_winrt.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\en-us\msointlimm.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\en-us\officons.ttf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\HubBackgroundTask.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\offsym.ttf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\HubTaskHost.exe
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\offsymb.ttf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\offsyml.ttf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\offsymxl.ttf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\msipcm.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\mso20imm.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\mso30imm.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\msoimm.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\office.odf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.OHub.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\officeHubIntl.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\officehubxaml\view\controls\benefitspanel.xbf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\officehubxaml\view\controls\topbanner.xbf
         -38.5s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\officehubxaml\view\pages\
         -38.5s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\officehubxaml\view\pages\ohubmainpage.xbf
         -38.5s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\OHub.exe
         -38.5s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\resources.pri
         -38.5s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\saext.dll
         -38.0s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.pckgdep
         -25.3s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.recovery
         -24.7s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.recovery
         -24.5s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\
         -24.5s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\
         -24.5s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\S-1-5-18.recovery
         -24.4s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.recovery
         -24.4s C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\NCO\nppw.dat
         -23.8s C:\Program Files (x86)\Norton Identity Safe\NortonData\2014.7.8.23\Definitions\WebProtectionDefs\NcoDefs.ncz
         -23.4s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-1764133201-2714899247-942173242-1001-MergedResources-8.pri
         -19.7s C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012015100820151009\
         -19.0s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\
         -19.0s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\ActivationStore\
         -19.0s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat
         -19.0s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1
         -19.0s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2
         -18.6s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\
         -18.6s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\JSByteCodeCache_64
         -13.8s C:\Windows\Prefetch\BYTECODEGENERATOR.EXE-353D57C0.pf
         -13.5s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.pckgdep
         -13.5s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.pckgdep
         -9.7s C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\
         -9.7s C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\JSByteCodeCache_64
         -0.1s C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\INetCookies\606GMHF9.txt
         -0.1s C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\INetCookies\FFRRMODJ.txt
         -0.1s C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\INetCache\IE\0VJ4ZHHV\82[1].htm
          0.0s C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\INetCache\IE\SWEO8SLI\FRST64[1].exe
          0.0s C:\Users\Tyler Prada\Desktop\FRST64.exe
          0.5s C:\Users\Tyler Prada\Desktop\FRST-OlderVersion\
          4.4s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.recovery
          4.5s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.recovery
          7.0s C:\Windows\Prefetch\DLLHOST.EXE-B51A0D95.pf
          7.8s C:\FRST\Quarantine\C\
          7.8s C:\FRST\Quarantine\C\WINDOWS\System32\Tasks\
          7.8s C:\FRST\Quarantine\C\WINDOWS\
          7.8s C:\FRST\Quarantine\C\WINDOWS\System32\
          9.4s C:\FRST\Quarantine\C\WINDOWS\Tasks\
         11.0s C:\Windows\SoftwareDistribution\Download\791146689eaeec4e5dbb34305b973aab\
         11.0s C:\Windows\SoftwareDistribution\Download\660da8255943eb946a1eee218a7022bf\
         11.9s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\ActivationStore\
         11.9s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\
         12.8s C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml
         12.9s C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20151008.160432.418.6.etl
         13.1s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat
         13.3s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1
         13.3s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2
         15.0s C:\Windows\Prefetch\SVCHOST.EXE-FEA1FDBE.pf
         15.2s C:\Windows\Prefetch\AMAZON1BUTTONSERVICE64.EXE-FE400DD7.pf
         15.4s C:\Windows\Prefetch\OFFICECLICKTORUN.EXE-EE812CCB.pf
         15.5s C:\Windows\Prefetch\HECISERVER.EXE-8F035191.pf
         15.6s C:\Windows\Prefetch\PRESENTATIONFONTCACHE.EXE-E2702CF2.pf
         17.5s C:\Windows\Prefetch\TEAMVIEWER_SERVICE.EXE-0B9E0B9D.pf
         25.4s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.pckgdep
         30.9s C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe.xml
         32.1s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe\
         32.2s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\
         32.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\
         32.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\
         32.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\
         32.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\_Resources\
         32.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\
         32.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\
         32.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\
         32.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Images\
         32.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Advertising\
         32.5s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Advertising\Themes\
         32.5s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\
         32.5s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\
         32.5s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\Finance\
         32.5s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\
         32.5s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\News\
         32.5s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\FoodAndDrink\
         32.5s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\Health\
         32.5s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\Sports\
         32.6s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Shell\Themes\Glyphs\
         32.6s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Shell\Themes\
         32.6s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Shell\
         32.6s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\Weather\
         32.6s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Shell\Themes\Glyphs\Font\
         32.7s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\MSAdvertisingJS\
         32.7s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\
