Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Rogue:JS/FakeCall.D


  • This topic is locked This topic is locked
17 replies to this topic

#1 Daanmakus

Daanmakus

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 10 November 2015 - 05:54 PM

Hi,

 

I need help removing this from my computer.  The computer is slow when browsing but is usually very quick (i7 etc)

 

Thanks,

Andrew



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:52 AM

Posted 11 November 2015 - 01:04 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 Daanmakus

Daanmakus
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 11 November 2015 - 07:43 PM

Thanks.  Here is the first one.

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Administrator (administrator) on WIN-PVS7D20PCI3 (11-11-2015 19:41:12)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\ndp45-kb3098781-x64.exe
(Microsoft Corporation) F:\813ce75b5b678742e82e\Setup.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2014-12-12] (NCSOFT Corporation)
HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\MountPoints2: {4b7f15bf-ca26-11e2-b441-806e6f6e6963} - F:\UpdateInstaller.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs-x32: => No File
HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> c:\program files (x86)\movies toolbar\datamngr\apcrtldr.dll <===== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.254.1
Tcpip\..\Interfaces\{545EB3FE-7A9B-42F2-B813-A277510EF7F3}: [DhcpNameServer] 192.168.254.1
 
Internet Explorer:
==================
URLSearchHook: HKLM-x32 - (No Name) - {f0af464e-5167-45cf-9cf0-66b396d1918c} - No File
SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM -> {BAE63D25-9BCD-4DB4-AF99-42E7C979BD10} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {BAE63D25-9BCD-4DB4-AF99-42E7C979BD10} URL = 
SearchScopes: HKU\.DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2934196910-795859369-2802726781-500 -> DefaultScope {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = 
SearchScopes: HKU\S-1-5-21-2934196910-795859369-2802726781-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2934196910-795859369-2802726781-500 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = 
SearchScopes: HKU\S-1-5-21-2934196910-795859369-2802726781-500 -> {BAE63D25-9BCD-4DB4-AF99-42E7C979BD10} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A} hxxps://www.myhdsb.ca/InternalSite/WhlCompMgr.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\uvuxi8sq.default
FF Homepage: hxxp://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-06-02] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Administrator\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2015-09-15] ()
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Administrator\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2015-09-15] (Hola)
FF Plugin HKU\S-1-5-21-2934196910-795859369-2802726781-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\uvuxi8sq.default\Extensions\iobitascsurfingprotection@iobit.com [2014-11-09] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (AdBlock) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-13]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]


#4 Daanmakus

Daanmakus
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 11 November 2015 - 07:54 PM

Sorry here is the first (I thought it was finished scanning)

 

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Administrator (administrator) on WIN-PVS7D20PCI3 (11-11-2015 19:41:12)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\NisSrv.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MpCmdRun.exe
(Microsoft Corporation) C:\Windows\SoftwareDistribution\Download\Install\ndp45-kb3098781-x64.exe
(Microsoft Corporation) F:\813ce75b5b678742e82e\Setup.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
(Microsoft Corporation) C:\Windows\SysWOW64\msiexec.exe
(Microsoft Corporation) C:\Windows\System32\msiexec.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2014-12-12] (NCSOFT Corporation)
HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\RunOnce: [Uninstall C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910] => C:\Windows\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\16.4.6013.0910"
HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\MountPoints2: {4b7f15bf-ca26-11e2-b441-806e6f6e6963} - F:\UpdateInstaller.exe
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
AppInit_DLLs-x32: => No File
HKLM\...\AppCertDlls: [x64] -> c:\program files (x86)\movies toolbar\datamngr\x64\apcrtldr.dll <===== ATTENTION
HKLM\...\AppCertDlls: [x86] -> c:\program files (x86)\movies toolbar\datamngr\apcrtldr.dll <===== ATTENTION
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.254.1
Tcpip\..\Interfaces\{545EB3FE-7A9B-42F2-B813-A277510EF7F3}: [DhcpNameServer] 192.168.254.1
 
Internet Explorer:
==================
URLSearchHook: HKLM-x32 - (No Name) - {f0af464e-5167-45cf-9cf0-66b396d1918c} - No File
SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM -> {BAE63D25-9BCD-4DB4-AF99-42E7C979BD10} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {BAE63D25-9BCD-4DB4-AF99-42E7C979BD10} URL = 
SearchScopes: HKU\.DEFAULT -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2934196910-795859369-2802726781-500 -> DefaultScope {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = 
SearchScopes: HKU\S-1-5-21-2934196910-795859369-2802726781-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2934196910-795859369-2802726781-500 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = 
SearchScopes: HKU\S-1-5-21-2934196910-795859369-2802726781-500 -> {BAE63D25-9BCD-4DB4-AF99-42E7C979BD10} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A} hxxps://www.myhdsb.ca/InternalSite/WhlCompMgr.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\uvuxi8sq.default
FF Homepage: hxxp://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-06-02] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Administrator\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [2015-09-15] ()
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Administrator\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [2015-09-15] (Hola)
FF Plugin HKU\S-1-5-21-2934196910-795859369-2802726781-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\uvuxi8sq.default\Extensions\iobitascsurfingprotection@iobit.com [2014-11-09] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (AdBlock) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-13]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [620752 2015-08-02] (Microsoft Corporation)
S4 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.) [File not signed]
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2013-05-31] (Microsoft Corporation)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
S4 hola_svc; C:\Program Files\Hola\app\hola_svc.exe [8105600 2015-09-15] (Hola Networks Ltd.)
S4 hola_updater; C:\Program Files\Hola\app\hola_updater.exe [7772104 2015-05-31] (Hola Networks Ltd.)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S4 NetTalkUsrLaunchService; C:\Program Files (x86)\netTALK\nettalkl.exe [62976 2012-04-30] () [File not signed]
S4 NetTalkUsrService; C:\Program Files (x86)\netTALK\nettalkd.exe [111104 2012-04-30] () [File not signed]
R3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
S4 Realtek11nCU; C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S4 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [170704 2014-10-16] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 nettalkd; C:\Windows\System32\DRIVERS\nettalkd.sys [30944 2012-04-29] (NetTalk Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation                           )
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
S1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-11-09] (Synaptics Incorporated)
S3 cpuz136; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S1 fsdkucxf; \??\C:\Windows\system32\drivers\fsdkucxf.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-11 19:41 - 2015-11-11 19:48 - 00015902 _____ C:\Users\Administrator\Desktop\FRST.txt
2015-11-11 19:22 - 2015-11-11 19:41 - 00000000 ____D C:\FRST
2015-11-11 19:21 - 2015-11-11 19:35 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-11 19:21 - 2015-11-11 19:22 - 02198528 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-11-11 19:21 - 2015-11-11 19:21 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-10 18:07 - 2015-11-10 18:08 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller (1).exe
2015-11-10 18:02 - 2015-11-10 18:02 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill64.exe
2015-11-10 18:01 - 2015-11-10 18:02 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2015-11-10 17:51 - 2015-11-10 17:51 - 01712128 _____ C:\Users\Administrator\Downloads\AdwCleaner.exe
2015-11-10 17:31 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-10 17:31 - 2015-10-01 13:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-10 17:31 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-08 19:47 - 2015-11-08 19:49 - 00000000 ___HD C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-11-06 09:51 - 2015-11-07 10:07 - 00000000 ____D C:\Users\Administrator\Downloads\BELIEVE IN ANGELZ
2015-10-31 12:07 - 2015-10-31 12:13 - 1068472551 ____R C:\Users\Administrator\Downloads\[ www.UsaBit.com ] - playnow-Ghostbusters.1984.720p x264-1.mp4
2015-10-31 12:05 - 2015-11-10 17:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\BitTorrent
2015-10-31 12:05 - 2015-11-10 16:22 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\BitTorrent
2015-10-31 12:05 - 2015-10-31 12:05 - 01981032 _____ (BitTorrent Inc.) C:\Users\Administrator\Downloads\BitTorrent.exe
2015-10-31 12:04 - 2015-10-31 12:04 - 00082291 _____ C:\Users\Administrator\Downloads\Ghost.Busters.1984.720p.BRRip.x264.PLAYNOW.torrent
2015-10-25 23:29 - 2015-10-25 23:29 - 00005146 _____ C:\Users\Administrator\Downloads\DefilerFG-2.02r3.zip
2015-10-20 17:22 - 2015-10-20 17:22 - 00016144 _____ C:\Users\Administrator\Documents\Elements of Music Project.odt
2015-10-19 19:57 - 2015-10-19 19:57 - 01071012 _____ C:\Users\Administrator\Downloads\AutumnRhythmMatchupWorksheet.zip
2015-10-19 19:53 - 2015-10-19 19:53 - 01034790 _____ C:\Users\Administrator\Downloads\MrsWhiteGhostlyMiniLessons.zip
2015-10-18 19:04 - 2015-10-18 19:04 - 00017144 _____ C:\Users\Administrator\Desktop\Choral Speaking _ CODE.html
2015-10-18 19:04 - 2015-10-18 19:04 - 00000000 ____D C:\Users\Administrator\Desktop\Choral Speaking _ CODE_files
2015-10-18 18:53 - 2015-10-18 18:53 - 01030144 _____ C:\Users\Administrator\Downloads\MorgansChoralReading (1).ppt
2015-10-18 18:49 - 2015-10-18 18:49 - 01030144 _____ C:\Users\Administrator\Downloads\MorgansChoralReading.ppt
2015-10-16 06:40 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-16 06:40 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-16 06:40 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-16 06:40 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-16 06:40 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-16 06:40 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-16 06:40 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 15:43 - 2015-09-25 13:07 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-10-14 15:43 - 2015-09-25 13:07 - 02607104 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-10-14 15:43 - 2015-09-25 13:07 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-10-14 15:43 - 2015-09-25 13:07 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-10-14 15:43 - 2015-09-25 13:07 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-10-14 15:43 - 2015-09-25 13:07 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-10-14 15:43 - 2015-09-25 13:07 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-10-14 15:43 - 2015-09-25 13:06 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-10-14 15:43 - 2015-09-25 13:06 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-10-14 15:43 - 2015-09-25 13:06 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-10-14 15:43 - 2015-09-25 13:06 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-10-14 15:43 - 2015-09-25 12:59 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-10-14 15:43 - 2015-09-25 12:59 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-10-14 15:43 - 2015-09-25 12:59 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-10-14 15:43 - 2015-09-25 12:59 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-10-14 15:43 - 2015-09-25 12:58 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-10-14 15:43 - 2015-08-06 13:06 - 14182912 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 15:43 - 2015-08-06 13:06 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 15:43 - 2015-08-06 12:38 - 12878848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 15:43 - 2015-08-06 12:37 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 15:42 - 2015-10-01 13:12 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-10-14 15:42 - 2015-10-01 13:10 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-10-14 15:42 - 2015-10-01 13:09 - 01729984 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-10-14 15:42 - 2015-10-01 13:07 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-10-14 15:42 - 2015-10-01 13:07 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-10-14 15:42 - 2015-10-01 13:07 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-10-14 15:42 - 2015-10-01 13:07 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 01166336 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 00730112 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-10-14 15:42 - 2015-10-01 13:06 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-10-14 15:42 - 2015-10-01 13:06 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-10-14 15:42 - 2015-10-01 13:06 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-10-14 15:42 - 2015-10-01 13:05 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-10-14 15:42 - 2015-10-01 13:05 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-10-14 15:42 - 2015-10-01 13:05 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-10-14 15:42 - 2015-10-01 13:05 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-10-14 15:42 - 2015-10-01 13:02 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-10-14 15:42 - 2015-10-01 13:01 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:57 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-10-14 15:42 - 2015-10-01 12:43 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-10-14 15:42 - 2015-10-01 12:02 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-10-14 15:42 - 2015-10-01 11:47 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-10-14 15:42 - 2015-10-01 11:46 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-10-14 15:42 - 2015-10-01 11:46 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-10-14 15:42 - 2015-09-28 15:21 - 03996608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-10-14 15:42 - 2015-09-28 15:21 - 03940800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-10-14 15:42 - 2015-09-28 15:19 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-10-14 15:42 - 2015-09-28 15:17 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-10-14 15:42 - 2015-09-28 15:17 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-10-14 15:42 - 2015-09-28 15:17 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-10-14 15:42 - 2015-09-28 15:17 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-10-14 15:42 - 2015-09-28 15:17 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2015-10-14 15:42 - 2015-09-28 15:17 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-10-14 15:42 - 2015-09-28 15:17 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-10-14 15:42 - 2015-09-28 15:17 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-10-14 15:42 - 2015-09-28 15:17 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-10-14 15:42 - 2015-09-28 15:17 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-10-14 15:42 - 2015-09-28 15:16 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-10-14 15:42 - 2015-09-28 15:16 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-10-14 15:42 - 2015-09-28 15:15 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-10-14 15:42 - 2015-09-28 15:15 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-10-14 15:42 - 2015-09-28 15:15 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-10-14 15:42 - 2015-09-28 15:15 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-10-14 15:42 - 2015-09-28 15:11 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-10-14 15:42 - 2015-09-28 15:11 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 15:07 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 13:22 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-10-14 15:42 - 2015-09-28 11:35 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-10-14 15:42 - 2015-09-28 11:35 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-10-14 15:42 - 2015-09-28 11:33 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 11:33 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 11:33 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-10-14 15:42 - 2015-09-28 11:33 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-10-14 15:42 - 2015-09-17 18:48 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-10-14 15:42 - 2015-09-17 18:48 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-10-14 15:42 - 2015-09-17 18:48 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-10-14 15:42 - 2015-09-17 18:48 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-10-14 15:42 - 2015-09-17 18:47 - 19280896 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-10-14 15:42 - 2015-09-17 18:47 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-10-14 15:42 - 2015-09-17 18:47 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-10-14 15:42 - 2015-09-17 18:47 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-10-14 15:42 - 2015-09-17 18:46 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-10-14 15:42 - 2015-09-17 18:46 - 03960832 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-10-14 15:42 - 2015-09-17 18:46 - 02656768 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-10-14 15:42 - 2015-09-17 18:46 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-10-14 15:42 - 2015-09-17 18:46 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-10-14 15:42 - 2015-09-17 18:46 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-10-14 15:42 - 2015-09-17 18:46 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-10-14 15:42 - 2015-09-17 18:46 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-10-14 15:42 - 2015-09-17 18:46 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-10-14 15:42 - 2015-09-17 18:46 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-10-14 15:42 - 2015-09-17 18:46 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-10-14 15:42 - 2015-09-17 18:46 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-10-14 15:42 - 2015-09-17 18:46 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-10-14 15:42 - 2015-09-17 15:44 - 14290944 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-10-14 15:42 - 2015-09-17 15:44 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-10-14 15:42 - 2015-09-17 15:44 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-10-14 15:42 - 2015-09-17 15:44 - 00525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-10-14 15:42 - 2015-09-17 15:44 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-10-14 15:42 - 2015-09-17 15:44 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-10-14 15:42 - 2015-09-17 15:44 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-10-14 15:42 - 2015-09-17 15:43 - 13775360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-10-14 15:42 - 2015-09-17 15:43 - 02866176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-10-14 15:42 - 2015-09-17 15:43 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-10-14 15:42 - 2015-09-17 15:43 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-10-14 15:42 - 2015-09-17 15:43 - 00715264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-10-14 15:42 - 2015-09-17 15:43 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-10-14 15:42 - 2015-09-17 15:43 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-10-14 15:42 - 2015-09-17 15:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-10-14 15:42 - 2015-09-17 15:43 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-10-14 15:42 - 2015-09-17 15:43 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-10-14 15:42 - 2015-09-17 15:43 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-10-14 15:42 - 2015-09-17 15:43 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-10-14 15:42 - 2015-09-17 15:43 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-10-14 15:42 - 2015-09-17 13:58 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-10-14 15:42 - 2015-09-17 13:58 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-10-14 15:42 - 2015-09-17 13:31 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-10-14 15:42 - 2015-09-17 13:27 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-10-14 15:42 - 2015-09-17 13:06 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-10-14 15:42 - 2015-09-17 13:02 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-10-14 15:42 - 2015-09-15 18:45 - 00157016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-10-14 15:42 - 2015-09-15 18:45 - 00097112 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-10-14 15:42 - 2015-09-15 18:37 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-10-14 15:42 - 2015-09-15 18:37 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-10-14 15:42 - 2015-09-15 18:37 - 00309760 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-10-14 15:42 - 2015-09-15 18:37 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-10-14 15:42 - 2015-09-15 18:37 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-10-14 15:42 - 2015-09-15 18:37 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-10-14 15:42 - 2015-09-15 18:37 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-10-14 15:42 - 2015-09-15 18:25 - 00248832 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-10-14 15:42 - 2015-09-15 18:25 - 00221184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-10-14 15:42 - 2015-09-15 18:25 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-10-14 15:42 - 2015-09-15 18:21 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-10-14 15:42 - 2015-09-14 16:40 - 00634432 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-14 15:42 - 2015-07-18 08:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-13 19:49 - 2015-10-13 19:49 - 00851462 _____ C:\Users\Administrator\Downloads\IntheHalloftheMountainKingSMARTBoardActivity.notebook
2015-10-13 01:29 - 2015-10-13 01:29 - 00875720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvcr120_clr0400.dll
2015-10-13 01:22 - 2015-10-13 01:22 - 00869568 _____ (Microsoft Corporation) C:\Windows\system32\msvcr120_clr0400.dll
2015-10-12 18:50 - 2015-10-12 18:51 - 12042095 _____ C:\Users\Administrator\Downloads\WorksheetBundleTaandTiTi (1).zip
2015-10-12 18:38 - 2015-10-12 18:39 - 12042095 _____ C:\Users\Administrator\Downloads\WorksheetBundleTaandTiTi.zip
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-11 19:46 - 2013-05-31 14:20 - 01473659 _____ C:\Windows\WindowsUpdate.log
2015-11-11 19:45 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\inetsrv
2015-11-11 19:42 - 2013-05-31 14:24 - 00873752 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 19:42 - 2009-07-14 00:13 - 00873752 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-11 19:32 - 2011-04-12 03:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 19:29 - 2014-11-14 19:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-11 19:27 - 2015-01-09 11:00 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-11 19:27 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-11 19:27 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-11 19:20 - 2013-05-31 14:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-11 19:20 - 2013-05-31 14:32 - 00000000 ____D C:\ProgramData\Adobe
2015-11-11 18:53 - 2013-05-31 14:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-11 16:29 - 2014-11-14 19:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-11 15:25 - 2015-09-17 19:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Glyph
2015-11-11 15:19 - 2015-08-05 19:01 - 00000000 ____D C:\Program Files (x86)\Glyph
2015-11-11 15:11 - 2014-11-18 08:16 - 00118204 _____ C:\Windows\setupact.log
2015-11-11 15:11 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-10 17:55 - 2014-11-18 16:53 - 00000000 ____D C:\AdwCleaner
2015-11-08 20:51 - 2014-11-19 18:13 - 00007613 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2015-11-06 20:06 - 2015-03-22 13:51 - 00000000 ____D C:\Users\Administrator\Desktop\Invoices
2015-11-06 09:49 - 2014-11-18 16:58 - 00012826 _____ C:\Windows\PFRO.log
2015-10-24 02:03 - 2014-11-14 19:55 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-10-17 02:01 - 2015-05-03 02:22 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-17 02:01 - 2014-05-07 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel
2015-10-15 04:25 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
 
==================== Files in the root of some directories =======
 
2014-07-22 19:59 - 2014-07-22 19:59 - 0000038 ___SH () C:\Users\Administrator\AppData\Local\1754111884ee9ab5277ca00.95260103
2015-01-18 18:23 - 2015-01-18 18:24 - 1065984 _____ () C:\Users\Administrator\AppData\Local\file__0.localstorage
2014-11-19 18:13 - 2015-11-08 20:51 - 0007613 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2013-07-04 16:08 - 2013-07-04 16:08 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-11-09 17:02 - 2014-11-09 17:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\BingBarSetup-Partner.exe
C:\Users\Administrator\AppData\Local\Temp\proXPN-2.8.1-install.exe
C:\Users\Administrator\AppData\Local\Temp\Quarantine.exe
C:\Users\Administrator\AppData\Local\Temp\speccycpuid.dll
C:\Users\Administrator\AppData\Local\Temp\Uninstaller-2741884.exe
C:\Users\Administrator\AppData\Local\Temp\Uninstaller-3172.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-10-31 08:43
 
==================== End of FRST.txt =======

and here is the second.

 

addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Administrator (2015-11-11 19:50:13)
Running from C:\Users\Administrator\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-05-31 19:52:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2934196910-795859369-2802726781-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2934196910-795859369-2802726781-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2934196910-795859369-2802726781-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
Aion (HKLM-x32\...\NCW-AION) (Version: 1.0.0.2 - NC Interactive, LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS USB-N13 WLAN Card Utilities & Driver (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.0.0.7 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
FirstClass® Client (HKLM-x32\...\{5B35C417-2649-11D6-83D1-0050FC01225C}) (Version: 10.0 (build 10.014) - FirstClass Division, Open Text Corporation.)
Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.80 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Hola™ 1.9.624 - Better Internet (HKLM\...\Hola) (Version: 1.9.624 - Hola Networks Ltd.)
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.5.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
Kobo (HKLM-x32\...\Kobo) (Version: 3.17.0 - Rakuten Kobo Inc.)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Forefront UAG endpoint components v4.0.0 (HKLM-x32\...\Microsoft Forefront UAG endpoint components 3.1.0) (Version:  - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
MUSHclient (remove only) (HKLM-x32\...\MUSHclient) (Version:  - )
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
netTALK (HKLM-x32\...\netTALK) (Version: 1.34 - netTALK)
netTALK DUO WiFi Management Tool (HKLM-x32\...\{1C369AF1-6121-4BDE-A109-468C1418DC23}) (Version: 1.0.5 - netTALK)
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
RIFT (HKLM-x32\...\Glyph RIFT) (Version:  - Trion Worlds, Inc.)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-2934196910-795859369-2802726781-500_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32 -> C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\clfsw32.dll () <==== ATTENTION
 
==================== Restore Points =========================
 
31-05-2013 10:46:34 Windows Update
31-05-2013 10:59:44 Windows Update
31-05-2013 11:22:04 Windows Update
10-11-2015 16:33:58 Windows Update
11-11-2015 19:25:03 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {478452C7-DE14-4A59-A334-B4C1E9F10124} - System32\Tasks\{3953C9EC-FC84-41AD-BE7B-687DD2CF2594} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.169.260/en/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {69905146-DCE2-4D17-8D46-78E5215FE510} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {7888ADE7-65C7-4549-9DE8-DC1EA11EFB55} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AE03B492-9C07-4F9B-B814-C99F8921D54B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D56630FA-E331-43FE-9757-9A4C6A133185} - System32\Tasks\Driver Booster SkipUAC (Administrator) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {DF67CCFD-1F85-4F76-AC86-5D7EF16ECD04} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {EC748E99-7720-4DA9-A59B-B434A1285404} - System32\Tasks\{A8C7373E-38F6-461C-BEA8-6827F9474C08} => C:\Program Files (x86)\FirstClass\fcc32.exe [2011-04-15] (Open Text Inc.)
Task: {FE344AB3-E930-4698-83F9-E62AA508979A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-24 02:03 - 2015-10-20 09:08 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libglesv2.dll
2015-10-24 02:03 - 2015-10-20 09:08 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.80\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\sony.com -> sony.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2934196910-795859369-2802726781-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Fitbit Connect => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hola_svc => 2
MSCONFIG\Services: hola_updater => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NetTalkUsrLaunchService => 2
MSCONFIG\Services: NetTalkUsrService => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: Realtek11nCU => 2
MSCONFIG\Services: RzOvlMon => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: hola => C:\Program Files\Hola\app\hola.exe --silent
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
MSCONFIG\startupreg: NetTalk => C:\Program Files (x86)\netTALK\nettalkg.exe
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: uTorrent => "C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WhlCach3.exe => "C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlCach3.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FFF20630-8D46-45E1-A403-CC9A8B33D2AC}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{C9E445AD-6F91-48E2-BF1F-676C42AC58E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{469B2579-ADAD-47E8-ACAB-5C85ED7F5D4E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{54E0A270-70ED-45A5-9734-432A91390020}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC88C587-96AE-459C-8B7B-5BE3368D8118}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CB9B96E1-0C9A-475E-9A6B-00370ACDB8FF}] => (Allow) C:\Users\Administrator\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{4FC6B5EC-3EAA-4C1A-B86A-F72C69D97105}] => (Allow) C:\Users\Administrator\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{AA5D6264-715D-461C-8DC2-F6A13D1CEE74}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ED025AC7-D002-40B5-93FE-1AEB5E10BA3B}] => (Allow) LPort=2869
FirewallRules: [{7C3A1949-0F8F-4E12-865F-EA6417C841BC}] => (Allow) LPort=1900
FirewallRules: [{AF7844FE-FAE8-4DAE-8635-ACA6F7EB2276}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FD02DFDA-C502-4081-B6D8-B2DE26B51E55}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{7E85CEB7-5F3B-4631-9DA9-35372790DA1E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [TCP Query User{40D98A06-9BFA-40C8-B8E2-62EF43032444}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [UDP Query User{ACFC1974-443A-4AF6-B108-E5F5471DD820}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [TCP Query User{42523B84-8E5F-4419-A329-322DCF4A5C33}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [UDP Query User{8BEC2CBA-71AA-426A-AD5C-9FF1ABB06F7E}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [{4393451F-4DF8-44EB-9ACB-DE20B7C0FE9B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{036454EE-26FC-4B12-B4F1-4CF9994250BE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{934F45D2-5465-4683-88A6-3A31FA30183C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8C93E466-976F-42FA-A21B-5959A02080EC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{96B5768B-A128-467C-9D47-43D308AC373F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F3F4A800-3C33-4372-809A-AE48B962824D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0599BB8C-2CE8-4724-A5E1-70E5CC9E9E4F}] => (Allow) C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtWLan.exe
FirewallRules: [{8B03A238-3BD5-4F21-9C91-38F24104B9A2}] => (Allow) C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtWLan.exe
FirewallRules: [{DEB136E4-4945-4856-A21F-527DF4A22097}] => (Allow) LPort=1542
FirewallRules: [{6C42F8BC-A8EC-48F8-B7C6-88466031A0CD}] => (Allow) LPort=1542
FirewallRules: [{FF5D5C8B-A4BC-4826-83DD-A093F01E4A5F}] => (Allow) LPort=53
FirewallRules: [{378DD295-6535-4290-81F7-8B7306C98A50}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1AE84F2D-F4ED-41BC-AD60-3351315C960E}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{E5B10818-7603-4F45-BD5A-0733608A9AD4}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{80FFAF38-C80A-4D32-A1AE-E65F35578A74}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{264F9F35-18BC-4FFF-B31F-FB46B1E4355F}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{EDD0A3A2-0F67-4A81-B74F-AA347C49F473}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{65991EAE-EF5F-4054-8478-3615316657B0}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{2C043B23-C889-49F9-B0EE-0E099A0217B3}] => (Allow) C:\Users\Administrator\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{E9AA1DB6-5B28-47E8-8845-420782EA4B47}] => (Allow) C:\Users\Administrator\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{5B9EAEA2-E46E-4D78-9136-F89A874996CF}] => (Allow) C:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{64A1492F-A831-48E6-87E0-B8F31FD3A83A}] => (Allow) C:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{0144A264-0DB2-47D7-B9EA-4AFFC0690B9E}] => (Allow) C:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{66169C92-F9B7-47B6-9BC1-3C627A9C9272}] => (Allow) C:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{6746C302-60AF-4F0A-A037-8E99C537D981}] => (Allow) C:\Program Files (x86)\Glyph\GlyphDownloader.exe
FirewallRules: [{BA92E0F0-48D6-4FE5-858B-C703EEC0ABC4}] => (Allow) C:\Program Files (x86)\Glyph\GlyphDownloader.exe
FirewallRules: [{2C880607-911D-4F30-8C2A-360A3E685DDC}] => (Allow) C:\Program Files (x86)\Glyph\GlyphDownloader.exe
FirewallRules: [{DA340F46-0CEE-4472-9236-5070ED024AAF}] => (Allow) C:\Program Files (x86)\Glyph\GlyphDownloader.exe
FirewallRules: [{75492757-5D60-4B42-9DDC-5B7EAC70D91F}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/11/2015 03:12:27 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/11/2015 08:11:41 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/10/2015 07:37:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7601.22137, time stamp: 0x5080442a
Faulting module name: sysmain.dll, version: 6.1.7601.23136, time stamp: 0x55a6a198
Exception code: 0xc0000005
Fault offset: 0x000000000001a480
Faulting process id: 0x8e4
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3
 
Error: (11/10/2015 06:58:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wlmail.exe, version: 16.4.3528.331, time stamp: 0x533a3fce
Faulting module name: UXCore.dll, version: 16.4.3528.331, time stamp: 0x533a3fdc
Exception code: 0xc0000005
Fault offset: 0x0006f623
Faulting process id: 0x%9
Faulting application start time: 0xwlmail.exe0
Faulting application path: wlmail.exe1
Faulting module path: wlmail.exe2
Report Id: wlmail.exe3
 
Error: (11/10/2015 05:45:11 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/09/2015 11:45:18 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/09/2015 07:25:16 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/08/2015 07:33:13 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/07/2015 10:06:37 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: NCUpdateHelper.exe, version: 0.0.0.1, time stamp: 0x525b6657
Faulting module name: NCUpdateHelper.exe, version: 0.0.0.1, time stamp: 0x525b6657
Exception code: 0xc000000d
Fault offset: 0x0001d162
Faulting process id: 0xea0
Faulting application start time: 0xNCUpdateHelper.exe0
Faulting application path: NCUpdateHelper.exe1
Faulting module path: NCUpdateHelper.exe2
Report Id: NCUpdateHelper.exe3
 
Error: (11/06/2015 09:50:52 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (11/11/2015 07:41:23 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.209.2336.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (11/11/2015 07:41:23 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.209.2336.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (11/11/2015 07:41:23 PM) (Source: Microsoft Antimalware) (EventID: 2001) (User: )
Description: %NT AUTHORITY60 has encountered an error trying to update signatures.
 
New Signature Version: 
 
Previous Signature Version: 1.209.2336.0
 
Update Source: %NT AUTHORITY59
 
Update Stage: 4.8.0204.00
 
Source Path: 4.8.0204.01
 
Signature Type: %NT AUTHORITY602
 
Update Type: %NT AUTHORITY604
 
User: NT AUTHORITY\SYSTEM
 
Current Engine Version: %NT AUTHORITY605
 
Previous Engine Version: %NT AUTHORITY606
 
Error code: %NT AUTHORITY607
 
Error description: %NT AUTHORITY608
 
Error: (11/11/2015 06:48:24 PM) (Source: DCOM) (EventID: 10010) (User: )
Description: {0002DF01-0000-0000-C000-000000000046}
 
Error: (11/11/2015 06:19:25 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %Rogue:JS/FakeCall.D60 has encountered a critical error when taking action on malware or other potentially unwanted software.
 
For more information please see the following:
%Rogue:JS/FakeCall.D603
 
Name: Rogue:JS/FakeCall.D
 
ID: 222748
 
Severity: %Rogue:JS/FakeCall.D600
 
Category: %Rogue:JS/FakeCall.D602
 
Path: 4.8.0204.02
 
Detection Origin: 4.8.0204.04
 
Detection Type: 4.8.0204.08
 
Detection Source: %Rogue:JS/FakeCall.D608
 
User: {1687C496-3B47-4E20-B586-D4FF55C22586}9
 
Process Name: %Rogue:JS/FakeCall.D609
 
Action: {1687C496-3B47-4E20-B586-D4FF55C22586}1
 
Action Status:  {1687C496-3B47-4E20-B586-D4FF55C22586}8
 
Error Code: {1687C496-3B47-4E20-B586-D4FF55C22586}3
 
Error description: {1687C496-3B47-4E20-B586-D4FF55C22586}4
 
Signature Version: 2015-11-11T23:18:56.612Z1
 
Engine Version: 2015-11-11T23:18:56.612Z2
 
Error: (11/11/2015 06:18:43 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %Rogue:JS/FakeCall.D60 has encountered a critical error when taking action on malware or other potentially unwanted software.
 
For more information please see the following:
%Rogue:JS/FakeCall.D603
 
Name: Rogue:JS/FakeCall.D
 
ID: 222748
 
Severity: %Rogue:JS/FakeCall.D600
 
Category: %Rogue:JS/FakeCall.D602
 
Path: 4.8.0204.02
 
Detection Origin: 4.8.0204.04
 
Detection Type: 4.8.0204.08
 
Detection Source: %Rogue:JS/FakeCall.D608
 
User: {909B0464-A59C-469D-B99A-E763DD49BA59}9
 
Process Name: %Rogue:JS/FakeCall.D609
 
Action: {909B0464-A59C-469D-B99A-E763DD49BA59}1
 
Action Status:  {909B0464-A59C-469D-B99A-E763DD49BA59}8
 
Error Code: {909B0464-A59C-469D-B99A-E763DD49BA59}3
 
Error description: {909B0464-A59C-469D-B99A-E763DD49BA59}4
 
Signature Version: 2015-11-11T23:18:17.657Z1
 
Engine Version: 2015-11-11T23:18:17.657Z2
 
Error: (11/11/2015 03:53:46 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %Rogue:JS/FakeCall.D60 has encountered a critical error when taking action on malware or other potentially unwanted software.
 
For more information please see the following:
%Rogue:JS/FakeCall.D603
 
Name: Rogue:JS/FakeCall.D
 
ID: 222748
 
Severity: %Rogue:JS/FakeCall.D600
 
Category: %Rogue:JS/FakeCall.D602
 
Path: 4.8.0204.02
 
Detection Origin: 4.8.0204.04
 
Detection Type: 4.8.0204.08
 
Detection Source: %Rogue:JS/FakeCall.D608
 
User: {9798408A-99C1-4793-8E98-625E0E46C791}9
 
Process Name: %Rogue:JS/FakeCall.D609
 
Action: {9798408A-99C1-4793-8E98-625E0E46C791}1
 
Action Status:  {9798408A-99C1-4793-8E98-625E0E46C791}8
 
Error Code: {9798408A-99C1-4793-8E98-625E0E46C791}3
 
Error description: {9798408A-99C1-4793-8E98-625E0E46C791}4
 
Signature Version: 2015-11-11T20:53:16.785Z1
 
Engine Version: 2015-11-11T20:53:16.785Z2
 
Error: (11/11/2015 03:50:46 PM) (Source: Microsoft Antimalware) (EventID: 1119) (User: )
Description: %Rogue:JS/FakeCall.D60 has encountered a critical error when taking action on malware or other potentially unwanted software.
 
For more information please see the following:
%Rogue:JS/FakeCall.D603
 
Name: Rogue:JS/FakeCall.D
 
ID: 222748
 
Severity: %Rogue:JS/FakeCall.D600
 
Category: %Rogue:JS/FakeCall.D602
 
Path: 4.8.0204.02
 
Detection Origin: 4.8.0204.04
 
Detection Type: 4.8.0204.08
 
Detection Source: %Rogue:JS/FakeCall.D608
 
User: {DBB35E16-8518-435B-A87E-D759093BA2BE}9
 
Process Name: %Rogue:JS/FakeCall.D609
 
Action: {DBB35E16-8518-435B-A87E-D759093BA2BE}1
 
Action Status:  {DBB35E16-8518-435B-A87E-D759093BA2BE}8
 
Error Code: {DBB35E16-8518-435B-A87E-D759093BA2BE}3
 
Error description: {DBB35E16-8518-435B-A87E-D759093BA2BE}4
 
Signature Version: 2015-11-11T20:50:12.704Z1
 
Engine Version: 2015-11-11T20:50:12.704Z2
 
Error: (11/11/2015 03:16:02 PM) (Source: Service Control Manager) (EventID: 7022) (User: )
Description: The Background Intelligent Transfer Service service hung on starting.
 
