Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Reccuring Malware/Adware issue


  • This topic is locked This topic is locked
17 replies to this topic

#1 MasonX

MasonX

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marietta, GA, US
  • Local time:02:01 PM

Posted 03 January 2016 - 02:45 PM

Hello,

 

This is a similar case to: http://www.bleepingcomputer.com/forums/t/590266/really-annoying-adware-issue/

 

So I have a really annoying AdWare going on, I have Windows 10 Pro.

 

It opens oziris.zerohorizon.net in my browser every once in a while, I have ESET Smart Security 9 installed therefore it blocks the website.

The AdWare opens around 6-10 tabs of the same thing every once in a while. It also seems to open subdomains of buy-targeted-traffic.com.

 

I have reinstalled my computer because I had the same issue before, but my computer ended up in a boot-BSOD (MULTIPLE-IRP-COMPLETE-REQUESTS).

I have installed all drivers and software I had before, my guess is that one of the installers has that AdWare attached to it.

Most software is fairly basic, Skype, NetBeans IDE, Steam, Spotify etc...

 

I'm using Firefox as my primary browser.

Anyone willing to help me out on this one, any help is greatly appreciated.



BC AdBot (Login to Remove)

 


#2 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:01 PM

Posted 03 January 2016 - 05:17 PM

Hi & :welcome: to Bleeping Computer Forums!
My name is Jürgen and I will be assisting you with your Malware related problems. :warrior:

Before we move on, please read the following points carefully: :exclame:
  • My native language isn't English. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.
  • Please read my instructions completely. If there is anything that you do not understand kindly ask before proceeding.
  • Perform everything in the correct order. Sometimes one step requires the previous one.
  • If you have any problems while you are follow my instructions, Stop there and tell me the exact nature of your problem.
  • If you have illegal/cracked software, cracks, keygens, etc. on the system, please remove or uninstall them now!
  • Do not run any other scans without instruction or Add/ Remove Software unless I tell you to do so. This would change the output of our tools and could be confusing for me.
  • Post all Logfiles as a reply rather than as an attachment unless I specifically ask you. If you can not post all logfiles in one reply, feel free to use more posts.
  • If I don't hear from you within 5 days from this initial or any subsequent post, then this thread will be closed.
  • If I don't reply within 24 hours please PM me!
  • Stay with me. I will give you some advice about prevention after the cleanup process. Absence of symptoms does not always mean the computer is clean.
Step 1

Please run a FRST scan. This will help us diagnose your problem.

frst.pngfrstscan.png
Please download Farbar Recovery Scan Tool and save it to your Desktop.
(If you are not sure which version (32-/64-bit) applies to your system, download and try to start both of them as just the right one will run.)
  • Start FRST with administator privileges.
  • Make sure the option Addition.txt is checked and press the Scan button.
  • When finished, FRST will produce two logs (FRST.txt and Addition.txt) in the same directory the tool was run from.
  • Please copy and paste these logs in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#3 MasonX

MasonX
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marietta, GA, US
  • Local time:02:01 PM

Posted 03 January 2016 - 05:27 PM

FRST.txt

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-12-2015
Ran by David (administrator) on DPC (03-01-2016 22:20:59)
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David & Administrator)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(ESET) C:\Program Files\ESET\ESET Smart Security\ekrn.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\EvtEng.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
(Microsoft Corporation) C:\Program Files\Microsoft Office 15\ClientX64\officeclicktorun.exe
(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDService.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
(Intel® Corporation) C:\Program Files\Common Files\Intel\WirelessCommon\RegSrvc.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Intel® Corporation) C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorDataMgrSvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrl.exe
(ESET) C:\Program Files\ESET\ESET Smart Security\egui.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDTouch.exe
(ELAN Microelectronics Corp.) C:\Program Files\Elantech\ETDCtrlHelper.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Intel Corporation) C:\Windows\System32\igfxtray.exe
(Intel Corporation) C:\Windows\System32\hkcmd.exe
(Intel Corporation) C:\Windows\System32\igfxpers.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(SoftEther VPN Project at University of Tsukuba, Japan.) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
(Spotify Ltd) C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Microsoft Corporation) C:\ProgramData\Microsoft\Windows\WER\wermgr.exe
(Mozilla Corporation) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
(Farbar) C:\Users\David\Desktop\FRST64(1).exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [ETDCtrl] => C:\Program Files\Elantech\ETDCtrl.exe [3242712 2015-12-29] (ELAN Microelectronics Corp.)
HKLM\...\Run: [RtHDVCpl] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [16404224 2015-12-30] (Realtek Semiconductor)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2771576 2015-12-16] (NVIDIA Corporation)
HKLM\...\Run: [ShadowPlay] => C:\Windows\system32\rundll32.exe C:\Windows\system32\nvspcap64.dll,ShadowPlayOnSystemStart
HKLM\...\Run: [SoftEther VPN Client UI Helper] => C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5250280 2016-01-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
HKLM-x32\...\Run: [IAStorIcon] => C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IAStorIcon.exe [283160 2011-02-18] (Intel Corporation)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [Lightshot] => C:\Program Files (x86)\Skillbrains\lightshot\Lightshot.exe [226560 2014-10-16] ()
HKLM-x32\...\Run: [wermgr] => C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [6786560 2015-01-09] (Microsoft Corporation)
Winlogon\Notify\igfxcui: C:\Windows\system32\igfxdev.dll (Intel Corporation)
HKU\S-1-5-21-290333495-2789279003-2495884081-1002\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50378880 2015-12-17] (Skype Technologies S.A.)
HKU\S-1-5-21-290333495-2789279003-2495884081-1002\...\Run: [Spotify Web Helper] => C:\Users\David\AppData\Roaming\Spotify\SpotifyWebHelper.exe [2346096 2015-12-29] (Spotify Ltd)
HKU\S-1-5-21-290333495-2789279003-2495884081-1002\...\MountPoints2: {389cb5e2-af4c-11e5-9bce-dca971998bbb} - "F:\setup.exe"
AppInit_DLLs: C:\Windows\system32\nvinitx.dll => C:\Windows\system32\nvinitx.dll [175368 2015-12-16] (NVIDIA Corporation)
AppInit_DLLs-x32: C:\Windows\SysWOW64\nvinit.dll => C:\Windows\SysWOW64\nvinit.dll [153208 2015-12-16] (NVIDIA Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro1 (ErrorConflict)] -> {8BA85C75-763B-4103-94EB-9470F12FE0F7} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro2 (SyncInProgress)] -> {CD55129A-B1A1-438E-A425-CEBC7DC684EE} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers-x32: [ SkyDrivePro3 (InSync)] -> {E768CD3B-BDDC-436D-9C13-E1B39CA257B1} => C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-30] (Microsoft Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\SoftEther VPN Client Manager Startup.lnk [2016-01-02]
ShortcutTarget: SoftEther VPN Client Manager Startup.lnk -> C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe (SoftEther VPN Project at University of Tsukuba, Japan.)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 172.16.0.1
Tcpip\..\Interfaces\{d3db4450-acda-4f6b-a16a-4b9d7dcde866}: [DhcpNameServer] 172.16.0.1

Internet Explorer:
==================
BHO: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\OCHelper.dll [2015-12-30] (Microsoft Corporation)
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-12-30] (Oracle Corporation)
BHO: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\GROOVEEX.DLL [2015-12-30] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-30] (Oracle Corporation)
BHO-x32: Skype for Business Browser Helper -> {31D09BA0-12F5-4CCE-BE8A-2923E76605DA} -> C:\Program Files\Microsoft Office 15\root\Office15\OCHelper.dll [2015-12-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-12-30] (Oracle Corporation)
BHO-x32: Microsoft SkyDrive Pro Browser Helper -> {D0498E0A-45B7-42AE-A9AA-ABA463DBD3BF} -> C:\Program Files\Microsoft Office 15\root\Office15\GROOVEEX.DLL [2015-12-30] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-12-30] (Oracle Corporation)
Handler-x32: osf - {D924BDC6-C83A-4BD5-90D0-095128A113D1} - C:\Program Files\Microsoft Office 15\root\Office15\MSOSB.DLL [2015-12-30] (Microsoft Corporation)