         32.7s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml
         32.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml
         32.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x
         33.2s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe\
         34.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\
         35.0s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe\S-1-5-18.recovery
         37.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\AppxManifest.xml
         37.7s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\AppxBlockMap.xml
         39.0s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\AppxMetadata\
         39.0s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
         39.7s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\AppxSignature.p7x
         39.8s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_BadgeLogo.scale-100.png
         39.8s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.scale-100.png
         39.8s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-16.png
         39.8s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\AppConfiguration.xml
         39.8s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\_Resources\index.txt
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-24.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-256.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-32.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-48.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_SplashScreen.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileLargeSquare.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileMediumSquare.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileSmallSquare.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileWide.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_BadgeLogo.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-16.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-24.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-256.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-32.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-48.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_SplashScreen.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_TileLargeSquare.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_TileMediumSquare.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_TileSmallSquare.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_TileWide.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\10px.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\1px.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\2px.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\3px.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\4px.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\5px.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\6px.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\7px.png
         40.2s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.png
         40.2s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\8px.png
         40.2s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\9px.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_BadgeLogo.scale-100.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.scale-100.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.targetsize-16.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.targetsize-24.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.targetsize-256.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.targetsize-32.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.targetsize-48.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_SplashScreen.scale-100.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileLargeSquare.scale-100.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileMediumSquare.scale-100.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileSmallSquare.scale-100.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileWide.scale-100.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\accuweather.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\foreca.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\holiday_weather.png
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Images\fre_background.jpg
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\ClrCompression.dll
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\MarketConfiguration.xml
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.winmd
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.winmd
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Configuration\
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Configuration\configuration.sqlite
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\kweather.png
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\wdt.png
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\weather_2_travel.png
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\weather_trends.png
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\weatherdotcom.png
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\Finance\Finance.xml
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\News\News.xml
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\MSAdvertisingJS\bootstrap.js
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\MSAdvertisingJS\ormma.js
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\FoodAndDrink\FoodAndDrink.xml
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\MicrosoftAdvertising.ini
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\PlatformConfiguration.xml
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\resources.pri
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\SQLiteWrapper.winmd
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\Weather\Weather.xml
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\Health\Health.xml
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\Sports\Sports.xml
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Shell\Themes\Glyphs\Font\MSNMDL2.ttf
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Shell\Themes\Glyphs\Font\WeatherColorIcons.ttf
         45.6s C:\Windows\Prefetch\SEARCHINDEXER.EXE-EF8503D3.pf
         46.8s C:\System Volume Information\SPP\OnlineMetadataCache\{933f7efc-cbb7-45d9-a72e-a46f657b3905}_OnDiskSnapshotProp
         48.4s C:\System Volume Information\{c041fcaf-6d54-11e5-82a1-f8a9637b4292}{3808876b-c176-4e48-b7ae-04046e6cc752}
         67.0s C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-10082015-161531-00000003-ffffffff.bin
         69.4s C:\Windows\Temp\tmp00007986\
         69.4s C:\Windows\Temp\tmp00007986\tmp00000000
         70.6s C:\Windows\Prefetch\SRTASKS.EXE-29C2E869.pf
         75.2s C:\Windows\Prefetch\APPLEMOBILEDEVICESERVICE.EXE-FC84B3B6.pf
         75.5s C:\Windows\Prefetch\SDUPDSVC.EXE-E2750175.pf
         75.5s C:\Windows\Prefetch\SDFSSVC.EXE-E6EB5D65.pf
         75.6s C:\Windows\Prefetch\SDWSCSVC.EXE-7619AAF1.pf
         76.8s C:\Windows\Prefetch\MSMPENG.EXE-F9080403.pf
         84.8s C:\Windows\Prefetch\NISSRV.EXE-C98F0EB9.pf
         85.2s C:\Windows\Temp\MPTelemetrySubmit\
         86.4s C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\ActionCenterCache\{579FA7BE-F881-42D8-9D4B-CFFD2BDD75D0}.png
         86.4s C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\ActionCenterCache\{07E5A809-E715-42BA-9CBD-12A9F0CDEA78}.png
         94.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\
         94.4s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\
         95.7s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\S-1-5-18.recovery
 