Error: (11/11/2015 03:15:51 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Application Experience service failed to start due to the following error: 
%%1053
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 69%
Total physical RAM: 8171.95 MB
Available physical RAM: 2502.32 MB
Total Virtual: 16342.08 MB
Available Virtual: 9480.7 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:372.51 GB) (Free:100.88 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:931.41 GB) (Free:185.05 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: 69AAC6FB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=372.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AEB1AA7B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ===================


#5 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:52 AM

Posted 12 November 2015 - 06:02 AM

Step 1

Please download combofix.pngCombofix (by sUBs) and save it to your Desktop.

  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start Combofix.exe and follow its instructions.
  • Do not use the computer while the scan is running. This may cause the program to stall.
  • When finished, a log file will be displayed (that can also be found at C:\Combofix.txt).
    Please copy and paste the contents of this file into your next post.

Note: If you receive an error "Illegal operation attempted on a registry key that has been marked for deletion." after the scan, just restart the computer.
(You can find more detailed instructions in this guide on using Combofix.)


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#6 Daanmakus

Daanmakus
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 12 November 2015 - 08:23 PM

Here is the combofix file.

 

ComboFix 15-11-09.01 - Administrator 12/11/2015   7:16.1.8 - x64
Microsoft Windows 7 Home Premium   6.1.7601.1.1252.1.1033.18.8172.4922 [GMT -5:00]
Running from: c:\users\Administrator\Desktop\ComboFix.exe
AV: Microsoft Security Essentials *Disabled/Updated* {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
SP: Microsoft Security Essentials *Disabled/Updated* {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
.
(((((((((((((((((((((((((((((((((((((((   Other Deletions   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\users\Administrator\AppData\Local\assembly\tmp
c:\windows\msdownld.tmp
c:\windows\SysWow64\DEBUG.log
c:\windows\SysWow64\logs
.
.
(((((((((((((((((((((((((((((((((((((((   Drivers/Services   )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Service_hola_updater
.
.
(((((((((((((((((((((((((   Files Created from 2015-10-12 to 2015-11-12  )))))))))))))))))))))))))))))))
.
.
2015-11-12 00:41 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{E45D604C-F597-47B4-9BE5-6189D9F0552B}\mpengine.dll
2015-11-12 00:22 . 2015-11-12 00:52 -------- d-----w- C:\FRST
2015-11-10 22:40 . 2015-10-20 01:17 5550528 ----a-w- c:\windows\system32\ntoskrnl.exe
2015-11-10 22:40 . 2015-10-20 01:11 344064 ----a-w- c:\windows\system32\schannel.dll
2015-11-10 22:40 . 2015-10-20 01:11 730624 ----a-w- c:\windows\system32\kerberos.dll
2015-11-10 22:40 . 2015-10-20 00:54 3940800 ----a-w- c:\windows\SysWow64\ntoskrnl.exe
2015-11-10 22:40 . 2015-10-20 00:47 553472 ----a-w- c:\windows\SysWow64\kerberos.dll
2015-11-10 22:40 . 2015-10-20 00:54 3996608 ----a-w- c:\windows\SysWow64\ntkrnlpa.exe
2015-11-10 22:40 . 2015-10-20 01:17 154560 ----a-w- c:\windows\system32\drivers\ksecpkg.sys
2015-11-10 22:40 . 2015-10-20 01:11 312320 ----a-w- c:\windows\system32\ncrypt.dll
2015-11-10 22:40 . 2015-10-20 00:47 251392 ----a-w- c:\windows\SysWow64\schannel.dll
2015-11-10 22:40 . 2015-10-20 00:47 223232 ----a-w- c:\windows\SysWow64\ncrypt.dll
2015-11-10 22:40 . 2015-09-23 13:18 459344 ----a-w- c:\windows\system32\drivers\cng.sys
2015-11-10 22:40 . 2015-09-23 13:08 251000 ----a-w- c:\windows\SysWow64\bcryptprimitives.dll
2015-11-10 22:38 . 2015-10-29 17:50 342016 ----a-w- c:\windows\system32\apphelp.dll
2015-11-10 22:37 . 2015-10-20 15:00 217600 ----a-w- c:\program files (x86)\Internet Explorer\sqmapi.dll
2015-11-10 22:36 . 2015-10-14 00:50 496128 ----a-w- c:\windows\system32\drivers\afd.sys
2015-11-10 22:36 . 2015-10-13 16:40 118272 ----a-w- c:\windows\system32\drivers\tdx.sys
2015-11-10 22:36 . 2015-10-19 23:58 3214848 ----a-w- c:\windows\system32\win32k.sys
2015-11-10 21:34 . 2015-10-13 09:47 11140960 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\Backup\mpengine.dll
2015-11-09 00:47 . 2015-11-09 00:49 -------- d--h--w- c:\programdata\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}
2015-10-31 17:05 . 2015-11-10 22:37 -------- d-----w- c:\users\Administrator\AppData\Roaming\BitTorrent
2015-10-28 19:45 . 2015-07-01 15:22 1190000 ----a-w- c:\programdata\Microsoft\Microsoft Antimalware\Definition Updates\{B73FED8E-29F6-4DEB-8015-624E6E3EEBFB}\gapaengine.dll
2015-10-16 11:40 . 2015-09-18 19:19 700416 ----a-w- c:\windows\system32\invagent.dll
2015-10-16 11:40 . 2015-09-18 19:19 503808 ----a-w- c:\windows\system32\devinv.dll
2015-10-16 11:40 . 2015-09-18 19:19 1291264 ----a-w- c:\windows\system32\appraiser.dll
2015-10-16 11:40 . 2015-09-18 19:22 25432 ----a-w- c:\windows\system32\CompatTelRunner.exe
2015-10-16 11:40 . 2015-09-18 19:19 766464 ----a-w- c:\windows\system32\generaltel.dll
2015-10-16 11:40 . 2015-09-18 19:19 73216 ----a-w- c:\windows\system32\acmigration.dll
2015-10-16 11:40 . 2015-09-18 19:09 1163776 ----a-w- c:\windows\system32\aeinv.dll
2015-10-14 20:43 . 2015-08-06 18:06 14182912 ----a-w- c:\windows\system32\shell32.dll
2015-10-14 20:43 . 2015-08-06 18:06 1867776 ----a-w- c:\windows\system32\ExplorerFrame.dll
2015-10-14 20:43 . 2015-08-06 17:37 1499648 ----a-w- c:\windows\SysWow64\ExplorerFrame.dll
2015-10-14 20:43 . 2015-09-01 18:14 503296 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-14 20:43 . 2015-09-01 18:14 1247232 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\tipskins.dll
2015-10-14 20:43 . 2015-09-01 18:14 110592 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipBand.dll
2015-10-14 20:43 . 2015-09-01 18:13 224768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TabTip.exe
2015-10-14 20:43 . 2015-09-01 18:12 544768 ----a-w- c:\program files\Common Files\Microsoft Shared\ink\TipRes.dll
2015-10-14 20:43 . 2015-09-01 17:52 348672 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\tiptsf.dll
2015-10-14 20:43 . 2015-09-01 17:52 10240 ----a-w- c:\program files (x86)\Common Files\Microsoft Shared\ink\TabTip32.exe
.
.
.
((((((((((((((((((((((((((((((((((((((((   Find3M Report   ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2015-10-29 17:50 . 2015-11-10 22:38 350208 ----a-w- c:\windows\apppatch\AppPatch64\AcLayers.dll
2015-10-29 17:50 . 2015-11-10 22:38 309248 ----a-w- c:\windows\apppatch\AppPatch64\AcGenral.dll
2015-10-29 17:50 . 2015-11-10 22:38 135168 ----a-w- c:\windows\apppatch\AppPatch64\AcXtrnal.dll
2015-10-29 17:50 . 2015-11-10 22:38 103424 ----a-w- c:\windows\apppatch\AppPatch64\acspecfc.dll
2015-10-29 17:49 . 2015-11-10 22:38 562176 ----a-w- c:\windows\apppatch\AcLayers.dll
2015-10-29 17:49 . 2015-11-10 22:38 2178560 ----a-w- c:\windows\apppatch\AcGenral.dll
2015-10-29 17:49 . 2015-11-10 22:38 470528 ----a-w- c:\windows\apppatch\AcSpecfc.dll
2015-10-29 17:49 . 2015-11-10 22:38 211968 ----a-w- c:\windows\apppatch\AcXtrnal.dll
2015-10-29 17:39 . 2015-11-10 22:38 2560 ----a-w- c:\windows\apppatch\AcRes.dll
2015-10-20 00:46 . 2015-11-10 22:39 44032 ----a-w- c:\windows\apppatch\acwow64.dll
2015-10-13 06:29 . 2015-10-13 06:29 875720 ----a-w- c:\windows\SysWow64\msvcr120_clr0400.dll
2015-10-13 06:22 . 2015-10-13 06:22 869568 ----a-w- c:\windows\system32\msvcr120_clr0400.dll
2015-10-07 07:16 . 2015-01-13 21:43 196608 ----a-w- c:\windows\ServiceProfiles\NetworkService\msmqlog.bin
2015-09-02 03:04 . 2015-09-08 20:34 41984 ----a-w- c:\windows\system32\lpk.dll
2015-09-02 03:04 . 2015-09-08 20:34 100864 ----a-w- c:\windows\system32\fontsub.dll
2015-09-02 03:04 . 2015-09-08 20:34 14336 ----a-w- c:\windows\system32\dciman32.dll
2015-09-02 03:04 . 2015-09-08 20:34 46080 ----a-w- c:\windows\system32\atmlib.dll
2015-09-02 02:48 . 2015-09-08 20:34 70656 ----a-w- c:\windows\SysWow64\fontsub.dll
2015-09-02 02:48 . 2015-09-08 20:34 10240 ----a-w- c:\windows\SysWow64\dciman32.dll
2015-09-02 02:48 . 2015-09-08 20:34 34304 ----a-w- c:\windows\SysWow64\atmlib.dll
2015-09-02 02:47 . 2015-09-08 20:34 25600 ----a-w- c:\windows\SysWow64\lpk.dll
2015-09-02 01:47 . 2015-09-08 20:34 372736 ----a-w- c:\windows\system32\atmfd.dll
2015-09-02 01:33 . 2015-09-08 20:34 299520 ----a-w- c:\windows\SysWow64\atmfd.dll
2015-08-27 18:18 . 2015-09-08 20:35 2004480 ----a-w- c:\windows\system32\msxml6.dll
2015-08-27 18:18 . 2015-09-08 20:35 1887232 ----a-w- c:\windows\system32\msxml3.dll
2015-08-27 18:13 . 2015-09-08 20:35 2048 ----a-w- c:\windows\system32\msxml6r.dll
2015-08-27 18:13 . 2015-09-08 20:35 2048 ----a-w- c:\windows\system32\msxml3r.dll
2015-08-27 17:58 . 2015-09-08 20:35 1391104 ----a-w- c:\windows\SysWow64\msxml6.dll
2015-08-27 17:58 . 2015-09-08 20:35 1241088 ----a-w- c:\windows\SysWow64\msxml3.dll
2015-08-27 17:51 . 2015-09-08 20:35 2048 ----a-w- c:\windows\SysWow64\msxml6r.dll
2015-08-27 17:51 . 2015-09-08 20:35 2048 ----a-w- c:\windows\SysWow64\msxml3r.dll
.
.
------- Sigcheck -------
Note: Unsigned files aren't necessarily malware.
.
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\drivers\atapi.sys
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_552ea5111ec825a6\atapi.sys
[7] 2009-07-14 . 02062C0B390B7729EDC9E69C680A6F3C . 24128 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\mshdc.inf_amd64_neutral_aad30bdeec04ea5e\atapi.sys
.
[7] 2009-07-14 . 769765CE2CC62867468CEA93969B2242 . 23040 . . [6.1.7600.16385] .. c:\windows\system32\drivers\asyncmac.sys
.
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7601.17514] .. c:\windows\system32\drivers\kbdclass.sys
[7] 2009-07-14 . BC02336F1CBA7DCC7D1213BB588A68A5 . 50768 . . [6.1.7600.16385] .. c:\windows\system32\DriverStore\FileRepository\keyboard.inf_amd64_neutral_0684fdc43059f486\kbdclass.sys
.
[7] 2015-10-13 . F7309F42555F8AAB7144A51A1F2585B0 . 950720 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ndis.sys
.
[7] 2014-01-24 . 48B6047F82D5A8D0AEC71593F4ACD79B . 1684416 . . [6.1.7600.16385] .. c:\windows\system32\drivers\ntfs.sys
.
[7] 2009-07-13 . 9899284589F75FA8724FF3D16AED75C1 . 6144 . . [6.1.7600.16385] .. c:\windows\system32\drivers\null.sys
.
[7] 2014-04-05 . 4F80944B03112F486212DC20BE166079 . 1897408 . . [6.1.7600.16385] .. c:\windows\system32\drivers\tcpip.sys
.
[7] 2015-10-13 . AA77EB517D2F07A947294F260E3ACA83 . 118272 . . [6.1.7601.19031] .. c:\windows\system32\drivers\tdx.sys
.
[7] 2013-04-18 . 05F5A0D14A2EE1D8255C2AA0E9E8E694 . 136704 . . [6.1.7600.16385] .. c:\windows\system32\browser.dll
.
[7] 2015-10-20 . 0F3591FD0F246CD5941B6DC8184E66B7 . 31232 . . [6.1.7601.23250] .. c:\windows\system32\lsass.exe
.
[7] 2009-07-14 . 847D3AE376C0817161A14A82C8922A9E . 360448 . . [6.1.7600.16385] .. c:\windows\system32\netman.dll
.
[7] 2010-11-21 . 1EA7969E3271CBC59E1730697DC74682 . 849920 . . [7.5.7600.16385] .. c:\windows\system32\qmgr.dll
.
[7] 2013-04-18 . F3EF088F45BE326B4EDAC8C1C5A35105 . 512000 . . [6.1.7601.22137] .. c:\windows\system32\rpcss.dll
.
[7] 2015-04-13 . 71C85477DF9347FE8E7BC55768473FCA . 328704 . . [6.1.7600.16385] .. c:\windows\system32\services.exe
.
[7] 2013-04-18 . B98780FA7839BB6B14823C56A7BDA35C . 559616 . . [6.1.7600.16385] .. c:\windows\system32\spoolsv.exe
.
[7] 2014-07-17 . 8CEBD9D0A0A879CDE9F36F4383B7CAEA . 455168 . . [6.1.7601.17514] .. c:\windows\system32\winlogon.exe
.
[7] 2015-10-20 . CDBE532602413E7FB0C395024749C7AA . 140288 . . [7.6.7601.19046] .. c:\windows\system32\wuauclt.exe
.
[7] 2015-04-24 . 51F89CE2D0FEC66070354504E6C4C3E4 . 633856 . . [5.82] .. c:\windows\system32\comctl32.dll
.
[7] 2009-07-14 . 1A47D52E303B7543E4E6026595B95422 . 1297408 . . [2001.12.8530.16385] .. c:\windows\system32\comres.dll
.
[7] 2015-04-27 . 7BC3E861F7E8EB543A630090FAE779E0 . 188416 . . [6.1.7600.16385] .. c:\windows\system32\cryptsvc.dll
.
[7] 2009-07-14 . 4166F82BE4D24938977DD1746BE9B8A0 . 402944 . . [2001.12.8530.16385] .. c:\windows\system32\es.dll
.
[7] 2009-07-14 . AA2C08CE85653B1A0D2E4AB407FA176C . 167424 . . [6.1.7600.16385] .. c:\windows\system32\imm32.dll
.
[7] 2014-04-25 . 088CF6AFCD5CDD44E40C0ACDE3C1A5E0 . 801280 . . [1.0626.7601.18454] .. c:\windows\system32\usp10.dll
.
[7] 2015-10-20 . C86A77F9C93B7E04E4044B1D12E4E085 . 1166336 . . [6.1.7601.18015] .. c:\windows\system32\kernel32.dll
.
[7] 2009-07-14 . A0A65D306A5490D2EB8E7DE66898ECFD . 29696 . . [6.1.7600.16385] .. c:\windows\system32\linkinfo.dll
.
[7] 2015-09-02 . 38E22ADC0D95A1C860C900513A8DC5E9 . 41984 . . [6.1.7601.23188] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23188_none_083ad5588a78f1c9\lpk.dll
[7] 2015-09-02 . 0E8D254B70E880F032036BFD45266754 . 41984 . . [6.1.7601.18985] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18985_none_07ae5f8d715dd2b8\lpk.dll
[7] 2015-07-30 . 6399191EEE641F711E094B95B91DBA4B . 41984 . . [6.1.7601.23149] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23149_none_086715528a579b5c\lpk.dll
[7] 2015-07-30 . 0365E7AED8A38CB5FFF1DFB4458C0593 . 41984 . . [6.1.7601.18946] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18946_none_07da9f87713c7c4b\lpk.dll
[7] 2015-07-15 . 7F55FE319EF06C1986B994A3E86C52B4 . 41984 . . [6.1.7601.23126] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23126_none_0879b44c8a4a1775\lpk.dll
[7] 2015-07-15 . D57C03D365BC71C7A30504644515F3F8 . 41984 . . [6.1.7601.18923] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18923_none_07ed3e81712ef864\lpk.dll
[7] 2015-07-03 . 2F518A6C7BE454C9A60880281F9BEAAA . 41984 . . [6.1.7601.23117] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23117_none_088584828a4114db\lpk.dll
[7] 2015-07-03 . 373CB9C184589E3BE07412DFD5DF3D4F . 41984 . . [6.1.7601.18914] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18914_none_07f90eb77125f5ca\lpk.dll
[7] 2015-02-20 . DEEE064A330560593BBED835F591F0A5 . 41984 . . [6.1.7601.22974] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22974_none_0841ca148a744013\lpk.dll
[7] 2015-02-20 . F351B0E520502552734BE70AA5940784 . 41984 . . [6.1.7601.18768] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18768_none_07c6fc77714aec8d\lpk.dll
[7] 2013-06-06 . 796B47A4B82EF1C39F13435B88834C48 . 41472 . . [6.1.7601.18177] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18177_none_07bb20dd7154003d\lpk.dll
[7] 2013-06-06 . 22FC61B8E1EBA296FF416C3678E26DD3 . 41472 . . [6.1.7601.22350] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22350_none_08535d608a67b3eb\lpk.dll
[7] 2009-07-14 . D202223587518B13D72D68937B7E3F70 . 41984 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_07f91de77125e78d\lpk.dll
[7] 2015-09-02 . 0E8D254B70E880F032036BFD45266754 . 41984 . . [6.1.7601.18985] .. c:\windows\system32\lpk.dll
.
[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-i..ectionsharingconfig_31bf3856ad364e35_6.1.7600.16385_none_0c2b375bae4a8d38\hnetcfg.dll
[7] 2009-07-14 . 3B367397320C26DBA890B260F80D1B1B . 424448 . . [6.1.7600.16385] .. c:\windows\system32\hnetcfg.dll
.
[7] 2015-10-20 . 944F774DDAA65AF11EA7300569E22E70 . 19422208 . . [10.00.9200.21673] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21673_none_7a490b70ac4843a1\mshtml.dll
[7] 2015-10-20 . 7C32EE44C0BC762CC41D52FAC43068FE . 19283456 . . [10.00.9200.17556] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17556_none_911f3d0c929ae230\mshtml.dll
[7] 2015-09-17 . 1FD44CB8DB9AC7502CB243A5CD7240E9 . 19280896 . . [10.00.9200.17519] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17519_none_911af78c929ec9b7\mshtml.dll
[7] 2015-09-17 . D835BA8F766113E288293D90FF3E5353 . 19420672 . . [10.00.9200.21636] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21636_none_7a44c5f0ac4c2b28\mshtml.dll
[7] 2015-08-22 . BD863E1CD062CA2A581568BD7680060E . 19531776 . . [10.00.9200.21605] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21605_none_7a41dbdaac4ec582\mshtml.dll
[7] 2015-08-22 . 7C67F20D8B6274DEF96052BA98771607 . 19291648 . . [10.00.9200.17492] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17492_none_912e6940928ec517\mshtml.dll
[7] 2015-08-13 . 20B16BAEA064E8C2BE6385B140AD9F95 . 19292160 . . [10.00.9200.17479] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17479_none_912bc934929145d0\mshtml.dll
[7] 2015-08-13 . 17BBB98D78528C6F73272E5CEC9338DD . 19528704 . . [10.00.9200.21595] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21595_none_7a55ae60ac3e8da0\mshtml.dll
[7] 2015-07-25 . 1CBF2D5C529B0756D9CC169E2E980DD4 . 19291648 . . [10.00.9200.17457] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17457_none_9129f6309292dfe0\mshtml.dll
[7] 2015-07-25 . 6E1B36E9C787605B5F89C272CC5DC7C4 . 19528192 . . [10.00.9200.21571] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21571_none_7a5408ecac3ff46e\mshtml.dll
[7] 2015-07-02 . 99530516AECF19FC1836D1E11128B8B0 . 19291136 . . [10.00.9200.17429] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17429_none_9126c7c29295c71d\mshtml.dll
[7] 2015-07-02 . F9DE9692D1D3E448F0374D2846686A17 . 19530240 . . [10.00.9200.21539] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21538_none_7a4f684cac444279\mshtml.dll
[7] 2015-06-17 . 22104455CEE4013DF92E87731A448289 . 19531776 . . [10.00.9200.21523] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21524_none_7a4ec322ac44c29e\mshtml.dll
[7] 2015-06-17 . 41C588802EBB3766DCC2E623807EF717 . 19292160 . . [10.00.9200.17412] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17414_none_9126396092962da1\mshtml.dll
[7] 2015-05-28 . 22B8CF55E467457EA40D4AC4D13CA5D0 . 19291136 . . [10.00.9200.17377] .. c:\windows\winsxs\amd64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17377_none_9136c6b09288f69d\mshtml.dll
[7] 2015-10-20 . 7C32EE44C0BC762CC41D52FAC43068FE . 19283456 . . [10.00.9200.16521] .. c:\windows\system32\mshtml.dll
.
[7] 2013-04-18 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_2f5acf97b59df60f\msvcrt.dll
[7] 2013-04-18 . F9A4C695C86CC32048FE2C987A0BD387 . 634880 . . [7.0.7601.21878] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_2fc7fdc6ced04f08\msvcrt.dll
[7] 2009-07-14 . 7319BB10FA1F86E49E3DCF4136F6C957 . 634880 . . [7.0.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_2d4a27c7b8972454\msvcrt.dll
[7] 2013-04-18 . C391FC68282A000CDF953F8B6B55D2EF . 634880 . . [7.0.7601.17744] .. c:\windows\system32\msvcrt.dll
.
[7] 2013-09-08 . 9A9F9F1A77D6A80EE28B57664F00013E . 327168 . . [6.1.7601.18254] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_164e004b440bdabf\mswsock.dll
[7] 2013-09-07 . BDDB1FD258B92DEE00F222D3304B5D9C . 327168 . . [6.1.7601.22444] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_16e26ee85d215bbf\mswsock.dll
[7] 2010-11-21 . 1D5185A4C7E6695431AE4B55C3D7D333 . 326144 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_16795c7543eb48cf\mswsock.dll
[7] 2013-09-08 . 9A9F9F1A77D6A80EE28B57664F00013E . 327168 . . [6.1.7600.16385] .. c:\windows\system32\mswsock.dll
.
[7] 2013-04-18 . F866FF235A40575981DF01F3E98AEA04 . 698880 . . [6.1.7601.22137] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.22137_none_5c549a3d67c4be27\netlogon.dll
[7] 2010-11-21 . AA339DD8BB128EF66660DFBBB59043D3 . 695808 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_5bddbcb24e997298\netlogon.dll
[7] 2013-04-18 . F866FF235A40575981DF01F3E98AEA04 . 698880 . . [6.1.7600.16385] .. c:\windows\system32\netlogon.dll
.
[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_ff0e900816896618\powrprof.dll
[7] 2009-07-14 . 716175021BDA290504CE434273F666BC . 167424 . . [6.1.7600.16385] .. c:\windows\system32\powrprof.dll
.
[7] 2010-11-21 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_9633e7caefbaf953\scecli.dll
[7] 2010-11-21 . ED78427259134C63ED69804D2132B86C . 232960 . . [6.1.7600.16385] .. c:\windows\system32\scecli.dll
.
[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_032ab4f375e2ac1f\sfc.dll
[7] 2009-07-14 . C6DCD1D11ED6827F05C00773C3E7053C . 3072 . . [6.1.7600.16385] .. c:\windows\system32\sfc.dll
.
[7] 2013-04-18 . DFDE777FAF31DC25E3624E8071073146 . 27136 . . [6.1.7601.22137] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.22137_none_14583c9b351893b5\svchost.exe
[7] 2009-07-14 . C78655BC80301D76ED4FEF1C1EA40A7D . 27136 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_11b04b481efec48c\svchost.exe
[7] 2013-04-18 . DFDE777FAF31DC25E3624E8071073146 . 27136 . . [6.1.7600.16385] .. c:\windows\system32\svchost.exe
.
[7] 2010-11-21 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_4162de4afb9222c0\tapisrv.dll
[7] 2010-11-21 . 40F0849F65D13EE87B9A9AE3C1DD6823 . 316928 . . [6.1.7600.16385] .. c:\windows\system32\tapisrv.dll
.
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_2b5e71b083fc0973\user32.dll
[7] 2010-11-21 . FE70103391A64039A921DBFFF9C7AB1B . 1008128 . . [6.1.7601.17514] .. c:\windows\system32\user32.dll
.
[7] 2010-11-21 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_3a4ebf84e84f824c\userinit.exe
[7] 2010-11-21 . BAFE84E637BF7388C96EF48D4D3FDD53 . 30720 . . [6.1.7600.16385] .. c:\windows\system32\userinit.exe
.
[7] 2015-10-20 . EAFDD3838922C44210BE2DE7DA77233A . 2249216 . . [10.00.9200.21669] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21673_none_68eeec522bf1da6b\wininet.dll
[7] 2015-10-20 . DFAA3C85674B3992CE4FDE563D5FD3D8 . 2239488 . . [10.00.9200.17552] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17556_none_7fc51dee124478fa\wininet.dll
[7] 2015-09-17 . 414AD8CBA2595B840DFB880E1D162E81 . 2239488 . . [10.00.9200.17519] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17519_none_7fc0d86e12486081\wininet.dll
[7] 2015-09-17 . 159C37D179453C7A2F2BBD84B80B01B5 . 2249216 . . [10.00.9200.21636] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21636_none_68eaa6d22bf5c1f2\wininet.dll
[7] 2015-08-22 . 6080465100A159F1DEBDC6C3FE256DB8 . 2249216 . . [10.00.9200.21603] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21605_none_68e7bcbc2bf85c4c\wininet.dll
[7] 2015-08-22 . 75A63D651E9FFB1223F852D4D9FB09E1 . 2239488 . . [10.00.9200.17489] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17492_none_7fd44a2212385be1\wininet.dll
[7] 2015-07-25 . B3AFBD1A76B2C1D924C456F8F35FE531 . 2239488 . . [10.00.9200.17457] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17457_none_7fcfd712123c76aa\wininet.dll
[7] 2015-07-25 . 1036227A51CF451BAF7AA6E87DA32A2B . 2249216 . . [10.00.9200.21571] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21571_none_68f9e9ce2be98b38\wininet.dll
[7] 2015-06-17 . 3FF76B76A9DADF8EA56B6BF497C00904 . 2246144 . . [10.00.9200.21523] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21524_none_68f4a4042bee5968\wininet.dll
[7] 2015-06-17 . 322200890E01D1747657C7A59590FF4A . 2237440 . . [10.00.9200.17412] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17414_none_7fcc1a42123fc46b\wininet.dll
[7] 2015-05-28 . 5F448285F3C91222B670D4130A101B08 . 2237440 . . [10.00.9200.17377] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17377_none_7fdca79212328d67\wininet.dll
[7] 2015-05-28 . BB3D69A18927765965220531F521926B . 2246144 . . [10.00.9200.21489] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21489_none_690503c42be155a6\wininet.dll
[7] 2015-04-21 . E73A4D404CA38D6C71AE71FDB9175B46 . 2246144 . . [10.00.9200.21459] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21470_none_6904d0822be155a6\wininet.dll
[7] 2015-04-21 . 1AE81E63F2B5030C874E89E5E667AAEC . 2237440 . . [10.00.9200.17356] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17357_none_7fdaa6fe12345ab9\wininet.dll
[7] 2015-03-10 . 11306EED81A8F0A48AFBB3960FFAD07E . 2237952 . . [10.00.9200.17296] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17296_none_7fe98eda12288a83\wininet.dll
[7] 2015-03-10 . 4DBB664130967409178DB88DC0D5C8E3 . 2246656 . . [10.00.9200.21413] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21413_none_68fe8a6e2be70a7f\wininet.dll
[7] 2015-02-23 . D1E29FA71121ADE78838A95A807964FC . 2237952 . . [10.00.9200.17267] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17267_none_7fe67734122b581f\wininet.dll
[7] 2015-02-21 . FFA4DE17E7D66BAE322804A2AFD74456 . 2246656 . . [10.00.9200.21384] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21384_none_691045982bd8b990\wininet.dll
[7] 2015-01-13 . D214A7272A039B63E1DBCF6C249BC500 . 2237952 . . [10.00.9200.17229] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17229_none_7fe2487c122f2605\wininet.dll
[7] 2015-01-12 . D1A0AEB097589AA1CED16B3F54C05DC1 . 2246144 . . [10.00.9200.21345] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21342_none_690c72002bdc20f2\wininet.dll
[7] 2014-11-21 . 7E5EFE2543E98D7D6A6557ED704D3DD6 . 2237952 . . [10.00.9200.17183] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17183_none_7ff3a2d412210858\wininet.dll
[7] 2014-11-21 . C395BA4BD2154FDA08A8E2DDDE5BCE4F . 2246144 . . [10.00.9200.21299] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21299_none_691ba3e62bd0371b\wininet.dll
[7] 2014-11-20 . 3F150193FC92B913585B60983AAB4AFF . 2237952 . . [10.00.9200.17173] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17173_none_7ff2a28a1221ef01\wininet.dll
[7] 2014-11-20 . EFE34616CB7BB5A842AAE25955B55DAB . 2246144 . . [10.00.9200.21291] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21291_none_691c5a262bcf6a13\wininet.dll
[7] 2014-10-26 . 4E0BA41211B870111B8DE9B03B49C18E . 2237952 . . [10.00.9200.17148] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17148_none_7fef2fc412252321\wininet.dll
[7] 2014-10-26 . A3AACFA86C10EEC9623D3558B378E685 . 2246144 . . [10.00.9200.21267] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21267_none_6918d0982bd2b7d4\wininet.dll
[7] 2014-01-31 . E7099336BF7531B6FCC920DCB5101259 . 2241536 . . [10.00.9200.16750] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16750_none_7fb004e0125419ef\wininet.dll
[7] 2010-11-21 . F6C5302E1F4813D552F41A0AC82455E5 . 1188864 . . [8.00.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_7ac940242f7494a4\wininet.dll
[7] 2015-10-20 . DFAA3C85674B3992CE4FDE563D5FD3D8 . 2239488 . . [10.00.9200.16521] .. c:\windows\system32\wininet.dll
.
[7] 2010-11-21 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_50ddb631e4f59005\ws2_32.dll
[7] 2010-11-21 . 4BBFA57F594F7E8A8EDC8F377184C3F0 . 297984 . . [6.1.7600.16385] .. c:\windows\system32\ws2_32.dll
.
[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6079f415110c0210\ws2help.dll
[7] 2009-07-14 . 8396C6C26AADDFE4590CCEF0F419B6B7 . 4608 . . [6.1.7600.16385] .. c:\windows\system32\ws2help.dll
.
[7] 2015-07-04 . C0EACFB89F9F32705F5576D49CC32E9B . 2086912 . . [6.1.7601.23118] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.23118_none_0ad113b0220b316a\ole32.dll
[7] 2015-07-04 . E3EB94B45A2735D4559558B5899732E8 . 2087424 . . [6.1.7601.18915] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.18915_none_0a449de508f01259\ole32.dll
[7] 2010-11-21 . 6C60B5ACA7442EFB794082CDACFC001C . 2086912 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_0a43accb08f0eac5\ole32.dll
[7] 2015-07-04 . E3EB94B45A2735D4559558B5899732E8 . 2087424 . . [6.1.7600.16385] .. c:\windows\system32\ole32.dll
.
[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_4458dccc49458461\cngaudit.dll
[7] 2009-07-14 . 86FE1B1F8FD42CD0DB641AB1CDB13093 . 18944 . . [6.1.7600.16385] .. c:\windows\system32\cngaudit.dll
.
[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_8ce7aa761e01ad49\wininit.exe
[7] 2009-07-14 . 94355C28C1970635A31B3FE52EB7CEBA . 129024 . . [6.1.7600.16385] .. c:\windows\system32\wininit.exe
.
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_f9257e7aaa4290ce\ctfmon.exe
[7] 2009-07-14 . 42B6A94DD747DF2B5F628A2752E62A98 . 9728 . . [6.1.7600.16385] .. c:\windows\system32\ctfmon.exe
.
[7] 2010-11-21 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_2b566299338d2123\shsvcs.dll
[7] 2010-11-21 . AAF932B4011D14052955D4B212A4DA8D . 370688 . . [6.1.7600.16385] .. c:\windows\system32\shsvcs.dll
.
[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-remoteregistry-service_31bf3856ad364e35_6.1.7600.16385_none_e55af7609d2857a8\regsvc.dll
[7] 2009-07-14 . E4D94F24081440B5FC5AA556C7C62702 . 159232 . . [6.1.7600.16385] .. c:\windows\system32\regsvc.dll
.
[7] 2015-08-05 . E1F233CE5DA10AC41C0545F5DAD25998 . 1110528 . . [6.1.7601.23154] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.23154_none_8d854a0dc6e05406\schedsvc.dll
[7] 2015-08-05 . 40686B59C127F0C93B4234E4A1E3472A . 1110016 . . [6.1.7601.18951] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.18951_none_8cf8d442adc534f5\schedsvc.dll
[7] 2010-11-21 . 262F6592C3299C005FD6BEC90FC4463A . 1110016 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-taskscheduler-service_31bf3856ad364e35_6.1.7601.17514_none_8d272400ada202f9\schedsvc.dll
[7] 2015-08-05 . 40686B59C127F0C93B4234E4A1E3472A . 1110016 . . [6.1.7600.16385] .. c:\windows\system32\schedsvc.dll
.
[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-upnpssdp_31bf3856ad364e35_6.1.7600.16385_none_dbbe6492eae9505c\ssdpsrv.dll
[7] 2009-07-14 . 51B52FBD583CDE8AA9BA62B8B4298F33 . 193024 . . [6.1.7600.16385] .. c:\windows\system32\ssdpsrv.dll
.
[7] 2014-10-14 . 6A5B600AD0041E9AF564DE73B716F3D2 . 686592 . . [6.1.7601.22843] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22843_none_ed2d60f8841a8fd8\termsrv.dll
[7] 2014-10-14 . 008CD4EBFABCF78D0F19B3778492648C . 683520 . . [6.1.7601.18637] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18637_none_ecb2935b6af13c52\termsrv.dll
[7] 2014-07-17 . 4FC4C50985E5B840F4D72E57286887B8 . 681984 . . [6.1.7601.18540] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.18540_none_eca0bf836affa9bb\termsrv.dll
[7] 2014-07-16 . F4D7114060C034134A440846F411BB7F . 686080 . . [6.1.7601.22750] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.22750_none_ed1f8e488425629d\termsrv.dll
[7] 2010-11-21 . 2E648163254233755035B46DD7B89123 . 680960 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-t..teconnectionmanager_31bf3856ad364e35_6.1.7601.17514_none_ecc547376ae3a1a3\termsrv.dll
[7] 2014-10-14 . 008CD4EBFABCF78D0F19B3778492648C . 683520 . . [6.1.7601.17514] .. c:\windows\system32\termsrv.dll
.
[7] 2015-10-20 . AB7AE8AB2050FAB325FB238A9564057F . 5550528 . . [6.1.7601.23250] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23250_none_cab08ddae4048581\ntoskrnl.exe
[7] 2015-10-20 . 6D1CF2634A2EB33D3FCED43D96621FCC . 5570496 . . [6.1.7601.19045] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.19045_none_ca36c087cada4b52\ntoskrnl.exe
[7] 2015-09-29 . 3FE5671328B8A655F766D872D12DC373 . 5569472 . . [6.1.7601.19018] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.19018_none_ca5a3129cabf4384\ntoskrnl.exe
[7] 2015-09-28 . 54D73E3854CCF1A2129E41F8E4EF05DE . 5550528 . . [6.1.7601.23223] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23223_none_cad3fe7ce3e97db3\ntoskrnl.exe
[7] 2015-08-04 . 8FFB28945BA18E7940AF9E83872495C4 . 5550528 . . [6.1.7601.23153] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23153_none_cab38cd2e401d45f\ntoskrnl.exe
[7] 2015-07-23 . 0F97C5BD7D2FCBA9F2E6A69CBAEC389E . 5568960 . . [6.1.7601.18939] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18939_none_ca45b979cace617b\ntoskrnl.exe
[7] 2015-07-22 . AD9888FF818F16FF30F788B579A7C4EE . 5550528 . . [6.1.7601.23142] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23142_none_cabd5c74e3fa9f17\ntoskrnl.exe
[7] 2015-07-15 . B9A07A9807A4BAC067498CC8D77F3D4D . 5568960 . . [6.1.7601.18933] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18933_none_ca3fb7bdcad3c971\ntoskrnl.exe
[7] 2015-07-15 . E8D0557D278E38133E638805EE1B48AB . 5550528 . . [6.1.7601.23136] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23136_none_cacc2d88e3eee882\ntoskrnl.exe
[7] 2015-07-15 . D1EF413551B6A324E260E34856B765C3 . 5550528 . . [6.1.7601.23126] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23126_none_cad6fd74e3e6cc91\ntoskrnl.exe
[7] 2015-07-15 . E85C3F602B11BF95D0EF7BBCF9D35FF4 . 5568960 . . [6.1.7601.18923] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18923_none_ca4a87a9cacbad80\ntoskrnl.exe
[7] 2015-05-25 . 345B487FB5966EB56C41338154E28A4A . 5550528 . . [6.1.7601.23072] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23072_none_ca9ceacae412f5c3\ntoskrnl.exe
[7] 2015-05-25 . 9E2A2028228645DD57EF45A02CAC0CCE . 5569984 . . [6.1.7601.18869] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18869_none_ca2547cfcae6b827\ntoskrnl.exe
[7] 2015-03-17 . DCB7D8034C773ADB660FA8F1139AC0A0 . 5557696 . . [6.1.7601.18798] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18798_none_ca03d5dbcafff57c\ntoskrnl.exe
[7] 2015-03-17 . DE8E8AA2AE5F0C69AE5E7CC496EAACA8 . 5556672 . . [6.1.7601.23002] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23002_none_cae89a3ee3da322c\ntoskrnl.exe
[7] 2015-02-03 . F2B78D0219AA7D84C98E833C17937DDB . 5553600 . . [6.1.7601.22948] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22948_none_cac38428e3f506b8\ntoskrnl.exe
[7] 2015-02-03 . FDA5F186596288F0B9ECE9DC7A5AA868 . 5554104 . . [6.1.7601.18741] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18741_none_ca32e371caddb866\ntoskrnl.exe
[7] 2015-01-29 . 889AA7FD6FFDCD74A76D2EF6191CECA2 . 5554104 . . [6.1.7601.18738] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18738_none_ca44b563cacf4dd6\ntoskrnl.exe
[7] 2015-01-27 . C71A22B3245D00C4DFE1778237D12D53 . 5553600 . . [6.1.7601.22943] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22943_none_cabe82b6e3f98805\ntoskrnl.exe
[7] 2015-01-14 . 12A78796FFF4D5B8B15A2BC4B13650A4 . 5553080 . . [6.1.7601.22923] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22923_none_cad4228ee3e95023\ntoskrnl.exe
[7] 2015-01-14 . 9819614CA9EFB5A96493B379170B9D89 . 5554112 . . [6.1.7601.18717] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18717_none_ca5954f1cabffc9d\ntoskrnl.exe
[7] 2015-01-12 . C5F62A6837C35D5D63D5F537742CAAE1 . 5553080 . . [6.1.7601.22921] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22921_none_cad221fae3eb1d75\ntoskrnl.exe
[7] 2015-01-12 . 2C7AFFF556A35C39EF93CCDF7AE22B26 . 5554104 . . [6.1.7601.18715] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18715_none_ca57545dcac1c9ef\ntoskrnl.exe
[7] 2014-12-12 . 790577C77DD59EBBE4BB5359EAB0682D . 5553080 . . [6.1.7601.22908] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22908_none_caeec3d8e3d496f4\ntoskrnl.exe
[7] 2014-12-12 . 0A70B8D78AF95894E221DDAC6482DF6D . 5553592 . . [6.1.7601.18700] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18700_none_ca5d22d7cabe2f4b\ntoskrnl.exe
[7] 2014-03-04 . A9D735A8C6010DCE1148D4BC32365C14 . 5553088 . . [6.1.7601.22616] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_cae1eda6e3de88c2\ntoskrnl.exe
[7] 2014-03-04 . 6B47CF5C27865DDF6680E4D834FBE34F . 5550016 . . [6.1.7601.18409] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_ca661fbfcab61be5\ntoskrnl.exe
[7] 2013-08-29 . C842D8DC6E5BCD750FA50E4083CBBBEB . 5552064 . . [6.1.7601.22436] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_cacc4a02e3eec656\ntoskrnl.exe
[7] 2013-08-29 . 5B9A6A310326D9C438F2C19FBBE97C97 . 5549504 . . [6.1.7601.18247] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_ca38dbafcad85ead\ntoskrnl.exe
[7] 2013-08-02 . 5DA80B9D5EB7197AA99006C2DDD14E08 . 5554624 . . [6.1.7601.22411] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_cadce868e3e30fc1\ntoskrnl.exe
[7] 2013-08-02 . 63B563F1FC047AB3E21530DBBE773260 . 5550528 . . [6.1.7601.18229] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18229_none_ca507c1bcac65979\ntoskrnl.exe
[7] 2013-05-31 . 6B0D9CF92C08D42533C12FC1A0B5403F . 5553512 . . [6.1.7601.18044] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_ca35d705cadb185a\ntoskrnl.exe
[7] 2013-05-31 . A0F9F36C3F670053F9A2E9B9577CD1AB . 5554536 . . [6.1.7601.22210] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_cadbe452e3e3fc1c\ntoskrnl.exe
[7] 2013-04-18 . AC3232ED772403D38D64C18CD5A66FBD . 5550424 . . [6.1.7601.18113] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_ca554865cac3a857\ntoskrnl.exe
[7] 2013-04-18 . 25F87CF0EAF38AD1D412E804AE00CE3B . 5553496 . . [6.1.7601.22280] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_ca9034dee41cbfb3\ntoskrnl.exe
[7] 2013-04-18 . 03B5C6DBA5A770CEEFD1615E380C6BC3 . 5559664 . . [6.1.7601.17803] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_ca603c63cabb5ed6\ntoskrnl.exe
[7] 2013-04-18 . 708A4C721CEE6B3845B5A54477D873CF . 5561200 . . [6.1.7601.21955] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_cab5ca26e3ffbd03\ntoskrnl.exe
[7] 2013-04-18 . 577841951E8BAD6EA8288106693CD39F . 5561216 . . [6.1.7601.17640] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_ca31f809cade8847\ntoskrnl.exe
[7] 2013-04-18 . CE6AF5EC2DB1567B6297ADCB56B39B5D . 5561728 . . [6.1.7601.21755] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_cab5c65ae3ffc2b5\ntoskrnl.exe
[7] 2013-04-18 . 5BDC266AD2AE5CA31DD5B2343327FF52 . 5561176 . . [6.1.7601.22137] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22137_none_cacd449ae3ede838\ntoskrnl.exe
[7] 2013-04-18 . BAA66E360105F79B5948A2FDAF3AA8FE . 5559152 . . [6.1.7601.17790] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_c9fbea53cb071123\ntoskrnl.exe
[7] 2013-04-18 . FCAB208AC0F7263A84EB627B1517E5AC . 5561200 . . [6.1.7601.21936] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_cacc6a48e3ee9e78\ntoskrnl.exe
[7] 2013-04-18 . 1AFFF8D5352AECEF2ECD47FFA02D7F7D . 5559152 . . [6.1.7601.17727] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_ca4e9bcdcac7feed\ntoskrnl.exe
[7] 2013-04-18 . 70A2D18E0B2A1ADBAE90008684E030AC . 5561200 . . [6.1.7601.21863] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_caa8f7c0e409a91f\ntoskrnl.exe
[7] 2013-04-18 . D60D9BCEAE5870A67E6C167F4681877B . 5562240 . . [6.1.7601.17592] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_c9fde71bcb054983\ntoskrnl.exe
[7] 2013-04-18 . 99C2715F138E7ED2F489AB796DD3B53C . 5562240 . . [6.1.7601.21701] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_cae7d4cee3dad1a4\ntoskrnl.exe
[7] 2010-11-21 . C6CEC3E6CC9842B73501C70AA64C00FE . 5563776 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_ca56670fcac29ca9\ntoskrnl.exe
[7] 2015-10-20 . AB7AE8AB2050FAB325FB238A9564057F . 5550528 . . [6.1.7601.23250] .. c:\windows\system32\ntoskrnl.exe
.
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_4627a1cbadebced2\ksuser.dll
[7] 2009-07-14 . 8560FFFC8EB3A806DCD4F82252CFC8C6 . 5120 . . [6.1.7600.16385] .. c:\windows\system32\ksuser.dll
.
[7] 2009-07-14 . E424B3EF666B184CEE0B6871AAA8C9F6 . 8192 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_d360c9c235bd1868\msimg32.dll
[7] 2009-07-14 . E424B3EF666B184CEE0B6871AAA8C9F6 . 8192 . . [6.1.7600.16385] .. c:\windows\system32\msimg32.dll
.
[7] 2015-04-24 . 71DD9528DD7D36EB853020401D66089D . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.23039_none_3c1c4e5d4f63373c\comctl32.dll
[7] 2015-04-24 . 71DD9528DD7D36EB853020401D66089D . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.23039_none_ee6532a082bc3b56\comctl32.dll
[7] 2015-04-24 . F7F754DDAA6AF9D3F3549F7013BFDF70 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23039_none_2b1a83ee457cfdf3\comctl32.dll
[7] 2015-04-24 . 58788565442368B0615DDAF1D452B843 . 530432 . . [5.82] .. c:\windows\SysWOW64\comctl32.dll
[7] 2015-04-24 . 58788565442368B0615DDAF1D452B843 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.18837_none_3b90d8dc36473182\comctl32.dll
[7] 2015-04-24 . 58788565442368B0615DDAF1D452B843 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18837_none_ec86b8d6858ec0bc\comctl32.dll
[7] 2015-04-24 . 885E18B2D0A445FB637850282530EB72 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d\comctl32.dll
[7] 2015-03-30 . 346DAA8204508A44B7211CC28B830CC5 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18807_none_41e554362bd82458\comctl32.dll
[7] 2015-03-30 . 791206E0343AD8E61826E063F2E4C885 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.23011_none_2b19399a457dfe3d\comctl32.dll
[7] 2013-07-04 . 700BD5A6AA5381D1D8ADC4045149DBF6 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.22376_none_3bee2a494f8638cf\comctl32.dll
[7] 2013-07-04 . 700BD5A6AA5381D1D8ADC4045149DBF6 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.22376_none_ee67d2d082b9f619\comctl32.dll
[7] 2013-07-04 . 75F5E1FE8D55CF8E577E0EC5F2290D3F . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.18201_none_3bab3b80363456bb\comctl32.dll
[7] 2013-07-04 . 75F5E1FE8D55CF8E577E0EC5F2290D3F . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.18201_none_ec80f00e8593ece5\comctl32.dll
[7] 2010-11-21 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_5.82.7601.17514_none_ec83dffa859149af\comctl32.dll