FireFox:
========
FF ProfilePath: C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\a2l52jah.default
FF Homepage: hxxps://www.google.com/?gfe_rd=cr&ei=qmSJVvHvOY_98wenv4roBg&gws_rd=ssl,cr&fg=1
FF NetworkProxy: "type", 0
FF Plugin: @adobe.com/FlashPlayer -> C:\Windows\system32\Macromed\Flash\NPSWF64_20_0_0_267.dll [2016-01-02] ()
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-30] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-30] (Oracle Corporation)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\Windows\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_267.dll [2016-01-02] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-12-30] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-12-30] (Oracle Corporation)
FF Plugin-x32: @microsoft.com/Lync,version=15.0 -> C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX86\Mozilla Firefox\plugins\npmeetingjoinpluginoc.dll [2015-12-30] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\Program Files\Microsoft Office 15\root\Office15\NPSPWRAP.DLL [2015-12-30] (Microsoft Corporation)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-09-30] (Adobe Systems Inc.)
FF Extension: MEGA - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\a2l52jah.default\Extensions\firefox@mega.co.nz.xpi [2016-01-02]
FF Extension: Adblock Plus - C:\Users\David\AppData\Roaming\Mozilla\Firefox\Profiles\a2l52jah.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
R2 ClickToRunSvc; C:\Program Files\Microsoft Office 15\ClientX64\OfficeClickToRun.exe [2802360 2015-11-24] (Microsoft Corporation)
R2 ekrn; C:\Program Files\ESET\ESET Smart Security\ekrn.exe [2521080 2015-11-19] (ESET)
R2 ETDService; C:\Program Files\Elantech\ETDService.exe [131288 2015-12-29] (ELAN Microelectronics Corp.)
R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1156216 2015-12-16] (NVIDIA Corporation)
S3 MyWiFiDHCPDNS; C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe [273168 2011-12-08] ()
R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1872504 2015-12-16] (NVIDIA Corporation)
R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [8185464 2015-12-16] (NVIDIA Corporation)
R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [6477432 2015-12-16] (NVIDIA Corporation)
R2 SEVPNCLIENT; C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe [5250280 2016-01-02] (SoftEther VPN Project at University of Tsukuba, Japan.)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 ZeroConfigService; C:\Program Files\Intel\WiFi\bin\ZeroConfigService.exe [594704 2011-12-08] (Intel® Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 btmhsf; C:\Windows\system32\DRIVERS\btmhsf.sys [1390904 2015-12-29] (Motorola Solutions, Inc.)
S3 dtlitescsibus; C:\Windows\System32\drivers\dtlitescsibus.sys [30264 2015-12-31] (Disc Soft Ltd)
S3 dtliteusbbus; C:\Windows\System32\drivers\dtliteusbbus.sys [46392 2015-12-31] (Disc Soft Ltd)
R1 eamonm; C:\Windows\System32\DRIVERS\eamonm.sys [263528 2015-11-16] (ESET)
S0 eelam; C:\Windows\System32\DRIVERS\eelam.sys [14976 2015-07-30] (ESET)
R1 ehdrv; C:\Windows\system32\DRIVERS\ehdrv.sys [186784 2015-11-16] (ESET)
R2 ekbdflt; C:\Windows\system32\DRIVERS\ekbdflt.sys [142976 2015-11-16] (ESET)
R1 epfw; C:\Windows\system32\DRIVERS\epfw.sys [206312 2015-11-16] (ESET)
R1 EpfwLWF; C:\Windows\system32\DRIVERS\EpfwLWF.sys [52872 2015-11-16] (ESET)
R0 epfwwfp; C:\Windows\System32\DRIVERS\epfwwfp.sys [69840 2015-11-16] (ESET)
S3 ETDSMBus; C:\Windows\system32\DRIVERS\ETDSMBus.sys [32328 2015-12-29] (ELAN Microelectronic Corp.)
R1 HWiNFO32; C:\Windows\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-12-30] (REALiX™)
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-12-29] (Intel Corporation)
R3 Neo_VPN; C:\Windows\System32\drivers\Neo6_x64_VPN.sys [38216 2016-01-02] (SoftEther Corporation)
R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [19576 2015-12-16] (NVIDIA Corporation)
R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [50472 2015-12-16] (NVIDIA Corporation)
R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [32168 2015-12-29] (Windows ® Win 7 DDK provider)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [935168 2015-12-30] (Realtek                                            )
R1 SeLow; C:\Windows\system32\DRIVERS\SeLow_x64.sys [51024 2016-01-02] (SoftEther Corporation)
R0 sptd2; C:\Windows\System32\Drivers\sptd2.sys [179768 2016-01-03] (Duplex Secure Ltd)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
S1 yqhlnqil; \??\C:\Windows\system32\drivers\yqhlnqil.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-03 22:20 - 2016-01-03 22:21 - 00015614 _____ C:\Users\David\Desktop\FRST.txt
2016-01-03 22:20 - 2016-01-03 22:20 - 02370560 _____ (Farbar) C:\Users\David\Desktop\FRST64(1).exe
2016-01-03 22:20 - 2016-01-03 22:20 - 00000000 ____D C:\FRST
2016-01-03 22:15 - 2016-01-03 22:15 - 00016148 _____ C:\Windows\system32\DPC_David_HistoryPrediction.bin
2016-01-03 22:03 - 2016-01-03 22:05 - 01745920 _____ C:\Users\David\Downloads\AdwCleaner.exe
2016-01-03 21:39 - 2016-01-03 21:39 - 00016148 _____ C:\Windows\system32\DPC_Administrator_HistoryPrediction.bin
2016-01-03 21:26 - 2016-01-03 21:26 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Macromedia
2016-01-03 21:19 - 2016-01-03 21:19 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Mozilla
2016-01-03 21:19 - 2016-01-03 21:19 - 00000000 ____D C:\Users\Administrator\AppData\Local\Mozilla
2016-01-03 21:18 - 2016-01-03 21:18 - 00002387 _____ C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2016-01-03 21:18 - 2016-01-03 21:18 - 00000000 ___RD C:\Users\Administrator\OneDrive
2016-01-03 21:17 - 2016-01-03 21:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel Corporation
2016-01-03 21:17 - 2016-01-03 21:17 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Apple Computer
2016-01-03 21:17 - 2016-01-03 21:17 - 00000000 ____D C:\Users\Administrator\AppData\Local\Publishers
2016-01-03 21:16 - 2016-01-03 21:34 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2016-01-03 21:16 - 2016-01-03 21:18 - 00000000 ____D C:\Users\Administrator
2016-01-03 21:16 - 2016-01-03 21:16 - 00000020 ___SH C:\Users\Administrator\ntuser.ini
2016-01-03 21:16 - 2016-01-03 21:16 - 00000000 _SHDL C:\Users\Administrator\My Documents
2016-01-03 21:16 - 2016-01-03 21:16 - 00000000 _SHDL C:\Users\Administrator\Documents\My Videos
2016-01-03 21:16 - 2016-01-03 21:16 - 00000000 _SHDL C:\Users\Administrator\Documents\My Pictures
2016-01-03 21:16 - 2016-01-03 21:16 - 00000000 _SHDL C:\Users\Administrator\Documents\My Music
2016-01-03 21:16 - 2016-01-03 21:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Intel
2016-01-03 21:16 - 2016-01-03 21:16 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Adobe
2016-01-03 21:16 - 2016-01-03 21:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\TileDataLayer
2016-01-03 21:16 - 2016-01-03 21:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\NVIDIA
2016-01-03 21:16 - 2016-01-03 21:16 - 00000000 ____D C:\Users\Administrator\AppData\Local\ESET
2016-01-03 21:09 - 2016-01-03 21:09 - 00179768 _____ (Duplex Secure Ltd) C:\Windows\system32\Drivers\sptd2.sys
2016-01-03 21:08 - 2016-01-03 21:08 - 00000000 ____D C:\Users\David\AppData\Local\Disc_Soft_Ltd
2016-01-03 21:07 - 2016-01-03 21:07 - 00000000 ____D C:\Users\Public\Documents\Daemon Tools Images
2016-01-03 21:02 - 2016-01-03 21:02 - 00000000 ____D C:\ProgramData\USOShared
2016-01-03 20:59 - 2016-01-03 21:00 - 00337664 _____ C:\Windows\Minidump\010316-38265-01.dmp
2016-01-03 20:59 - 2016-01-03 20:59 - 662590696 _____ C:\Windows\MEMORY.DMP
2016-01-03 19:25 - 2016-01-03 19:30 - 239376576 _____ C:\Users\David\Downloads\EmsisoftEmergencyKit.exe
2016-01-03 19:18 - 2016-01-03 19:20 - 05198336 _____ (AVAST Software) C:\Users\David\Downloads\aswMBR.exe
2016-01-03 19:11 - 2016-01-03 19:14 - 00032757 _____ C:\Users\David\Downloads\Addition.txt
2016-01-03 19:07 - 2016-01-03 19:14 - 00111280 _____ C:\Users\David\Downloads\FRST.txt
2016-01-03 19:06 - 2016-01-03 19:07 - 02370560 _____ (Farbar) C:\Users\David\Downloads\FRST64.exe
2016-01-03 05:05 - 2016-01-03 05:38 - 00000000 ____D C:\Users\David\AppData\Roaming\Audacity
2016-01-03 05:05 - 2016-01-03 05:05 - 25186399 _____ (Audacity Team ) C:\Users\David\Downloads\audacity-win-2.1.1.exe
2016-01-03 05:05 - 2016-01-03 05:05 - 00001088 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Audacity.lnk
2016-01-03 05:05 - 2016-01-03 05:05 - 00001076 _____ C:\Users\Public\Desktop\Audacity.lnk
2016-01-03 05:05 - 2016-01-03 05:05 - 00000000 ____D C:\Program Files (x86)\Audacity
2016-01-03 01:35 - 2016-01-03 01:35 - 00000000 ____D C:\Users\David\AppData\LocalLow\Adobe
2016-01-03 01:34 - 2016-01-03 01:41 - 00003972 _____ C:\Windows\System32\Tasks\Adobe Acrobat Update Task
2016-01-03 01:33 - 2016-01-03 01:42 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2016-01-03 01:32 - 2016-01-03 01:36 - 00000000 ____D C:\ProgramData\Adobe
2016-01-03 01:32 - 2016-01-03 01:32 - 00000000 ____D C:\Program Files (x86)\Adobe
2016-01-03 01:29 - 2016-01-03 01:29 - 00392761 _____ C:\Users\David\Downloads\Please_DocuSign_David_Michael_James_Mason_-_(1).pdf