   C:\Users\Tyler Prada\Desktop\FRST-OlderVersion\FRST64.exe
      Size . . . . . . . : 2,193,920 bytes
      Age  . . . . . . . : 2.1 days (2015-10-06 19:53:50)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : A9A32BBEA3ECA02699FAEFD1E559BA6D361EFF3047187ACA40EC116165190380
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
 
   C:\Users\Tyler Prada\Desktop\FRST64.exe
      Size . . . . . . . : 2,194,944 bytes
      Age  . . . . . . . : 0.2 days (2015-10-08 16:14:24)
      Entropy  . . . . . : 7.6
      SHA-256  . . . . . : C71A17F855D73AB42D760200C8D7FF888650A20B6BCFF38A76748E285F1FDE40
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
         -112.6s C:\Windows\SoftwareDistribution\Download\342f2e293bb9acbc7df87f6ed140a173\
         -111.3s C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe.xml
         -110.2s C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20151008.160432.418.4.etl
         -109.3s C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe.xml
         -108.7s C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe.xml
         -102.1s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\
         -102.1s C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\
         -102.1s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\S-1-5-18.recovery
         -91.3s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\
         -91.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\
         -91.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\animations\
         -90.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\
         -90.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\Accounts\
         -90.8s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\InlineDetails\
         -90.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\Music\
         -90.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\Music1\
         -89.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\Playback\Controls\
         -89.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\Playback\
         -89.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\Playback\Playlist\
         -89.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\Settings\
         -89.3s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\shell\
         -89.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\controls\
         -89.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\controls\AppBar\
         -88.5s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\controls\Music\
         -88.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\controls\Music1\
         -88.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\controls\NowPlaying\
         -87.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\controls\TransportControls\
         -87.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Fonts\
         -87.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Framework\
         -87.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Framework\data\
         -86.8s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\
         -86.8s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\AppIcons\contrast-black\
         -86.8s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\AppIcons\
         -86.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\AppIcons\contrast-white\
         -86.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\CloudDialog\
         -86.6s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\Demo\
         -86.5s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\Devices\
         -86.5s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\Devices\contrast-black\
         -86.4s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\Devices\contrast-white\
         -86.3s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\ExploreUpsell\
         -86.3s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\FUE\
         -86.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\GenericIcons\
         -86.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\GenericIcons\Music8_1\
         -86.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\GenericIcons\Music8_1\contrast-black\
         -86.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\GenericIcons\Music8_1\contrast-white\
         -86.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\ListStripes\
         -86.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\LoadingCardTemplateBg\
         -86.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\NowPlaying\
         -86.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\PassUpsell\
         -85.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\SubscriptionSignup\
         -85.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\ThirdParty\
         -85.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\ThirdParty\contrast-black\
         -85.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\ThirdParty\contrast-white\
         -85.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\Tiles\
         -85.8s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\Tiles\MusicNowPlaying\
         -85.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\TransportControls\
         -85.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\WebDialogResize\
         -85.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\WebDialogResize\contrast-black\
         -85.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Images\WebDialogResize\contrast-white\
         -84.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Models\
         -84.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\SkipMerge\
         -84.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Styles\
         -84.8s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\ViewModels\
         -84.8s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\ViewModels\Music\
         -84.3s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\ViewModels\Music1\
         -84.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\ViewModels\Search\
         -84.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\WinJS\
         -84.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\WinJS\css\
         -84.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\WinJS\js\
         -84.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\WinJS\win\
         -84.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\
         -83.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\CloudDialog\
         -83.7s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\
         -83.5s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\Devices\contrast-black\
         -83.5s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\Devices\
         -83.4s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\Devices\contrast-white\
         -83.4s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\ExploreUpsell\
         -83.3s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\GenericIcons\
         -83.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\ListStripes\
         -83.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\LoadingCardTemplateBg\
         -83.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\SubscriptionSignup\
         -83.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\ThirdParty\
         -83.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\ThirdParty\contrast-black\
         -83.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\ThirdParty\contrast-white\
         -83.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\Tiles\
         -83.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\WebDialogResize\
         -83.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\WebDialogResize\contrast-black\
         -83.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\Images\WebDialogResize\contrast-white\
         -82.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\