[7] 2010-11-21 . BDAC1AA64495D0F7E1FF810EBBF1F018 . 530432 . . [5.82] .. c:\windows\winsxs\x86_microsoft-windows-shell-comctl32-v5_31bf3856ad364e35_6.1.7601.17514_none_3ba388ec36399c85\comctl32.dll
[7] 2010-11-21 . 352B3DC62A0D259A82A052238425C872 . 1680896 . . [5.82] .. c:\windows\winsxs\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.17514_none_41e6975e2bd6f2b2\comctl32.dll
.
[7] 2015-04-27 . 33F67BBCC3C0499D3F3382473114CFA8 . 143872 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cryptsvc.dll
[7] 2015-04-27 . 33F67BBCC3C0499D3F3382473114CFA8 . 143872 . . [6.1.7601.18839] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18839_none_77f653d3f91d2e9f\cryptsvc.dll
[7] 2015-04-27 . 59AF628BEF750EE470FD36751CA52137 . 145920 . . [6.1.7601.23040] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.23040_none_786bf63b124b398d\cryptsvc.dll
[7] 2015-02-03 . B97E16D36DB7B7DD22C97857506FA58A . 145920 . . [6.1.7601.22948] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22948_none_787420691243d103\cryptsvc.dll
[7] 2015-02-03 . 49474B3E37969AF4B5C076F42B623AFF . 143872 . . [6.1.7601.18741] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18741_none_77e37fb1f92c82b1\cryptsvc.dll
[7] 2014-10-30 . 3031B5DC2A58A7BCE6651EA9B7DD6390 . 145920 . . [6.1.7601.22856] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22908_none_789f60191223613f\cryptsvc.dll
[7] 2014-07-07 . 623E143F2DF17C0106A9988F5D7DC878 . 143872 . . [6.1.7601.18526] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18526_none_77fe1d2ff917cf34\cryptsvc.dll
[7] 2013-10-05 . F2D9242C3BBD1C36467FCAE1AE01733F . 142848 . . [6.1.7601.22473] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22473_none_784ea5b51260b460\cryptsvc.dll
[7] 2013-07-09 . 6DB499DEFCC827317C5371164A7CDB27 . 142848 . . [6.1.7601.22380] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22380_none_7840d305126b8725\cryptsvc.dll
[7] 2013-07-09 . 7CA1BECEA5DE2643ADDAD32670E7A4C9 . 140288 . . [6.1.7601.18205] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18205_none_7812b70bf9088686\cryptsvc.dll
[7] 2013-05-13 . 3897DFF247D9ED0006190349DE264E14 . 140288 . . [6.1.7601.18151] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18151_none_77d8a461f934afb8\cryptsvc.dll
[7] 2013-05-11 . AC04D05309BB2C418D0D80B9FB014642 . 142848 . . [6.1.7601.22322] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22322_none_7883b3211239122d\cryptsvc.dll
[7] 2013-05-10 . E122AA1C9A3CC46FF9DDDE46E5EB0C58 . 142848 . . [6.1.7601.22321] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22321_none_7882b2d71239f8d6\cryptsvc.dll
[7] 2013-05-10 . 33ADF6E0853AB39EA1723BE82842C1D3 . 140288 . . [6.1.7601.18150] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.18150_none_77d7a417f9359661\cryptsvc.dll
[7] 2013-04-18 . 96C0E38905CFD788313BE8E11DAE3F2F . 140288 . . [6.1.7601.17856] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17856_none_77ddc9e5f93000db\cryptsvc.dll
[7] 2013-04-18 . 063DD65889D21035311463337BD268E7 . 142336 . . [6.1.7601.22010] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.22010_none_788c7cc71232cc19\cryptsvc.dll
[7] 2010-11-21 . A585BEBF7D054BD9618EDA0922D5484A . 136192 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-cryptsvc-dll_31bf3856ad364e35_6.1.7601.17514_none_7807034ff91166f4\cryptsvc.dll
.
[7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\SysWOW64\es.dll
[7] 2009-07-14 . F6916EFC29D9953D5D0DF06882AE8E16 . 271360 . . [2001.12.8530.16385] .. c:\windows\winsxs\wow64_microsoft-windows-c..complus-eventsystem_31bf3856ad364e35_6.1.7600.16385_none_73373b169fcf68cb\es.dll
.
[7] 2010-11-21 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\SysWOW64\imm32.dll
[7] 2010-11-21 . A6F09E5669D9A19035F6D942CAA15882 . 119808 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-imm32_31bf3856ad364e35_6.1.7601.17514_none_c4d0cdd7c56b493e\imm32.dll
.
[7] 2015-10-20 . 6D2B6BCAE365F879F958BCAB2B0EBC9D . 1114112 . . [6.1.7601.18015] .. c:\windows\SysWOW64\kernel32.dll
[7] 2015-10-20 . 6D2B6BCAE365F879F958BCAB2B0EBC9D . 1114112 . . [6.1.7601.18015] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23250_none_fc92bbcdba8dbdc2\kernel32.dll
[7] 2015-10-20 . 4166C05FA57548E6518D7EE20896C0A5 . 1114112 . . [6.1.7601.19045] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19045_none_fc18ee7aa1638393\kernel32.dll
[7] 2015-09-29 . 9E83A4F6E776F7A3E5F7FB90180FBC0B . 1114112 . . [6.1.7601.19018] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.19018_none_fc3c5f1ca1487bc5\kernel32.dll
[7] 2015-09-28 . A0CFCED64576C13EC04AD7B39940BE93 . 1114112 . . [6.1.7601.23223] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23223_none_fcb62c6fba72b5f4\kernel32.dll
[7] 2015-08-04 . F7C976A71C09A6B4141CC5C8097DE81C . 1114112 . . [6.1.7601.23153] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23153_none_fc95bac5ba8b0ca0\kernel32.dll
[7] 2015-07-22 . 6F5C056D1AEB8713E403259B5FB38EE8 . 1114112 . . [6.1.7601.23142] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23142_none_fc9f8a67ba83d758\kernel32.dll
[7] 2015-07-22 . 1E679BB6671C67B2097A5E53D884D4D0 . 1114112 . . [6.1.7601.18939] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18939_none_fc27e76ca15799bc\kernel32.dll
[7] 2015-07-15 . A38E10B4143A19F32D64517B6A1FCB98 . 1114112 . . [6.1.7601.18933] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18933_none_fc21e5b0a15d01b2\kernel32.dll
[7] 2015-07-15 . 50159C0AEE9029D43B7E27022B6C0B37 . 1114112 . . [6.1.7601.23136] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23136_none_fcae5b7bba7820c3\kernel32.dll
[7] 2015-07-15 . CA1A5EE549FE248BC127C1A5CAB72B70 . 1114112 . . [6.1.7601.23126] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23126_none_fcb92b67ba7004d2\kernel32.dll
[7] 2015-07-15 . C3856345C4FB053140237236D1146242 . 1114112 . . [6.1.7601.18923] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18923_none_fc2cb59ca154e5c1\kernel32.dll
[7] 2015-05-25 . 5EA4D6D52DB2679B8F9DE67A7F8BC41A . 1114112 . . [6.1.7601.23072] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23072_none_fc7f18bdba9c2e04\kernel32.dll
[7] 2015-05-25 . F81920ADB15012CF4E9FF8238C85686A . 1114112 . . [6.1.7601.18869] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18869_none_fc0775c2a16ff068\kernel32.dll
[7] 2015-05-09 . FE8AA1F56E845C0A36C12D2F83243C4C . 1114112 . . [6.1.7601.23049] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23049_none_fca68a87ba7d8b92\kernel32.dll
[7] 2015-05-09 . 84433E17027542D333861AB5615DCA2D . 1114112 . . [6.1.7601.18847] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18847_none_fc1b1506a16185d8\kernel32.dll
[7] 2015-03-17 . 99DE8BADC0E85C9AB4A8301A3723FFEA . 1114112 . . [6.1.7601.18798] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18798_none_fbe603cea1892dbd\kernel32.dll
[7] 2015-03-17 . 9FBA00AA15C45A2F1D26776193E543C1 . 1114112 . . [6.1.7601.23002] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.23002_none_fccac831ba636a6d\kernel32.dll
[7] 2014-04-12 . C8C41EBEE097FEB29FB816854D3AD1E7 . 1114112 . . [6.1.7601.22653] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22653_none_fc95db0bba8ae4c2\kernel32.dll
[7] 2014-03-04 . 866696FBE24914047462E34812169954 . 1114112 . . [6.1.7601.22616] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22616_none_fcc41b99ba67c103\kernel32.dll
[7] 2014-03-04 . 76161B9D78A275F8F28DD67436013110 . 1114112 . . [6.1.7601.18409] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18409_none_fc484db2a13f5426\kernel32.dll
[7] 2013-08-29 . EE751CBD5D0C332FDF3DF7187B612416 . 1114112 . . [6.1.7601.22436] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22436_none_fcae77f5ba77fe97\kernel32.dll
[7] 2013-08-02 . 61579F821AB5FF7FA2966D64D1070BA8 . 1114112 . . [6.1.7601.22411] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22411_none_fcbf165bba6c4802\kernel32.dll
[7] 2013-08-02 . 365A5034093AD9E04F433046C4CDF6AB . 1114112 . . [6.1.7601.18229] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18229_none_fc32aa0ea14f91ba\kernel32.dll
[7] 2013-04-18 . AC0B6F41882FC6ED186962D770EBF1D2 . 1114112 . . [6.1.7601.18015] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.18015_none_fc397506a14b161f\kernel32.dll
[7] 2013-04-18 . 9CC2571E3646B9A24296AD7ADCC71682 . 1114112 . . [6.1.7601.22177] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.22177_none_fc8432ddba97903d\kernel32.dll
[7] 2010-11-21 . E80758CF485DB142FCA1EE03A34EAD05 . 837632 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-kernel32_31bf3856ad364e35_6.1.7601.17514_none_fc389502a14bd4ea\kernel32.dll
.
[7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\SysWOW64\linkinfo.dll
[7] 2009-07-14 . 5987EA8A82C53359BCD2C29D6588583E . 22016 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-linkinfo_31bf3856ad364e35_6.1.7600.16385_none_9eaece15f365da54\linkinfo.dll
.
[7] 2015-09-02 . 415FB89174E6D8BFC885A00A01C3446B . 25600 . . [6.1.7601.18985] .. c:\windows\SysWOW64\lpk.dll
[7] 2015-09-02 . 415FB89174E6D8BFC885A00A01C3446B . 25600 . . [6.1.7601.18985] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18985_none_120309dfa5be94b3\lpk.dll
[7] 2015-09-02 . 3EDCBF9078520F613922E0D70A5906A7 . 25600 . . [6.1.7601.23188] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23188_none_128f7faabed9b3c4\lpk.dll
[7] 2015-07-30 . 9E2F12744DD9810961031C56FBB691F4 . 25600 . . [6.1.7601.18946] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18946_none_122f49d9a59d3e46\lpk.dll
[7] 2015-07-30 . FFE0FA7543E1B9B37352710BC8B9121C . 25600 . . [6.1.7601.23149] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23149_none_12bbbfa4beb85d57\lpk.dll
[7] 2015-07-15 . 20503EB76CAE40D601ABD38FC1B2CDCF . 25600 . . [6.1.7601.23126] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23126_none_12ce5e9ebeaad970\lpk.dll
[7] 2015-07-15 . D80ECB18D64AE3C2A9D8220ABEBCE40A . 25600 . . [6.1.7601.18923] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18923_none_1241e8d3a58fba5f\lpk.dll
[7] 2015-07-03 . 4644A3B2AFDDAEA57C3EC30F8D079E54 . 25600 . . [6.1.7601.18914] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18914_none_124db909a586b7c5\lpk.dll
[7] 2015-07-03 . E6BD42B2ACD11455768A4DDA38CED674 . 25600 . . [6.1.7601.23117] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.23117_none_12da2ed4bea1d6d6\lpk.dll
[7] 2015-02-20 . 7B1CABC4896210612AE600238E59CF15 . 25600 . . [6.1.7601.22974] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22974_none_12967466bed5020e\lpk.dll
[7] 2015-02-20 . 01D9C9A70323BC7E5835B92442DD7EC2 . 25600 . . [6.1.7601.18768] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18768_none_121ba6c9a5abae88\lpk.dll
[7] 2013-06-06 . 84CA3579EEB69D8E1EE67E4F721BF71C . 25600 . . [6.1.7601.22350] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.22350_none_12a807b2bec875e6\lpk.dll
[7] 2013-06-06 . CC23295DA8F7B5C53F93804D2F5D30EB . 25600 . . [6.1.7601.18177] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.18177_none_120fcb2fa5b4c238\lpk.dll
[7] 2009-07-14 . 384721EF4024890092625E20CADFAF85 . 25600 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-gdi_31bf3856ad364e35_6.1.7601.17514_none_124dc839a586a988\lpk.dll
.
[7] 2015-10-20 . 6E333CE14794E003D8ECB393DF3BA960 . 14294016 . . [10.00.9200.21673] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21673_none_849db5c2e0a9059c\mshtml.dll
[7] 2015-10-20 . 584BCA5251FF64243A9C6ABE3CD44D93 . 14292992 . . [10.00.9200.16521] .. c:\windows\SysWOW64\mshtml.dll
[7] 2015-10-20 . 584BCA5251FF64243A9C6ABE3CD44D93 . 14292992 . . [10.00.9200.17556] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17556_none_9b73e75ec6fba42b\mshtml.dll
[7] 2015-09-17 . 662494D78B93D54B6795DBD54D90CAB1 . 14290944 . . [10.00.9200.17519] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17519_none_9b6fa1dec6ff8bb2\mshtml.dll
[7] 2015-09-17 . 9EAB62033DB51A69D93FC4CE302CA99C . 14290944 . . [10.00.9200.21636] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21636_none_84997042e0aced23\mshtml.dll
[7] 2015-08-22 . 47630199E05219BB9E00AFEC3C455AA9 . 14384640 . . [10.00.9200.21605] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21605_none_8496862ce0af877d\mshtml.dll
[7] 2015-08-22 . 2BEE88A3287C90753C2FD3E40F83A8C2 . 14383616 . . [10.00.9200.17492] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17492_none_9b831392c6ef8712\mshtml.dll
[7] 2015-08-13 . 55CF2FBFAE307D3C415C28949F727885 . 14382592 . . [10.00.9200.21595] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21595_none_84aa58b2e09f4f9b\mshtml.dll
[7] 2015-08-13 . 9377F391049B8E82F1370792ECA8A024 . 14383616 . . [10.00.9200.17479] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17479_none_9b807386c6f207cb\mshtml.dll
[7] 2015-07-25 . 756E787516C00835F521D6BB3B5615E3 . 14383616 . . [10.00.9200.17457] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17457_none_9b7ea082c6f3a1db\mshtml.dll
[7] 2015-07-25 . 8030B0C0734AF841789FDF5D1D173E30 . 14382592 . . [10.00.9200.21571] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21571_none_84a8b33ee0a0b669\mshtml.dll
[7] 2015-07-02 . EEABF05C34EF03F1E5AEBA9B406A4C0E . 14384640 . . [10.00.9200.17429] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17429_none_9b7b7214c6f68918\mshtml.dll
[7] 2015-07-02 . 6F5D35F598D457A2200E9DE8586C486A . 14379520 . . [10.00.9200.21539] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21538_none_84a4129ee0a50474\mshtml.dll
[7] 2015-06-17 . 1661A1039415E648CEE07CFB534FF719 . 14379520 . . [10.00.9200.21523] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21524_none_84a36d74e0a58499\mshtml.dll
[7] 2015-06-17 . 2E17AE7938FA2033A001FF4588AD6AE0 . 14384128 . . [10.00.9200.17412] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17414_none_9b7ae3b2c6f6ef9c\mshtml.dll
[7] 2015-05-28 . 911E077ED9434FB73B0F91292E46B16D . 14381056 . . [10.00.9200.21489] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21489_none_84b3cd34e09880d7\mshtml.dll
[7] 2015-05-28 . 95F6425D6B46B18A83D4864F65B5AA2E . 14383104 . . [10.00.9200.17377] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17377_none_9b8b7102c6e9b898\mshtml.dll
[7] 2015-04-21 . EF79CE2223DBB34195C125CD1B9CD78B . 14374400 . . [10.00.9200.17357] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17357_none_9b89706ec6eb85ea\mshtml.dll
[7] 2015-04-21 . ECBE38F87F831200A26F78BC08E7D634 . 14377984 . . [10.00.9200.21470] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21470_none_84b399f2e09880d7\mshtml.dll
[7] 2015-03-10 . B56B43F63E087649DB11288590C06B0C . 14373376 . . [10.00.9200.17296] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17296_none_9b98584ac6dfb5b4\mshtml.dll
[7] 2015-03-10 . 751C8BBA2760726C058E43DA3FCD37E2 . 14375424 . . [10.00.9200.21413] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21413_none_84ad53dee09e35b0\mshtml.dll
[7] 2015-02-21 . 86788459ECC80EB2E1AF7729872D0B8E . 14388736 . . [10.00.9200.21384] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21384_none_84bf0f08e08fe4c1\mshtml.dll
[7] 2015-02-21 . 836E4983088DD3723F0B3D9BABA63E97 . 14380544 . . [10.00.9200.17267] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17267_none_9b9540a4c6e28350\mshtml.dll
[7] 2015-01-13 . A3ABC842E8D5021B7D76A65A78C7919D . 14373376 . . [10.00.9200.17229] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.17229_none_9b9111ecc6e65136\mshtml.dll
[7] 2015-01-12 . D9A35CEAE53200F6A30EFB888CCA0034 . 14381568 . . [10.00.9200.21345] .. c:\windows\winsxs\wow64_microsoft-windows-ie-htmlrendering_31bf3856ad364e35_10.2.9200.21342_none_84bb3b70e0934c23\mshtml.dll
.
[7] 2013-04-18 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\SysWOW64\msvcrt.dll
[7] 2013-04-18 . 9DC80A8AAAAAC397BDAB3C67165A824E . 690688 . . [7.0.7601.17744] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.17744_none_d33c3413fd4084d9\msvcrt.dll
[7] 2013-04-18 . 2F740C4B458331357E825E94AFB0953A . 690688 . . [7.0.7601.21878] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7601.21878_none_d3a962431672ddd2\msvcrt.dll
[7] 2009-07-14 . E46D48A7FE961401F1CBF85531CDF05D . 690688 . . [7.0.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-msvcrt_31bf3856ad364e35_6.1.7600.16385_none_d12b8c440039b31e\msvcrt.dll
.
[7] 2013-09-08 . E94C583CDE2348950155F2AF2876F34D . 231424 . . [6.1.7600.16385] .. c:\windows\SysWOW64\mswsock.dll
[7] 2013-09-08 . E94C583CDE2348950155F2AF2876F34D . 231424 . . [6.1.7601.18254] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.18254_none_ba2f64c78bae6989\mswsock.dll
[7] 2013-09-07 . 6547D445C4B69DC0083B619AC642DF04 . 231424 . . [6.1.7601.22444] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.22444_none_bac3d364a4c3ea89\mswsock.dll
[7] 2010-11-21 . 8999B8631C7FD9F7F9EC3CAFD953BA24 . 232448 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-w..-infrastructure-bsp_31bf3856ad364e35_6.1.7601.17514_none_ba5ac0f18b8dd799\mswsock.dll
.
[7] 2013-04-18 . C8791A2AF7FDF9AD05F446443F1AF447 . 566784 . . [6.1.7600.16385] .. c:\windows\SysWOW64\netlogon.dll
[7] 2013-04-18 . C8791A2AF7FDF9AD05F446443F1AF447 . 566784 . . [6.1.7601.22137] .. c:\windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.22137_none_66a9448f9c258022\netlogon.dll
[7] 2010-11-21 . C1809B9907ADEDAF16F50C894100883B . 563712 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-security-netlogon_31bf3856ad364e35_6.1.7601.17514_none_6632670482fa3493\netlogon.dll
.
[7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\SysWOW64\powrprof.dll
[7] 2009-07-14 . 08DFDBD2FD4EA951DC46B1C7661ED35A . 145408 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-userpowermanagement_31bf3856ad364e35_6.1.7600.16385_none_a2eff4845e2bf4e2\powrprof.dll
.
[7] 2010-11-21 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7600.16385] .. c:\windows\SysWOW64\scecli.dll
[7] 2010-11-21 . 8124944EC89D6A1815E4E53F5B96AAF4 . 175616 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-s..urationengineclient_31bf3856ad364e35_6.1.7601.17514_none_a088921d241bbb4e\scecli.dll
.
[7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\SysWOW64\sfc.dll
[7] 2009-07-14 . 40CAEEE0EAF1B8569F7C8DF6420F2CB9 . 2560 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-sfc_31bf3856ad364e35_6.1.7600.16385_none_a70c196fbd853ae9\sfc.dll
.
[7] 2013-04-18 . FFB38D8AFD6F4FCA1D46D64F1EDE0B9F . 21504 . . [6.1.7600.16385] .. c:\windows\SysWOW64\svchost.exe
[7] 2013-04-18 . FFB38D8AFD6F4FCA1D46D64F1EDE0B9F . 21504 . . [6.1.7601.22137] .. c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7601.22137_none_b839a1177cbb227f\svchost.exe
[7] 2009-07-14 . 54A47F6B5E09A77E61649109C6A08866 . 20992 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-services-svchost_31bf3856ad364e35_6.1.7600.16385_none_b591afc466a15356\svchost.exe
.
[7] 2010-11-21 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7600.16385] .. c:\windows\SysWOW64\tapisrv.dll
[7] 2010-11-21 . 613BF4820361543956909043A265C6AC . 242176 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-tapiservice_31bf3856ad364e35_6.1.7601.17514_none_e54442c74334b18a\tapisrv.dll
.
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\SysWOW64\user32.dll
[7] 2010-11-21 . 5E0DB2D8B2750543CD2EBB9EA8E6CDD3 . 833024 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-user32_31bf3856ad364e35_6.1.7601.17514_none_35b31c02b85ccb6e\user32.dll
.
[7] 2010-11-21 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7600.16385] .. c:\windows\SysWOW64\userinit.exe
[7] 2010-11-21 . 61AC3EFDFACFDD3F0F11DD4FD4044223 . 26624 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-userinit_31bf3856ad364e35_6.1.7601.17514_none_de3024012ff21116\userinit.exe
.
[7] 2015-10-20 . 7A2B704DF5FA97C3EC62C860B8B0AAA3 . 1770496 . . [10.00.9200.21669] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21673_none_0cd050ce73946935\wininet.dll
[7] 2015-10-20 . DA530E27250A2869E9F5D418B5229B91 . 1763328 . . [10.00.9200.16521] .. c:\windows\SysWOW64\wininet.dll
[7] 2015-10-20 . DA530E27250A2869E9F5D418B5229B91 . 1763328 . . [10.00.9200.17552] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17556_none_23a6826a59e707c4\wininet.dll
[7] 2015-09-17 . 978683A878ACAE03E2B3CAE17B6EBA3F . 1763328 . . [10.00.9200.17519] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17519_none_23a23cea59eaef4b\wininet.dll
[7] 2015-09-17 . 3033C7008637308D353DCA454FB9497C . 1770496 . . [10.00.9200.21636] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21636_none_0ccc0b4e739850bc\wininet.dll
[7] 2015-08-22 . 82C8651DB618D427FA942E9F25EEC389 . 1770496 . . [10.00.9200.21603] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21605_none_0cc92138739aeb16\wininet.dll
[7] 2015-08-22 . 0E425A4058B80E0FB96C01CCADCC6639 . 1763328 . . [10.00.9200.17489] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17492_none_23b5ae9e59daeaab\wininet.dll
[7] 2015-07-25 . 74CB99E0BD67C18166329DBE7ACBB7C1 . 1763328 . . [10.00.9200.17457] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17457_none_23b13b8e59df0574\wininet.dll
[7] 2015-07-25 . 273912AB49E3C47A23FE82A71FE5D882 . 1770496 . . [10.00.9200.21571] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21571_none_0cdb4e4a738c1a02\wininet.dll
[7] 2015-06-17 . 3F52E454C6FC2AE16DDF518E1047AAE8 . 1770496 . . [10.00.9200.21523] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21524_none_0cd608807390e832\wininet.dll
[7] 2015-06-17 . E0103806C6CD91CFA8696A8A9EB4C822 . 1763328 . . [10.00.9200.17412] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17414_none_23ad7ebe59e25335\wininet.dll
[7] 2015-05-28 . 7B08BA7F4147E3D553E4E88136E7E750 . 1770496 . . [10.00.9200.21489] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21489_none_0ce668407383e470\wininet.dll
[7] 2015-05-28 . B35C734515AA416DA9DDA96082694B00 . 1763328 . . [10.00.9200.17377] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17377_none_23be0c0e59d51c31\wininet.dll
[7] 2015-04-21 . 39FA6C7F56B65F6FB3B8074CD5D12A96 . 1763328 . . [10.00.9200.17356] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17357_none_23bc0b7a59d6e983\wininet.dll
[7] 2015-04-21 . 15B311FF73CF43EF517055BA87301E13 . 1770496 . . [10.00.9200.21459] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21470_none_0ce634fe7383e470\wininet.dll
[7] 2015-03-10 . 2998832C2741DA50AECB4918A5C3D1DE . 1763328 . . [10.00.9200.17296] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17296_none_23caf35659cb194d\wininet.dll
[7] 2015-03-10 . A07A5A023876D447F6C7D2C7E841CF44 . 1769984 . . [10.00.9200.21413] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21413_none_0cdfeeea73899949\wininet.dll
[7] 2015-02-21 . 0ABC05FB8DC299E97A809684ED49F9E1 . 1769984 . . [10.00.9200.21384] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21384_none_0cf1aa14737b485a\wininet.dll
[7] 2015-02-21 . 7FBC8607D89C3EA54A764C6331C99D6D . 1763328 . . [10.00.9200.17267] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17267_none_23c7dbb059cde6e9\wininet.dll
[7] 2015-01-13 . E63E9D7DE2426B0C10E05607D5B5A1D2 . 1762816 . . [10.00.9200.17229] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17229_none_23c3acf859d1b4cf\wininet.dll
[7] 2015-01-12 . 70B2B095140B38E2E3D181CD0C2D856B . 1769984 . . [10.00.9200.21345] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21342_none_0cedd67c737eafbc\wininet.dll
[7] 2014-11-21 . 3015E7F0C3074E718FEEDA0A777901C5 . 1769984 . . [10.00.9200.21299] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21299_none_0cfd08627372c5e5\wininet.dll
[7] 2014-11-21 . 2BB8BC3DF1BE3F384931021E7D8331E4 . 1762816 . . [10.00.9200.17183] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17183_none_23d5075059c39722\wininet.dll
[7] 2014-11-20 . 6A1ABCE29F10EAF7D182BE93A457CA1C . 1762816 . . [10.00.9200.17173] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17173_none_23d4070659c47dcb\wininet.dll
[7] 2014-11-20 . 13E71D8920D5235CB57F109A1B3A034C . 1769984 . . [10.00.9200.21291] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21291_none_0cfdbea27371f8dd\wininet.dll
[7] 2014-10-26 . 4DA2A17ADAF20F56CF6644D93DAC7D64 . 1769984 . . [10.00.9200.21267] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.21267_none_0cfa35147375469e\wininet.dll
[7] 2014-10-26 . D7B42130AAE3AED8E487619A9E1BF351 . 1762816 . . [10.00.9200.17148] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.17148_none_23d0944059c7b1eb\wininet.dll
[7] 2014-01-31 . 3AA6FD9B534F17CBD5D311DDC077973C . 1767936 . . [10.00.9200.16750] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_10.2.9200.16750_none_2391695c59f6a8b9\wininet.dll
[7] 2010-11-21 . 44214C94911C7CFB1D52CB64D5E8368D . 980992 . . [8.00.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-i..tocolimplementation_31bf3856ad364e35_8.0.7601.17514_none_1eaaa4a07717236e\wininet.dll
.
[7] 2010-11-21 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2_32.dll
[7] 2010-11-21 . 7FF15A4F092CD4A96055BA69F903E3E9 . 206848 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-w..nfrastructure-ws232_31bf3856ad364e35_6.1.7601.17514_none_f4bf1aae2c981ecf\ws2_32.dll
.
[7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ws2help.dll
[7] 2009-07-14 . 808AABDF9337312195CAFF76D1804786 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-w..nfrastructure-other_31bf3856ad364e35_6.1.7600.16385_none_6ace9e67456cc40b\ws2help.dll
.
[7] 2013-04-18 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7600.16385] .. c:\windows\explorer.exe
[7] 2013-04-18 . 332FEAB1435662FC6C672E25BEB37BE3 . 2871808 . . [6.1.7601.17567] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17567_none_afa79dc39081d0ba\explorer.exe
[7] 2013-04-18 . 3B69712041F3D63605529BD66DC00C48 . 2871808 . . [6.1.7601.21669] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.21669_none_b0333b22a99da332\explorer.exe
[7] 2010-11-21 . AC4C51EB24AA95B77F705AB159189E24 . 2872320 . . [6.1.7601.17514] .. c:\windows\winsxs\amd64_microsoft-windows-explorer_31bf3856ad364e35_6.1.7601.17514_none_afdaac81905bf900\explorer.exe
.
[7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 427008 . . [6.1.7600.16385] .. c:\windows\winsxs\amd64_microsoft-windows-registry-editor_31bf3856ad364e35_6.1.7600.16385_none_5023a70bf589ad3e\regedit.exe
[7] 2009-07-14 . 2E2C937846A0B8789E5E91739284D17A . 398336 . . [6.1.7600.16385] .. c:\windows\regedit.exe
.
[7] 2015-07-04 . 4548507ED3C17DB4739DBBEAF6378004 . 1414656 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ole32.dll
[7] 2015-07-04 . 4548507ED3C17DB4739DBBEAF6378004 . 1414656 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.18915_none_ae2602615092a123\ole32.dll
[7] 2015-07-04 . 1327BE7F332B0695C0158D6DDE9551A9 . 1414656 . . [6.1.7601.23118] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.23118_none_aeb2782c69adc034\ole32.dll
[7] 2010-11-21 . 928CF7268086631F54C3D8E17238C6DD . 1414144 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-com-base-qfe-ole32_31bf3856ad364e35_6.1.7601.17514_none_ae2511475093798f\ole32.dll
.
[7] 2014-04-25 . A5F833506BF6A1B5D693E1499DEE2444 . 626688 . . [1.0626.7601.18454] .. c:\windows\SysWOW64\usp10.dll
[7] 2014-04-25 . A5F833506BF6A1B5D693E1499DEE2444 . 626688 . . [1.0626.7601.18454] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.18454_none_aed68a9bb6df0577\usp10.dll
[7] 2014-04-25 . 5A7B3405C2AAE5369F6CB42FE248FBB0 . 626688 . . [1.0626.7601.22666] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.22666_none_af5759f4d002f107\usp10.dll
[7] 2013-04-18 . CC19A4AE696C2191E965A9835F1E6399 . 626176 . . [1.0626.7601.17561] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17561_none_aec8d27fb6e9b8e9\usp10.dll
[7] 2013-04-18 . 29CE3FBE23E2D60C3BB06E424997969A . 626176 . . [1.0626.7601.21661] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.21661_none_af526f4ad00758b3\usp10.dll
[7] 2010-11-21 . 804AAAFEBB3AD5F49334DD906BCB1DE5 . 626176 . . [1.0626.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-usp_31bf3856ad364e35_6.1.7601.17514_none_af01e2f9b6be7939\usp10.dll
.
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ksuser.dll
[7] 2009-07-14 . 9C67F6BBDA3881CFD02095160CF91576 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-d..tshow-kernelsupport_31bf3856ad364e35_6.1.7601.17514_none_ea090647f58e5d9c\ksuser.dll
.
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ctfmon.exe
[7] 2009-07-14 . 4A3CDCEF8ED41B221F3DBEF5792FB52D . 8704 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-t..cesframework-ctfmon_31bf3856ad364e35_6.1.7600.16385_none_9d06e2f6f1e51f98\ctfmon.exe
.
[7] 2010-11-21 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7600.16385] .. c:\windows\SysWOW64\shsvcs.dll
[7] 2010-11-21 . 414DA952A35BF5D50192E28263B40577 . 328192 . . [6.1.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-shsvcs_31bf3856ad364e35_6.1.7601.17514_none_35ab0ceb67ede31e\shsvcs.dll
.
[7] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] .. c:\windows\SysWOW64\msimg32.dll
[7] 2009-07-14 . 18AB2E5A40064ED5F7791AC5946A90F3 . 4608 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-gdi-painting_31bf3856ad364e35_6.1.7600.16385_none_77422e3e7d5fa732\msimg32.dll
.
[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\SysWOW64\cngaudit.dll
[7] 2009-07-14 . 50BA656134F78AF64E4DD3C8B6FEFD7E . 12288 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-cngaudit-dll_31bf3856ad364e35_6.1.7600.16385_none_e83a414890e8132b\cngaudit.dll
.
[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\SysWOW64\wininit.exe
[7] 2009-07-14 . B5C5DCAD3899512020D135600129D665 . 96256 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-wininit_31bf3856ad364e35_6.1.7600.16385_none_30c90ef265a43c13\wininit.exe
.
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ias.dll
[7] 2009-07-14 . A1E91B5B5273573FC132B683E550B5E6 . 19456 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-n..ion_service_runtime_31bf3856ad364e35_6.1.7601.17514_none_fb08448fa0c85c23\ias.dll
.
[7] 2010-11-21 03:24 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6140] .. c:\windows\SysWOW64\mfc40u.dll
[7] 2010-11-21 03:24 . AB9EB3745B03AE67AB241A82338DEA7B . 954288 . . [4.1.6151] .. c:\windows\winsxs\x86_microsoft-windows-mfc40u_31bf3856ad364e35_6.1.7601.17514_none_f51a7bf0b3d25294\mfc40u.dll
.
[7] 2015-10-20 . 71B49ECE9891466E3C62C0EA2583C3B6 . 3996608 . . [6.1.7601.23250] .. c:\windows\SysWOW64\ntkrnlpa.exe
[7] 2015-10-20 . 71B49ECE9891466E3C62C0EA2583C3B6 . 3996608 . . [6.1.7601.23250] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23250_none_6e91f2572ba7144b\ntkrnlpa.exe
[7] 2015-10-20 . 64AD529B85D7E856F9A4FFF9C809E693 . 3991488 . . [6.1.7601.19045] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.19045_none_6e182504127cda1c\ntkrnlpa.exe
[7] 2015-09-29 . 63FD03CED9739062E9B94F0D1E54A406 . 3990976 . . [6.1.7601.19018] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.19018_none_6e3b95a61261d24e\ntkrnlpa.exe
[7] 2015-09-28 . 72DD2C8D7583BA87C09D4AA2E7C4453F . 3996608 . . [6.1.7601.23223] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23223_none_6eb562f92b8c0c7d\ntkrnlpa.exe
[7] 2015-08-04 . 3805C457C6669D93B545F09F0C11339C . 3995584 . . [6.1.7601.23153] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23153_none_6e94f14f2ba46329\ntkrnlpa.exe
[7] 2015-07-23 . EDE7D6D205B86DE1C7362D198C3018F8 . 3995584 . . [6.1.7601.23142] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23142_none_6e9ec0f12b9d2de1\ntkrnlpa.exe
[7] 2015-07-22 . 7798C39730CA28B18F8CC45EDBB479DC . 3989952 . . [6.1.7601.18939] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18939_none_6e271df61270f045\ntkrnlpa.exe
[7] 2015-07-15 . 6C95D6264810F816E92780E7DB81F7B1 . 3989952 . . [6.1.7601.18933] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18933_none_6e211c3a1276583b\ntkrnlpa.exe
[7] 2015-07-15 . 4DCAB20257F5272950EECB4DB96815CC . 3995584 . . [6.1.7601.23136] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23136_none_6ead92052b91774c\ntkrnlpa.exe
[7] 2015-07-15 . 2EDEDA680B11D41A01992C7CD2ADE28C . 3995584 . . [6.1.7601.23126] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23126_none_6eb861f12b895b5b\ntkrnlpa.exe
[7] 2015-07-15 . BB50127AACB467F56DDDAF0E1E434B33 . 3989952 . . [6.1.7601.18923] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18923_none_6e2bec26126e3c4a\ntkrnlpa.exe
[7] 2015-05-25 . 4AA0A6FDBAD338FBE8550FA68A465E17 . 3994560 . . [6.1.7601.23072] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23072_none_6e7e4f472bb5848d\ntkrnlpa.exe
[7] 2015-05-25 . 641A14E6AC492ED45BC68815E2E2F566 . 3989440 . . [6.1.7601.18869] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18869_none_6e06ac4c128946f1\ntkrnlpa.exe
[7] 2015-03-17 . A6A644BFAE31F111F35F8C3C7BA2A8A0 . 3976632 . . [6.1.7601.18798] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18798_none_6de53a5812a28446\ntkrnlpa.exe
[7] 2015-03-17 . D4E0D6FF3515292E0C79EBB36C5EB6BC . 3981248 . . [6.1.7601.23002] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23002_none_6ec9febb2b7cc0f6\ntkrnlpa.exe
[7] 2015-02-03 . B6258DE1BA2EB5F718B65D206D2912CE . 3977664 . . [6.1.7601.22948] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22948_none_6ea4e8a52b979582\ntkrnlpa.exe
[7] 2015-02-03 . 6C2D4DC5D2E271F4AE4016FD4587B0B2 . 3973048 . . [6.1.7601.18741] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18741_none_6e1447ee12804730\ntkrnlpa.exe
[7] 2015-01-29 . 9D5011B9F27000F02A4FDB3591DA9805 . 3973048 . . [6.1.7601.18738] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18738_none_6e2619e01271dca0\ntkrnlpa.exe
[7] 2015-01-27 . DF248D3FD493F250AC279AFF583FE032 . 3977656 . . [6.1.7601.22943] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22943_none_6e9fe7332b9c16cf\ntkrnlpa.exe
[7] 2015-01-14 . 4997B61D205698D53420B877B8F76622 . 3977656 . . [6.1.7601.22923] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22923_none_6eb5870b2b8bdeed\ntkrnlpa.exe
[7] 2015-01-14 . 62C93E47A424A8EC79F3CF1719A2DCC6 . 3972544 . . [6.1.7601.18717] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18717_none_6e3ab96e12628b67\ntkrnlpa.exe
[7] 2015-01-12 . 834823B4A62E6086BA05D65D60E43B54 . 3977664 . . [6.1.7601.22921] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22921_none_6eb386772b8dac3f\ntkrnlpa.exe
[7] 2015-01-12 . 85D983FF7E40CB626DFB2F61E26886A1 . 3972544 . . [6.1.7601.18715] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18715_none_6e38b8da126458b9\ntkrnlpa.exe
[7] 2014-12-12 . 2F9871CD1A994180A1DC4F959010AF8A . 3977656 . . [6.1.7601.22908] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22908_none_6ed028552b7725be\ntkrnlpa.exe
[7] 2014-12-12 . 2AF481C03C0383ADE09FFEDA0C583140 . 3971512 . . [6.1.7601.18700] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18700_none_6e3e87541260be15\ntkrnlpa.exe
[7] 2014-03-04 . FB18FE03DEC1297107946C4D597797C3 . 3974080 . . [6.1.7601.22616] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_6ec352232b81178c\ntkrnlpa.exe
[7] 2014-03-04 . 4D59F470985D08139E42D15842816C47 . 3969984 . . [6.1.7601.18409] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_6e47843c1258aaaf\ntkrnlpa.exe
[7] 2013-08-29 . EB6B2FB5EE07337C8B4F3A16CBC18BE3 . 3973568 . . [6.1.7601.22436] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_6eadae7f2b915520\ntkrnlpa.exe
[7] 2013-08-29 . 482C8CD985C727C7C78A5E9B320947F0 . 3969472 . . [6.1.7601.18247] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_6e1a402c127aed77\ntkrnlpa.exe
[7] 2013-08-02 . 0F3ACFF7F3D87C319F7894EF7155609B . 3973056 . . [6.1.7601.22411] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_6ebe4ce52b859e8b\ntkrnlpa.exe
[7] 2013-08-02 . 1A9E4EE88B31750E5CA207424143F99C . 3968960 . . [6.1.7601.18229] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18229_none_6e31e0981268e843\ntkrnlpa.exe
[7] 2013-05-31 . 660100CB90F344040EF57F52FC0681C3 . 3967848 . . [6.1.7601.18044] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntkrnlpa.exe
[7] 2013-05-31 . 8E43161944CE6E3A1F2B2618B992A8CE . 3971928 . . [6.1.7601.22210] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntkrnlpa.exe
[7] 2013-04-18 . 88355CFE81D381F93C74716DAA803587 . 3968856 . . [6.1.7601.18113] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntkrnlpa.exe
[7] 2013-04-18 . 3DFCBEEE97DF8BBAA749CAACFC9C43E1 . 3972440 . . [6.1.7601.22280] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntkrnlpa.exe
[7] 2013-04-18 . 8F6D5704D7522AAB8B4B82C0D35D9184 . 3968368 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntkrnlpa.exe
[7] 2013-04-18 . 93358348D0B79812CAAA83A1377E4449 . 3971952 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntkrnlpa.exe
[7] 2013-04-18 . A4A8EF2ACE5FA5863AA0B04C9BBFECA7 . 3967872 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntkrnlpa.exe
[7] 2013-04-18 . 3624D782F8B061B6FBA3A35E2FE53CFD . 3967872 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntkrnlpa.exe
[7] 2013-04-18 . 76DB4431B9157C0B9C07D082343FE5D1 . 3971928 . . [6.1.7601.22137] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22137_none_6eaea9172b907702\ntkrnlpa.exe
[7] 2013-04-18 . 43711ABF8AE553A7B5FFFF61E60C419D . 3968368 . . [6.1.7601.17790] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntkrnlpa.exe
[7] 2013-04-18 . 07B026E7A2C873D09F0073141EE2099E . 3972464 . . [6.1.7601.21936] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntkrnlpa.exe
[7] 2013-04-18 . 31C59B0CA08B1203E35D2BA19319279E . 3968368 . . [6.1.7601.17727] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntkrnlpa.exe
[7] 2013-04-18 . 2EDA0DCCF5F00CDB91A9ECBE45CB0B3D . 3971440 . . [6.1.7601.21863] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntkrnlpa.exe
[7] 2013-04-18 . 102A6182087B18C795664BCD22EB52E9 . 3967872 . . [6.1.7601.17592] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntkrnlpa.exe
[7] 2013-04-18 . 9CF7F5D025183FA10E130445BC071B70 . 3967872 . . [6.1.7601.21701] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntkrnlpa.exe
[7] 2010-11-21 . 144BD78C6103C8616DE047B3532142DB . 3966848 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntkrnlpa.exe
.
[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\SysWOW64\upnphost.dll
[7] 2009-07-14 . 833FBB672460EFCE8011D262175FAD33 . 266752 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-upnpdevicehost_31bf3856ad364e35_6.1.7600.16385_none_2831d06e8295c671\upnphost.dll
.
[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\SysWOW64\dsound.dll
[7] 2009-07-14 . 0E85C11F8850D524B02181C6E02BA9AE . 453632 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-dsound_31bf3856ad364e35_6.1.7600.16385_none_5872147ba3367471\dsound.dll
.
[7] 2010-11-21 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\SysWOW64\d3d9.dll
[7] 2010-11-21 . 6EF5F3F18413C367195F06E503AB86A6 . 1828352 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-directx-direct3d9_31bf3856ad364e35_6.1.7601.17514_none_c454d690bf084f04\d3d9.dll
.
[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\SysWOW64\ddraw.dll
[7] 2009-07-14 . 198552AEFECA69D646867EC8D792DE95 . 531968 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-directx-directdraw_31bf3856ad364e35_6.1.7600.16385_none_04dbf9102154d42e\ddraw.dll
.
[7] 2010-11-21 03:24 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\SysWOW64\olepro32.dll
[7] 2010-11-21 03:24 . 703FFD301AB900B047337C5D40FD6F96 . 90112 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-ole-automation-legacy_31bf3856ad364e35_6.1.7601.17514_none_3c1b247e5ff65f89\olepro32.dll
.
[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\SysWOW64\perfctrs.dll
[7] 2009-07-14 . EDD2AD141DEBD425D74A52A4D7BE6AC4 . 39424 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-p..ormancebasecounters_31bf3856ad364e35_6.1.7600.16385_none_97bcd9bcab2b9b3a\perfctrs.dll
.
[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\SysWOW64\version.dll
[7] 2009-07-14 . 702254574E7E52052DE39408457B7149 . 21504 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-version_31bf3856ad364e35_6.1.7600.16385_none_14d4a552b2395165\version.dll
.
[7] 2015-10-20 . 2F7F101D33D0FA3B6AB1670888FD9B54 . 770736 . . [10.00.9200.21669] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.21673_none_0a10ff806c455254\iexplore.exe
[7] 2015-10-20 . 76CEC708FFBA161AA503EB984493203D . 770736 . . [10.00.9200.17552] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.17556_none_20e7311c5297f0e3\iexplore.exe
[7] 2015-09-17 . 73F2285810A10AE505158D9AE4B04BF4 . 772256 . . [10.00.9200.17519] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.17519_none_20e2eb9c529bd86a\iexplore.exe
[7] 2015-09-17 . E252DF79BAED3FB111BCE8D787218922 . 772168 . . [10.00.9200.21636] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.21636_none_0a0cba006c4939db\iexplore.exe
[7] 2015-08-22 . 22806DB278F9D915FE328A0B12A7B7C3 . 770736 . . [10.00.9200.21603] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.21605_none_0a09cfea6c4bd435\iexplore.exe
[7] 2015-08-22 . 53E0427E470B13167420B70A3ACF51FB . 772168 . . [10.00.9200.17489] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.17492_none_20f65d50528bd3ca\iexplore.exe