2016-01-03 01:28 - 2016-01-03 01:28 - 00026577 _____ C:\Users\David\Downloads\Please_DocuSign_David_Michael_James_Mason_-_.pdf
2016-01-03 00:49 - 2016-01-03 00:49 - 00000600 _____ C:\Users\David\AppData\Roaming\winscp.rnd
2016-01-03 00:49 - 2016-01-03 00:49 - 00000000 ____D C:\Users\David\.shsh
2016-01-03 00:45 - 2016-01-03 01:51 - 00000000 ____D C:\Users\David\AppData\Roaming\.technic
2016-01-03 00:38 - 2016-01-03 00:45 - 04734232 _____ () C:\Users\David\Desktop\TechnicLauncher.exe
2016-01-02 23:16 - 2016-01-03 18:10 - 00000000 ____D C:\Users\David\AppData\Local\Deployment
2016-01-02 23:16 - 2016-01-02 23:16 - 00000000 ____D C:\Users\David\AppData\Local\Apps\2.0
2016-01-02 23:00 - 2016-01-02 23:00 - 00873697 _____ C:\Users\David\Downloads\tinyumbrella_windows_8_2_0_60_InstalledJRE.zip
2016-01-02 22:50 - 2016-01-02 22:50 - 31504520 _____ C:\Users\David\Downloads\tinyumbrella_windows-x64_8_2_0_60.zip
2016-01-02 22:49 - 2016-01-02 22:49 - 33167872 _____ () C:\Users\David\Downloads\tinyumbrella_windows-x64_8_2_0_60.exe
2016-01-02 22:43 - 2016-01-02 22:43 - 02535424 _____ () C:\Users\David\Downloads\tinyumbrella_windows-x64_8_2_0_60_InstalledJRE.exe
2016-01-02 22:25 - 2016-01-02 22:51 - 00000000 ____D C:\Users\David\.tu
2016-01-02 21:38 - 2016-01-02 21:53 - 22748388 _____ (iFunbox DevTeam ) C:\Users\David\Downloads\ifunbox2014_setup.exe
2016-01-02 21:38 - 2016-01-02 21:39 - 00883799 _____ C:\Users\David\Downloads\tinyumbrella_windows-x64_8_2_0_60_InstalledJRE.zip
2016-01-02 21:30 - 2016-01-02 21:30 - 04175144 _____ (Apple Inc.) C:\Users\David\Downloads\iCloudBypasser.exe
2016-01-02 21:28 - 2016-01-02 21:28 - 00293353 _____ C:\Users\David\Downloads\Doulci_Activator_V2.0.rar
2016-01-02 21:23 - 2016-01-02 21:23 - 00000000 ____D C:\Users\David\AppData\Local\pangu
2016-01-02 21:21 - 2016-01-02 21:23 - 74830064 _____ C:\Users\David\Downloads\Pangu9_v1.2.0.exe
2016-01-02 21:11 - 2016-01-02 21:13 - 00000000 ____D C:\Users\David\AppData\Roaming\Apple Computer
2016-01-02 21:11 - 2016-01-02 21:11 - 00001822 _____ C:\Users\Public\Desktop\iTunes.lnk
2016-01-02 21:11 - 2016-01-02 21:11 - 00000000 ____D C:\Users\David\AppData\Local\Apple Computer
2016-01-02 21:11 - 2016-01-02 21:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2016-01-02 21:10 - 2016-01-02 22:22 - 00000000 ____D C:\ProgramData\Apple Computer
2016-01-02 21:10 - 2016-01-02 21:11 - 00000000 ____D C:\Program Files\iTunes
2016-01-02 21:10 - 2016-01-02 21:10 - 00000000 ____D C:\Program Files\iPod
2016-01-02 21:10 - 2016-01-02 21:10 - 00000000 ____D C:\Program Files (x86)\iTunes
2016-01-02 21:09 - 2016-01-02 21:09 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
2016-01-02 21:09 - 2016-01-02 21:09 - 00000000 ____D C:\Users\David\AppData\Local\Apple
2016-01-02 21:09 - 2016-01-02 21:09 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
2016-01-02 21:08 - 2016-01-02 21:10 - 00000000 ____D C:\Program Files\Common Files\Apple
2016-01-02 21:08 - 2016-01-02 21:09 - 00000000 ____D C:\ProgramData\Apple
2016-01-02 21:08 - 2016-01-02 21:08 - 00000000 ____D C:\Program Files\Bonjour
2016-01-02 21:08 - 2016-01-02 21:08 - 00000000 ____D C:\Program Files (x86)\Bonjour
2016-01-02 21:06 - 2016-01-02 21:07 - 167583000 _____ (Apple Inc.) C:\Users\David\Downloads\iTunes6464Setup.exe
2016-01-02 17:28 - 2016-01-02 17:28 - 00004760 _____ C:\Users\David\Downloads\PG-1373057-001A-MELODIFESTIVALEN-02-1a894f3d-2efc-336d-333c-04e577fe87fd-live.mpd
2016-01-02 16:02 - 2016-01-02 16:02 - 00000000 ____D C:\Users\David\AppData\Local\Macromedia
2016-01-02 16:01 - 2016-01-03 21:53 - 00000830 _____ C:\Windows\Tasks\Adobe Flash Player Updater.job
2016-01-02 16:01 - 2016-01-03 01:36 - 00000000 ____D C:\Users\David\AppData\Local\Adobe
2016-01-02 16:01 - 2016-01-02 16:01 - 00003806 _____ C:\Windows\System32\Tasks\Adobe Flash Player Updater
2016-01-02 03:10 - 2016-01-02 03:10 - 00000000 ____D C:\Users\David\.netbeans-derby
2016-01-02 02:40 - 2016-01-02 02:40 - 00038216 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\Neo6_x64_VPN.sys
2016-01-02 02:39 - 2016-01-03 22:13 - 00000000 ____D C:\Program Files\SoftEther VPN Client
2016-01-02 02:39 - 2016-01-02 02:39 - 00144104 _____ (SoftEther VPN Project at University of Tsukuba, Japan.) C:\Windows\system32\vpncmd.exe
2016-01-02 02:39 - 2016-01-02 02:39 - 00051024 _____ (SoftEther Corporation) C:\Windows\system32\Drivers\SeLow_x64.sys
2016-01-02 02:39 - 2016-01-02 02:39 - 00001980 _____ C:\ProgramData\Microsoft\Windows\Start Menu\SoftEther VPN Client Manager.lnk
2016-01-02 02:39 - 2016-01-02 02:39 - 00001974 _____ C:\Users\Public\Desktop\SoftEther VPN Client Manager.lnk
2016-01-02 02:39 - 2016-01-02 02:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SoftEther VPN Client
2016-01-02 02:38 - 2016-01-02 02:38 - 54287285 _____ C:\Users\David\Downloads\vpngate-client-2016.01.02-build-9599.134416.zip
2016-01-02 02:18 - 2016-01-02 02:18 - 00000000 ____D C:\Users\David\AppData\Local\Steam
2016-01-02 02:13 - 2016-01-02 14:20 - 00000000 ____D C:\Program Files (x86)\Steam
2016-01-02 02:13 - 2016-01-02 02:13 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Steam
2016-01-02 01:55 - 2016-01-02 02:13 - 01380712 _____ C:\Users\David\Downloads\SteamSetup.exe
2016-01-02 00:22 - 2016-01-02 00:22 - 01181472 _____ C:\Users\David\Downloads\Hopper Ducts Mod Installer 1.8.exe
2016-01-02 00:19 - 2016-01-02 00:19 - 01175328 _____ C:\Users\David\Downloads\Redstone Paste Mod Installer 1.8.exe
2016-01-01 23:54 - 2016-01-03 20:59 - 00000000 ____D C:\Windows\Minidump
2015-12-31 20:04 - 2015-12-31 20:04 - 02530408 _____ (Skillbrains ) C:\Users\David\Downloads\setup-lightshot.exe
2015-12-31 20:04 - 2015-12-31 20:04 - 00000424 _____ C:\Users\David\AppData\Local\UserProducts.xml
2015-12-31 20:04 - 2015-12-31 20:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lightshot
2015-12-31 20:04 - 2015-12-31 20:04 - 00000000 ____D C:\Program Files (x86)\Skillbrains
2015-12-31 17:50 - 2015-12-31 17:50 - 20285571 _____ (Gougelet Pierre-e ) C:\Users\David\Downloads\XnConvert-win-x64.exe
2015-12-31 17:45 - 2015-12-31 17:45 - 00000000 ____D C:\Users\David\AppData\Roaming\NetBeans
2015-12-31 17:45 - 2015-12-31 17:45 - 00000000 ____D C:\Users\David\AppData\Local\NetBeans
2015-12-31 01:43 - 2015-12-31 01:43 - 00000000 ____D C:\Users\David\Documents\Electronic Arts
2015-12-31 01:32 - 2015-12-31 01:32 - 01171744 _____ C:\Users\David\Downloads\OpenComputers Mod Installer 1.8.exe
2015-12-31 01:32 - 2015-12-31 01:32 - 00167936 _____ (ICSharpCode.net) C:\Users\David\Downloads\ICSharpCode.SharpZipLib1.dll
2015-12-31 01:31 - 2015-12-31 01:32 - 01179424 _____ C:\Users\David\Downloads\Highlands Mod Installer 1.8.exe
2015-12-31 01:29 - 2015-12-31 01:29 - 00006952 _____ C:\Users\David\Downloads\RestrictedSaplings-1.7.10-1.0.0.jar
2015-12-31 01:28 - 2015-12-31 01:28 - 01251935 _____ C:\Users\David\Downloads\OptiFine_1.8.9_HD_U_G9.jar
2015-12-31 01:28 - 2015-12-31 01:28 - 00001256 _____ C:\Users\Public\Desktop\The Sims 4.lnk
2015-12-31 01:28 - 2014-10-19 15:54 - 00447752 _____ (On2.com) C:\Windows\SysWOW64\vp6vfw.dll
2015-12-31 01:20 - 2015-12-31 01:28 - 00000000 ____D C:\Program Files (x86)\The Sims 4
2015-12-31 01:11 - 2015-12-31 01:11 - 00046392 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtliteusbbus.sys
2015-12-31 01:11 - 2015-12-31 01:11 - 00030264 _____ (Disc Soft Ltd) C:\Windows\system32\Drivers\dtlitescsibus.sys
2015-12-31 01:09 - 2016-01-03 21:07 - 00000000 ____D C:\Users\David\AppData\Roaming\DAEMON Tools Lite
2015-12-31 01:02 - 2015-12-31 01:03 - 00000000 ____D C:\ProgramData\DAEMON Tools Lite
2015-12-31 01:01 - 2015-12-31 01:01 - 01709792 _____ (Disc Soft Ltd.) C:\Users\David\Downloads\DTLiteInstaller.exe
2015-12-31 00:25 - 2015-12-31 00:30 - 00000000 ____D C:\Users\David\Downloads\The.Sims.4-RELOADED[rarbg]
2015-12-31 00:09 - 2015-12-31 00:09 - 00000000 ____D C:\ProgramData\SystemRequirementsLab
2015-12-31 00:09 - 2015-12-31 00:09 - 00000000 ____D C:\Program Files (x86)\SystemRequirementsLab
2015-12-30 23:37 - 2015-12-30 23:37 - 00000000 ____D C:\Windows\system32\SleepStudy
2015-12-30 21:03 - 2015-12-30 21:04 - 00000000 ____D C:\Users\David\Desktop\mcp918
2015-12-30 21:03 - 2015-12-30 21:03 - 08429228 _____ C:\Users\David\Downloads\mcp918.zip
2015-12-30 20:27 - 2015-12-30 20:27 - 00267936 ____H C:\ANG0
2015-12-30 20:17 - 2015-12-30 20:17 - 00016148 _____ C:\Windows\system32\DESKTOP-JB62KTA_David_HistoryPrediction.bin
2015-12-30 20:15 - 2015-12-30 20:15 - 00000000 ____D C:\Users\David\AppData\Local\NeoSmart_Technologies
2015-12-30 20:13 - 2016-01-03 00:12 - 00004166 _____ C:\Windows\System32\Tasks\User_Feed_Synchronization-{DBA4581B-6D68-4EA1-93AA-C9145661C546}
2015-12-30 20:13 - 2015-12-30 20:13 - 00036864 _____ C:\Users\David\Documents\EasyBCD Backup (2015-12-30).bcd
2015-12-30 20:12 - 2015-12-30 20:12 - 00001286 _____ C:\Users\Public\Desktop\EasyBCD 2.2.lnk
2015-12-30 20:12 - 2015-12-30 20:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NeoSmart Technologies
2015-12-30 20:12 - 2015-12-30 20:12 - 00000000 ____D C:\Program Files (x86)\NeoSmart Technologies