         -82.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml
         -82.9s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml
         -82.8s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x
         -82.5s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\
         -82.4s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\
         -82.4s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\S-1-5-18.recovery
         -82.4s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\AppxManifest.xml
         -82.3s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml
         -82.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\AppxMetadata\
         -82.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
         -82.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\AppxSignature.p7x
         -82.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Components\shell\RateAndReviewService.js
         -82.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\EntCommon.dll
         -82.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\EntPlat.dll
         -82.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\EntSyncFx.dll
         -82.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\main_merged.js
         -82.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Microsoft.Entertainment.Instrumentation.Providers.dll
         -82.0s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\Microsoft.Entertainment.winmd
         -61.7s C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\INetCache\IE\SWEO8SLI\clients[1].txt
         -58.5s C:\Windows\SoftwareDistribution\Download\26098ba8d5727083c7e2f9f18b692a45\
         -57.2s C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe.xml
         -53.9s C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe.xml
         -50.5s C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20151008.160432.418.5.etl
         -49.0s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_2015.6306.42251.0_neutral_~_8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.recovery
         -48.5s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.recovery
         -46.6s C:\Program Files (x86)\Norton Identity Safe\NortonData\2014.7.8.23\Definitions\WebProtectionDefs\20151008.010\
         -45.9s C:\Program Files (x86)\Norton Identity Safe\NortonData\2014.7.8.23\Definitions\WebProtectionDefs\20151008.010\Catalog.dat
         -45.5s C:\Program Files (x86)\Norton Identity Safe\NortonData\2014.7.8.23\Definitions\WebProtectionDefs\20151008.010\v.grd
         -45.5s C:\Program Files (x86)\Norton Identity Safe\NortonData\2014.7.8.23\Definitions\WebProtectionDefs\20151008.010\v.sig
         -45.5s C:\Program Files (x86)\Norton Identity Safe\NortonData\2014.7.8.23\Definitions\WebProtectionDefs\20151008.010\virscan1.dat
         -42.9s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\
         -42.8s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\
         -42.7s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\en-us\
         -42.7s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\
         -41.3s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\
         -41.3s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\
         -41.3s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\S-1-5-18.recovery
         -41.3s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\contrast-black\
         -41.3s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\contrast-white\
         -41.2s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\AppxManifest.xml
         -41.1s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\AppxBlockMap.xml
         -40.6s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\AppxSignature.p7x
         -40.4s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\
         -40.4s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\microsoft.system.package.metadata\
         -40.4s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\S-1-5-18.recovery
         -40.2s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\officehubxaml\
         -40.2s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\officehubxaml\view\
         -40.2s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\officehubxaml\view\controls\
         -40.1s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\xaml\
         -40.1s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\xaml\mso\
         -40.1s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\XMLOffKeys\
         -40.0s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\
         -39.9s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml
         -39.8s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml
         -39.4s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x
         -39.3s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\
         -39.2s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\
         -39.1s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\S-1-5-18.recovery
         -39.1s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\AppxManifest.xml
         -39.0s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\AppxBlockMap.xml
         -38.9s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\AppxMetadata\
         -38.9s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
         -38.8s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\AppxSignature.p7x
         -38.7s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\adalrt.dll
         -38.7s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\en-gb\
         -38.7s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\CsiImm.dll
         -38.7s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\en-gb\msointl30_winrt.dll
         -38.7s C:\Users\Tyler Prada\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\
         -38.7s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\en-gb\msointlimm.dll
         -38.7s C:\Users\Tyler Prada\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\ActivationStore\
         -38.7s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\en-gb\officeHubIntl.dll
         -38.7s C:\Users\Tyler Prada\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat
         -38.6s C:\Users\Tyler Prada\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1
         -38.6s C:\Users\Tyler Prada\AppData\Local\Packages\microsoft.windowscommunicationsapps_8wekyb3d8bbwe\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\en-us\msointl30_winrt.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\en-us\msointlimm.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\en-us\officons.ttf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\HubBackgroundTask.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\offsym.ttf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\HubTaskHost.exe
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\offsymb.ttf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\offsyml.ttf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\offsymsb.ttf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\offsymsl.ttf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\images\offsymxl.ttf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\msipcm.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\mso20imm.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\mso30imm.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\msoimm.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\office.odf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.Core.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\Office.UI.Xaml.OHub.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\officeHubIntl.dll
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\officehubxaml\view\controls\benefitspanel.xbf
         -38.6s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\officehubxaml\view\controls\topbanner.xbf
         -38.5s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\officehubxaml\view\pages\