[7] 2015-07-25 . 27FB15D5193F89B9FA98E4C70E8AD7B7 . 770736 . . [10.00.9200.17457] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.17457_none_20f1ea40528fee93\iexplore.exe
[7] 2015-07-25 . 957191EFBB0BFBA5C12EF5B9FF6B80EA . 770736 . . [10.00.9200.21571] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.21571_none_0a1bfcfc6c3d0321\iexplore.exe
[7] 2015-06-17 . 5049F6F08021732A7FD6FC5E5CB44617 . 770736 . . [10.00.9200.21521] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.21524_none_0a16b7326c41d151\iexplore.exe
[7] 2015-06-17 . CD14FCA6675745F01C79CCCB86D2D60A . 770736 . . [10.00.9200.17410] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.17414_none_20ee2d7052933c54\iexplore.exe
[7] 2015-05-28 . C20CCEA4A17D83AF336A4E3095D3D05A . 770736 . . [10.00.9200.17377] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.17377_none_20febac052860550\iexplore.exe
[7] 2015-05-28 . C000EB9021CF2638EB36F17BBDFA01AE . 770744 . . [10.00.9200.21489] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.21489_none_0a2716f26c34cd8f\iexplore.exe
[7] 2015-04-21 . 11BE05DBD2F9D93A00A33698386D801C . 770736 . . [10.00.9200.21459] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.21470_none_0a26e3b06c34cd8f\iexplore.exe
[7] 2015-04-21 . E1171B6468704D71091945DA301CA42D . 770736 . . [10.00.9200.17356] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.17357_none_20fcba2c5287d2a2\iexplore.exe
[7] 2015-03-10 . 480BB68DF3C368C3F7492D4BA1E1CAFB . 770704 . . [10.00.9200.17296] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.17296_none_210ba208527c026c\iexplore.exe
[7] 2015-03-10 . 505AC972DEEC916C3D345020DA352FE4 . 770704 . . [10.00.9200.21413] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.21413_none_0a209d9c6c3a8268\iexplore.exe
[7] 2015-02-21 . 9F4748E9721925FAA8E86E81F86CFF49 . 770704 . . [10.00.9200.21384] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.21384_none_0a3258c66c2c3179\iexplore.exe
[7] 2015-02-21 . 333A31AD13A3BB850D93AEFAE4472574 . 770712 . . [10.00.9200.17267] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.17267_none_21088a62527ed008\iexplore.exe
[7] 2015-01-13 . 7477021D1BC1BE59ECD9CF667D781B24 . 770704 . . [10.00.9200.17229] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.17229_none_21045baa52829dee\iexplore.exe
[7] 2015-01-12 . 4D9B7316DCD8CB80BCFCDD916C2A5DB6 . 770704 . . [10.00.9200.21345] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.21342_none_0a2e852e6c2f98db\iexplore.exe
[7] 2014-11-21 . 55F99137468CF692802C7C192C422F2C . 770704 . . [10.00.9200.17183] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.17183_none_2115b60252748041\iexplore.exe
[7] 2014-11-21 . 48DBFC3E2F9F206F2A0049D72F91B2EB . 770712 . . [10.00.9200.21299] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.21299_none_0a3db7146c23af04\iexplore.exe
[7] 2014-11-20 . AFA3172B5BEB3C38B7460AE7321EB3B4 . 770704 . . [10.00.9200.17173] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.17173_none_2114b5b8527566ea\iexplore.exe
[7] 2014-11-20 . 164D975EC270029A758FD48251254F18 . 770704 . . [10.00.9200.21291] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.21291_none_0a3e6d546c22e1fc\iexplore.exe
[7] 2014-10-26 . 0E144293FBAECD79A045B336FA6C0F0D . 770704 . . [10.00.9200.17148] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.17148_none_211142f252789b0a\iexplore.exe
[7] 2014-10-26 . 396D430A2BF6DA949A37F56D57F8C8B6 . 770712 . . [10.00.9200.21267] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.21267_none_0a3ae3c66c262fbd\iexplore.exe
[7] 2014-01-31 . 9ED469260687108F5F8FD544D56ABC54 . 770736 . . [10.00.9200.16750] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_10.2.9200.16750_none_20d2180e52a791d8\iexplore.exe
[7] 2010-11-21 . C613E69C3B191BB02C7A191741A1D024 . 673040 . . [8.00.7601.17514] .. c:\windows\winsxs\wow64_microsoft-windows-i..etexplorer-optional_31bf3856ad364e35_8.0.7601.17514_none_1beb53526fc80c8d\iexplore.exe
.
.
[7] 2015-10-20 . 9ABF05BB3A985AF1A67EF6A13418B9FE . 3940800 . . [6.1.7601.23250] .. c:\windows\SysWOW64\ntoskrnl.exe
[7] 2015-10-20 . 9ABF05BB3A985AF1A67EF6A13418B9FE . 3940800 . . [6.1.7601.23250] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23250_none_6e91f2572ba7144b\ntoskrnl.exe
[7] 2015-10-20 . A860CAA340D18B2CB7B93A9C67FDDB49 . 3935680 . . [6.1.7601.19045] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.19045_none_6e182504127cda1c\ntoskrnl.exe
[7] 2015-09-29 . C19537A50B723E0F7B53D413163B35EE . 3936192 . . [6.1.7601.19018] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.19018_none_6e3b95a61261d24e\ntoskrnl.exe
[7] 2015-09-28 . 2F53F96932CD96AA58B3F0EC16AC904D . 3940800 . . [6.1.7601.23223] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23223_none_6eb562f92b8c0c7d\ntoskrnl.exe
[7] 2015-08-04 . CC8B9E9917FE633620CE976526A0DA2B . 3939776 . . [6.1.7601.23153] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23153_none_6e94f14f2ba46329\ntoskrnl.exe
[7] 2015-07-23 . EBA077FC13F9CCD445A8B0DD1B9C760E . 3939776 . . [6.1.7601.23142] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23142_none_6e9ec0f12b9d2de1\ntoskrnl.exe
[7] 2015-07-22 . B83B25734C88C16026DFA483C5FE2107 . 3934656 . . [6.1.7601.18939] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18939_none_6e271df61270f045\ntoskrnl.exe
[7] 2015-07-15 . DC18FFFF3175376ABD38E6D48309F7F9 . 3934656 . . [6.1.7601.18933] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18933_none_6e211c3a1276583b\ntoskrnl.exe
[7] 2015-07-15 . 4555F0C9CFDB8158C7A9E462F6FCD053 . 3939776 . . [6.1.7601.23136] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23136_none_6ead92052b91774c\ntoskrnl.exe
[7] 2015-07-15 . ECBD9B1FF41E554971D98DF2F7B8A52D . 3939776 . . [6.1.7601.23126] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23126_none_6eb861f12b895b5b\ntoskrnl.exe
[7] 2015-07-15 . D2D535ADD20A3D9340539336E46DDB20 . 3934656 . . [6.1.7601.18923] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18923_none_6e2bec26126e3c4a\ntoskrnl.exe
[7] 2015-05-25 . DEF4491FB75633A4EB4648F68B7DF8C2 . 3939776 . . [6.1.7601.23072] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23072_none_6e7e4f472bb5848d\ntoskrnl.exe
[7] 2015-05-25 . 583FFF12D2F0D6E1A8746462C433895F . 3934144 . . [6.1.7601.18869] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18869_none_6e06ac4c128946f1\ntoskrnl.exe
[7] 2015-03-17 . 11896E75E1A118ABFAD126BEB650A189 . 3920824 . . [6.1.7601.18798] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18798_none_6de53a5812a28446\ntoskrnl.exe
[7] 2015-03-17 . B53EFFD5A376DB232A1A1D176636E451 . 3925944 . . [6.1.7601.23002] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.23002_none_6ec9febb2b7cc0f6\ntoskrnl.exe
[7] 2015-02-03 . AC9A49269B41CA6D814912CE7A2475E6 . 3921848 . . [6.1.7601.22948] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22948_none_6ea4e8a52b979582\ntoskrnl.exe
[7] 2015-02-03 . 2CFE69A0A8AFDA8DB9A773D728000BB7 . 3917760 . . [6.1.7601.18741] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18741_none_6e1447ee12804730\ntoskrnl.exe
[7] 2015-01-29 . 5E84F1022C92554804F48E10F000116B . 3917752 . . [6.1.7601.18738] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18738_none_6e2619e01271dca0\ntoskrnl.exe
[7] 2015-01-27 . 4A17F0BFD8054EA0446289CE58770175 . 3921848 . . [6.1.7601.22943] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22943_none_6e9fe7332b9c16cf\ntoskrnl.exe
[7] 2015-01-14 . BFCA109D2F65A57389E03D63B0F86EE3 . 3921848 . . [6.1.7601.22923] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22923_none_6eb5870b2b8bdeed\ntoskrnl.exe
[7] 2015-01-14 . 6D227897A458DA8A9518DACDC88F1947 . 3917760 . . [6.1.7601.18717] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18717_none_6e3ab96e12628b67\ntoskrnl.exe
[7] 2015-01-12 . A2F88DADFC1CFC4FF9761013A9366975 . 3921856 . . [6.1.7601.22921] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22921_none_6eb386772b8dac3f\ntoskrnl.exe
[7] 2015-01-12 . 446487D4ED829B4774C6A684E65139E9 . 3917760 . . [6.1.7601.18715] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18715_none_6e38b8da126458b9\ntoskrnl.exe
[7] 2014-12-12 . D6D3C2B151CE2867F9B3E3CA770DEF4B . 3921848 . . [6.1.7601.22908] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22908_none_6ed028552b7725be\ntoskrnl.exe
[7] 2014-12-12 . 8A289EF0AE709327D6AA9769E108B5A6 . 3916728 . . [6.1.7601.18700] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18700_none_6e3e87541260be15\ntoskrnl.exe
[7] 2014-03-04 . A3EBCBBE7EFF3F736ADC532A6C73E775 . 3918784 . . [6.1.7601.22616] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22616_none_6ec352232b81178c\ntoskrnl.exe
[7] 2014-03-04 . 31FA2485DFC773F1E718A4D19F443FA9 . 3914176 . . [6.1.7601.18409] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18409_none_6e47843c1258aaaf\ntoskrnl.exe
[7] 2013-08-29 . 998141EB656327F13B8EEC01BAADC5D4 . 3918272 . . [6.1.7601.22436] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22436_none_6eadae7f2b915520\ntoskrnl.exe
[7] 2013-08-29 . 813A7F5A2D6D366EB3FFB643B851BCE5 . 3914176 . . [6.1.7601.18247] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18247_none_6e1a402c127aed77\ntoskrnl.exe
[7] 2013-08-02 . BE61C925CC1A1340840EFF07A5911612 . 3918272 . . [6.1.7601.22411] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22411_none_6ebe4ce52b859e8b\ntoskrnl.exe
[7] 2013-08-02 . 5D0325AEF9DE48330908EC2E2DB0359F . 3913664 . . [6.1.7601.18229] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18229_none_6e31e0981268e843\ntoskrnl.exe
[7] 2013-05-31 . 82FF919E9236B0137B5C7455B0E1418A . 3913064 . . [6.1.7601.18044] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18044_none_6e173b82127da724\ntoskrnl.exe
[7] 2013-05-31 . 2E083C7D9CA98B63FA8F8062874E9327 . 3916648 . . [6.1.7601.22210] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22210_none_6ebd48cf2b868ae6\ntoskrnl.exe
[7] 2013-04-18 . 2DFAB8C3C394E95D262E1325BDA5DFE4 . 3913560 . . [6.1.7601.18113] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.18113_none_6e36ace212663721\ntoskrnl.exe
[7] 2013-04-18 . 80A652978002318C9723D43CFA618816 . 3916632 . . [6.1.7601.22280] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22280_none_6e71995b2bbf4e7d\ntoskrnl.exe
[7] 2013-04-18 . 28F44480E411C3DDF04B63F6560E6EF4 . 3913072 . . [6.1.7601.17803] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17803_none_6e41a0e0125deda0\ntoskrnl.exe
[7] 2013-04-18 . 2E02A17E8965AD671E4987E503AD38B1 . 3916656 . . [6.1.7601.21955] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21955_none_6e972ea32ba24bcd\ntoskrnl.exe
[7] 2013-04-18 . FB58ABD5E1F75A2CF713C9DFF0EC0804 . 3912576 . . [6.1.7601.17640] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17640_none_6e135c8612811711\ntoskrnl.exe
[7] 2013-04-18 . 90EFDB506F6140EEA9DEE398D9449D86 . 3912576 . . [6.1.7601.21755] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21755_none_6e972ad72ba2517f\ntoskrnl.exe
[7] 2013-04-18 . 76444811A83E22C687C3C2B7A5642F4D . 3916632 . . [6.1.7601.22137] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.22137_none_6eaea9172b907702\ntoskrnl.exe
[7] 2013-04-18 . 53B4BDEA12A032EEC71E60B6BFF42F37 . 3913072 . . [6.1.7601.17790] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17790_none_6ddd4ed012a99fed\ntoskrnl.exe
[7] 2013-04-18 . 57B7DE30C4E65AD19CA13AC3065EE60B . 3916656 . . [6.1.7601.21936] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21936_none_6eadcec52b912d42\ntoskrnl.exe
[7] 2013-04-18 . F0F0E99A65F598A1A7720F5111C4DA8F . 3913584 . . [6.1.7601.17727] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17727_none_6e30004a126a8db7\ntoskrnl.exe
[7] 2013-04-18 . 00B12EA93ED392FBD09F07B63E926647 . 3916656 . . [6.1.7601.21863] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21863_none_6e8a5c3d2bac37e9\ntoskrnl.exe
[7] 2013-04-18 . 5D21C487F79F8245E799071589E035BF . 3912576 . . [6.1.7601.17592] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17592_none_6ddf4b9812a7d84d\ntoskrnl.exe
[7] 2013-04-18 . D385343510B75545EC5DB3A64C2D2492 . 3912576 . . [6.1.7601.21701] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.21701_none_6ec9394b2b7d606e\ntoskrnl.exe
[7] 2010-11-21 . 2088D9994332583EDB3C561DE31EA5AD . 3911040 . . [6.1.7601.17514] .. c:\windows\winsxs\x86_microsoft-windows-os-kernel_31bf3856ad364e35_6.1.7601.17514_none_6e37cb8c12652b73\ntoskrnl.exe
.
[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\SysWOW64\midimap.dll
[7] 2009-07-14 . 5A12C364AD1D4FCC0AD0E56DBBC34462 . 16896 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-audio-mmecore-other_31bf3856ad364e35_6.1.7600.16385_none_8cd41e2771e37717\midimap.dll
.
[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\SysWOW64\rasadhlp.dll
[7] 2009-07-14 . ED6EE83D61EBC683C2CD8E899EA6FEBE . 11776 . . [6.1.7600.16385] .. c:\windows\winsxs\wow64_microsoft-windows-rasautodial_31bf3856ad364e35_6.1.7600.16385_none_76239aafb364e805\rasadhlp.dll
.
[7] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\SysWOW64\WSHTCPIP.DLL
[7] 2009-07-14 . EE5C8E27C37B79CB54A2FCEEED2DC262 . 9216 . . [6.1.7600.16385] .. c:\windows\winsxs\x86_microsoft-windows-winsock-helper-tcpip_31bf3856ad364e35_6.1.7600.16385_none_cb895be592db1acb\WSHTCPIP.DLL
.
(((((((((((((((((((((((((((((((((((((   Reg Loading Points   ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown 
REGEDIT4
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-07-04 20:11 223432 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-07-04 20:11 223432 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-07-04 20:11 223432 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\SkyDriveShell.dll
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Run]
"NCUpdateHelper"="c:\program files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe" [2014-12-13 526240]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"SpUninstallDeleteDir"="rmdir" [X]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"ConsentPromptBehaviorAdmin"= 0 (0x0)
"ConsentPromptBehaviorUser"= 0 (0x0)
"EnableInstallerDetection"= 0 (0x0)
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\windows]
"LoadAppInit_DLLs"=1 (0x1)
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\MsMpSvc]
@="Service"
.
R1 fsdkucxf;fsdkucxf;c:\windows\system32\drivers\fsdkucxf.sys;c:\windows\SYSNATIVE\drivers\fsdkucxf.sys [x]
R1 RzFilter;RzFilter;c:\windows\system32\drivers\RzFilter.sys;c:\windows\SYSNATIVE\drivers\RzFilter.sys [x]
R2 clr_optimization_v4.0.30319_64;Microsoft .NET Framework NGEN v4.0.30319_X64;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe;c:\windows\Microsoft.NET\Framework64\v4.0.30319\mscorsvw.exe [x]
R3 cpuz136;cpuz136;c:\users\ADMINI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys;c:\users\ADMINI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [x]
R3 DMService;Microsoft Forefront UAG Endpoint Component Manager;c:\windows\DOWNLO~1\DMService.exe;c:\windows\DOWNLO~1\DMService.exe [x]
R3 NisSrv;Microsoft Network Inspection;c:\program files\Microsoft Security Client\NisSrv.exe;c:\program files\Microsoft Security Client\NisSrv.exe [x]
R3 NvStreamKms;NvStreamKms;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys;c:\program files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [x]
R3 RzDxgk;RzDxgk;c:\windows\system32\drivers\RzDxgk.sys;c:\windows\SYSNATIVE\drivers\RzDxgk.sys [x]
R3 TsUsbFlt;TsUsbFlt;c:\windows\system32\drivers\tsusbflt.sys;c:\windows\SYSNATIVE\drivers\tsusbflt.sys [x]
R3 TsUsbGD;Remote Desktop Generic USB Device;c:\windows\system32\drivers\TsUsbGD.sys;c:\windows\SYSNATIVE\drivers\TsUsbGD.sys [x]
R3 USBAAPL64;Apple Mobile USB Driver;c:\windows\system32\Drivers\usbaapl64.sys;c:\windows\SYSNATIVE\Drivers\usbaapl64.sys [x]
R3 WatAdminSvc;Windows Activation Technologies Service;c:\windows\system32\Wat\WatAdminSvc.exe;c:\windows\SYSNATIVE\Wat\WatAdminSvc.exe [x]
R3 WMSVC;Web Management Service;c:\windows\system32\inetsrv\wmsvc.exe;c:\windows\SYSNATIVE\inetsrv\wmsvc.exe [x]
R4 Apple Mobile Device Service;Apple Mobile Device Service;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe;c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [x]
R4 Fitbit Connect;Fitbit Connect Service;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe;c:\program files (x86)\Fitbit Connect\FitbitConnectService.exe [x]
R4 GfExperienceService;NVIDIA GeForce Experience Service;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe;c:\program files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [x]
R4 hola_svc;Hola Better Internet Engine;c:\program files\Hola\app\hola_svc.exe;c:\program files\Hola\app\hola_svc.exe [x]
R4 HPSupportSolutionsFrameworkService;HP Support Solutions Framework Service;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe;c:\program files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [x]
R4 IAStorDataMgrSvc;Intel® Rapid Storage Technology;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe;c:\program files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe [x]
R4 Intel® Capability Licensing Service Interface;Intel® Capability Licensing Service Interface;c:\program files\Intel\iCLS Client\HeciServer.exe;c:\program files\Intel\iCLS Client\HeciServer.exe [x]
R4 NetTalkUsrLaunchService;NetTalkUsrLaunchService;c:\program files (x86)\netTALK\nettalkl.exe;c:\program files (x86)\netTALK\nettalkl.exe [x]
R4 NetTalkUsrService;NetTalkUsrService;c:\program files (x86)\netTALK\nettalkd.exe;c:\program files (x86)\netTALK\nettalkd.exe [x]
R4 NvNetworkService;NVIDIA Network Service;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe;c:\program files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [x]
R4 NvStreamSvc;NVIDIA Streamer Service;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe;c:\program files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [x]
R4 Razer Game Scanner Service;Razer Game Scanner;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe;c:\program files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [x]
R4 Realtek11nCU;Realtek11nCU;c:\program files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe;c:\program files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe [x]
R4 RzOvlMon;Razer Overlay Subsystem Emergency Service;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe;c:\program files (x86)\Razer\Core\64bit\rzovlmon.exe [x]
R4 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe;c:\program files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [x]
R4 UNS;Intel® Management and Security Application User Notification Service;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe;c:\program files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe [x]
S0 iaStorA;iaStorA;c:\windows\system32\DRIVERS\iaStorA.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorA.sys [x]
S0 iaStorF;iaStorF;c:\windows\system32\DRIVERS\iaStorF.sys;c:\windows\SYSNATIVE\DRIVERS\iaStorF.sys [x]
S1 avgtp;avgtp;c:\windows\system32\drivers\avgtpx64.sys;c:\windows\SYSNATIVE\drivers\avgtpx64.sys [x]
S1 nettalkd;NetTalk LightWeight Filter;c:\windows\system32\DRIVERS\nettalkd.sys;c:\windows\SYSNATIVE\DRIVERS\nettalkd.sys [x]
S2 DiagTrack;Diagnostics Tracking Service;c:\windows\System32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 ftpsvc;Microsoft FTP Service;c:\windows\system32\svchost.exe;c:\windows\SYSNATIVE\svchost.exe [x]
S2 NisDrv;Microsoft Network Inspection System;c:\windows\system32\DRIVERS\NisDrvWFP.sys;c:\windows\SYSNATIVE\DRIVERS\NisDrvWFP.sys [x]
S2 rzpmgrk;rzpmgrk;c:\windows\system32\drivers\rzpmgrk.sys;c:\windows\SYSNATIVE\drivers\rzpmgrk.sys [x]
S2 rzpnk;rzpnk;c:\windows\system32\drivers\rzpnk.sys;c:\windows\SYSNATIVE\drivers\rzpnk.sys [x]
S2 uagqecsvc;Microsoft Forefront UAG Quarantine Enforcement Client;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe;c:\program files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [x]
S3 nusb3hub;Renesas Electronics USB 3.0 Hub Driver;c:\windows\system32\DRIVERS\nusb3hub.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3hub.sys [x]
S3 nusb3xhc;Renesas Electronics USB 3.0 Host Controller Driver;c:\windows\system32\DRIVERS\nusb3xhc.sys;c:\windows\SYSNATIVE\DRIVERS\nusb3xhc.sys [x]
S3 nvvad_WaveExtensible;NVIDIA Virtual Audio Device (Wave Extensible) (WDM);c:\windows\system32\drivers\nvvad64v.sys;c:\windows\SYSNATIVE\drivers\nvvad64v.sys [x]
S3 RTL8192cu;Realtek RTL8192CU Wireless LAN 802.11n USB 2.0 Network Adapter;c:\windows\system32\DRIVERS\rtwlanu.sys;c:\windows\SYSNATIVE\DRIVERS\rtwlanu.sys [x]
S3 rzudd;Razer Mouse Driver;c:\windows\system32\DRIVERS\rzudd.sys;c:\windows\SYSNATIVE\DRIVERS\rzudd.sys [x]
S3 SmbDrvI;SmbDrvI;c:\windows\system32\DRIVERS\Smb_driver_Intel.sys;c:\windows\SYSNATIVE\DRIVERS\Smb_driver_Intel.sys [x]
.
.
--- Other Services/Drivers In Memory ---
.
*NewlyCreated* - WS2IFSL
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\windows nt\currentversion\svchost]
iissvcs REG_MULTI_SZ   w3svc was
apphost REG_MULTI_SZ   apphostsvc
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{8A69D345-D564-463c-AFF1-A69D9E530F96}]
2015-11-12 01:30 997704 ----a-w- c:\program files (x86)\Google\Chrome\Application\46.0.2490.86\Installer\chrmstp.exe
.
[HKEY_LOCAL_MACHINE\software\wow6432node\microsoft\active setup\installed components\{A6EADE66-0000-0000-484E-7E8A45000000}]
2015-09-30 20:47 285880 ----a-w- c:\program files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll
.
Contents of the 'Scheduled Tasks' folder
.
2015-11-12 c:\windows\Tasks\Adobe Flash Player Updater.job
- c:\windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2013-05-31 03:53]
.
2015-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15 04:18]
.
2015-11-12 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files (x86)\Google\Update\GoogleUpdate.exe [2014-11-15 04:18]
.
.
--------- X64 Entries -----------
.
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive1]
@="{F241C880-6982-4CE5-8CF7-7085BA96DA5A}"
[HKEY_CLASSES_ROOT\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}]
2014-07-04 20:11 262344 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive2]
@="{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}"
[HKEY_CLASSES_ROOT\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}]
2014-07-04 20:11 262344 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\ SkyDrive3]
@="{BBACC218-34EA-4666-9D7A-C78F2274A524}"
[HKEY_CLASSES_ROOT\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}]
2014-07-04 20:11 262344 ----a-w- c:\users\Administrator\AppData\Local\Microsoft\SkyDrive\17.0.4035.0328\amd64\SkyDriveShell64.dll
.
------- Supplementary Scan -------
.
uLocal Page = c:\windows\system32\blank.htm
uStart Page = hxxp://www.google.com
mLocal Page = c:\windows\SysWOW64\blank.htm
uInternet Settings,ProxyOverride = *.local;<local>
uSearchAssistant = hxxp://www.google.com
Trusted Zone: clonewarsadventures.com
Trusted Zone: freerealms.com
Trusted Zone: hola.org
Trusted Zone: soe.com
Trusted Zone: sony.com
TCP: DhcpNameServer = 192.168.254.1
FF - ProfilePath - c:\users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\uvuxi8sq.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.google.ca/
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-10 - (no file)
Wow6432Node-HKLM-Run-<NO NAME> - (no file)
Toolbar-10 - (no file)
.
.
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Internet Explorer\Approved Extensions]
@Denied: (2) (Administrator)
"{77f5fe49-12e3-4cf5-abb4-d993a0164d9e}"=hex:51,66,7a,6c,4c,1d,3b,1b,59,e2,ee,
   6d,d0,40,93,07,be,be,9b,d3,a7,5c,0d,8a
"{02edb56b-9b33-435b-b7df-b2843273a694}"=hex:51,66,7a,6c,4c,1d,3b,1b,7b,a9,f6,
   18,00,c9,3d,08,a2,d5,f0,c4,35,39,e6,80
"{73507124-6acd-43aa-b749-c3bcfefbea97}"=hex:51,66,7a,6c,4c,1d,3b,1b,34,6d,4b,
   69,fe,38,cc,08,a2,43,81,fc,f9,b1,aa,83
"{2A5A2A90-3B30-4E6E-A955-2F232C6EF517}"=hex:51,66,7a,6c,4c,1d,3b,1b,80,36,41,
   30,03,69,08,05,bc,5f,6d,63,2b,24,b5,03
"{11111111-1111-1111-1111-110311391106}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,0d,0a,
   0b,22,43,77,5a,04,1b,53,43,16,73,51,12
"{A40DC6C5-79D0-4CA8-A185-8FF989AF1115}"=hex:51,66,7a,6c,4c,1d,38,12,ab,c5,1e,
   a0,e2,37,c6,09,de,93,cc,b9,8c,f1,55,01
"{11111111-1111-1111-1111-110611181162}"=hex:51,66,7a,6c,4c,1d,3b,1b,01,0d,0a,
   0b,22,43,77,5a,04,1b,53,46,16,52,51,76
"{BA0C978D-D909-49B6-AFE2-8BDE245DC7E6}"=hex:51,66,7a,6c,4c,1d,3b,1b,9d,8b,17,
   a0,3a,8b,d0,02,ba,e8,c9,9e,23,17,87,f2
"{9D974C8C-6D92-44FB-BEAF-B45A1C0CF17F}"=hex:51,66,7a,6c,4c,1d,3b,1b,9c,50,8c,
   87,a1,3f,9d,0f,ab,a5,f6,1a,1b,46,b1,6b
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Internet Explorer\ApprovedExtensionsMigration]
@Denied: (2) (Administrator)
"Timestamp"=hex:08,66,77,99,cf,1e,cf,01
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,3a,fa,1e,c3,27,ef,30,4f,9c,48,f3,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
   d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,65,74,23,1a,2e,6d,f1,42,9b,fc,f2,\
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3g2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3G2"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.3gpp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.3GP"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.AAC\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ac3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ac3"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADT\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ADTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ADTS"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aif\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aifc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aiff\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AIFF"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.alac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.alac"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.amr"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.amv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.amv"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.aob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.aob"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ape\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ape"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.asx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.au\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AVI"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.avs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.avs"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.bdmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.bdmv"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.caf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.caf"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.CDA"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.cdda\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.cdda"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.db\UserChoice]
@Denied: (2) (Administrator)
"Progid"="Applications\\AcroRD32.exe"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.div\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_div_file"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.divx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.divx"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dts\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.dts"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.dv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.dv"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.eml\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.Email.1"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.evo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.evo"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.f4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.f4v"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flac\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.flac"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.flv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.flv"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.hdmov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.hdmov"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.htm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.html\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ifo\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ifo"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipa"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipg"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ipsw\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ipsw"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itdb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itdb"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ite\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.ite"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itl"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itlp"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itls"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itms"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.itpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.itpc"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m1v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m2p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.m2p"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2T\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.M2V\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.m3u"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m3u8\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m3u8"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4a\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M4A"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4b\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4b"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4p\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4p"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4r\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.m4r"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.m4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.MHT"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mid\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.midi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mka\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mka"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mkv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mkv"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mlp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mlp"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MOD\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mov\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MOV"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp2v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp3\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP3"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mp4v\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MP4"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpa\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpc\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mpc"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpe\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpeg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mpl"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mpls"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv2\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MPEG"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mpv4\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mpv4"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.MTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.M2TS"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.mxf\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.mxf"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ofr\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ofr"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ofs\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ofs"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.oga\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.oga"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ogg"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ogm"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ogv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ogv"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.opus\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.opus"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.partial\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.PARTIAL"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pcast\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.pcast"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.pls\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.pls"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.qt\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_qt_file"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ra\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ra"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.ram\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.ram"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rec\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.rec"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.rm"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmi\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.MIDI"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.rmvb\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.rmvb"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.shtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.snd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.AU"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.spx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.spx"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.svg\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.SVG"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tak\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.tak"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tix\UserChoice]
@Denied: (2) (Administrator)
"Progid"="divx_tix_file"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.tp"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tps\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.tps"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.trp\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.trp"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.tta\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.tta"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.TTS\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.TTS"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.url\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.URL"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vcf\UserChoice]
@Denied: (2) (LocalSystem)
"Progid"="WindowsLiveMail.VCard.1"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.vob\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.vob"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wav\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAV"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wave\UserChoice]
@Denied: (2) (Administrator)
"Progid"="iTunes.wave"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wax\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WAX"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.webm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.webm"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.website\UserChoice]
@Denied: (2) (Administrator)
"Progid"="IE.AssocFile.WEBSITE"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wm\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASF"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wma\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMA"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmd\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMD"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wms\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMS"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMV"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.ASX"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wmz\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WMZ"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wpl\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WPL"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wv\UserChoice]
@Denied: (2) (Administrator)
"Progid"="KLCP.WMP.wv"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.wvx\UserChoice]
@Denied: (2) (Administrator)
"Progid"="WMP11.AssocFile.WVX"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xht\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.xhtml\UserChoice]
@Denied: (2) (Administrator)
"Progid"="ChromeHTML"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (Administrator)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"ThreadingModel"="Apartment"
@="c:\\ProgramData\\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\\clfsw32.dll"
.
[HKEY_USERS\S-1-5-21-2934196910-795859369-2802726781-500_Classes\Drive\ShellEx\FolderExtensions\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@Allowed: (Read) (Administrator)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\system32\\Macromed\\Flash\\FlashUtil64_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}\InprocServer32]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"ThreadingModel"="Apartment"
@="c:\\ProgramData\\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\\clfsw32.dll"
.
[HKEY_LOCAL_MACHINE\software\Classes\Drive\shellex\FolderExtensions\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}]
@Denied: (C D 2 3 6) (CreatorAuthority-4)
@Denied: (C D 2 3 6) (Everyone)
@SACL=(02 0001)
@Ace=(0x11) (1 3) (S-1-16-12288)
"DriveMask"=dword:ffffffff
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe,-101"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\Elevation]
"Enabled"=dword:00000001
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\LocalServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\FlashUtil32_18_0_0_232_ActiveX.exe"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{B019E3BF-E7E5-453C-A2E4-D2C18CA0866F}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Shockwave Flash Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\MiscStatus]
@="0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ProgID]
@="ShockwaveFlash.ShockwaveFlash.18"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB6E-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="ShockwaveFlash.ShockwaveFlash"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}]
@Denied: (A 2) (Everyone)
@="Macromedia Flash Factory Object"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\InprocServer32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx"
"ThreadingModel"="Apartment"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ProgID]
@="FlashFactory.FlashFactory.1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\ToolboxBitmap32]
@="c:\\Windows\\SysWOW64\\Macromed\\Flash\\Flash32_18_0_0_232.ocx, 1"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\TypeLib]
@="{D27CDB6B-AE6D-11cf-96B8-444553540000}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\Version]
@="1.0"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\CLSID\{D27CDB70-AE6D-11cf-96B8-444553540000}\VersionIndependentProgID]
@="FlashFactory.FlashFactory"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}]
@Denied: (A 2) (Everyone)
@="IFlashBroker6"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"
.
[HKEY_LOCAL_MACHINE\software\Classes\Wow6432Node\Interface\{299817DA-1FAC-4CE2-8F48-A108237013BD}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
[HKEY_LOCAL_MACHINE\system\ControlSet001\Control\PCW\Security]
@Denied: (Full) (Everyone)
.
------------------------ Other Running Processes ------------------------
.
c:\program files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
.
**************************************************************************
.
Completion time: 2015-11-12  08:09:38 - machine was rebooted
ComboFix-quarantined-files.txt  2015-11-12 13:09
.
Pre-Run: 114,521,964,544 bytes free
Post-Run: 155,703,189,504 bytes free
.
- - End Of File - - D6CF63AAA2FF689B9E700738E849E1E2
A36C5E4F47E84449FF07ED3517B43A31