2015-12-30 20:04 - 2015-12-30 20:04 - 00001047 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2015-12-30 20:04 - 2015-07-09 20:37 - 04386304 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MLS6.dll
2015-12-30 20:04 - 2015-07-09 20:36 - 06347264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsLexicons001d.dll
2015-12-30 20:04 - 2015-07-09 20:36 - 00130048 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NlsData001d.dll
2015-12-30 20:04 - 2015-07-09 20:26 - 04431872 _____ (Microsoft Corporation) C:\Windows\system32\MLS6.dll
2015-12-30 20:04 - 2015-07-09 20:25 - 06347264 _____ (Microsoft Corporation) C:\Windows\system32\NlsLexicons001d.dll
2015-12-30 20:04 - 2015-07-09 20:25 - 00173568 _____ (Microsoft Corporation) C:\Windows\system32\NlsData001d.dll
2015-12-30 17:06 - 2015-12-30 17:07 - 00000000 ____D C:\Users\David\AppData\Roaming\skyz
2015-12-30 15:37 - 2015-12-30 15:37 - 00000000 ____D C:\Program Files (x86)\glassfish-4.1.1
2015-12-30 15:34 - 2015-12-30 15:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NetBeans
2015-12-30 15:32 - 2015-12-30 15:39 - 00000000 ____D C:\Program Files (x86)\NetBeans 8.1
2015-12-30 15:30 - 2015-12-30 15:30 - 00110176 _____ (Oracle Corporation) C:\Windows\system32\WindowsAccessBridge-64.dll
2015-12-30 15:29 - 2015-12-30 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java Development Kit
2015-12-30 15:28 - 2015-12-30 15:30 - 00000000 ____D C:\Program Files\Java
2015-12-30 15:26 - 2015-12-30 15:40 - 00000000 ____D C:\Users\David\.nbi
2015-12-30 14:43 - 2015-12-30 14:43 - 11530144 _____ (Intel Corporation) C:\Windows\system32\Drivers\NETwsw00.sys
2015-12-30 14:03 - 2015-12-30 14:05 - 00000000 ____D C:\Users\David\AppData\Local\Comms
2015-12-30 13:49 - 2015-12-30 13:49 - 00000000 ____D C:\Users\David\AppData\Roaming\NVIDIA
2015-12-30 13:47 - 2015-12-30 13:49 - 00000000 ____D C:\Users\David\Desktop\Minecraft
2015-12-30 13:43 - 2016-01-02 00:24 - 00000000 ____D C:\Users\David\AppData\Roaming\.minecraft
2015-12-30 13:43 - 2015-12-30 13:43 - 00000000 ____D C:\Users\David\AppData\Roaming\java
2015-12-30 04:46 - 2008-02-06 05:00 - 00259584 _____ (CANON INC.) C:\Windows\system32\CNMLM8T.DLL
2015-12-30 04:41 - 2015-12-30 04:41 - 72121872 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoRes64.dat
2015-12-30 04:41 - 2015-12-30 04:41 - 07172912 _____ (Dolby Laboratories) C:\Windows\system32\R4EEP64A.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 07096192 _____ (Dolby Laboratories) C:\Windows\system32\DDPP64A.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 03741396 _____ C:\Windows\system32\Drivers\RTAIODAT.DAT
2015-12-30 04:41 - 2015-12-30 04:41 - 03278408 _____ (Fortemedia Corporation) C:\Windows\system32\FMAPO64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 03271912 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkApi64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 02997504 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtPgEx64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 02711296 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTSnMg64.cpl
2015-12-30 04:41 - 2015-12-30 04:41 - 02600408 _____ (Realtek Semiconductor Corp.) C:\Windows\SysWOW64\RltkAPO.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 02050176 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioEQ64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 01965816 _____ (Dolby Laboratories) C:\Windows\system32\DDPD64A.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 01839360 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RCoInstII64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 01780624 _____ (DTS) C:\Windows\system32\DTSS2SpeakerDLL64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 01591064 _____ (DTS) C:\Windows\system32\DTSS2HeadphoneDLL64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 01508936 _____ (DTS) C:\Windows\system32\DTSBoostDLL64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 01350456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RTCOM64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00965032 _____ (Sony Corporation) C:\Windows\system32\SFSS_APO.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00743968 _____ (DTS) C:\Windows\system32\DTSBassEnhancementDLL64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00727440 _____ (DTS) C:\Windows\system32\DTSSymmetryDLL64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00708312 _____ (DTS) C:\Windows\system32\DTSVoiceClarityDLL64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00678184 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO30.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00677672 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxVolumeSDAPO.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00645456 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtDataProc64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00618192 _____ (Knowles Acoustics ) C:\Windows\system32\KAAPORT64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00574760 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAC64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00532384 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSX64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00504312 _____ (DTS) C:\Windows\system32\DTSNeoPCDLL64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00447728 _____ (Dolby Laboratories) C:\Windows\system32\R4EED64A.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00445408 _____ (DTS) C:\Windows\system32\DTSLimiterDLL64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00441272 _____ (DTS) C:\Windows\system32\DTSGainCompensatorDLL64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00387320 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEP64A.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00343712 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtlCPAPI64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00330568 _____ (Waves Audio Ltd.) C:\Windows\system32\MaxxAudioAPO20.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00327464 _____ (Dolby Laboratories) C:\Windows\system32\DDPO64A.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DHT64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00321720 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RP3DAA64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00272720 _____ (Dolby Laboratories) C:\Windows\system32\DDPA64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00253904 _____ (DTS) C:\Windows\system32\DTSGFXAPO64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00253864 _____ (DTS) C:\Windows\system32\DTSLFXAPO64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00252880 _____ (DTS) C:\Windows\system32\DTSGFXAPONS64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00231920 _____ (Synopsys, Inc.) C:\Windows\system32\SFNHK64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00221968 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSTSH64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00214832 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEED64A.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00209536 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSHP64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00195192 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCfg64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00166208 _____ (SRS Labs, Inc.) C:\Windows\system32\SRSWOW64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00151792 _____ (Dolby Laboratories) C:\Windows\system32\R4EEL64A.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00134208 _____ (Dolby Laboratories) C:\Windows\system32\R4EEA64A.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00122320 _____ (Real Sound Lab SIA) C:\Windows\system32\CONEQMSAPOGUILibrary.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00118600 _____ (Andrea Electronics Corporation) C:\Windows\system32\AERTAR64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00110984 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEL64A.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00090920 _____ (Synopsys, Inc.) C:\Windows\system32\SFCOM64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00088352 _____ (Dolby Laboratories, Inc.) C:\Windows\system32\RTEEG64A.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00088328 _____ (Synopsys, Inc.) C:\Windows\system32\SFAPO64.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00084616 _____ (Dolby Laboratories) C:\Windows\system32\R4EEG64A.dll
2015-12-30 04:41 - 2015-12-30 04:41 - 00083632 _____ (Virage Logic Corporation / Sonic Focus) C:\Windows\SysWOW64\SFCOM.dll
2015-12-30 04:35 - 2015-12-30 04:35 - 00935168 _____ (Realtek ) C:\Windows\system32\Drivers\rt640x64.sys
2015-12-30 04:35 - 2015-12-30 04:35 - 00082544 _____ (Realtek Semiconductor Corporation) C:\Windows\system32\RtNicProp64.dll
2015-12-30 04:33 - 2015-12-30 04:49 - 00000000 ____D C:\Windows\twain_64
2015-12-30 04:23 - 2015-12-30 04:23 - 00000000 ___RD C:\Users\David\Documents\Scanned Documents