         -38.5s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\officehubxaml\view\pages\ohubmainpage.xbf
         -38.5s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\OHub.exe
         -38.5s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\resources.pri
         -38.5s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\saext.dll
         -38.0s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\microsoft.windowscommunicationsapps_17.6306.42251.0_x64__8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.pckgdep
         -25.3s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_2019.6.13281.0_neutral_~_8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.recovery
         -24.7s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.recovery
         -24.5s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\
         -24.5s C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\
         -24.5s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\S-1-5-18.recovery
         -24.4s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.recovery
         -24.4s C:\ProgramData\Norton\{92622AAD-05E8-4459-B256-765CE1E929FB}\NST_2014.7.8.23\NCO\nppw.dat
         -23.8s C:\Program Files (x86)\Norton Identity Safe\NortonData\2014.7.8.23\Definitions\WebProtectionDefs\NcoDefs.ncz
         -23.4s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\S-1-5-21-1764133201-2714899247-942173242-1001-MergedResources-8.pri
         -19.7s C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\History\History.IE5\MSHist012015100820151009\
         -19.0s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\
         -19.0s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\ActivationStore\
         -19.0s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat
         -19.0s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1
         -19.0s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.ZuneMusic_8wekyb3d8bbwe\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2
         -18.6s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\
         -18.6s C:\Program Files\WindowsApps\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\JSByteCodeCache_64
         -13.8s C:\Windows\Prefetch\BYTECODEGENERATOR.EXE-353D57C0.pf
         -13.5s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_3.6.13281.0_x64__8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.pckgdep
         -13.5s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.ZuneMusic_3.6.13281.0_neutral_resources.scale-140_8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.pckgdep
         -9.7s C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\
         -9.7s C:\Program Files\WindowsApps\Microsoft.NET.Native.Runtime.1.1_1.1.23406.0_x64__8wekyb3d8bbwe\microsoft.system.package.metadata\Autogen\JSByteCodeCache_64
         -0.1s C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\INetCookies\606GMHF9.txt
         -0.1s C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\INetCookies\FFRRMODJ.txt
         -0.1s C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\INetCache\IE\0VJ4ZHHV\82[1].htm
         -0.0s C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\INetCache\IE\SWEO8SLI\FRST64[1].exe
          0.0s C:\Users\Tyler Prada\Desktop\FRST64.exe
          0.5s C:\Users\Tyler Prada\Desktop\FRST-OlderVersion\
          4.4s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftOfficeHub_2015.6307.23501.0_neutral_~_8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.recovery
          4.5s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.recovery
          6.9s C:\Windows\Prefetch\DLLHOST.EXE-B51A0D95.pf
          7.8s C:\FRST\Quarantine\C\
          7.8s C:\FRST\Quarantine\C\WINDOWS\System32\Tasks\
          7.8s C:\FRST\Quarantine\C\WINDOWS\
          7.8s C:\FRST\Quarantine\C\WINDOWS\System32\
          9.4s C:\FRST\Quarantine\C\WINDOWS\Tasks\
         11.0s C:\Windows\SoftwareDistribution\Download\791146689eaeec4e5dbb34305b973aab\
         11.0s C:\Windows\SoftwareDistribution\Download\660da8255943eb946a1eee218a7022bf\
         11.9s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\ActivationStore\
         11.9s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\
         12.8s C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe.xml
         12.9s C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20151008.160432.418.6.etl
         13.1s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat
         13.3s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG1
         13.3s C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.MicrosoftOfficeHub_8wekyb3d8bbwe\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\ActivationStore\ActivationStore.dat.LOG2
         15.0s C:\Windows\Prefetch\SVCHOST.EXE-FEA1FDBE.pf
         15.2s C:\Windows\Prefetch\AMAZON1BUTTONSERVICE64.EXE-FE400DD7.pf
         15.4s C:\Windows\Prefetch\OFFICECLICKTORUN.EXE-EE812CCB.pf
         15.5s C:\Windows\Prefetch\HECISERVER.EXE-8F035191.pf
         15.6s C:\Windows\Prefetch\PRESENTATIONFONTCACHE.EXE-E2702CF2.pf
         17.5s C:\Windows\Prefetch\TEAMVIEWER_SERVICE.EXE-0B9E0B9D.pf
         25.4s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.MicrosoftOfficeHub_17.6307.23501.0_x64__8wekyb3d8bbwe\S-1-5-21-1764133201-2714899247-942173242-1001.pckgdep
         30.9s C:\ProgramData\Microsoft\Windows\AppRepository\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe.xml
         32.1s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe\
         32.2s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\
         32.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\
         32.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\
         32.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\
         32.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\_Resources\
         32.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\
         32.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\
         32.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\
         32.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Images\
         32.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Advertising\
         32.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Advertising\Themes\
         32.5s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\
         32.5s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\
         32.5s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\Finance\
         32.5s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\
         32.5s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\News\
         32.5s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\FoodAndDrink\
         32.5s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\Health\
         32.5s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\Sports\
         32.6s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Shell\Themes\Glyphs\
         32.6s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Shell\Themes\
         32.6s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Shell\
         32.6s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\Weather\
         32.6s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Shell\Themes\Glyphs\Font\
         32.7s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\MSAdvertisingJS\
         32.7s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\
         32.7s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe\AppxMetadata\AppxBundleManifest.xml
         32.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe\AppxBlockMap.xml
         32.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe\AppxSignature.p7x
         33.2s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe\
         34.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe\microsoft.system.package.metadata\
         35.0s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BingWeather_4.6.169.0_neutral_~_8wekyb3d8bbwe\S-1-5-18.recovery