#7 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:52 AM

Posted 13 November 2015 - 01:03 PM

Hi,

Step 1

v21logo.PNG

Please download and install Malwarebytes Anti-Malware.
  • Please open Malwarebytes Anti-Malware and update the database.
  • Click "Settings" [1] and go to "Detection and Protection" [2]
  • Make sure "Scan for Rootkits" is checked.
  • Click on Dashboard [3], then click on Scan Now [4] to start the scan.
    :exclame: If Malware or Potentially Unwanted Programs [PUPs] are found, you will receive a prompt:
    m21p.png
  • Click on "Remove Selected" [5].
  • Then click "Save Results" [6] and select
    m21p4.png
  • Return to our forum. Paste your log into your next reply and then click Finish [7].
mbamv21.gif

Step 2

Scan with adwcleaner.png AdwCleaner (by Xplode).
  • Double click on AdwCleaner.exe to run the tool.
    Vista/Windows 7/8 users right-click and select "Run As Administrator"
  • Click on the Scan button.
  • After the scan has finished, click on the Clean button.
  • Press OK when asked to close all programs and follow the onscreen prompts.
  • After rebooting, a logfile report (AdwCleaner[C#].txt) will open automatically (where the largest value of # represents the most recent report).
    Copy and paste the contents of that logfile in your next reply.
Step 3

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Make sure the following option is checked: addition.png
  • Press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
    Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#8 Daanmakus

Daanmakus
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 13 November 2015 - 10:36 PM

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 13/11/2015
Scan Time: 4:20 PM
Logfile: malware.txt
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2015.11.13.07
Rootkit Database: v2015.11.13.01
License: Trial
Malware Protection: Enabled
Malicious Website Protection: Enabled
Self-protection: Disabled
 
OS: Windows 7 Service Pack 1
CPU: x64
File System: NTFS
User: Administrator
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 389968
Time Elapsed: 1 hr, 6 min, 7 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Enabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 17
Trojan.Bedep, HKLM\SOFTWARE\CLASSES\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}, Delete-on-Reboot, [b7d4a0dd800b46f0d1407725ef1244bc], 
Trojan.Bedep, HKU\S-1-5-21-2934196910-795859369-2802726781-500_Classes\CLSID\{F6BF8414-962C-40FE-90F1-B80A7E72DB9A}, Delete-on-Reboot, [b7d4a0dd800b46f0d1407725ef1244bc], 
PUP.Optional.SolidSavings, HKLM\SOFTWARE\WOW6432NODE\Solid Savings, Quarantined, [107b3a43d1ba9c9a7995f2a052b1aa56], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{947778C3-E0DB-4841-AD8E-BD875823DF4F}, Quarantined, [f497a7d6860584b2cb831e49f2119a66], 
PUP.Optional.WeDownload, HKU\S-1-5-18\SOFTWARE\APPDATALOW\SOFTWARE\The weDownload Manager, Quarantined, [5338f6876724f93debba287491725fa1], 
PUP.Optional.VisualBee, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\APPDATALOW\SOFTWARE\VisualBee_V.6, Quarantined, [612af28bc0cb59dd610717835aa9c739], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11DA6EA6-4BCF-4897-8032-BC837A9EC642}, Quarantined, [4942a7d65f2ceb4b663f5417e71c758b], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{25FDAF8F-F374-47F2-83F2-CF4E804357B1}, Quarantined, [4942235a890248eefcaa8be060a334cc], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{43E21396-71E6-4308-9A51-43D6A4DE1AC8}, Quarantined, [b3d8ec91d6b5f541e9bd96d5699a30d0], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5B6D3A5C-378E-4953-AFDD-28F1F7413153}, Quarantined, [1a71ea9391fa181eeeb87eed54af58a8], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73836CF5-CB03-4ACE-A6DE-F9E4D54BE9D9}, Quarantined, [0e7d384542492412ffa65714669d35cb], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AB58B2B1-E821-44FF-9E40-5226BABB86AF}, Quarantined, [5d2e116ca0eb71c5e9bc4a21cf3457a9], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C20C53BE-ED0B-42EE-95CB-EBC6BE75CC20}, Quarantined, [42493647682352e4574ec4a7e71cc937], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C38E2F12-519F-4D25-A19A-53BB7BCEA32E}, Quarantined, [0c7f6b122566df57fca9204bfe05e51b], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CA906020-EF9A-42E2-BA45-F1347151FDDB}, Quarantined, [97f4f38a4942fd39adf8f3789f6446ba], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CBDA1305-18EF-4003-AE62-6E2929587519}, Quarantined, [64275429216aee482e78fb7020e3ee12], 
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0F2033C-9BCC-4636-AC62-994BB724FA6E}, Quarantined, [54375f1ed9b2043244617cef20e31de3], 
 
Registry Values: 14
PUP.Optional.VisualBee, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS\{f0af464e-5167-45cf-9cf0-66b396d1918c}, Quarantined, [96f5314c4546152128c683b40101d22e], 
PUP.Optional.VisualBee, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\URLSEARCHHOOKS|{F0AF464E-5167-45CF-9CF0-66B396D1918C}, Quarantined, [96f5314c4546152128c683b40101d22e], 
PUP.Optional.ConduitTB.Gen, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{947778C3-E0DB-4841-AD8E-BD875823DF4F}|AppPath, C:\Users\Administrator\AppData\Local\Conduit\CT3287805, Quarantined, [f497a7d6860584b2cb831e49f2119a66]
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{11DA6EA6-4BCF-4897-8032-BC837A9EC642}|AppName, 9347a355-da14-45b1-be12-058813ae82d0-2.exe-buttonutil.exe, Quarantined, [4942a7d65f2ceb4b663f5417e71c758b]
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{25FDAF8F-F374-47F2-83F2-CF4E804357B1}|AppName, 9347a355-da14-45b1-be12-058813ae82d0-2.exe-codedownloader.exe, Quarantined, [4942235a890248eefcaa8be060a334cc]
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{43E21396-71E6-4308-9A51-43D6A4DE1AC8}|AppName, 9347a355-da14-45b1-be12-058813ae82d0-2.exe-codedownloader.exe, Quarantined, [b3d8ec91d6b5f541e9bd96d5699a30d0]
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{5B6D3A5C-378E-4953-AFDD-28F1F7413153}|AppName, 9347a355-da14-45b1-be12-058813ae82d0-2.exe-codedownloader.exe, Quarantined, [1a71ea9391fa181eeeb87eed54af58a8]
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{73836CF5-CB03-4ACE-A6DE-F9E4D54BE9D9}|AppName, 9347a355-da14-45b1-be12-058813ae82d0-2.exe-buttonutil.exe, Quarantined, [0e7d384542492412ffa65714669d35cb]
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{AB58B2B1-E821-44FF-9E40-5226BABB86AF}|AppName, 9347a355-da14-45b1-be12-058813ae82d0-2.exe-buttonutil.exe, Quarantined, [5d2e116ca0eb71c5e9bc4a21cf3457a9]
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C20C53BE-ED0B-42EE-95CB-EBC6BE75CC20}|AppName, 9347a355-da14-45b1-be12-058813ae82d0-2.exe-buttonutil.exe, Quarantined, [42493647682352e4574ec4a7e71cc937]
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{C38E2F12-519F-4D25-A19A-53BB7BCEA32E}|AppName, 9347a355-da14-45b1-be12-058813ae82d0-2.exe-buttonutil.exe, Quarantined, [0c7f6b122566df57fca9204bfe05e51b]
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CA906020-EF9A-42E2-BA45-F1347151FDDB}|AppName, 9347a355-da14-45b1-be12-058813ae82d0-2.exe-buttonutil.exe, Quarantined, [97f4f38a4942fd39adf8f3789f6446ba]
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{CBDA1305-18EF-4003-AE62-6E2929587519}|AppName, 9347a355-da14-45b1-be12-058813ae82d0-2.exe-codedownloader.exe, Quarantined, [64275429216aee482e78fb7020e3ee12]
PUP.Optional.CrossRider, HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\MICROSOFT\INTERNET EXPLORER\LOW RIGHTS\ELEVATIONPOLICY\{E0F2033C-9BCC-4636-AC62-994BB724FA6E}|AppName, 9347a355-da14-45b1-be12-058813ae82d0-2.exe-buttonutil.exe, Quarantined, [54375f1ed9b2043244617cef20e31de3]
 
Registry Data: 0
(No malicious items detected)
 
Folders: 3
Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}, Delete-on-Reboot, [6922d7a67f0cdf57966cb79dee1437c9], 
PUP.Optional.VisualBee, C:\Users\Administrator\AppData\LocalLow\VisualBee_V.6, Quarantined, [296298e566253afce758d4a91ae8e41c], 
PUP.Optional.VisualBee, C:\Users\Administrator\AppData\LocalLow\VisualBee_V.6\Logs, Quarantined, [296298e566253afce758d4a91ae8e41c], 
 
Files: 13
Trojan.Bedep, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\clfsw32.dll, Delete-on-Reboot, [b7d4a0dd800b46f0d1407725ef1244bc], 
PUP.Optional.4Shared, C:\Users\Administrator\Downloads\Labyrinth[1986]DVDRip[Xvid AC3[5.1].exe, Quarantined, [16758bf2474476c0c0f8e3d77888f10f], 
PUP.Optional.CodecPerformer, C:\Users\Administrator\Downloads\CodecPerformerSetup.exe, Quarantined, [b5d6df9ebccf0333d44dcf58cc356f91], 
PUP.Optional.OptimumInstaller, C:\Users\Administrator\Downloads\Player-Chrome.exe, Quarantined, [008be796ee9d87afaf4e151517eae020], 
PUP.Optional.DomaIQ, C:\Users\Administrator\Downloads\Setup.exe, Quarantined, [c5c6dca1e6a5df5701b119fee21e51af], 
PUP.Optional.MindSpark, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_eliteunzip.dl.tb.ask.com_0.localstorage, Quarantined, [6427d7a6e1aa77bffe88bcc27a89a25e], 
PUP.Optional.MindSpark, C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_eliteunzip.dl.tb.ask.com_0.localstorage-journal, Quarantined, [2863abd23f4cea4cd1b580fe6b98e818], 
Trojan.Clicker.FMS, C:\ProgramData\{9A88E103-A20A-4EA5-8636-C73B709A5BF8}\8afc49b02429a, Delete-on-Reboot, [6922d7a67f0cdf57966cb79dee1437c9], 
PUP.Optional.VisualBee, C:\Users\Administrator\AppData\LocalLow\VisualBee_V.6\hk64tbVisu.dll, Quarantined, [296298e566253afce758d4a91ae8e41c], 
PUP.Optional.VisualBee, C:\Users\Administrator\AppData\LocalLow\VisualBee_V.6\hktbVisu.dll, Quarantined, [296298e566253afce758d4a91ae8e41c], 
PUP.Optional.VisualBee, C:\Users\Administrator\AppData\LocalLow\VisualBee_V.6\ldrtbVisu.dll, Quarantined, [296298e566253afce758d4a91ae8e41c], 
PUP.Optional.VisualBee, C:\Users\Administrator\AppData\LocalLow\VisualBee_V.6\tbVisu.dll, Quarantined, [296298e566253afce758d4a91ae8e41c], 
PUP.Optional.VisualBee, C:\Users\Administrator\AppData\LocalLow\VisualBee_V.6\toolbar.cfg, Quarantined, [296298e566253afce758d4a91ae8e41c], 
 
Physical Sectors: 0
(No malicious items detected)
 
 
(end)


#9 Daanmakus

Daanmakus
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 13 November 2015 - 10:45 PM

# AdwCleaner v5.020 - Logfile created 13/11/2015 at 22:39:53
# Updated 13/11/2015 by Xplode
# Database : 2015-11-13.3 [Server]
# Operating system : Windows 7 Home Premium Service Pack 1 (x64)
# Username : Administrator - WIN-PVS7D20PCI3
# Running from : C:\Users\Administrator\Desktop\AdwCleaner (1).exe
# Option : Cleaning
 
***** [ Services ] *****
 
[-] Service Deleted : hola_svc
 
***** [ Folders ] *****
 
[-] Folder Deleted : C:\Hola
[-] Folder Deleted : C:\Program Files\Hola
[-] Folder Deleted : C:\ProgramData\Avg_Update_0814tb
[-] Folder Deleted : C:\ProgramData\Avg_Update_1114tb
[-] Folder Deleted : C:\Users\Administrator\AppData\Local\AVG SafeGuard toolbar
[-] Folder Deleted : C:\Users\Administrator\AppData\Local\Hola
[-] Folder Deleted : C:\Users\Administrator\AppData\Roaming\Hola
 
***** [ Files ] *****
 
[-] File Deleted : C:\Program Files (x86)\Mozilla Firefox\browser\searchplugins\yahoo.xml
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.azlyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.superfish.com_0.localstorage-journal
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\local storage\hxxp_www.metrolyrics.com_0.localstorage-journal
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_www.superfish.com_0.localstorage
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_plarium.com_0.localstorage-journal
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage
[-] File Deleted : C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_st.chatango.com_0.localstorage-journal
 
***** [ DLLs ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\NativeMessagingHosts\avgsh
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{2009AF2F-5786-3067-8799-B97F7832FDD6}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{425E7597-03A2-338D-B72A-0E51FFE77A7E}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{915BB7D5-082E-3B91-B1E0-45B5FDE01F24}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Record\{FB2E65F4-5687-33EF-9BBF-4E3C9C98D3B9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{CA3A5461-96B5-46DD-9341-5350D3C94615}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Stats\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{B2BC04DF-EFBD-409A-95CA-36874E5AB92A}
[-] Key Deleted : HKCU\Software\DriverTuner_Init
[-] Key Deleted : HKCU\Software\DriverTuner
[-] Key Deleted : HKCU\Software\Avg Secure Update
[-] Key Deleted : HKCU\Software\Hola
[-] Key Deleted : [x64] HKLM\SOFTWARE\Hola
[-] Key Deleted : [x64] HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\Hola
[-] Key Deleted : HKU\.DEFAULT\Software\GlobalUpdate
[-] Key Deleted : HKU\.DEFAULT\Software\Avg Secure Update
[-] Key Deleted : HKU\.DEFAULT\Software\Hola
[-] Key Deleted : HKU\.DEFAULT\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppContainer\Storage\windows_ie_ac_001\Software\The weDownload Manager
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\LowRegistry\DOMStorage\ask.com
 
***** [ Web browsers ] *****
 
[-] [C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\uvuxi8sq.default\prefs.js] [Preference] Deleted : user_pref("network.hxxp.request.max-start-delay", 0);
 
*************************
 
:: "Tracing" keys removed
:: Winsock settings cleared
 
########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [4650 bytes] ##########