2015-12-30 04:23 - 2015-12-30 04:23 - 00000000 ____D C:\Users\David\Documents\Fax
2015-12-30 04:21 - 2015-12-30 04:21 - 00026528 _____ (REALiX™) C:\Windows\SysWOW64\Drivers\HWiNFO64A.SYS
2015-12-30 04:21 - 2015-12-30 04:21 - 00003074 _____ C:\Windows\System32\Tasks\Driver Booster SkipUAC (David)
2015-12-30 04:21 - 2015-12-30 04:21 - 00000000 ____D C:\Windows\Tasks\ImCleanDisabled
2015-12-30 03:45 - 2015-12-30 03:45 - 00000000 ____D C:\Users\David\AppData\Local\ESET
2015-12-30 03:43 - 2015-12-30 03:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ESET
2015-12-30 03:43 - 2015-12-30 03:43 - 00000000 ____D C:\ProgramData\ESET
2015-12-30 03:43 - 2015-12-30 03:43 - 00000000 ____D C:\Program Files\ESET
2015-12-30 03:28 - 2015-12-30 03:28 - 00000000 ____D C:\Users\David\AppData\Local\PeerDistRepub
2015-12-30 03:21 - 2015-12-30 03:21 - 00000000 ____D C:\Users\David\AppData\Roaming\WinRAR
2015-12-30 03:20 - 2015-12-30 03:21 - 00000000 ____D C:\Program Files\WinRAR
2015-12-30 02:27 - 2015-12-30 02:27 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-12-30 02:25 - 2015-12-30 02:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-12-30 02:25 - 2015-12-30 02:25 - 00000000 ____D C:\Program Files\Microsoft Office 15
2015-12-30 01:39 - 2015-12-30 01:39 - 00000000 ____D C:\Users\David\AppData\Local\ElevatedDiagnostics
2015-12-30 01:26 - 2015-12-30 01:31 - 00000000 ____D C:\Program Files (x86)\Driver Identifier
2015-12-30 01:21 - 2015-12-30 01:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
2015-12-30 01:21 - 2015-12-16 16:59 - 01846016 _____ (NVIDIA Corporation) C:\Windows\system32\nvspcap64.dll
2015-12-30 01:21 - 2015-12-16 16:59 - 01756424 _____ (NVIDIA Corporation) C:\Windows\system32\nvspbridge64.dll
2015-12-30 01:21 - 2015-12-16 16:59 - 01530240 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspcap.dll
2015-12-30 01:21 - 2015-12-16 16:59 - 01316184 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvspbridge.dll
2015-12-30 01:21 - 2015-12-16 16:59 - 00111520 _____ C:\Windows\system32\NvRtmpStreamer64.dll
2015-12-30 01:21 - 2010-05-26 11:41 - 02401112 _____ (Microsoft Corporation) C:\Windows\system32\D3DX9_43.dll
2015-12-30 01:21 - 2010-05-26 11:41 - 01998168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\D3DX9_43.dll
2015-12-30 01:21 - 2010-05-26 11:41 - 00511328 _____ (Microsoft Corporation) C:\Windows\system32\d3dx10_43.dll
2015-12-30 01:21 - 2010-05-26 11:41 - 00470880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx10_43.dll
2015-12-30 01:21 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\Windows\system32\d3dx11_43.dll
2015-12-30 01:21 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3dx11_43.dll
2015-12-30 01:20 - 2015-12-30 01:20 - 00000000 ____D C:\Windows\SysWOW64\NV
2015-12-30 01:20 - 2015-12-30 01:20 - 00000000 ____D C:\Windows\system32\NV
2015-12-30 01:20 - 2015-12-16 14:54 - 06359672 _____ (NVIDIA Corporation) C:\Windows\system32\nvcpl.dll
2015-12-30 01:20 - 2015-12-16 14:54 - 02985264 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvc64.dll
2015-12-30 01:20 - 2015-12-16 14:54 - 02554488 _____ (NVIDIA Corporation) C:\Windows\system32\nvsvcr.dll
2015-12-30 01:20 - 2015-12-16 14:54 - 01256240 _____ (NVIDIA Corporation) C:\Windows\system32\nvvsvc.exe
2015-12-30 01:20 - 2015-12-16 14:54 - 00523384 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshext.dll
2015-12-30 01:20 - 2015-12-16 14:54 - 00385328 _____ (NVIDIA Corporation) C:\Windows\system32\nvmctray.dll
2015-12-30 01:20 - 2015-12-16 14:54 - 00075056 _____ (NVIDIA Corporation) C:\Windows\system32\nv3dappshextr.dll
2015-12-30 01:20 - 2015-12-16 14:54 - 00062768 _____ (NVIDIA Corporation) C:\Windows\system32\nvshext.dll
2015-12-30 01:20 - 2015-12-16 14:49 - 06090019 _____ C:\Windows\system32\nvcoproc.bin
2015-12-30 01:19 - 2015-12-30 01:23 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-12-30 01:19 - 2015-12-30 01:19 - 00267776 _____ (CANON INC.) C:\Windows\system32\CNBLM4.DLL
2015-12-30 01:19 - 2015-12-16 16:59 - 00206968 _____ (Khronos Group) C:\Windows\system32\OpenCL.dll
2015-12-30 01:19 - 2015-12-16 16:59 - 00194680 _____ (Khronos Group) C:\Windows\SysWOW64\OpenCL.dll
2015-12-30 01:15 - 2015-12-18 08:49 - 00040080 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvpciflt.sys
2015-12-30 01:15 - 2015-12-18 08:48 - 12426896 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvlddmkm.sys
2015-12-30 01:15 - 2015-12-16 16:59 - 42976888 _____ C:\Windows\system32\nvcompiler.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 37608568 _____ C:\Windows\SysWOW64\nvcompiler.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 31098488 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglv64.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 24923768 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglv32.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 21131424 _____ (NVIDIA Corporation) C:\Windows\system32\nvopencl.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 20672376 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuda.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 19727624 _____ (NVIDIA Corporation) C:\Windows\system32\nvwgf2umx.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 17568432 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvopencl.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 17164160 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuda.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 17123736 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvwgf2um.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 17104016 _____ (NVIDIA Corporation) C:\Windows\system32\nvd3dumx.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 14103608 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvd3dum.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 03603368 _____ (NVIDIA Corporation) C:\Windows\system32\nvapi64.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 03184152 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvapi.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 02560816 _____ (NVIDIA Corporation) C:\Windows\system32\nvcuvid.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 02214192 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvcuvid.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 01915512 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispco6436143.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 01564976 _____ (NVIDIA Corporation) C:\Windows\system32\nvdispgenco6436143.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 00938104 _____ (NVIDIA Corporation) C:\Windows\system32\NvFBC64.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 00872056 _____ (NVIDIA Corporation) C:\Windows\system32\NvIFR64.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 00735024 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvFBC.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 00681592 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\NvIFR.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 00541000 _____ (NVIDIA Corporation) C:\Windows\system32\nvumdshimx.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 00445728 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvumdshim.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 00175368 _____ (NVIDIA Corporation) C:\Windows\system32\nvinitx.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 00153208 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvinit.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 00151184 _____ (NVIDIA Corporation) C:\Windows\system32\nvoglshim64.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 00128696 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvoglshim32.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 00072504 _____ (NVIDIA Corporation) C:\Windows\system32\nvaudcap64v.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 00069416 _____ (NVIDIA Corporation) C:\Windows\SysWOW64\nvaudcap32v.dll
2015-12-30 01:15 - 2015-12-16 16:59 - 00050472 _____ (NVIDIA Corporation) C:\Windows\system32\Drivers\nvvad64v.sys
2015-12-30 01:15 - 2015-12-16 16:59 - 00035775 _____ C:\Windows\system32\nvinfo.pb
2015-12-30 01:13 - 2015-12-30 01:13 - 00000000 ____D C:\NVIDIA
2015-12-30 01:10 - 2015-12-30 15:32 - 00000000 ____D C:\Users\David\.oracle_jre_usage
2015-12-30 01:10 - 2015-12-30 15:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-12-30 01:10 - 2015-12-30 01:10 - 00097888 _____ (Oracle Corporation) C:\Windows\SysWOW64\WindowsAccessBridge-32.dll
2015-12-30 01:10 - 2015-12-30 01:10 - 00000000 ____D C:\Users\David\AppData\Roaming\Sun
2015-12-30 01:10 - 2015-12-30 01:10 - 00000000 ____D C:\Users\David\AppData\LocalLow\Sun
2015-12-30 01:10 - 2015-12-30 01:10 - 00000000 ____D C:\ProgramData\Oracle
2015-12-30 01:10 - 2015-12-30 01:10 - 00000000 ____D C:\Program Files (x86)\Java
2015-12-30 01:09 - 2015-12-30 01:09 - 00000000 ____D C:\Users\David\AppData\LocalLow\Oracle
2015-12-30 00:57 - 2015-12-30 00:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\XAMPP
2015-12-30 00:53 - 2015-12-30 01:08 - 00000000 ____D C:\xampp