         37.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\AppxManifest.xml
         37.7s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\AppxBlockMap.xml
         39.0s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\AppxMetadata\
         39.0s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\AppxMetadata\CodeIntegrity.cat
         39.7s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\AppxSignature.p7x
         39.8s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_BadgeLogo.scale-100.png
         39.8s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.scale-100.png
         39.8s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-16.png
         39.8s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\AppConfiguration.xml
         39.8s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\_Resources\index.txt
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-24.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-256.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-32.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_LogoSmall.targetsize-48.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_SplashScreen.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileLargeSquare.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileMediumSquare.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileSmallSquare.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-black\Weather_TileWide.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_BadgeLogo.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-16.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-24.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-256.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-32.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_LogoSmall.targetsize-48.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_SplashScreen.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_TileLargeSquare.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_TileMediumSquare.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_TileSmallSquare.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\contrast-white\Weather_TileWide.scale-100.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\10px.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\1px.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\2px.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\3px.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\4px.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\5px.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\6px.png
         39.9s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\7px.png
         40.2s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\StoreLogo.png
         40.2s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\8px.png
         40.2s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Spacer\9px.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_BadgeLogo.scale-100.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.scale-100.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.targetsize-16.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.targetsize-24.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.targetsize-256.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.targetsize-32.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_LogoSmall.targetsize-48.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_SplashScreen.scale-100.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileLargeSquare.scale-100.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileMediumSquare.scale-100.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileSmallSquare.scale-100.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\AppTiles\Weather_TileWide.scale-100.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\accuweather.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\foreca.png
         40.3s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\holiday_weather.png
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Images\fre_background.jpg
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\ClrCompression.dll
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\MarketConfiguration.xml
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.dll
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Advertising.winmd
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.dll
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Aria.ClientTelemetry.winmd
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Configuration\
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Configuration\configuration.sqlite
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\kweather.png
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\wdt.png
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\weather_2_travel.png
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\weather_trends.png
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Assets\Attribution\weatherdotcom.png
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\Finance\Finance.xml
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\News\News.xml
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\MSAdvertisingJS\bootstrap.js
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\MSAdvertisingJS\ormma.js
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\FoodAndDrink\FoodAndDrink.xml
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.dll
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Weather.exe
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\MicrosoftAdvertising.ini
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\PlatformConfiguration.xml
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\resources.pri
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\SQLite3Wrapper.dll
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\SQLiteWrapper.winmd
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\Weather\Weather.xml
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\Health\Health.xml
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Services\Personalization\DataModels\Sports\Sports.xml
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Shell\Themes\Glyphs\Font\MSNMDL2.ttf
         40.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\Microsoft.Msn.Shell\Themes\Glyphs\Font\WeatherColorIcons.ttf
         45.6s C:\Windows\Prefetch\SEARCHINDEXER.EXE-EF8503D3.pf
         46.8s C:\System Volume Information\SPP\OnlineMetadataCache\{933f7efc-cbb7-45d9-a72e-a46f657b3905}_OnDiskSnapshotProp
         48.4s C:\System Volume Information\{c041fcaf-6d54-11e5-82a1-f8a9637b4292}{3808876b-c176-4e48-b7ae-04046e6cc752}
         67.0s C:\ProgramData\Microsoft\Windows Defender\Support\MpWppTracing-10082015-161531-00000003-ffffffff.bin
         69.4s C:\Windows\Temp\tmp00007986\
         69.4s C:\Windows\Temp\tmp00007986\tmp00000000
         70.6s C:\Windows\Prefetch\SRTASKS.EXE-29C2E869.pf
         75.2s C:\Windows\Prefetch\APPLEMOBILEDEVICESERVICE.EXE-FC84B3B6.pf
         75.5s C:\Windows\Prefetch\SDUPDSVC.EXE-E2750175.pf
         75.5s C:\Windows\Prefetch\SDFSSVC.EXE-E6EB5D65.pf
         75.6s C:\Windows\Prefetch\SDWSCSVC.EXE-7619AAF1.pf
         76.8s C:\Windows\Prefetch\MSMPENG.EXE-F9080403.pf
         84.8s C:\Windows\Prefetch\NISSRV.EXE-C98F0EB9.pf
         85.2s C:\Windows\Temp\MPTelemetrySubmit\
         86.4s C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\ActionCenterCache\{579FA7BE-F881-42D8-9D4B-CFFD2BDD75D0}.png
         86.4s C:\Users\Tyler Prada\AppData\Local\Microsoft\Windows\ActionCenterCache\{07E5A809-E715-42BA-9CBD-12A9F0CDEA78}.png
         94.4s C:\Program Files\WindowsApps\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\microsoft.system.package.metadata\
         94.4s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\
         95.7s C:\ProgramData\Microsoft\Windows\AppRepository\Packages\Microsoft.BingWeather_4.6.169.0_x86__8wekyb3d8bbwe\S-1-5-18.recovery
 