#10 Daanmakus

Daanmakus
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 13 November 2015 - 10:50 PM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Administrator (2015-11-13 22:48:58)
Running from C:\Users\Administrator\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-05-31 19:52:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2934196910-795859369-2802726781-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2934196910-795859369-2802726781-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2934196910-795859369-2802726781-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Disabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Disabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20069 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
Aion (HKLM-x32\...\NCW-AION) (Version: 1.0.0.2 - NC Interactive, LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS USB-N13 WLAN Card Utilities & Driver (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.0.0.7 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
FirstClass® Client (HKLM-x32\...\{5B35C417-2649-11D6-83D1-0050FC01225C}) (Version: 10.0 (build 10.014) - FirstClass Division, Open Text Corporation.)
Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.5.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
Kobo (HKLM-x32\...\Kobo) (Version: 3.17.0 - Rakuten Kobo Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Forefront UAG endpoint components v4.0.0 (HKLM-x32\...\Microsoft Forefront UAG endpoint components 3.1.0) (Version:  - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
MUSHclient (remove only) (HKLM-x32\...\MUSHclient) (Version:  - )
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
netTALK (HKLM-x32\...\netTALK) (Version: 1.34 - netTALK)
netTALK DUO WiFi Management Tool (HKLM-x32\...\{1C369AF1-6121-4BDE-A109-468C1418DC23}) (Version: 1.0.5 - netTALK)
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
RIFT (HKLM-x32\...\Glyph RIFT) (Version:  - Trion Worlds, Inc.)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
31-05-2013 10:46:34 Windows Update
31-05-2013 10:59:44 Windows Update
31-05-2013 11:22:04 Windows Update
12-11-2015 03:00:43 Windows Update
13-11-2015 03:00:41 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-11-12 07:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {478452C7-DE14-4A59-A334-B4C1E9F10124} - System32\Tasks\{3953C9EC-FC84-41AD-BE7B-687DD2CF2594} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.169.260/en/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {69905146-DCE2-4D17-8D46-78E5215FE510} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {7888ADE7-65C7-4549-9DE8-DC1EA11EFB55} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AE03B492-9C07-4F9B-B814-C99F8921D54B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D56630FA-E331-43FE-9757-9A4C6A133185} - System32\Tasks\Driver Booster SkipUAC (Administrator) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {DF67CCFD-1F85-4F76-AC86-5D7EF16ECD04} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {EC748E99-7720-4DA9-A59B-B434A1285404} - System32\Tasks\{A8C7373E-38F6-461C-BEA8-6827F9474C08} => C:\Program Files (x86)\FirstClass\fcc32.exe [2011-04-15] (Open Text Inc.)
Task: {FE344AB3-E930-4698-83F9-E62AA508979A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-11-11 20:31 - 2015-11-06 23:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 20:31 - 2015-11-06 23:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
2015-11-11 20:31 - 2015-11-06 23:36 - 16496456 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\sony.com -> sony.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2934196910-795859369-2802726781-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Fitbit Connect => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hola_svc => 2
MSCONFIG\Services: hola_updater => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NetTalkUsrLaunchService => 2
MSCONFIG\Services: NetTalkUsrService => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: Realtek11nCU => 2
MSCONFIG\Services: RzOvlMon => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: hola => C:\Program Files\Hola\app\hola.exe --silent
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
MSCONFIG\startupreg: NetTalk => C:\Program Files (x86)\netTALK\nettalkg.exe
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: uTorrent => "C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WhlCach3.exe => "C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlCach3.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FFF20630-8D46-45E1-A403-CC9A8B33D2AC}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{C9E445AD-6F91-48E2-BF1F-676C42AC58E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{469B2579-ADAD-47E8-ACAB-5C85ED7F5D4E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{54E0A270-70ED-45A5-9734-432A91390020}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC88C587-96AE-459C-8B7B-5BE3368D8118}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CB9B96E1-0C9A-475E-9A6B-00370ACDB8FF}] => (Allow) C:\Users\Administrator\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{4FC6B5EC-3EAA-4C1A-B86A-F72C69D97105}] => (Allow) C:\Users\Administrator\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{AA5D6264-715D-461C-8DC2-F6A13D1CEE74}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ED025AC7-D002-40B5-93FE-1AEB5E10BA3B}] => (Allow) LPort=2869
FirewallRules: [{7C3A1949-0F8F-4E12-865F-EA6417C841BC}] => (Allow) LPort=1900
FirewallRules: [{AF7844FE-FAE8-4DAE-8635-ACA6F7EB2276}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FD02DFDA-C502-4081-B6D8-B2DE26B51E55}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{7E85CEB7-5F3B-4631-9DA9-35372790DA1E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [TCP Query User{40D98A06-9BFA-40C8-B8E2-62EF43032444}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [UDP Query User{ACFC1974-443A-4AF6-B108-E5F5471DD820}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [TCP Query User{42523B84-8E5F-4419-A329-322DCF4A5C33}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [UDP Query User{8BEC2CBA-71AA-426A-AD5C-9FF1ABB06F7E}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [{4393451F-4DF8-44EB-9ACB-DE20B7C0FE9B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{036454EE-26FC-4B12-B4F1-4CF9994250BE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{934F45D2-5465-4683-88A6-3A31FA30183C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8C93E466-976F-42FA-A21B-5959A02080EC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{96B5768B-A128-467C-9D47-43D308AC373F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F3F4A800-3C33-4372-809A-AE48B962824D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0599BB8C-2CE8-4724-A5E1-70E5CC9E9E4F}] => (Allow) C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtWLan.exe
FirewallRules: [{8B03A238-3BD5-4F21-9C91-38F24104B9A2}] => (Allow) C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtWLan.exe
FirewallRules: [{DEB136E4-4945-4856-A21F-527DF4A22097}] => (Allow) LPort=1542
FirewallRules: [{6C42F8BC-A8EC-48F8-B7C6-88466031A0CD}] => (Allow) LPort=1542
FirewallRules: [{FF5D5C8B-A4BC-4826-83DD-A093F01E4A5F}] => (Allow) LPort=53
FirewallRules: [{378DD295-6535-4290-81F7-8B7306C98A50}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1AE84F2D-F4ED-41BC-AD60-3351315C960E}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{E5B10818-7603-4F45-BD5A-0733608A9AD4}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{80FFAF38-C80A-4D32-A1AE-E65F35578A74}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{264F9F35-18BC-4FFF-B31F-FB46B1E4355F}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{EDD0A3A2-0F67-4A81-B74F-AA347C49F473}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{65991EAE-EF5F-4054-8478-3615316657B0}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{2C043B23-C889-49F9-B0EE-0E099A0217B3}] => (Allow) C:\Users\Administrator\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{E9AA1DB6-5B28-47E8-8845-420782EA4B47}] => (Allow) C:\Users\Administrator\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{5B9EAEA2-E46E-4D78-9136-F89A874996CF}] => (Allow) C:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{64A1492F-A831-48E6-87E0-B8F31FD3A83A}] => (Allow) C:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{0144A264-0DB2-47D7-B9EA-4AFFC0690B9E}] => (Allow) C:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{66169C92-F9B7-47B6-9BC1-3C627A9C9272}] => (Allow) C:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{6746C302-60AF-4F0A-A037-8E99C537D981}] => (Allow) C:\Program Files (x86)\Glyph\GlyphDownloader.exe
FirewallRules: [{BA92E0F0-48D6-4FE5-858B-C703EEC0ABC4}] => (Allow) C:\Program Files (x86)\Glyph\GlyphDownloader.exe
FirewallRules: [{2C880607-911D-4F30-8C2A-360A3E685DDC}] => (Allow) C:\Program Files (x86)\Glyph\GlyphDownloader.exe
FirewallRules: [{DA340F46-0CEE-4472-9236-5070ED024AAF}] => (Allow) C:\Program Files (x86)\Glyph\GlyphDownloader.exe
FirewallRules: [{971465B4-8323-46D6-BDC5-DD24474CBB5D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/13/2015 10:43:46 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/13/2015 10:29:13 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/13/2015 03:24:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/12/2015 07:30:26 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/12/2015 06:44:38 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/11/2015 03:12:27 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/11/2015 08:11:41 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/10/2015 07:37:12 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_SysMain, version: 6.1.7601.22137, time stamp: 0x5080442a
Faulting module name: sysmain.dll, version: 6.1.7601.23136, time stamp: 0x55a6a198
Exception code: 0xc0000005
Fault offset: 0x000000000001a480
Faulting process id: 0x8e4
Faulting application start time: 0xsvchost.exe_SysMain0
Faulting application path: svchost.exe_SysMain1
Faulting module path: svchost.exe_SysMain2
Report Id: svchost.exe_SysMain3
 
Error: (11/10/2015 06:58:56 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: wlmail.exe, version: 16.4.3528.331, time stamp: 0x533a3fce
Faulting module name: UXCore.dll, version: 16.4.3528.331, time stamp: 0x533a3fdc
Exception code: 0xc0000005
Fault offset: 0x0006f623
Faulting process id: 0x%9
Faulting application start time: 0xwlmail.exe0
Faulting application path: wlmail.exe1
Faulting module path: wlmail.exe2
Report Id: wlmail.exe3
 
Error: (11/10/2015 05:45:11 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (11/13/2015 10:42:47 PM) (Source: Service Control Manager) (EventID: 7026) (User: )
Description: The following boot-start or system-start driver(s) failed to load: 
cdrom
RzFilter
 
Error: (11/13/2015 10:42:21 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10000) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has failed to start.
 
Module Path: C:\Windows\system32\Rtlihvs.dll
Error Code: 126
 
Error: (11/13/2015 10:40:52 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Print Spooler service failed to start due to the following error: 
%%1069
 
Error: (11/13/2015 10:40:52 PM) (Source: Service Control Manager) (EventID: 7038) (User: )
Description: The Spooler service was unable to log on as NT AUTHORITY\SYSTEM with the currently configured password due to the following error: 
%%50
 
To ensure that the service is configured properly, use the Services snap-in in Microsoft Management Console (MMC).
 
Error: (11/13/2015 10:40:23 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error: 
%%1056
 
Error: (11/13/2015 10:39:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Modules Installer service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 120000 milliseconds: Restart the service.
 
Error: (11/13/2015 10:39:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Media Player Network Sharing Service service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/13/2015 10:39:53 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.
 
Error: (11/13/2015 10:39:52 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Live ID Sign-in Assistant service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.
 
Error: (11/13/2015 10:39:52 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Microsoft Forefront UAG Quarantine Enforcement Client service terminated unexpectedly.  It has done this 1 time(s).
 
 
CodeIntegrity:
===================================
  Date: 2015-11-12 07:26:14.270
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-11-12 07:26:14.239
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 37%
Total physical RAM: 8171.95 MB
Available physical RAM: 5086.79 MB
Total Virtual: 16342.08 MB
Available Virtual: 13243.93 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:372.51 GB) (Free:139.07 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:931.41 GB) (Free:185.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: 69AAC6FB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=372.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AEB1AA7B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Administrator (administrator) on WIN-PVS7D20PCI3 (13-11-2015 22:47:06)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Malwarebytes) C:\Program Files (x86)\Malwarebytes Anti-Malware\mbam.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(NCSOFT Corporation) C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2014-12-12] (NCSOFT Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.254.1
Tcpip\..\Interfaces\{545EB3FE-7A9B-42F2-B813-A277510EF7F3}: [DhcpNameServer] 192.168.254.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM -> {BAE63D25-9BCD-4DB4-AF99-42E7C979BD10} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {BAE63D25-9BCD-4DB4-AF99-42E7C979BD10} URL = 
SearchScopes: HKU\S-1-5-21-2934196910-795859369-2802726781-500 -> DefaultScope {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = 
SearchScopes: HKU\S-1-5-21-2934196910-795859369-2802726781-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2934196910-795859369-2802726781-500 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = 
SearchScopes: HKU\S-1-5-21-2934196910-795859369-2802726781-500 -> {BAE63D25-9BCD-4DB4-AF99-42E7C979BD10} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A} hxxps://www.myhdsb.ca/InternalSite/WhlCompMgr.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\uvuxi8sq.default
FF Homepage: hxxp://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-06-02] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Administrator\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [No File]
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Administrator\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-2934196910-795859369-2802726781-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\uvuxi8sq.default\Extensions\iobitascsurfingprotection@iobit.com [2014-11-09] [not signed]
 
Chrome: 
=======
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (AdBlock) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-13]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [620752 2015-08-02] (Microsoft Corporation)
S4 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.) [File not signed]
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2013-05-31] (Microsoft Corporation)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
R2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
R2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S4 NetTalkUsrLaunchService; C:\Program Files (x86)\netTALK\nettalkl.exe [62976 2012-04-30] () [File not signed]
S4 NetTalkUsrService; C:\Program Files (x86)\netTALK\nettalkd.exe [111104 2012-04-30] () [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
S4 Realtek11nCU; C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S4 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [170704 2014-10-16] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2013-04-17] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
R3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
R3 MBAMSwissArmy; C:\Windows\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-13] (Malwarebytes)
R3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 nettalkd; C:\Windows\System32\DRIVERS\nettalkd.sys [30944 2012-04-29] (NetTalk Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation                           )
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
S1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-11-09] (Synaptics Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S1 fsdkucxf; \??\C:\Windows\system32\drivers\fsdkucxf.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-13 22:37 - 2015-11-13 22:37 - 01729536 _____ C:\Users\Administrator\Desktop\AdwCleaner (1).exe
2015-11-13 22:36 - 2015-11-13 22:36 - 00010629 _____ C:\Users\Administrator\Desktop\malware.txt
2015-11-13 16:20 - 2015-11-13 22:43 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-13 16:19 - 2015-11-13 16:19 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-13 16:19 - 2015-11-13 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-13 16:19 - 2015-11-13 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-13 16:19 - 2015-11-13 16:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-13 16:19 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-13 16:19 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-13 16:19 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-13 16:18 - 2015-11-13 16:19 - 22908888 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-12 14:32 - 2015-11-12 14:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\CEF
2015-11-12 14:31 - 2015-11-03 13:01 - 03214848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-12 08:09 - 2015-11-12 08:09 - 00157158 _____ C:\ComboFix.txt
2015-11-12 07:14 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-12 07:14 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-12 07:14 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-12 07:14 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-12 07:14 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-12 07:14 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-12 07:14 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-12 07:14 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-12 07:13 - 2015-11-12 08:09 - 00000000 ____D C:\Qoobox
2015-11-12 07:13 - 2015-11-12 07:37 - 00000000 ____D C:\Windows\erdnt
2015-11-12 07:11 - 2015-11-12 07:11 - 05638248 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2015-11-11 19:50 - 2015-11-11 19:52 - 00043698 _____ C:\Users\Administrator\Desktop\Addition.txt
2015-11-11 19:41 - 2015-11-13 22:47 - 00015513 _____ C:\Users\Administrator\Desktop\FRST.txt
2015-11-11 19:22 - 2015-11-13 22:47 - 00000000 ____D C:\FRST
2015-11-11 19:21 - 2015-11-11 19:35 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-11 19:21 - 2015-11-11 19:22 - 02198528 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-11-11 19:21 - 2015-11-11 19:21 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-10 18:07 - 2015-11-10 18:08 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller (1).exe
2015-11-10 18:02 - 2015-11-10 18:02 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill64.exe
2015-11-10 18:01 - 2015-11-10 18:02 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2015-11-10 17:51 - 2015-11-10 17:51 - 01712128 _____ C:\Users\Administrator\Downloads\AdwCleaner.exe
2015-11-10 17:40 - 2015-10-19 20:17 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-10 17:40 - 2015-10-19 20:17 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-10 17:40 - 2015-10-19 20:11 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-10 17:40 - 2015-10-19 20:11 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-10 17:40 - 2015-10-19 20:11 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-10 17:40 - 2015-10-19 19:54 - 03996608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-10 17:40 - 2015-10-19 19:54 - 03940800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-10 17:40 - 2015-10-19 19:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-10 17:40 - 2015-10-19 19:47 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-10 17:40 - 2015-10-19 19:47 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-10 17:40 - 2015-09-23 08:18 - 00459344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-10 17:40 - 2015-09-23 08:08 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-10 17:39 - 2015-10-19 20:17 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-10 17:39 - 2015-10-19 20:17 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-10 17:39 - 2015-10-19 20:14 - 01729984 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-10 17:39 - 2015-10-19 20:14 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-10 17:39 - 2015-10-19 20:12 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-10 17:39 - 2015-10-19 20:12 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-10 17:39 - 2015-10-19 20:12 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-10 17:39 - 2015-10-19 20:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 01166336 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-10 17:39 - 2015-10-19 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-10 17:39 - 2015-10-19 20:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-10 17:39 - 2015-10-19 20:10 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-10 17:39 - 2015-10-19 20:10 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-11-10 17:39 - 2015-10-19 20:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-10 17:39 - 2015-10-19 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-10 17:39 - 2015-10-19 20:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-11-10 17:39 - 2015-10-19 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-10 17:39 - 2015-10-19 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:50 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-10 17:39 - 2015-10-19 19:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-10 17:39 - 2015-10-19 19:46 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-10 17:39 - 2015-10-19 19:45 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-10 17:39 - 2015-10-19 19:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-10 17:39 - 2015-10-19 19:45 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-10 17:39 - 2015-10-19 19:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-10 17:39 - 2015-10-19 19:45 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-10 17:39 - 2015-10-19 19:41 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-10 17:39 - 2015-10-19 19:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-11-10 17:39 - 2015-10-19 18:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-10 17:39 - 2015-10-19 18:47 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-10 17:39 - 2015-10-19 18:47 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-10 17:39 - 2015-10-19 18:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-10 17:39 - 2015-10-19 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-10 17:39 - 2015-10-19 18:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 18:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 18:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 18:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-10 17:39 - 2015-09-23 08:18 - 00298192 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-10 17:38 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-10 17:38 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-10 17:38 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-10 17:38 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-10 17:38 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-10 17:38 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-10 17:38 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-10 17:38 - 2015-10-20 10:01 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-10 17:38 - 2015-10-20 10:01 - 00525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 14292992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 13775360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 02866176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-10 17:38 - 2015-10-20 10:00 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 00715776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-11-10 17:38 - 2015-10-20 08:54 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-10 17:38 - 2015-10-20 08:54 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-10 17:38 - 2015-10-20 08:54 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 03960832 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-10 17:38 - 2015-10-20 08:53 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-11-10 17:37 - 2015-10-20 13:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-10 17:37 - 2015-10-20 13:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-10 17:37 - 2015-10-20 13:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-10 17:37 - 2015-10-20 13:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-10 17:37 - 2015-10-20 13:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-10 17:37 - 2015-10-20 13:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-10 17:37 - 2015-10-20 13:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-10 17:37 - 2015-10-20 13:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-10 17:37 - 2015-10-20 13:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-10 17:37 - 2015-10-20 13:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-10 17:37 - 2015-10-20 13:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-10 17:37 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-10 17:37 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-10 17:37 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-10 17:37 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-10 17:37 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-10 17:37 - 2015-10-20 10:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-10 17:37 - 2015-10-20 10:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-10 17:37 - 2015-10-20 10:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-10 17:37 - 2015-10-20 10:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-10 17:37 - 2015-10-20 10:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-10 17:37 - 2015-10-20 10:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-10 17:37 - 2015-10-20 10:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-10 17:37 - 2015-10-20 08:54 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-10 17:37 - 2015-10-20 08:53 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-10 17:37 - 2015-10-20 08:53 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-10 17:37 - 2015-10-20 08:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-10 17:37 - 2015-10-20 08:53 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-10 17:37 - 2015-10-20 08:53 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-10 17:37 - 2015-10-20 08:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-10 17:37 - 2015-10-20 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-10 17:37 - 2015-10-15 14:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-10 17:37 - 2015-10-15 14:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-10 17:37 - 2015-10-15 13:39 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-10 17:37 - 2015-10-15 13:36 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-10 17:37 - 2015-10-15 13:11 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-11-10 17:37 - 2015-10-15 13:11 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-11-10 17:36 - 2015-10-13 19:50 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-10 17:36 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-10 17:31 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-10 17:31 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-10 17:31 - 2015-10-01 13:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-10 17:31 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-06 09:51 - 2015-11-07 10:07 - 00000000 ____D C:\Users\Administrator\Downloads\BELIEVE IN ANGELZ
2015-10-31 12:07 - 2015-10-31 12:13 - 1068472551 ____R C:\Users\Administrator\Downloads\[ www.UsaBit.com ] - playnow-Ghostbusters.1984.720p x264-1.mp4
2015-10-31 12:05 - 2015-11-10 17:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\BitTorrent
2015-10-31 12:05 - 2015-11-10 16:22 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\BitTorrent
2015-10-31 12:05 - 2015-10-31 12:05 - 01981032 _____ (BitTorrent Inc.) C:\Users\Administrator\Downloads\BitTorrent.exe
2015-10-31 12:04 - 2015-10-31 12:04 - 00082291 _____ C:\Users\Administrator\Downloads\Ghost.Busters.1984.720p.BRRip.x264.PLAYNOW.torrent
2015-10-25 23:29 - 2015-10-25 23:29 - 00005146 _____ C:\Users\Administrator\Downloads\DefilerFG-2.02r3.zip
2015-10-20 17:22 - 2015-10-20 17:22 - 00016144 _____ C:\Users\Administrator\Documents\Elements of Music Project.odt
2015-10-19 19:57 - 2015-10-19 19:57 - 01071012 _____ C:\Users\Administrator\Downloads\AutumnRhythmMatchupWorksheet.zip
2015-10-19 19:53 - 2015-10-19 19:53 - 01034790 _____ C:\Users\Administrator\Downloads\MrsWhiteGhostlyMiniLessons.zip
2015-10-18 19:04 - 2015-10-18 19:04 - 00017144 _____ C:\Users\Administrator\Desktop\Choral Speaking _ CODE.html
2015-10-18 19:04 - 2015-10-18 19:04 - 00000000 ____D C:\Users\Administrator\Desktop\Choral Speaking _ CODE_files
2015-10-18 18:53 - 2015-10-18 18:53 - 01030144 _____ C:\Users\Administrator\Downloads\MorgansChoralReading (1).ppt
2015-10-18 18:49 - 2015-10-18 18:49 - 01030144 _____ C:\Users\Administrator\Downloads\MorgansChoralReading.ppt
2015-10-16 06:40 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-16 06:40 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-16 06:40 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-16 06:40 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-16 06:40 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-16 06:40 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-16 06:40 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2015-10-14 15:43 - 2015-08-06 13:06 - 14182912 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-10-14 15:43 - 2015-08-06 13:06 - 01867776 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2015-10-14 15:43 - 2015-08-06 12:38 - 12878848 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-10-14 15:43 - 2015-08-06 12:37 - 01499648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2015-10-14 15:42 - 2015-09-14 16:40 - 00634432 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-10-14 15:42 - 2015-07-18 08:08 - 00984448 _____ (Microsoft Corporation) C:\Windows\system32\ucrtbase.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00901264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ucrtbase.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00066400 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00063840 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00022368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00020832 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00019808 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00017760 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00016224 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00015712 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00014176 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00013664 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012640 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00012128 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-14 15:42 - 2015-07-18 08:08 - 00011616 _____ (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-2-0.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-13 22:48 - 2013-05-31 14:20 - 01711437 _____ C:\Windows\WindowsUpdate.log
2015-11-13 22:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\inetsrv
2015-11-13 22:42 - 2014-11-18 08:16 - 00118484 _____ C:\Windows\setupact.log
2015-11-13 22:42 - 2014-11-14 19:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-13 22:42 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-13 22:41 - 2014-11-18 16:58 - 00193400 _____ C:\Windows\PFRO.log
2015-11-13 22:39 - 2014-11-18 16:53 - 00000000 ____D C:\AdwCleaner
2015-11-13 22:38 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-13 22:38 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-13 22:29 - 2014-11-14 19:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-13 21:53 - 2013-05-31 14:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-13 18:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-11-13 03:23 - 2009-07-13 23:45 - 00303056 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-12 14:32 - 2013-05-31 14:52 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2015-11-12 08:09 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2015-11-12 07:30 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-11-12 07:27 - 2009-07-13 21:34 - 83886080 _____ C:\Windows\system32\config\software.bak
2015-11-12 07:27 - 2009-07-13 21:34 - 23592960 _____ C:\Windows\system32\config\system.bak
2015-11-12 07:27 - 2009-07-13 21:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2015-11-12 07:27 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2015-11-12 07:27 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2015-11-12 07:15 - 2013-06-06 08:32 - 00000000 ____D C:\Users\DefaultAppPool
2015-11-12 06:51 - 2009-07-14 00:13 - 00881630 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-11 20:31 - 2014-11-14 19:55 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-11 20:06 - 2015-09-17 19:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Glyph
2015-11-11 20:06 - 2015-08-05 19:01 - 00000000 ____D C:\Program Files (x86)\Glyph
2015-11-11 19:42 - 2013-05-31 14:24 - 00873752 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 19:32 - 2011-04-12 03:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 19:27 - 2015-01-09 11:00 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-11 19:20 - 2013-05-31 14:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-11 19:20 - 2013-05-31 14:32 - 00000000 ____D C:\ProgramData\Adobe
2015-11-08 20:51 - 2014-11-19 18:13 - 00007613 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2015-11-06 20:06 - 2015-03-22 13:51 - 00000000 ____D C:\Users\Administrator\Desktop\Invoices
2015-10-17 02:01 - 2015-05-03 02:22 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-17 02:01 - 2014-05-07 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel
 
==================== Files in the root of some directories =======
 
2014-07-22 19:59 - 2014-07-22 19:59 - 0000038 ___SH () C:\Users\Administrator\AppData\Local\1754111884ee9ab5277ca00.95260103
2015-01-18 18:23 - 2015-01-18 18:24 - 1065984 _____ () C:\Users\Administrator\AppData\Local\file__0.localstorage
2014-11-19 18:13 - 2015-11-08 20:51 - 0007613 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2013-07-04 16:08 - 2013-07-04 16:08 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-11-09 17:02 - 2014-11-09 17:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-13 17:57
 
==================== End of FRST.txt ============================


#11 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:52 AM

Posted 13 November 2015 - 11:33 PM

Step 1

Please downloadesetlogo.pngOnline Scanner and save it to your Desktop.
  • Disable the realtime-protection of your antivirus and anti-malware programs because they might interfere with the scan.
  • Start installer.pngwith administartor privileges.
  • Select the option Yes, I accept the Terms of Use and click on Start.
  • Choose the following settings:
settings.png
  • Click on Start. The virus signature database will begin to download. This may take some time.
  • When completed the Online Scan will begin automatically.
    Note: This scan might take a long time! Please be patient.
  • When completed, click on Finish.
  • A log filelog.pngis created at logpath.png
    Copy and paste the content of this log file in your next reply.
esetlog.png

Note: Do not forget to re-enable your antivirus application after running the above scan!
eset.gif
regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#12 Daanmakus

Daanmakus
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 14 November 2015 - 05:43 PM