2015-12-30 00:06 - 2015-12-30 00:06 - 00000000 ____D C:\Users\David\AppData\Roaming\Intel Corporation
2015-12-29 23:53 - 2015-12-29 23:53 - 00000000 ___HD C:\Windows\system32\WLANProfiles
2015-12-29 23:31 - 2016-01-03 17:19 - 00000000 ____D C:\Users\David\AppData\Local\Spotify
2015-12-29 23:31 - 2015-12-29 23:31 - 00000000 ____D C:\Users\David\AppData\Local\CEF
2015-12-29 23:30 - 2016-01-03 20:33 - 00000000 ____D C:\Users\David\AppData\Roaming\Spotify
2015-12-29 23:30 - 2015-12-29 23:30 - 00001836 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Spotify.lnk
2015-12-29 23:21 - 2015-12-01 05:51 - 07523840 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2015-12-29 23:21 - 2015-12-01 05:49 - 04792320 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2015-12-29 23:21 - 2015-12-01 05:02 - 03580416 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2015-12-29 23:21 - 2015-12-01 04:59 - 05455360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2015-12-29 23:21 - 2015-11-25 05:40 - 00516448 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2015-12-29 23:21 - 2015-11-25 04:44 - 21872640 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2015-12-29 23:21 - 2015-11-25 04:42 - 24592384 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2015-12-29 23:21 - 2015-11-25 04:30 - 00147968 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rmcast.sys
2015-12-29 23:21 - 2015-11-25 04:30 - 00080896 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\hdaudbus.sys
2015-12-29 23:21 - 2015-11-25 04:23 - 19323392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2015-12-29 23:21 - 2015-11-25 04:23 - 03588096 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2015-12-29 23:21 - 2015-11-25 04:22 - 01383424 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2015-12-29 23:21 - 2015-11-25 04:10 - 18801664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2015-12-29 23:21 - 2015-11-25 04:10 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\vbscript.dll
2015-12-29 23:21 - 2015-11-05 05:15 - 08020832 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2015-12-29 23:21 - 2015-11-05 05:14 - 00459104 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\netio.sys
2015-12-29 23:21 - 2015-11-05 05:13 - 00577888 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\afd.sys
2015-12-29 23:21 - 2015-11-05 04:56 - 00116064 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tdx.sys
2015-12-29 23:21 - 2015-11-05 03:33 - 00650240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript.dll
2015-12-29 23:21 - 2015-09-17 06:48 - 02824248 _____ (Microsoft Corporation) C:\Windows\system32\msmpeg2vdec.dll
2015-12-29 23:21 - 2015-09-17 06:48 - 02432336 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\tcpip.sys
2015-12-29 23:21 - 2015-09-17 06:48 - 00406864 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\FWPKCLNT.SYS
2015-12-29 23:21 - 2015-09-17 06:26 - 02446648 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msmpeg2vdec.dll
2015-12-29 23:21 - 2015-09-17 05:50 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\portcls.sys
2015-12-29 23:21 - 2015-09-17 05:44 - 00526336 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2015-12-29 23:20 - 2015-11-25 05:27 - 01366680 _____ (Microsoft Corporation) C:\Windows\system32\user32.dll
2015-12-29 23:20 - 2015-11-25 05:09 - 01310880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\user32.dll
2015-12-29 23:20 - 2015-11-25 04:49 - 01569280 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Globalization.dll
2015-12-29 23:20 - 2015-11-25 04:36 - 01710592 _____ (Microsoft Corporation) C:\Windows\system32\SRHInproc.dll
2015-12-29 23:20 - 2015-11-25 04:34 - 12504576 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2015-12-29 23:20 - 2015-11-25 04:29 - 01649152 _____ (Microsoft Corporation) C:\Windows\system32\comsvcs.dll
2015-12-29 23:20 - 2015-11-25 04:27 - 02180608 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2015-12-29 23:20 - 2015-11-25 04:22 - 01717248 _____ (Microsoft Corporation) C:\Windows\system32\GdiPlus.dll
2015-12-29 23:20 - 2015-11-25 04:19 - 01795584 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2015-12-29 23:20 - 2015-11-25 04:18 - 01233920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Globalization.dll
2015-12-29 23:20 - 2015-11-25 04:16 - 01442816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRHInproc.dll
2015-12-29 23:20 - 2015-11-25 04:10 - 01328128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comsvcs.dll
2015-12-29 23:20 - 2015-11-25 04:05 - 11263488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2015-12-29 23:20 - 2015-11-25 04:04 - 01467392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\GdiPlus.dll
2015-12-29 23:20 - 2015-11-05 05:15 - 00541024 _____ (Microsoft Corporation) C:\Windows\system32\mcupdate_GenuineIntel.dll
2015-12-29 23:20 - 2015-11-05 05:11 - 01392480 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManager.dll
2015-12-29 23:20 - 2015-11-05 04:30 - 00961376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LicenseManager.dll
2015-12-29 23:20 - 2015-11-05 04:23 - 00076800 _____ (Microsoft Corporation) C:\Windows\system32\browserbroker.dll
2015-12-29 23:20 - 2015-11-05 04:18 - 03248128 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2015-12-29 23:20 - 2015-11-05 04:17 - 02418688 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2015-12-29 23:20 - 2015-11-05 04:10 - 02987520 _____ (Microsoft Corporation) C:\Windows\system32\esent.dll
2015-12-29 23:20 - 2015-11-05 04:07 - 01068032 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2015-12-29 23:20 - 2015-11-05 04:01 - 00949760 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2015-12-29 23:20 - 2015-11-05 04:01 - 00579072 _____ (Microsoft Corporation) C:\Windows\system32\winlogon.exe
2015-12-29 23:20 - 2015-11-05 03:59 - 02675200 _____ (Microsoft Corporation) C:\Windows\system32\Windows.StateRepository.dll
2015-12-29 23:20 - 2015-11-05 03:58 - 00627712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2015-12-29 23:20 - 2015-11-05 03:42 - 02647040 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2015-12-29 23:20 - 2015-11-05 03:40 - 01918976 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2015-12-29 23:20 - 2015-11-05 03:35 - 02639872 _____ (Microsoft Corporation) C:\Windows\SysWOW64\esent.dll
2015-12-29 23:20 - 2015-11-05 03:30 - 00767488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2015-12-29 23:20 - 2015-11-05 03:27 - 02049536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.StateRepository.dll
2015-12-29 23:20 - 2015-11-05 03:27 - 00464896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2015-12-29 23:20 - 2015-10-06 03:03 - 16708608 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Xaml.dll
2015-12-29 23:20 - 2015-10-06 02:46 - 13027840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Xaml.dll
2015-12-29 23:20 - 2015-09-25 04:01 - 02573768 _____ (Microsoft Corporation) C:\Windows\system32\msxml6.dll
2015-12-29 23:20 - 2015-09-25 03:56 - 22322624 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2015-12-29 23:20 - 2015-09-25 03:33 - 01997336 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml6.dll
2015-12-29 23:20 - 2015-09-25 03:26 - 20858360 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2015-12-29 23:20 - 2015-09-25 02:58 - 01871360 _____ (Microsoft Corporation) C:\Windows\system32\msxml3.dll
2015-12-29 23:20 - 2015-09-25 02:32 - 01594368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msxml3.dll
2015-12-29 23:20 - 2015-09-17 06:50 - 02464216 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2015-12-29 23:20 - 2015-09-17 06:49 - 06487248 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2015-12-29 23:20 - 2015-09-17 06:48 - 02156400 _____ (Microsoft Corporation) C:\Windows\system32\hevcdecoder.dll
2015-12-29 23:20 - 2015-09-17 06:48 - 00476760 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2015-12-29 23:20 - 2015-09-17 06:28 - 05120056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2015-12-29 23:20 - 2015-09-17 06:28 - 00074880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\remoteaudioendpoint.dll
2015-12-29 23:20 - 2015-09-17 06:26 - 01895568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hevcdecoder.dll
2015-12-29 23:20 - 2015-09-17 06:26 - 00434376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2015-12-29 23:20 - 2015-09-17 06:06 - 00690688 _____ (Microsoft Corporation) C:\Windows\system32\CellularAPI.dll
2015-12-29 23:20 - 2015-09-17 06:04 - 07569408 _____ (Microsoft Corporation) C:\Windows\system32\mos.dll
2015-12-29 23:20 - 2015-09-17 06:04 - 00504320 _____ (Microsoft Corporation) C:\Windows\system32\DataSenseHandlers.dll
2015-12-29 23:20 - 2015-09-17 06:00 - 00106496 _____ (Microsoft Corporation) C:\Windows\system32\KeywordDetectorMsftSidAdapter.dll
2015-12-29 23:20 - 2015-09-17 05:55 - 00121856 _____ (Microsoft Corporation) C:\Windows\system32\dmcsps.dll
2015-12-29 23:20 - 2015-09-17 05:54 - 03781120 _____ (Microsoft Corporation) C:\Windows\system32\SettingsHandlers_nt.dll
2015-12-29 23:20 - 2015-09-17 05:53 - 07055872 _____ (Microsoft Corporation) C:\Windows\system32\BingMaps.dll