   C:\Users\Tyler Prada\Downloads\FRST.exe
      Size . . . . . . . : 1,697,792 bytes
      Age  . . . . . . . : 2.1 days (2015-10-06 19:51:49)
      Entropy  . . . . . : 7.5
      SHA-256  . . . . . : 42B399982295E746C43BE76AC17CDEDCE4C853AC7CEB050E8DFB1F949017DA80
      Needs elevation  . : Yes
      Fuzzy  . . . . . . : 24.0
         Program has no publisher information but prompts the user for permission elevation.
         Entropy (or randomness) indicates the program is encrypted, compressed or obfuscated. This is not typical for most programs.
         Authors name is missing in version info. This is not common to most programs.
         Version control is missing. This file is probably created by an individual. This is not typical for most programs.
         Time indicates that the file appeared recently on this computer.
      Forensic Cluster
          0.0s C:\Users\Tyler Prada\Downloads\FRST.exe
          3.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\19\
          3.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\4\19\D68B7BF9261B1C1F.dat
          3.1s C:\ProgramData\Microsoft\Windows Defender\Scans\MetaStore\1\19\D68B7BF9261B1C1F.dat
          5.0s C:\Windows\Logs\WindowsUpdate\WindowsUpdate.20151006.195154.942.1.etl
 