ESETSmartInstaller@High as downloader log:
all ok
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=83d11993dd10c74da2de760129825bb4
# end=init
# utc_time=2015-11-14 02:23:47
# local_time=2015-11-14 09:23:47 (-0500, Eastern Standard Time)
# country="Canada"
# osver=6.1.7601 NT Service Pack 1
Update Init
Update Download
Update Finalize
Updated modules version: 26725
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# EOSSerial=83d11993dd10c74da2de760129825bb4
# end=updated
# utc_time=2015-11-14 02:26:20
# local_time=2015-11-14 09:26:20 (-0500, Eastern Standard Time)
# country="Canada"
# osver=6.1.7601 NT Service Pack 1
# product=EOS
# version=8
# OnlineScannerApp.exe=1.0.0.1
# OnlineScanner.ocx=1.0.0.7777
# api_version=3.1.1
# EOSSerial=83d11993dd10c74da2de760129825bb4
# engine=26725
# end=finished
# remove_checked=false
# archives_checked=true
# unwanted_checked=true
# unsafe_checked=true
# antistealth_checked=true
# utc_time=2015-11-14 09:49:37
# local_time=2015-11-14 04:49:37 (-0500, Eastern Standard Time)
# country="Canada"
# lang=1033
# osver=6.1.7601 NT Service Pack 1
# compatibility_mode_1='Microsoft Security Essentials'
# compatibility_mode=5895 16777213 100 100 14164805 87907893 0 0
# scanned=635640
# found=97
# cleaned=0
# scan_time=26596
sh=6B79D0BB953CD618EE3EB2312BE02AF29AFE8049 ft=1 fh=fcc63a049d25c426 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\CltMngSvc.exe.vir"
sh=05C0A99ACE45CEFB680DF0D3D87C138A307D346A ft=1 fh=2e9dc85ff81fe5c7 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPTool.dll.vir"
sh=126B22D7B2FE0FC571E6D6D0098B0E0D053C0BCC ft=1 fh=89dba07409c55d47 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1389824542256.vir"
sh=126B22D7B2FE0FC571E6D6D0098B0E0D053C0BCC ft=1 fh=89dba07409c55d47 vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1389824542315.vir"
sh=DF96804C0D2D07D7543728DF582C86ACD3BEF3CF ft=1 fh=8676e6337a543f91 vn="Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\SPtool.dll_1391070389605.vir"
sh=3A630DFC0E21B5D26D0426E5B980EE5689A7ECD7 ft=1 fh=5937776572e229cd vn="Win32/Conduit.SearchProtect.Q potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\Main\bin\uninstall.exe.vir"
sh=9A96702138DFAD51236545B0721FB301AEEA5453 ft=1 fh=7725382c39a03b30 vn="Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\cltmng.exe.vir"
sh=5965BF9FEB87947D631BC64146586505C05E860B ft=1 fh=3ba9775132fe205d vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPTool64.exe.vir"
sh=6B1C3611F5B46A293741A0EAE0124EAE7FF2399F ft=1 fh=5c5b6332640ac2b0 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32.dll.vir"
sh=A8FD5CC079776D4EF9EE4D5AE676F78BCFC1F296 ft=1 fh=6433603eff6acd71 vn="a variant of Win32/Conduit.SearchProtect.H potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC32Loader.dll.vir"
sh=F0862342D775EDD22A41DFE569C17F9A0422ADC5 ft=1 fh=b78ba2f8550a3b08 vn="a variant of Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64.dll.vir"
sh=9319DC5016609291BFF613A6280F1EF0E46CE340 ft=1 fh=bf9f537d5310a2d4 vn="Win64/Conduit.SearchProtect.A potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\SearchProtect\bin\SPVC64Loader.dll.vir"
sh=46048631C62C3F322F1136774B0E8213DCFBB45F ft=1 fh=5abd0a2fda4c57aa vn="a variant of Win32/Conduit.SearchProtect.I potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Program Files (x86)\SearchProtect\UI\bin\cltmngui.exe.vir"
sh=1AFB621BEBA8272ACD2BAC21B50D8885C9D579D1 ft=1 fh=d7a99a71f47706e7 vn="a variant of Win32/Conduit.SearchProtect.N potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\Conduit\IE\CT3287805\UninstallerUI.exe.vir"
sh=E15DF75E5B81A209E0E453092C9610C3F8DC7073 ft=1 fh=8918dac93ad3a346 vn="Win32/Toolbar.SearchSuite.M potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32cert.dll.vir"
sh=9B56D5787C88CF939DABA1E9273775A1D33EF25F ft=1 fh=8aacdf233e2d6e39 vn="Win32/Toolbar.SearchSuite.M potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win32prop.dll.vir"
sh=2FA019C3D1CC2BC1905FBD6765DA3CFBE851DD64 ft=1 fh=f275e610e24fd946 vn="Win64/Toolbar.SearchSuite.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64cert.dll.vir"
sh=34ABB88310B01A075382292FDE9F2B6E727E5D66 ft=1 fh=1bef8d0f51d0bf3a vn="Win64/Toolbar.SearchSuite.B potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\ProgramData\wincert\win64prop.dll.vir"
sh=93578A0F21346F205CD6A11CE02BD58ABB98EE11 ft=1 fh=f2d1349e4484dc5e vn="a variant of Win32/Toolbar.SearchSuite.G potentially unwanted application" ac=I fn="C:\AdwCleaner\Quarantine\C\Users\Administrator\AppData\Local\iLivid\Uninstall.exe.vir"
sh=97BCCD25561F44E9B13F05F6EEF083C9CE9BA529 ft=1 fh=641f1fb3d2e699c4 vn="Win32/Toolbar.Conduit.Y potentially unwanted application" ac=I fn="C:\Tiger Backup\Program Files (x86)\Conduit\Community Alerts\Alert.dll"
sh=DD585FFC47677D45522538B5D75BE0AAEA92D966 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Conduit.AL potentially unwanted application" ac=I fn="C:\Tiger Backup\Users\Andrew\AppData\Local\CRE\kfkcangbigakljkjeglcofaomihpejif.crx"
sh=A4F319312C51671C3A95C478B1006769263996A9 ft=1 fh=886ae4ceae92d42e vn="a variant of Win32/OpenCandy.A potentially unsafe application" ac=I fn="C:\Tiger Backup\Users\Andrew\AppData\Roaming\OpenCandy\C2EE230C510C4B0CB7542F65B1233BCD\OCBrowserHelper_1.0.3.85.dll"
sh=176ADA30E0A869BA40FC6474C28A4B7D6F755E49 ft=1 fh=0e7592f605e8dd91 vn="Win32/Amonetize potentially unwanted application" ac=I fn="C:\Tiger Backup\Users\Andrew\AppData\Roaming\OpenCandy\C2EE230C510C4B0CB7542F65B1233BCD\setup_759.exe"
sh=70843118CA14977A925A72D36D7C3BEA5528A147 ft=1 fh=067dc6cb650a623e vn="a variant of Win32/SweetIM.C potentially unwanted application" ac=I fn="C:\Tiger Backup\Users\Andrew\Desktop\BundleSweetIMSetup.exe"
sh=C06F4564CB4251CAE2D8EF99BC1ED461A799626F ft=1 fh=fac5f2f2f4c4c1be vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="C:\Tiger Backup\Users\Andrew\Downloads\asc-setup (1).exe"
sh=DB1A828F74287EFB24805E545435ECA276DDBB69 ft=1 fh=817e35ca7594a1f7 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="C:\Tiger Backup\Users\Andrew\Downloads\driver_fusion_1.3.0.exe"
sh=01B507668CA506897C24EA7FF3F0C255789416FA ft=1 fh=2f44db773dc1b5fa vn="a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application" ac=I fn="C:\Tiger Backup\Users\Andrew\Downloads\mp3rocket (1).exe"
sh=01B507668CA506897C24EA7FF3F0C255789416FA ft=1 fh=2f44db773dc1b5fa vn="a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application" ac=I fn="C:\Tiger Backup\Users\Andrew\Downloads\mp3rocket (2).exe"
sh=01B507668CA506897C24EA7FF3F0C255789416FA ft=1 fh=2f44db773dc1b5fa vn="a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application" ac=I fn="C:\Tiger Backup\Users\Andrew\Downloads\mp3rocket (3).exe"
sh=01B507668CA506897C24EA7FF3F0C255789416FA ft=1 fh=2f44db773dc1b5fa vn="a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application" ac=I fn="C:\Tiger Backup\Users\Andrew\Downloads\mp3rocket (4).exe"
sh=01B507668CA506897C24EA7FF3F0C255789416FA ft=1 fh=2f44db773dc1b5fa vn="a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application" ac=I fn="C:\Tiger Backup\Users\Andrew\Downloads\mp3rocket (6).exe"
sh=01B507668CA506897C24EA7FF3F0C255789416FA ft=1 fh=2f44db773dc1b5fa vn="a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application" ac=I fn="C:\Tiger Backup\Users\Andrew\Downloads\mp3rocket (7).exe"
sh=9D8501348EAA411B2E6A0946E54682DC5263D1CA ft=1 fh=78689b2d27246b22 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="C:\Tiger Backup\Users\Andrew\Downloads\mp3rocket.exe"
sh=3780B2176C1CA137B0BABA92FFF8ABEFC0551D63 ft=1 fh=8fdfb620b50cf964 vn="a variant of Win32/Adware.iBryte.C application" ac=I fn="C:\Tiger Backup\Users\Andrew\Downloads\Setup.exe"
sh=D07D9B88E160DE2FBCFB66D4A832B095EEE1EA7E ft=1 fh=c70a0a0a6d0242e9 vn="Win32/SoftonicDownloader.E potentially unwanted application" ac=I fn="C:\Tiger Backup\Users\Andrew\Downloads\SoftonicDownloader_for_leatrix-latency-fix.exe"
sh=77A9EC4163C6C884A924B36D63D74856378ECAED ft=1 fh=17b6d3da6b62a92a vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Tiger Backup\Users\Andrew\Downloads\spsetup118.exe"
sh=65D51D35E61B6CD122243B68478557930CC443B5 ft=1 fh=e05ba54c307c88c4 vn="Win32/Bundled.Toolbar.Google.E potentially unsafe application" ac=I fn="C:\Tiger Backup\Users\Andrew\Downloads\spsetup120.exe"
sh=B90E6888173092ADEBE9203B41458E4F7079E890 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.G potentially unsafe application" ac=I fn="C:\Tiger Backup\Windows\Installer\ea57b5a.msi"
sh=974AF807B9C2772CC7CF520FD1970570D7A4E721 ft=0 fh=0000000000000000 vn="JS/Exploit.Agent.NKY trojan" ac=I fn="C:\Users\Administrator\AppData\Local\Microsoft\Windows\Temporary Internet Files\Content.IE5\YFBQ85IV\search[1].htm"
sh=B8A6287CE37390201F0088BBB4C7AEBCBDA79F4F ft=1 fh=99edce6644753433 vn="a variant of Win32/AdkDLLWrapper.A potentially unwanted application" ac=I fn="C:\Users\Administrator\AppData\Roaming\uTorrent\updates\3.4.2_31893.exe"
sh=DA9F2B006AB477B8DB19BF0FEEA2EDDB16112774 ft=1 fh=6c46967d5ba0c3c5 vn="a variant of Win32/Toolbar.Widgi.N potentially unwanted application" ac=I fn="C:\Users\Administrator\Downloads\advanced-systemcare-setup.exe"
sh=5A4ADCA5CEFDEACCC9C4D2D197213E606014FDB4 ft=1 fh=63ae2f886e7f5dcc vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Administrator\Downloads\ccsetup419.exe"
sh=8459D965A7C9DC0BDD43D280C6DFE9F2DC85D35E ft=1 fh=85652dcc7840cf2e vn="MSIL/Soft32Downloader.C potentially unwanted application" ac=I fn="C:\Users\Administrator\Downloads\cpu z setup.exe"
sh=C3263C889C59DE6EE0FEC6D0E3186E2F1F5D245A ft=1 fh=615783887b929f9d vn="Win32/Bundled.Toolbar.Google.D potentially unsafe application" ac=I fn="C:\Users\Administrator\Downloads\spsetup126.exe"
sh=B8A6287CE37390201F0088BBB4C7AEBCBDA79F4F ft=1 fh=99edce6644753433 vn="a variant of Win32/AdkDLLWrapper.A potentially unwanted application" ac=I fn="C:\Users\Administrator\Downloads\uTorrent.exe"
sh=DB245714ED05F42C1E20A590A37C1E61CEEC6DCB ft=0 fh=0000000000000000 vn="a variant of Win32/InstallIQ potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-06-26 222910\Backup Files 2011-06-26 222910\Backup files 3.zip"
sh=93DA3351664FF2206520F6D919615D08B1465C59 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Gamevance.BH potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-06-26 222910\Backup Files 2011-07-04 084610\Backup files 1.zip"
sh=EBFECF14256B749AC154BBA3D0D4630EB930C157 ft=0 fh=0000000000000000 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-06-26 222910\Backup Files 2011-07-10 191340\Backup files 1.zip"
sh=8775C91272F016F06CF2EEFEE728C13718967E24 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Gamevance.BH potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-07-18 093517\Backup Files 2011-07-18 093517\Backup files 1.zip"
sh=B239F7809CB126B6BCCFA44FAF042A08D2367EDE ft=0 fh=0000000000000000 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-07-18 093517\Backup Files 2011-07-18 093517\Backup files 2.zip"
sh=41213C96180CA4F32F6920093913E16D4B07B794 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallIQ potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-07-18 093517\Backup Files 2011-07-18 093517\Backup files 3.zip"
sh=D4A415F52051D422AE4F26EE2065E22334D693D9 ft=0 fh=0000000000000000 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-07-18 093517\Backup Files 2011-07-18 093517\Backup files 4.zip"
sh=2D78892D273CE5C603E842112122A96D6922EAE8 ft=0 fh=0000000000000000 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-07-18 093517\Backup Files 2011-07-24 205534\Backup files 1.zip"
sh=82456B0979A40003E59AA9777D70C68AB7533B58 ft=0 fh=0000000000000000 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-07-18 093517\Backup Files 2011-07-24 205534\Backup files 2.zip"
sh=524BE2A4047DF6EE31470A33AF18BCB03EE148A9 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Gamevance.BH potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-08-14 190005\Backup Files 2011-08-14 190005\Backup files 1.zip"
sh=2A2A7DDE111ABAF34550FC70192A2BA4A41CE132 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallIQ potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-08-14 190005\Backup Files 2011-08-14 190005\Backup files 2.zip"
sh=15855330F6B6D40AC131FC0A802947C7F7BD4469 ft=0 fh=0000000000000000 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-08-14 190005\Backup Files 2011-08-14 190005\Backup files 3.zip"
sh=07259A25714150D65DB19CA246A67AE267890760 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Gamevance.BH potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-09-04 190005\Backup Files 2011-09-04 190005\Backup files 1.zip"
sh=C28251BD6CD1BD8D09FDC82FFDBD97909ED389B8 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-09-04 190005\Backup Files 2011-09-04 190005\Backup files 3.zip"
sh=201AF0AC7B0A729BB15DC6D840EE3F1D167329F3 ft=0 fh=0000000000000000 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-09-04 190005\Backup Files 2011-09-04 190005\Backup files 5.zip"
sh=EA233ECF1FBA468C8ABCA120A64F5916E5E3BF32 ft=0 fh=0000000000000000 vn="a variant of Win32/InstallCore.D potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-09-04 190005\Backup Files 2011-09-18 190005\Backup files 1.zip"
sh=23EBB896B3C0D8778AE134CADDC5DE8A53ADC8AB ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-09-04 190005\Backup Files 2011-09-25 190005\Backup files 1.zip"
sh=CEF525EBA89ECA7189683C760BA4CE48CA721A96 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Gamevance.BH potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-10-02 190006\Backup Files 2011-10-02 190006\Backup files 1.zip"
sh=256031A8215A003B373E4195A2EB2C45D049F969 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-10-02 190006\Backup Files 2011-10-02 190006\Backup files 3.zip"
sh=EFD5CE53868690D91774CB15567DA823515B6AE0 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Gamevance.BH potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-10-30 190006\Backup Files 2011-10-30 190006\Backup files 1.zip"
sh=82018692E5115E1E0D0A97715F5830178DADB240 ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-10-30 190006\Backup Files 2011-10-30 190006\Backup files 5.zip"
sh=1D8D803630A56C3CE5AC1D6BA48D57E342794E2E ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Gamevance.BH potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-12-04 190006\Backup Files 2011-12-04 190006\Backup files 2.zip"
sh=A6DEBC700C4607D4531B33ADA88E22046A64A581 ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask potentially unsafe application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-12-04 190006\Backup Files 2011-12-04 190006\Backup files 5.zip"
sh=F62B9C6872C724C477D0E7EBBB2548F06B7A8443 ft=0 fh=0000000000000000 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="F:\ANDREW-PC\Backup Set 2011-12-04 190006\Backup Files 2012-01-01 190001\Backup files 2.zip"
sh=71766E87D9D01FF8CA01565475D0AC165BED3534 ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Gamevance.BH potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2012-01-08 190005\Backup Files 2012-01-08 190005\Backup files 2.zip"
sh=330FB4074DB18B6641D892BD707F8EDF6B5DD0D9 ft=0 fh=0000000000000000 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2012-01-08 190005\Backup Files 2012-01-08 190005\Backup files 7.zip"
sh=4EF4DEB56CF3012B0F500BBAECC11CD3441FC28A ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Gamevance.BH potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2012-02-05 190001\Backup Files 2012-02-05 190001\Backup files 3.zip"
sh=100972A9F11394C8B2AA0E50F0E47DC555429C65 ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2012-02-05 190001\Backup Files 2012-02-05 190001\Backup files 9.zip"
sh=AF0BD1265DFB28B350D2259F9B57E24F6B80EB09 ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Babylon.A potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2012-02-05 190001\Backup Files 2012-03-11 190002\Backup files 3.zip"
sh=04115F2781434608A53A432805C78997BCF8B16C ft=0 fh=0000000000000000 vn="a variant of Win32/Adware.Gamevance.BH potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2012-04-01 190001\Backup Files 2012-04-01 190001\Backup files 3.zip"
sh=CBEE72EA4916FEFCCAB84071EE8CDF9DF8550F75 ft=0 fh=0000000000000000 vn="Win32/SoftonicDownloader.A potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2012-04-01 190001\Backup Files 2012-04-01 190001\Backup files 6.zip"
sh=720650C0F188D48675151221DB475A04EB0687BD ft=0 fh=0000000000000000 vn="a variant of Win32/InstallIQ potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2012-05-06 190003\Backup Files 2012-05-06 190003\Backup files 8.zip"
sh=E5AF4904D441E19990378C6E15D9D709F5242333 ft=0 fh=0000000000000000 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2012-07-22 190002\Backup Files 2012-07-22 190002\Backup files 8.zip"
sh=B99A6FDEEA7C0EFB7F9CDB36F262EF584199B178 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\ANDREW-PC\Backup Set 2012-07-22 190002\Backup Files 2012-09-02 190001\Backup files 1.zip"
sh=C1915F3C307258BD498BDFF24805F333344FC590 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\ANDREW-PC\Backup Set 2012-07-22 190002\Backup Files 2012-09-09 190001\Backup files 2.zip"
sh=397E876DB9B6F596D5A482A164556AB3A744C8D7 ft=0 fh=0000000000000000 vn="JS/Adware.Yontoo.A application" ac=I fn="F:\ANDREW-PC\Backup Set 2012-09-30 190002\Backup Files 2012-09-30 190002\Backup files 7.zip"
sh=E81E0A44D585B7DF8FDD1F7BB23348016EFCDE38 ft=0 fh=0000000000000000 vn="a variant of Win32/SweetIM.C potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2012-09-30 190002\Backup Files 2012-09-30 190002\Backup files 8.zip"
sh=01110E45170431BBAE1014F066E6DC09C9F109B9 ft=0 fh=0000000000000000 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2012-09-30 190002\Backup Files 2012-09-30 190002\Backup files 9.zip"
sh=D30C19BF031595F520FC500DB80819AC60275FE7 ft=0 fh=0000000000000000 vn="Win32/Somoto.F potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2012-11-11 190001\Backup Files 2012-11-11 190001\Backup files 11.zip"
sh=66A181BB80B8CEC8D26FDB11BDB9237D6CCF191A ft=0 fh=0000000000000000 vn="a variant of Win32/SweetIM.C potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2012-11-11 190001\Backup Files 2012-11-11 190001\Backup files 9.zip"
sh=0F7F8E36D3D1212FFCD388D004C10FE7E9E07E14 ft=0 fh=0000000000000000 vn="Win32/Amonetize potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2012-11-11 190001\Backup Files 2012-11-18 190002\Backup files 1.zip"
sh=4C0842925DC18C258734BD380D012E3E7A22C07C ft=0 fh=0000000000000000 vn="Win32/OpenCandy potentially unsafe application" ac=I fn="F:\ANDREW-PC\Backup Set 2012-11-11 190001\Backup Files 2012-11-18 190002\Backup files 2.zip"
sh=554E1526A54CE04334D974C6A335721FBCFE90BD ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\ANDREW-PC\Backup Set 2012-11-11 190001\Backup Files 2012-12-02 190002\Backup files 2.zip"
sh=744E9E1E3B64F6CBB9E7BF842B60D3A590FEE89B ft=0 fh=0000000000000000 vn="a variant of Win32/SweetIM.C potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2013-01-20 190001\Backup Files 2013-01-20 190001\Backup files 12.zip"
sh=D39971D7C629E5DBB053CB1B874F984FE88C9397 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\ANDREW-PC\Backup Set 2013-01-20 190001\Backup Files 2013-01-20 190001\Backup files 13.zip"
sh=6AE357E57BFE5F47F096CD90241AA6B8BDBFB7C0 ft=0 fh=0000000000000000 vn="Win32/Amonetize potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2013-01-20 190001\Backup Files 2013-01-20 190001\Backup files 5.zip"
sh=FFFE300A5EA612A1ED3AD26E4693049ED8391CEC ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2013-01-20 190001\Backup Files 2013-03-31 190001\Backup files 1.zip"
sh=DABD55CA6A42DC877622E539841693DCDADE8E7C ft=0 fh=0000000000000000 vn="a variant of Win32/Bundled.Toolbar.Ask.C potentially unsafe application" ac=I fn="F:\ANDREW-PC\Backup Set 2013-01-20 190001\Backup Files 2013-04-07 190001\Backup files 1.zip"
sh=336CA7A9B273C1E9391D58F3BEC62F1C598A255E ft=0 fh=0000000000000000 vn="a variant of Win32/SweetIM.C potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2013-04-14 190001\Backup Files 2013-04-14 190001\Backup files 12.zip"
sh=B88F56F202AE9BD311BA9D6E340883E38E6886BA ft=0 fh=0000000000000000 vn="a variant of Win32/Toolbar.Widgi.B potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2013-04-14 190001\Backup Files 2013-04-14 190001\Backup files 13.zip"
sh=791D99E4CE7ED61E0580CF3B7FE8749B477FF019 ft=0 fh=0000000000000000 vn="multiple threats" ac=I fn="F:\ANDREW-PC\Backup Set 2013-04-14 190001\Backup Files 2013-04-14 190001\Backup files 14.zip"
sh=D0BA0BE6D84EECCF5223B6B79AC93218CF6D8C65 ft=0 fh=0000000000000000 vn="Win32/Amonetize potentially unwanted application" ac=I fn="F:\ANDREW-PC\Backup Set 2013-04-14 190001\Backup Files 2013-04-14 190001\Backup files 6.zip"


#13 Daanmakus

Daanmakus
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 14 November 2015 - 05:44 PM

I came back and the eset program had finished but I did not press finish.

 

I think this is the log.



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:06:52 AM

Posted 15 November 2015 - 05:17 AM

ESET hasn't foundy any active malware. Just sume files that are already quarantined by our tools, some temporary files and some stuff in old backups.

lesestoff.png

Can you please tell me which problems still persist now?

Step 1

frst.pngfrstscan.png

Start FRST with administator privileges.
  • Press the Scan button.
  • When finished, FRST will produce a log (FRST.txt) in the same directory the tool was run from.
    Please copy and paste the log in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 Daanmakus

Daanmakus
  • Topic Starter

  • Members
  • 50 posts
  • OFFLINE
  •  
  • Local time:11:52 PM

Posted 15 November 2015 - 08:53 AM

Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by Administrator (2015-11-15 08:51:51)
Running from C:\Users\Administrator\Desktop
Windows 7 Home Premium Service Pack 1 (X64) (2013-05-31 19:52:54)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-2934196910-795859369-2802726781-500 - Administrator - Enabled) => C:\Users\Administrator
Guest (S-1-5-21-2934196910-795859369-2802726781-501 - Limited - Enabled)
HomeGroupUser$ (S-1-5-21-2934196910-795859369-2802726781-1002 - Limited - Enabled)
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Microsoft Security Essentials (Enabled - Up to date) {B7ECF8CD-0188-6703-DBA4-AA65C6ACFB0A}
AS: Microsoft Security Essentials (Enabled - Up to date) {0C8D1929-27B2-688D-E114-9117BD2BB1B7}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20077 - Adobe Systems Incorporated)
Adobe AIR (HKLM-x32\...\Adobe AIR) (Version: 15.0.0.293 - Adobe Systems Incorporated)
Adobe Flash Player 18 ActiveX (HKLM-x32\...\Adobe Flash Player ActiveX) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.232 - Adobe Systems Incorporated)
Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.3.153 - Adobe Systems, Inc.)
Aion (HKLM-x32\...\{B9291CA2-6FA5-44EA-8EE0-923EB32ADAAB}) (Version: 4.0.0.3 - NC Interactive, LLC)
Aion (HKLM-x32\...\NCW-AION) (Version: 1.0.0.2 - NC Interactive, LLC)
Apple Application Support (32-bit) (HKLM-x32\...\{447CDCE5-F555-429B-BFA6-642C3C6D684F}) (Version: 3.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{0DF7096B-715A-4233-8633-C7A16ED6D616}) (Version: 3.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{C4123106-B685-48E6-B9BD-E4F911841EB4}) (Version: 8.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
ASUS USB-N13 WLAN Card Utilities & Driver (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D12314F45EB}) (Version: 1.0.0.7 - ASUS)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
DivX Setup (HKLM-x32\...\DivX Setup) (Version: 2.6.3.52 - DivX, LLC)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version:  - )
FirstClass® Client (HKLM-x32\...\{5B35C417-2649-11D6-83D1-0050FC01225C}) (Version: 10.0 (build 10.014) - FirstClass Division, Open Text Corporation.)
Fitbit Connect (HKLM-x32\...\{D3CD091B-296B-48E9-9F0F-E9FE53E02E41}) (Version: 1.0.3.5511 - Fitbit Inc.)
Glyph (HKLM-x32\...\Glyph) (Version:  - Trion Worlds, Inc.)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.86 - Google Inc.)
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
HP Photo Creations (HKLM-x32\...\HP Photo Creations) (Version: 1.0.0.7702 - HP)
HP Support Solutions Framework (HKLM-x32\...\{FC3C2B77-6800-48C6-A15D-9D1031130C16}) (Version: 11.51.0049 - Hewlett-Packard Company)
HP Update (HKLM-x32\...\{97486FBE-A3FC-4783-8D55-EA37E9D171CC}) (Version: 5.005.000.002 - Hewlett-Packard)
HPDiagnosticCoreDll (HKLM-x32\...\{9262B08F-E183-4FED-A2BD-23FF1A84EB79}) (Version: 1.0.15.0 - Hewlett Packard)
iCloud (HKLM\...\{309768A4-A2BB-4930-A5A2-8169678C9B4C}) (Version: 4.0.6.28 - Apple Inc.)
Intel® Driver Update Utility 2.0 (x32 Version: 2.0.0.29 - Intel) Hidden
Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.0.1252 - Intel Corporation)
Intel® Network Connections Drivers (HKLM\...\PROSet) (Version: 15.4 - Intel)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)
Intel® Driver Update Utility (HKLM-x32\...\{8409c4f7-2340-4933-a304-5d37db4fb48b}) (Version: 2.0.0.29 - Intel)
iTunes (HKLM\...\{D227565A-0033-40AD-89BA-653A205CDC11}) (Version: 12.1.1.4 - Apple Inc.)
Junk Mail filter update (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
K-Lite Codec Pack 10.5.5 Full (HKLM-x32\...\KLiteCodecPack_is1) (Version: 10.5.5 - )
Kobo (HKLM-x32\...\Kobo) (Version: 3.17.0 - Rakuten Kobo Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft .NET Framework 4.5.2 (HKLM\...\{92FB6C44-E685-45AD-9B20-CADF4CABA132} - 1033) (Version: 4.5.51209 - Microsoft Corporation)
Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
Microsoft Forefront UAG endpoint components v4.0.0 (HKLM-x32\...\Microsoft Forefront UAG endpoint components 3.1.0) (Version:  - Microsoft Corporation)
Microsoft OneDrive (HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\OneDriveSetup.exe) (Version: 17.0.4035.0328 - Microsoft Corporation)
Microsoft Security Essentials (HKLM\...\Microsoft Security Client) (Version: 4.8.204.0 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft Silverlight 3 SDK (HKLM-x32\...\{2012098D-EEE9-4769-8DD3-B038050854D4}) (Version: 3.0.40818.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010  x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010  x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 32.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 32.0.3 (x86 en-US)) (Version: 32.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 30.0 - Mozilla)
MSI Afterburner 3.0.1 (HKLM-x32\...\Afterburner) (Version: 3.0.1 - MSI Co., LTD)
MUSHclient (remove only) (HKLM-x32\...\MUSHclient) (Version:  - )
NCSOFT Game Launcher (HKLM-x32\...\NCLauncher_NCWest) (Version:  - NCSOFT)
netTALK (HKLM-x32\...\netTALK) (Version: 1.34 - netTALK)
netTALK DUO WiFi Management Tool (HKLM-x32\...\{1C369AF1-6121-4BDE-A109-468C1418DC23}) (Version: 1.0.5 - netTALK)
NVIDIA 3D Vision Controller Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 344.75 - NVIDIA Corporation)
NVIDIA 3D Vision Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 344.75 - NVIDIA Corporation)
NVIDIA GeForce Experience 2.1.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.1.4 - NVIDIA Corporation)
NVIDIA Graphics Driver 344.75 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 344.75 - NVIDIA Corporation)
NVIDIA HD Audio Driver 1.3.32.1 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.32.1 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.14.0702 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.14.0702 - NVIDIA Corporation)
OpenOffice 4.0.0 (HKLM-x32\...\{55E61709-D7D4-43C0-B45D-BFAF5C09A02D}) (Version: 4.00.9702 - Apache Software Foundation)
QuickTime 7 (HKLM-x32\...\{3D2CBC2C-65D4-4463-87AB-BB2C859C1F3E}) (Version: 7.76.80.95 - Apple Inc.)
Razer Core (HKLM-x32\...\Razer Core) (Version: 1.0.1.66 - Razer Inc)
Razer Synapse 2.0 (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.15.20888 - Razer Inc.)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7040 - Realtek Semiconductor Corp.)
Renesas Electronics USB 3.0 Host Controller Driver (HKLM-x32\...\InstallShield_{5442DAB8-7177-49E1-8B22-09A049EA5996}) (Version: 2.1.28.1 - Renesas Electronics Corporation)
Renesas Electronics USB 3.0 Host Controller Driver (x32 Version: 2.1.28.1 - Renesas Electronics Corporation) Hidden
RIFT (HKLM-x32\...\Glyph RIFT) (Version:  - Trion Worlds, Inc.)
SHIELD Streaming (Version: 3.1.2000 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 16.13.65 - NVIDIA Corporation) Hidden
Speccy (HKLM\...\Speccy) (Version: 1.25 - Piriform)
swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden
Unity Web Player (HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\UnityWebPlayer) (Version:  - Unity Technologies ApS)
VC80CRTRedist - 8.0.50727.6195 (x32 Version: 1.2.0 - DivX, Inc) Hidden
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== Restore Points =========================
 
31-05-2013 10:46:34 Windows Update
31-05-2013 10:59:44 Windows Update
31-05-2013 11:22:04 Windows Update
13-11-2015 03:00:41 Windows Update
14-11-2015 03:00:26 Windows Update
15-11-2015 03:00:26 Windows Update
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2009-07-13 21:34 - 2015-11-12 07:29 - 00000027 ____A C:\Windows\system32\Drivers\etc\hosts
 
127.0.0.1       localhost
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {478452C7-DE14-4A59-A334-B4C1E9F10124} - System32\Tasks\{3953C9EC-FC84-41AD-BE7B-687DD2CF2594} => Iexplore.exe hxxp://ui.skype.com/ui/0/4.2.0.169.260/en/abandoninstall?source=lightinstaller&amp;page=tsMain&amp;installinfo=google-toolbar:offered-installed,google-chrome:notoffered;toolbaroffered
Task: {69905146-DCE2-4D17-8D46-78E5215FE510} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {7888ADE7-65C7-4549-9DE8-DC1EA11EFB55} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {AE03B492-9C07-4F9B-B814-C99F8921D54B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-29] (Google Inc.)
Task: {D56630FA-E331-43FE-9757-9A4C6A133185} - System32\Tasks\Driver Booster SkipUAC (Administrator) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {DF67CCFD-1F85-4F76-AC86-5D7EF16ECD04} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {EC748E99-7720-4DA9-A59B-B434A1285404} - System32\Tasks\{A8C7373E-38F6-461C-BEA8-6827F9474C08} => C:\Program Files (x86)\FirstClass\fcc32.exe [2011-04-15] (Open Text Inc.)
Task: {FE344AB3-E930-4698-83F9-E62AA508979A} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2015-08-11] (Adobe Systems Incorporated)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-11-11 20:31 - 2015-11-06 23:36 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libglesv2.dll
2015-11-11 20:31 - 2015-11-06 23:36 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\libegl.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
IE trusted site: HKU\.DEFAULT\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\.DEFAULT\...\freerealms.com -> freerealms.com
IE trusted site: HKU\.DEFAULT\...\soe.com -> soe.com
IE trusted site: HKU\.DEFAULT\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-19\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-19\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-19\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-19\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-20\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-20\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-20\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-20\...\sony.com -> sony.com
IE trusted site: HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\clonewarsadventures.com -> clonewarsadventures.com
IE trusted site: HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\freerealms.com -> freerealms.com
IE trusted site: HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\hola.org -> hxxp://hola.org
IE trusted site: HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\soe.com -> soe.com
IE trusted site: HKU\S-1-5-21-2934196910-795859369-2802726781-500\...\sony.com -> sony.com
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-2934196910-795859369-2802726781-500\Control Panel\Desktop\\Wallpaper -> C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper.jpg
DNS Servers: 192.168.254.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 0) (EnableLUA: 0)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
MSCONFIG\Services: AdobeARMservice => 2
MSCONFIG\Services: AdobeFlashPlayerUpdateSvc => 3
MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: Fitbit Connect => 2
MSCONFIG\Services: GfExperienceService => 2
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: hola_svc => 2
MSCONFIG\Services: hola_updater => 2
MSCONFIG\Services: HPSupportSolutionsFrameworkService => 2
MSCONFIG\Services: IAStorDataMgrSvc => 2
MSCONFIG\Services: Intel® Capability Licensing Service Interface => 2
MSCONFIG\Services: iPod Service => 3
MSCONFIG\Services: LMS => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: NetTalkUsrLaunchService => 2
MSCONFIG\Services: NetTalkUsrService => 3
MSCONFIG\Services: NvNetworkService => 2
MSCONFIG\Services: NvStreamSvc => 2
MSCONFIG\Services: nvsvc => 2
MSCONFIG\Services: Razer Game Scanner Service => 2
MSCONFIG\Services: Realtek11nCU => 2
MSCONFIG\Services: RzOvlMon => 2
MSCONFIG\Services: Stereo Service => 2
MSCONFIG\Services: UNS => 2
MSCONFIG\startupreg: APSDaemon => "C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe"
MSCONFIG\startupreg: CCleaner Monitoring => "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
MSCONFIG\startupreg: DivXMediaServer => C:\Program Files (x86)\DivX\DivX Media Server\DivXMediaServer.exe
MSCONFIG\startupreg: DivXUpdate => "C:\Program Files (x86)\DivX\DivX Update\DivXUpdate.exe" /CHECKNOW
MSCONFIG\startupreg: Fitbit Connect => "C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe" /autorun
MSCONFIG\startupreg: hola => C:\Program Files\Hola\app\hola.exe --silent
MSCONFIG\startupreg: HP Software Update => C:\Program Files (x86)\Hp\HP Software Update\HPWuSchd2.exe
MSCONFIG\startupreg: IAStorIcon => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIconLaunch.exe "C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe" 60
MSCONFIG\startupreg: iTunesHelper => "C:\Program Files\iTunes\iTunesHelper.exe"
MSCONFIG\startupreg: MSC => "c:\Program Files\Microsoft Security Client\msseces.exe" -hide -runkey
MSCONFIG\startupreg: NCUpdateHelper => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe
MSCONFIG\startupreg: NetTalk => C:\Program Files (x86)\netTALK\nettalkg.exe
MSCONFIG\startupreg: NUSB3MON => "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
MSCONFIG\startupreg: NvBackend => "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
MSCONFIG\startupreg: QuickTime Task => "C:\Program Files (x86)\QuickTime\QTTask.exe" -atboottime
MSCONFIG\startupreg: Razer Synapse => "C:\Program Files (x86)\Razer\Synapse\RzSynapse.exe"
MSCONFIG\startupreg: RTHDVCPL => "C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe" -s
MSCONFIG\startupreg: ShadowPlay => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
MSCONFIG\startupreg: uTorrent => "C:\Users\Administrator\AppData\Roaming\uTorrent\uTorrent.exe"  /MINIMIZED
MSCONFIG\startupreg: WhlCach3.exe => "C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\WhlCach3.exe"
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [{FFF20630-8D46-45E1-A403-CC9A8B33D2AC}] => (Allow) C:\Users\Administrator\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe
FirewallRules: [{C9E445AD-6F91-48E2-BF1F-676C42AC58E3}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{469B2579-ADAD-47E8-ACAB-5C85ED7F5D4E}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{54E0A270-70ED-45A5-9734-432A91390020}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{EC88C587-96AE-459C-8B7B-5BE3368D8118}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{CB9B96E1-0C9A-475E-9A6B-00370ACDB8FF}] => (Allow) C:\Users\Administrator\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{4FC6B5EC-3EAA-4C1A-B86A-F72C69D97105}] => (Allow) C:\Users\Administrator\AppData\Local\iLivid\iLivid.exe
FirewallRules: [{AA5D6264-715D-461C-8DC2-F6A13D1CEE74}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{ED025AC7-D002-40B5-93FE-1AEB5E10BA3B}] => (Allow) LPort=2869
FirewallRules: [{7C3A1949-0F8F-4E12-865F-EA6417C841BC}] => (Allow) LPort=1900
FirewallRules: [{AF7844FE-FAE8-4DAE-8635-ACA6F7EB2276}] => (Allow) C:\Program Files (x86)\Windows Live\Messenger\msnmsgr.exe
FirewallRules: [{FD02DFDA-C502-4081-B6D8-B2DE26B51E55}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [{7E85CEB7-5F3B-4631-9DA9-35372790DA1E}] => (Allow) C:\ProgramData\Battle.net\Agent\Agent.3023\Agent.exe
FirewallRules: [TCP Query User{40D98A06-9BFA-40C8-B8E2-62EF43032444}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [UDP Query User{ACFC1974-443A-4AF6-B108-E5F5471DD820}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [TCP Query User{42523B84-8E5F-4419-A329-322DCF4A5C33}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [UDP Query User{8BEC2CBA-71AA-426A-AD5C-9FF1ABB06F7E}C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe] => (Allow) C:\program files (x86)\ncwest\nclauncher\ncupdatehelper.exe
FirewallRules: [{4393451F-4DF8-44EB-9ACB-DE20B7C0FE9B}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{036454EE-26FC-4B12-B4F1-4CF9994250BE}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{934F45D2-5465-4683-88A6-3A31FA30183C}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{8C93E466-976F-42FA-A21B-5959A02080EC}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe
FirewallRules: [{96B5768B-A128-467C-9D47-43D308AC373F}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{F3F4A800-3C33-4372-809A-AE48B962824D}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{0599BB8C-2CE8-4724-A5E1-70E5CC9E9E4F}] => (Allow) C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtWLan.exe
FirewallRules: [{8B03A238-3BD5-4F21-9C91-38F24104B9A2}] => (Allow) C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtWLan.exe
FirewallRules: [{DEB136E4-4945-4856-A21F-527DF4A22097}] => (Allow) LPort=1542
FirewallRules: [{6C42F8BC-A8EC-48F8-B7C6-88466031A0CD}] => (Allow) LPort=1542
FirewallRules: [{FF5D5C8B-A4BC-4826-83DD-A093F01E4A5F}] => (Allow) LPort=53
FirewallRules: [{378DD295-6535-4290-81F7-8B7306C98A50}] => (Allow) C:\Program Files\iTunes\iTunes.exe
FirewallRules: [{1AE84F2D-F4ED-41BC-AD60-3351315C960E}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{E5B10818-7603-4F45-BD5A-0733608A9AD4}] => (Allow) C:\Program Files\Hola\app\hola_updater.exe
FirewallRules: [{80FFAF38-C80A-4D32-A1AE-E65F35578A74}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{264F9F35-18BC-4FFF-B31F-FB46B1E4355F}] => (Allow) C:\Windows\System32\config\systemprofile\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{EDD0A3A2-0F67-4A81-B74F-AA347C49F473}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{65991EAE-EF5F-4054-8478-3615316657B0}] => (Allow) C:\Program Files\Hola\app\hola_svc.exe
FirewallRules: [{2C043B23-C889-49F9-B0EE-0E099A0217B3}] => (Allow) C:\Users\Administrator\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{E9AA1DB6-5B28-47E8-8845-420782EA4B47}] => (Allow) C:\Users\Administrator\AppData\Local\Hola\firefox_hola\app\hola_plugin.exe
FirewallRules: [{5B9EAEA2-E46E-4D78-9136-F89A874996CF}] => (Allow) C:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{64A1492F-A831-48E6-87E0-B8F31FD3A83A}] => (Allow) C:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{0144A264-0DB2-47D7-B9EA-4AFFC0690B9E}] => (Allow) C:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{66169C92-F9B7-47B6-9BC1-3C627A9C9272}] => (Allow) C:\Program Files (x86)\Glyph\GlyphClient.exe
FirewallRules: [{6746C302-60AF-4F0A-A037-8E99C537D981}] => (Allow) C:\Program Files (x86)\Glyph\GlyphDownloader.exe
FirewallRules: [{BA92E0F0-48D6-4FE5-858B-C703EEC0ABC4}] => (Allow) C:\Program Files (x86)\Glyph\GlyphDownloader.exe
FirewallRules: [{2C880607-911D-4F30-8C2A-360A3E685DDC}] => (Allow) C:\Program Files (x86)\Glyph\GlyphDownloader.exe
FirewallRules: [{DA340F46-0CEE-4472-9236-5070ED024AAF}] => (Allow) C:\Program Files (x86)\Glyph\GlyphDownloader.exe
FirewallRules: [{971465B4-8323-46D6-BDC5-DD24474CBB5D}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Faulty Device Manager Devices =============
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: 
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Deskjet 3520 series
Description: HP Deskjet 3520 series
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
Name: HP Officejet 6600
Description: HP Officejet 6600
Class Guid: {4d36e979-e325-11ce-bfc1-08002be10318}
Manufacturer: 
Service: 
Problem: : The drivers for this device are not installed. (Code 28)
Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (11/14/2015 05:42:04 PM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (11/14/2015 09:23:40 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (11/14/2015 09:23:36 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (11/14/2015 09:23:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (11/14/2015 09:23:31 AM) (Source: SideBySide) (EventID: 80) (User: )
Description: Activation context generation failed for "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest1".Error in manifest or policy file "C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest2" on line C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\Windows\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_fa3b1e3d17594757.manifest.
Component 2: C:\Windows\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.7601.18837_none_41e855142bd5705d.manifest.
 
Error: (11/13/2015 10:43:46 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/13/2015 10:29:13 PM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/13/2015 03:24:25 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/12/2015 07:30:26 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
Error: (11/12/2015 06:44:38 AM) (Source: Microsoft-Windows-WMI) (EventID: 10) (User: NT AUTHORITY)
Description: Event filter with query "SELECT * FROM __InstanceModificationEvent WITHIN 60 WHERE TargetInstance ISA "Win32_Processor" AND TargetInstance.LoadPercentage > 99" could not be reactivated in namespace "//./root/CIMV2" because of error 0x80041003. Events cannot be delivered through this filter until the problem is corrected.
 
 
System errors:
=============
Error: (11/15/2015 03:01:21 AM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
Description: Installation Failure: Windows failed to install the following update with error 0x80070103: Hewlett-Packard  - Imaging - Null Print - HP Deskjet 3520 series.
 
Error: (11/14/2015 09:26:18 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (11/14/2015 09:26:18 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (11/14/2015 09:26:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (11/14/2015 09:26:17 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (11/14/2015 09:26:17 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (11/14/2015 09:26:17 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (11/14/2015 09:24:53 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
Error: (11/14/2015 09:24:53 AM) (Source: Application Popup) (EventID: 1060) (User: )
Description: \??\C:\Users\ADMINI~1\AppData\Local\Temp\ehdrv.sys has been blocked from loading due to incompatibility with this system. Please contact your software vendor for a compatible version of the driver.
 
Error: (11/14/2015 09:24:52 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The eapihdrv service failed to start due to the following error: 
%%1275
 
 
CodeIntegrity:
===================================
  Date: 2015-11-12 07:26:14.270
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
  Date: 2015-11-12 07:26:14.239
  Description: Windows is unable to verify the image integrity of the file \Device\HarddiskVolume2\ComboFix\catchme.sys because file hash could not be found on the system. A recent hardware or software change might have installed a file that is signed incorrectly or damaged, or that might be malicious software from an unknown source.
 