2015-12-29 23:20 - 2015-09-17 05:52 - 06572032 _____ (Microsoft Corporation) C:\Windows\system32\wwanmm.dll
2015-12-29 23:20 - 2015-09-17 05:52 - 01216512 _____ (Microsoft Corporation) C:\Windows\system32\netcenter.dll
2015-12-29 23:20 - 2015-09-17 05:52 - 00465920 _____ (Microsoft Corporation) C:\Windows\system32\wwanconn.dll
2015-12-29 23:20 - 2015-09-17 05:51 - 02660864 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2015-12-29 23:20 - 2015-09-17 05:51 - 01812480 _____ (Microsoft Corporation) C:\Windows\system32\pnidui.dll
2015-12-29 23:20 - 2015-09-17 05:44 - 01844736 _____ (Microsoft Corporation) C:\Windows\system32\workfolderssvc.dll
2015-12-29 23:20 - 2015-09-17 05:40 - 06101504 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mos.dll
2015-12-29 23:20 - 2015-09-17 05:36 - 01171456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netcenter.dll
2015-12-29 23:20 - 2015-09-17 05:35 - 05079552 _____ (Microsoft Corporation) C:\Windows\SysWOW64\BingMaps.dll
2015-12-29 23:19 - 2015-12-01 07:01 - 02115936 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2015-12-29 23:19 - 2015-12-01 06:03 - 00008192 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\gpuenergydrv.sys
2015-12-29 23:19 - 2015-12-01 05:54 - 00771072 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2015-12-29 23:19 - 2015-11-25 05:42 - 04532304 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2015-12-29 23:19 - 2015-11-25 05:42 - 00168288 _____ (Microsoft Corporation) C:\Windows\system32\NetworkUXBroker.exe
2015-12-29 23:19 - 2015-11-25 05:41 - 01822280 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2015-12-29 23:19 - 2015-11-25 05:33 - 03622272 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2015-12-29 23:19 - 2015-11-25 05:12 - 04047288 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2015-12-29 23:19 - 2015-11-25 05:11 - 01532984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2015-12-29 23:19 - 2015-11-25 05:01 - 02879024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2015-12-29 23:19 - 2015-11-25 04:49 - 00498688 _____ (Microsoft Corporation) C:\Windows\system32\WlanMediaManager.dll
2015-12-29 23:19 - 2015-11-25 04:49 - 00467456 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2015-12-29 23:19 - 2015-11-25 04:49 - 00270336 _____ (Microsoft Corporation) C:\Windows\system32\RasMediaManager.dll
2015-12-29 23:19 - 2015-11-25 04:48 - 00146944 _____ (Microsoft Corporation) C:\Windows\system32\EthernetMediaManager.dll
2015-12-29 23:19 - 2015-11-25 04:48 - 00126464 _____ (Microsoft Corporation) C:\Windows\system32\DAMediaManager.dll
2015-12-29 23:19 - 2015-11-25 04:37 - 02350592 _____ (Microsoft Corporation) C:\Windows\system32\authui.dll
2015-12-29 23:19 - 2015-11-25 04:35 - 00929792 _____ (Microsoft Corporation) C:\Windows\system32\SRH.dll
2015-12-29 23:19 - 2015-11-25 04:35 - 00845824 _____ (Microsoft Corporation) C:\Windows\system32\Magnify.exe
2015-12-29 23:19 - 2015-11-25 04:31 - 00121344 _____ (Microsoft Corporation) C:\Windows\system32\DAMM.dll
2015-12-29 23:19 - 2015-11-25 04:30 - 00171008 _____ (Microsoft Corporation) C:\Windows\system32\dot3mm.dll
2015-12-29 23:19 - 2015-11-25 04:29 - 00355328 _____ (Microsoft Corporation) C:\Windows\system32\ninput.dll
2015-12-29 23:19 - 2015-11-25 04:28 - 00572928 _____ (Microsoft Corporation) C:\Windows\system32\vbscript.dll
2015-12-29 23:19 - 2015-11-25 04:28 - 00523776 _____ (Microsoft Corporation) C:\Windows\system32\catsrvut.dll
2015-12-29 23:19 - 2015-11-25 04:26 - 00849408 _____ (Microsoft Corporation) C:\Windows\system32\comdlg32.dll
2015-12-29 23:19 - 2015-11-25 04:25 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\profsvc.dll
2015-12-29 23:19 - 2015-11-25 04:23 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\ieui.dll
2015-12-29 23:19 - 2015-11-25 04:22 - 00603648 _____ (Microsoft Corporation) C:\Windows\system32\duser.dll
2015-12-29 23:19 - 2015-11-25 04:19 - 00185344 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2015-12-29 23:19 - 2015-11-25 04:17 - 00774656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SRH.dll
2015-12-29 23:19 - 2015-11-25 04:16 - 00786432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Magnify.exe
2015-12-29 23:19 - 2015-11-25 04:13 - 02153984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\authui.dll
2015-12-29 23:19 - 2015-11-25 04:11 - 00296960 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ninput.dll
2015-12-29 23:19 - 2015-11-25 04:10 - 00415744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\catsrvut.dll
2015-12-29 23:19 - 2015-11-25 04:08 - 00749568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\comdlg32.dll
2015-12-29 23:19 - 2015-11-25 04:04 - 00480768 _____ (Microsoft Corporation) C:\Windows\SysWOW64\duser.dll
2015-12-29 23:19 - 2015-11-25 04:04 - 00474624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieui.dll
2015-12-29 23:19 - 2015-11-25 02:52 - 00775312 _____ C:\Windows\SysWOW64\locale.nls
2015-12-29 23:19 - 2015-11-25 02:52 - 00775312 _____ C:\Windows\system32\locale.nls
2015-12-29 23:19 - 2015-11-05 05:06 - 00966416 _____ (Microsoft Corporation) C:\Windows\system32\twinapi.appcore.dll
2015-12-29 23:19 - 2015-11-05 04:56 - 01083072 _____ (Microsoft Corporation) C:\Windows\system32\appraiser.dll
2015-12-29 23:19 - 2015-11-05 04:56 - 00025280 _____ (Microsoft Corporation) C:\Windows\system32\CompatTelRunner.exe
2015-12-29 23:19 - 2015-11-05 04:23 - 00762888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinapi.appcore.dll
2015-12-29 23:19 - 2015-11-05 04:12 - 00515072 _____ (Microsoft Corporation) C:\Windows\system32\internetmail.dll
2015-12-29 23:19 - 2015-11-05 04:11 - 00333312 _____ (Microsoft Corporation) C:\Windows\system32\MusUpdateHandlers.dll
2015-12-29 23:19 - 2015-11-05 04:06 - 00453120 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Usb.dll
2015-12-29 23:19 - 2015-11-05 04:05 - 01602560 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2015-12-29 23:19 - 2015-11-05 04:05 - 00826880 _____ (Microsoft Corporation) C:\Windows\system32\jscript.dll
2015-12-29 23:19 - 2015-11-05 04:03 - 01015808 _____ (Microsoft Corporation) C:\Windows\system32\RDXService.dll
2015-12-29 23:19 - 2015-11-05 04:01 - 00713216 _____ (Microsoft Corporation) C:\Windows\system32\usermgr.dll
2015-12-29 23:19 - 2015-11-05 03:55 - 00145408 _____ (Microsoft Corporation) C:\Windows\system32\dssvc.dll
2015-12-29 23:19 - 2015-11-05 03:54 - 00502272 _____ (Microsoft Corporation) C:\Windows\system32\dlnashext.dll
2015-12-29 23:19 - 2015-11-05 03:34 - 00311296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Usb.dll
2015-12-29 23:19 - 2015-11-05 03:33 - 01380864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2015-12-29 23:19 - 2015-11-05 03:23 - 00441344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dlnashext.dll
2015-12-29 23:19 - 2015-10-10 07:12 - 00078528 _____ (Microsoft Corporation) C:\Windows\system32\acmigration.dll
2015-12-29 23:19 - 2015-10-01 04:01 - 01294352 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2015-12-29 23:19 - 2015-10-01 04:01 - 01123400 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2015-12-29 23:19 - 2015-10-01 04:01 - 01018568 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2015-12-29 23:19 - 2015-10-01 04:01 - 00858408 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2015-12-29 23:19 - 2015-10-01 03:03 - 00757760 _____ (Microsoft Corporation) C:\Windows\system32\fveapi.dll
2015-12-29 23:19 - 2015-09-25 04:01 - 00498016 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usbhub.sys
2015-12-29 23:19 - 2015-09-25 03:52 - 00980832 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2015-12-29 23:19 - 2015-09-25 03:07 - 01276416 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2015-12-29 23:19 - 2015-09-25 03:03 - 00796160 _____ (Microsoft Corporation) C:\Windows\system32\TokenBroker.dll
2015-12-29 23:19 - 2015-09-25 03:02 - 00689152 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Security.Authentication.Web.Core.dll
2015-12-29 23:19 - 2015-09-25 03:00 - 01423872 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2015-12-29 23:19 - 2015-09-25 03:00 - 00856576 _____ (Microsoft Corporation) C:\Windows\system32\ContactApis.dll
2015-12-29 23:19 - 2015-09-25 03:00 - 00752640 _____ (Microsoft Corporation) C:\Windows\system32\ChatApis.dll
2015-12-29 23:19 - 2015-09-25 02:59 - 01205248 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2015-12-29 23:19 - 2015-09-25 02:59 - 00288256 _____ (Microsoft Corporation) C:\Windows\system32\PimIndexMaintenance.dll
2015-12-29 23:19 - 2015-09-25 02:59 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\CallHistoryClient.dll
2015-12-29 23:19 - 2015-09-25 02:38 - 00574464 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakradiag.dll
2015-12-29 23:19 - 2015-09-25 02:37 - 00613376 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TokenBroker.dll
2015-12-29 23:19 - 2015-09-25 02:37 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-12-29 23:19 - 2015-09-25 02:34 - 00928256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2015-12-29 23:19 - 2015-09-25 02:34 - 00625152 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ContactApis.dll