Potential Unwanted Programs _________________________________________________
 
   C:\Windows\SysWOW64\config\systemprofile\AppData\Local\Microsoft\CLR_v2.0_32\UsageLogs\InternetEnhancer.exe.log (Wajam)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{268205B6-13E6-4FA2-A1EF-84E4E59F3F1B}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{2A142934-F3E4-4D68-A360-3FE35783E849}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{37EB1FA3-2181-4EED-8C9F-363068501901}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{41E3E6E6-3E50-4F6E-A1F8-1E24440BC6F8}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{4F3440C0-EB6A-46F2-94D8-2D74A0D21C5D}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{52C0A3BA-1DE8-477D-91F4-F82D3824C304}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{55D12CB4-DA12-43D6-8100-90174ABBB84F}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{58AC6DE8-F15B-4C6A-91D7-B8FA6A2F4169}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{592DA852-5C4E-49F8-88BC-EA0A893180C6}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5A43377F-504A-4FC4-8575-9C98997788BF}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{5E8F3A92-7544-482D-9D34-FFD702697D16}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{7096D298-02B5-4AE9-94E1-C16E27553D17}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{837641EA-9158-43EE-B2A1-9CEDC5CBD98F}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{977ED000-4ECA-454D-AEA2-11824E57A043}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{AC992757-3DEC-43C4-8D9D-AA82F8A857E4}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{C59D48E5-082B-4BB6-9838-BA261C4FBD5C}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CB21D37D-1DD1-444A-AB6A-AE623DF7B4E4}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{CCE83B2E-3794-41FC-8179-46BFEA22148A}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{E3B8A2CD-70B5-49A4-BFD6-0180BE487A4C}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FA326D8A-B632-4BCE-858E-12271ABAF613}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FB3B0E75-E48E-47C4-BA52-57B7F6E38510}\ (ConsumerInput)
   HKLM\SOFTWARE\Classes\Wow6432Node\Interface\{FFA4D25D-8411-40F8-919D-3C4CD94FBD29}\ (ConsumerInput)
   HKLM\SOFTWARE\Microsoft\Tracing\NixSrv_RASAPI32\ (Amonetize)
   HKLM\SOFTWARE\Microsoft\Tracing\NixSrv_RASMANCS\ (Amonetize)
   HKLM\SOFTWARE\Microsoft\Tracing\wb_RASAPI32\ (WebBar)
   HKLM\SOFTWARE\Microsoft\Tracing\wb_RASMANCS\ (WebBar)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InternetEnhancer_RASAPI32\ (WajWebEnhance)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\InternetEnhancer_RASMANCS\ (WajWebEnhance)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WordSurferAutoUpdateClient_RASAPI32\ (WordSurfer)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Tracing\WordSurferAutoUpdateClient_RASMANCS\ (WordSurfer)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{5645E0E7-FC12-43BF-A6E4-F9751942B298}\ (DomalQ)
   HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Ext\Stats\{C7BF8F4B-7BC7-4F42-B944-3D28A3A86D8A}\ (DomalQ)
   HKLM\SYSTEM\ControlSet001\Services\EventLog\Application\RndService\ (Amonetize)
   HKLM\SYSTEM\CurrentControlSet\Services\EventLog\Application\RndService\ (Amonetize)
   HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_\ (Crossrider)
   HKU\S-1-5-18\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_\ (Crossrider)
   HKU\S-1-5-21-1764133201-2714899247-942173242-1001\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_\ (Crossrider)
   HKU\S-1-5-21-1764133201-2714899247-942173242-1001_Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\_CrossriderRegNamePlaceHolder_\ (Crossrider)
 
Cookies _____________________________________________________________________
 
   C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\FM70Y16Q.txt
   C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!001\MicrosoftEdge\Cookies\S9DW6PWJ.txt
   C:\Users\Tyler Prada\AppData\Local\Packages\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\AC\#!002\MicrosoftEdge\Cookies\2L9TVCGV.txt
 


#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:42 PM

Posted 09 October 2015 - 02:39 AM

No active Malware has been found, so we're done.

Step 1

frst.pngfrstfix.png

Press the w8.png + R on your keyboard at the same time. Type notepad and click OK.

  • Copy the entire content of the codebox below and paste into the notepad document:
    C:\Users\Tyler Prada\AppData\Roaming\MandvDL7OHsHrPHG1an4oY
    
  • Click File, Save As and type fixlist.txt as the File Name.

Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!

  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • No need to post the log.

cleandeeprybka.gif


That's it! abklatsch.gif
Your logs look clean to me at the moment. :thumbup2:
We're gonna clean up everything now, close security holes on your computer and in the end I'll provide you with a list of security tips so you hopefully will not need our help anymore in the future.


My help is free for everybody, however...
If I have helped you fix your PC, then please consider donating to continue the fight against malware: btn_donate_SM.gif
Thank you!


Clean Upcleanupm.PNG

Now we remove all the tools we used (including their logs and quarantine folders), restore your settings and delete old and infected system restorepoints:

  • You can uninstall programs that you had to install (e.g. MBAM or ESET Onlinescanner) in the control panel if you so wish.
  • Download delfix.pngDelFix (by Xplode) and save it to your Desktop.
    • Close all running programs and start delfix.exe.
    • Make sure that all available options are checked.
    • Click on Run
    • DelFix should remove all our tools and delete itself afterwards. I don't need the log file.
  • If there is still something left you can delete it manually.

Closing security holes

Many infections happen via drive-by downloads that run unnoticed in the background while the user visits an infected website. To achieve this malware exploits security holes in installed software (e.g. browser or its plugins). Older versions of such software often have lots of known exploitable holes. Therefore it's very important to always keep your software up-to-date.
The following software is outdated:
 


Java 8 Update 31


Tips
 
Change your online passwords now.

Participating in the use of cracked/pirated/keygen software is not only illegal but also a security risk.

I recommend to read and follow the "16 simple and easy ways to keep your computer safe and secure on the Internet" (Link) by Lawrence Abrams.


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:10:42 PM

Posted 11 October 2015 - 02:07 PM

It appears that this issue is resolved, therefore I am closing the topic. If that is not the case and you need or wish to continue with this topic, please send me or any Moderator a Personal Message (PM) that you would like this topic re-opened.
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users