 
==================== Memory info =========================== 
 
Processor: Intel® Core™ i7-2600K CPU @ 3.40GHz
Percentage of memory in use: 34%
Total physical RAM: 8171.95 MB
Available physical RAM: 5353.23 MB
Total Virtual: 16342.08 MB
Available Virtual: 13889.11 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:372.51 GB) (Free:140.44 GB) NTFS
Drive d: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive e: (System Reserved) (Fixed) (Total:0.1 GB) (Free:0.07 GB) NTFS ==>[system with boot components (obtained from drive)]
Drive f: () (Fixed) (Total:931.41 GB) (Free:185.06 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 372.6 GB) (Disk ID: 69AAC6FB)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=372.5 GB) - (Type=07 NTFS)
 
========================================================
Disk: 1 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: AEB1AA7B)
Partition 1: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=931.4 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
Ran by Administrator (administrator) on WIN-PVS7D20PCI3 (15-11-2015 08:51:06)
Running from C:\Users\Administrator\Desktop
Loaded Profiles: Administrator (Available Profiles: Administrator & DefaultAppPool)
Platform: Windows 7 Home Premium Service Pack 1 (X64) Language: English (United States)
Internet Explorer Version 10 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\MsMpEng.exe
(Microsoft Corporation) C:\Windows\System32\CISVC.EXE
(Microsoft Corporation) C:\Windows\System32\inetsrv\inetinfo.exe
(Microsoft Corporation) C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVC.EXE
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(Microsoft Corp.) C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLIDSVCM.EXE
(Microsoft Corporation) C:\Program Files\Microsoft Security Client\msseces.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM-x32\...\Run: [] => [X]
HKLM-x32\...\Run: [NCUpdateHelper] => C:\Program Files (x86)\NCWest\NCLauncher\NCUpdateHelper.exe [526240 2014-12-12] (NCSOFT Corporation)
HKU\S-1-5-18\...\RunOnce: [SpUninstallDeleteDir] => rmdir /s /q "\SearchProtect"
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 192.168.254.1
Tcpip\..\Interfaces\{545EB3FE-7A9B-42F2-B813-A277510EF7F3}: [DhcpNameServer] 192.168.254.1
 
Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-2934196910-795859369-2802726781-500\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=msnhome
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
HKU\S-1-5-21-2934196910-795859369-2802726781-500\Software\Microsoft\Internet Explorer\Main,Search Page = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&ar=iesearch
SearchScopes: HKLM -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKLM -> {BAE63D25-9BCD-4DB4-AF99-42E7C979BD10} URL = 
SearchScopes: HKLM-x32 -> DefaultScope {BAE63D25-9BCD-4DB4-AF99-42E7C979BD10} URL = 
SearchScopes: HKU\S-1-5-21-2934196910-795859369-2802726781-500 -> DefaultScope {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = 
SearchScopes: HKU\S-1-5-21-2934196910-795859369-2802726781-500 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.google.com/search?q={searchTerms}&rls=com.microsoft:{language}&ie={inputEncoding}&oe={outputEncoding}&startIndex={startIndex?}&startPage={startPage}
SearchScopes: HKU\S-1-5-21-2934196910-795859369-2802726781-500 -> {758B870D-DF78-4A6A-9955-DEDDCACF94DC} URL = 
SearchScopes: HKU\S-1-5-21-2934196910-795859369-2802726781-500 -> {BAE63D25-9BCD-4DB4-AF99-42E7C979BD10} URL = 
BHO: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
BHO-x32: Windows Live ID Sign-in Helper -> {9030D464-4C02-4ABF-8ECC-5164760863C6} -> C:\Program Files (x86)\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll [2012-07-17] (Microsoft Corp.)
DPF: HKLM-x32 {8D9563A9-8D5F-459B-87F2-BA842255CB9A} hxxps://www.myhdsb.ca/InternalSite/WhlCompMgr.cab
 
FireFox:
========
FF ProfilePath: C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\uvuxi8sq.default
FF Homepage: hxxp://www.google.ca/
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_18_0_0_232.dll [2015-08-11] ()
FF Plugin: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_232.dll [2015-08-11] ()
FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\Windows\SysWOW64\Adobe\Director\np32dsw_1213153.dll [2014-06-24] (Adobe Systems, Inc.)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()
FF Plugin-x32: @divx.com/DivX VOD Helper,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX OVS Helper\npovshelper.dll [2014-05-22] (DivX, LLC.)
FF Plugin-x32: @divx.com/DivX Web Player Plug-In,version=1.0.0 -> C:\Program Files (x86)\DivX\DivX Web Player\npdivx32.dll [2014-06-02] (DivX, LLC)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @microsoft.com/GENUINE -> disabled [No File]
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2014-11-12] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Plugin HKU\.DEFAULT: @hola.org/FlashPlayer -> C:\Users\Administrator\AppData\Local\Hola\firefox_hola\app\flash\NPSWF32_18_0_0_232.dll [No File]
FF Plugin HKU\.DEFAULT: @hola.org/vlc -> C:\Users\Administrator\AppData\Local\Hola\firefox_hola\app\vlc\npvlc.dll [No File]
FF Plugin HKU\S-1-5-21-2934196910-795859369-2802726781-500: @unity3d.com/UnityPlayer,version=1.0 -> C:\Users\Administrator\AppData\LocalLow\Unity\WebPlayer\loader\npUnity3D32.dll [2013-11-25] (Unity Technologies ApS)
FF Extension: Advanced SystemCare Surfing Protection - C:\Users\Administrator\AppData\Roaming\Mozilla\Firefox\Profiles\uvuxi8sq.default\Extensions\iobitascsurfingprotection@iobit.com [2014-11-09] [not signed]
 
Chrome: 
=======
CHR Plugin: (Widevine Content Decryption Module) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\WidevineCDM\1.4.8.824\_platform_specific\win_x86\widevinecdmadapter.dll (Google Inc.)
CHR Plugin: (Shockwave Flash) - C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.86\PepperFlash\pepflashplayer.dll ()
CHR Profile: C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-02-03]
CHR Extension: (Google Docs) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-03]
CHR Extension: (Google Drive) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-10-22]
CHR Extension: (YouTube) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-09-24]
CHR Extension: (Google Search) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-10-26]
CHR Extension: (Google Sheets) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-02-03]
CHR Extension: (Google Docs Offline) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]
CHR Extension: (AdBlock) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-10-13]
CHR Extension: (Unlimited Free VPN - Hola) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\gkojfkhlekighikafcpjkiklfbnlmeio [2015-11-06]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-07-23]
CHR Extension: (Gmail) - C:\Users\Administrator\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-29]
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
S4 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77128 2015-01-19] (Apple Inc.)
S3 DMService; C:\Windows\Downloaded Program Files\DMService.exe [620752 2015-08-02] (Microsoft Corporation)
S4 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [1436192 2014-05-19] (Fitbit, Inc.) [File not signed]
R2 ftpsvc; C:\Windows\system32\inetsrv\ftpsvc.dll [350720 2013-05-31] (Microsoft Corporation)
S4 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1148744 2014-11-06] (NVIDIA Corporation)
S4 HPSupportSolutionsFrameworkService; C:\Program Files (x86)\Hp\Common\HPSupportSolutionsFrameworkService.exe [89840 2015-03-28] (Hewlett-Packard Company)
R2 IISADMIN; C:\Windows\system32\inetsrv\inetinfo.exe [15872 2010-11-20] (Microsoft Corporation)
R2 LPDSVC; C:\Windows\system32\lpdsvc.dll [45568 2009-07-13] (Microsoft Corporation)
S2 MBAMScheduler; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamscheduler.exe [1513784 2015-10-05] (Malwarebytes)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 MsMpSvc; c:\Program Files\Microsoft Security Client\MsMpEng.exe [23816 2015-04-30] (Microsoft Corporation)
S4 NetTalkUsrLaunchService; C:\Program Files (x86)\netTALK\nettalkl.exe [62976 2012-04-30] () [File not signed]
S4 NetTalkUsrService; C:\Program Files (x86)\netTALK\nettalkd.exe [111104 2012-04-30] () [File not signed]
S3 NisSrv; c:\Program Files\Microsoft Security Client\NisSrv.exe [366544 2015-04-30] (Microsoft Corporation)
S4 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1795912 2014-11-06] (NVIDIA Corporation)
S4 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamsvc.exe [19819848 2014-11-06] (NVIDIA Corporation)
S4 Razer Game Scanner Service; C:\Program Files (x86)\Razer\Razer Services\GSS\GameScannerService.exe [183488 2014-10-31] ()
S4 Realtek11nCU; C:\Program Files (x86)\ASUS\USB-N13 WLAN Card Utilities\RtlService.exe [36864 2012-05-10] (Realtek Semiconductor Corp.) [File not signed]
S4 RzOvlMon; C:\Program Files (x86)\Razer\Core\64bit\rzovlmon.exe [32960 2014-04-18] (Razer, Inc.)
R2 uagqecsvc; C:\Program Files\Microsoft Forefront UAG\Endpoint Components\3.1.0\uagqecsvc.exe [170704 2014-10-16] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [453120 2010-11-20] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\mpsvc.dll [1011712 2013-05-27] (Microsoft Corporation)
S3 WMSVC; C:\Windows\system32\inetsrv\wmsvc.exe [10752 2009-07-13] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
U5 AppMgmt; C:\Windows\system32\svchost.exe [27136 2013-04-17] (Microsoft Corporation)
R1 avgtp; C:\Windows\system32\drivers\avgtpx64.sys [50976 2014-08-11] (AVG Technologies)
S3 ebdrv; C:\Windows\system32\drivers\evbda.sys [3286016 2009-06-10] (Broadcom Corporation)
R0 iaStorF; C:\Windows\System32\DRIVERS\iaStorF.sys [28216 2012-11-19] (Intel Corporation)
S3 MBAMProtector; C:\Windows\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMWebAccessControl; C:\Windows\system32\drivers\mwac.sys [63704 2015-10-05] (Malwarebytes Corporation)
R0 MpFilter; C:\Windows\System32\DRIVERS\MpFilter.sys [280376 2015-03-04] (Microsoft Corporation)
R1 nettalkd; C:\Windows\System32\DRIVERS\nettalkd.sys [30944 2012-04-29] (NetTalk Inc.)
R2 NisDrv; C:\Windows\System32\DRIVERS\NisDrvWFP.sys [124568 2015-03-04] (Microsoft Corporation)
S3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19784 2014-11-06] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\System32\drivers\nvvad64v.sys [38216 2014-10-03] (NVIDIA Corporation)
R3 RTL8192cu; C:\Windows\System32\DRIVERS\rtwlanu.sys [986728 2012-02-10] (Realtek Semiconductor Corporation                           )
S3 RzDxgk; C:\Windows\system32\drivers\RzDxgk.sys [129472 2014-04-18] (Razer, Inc.)
S1 RzFilter; C:\Windows\system32\drivers\RzFilter.sys [74432 2014-04-18] (Razer, Inc.)
R2 rzpmgrk; C:\Windows\system32\drivers\rzpmgrk.sys [37184 2014-10-31] (Razer, Inc.)
R2 rzpnk; C:\Windows\system32\drivers\rzpnk.sys [129600 2014-10-23] (Razer, Inc.)
R3 SmbDrvI; C:\Windows\System32\DRIVERS\Smb_driver_Intel.sys [33008 2014-11-09] (Synaptics Incorporated)
S3 catchme; \??\C:\ComboFix\catchme.sys [X]
S3 cpuz136; \??\C:\Users\ADMINI~1\AppData\Local\Temp\cpuz136\cpuz136_x64.sys [X]
S1 fsdkucxf; \??\C:\Windows\system32\drivers\fsdkucxf.sys [X]
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-14 09:23 - 2015-11-14 09:23 - 02870984 _____ (ESET) C:\Users\Administrator\Desktop\esetsmartinstaller_enu (1).exe
2015-11-14 09:23 - 2015-11-14 09:23 - 00000000 ____D C:\Program Files (x86)\ESET
2015-11-14 08:44 - 2015-11-14 08:44 - 00000139 _____ C:\Users\Administrator\Downloads\debug.log
2015-11-13 22:37 - 2015-11-13 22:37 - 01729536 _____ C:\Users\Administrator\Desktop\AdwCleaner (1).exe
2015-11-13 22:36 - 2015-11-13 22:36 - 00010629 _____ C:\Users\Administrator\Desktop\malware.txt
2015-11-13 16:20 - 2015-11-14 09:00 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2015-11-13 16:19 - 2015-11-13 16:19 - 00001102 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
2015-11-13 16:19 - 2015-11-13 16:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-11-13 16:19 - 2015-11-13 16:19 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-11-13 16:19 - 2015-11-13 16:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-11-13 16:19 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2015-11-13 16:19 - 2015-10-05 09:50 - 00063704 _____ (Malwarebytes Corporation) C:\Windows\system32\Drivers\mwac.sys
2015-11-13 16:19 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbam.sys
2015-11-13 16:18 - 2015-11-13 16:19 - 22908888 _____ (Malwarebytes ) C:\Users\Administrator\Downloads\mbam-setup-2.2.0.1024.exe
2015-11-12 14:32 - 2015-11-12 14:32 - 00000000 ____D C:\Users\Administrator\AppData\Local\CEF
2015-11-12 14:31 - 2015-11-03 13:01 - 03214848 _____ (Microsoft Corporation) C:\Windows\system32\win32k.sys
2015-11-12 08:09 - 2015-11-12 08:09 - 00157158 _____ C:\ComboFix.txt
2015-11-12 07:14 - 2011-06-26 01:45 - 00256000 _____ C:\Windows\PEV.exe
2015-11-12 07:14 - 2010-11-07 12:20 - 00208896 _____ C:\Windows\MBR.exe
2015-11-12 07:14 - 2009-04-19 23:56 - 00060416 _____ (NirSoft) C:\Windows\NIRCMD.exe
2015-11-12 07:14 - 2000-08-30 19:00 - 00518144 _____ (SteelWerX) C:\Windows\SWREG.exe
2015-11-12 07:14 - 2000-08-30 19:00 - 00406528 _____ (SteelWerX) C:\Windows\SWSC.exe
2015-11-12 07:14 - 2000-08-30 19:00 - 00098816 _____ C:\Windows\sed.exe
2015-11-12 07:14 - 2000-08-30 19:00 - 00080412 _____ C:\Windows\grep.exe
2015-11-12 07:14 - 2000-08-30 19:00 - 00068096 _____ C:\Windows\zip.exe
2015-11-12 07:13 - 2015-11-12 08:09 - 00000000 ____D C:\Qoobox
2015-11-12 07:13 - 2015-11-12 07:37 - 00000000 ____D C:\Windows\erdnt
2015-11-12 07:11 - 2015-11-12 07:11 - 05638248 ____R (Swearware) C:\Users\Administrator\Desktop\ComboFix.exe
2015-11-11 19:50 - 2015-11-13 22:49 - 00040863 _____ C:\Users\Administrator\Desktop\Addition.txt
2015-11-11 19:41 - 2015-11-15 08:51 - 00015294 _____ C:\Users\Administrator\Desktop\FRST.txt
2015-11-11 19:22 - 2015-11-15 08:51 - 00000000 ____D C:\FRST
2015-11-11 19:21 - 2015-11-14 22:38 - 00002441 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-11-11 19:21 - 2015-11-11 19:22 - 02198528 _____ (Farbar) C:\Users\Administrator\Desktop\FRST64.exe
2015-11-11 19:21 - 2015-11-11 19:21 - 00002047 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
2015-11-10 18:07 - 2015-11-10 18:08 - 04404952 _____ (Kaspersky Lab ZAO) C:\Users\Administrator\Downloads\tdsskiller (1).exe
2015-11-10 18:02 - 2015-11-10 18:02 - 01101640 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill64.exe
2015-11-10 18:01 - 2015-11-10 18:02 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Administrator\Downloads\rkill.exe
2015-11-10 17:51 - 2015-11-10 17:51 - 01712128 _____ C:\Users\Administrator\Downloads\AdwCleaner.exe
2015-11-10 17:40 - 2015-10-19 20:17 - 05550528 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-11-10 17:40 - 2015-10-19 20:17 - 00154560 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecpkg.sys
2015-11-10 17:40 - 2015-10-19 20:11 - 00730624 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-11-10 17:40 - 2015-10-19 20:11 - 00344064 _____ (Microsoft Corporation) C:\Windows\system32\schannel.dll
2015-11-10 17:40 - 2015-10-19 20:11 - 00312320 _____ (Microsoft Corporation) C:\Windows\system32\ncrypt.dll
2015-11-10 17:40 - 2015-10-19 19:54 - 03996608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntkrnlpa.exe
2015-11-10 17:40 - 2015-10-19 19:54 - 03940800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntoskrnl.exe
2015-11-10 17:40 - 2015-10-19 19:47 - 00553472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-11-10 17:40 - 2015-10-19 19:47 - 00251392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\schannel.dll
2015-11-10 17:40 - 2015-10-19 19:47 - 00223232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncrypt.dll
2015-11-10 17:40 - 2015-09-23 08:18 - 00459344 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2015-11-10 17:40 - 2015-09-23 08:08 - 00251000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\bcryptprimitives.dll
2015-11-10 17:39 - 2015-10-19 20:17 - 00706496 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-11-10 17:39 - 2015-10-19 20:17 - 00095680 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ksecdd.sys
2015-11-10 17:39 - 2015-10-19 20:14 - 01729984 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-11-10 17:39 - 2015-10-19 20:14 - 00631384 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-11-10 17:39 - 2015-10-19 20:12 - 00362496 _____ (Microsoft Corporation) C:\Windows\system32\wow64win.dll
2015-11-10 17:39 - 2015-10-19 20:12 - 00243712 _____ (Microsoft Corporation) C:\Windows\system32\wow64.dll
2015-11-10 17:39 - 2015-10-19 20:12 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\winsrv.dll
2015-11-10 17:39 - 2015-10-19 20:12 - 00013312 _____ (Microsoft Corporation) C:\Windows\system32\wow64cpu.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 01464832 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\rpcrt4.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 01166336 _____ (Microsoft Corporation) C:\Windows\system32\kernel32.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\srcore.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00463872 _____ (Microsoft Corporation) C:\Windows\system32\certcli.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00421376 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00316416 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\system32\rstrui.exe
2015-11-10 17:39 - 2015-10-19 20:11 - 00210944 _____ (Microsoft Corporation) C:\Windows\system32\wdigest.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00190464 _____ (Microsoft Corporation) C:\Windows\system32\rpchttp.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00136192 _____ (Microsoft Corporation) C:\Windows\system32\sspicli.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00112640 _____ (Microsoft Corporation) C:\Windows\system32\smss.exe
2015-11-10 17:39 - 2015-10-19 20:11 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\TSpkg.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00063488 _____ (Microsoft Corporation) C:\Windows\system32\setbcdlocale.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00059392 _____ (Microsoft Corporation) C:\Windows\system32\appidapi.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00050176 _____ (Microsoft Corporation) C:\Windows\system32\srclient.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00044032 _____ (Microsoft Corporation) C:\Windows\system32\cryptbase.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00043520 _____ (Microsoft Corporation) C:\Windows\system32\csrsrv.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00034816 _____ (Microsoft Corporation) C:\Windows\system32\appidsvc.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00029184 _____ (Microsoft Corporation) C:\Windows\system32\sspisrv.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00028160 _____ (Microsoft Corporation) C:\Windows\system32\secur32.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00022016 _____ (Microsoft Corporation) C:\Windows\system32\credssp.dll
2015-11-10 17:39 - 2015-10-19 20:11 - 00016384 _____ (Microsoft Corporation) C:\Windows\system32\ntvdm64.dll
2015-11-10 17:39 - 2015-10-19 20:10 - 00338432 _____ (Microsoft Corporation) C:\Windows\system32\conhost.exe
2015-11-10 17:39 - 2015-10-19 20:10 - 00148480 _____ (Microsoft Corporation) C:\Windows\system32\appidpolicyconverter.exe
2015-11-10 17:39 - 2015-10-19 20:10 - 00064000 _____ (Microsoft Corporation) C:\Windows\system32\auditpol.exe
2015-11-10 17:39 - 2015-10-19 20:10 - 00031232 _____ (Microsoft Corporation) C:\Windows\system32\lsass.exe
2015-11-10 17:39 - 2015-10-19 20:10 - 00017920 _____ (Microsoft Corporation) C:\Windows\system32\appidcertstorecheck.exe
2015-11-10 17:39 - 2015-10-19 20:05 - 00146432 _____ (Microsoft Corporation) C:\Windows\system32\msaudite.dll
2015-11-10 17:39 - 2015-10-19 20:05 - 00060416 _____ (Microsoft Corporation) C:\Windows\system32\msobjs.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\adtschema.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\apisetschema.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00006144 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-security-base-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00005120 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-file-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00004608 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00004096 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003584 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-util-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-string-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-io-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 20:01 - 00003072 ____H (Microsoft Corporation) C:\Windows\system32\api-ms-win-core-console-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:50 - 01311768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00342528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\certcli.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00260608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wdigest.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00141312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpchttp.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TSpkg.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00050688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\appidapi.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00043008 _____ (Microsoft Corporation) C:\Windows\SysWOW64\srclient.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00036864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cryptbase.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00022016 _____ (Microsoft Corporation) C:\Windows\SysWOW64\secur32.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00017408 _____ (Microsoft Corporation) C:\Windows\SysWOW64\credssp.dll
2015-11-10 17:39 - 2015-10-19 19:47 - 00014336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntvdm64.dll
2015-11-10 17:39 - 2015-10-19 19:46 - 00050176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\auditpol.exe
2015-11-10 17:39 - 2015-10-19 19:46 - 00025600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\setup16.exe
2015-11-10 17:39 - 2015-10-19 19:45 - 01114112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kernel32.dll
2015-11-10 17:39 - 2015-10-19 19:45 - 00665600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\rpcrt4.dll
2015-11-10 17:39 - 2015-10-19 19:45 - 00275456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2015-11-10 17:39 - 2015-10-19 19:45 - 00096768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sspicli.dll
2015-11-10 17:39 - 2015-10-19 19:45 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wow32.dll
2015-11-10 17:39 - 2015-10-19 19:41 - 00146432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msaudite.dll
2015-11-10 17:39 - 2015-10-19 19:41 - 00060416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msobjs.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00690688 _____ (Microsoft Corporation) C:\Windows\SysWOW64\adtschema.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00006656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apisetschema.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00005120 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-file-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processthreads-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-sysinfo-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-synch-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-misc-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localregistry-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00004096 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-localization-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-processenvironment-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-namedpipe-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-memory-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-libraryloader-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-interlocked-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-heap-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-string-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-rtlsupport-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-profile-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-io-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-handle-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-fibers-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-errorhandling-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-delayload-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-debug-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-datetime-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:37 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-console-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 19:05 - 00062464 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2015-11-10 17:39 - 2015-10-19 18:48 - 00159744 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2015-11-10 17:39 - 2015-10-19 18:47 - 00291328 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2015-11-10 17:39 - 2015-10-19 18:47 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb20.sys
2015-11-10 17:39 - 2015-10-19 18:32 - 00007680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\instnm.exe
2015-11-10 17:39 - 2015-10-19 18:32 - 00002048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user.exe
2015-11-10 17:39 - 2015-10-19 18:29 - 00006144 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-security-base-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 18:29 - 00004608 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-threadpool-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 18:29 - 00003584 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-xstate-l1-1-0.dll
2015-11-10 17:39 - 2015-10-19 18:29 - 00003072 ____H (Microsoft Corporation) C:\Windows\SysWOW64\api-ms-win-core-util-l1-1-0.dll
2015-11-10 17:39 - 2015-09-23 08:18 - 00298192 _____ (Microsoft Corporation) C:\Windows\system32\bcryptprimitives.dll
2015-11-10 17:38 - 2015-10-29 12:50 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\apphelp.dll
2015-11-10 17:38 - 2015-10-29 12:50 - 00072192 _____ (Microsoft Corporation) C:\Windows\system32\aelupsvc.dll
2015-11-10 17:38 - 2015-10-29 12:50 - 00023552 _____ (Microsoft Corporation) C:\Windows\system32\sdbinst.exe
2015-11-10 17:38 - 2015-10-29 12:50 - 00006656 _____ (Microsoft Corporation) C:\Windows\system32\shimeng.dll
2015-11-10 17:38 - 2015-10-29 12:50 - 00005120 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shimeng.dll
2015-11-10 17:38 - 2015-10-29 12:49 - 00295936 _____ (Microsoft Corporation) C:\Windows\SysWOW64\apphelp.dll
2015-11-10 17:38 - 2015-10-29 12:49 - 00020992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sdbinst.exe
2015-11-10 17:38 - 2015-10-20 10:01 - 01763328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-11-10 17:38 - 2015-10-20 10:01 - 00525824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 14292992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 13775360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 02866176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 02056704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 01441280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\inetcpl.cpl
2015-11-10 17:38 - 2015-10-20 10:00 - 01181696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 00715776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 00493056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msfeeds.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 00391168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iedkcs32.dll
2015-11-10 17:38 - 2015-10-20 10:00 - 00109056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesysprep.dll
2015-11-10 17:38 - 2015-10-20 08:54 - 02239488 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-11-10 17:38 - 2015-10-20 08:54 - 01409024 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-11-10 17:38 - 2015-10-20 08:54 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 19283456 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 15416320 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 03960832 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 02657280 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 01509376 _____ (Microsoft Corporation) C:\Windows\system32\inetcpl.cpl
2015-11-10 17:38 - 2015-10-20 08:53 - 00857600 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 00603136 _____ (Microsoft Corporation) C:\Windows\system32\msfeeds.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 00255488 _____ (Microsoft Corporation) C:\Windows\system32\iedkcs32.dll
2015-11-10 17:38 - 2015-10-20 08:53 - 00136704 _____ (Microsoft Corporation) C:\Windows\system32\iesysprep.dll
2015-11-10 17:37 - 2015-10-20 13:42 - 03168768 _____ (Microsoft Corporation) C:\Windows\system32\wucltux.dll
2015-11-10 17:37 - 2015-10-20 13:42 - 02608128 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-11-10 17:37 - 2015-10-20 13:42 - 00696320 _____ (Microsoft Corporation) C:\Windows\system32\wuapi.dll
2015-11-10 17:37 - 2015-10-20 13:42 - 00192512 _____ (Microsoft Corporation) C:\Windows\system32\wuwebv.dll
2015-11-10 17:37 - 2015-10-20 13:42 - 00098816 _____ (Microsoft Corporation) C:\Windows\system32\wudriver.dll
2015-11-10 17:37 - 2015-10-20 13:42 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wups2.dll
2015-11-10 17:37 - 2015-10-20 13:42 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\wups.dll
2015-11-10 17:37 - 2015-10-20 13:41 - 00140288 _____ (Microsoft Corporation) C:\Windows\system32\wuauclt.exe
2015-11-10 17:37 - 2015-10-20 13:41 - 00091136 _____ (Microsoft Corporation) C:\Windows\system32\WinSetupUI.dll
2015-11-10 17:37 - 2015-10-20 13:41 - 00037888 _____ (Microsoft Corporation) C:\Windows\system32\wuapp.exe
2015-11-10 17:37 - 2015-10-20 13:41 - 00012288 _____ (Microsoft Corporation) C:\Windows\system32\wu.upgrade.ps.dll
2015-11-10 17:37 - 2015-10-20 12:46 - 00566784 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapi.dll
2015-11-10 17:37 - 2015-10-20 12:46 - 00174080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuwebv.dll
2015-11-10 17:37 - 2015-10-20 12:46 - 00093696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wudriver.dll
2015-11-10 17:37 - 2015-10-20 12:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wups.dll
2015-11-10 17:37 - 2015-10-20 12:45 - 00035328 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wuapp.exe
2015-11-10 17:37 - 2015-10-20 10:00 - 00357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtmsft.dll
2015-11-10 17:37 - 2015-10-20 10:00 - 00226816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dxtrans.dll
2015-11-10 17:37 - 2015-10-20 10:00 - 00163840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msrating.dll
2015-11-10 17:37 - 2015-10-20 10:00 - 00080384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtmled.dll
2015-11-10 17:37 - 2015-10-20 10:00 - 00061440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iesetup.dll
2015-11-10 17:37 - 2015-10-20 10:00 - 00039424 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2015-11-10 17:37 - 2015-10-20 10:00 - 00033280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iernonce.dll
2015-11-10 17:37 - 2015-10-20 08:54 - 00051712 _____ (Microsoft Corporation) C:\Windows\system32\ie4uinit.exe
2015-11-10 17:37 - 2015-10-20 08:53 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\dxtmsft.dll
2015-11-10 17:37 - 2015-10-20 08:53 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\dxtrans.dll
2015-11-10 17:37 - 2015-10-20 08:53 - 00197120 _____ (Microsoft Corporation) C:\Windows\system32\msrating.dll
2015-11-10 17:37 - 2015-10-20 08:53 - 00097280 _____ (Microsoft Corporation) C:\Windows\system32\mshtmled.dll
2015-11-10 17:37 - 2015-10-20 08:53 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\iesetup.dll
2015-11-10 17:37 - 2015-10-20 08:53 - 00053248 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2015-11-10 17:37 - 2015-10-20 08:53 - 00039936 _____ (Microsoft Corporation) C:\Windows\system32\iernonce.dll
2015-11-10 17:37 - 2015-10-15 14:12 - 02706432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.tlb
2015-11-10 17:37 - 2015-10-15 14:04 - 02706432 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.tlb
2015-11-10 17:37 - 2015-10-15 13:39 - 00361984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\html.iec
2015-11-10 17:37 - 2015-10-15 13:36 - 00441856 _____ (Microsoft Corporation) C:\Windows\system32\html.iec
2015-11-10 17:37 - 2015-10-15 13:11 - 00089600 _____ (Microsoft Corporation) C:\Windows\system32\RegisterIEPKEYs.exe
2015-11-10 17:37 - 2015-10-15 13:11 - 00071680 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RegisterIEPKEYs.exe
2015-11-10 17:36 - 2015-10-13 19:50 - 00496128 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-11-10 17:36 - 2015-10-13 11:40 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-11-10 17:31 - 2015-10-12 23:57 - 00950720 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-11-10 17:31 - 2015-10-01 13:00 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\InkEd.dll
2015-11-10 17:31 - 2015-10-01 13:00 - 00024576 _____ (Microsoft Corporation) C:\Windows\system32\jnwmon.dll
2015-11-10 17:31 - 2015-10-01 12:50 - 00216064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InkEd.dll
2015-11-06 09:51 - 2015-11-07 10:07 - 00000000 ____D C:\Users\Administrator\Downloads\BELIEVE IN ANGELZ
2015-10-31 12:07 - 2015-10-31 12:13 - 1068472551 ____R C:\Users\Administrator\Downloads\[ www.UsaBit.com ] - playnow-Ghostbusters.1984.720p x264-1.mp4
2015-10-31 12:05 - 2015-11-10 17:37 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\BitTorrent
2015-10-31 12:05 - 2015-11-10 16:22 - 00000000 ____D C:\Users\Administrator\AppData\LocalLow\BitTorrent
2015-10-31 12:05 - 2015-10-31 12:05 - 01981032 _____ (BitTorrent Inc.) C:\Users\Administrator\Downloads\BitTorrent.exe
2015-10-31 12:04 - 2015-10-31 12:04 - 00082291 _____ C:\Users\Administrator\Downloads\Ghost.Busters.1984.720p.BRRip.x264.PLAYNOW.torrent
2015-10-25 23:29 - 2015-10-25 23:29 - 00005146 _____ C:\Users\Administrator\Downloads\DefilerFG-2.02r3.zip
2015-10-20 17:22 - 2015-10-20 17:22 - 00016144 _____ C:\Users\Administrator\Documents\Elements of Music Project.odt
2015-10-19 19:57 - 2015-10-19 19:57 - 01071012 _____ C:\Users\Administrator\Downloads\AutumnRhythmMatchupWorksheet.zip
2015-10-19 19:53 - 2015-10-19 19:53 - 01034790 _____ C:\Users\Administrator\Downloads\MrsWhiteGhostlyMiniLessons.zip
2015-10-18 19:04 - 2015-10-18 19:04 - 00017144 _____ C:\Users\Administrator\Desktop\Choral Speaking _ CODE.html
2015-10-18 19:04 - 2015-10-18 19:04 - 00000000 ____D C:\Users\Administrator\Desktop\Choral Speaking _ CODE_files
2015-10-18 18:53 - 2015-10-18 18:53 - 01030144 _____ C:\Users\Administrator\Downloads\MorgansChoralReading (1).ppt
2015-10-18 18:49 - 2015-10-18 18:49 - 01030144 _____ C:\Users\Administrator\Downloads\MorgansChoralReading.ppt
2015-10-16 06:40 - 2015-09-18 14:22 - 00025432 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-10-16 06:40 - 2015-09-18 14:19 - 01291264 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-10-16 06:40 - 2015-09-18 14:19 - 00766464 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2015-10-16 06:40 - 2015-09-18 14:19 - 00700416 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2015-10-16 06:40 - 2015-09-18 14:19 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2015-10-16 06:40 - 2015-09-18 14:19 - 00073216 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-10-16 06:40 - 2015-09-18 14:09 - 01163776 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2015-11-15 08:29 - 2014-11-14 19:54 - 00000898 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-15 08:26 - 2013-05-31 14:20 - 01882481 _____ C:\Windows\WindowsUpdate.log
2015-11-15 08:05 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-11-15 08:05 - 2009-07-13 23:45 - 00021872 ____H C:\Windows\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-11-15 08:00 - 2013-05-31 14:33 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2015-11-14 22:25 - 2015-09-17 19:42 - 00000000 ____D C:\Users\Administrator\AppData\Local\Glyph
2015-11-14 22:24 - 2015-08-05 19:01 - 00000000 ____D C:\Program Files (x86)\Glyph
2015-11-14 16:29 - 2014-11-14 19:54 - 00000894 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-13 22:44 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\system32\inetsrv
2015-11-13 22:42 - 2014-11-18 08:16 - 00118484 _____ C:\Windows\setupact.log
2015-11-13 22:42 - 2009-07-14 00:08 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2015-11-13 22:41 - 2014-11-18 16:58 - 00193400 _____ C:\Windows\PFRO.log
2015-11-13 22:39 - 2014-11-18 16:53 - 00000000 ____D C:\AdwCleaner
2015-11-13 18:06 - 2009-07-13 22:20 - 00000000 ____D C:\Windows\rescache
2015-11-13 03:23 - 2009-07-13 23:45 - 00303056 _____ C:\Windows\system32\FNTCACHE.DAT
2015-11-12 14:32 - 2013-05-31 14:52 - 00000000 ____D C:\Users\Administrator\AppData\Local\Adobe
2015-11-12 08:09 - 2009-07-13 22:20 - 00000000 __RHD C:\Users\Default
2015-11-12 07:30 - 2009-07-13 21:34 - 00000215 _____ C:\Windows\system.ini
2015-11-12 07:27 - 2009-07-13 21:34 - 83886080 _____ C:\Windows\system32\config\software.bak
2015-11-12 07:27 - 2009-07-13 21:34 - 23592960 _____ C:\Windows\system32\config\system.bak
2015-11-12 07:27 - 2009-07-13 21:34 - 00524288 _____ C:\Windows\system32\config\default.bak
2015-11-12 07:27 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\security.bak
2015-11-12 07:27 - 2009-07-13 21:34 - 00262144 _____ C:\Windows\system32\config\sam.bak
2015-11-12 07:15 - 2013-06-06 08:32 - 00000000 ____D C:\Users\DefaultAppPool
2015-11-12 06:51 - 2009-07-14 00:13 - 00881630 _____ C:\Windows\system32\PerfStringBackup.INI
2015-11-11 20:31 - 2014-11-14 19:55 - 00002183 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2015-11-11 19:42 - 2013-05-31 14:24 - 00873752 _____ C:\Windows\SysWOW64\PerfStringBackup.INI
2015-11-11 19:32 - 2011-04-12 03:28 - 00000000 ____D C:\Program Files\Windows Journal
2015-11-11 19:27 - 2015-01-09 11:00 - 00003886 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2015-11-11 19:20 - 2013-05-31 14:36 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-11-11 19:20 - 2013-05-31 14:32 - 00000000 ____D C:\ProgramData\Adobe
2015-11-08 20:51 - 2014-11-19 18:13 - 00007613 _____ C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2015-11-06 20:06 - 2015-03-22 13:51 - 00000000 ____D C:\Users\Administrator\Desktop\Invoices
2015-10-17 02:01 - 2015-05-03 02:22 - 00000000 ____D C:\Windows\system32\appraiser
2015-10-17 02:01 - 2014-05-07 02:00 - 00000000 ___SD C:\Windows\system32\CompatTel
 
==================== Files in the root of some directories =======
 
2014-07-22 19:59 - 2014-07-22 19:59 - 0000038 ___SH () C:\Users\Administrator\AppData\Local\1754111884ee9ab5277ca00.95260103
2015-01-18 18:23 - 2015-01-18 18:24 - 1065984 _____ () C:\Users\Administrator\AppData\Local\file__0.localstorage
2014-11-19 18:13 - 2015-11-08 20:51 - 0007613 _____ () C:\Users\Administrator\AppData\Local\Resmon.ResmonCfg
2013-07-04 16:08 - 2013-07-04 16:08 - 0000057 _____ () C:\ProgramData\Ament.ini
2014-11-09 17:02 - 2014-11-09 17:02 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
 
Some files in TEMP:
====================
C:\Users\Administrator\AppData\Local\Temp\sqlite3.dll
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\SysWOW64\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2015-11-13 17:57
 
==================== End of FRST.txt ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users