2015-12-29 23:19 - 2015-09-25 02:34 - 00579584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppointmentApis.dll
2015-12-29 23:19 - 2015-09-25 02:34 - 00557568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ChatApis.dll
2015-12-29 23:19 - 2015-09-25 02:34 - 00525312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\EmailApis.dll
2015-12-29 23:19 - 2015-09-25 02:33 - 00131072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CallHistoryClient.dll
2015-12-29 23:19 - 2015-09-19 05:14 - 00102304 _____ (Microsoft Corporation) C:\Windows\system32\omadmapi.dll
2015-12-29 23:19 - 2015-09-17 06:50 - 01563392 _____ (Microsoft Corporation) C:\Windows\system32\winmde.dll
2015-12-29 23:19 - 2015-09-17 06:50 - 00099664 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\pdc.sys
2015-12-29 23:19 - 2015-09-17 06:50 - 00088384 _____ (Microsoft Corporation) C:\Windows\system32\remoteaudioendpoint.dll
2015-12-29 23:19 - 2015-09-17 06:49 - 01563472 _____ (Microsoft Corporation) C:\Windows\system32\wmpmde.dll
2015-12-29 23:19 - 2015-09-17 06:49 - 00894256 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\Wdf01000.sys
2015-12-29 23:19 - 2015-09-17 06:49 - 00553808 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncHost.exe
2015-12-29 23:19 - 2015-09-17 06:49 - 00501008 _____ (Microsoft Corporation) C:\Windows\system32\AudioEng.dll
2015-12-29 23:19 - 2015-09-17 06:48 - 02494712 _____ C:\Windows\system32\CoreUIComponents.dll
2015-12-29 23:19 - 2015-09-17 06:48 - 01983824 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2015-12-29 23:19 - 2015-09-17 06:48 - 00809352 _____ (Microsoft Corporation) C:\Windows\system32\CoreMessaging.dll
2015-12-29 23:19 - 2015-09-17 06:48 - 00784136 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2015-12-29 23:19 - 2015-09-17 06:48 - 00555768 _____ (Microsoft Corporation) C:\Windows\system32\directmanipulation.dll
2015-12-29 23:19 - 2015-09-17 06:48 - 00537080 _____ (Microsoft Corporation) C:\Windows\system32\WWanAPI.dll
2015-12-29 23:19 - 2015-09-17 06:48 - 00332624 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\fastfat.sys
2015-12-29 23:19 - 2015-09-17 06:48 - 00278352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2015-12-29 23:19 - 2015-09-17 06:44 - 00781976 _____ (Microsoft Corporation) C:\Windows\system32\mfds.dll
2015-12-29 23:19 - 2015-09-17 06:37 - 01295712 _____ (Microsoft Corporation) C:\Windows\system32\wpx.dll
2015-12-29 23:19 - 2015-09-17 06:28 - 02154808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2015-12-29 23:19 - 2015-09-17 06:28 - 01357888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winmde.dll
2015-12-29 23:19 - 2015-09-17 06:28 - 00441168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncHost.exe
2015-12-29 23:19 - 2015-09-17 06:28 - 00407608 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AudioSes.dll
2015-12-29 23:19 - 2015-09-17 06:27 - 01766952 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2015-12-29 23:19 - 2015-09-17 06:27 - 00454512 _____ (Microsoft Corporation) C:\Windows\SysWOW64\directmanipulation.dll
2015-12-29 23:19 - 2015-09-17 06:26 - 00646672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2015-12-29 23:19 - 2015-09-17 06:26 - 00428128 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WWanAPI.dll
2015-12-29 23:19 - 2015-09-17 06:21 - 00658528 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfds.dll
2015-12-29 23:19 - 2015-09-17 06:11 - 00160256 _____ (Microsoft Corporation) C:\Windows\system32\enrollmentapi.dll
2015-12-29 23:19 - 2015-09-17 06:10 - 00169984 _____ (Microsoft Corporation) C:\Windows\system32\mdmregistration.dll
2015-12-29 23:19 - 2015-09-17 06:08 - 00053760 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Speech.Pal.dll
2015-12-29 23:19 - 2015-09-17 06:05 - 02226688 _____ (Microsoft Corporation) C:\Windows\system32\NetworkMobileSettings.dll
2015-12-29 23:19 - 2015-09-17 06:04 - 00910848 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2015-12-29 23:19 - 2015-09-17 06:03 - 00267776 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Management.dll
2015-12-29 23:19 - 2015-09-17 06:03 - 00154624 _____ (Microsoft Corporation) C:\Windows\system32\dmcertinst.exe
2015-12-29 23:19 - 2015-09-17 06:03 - 00088064 _____ (Microsoft Corporation) C:\Windows\system32\ngckeyenum.dll
2015-12-29 23:19 - 2015-09-17 06:03 - 00083968 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2015-12-29 23:19 - 2015-09-17 06:02 - 00168960 _____ (Microsoft Corporation) C:\Windows\system32\mdmmigrator.dll
2015-12-29 23:19 - 2015-09-17 06:02 - 00068096 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-12-29 23:19 - 2015-09-17 05:58 - 00503808 _____ (Microsoft Corporation) C:\Windows\system32\tileobjserver.dll
2015-12-29 23:19 - 2015-09-17 05:57 - 02228736 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2015-12-29 23:19 - 2015-09-17 05:57 - 00403456 _____ (Microsoft Corporation) C:\Windows\system32\dmenrollengine.dll
2015-12-29 23:19 - 2015-09-17 05:57 - 00281600 _____ (Microsoft Corporation) C:\Windows\system32\VEEventDispatcher.dll
2015-12-29 23:19 - 2015-09-17 05:56 - 00859136 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2015-12-29 23:19 - 2015-09-17 05:56 - 00521728 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2015-12-29 23:19 - 2015-09-17 05:55 - 02236416 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2015-12-29 23:19 - 2015-09-17 05:55 - 01601536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Speech.dll
2015-12-29 23:19 - 2015-09-17 05:55 - 00671232 _____ (Microsoft Corporation) C:\Windows\system32\WUDFx02000.dll
2015-12-29 23:19 - 2015-09-17 05:55 - 00346112 _____ (Microsoft Corporation) C:\Windows\system32\ngccredprov.dll
2015-12-29 23:19 - 2015-09-17 05:55 - 00202240 _____ (Microsoft Corporation) C:\Windows\system32\accountaccessor.dll
2015-12-29 23:19 - 2015-09-17 05:55 - 00073728 _____ (Microsoft Corporation) C:\Windows\system32\wwancfg.dll
2015-12-29 23:19 - 2015-09-17 05:54 - 00780288 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2015-12-29 23:19 - 2015-09-17 05:52 - 01181696 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2015-12-29 23:19 - 2015-09-17 05:52 - 00591360 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2015-12-29 23:19 - 2015-09-17 05:52 - 00570880 _____ (Microsoft Corporation) C:\Windows\system32\MbaeApi.dll
2015-12-29 23:19 - 2015-09-17 05:51 - 01203712 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Devices.Bluetooth.dll
2015-12-29 23:19 - 2015-09-17 05:51 - 00359936 _____ (Microsoft Corporation) C:\Windows\system32\ncsi.dll
2015-12-29 23:19 - 2015-09-17 05:51 - 00145920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mdmregistration.dll
2015-12-29 23:19 - 2015-09-17 05:50 - 00929280 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bthport.sys
2015-12-29 23:19 - 2015-09-17 05:50 - 00312832 _____ (Microsoft Corporation) C:\Windows\system32\SensorsApi.dll
2015-12-29 23:19 - 2015-09-17 05:50 - 00036352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\buttonconverter.sys
2015-12-29 23:19 - 2015-09-17 05:49 - 02740224 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2015-12-29 23:19 - 2015-09-17 05:49 - 01290240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2015-12-29 23:19 - 2015-09-17 05:49 - 00041472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Speech.Pal.dll
2015-12-29 23:19 - 2015-09-17 05:48 - 02093056 _____ (Microsoft Corporation) C:\Windows\system32\wlidsvc.dll
2015-12-29 23:19 - 2015-09-17 05:48 - 00517632 _____ (Microsoft Corporation) C:\Windows\system32\NotificationController.dll
2015-12-29 23:19 - 2015-09-17 05:48 - 00408064 _____ (Microsoft Corporation) C:\Windows\system32\CredProvDataModel.dll
2015-12-29 23:19 - 2015-09-17 05:48 - 00387584 _____ (Microsoft Corporation) C:\Windows\system32\LockAppBroker.dll
2015-12-29 23:19 - 2015-09-17 05:48 - 00347136 _____ (Microsoft Corporation) C:\Windows\system32\ncryptprov.dll
2015-12-29 23:19 - 2015-09-17 05:47 - 00513536 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2015-12-29 23:19 - 2015-09-17 05:46 - 00118272 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCsp.dll
2015-12-29 23:19 - 2015-09-17 05:46 - 00084480 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2015-12-29 23:19 - 2015-09-17 05:46 - 00079872 _____ (Microsoft Corporation) C:\Windows\system32\HttpsDataSource.dll
2015-12-29 23:19 - 2015-09-17 05:45 - 01331200 _____ (Microsoft Corporation) C:\Windows\system32\UIAutomationCore.dll
2015-12-29 23:19 - 2015-09-17 05:45 - 00869376 _____ (Microsoft Corporation) C:\Windows\system32\MapControlCore.dll
2015-12-29 23:19 - 2015-09-17 05:45 - 00193024 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Internal.Management.dll
2015-12-29 23:19 - 2015-09-17 05:43 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\RemoteNaturalLanguage.dll
2015-12-29 23:19 - 2015-09-17 05:43 - 00378368 _____ (Microsoft Corporation) C:\Windows\system32\SystemEventsBrokerServer.dll
2015-12-29 23:19 - 2015-09-17 05:41 - 00217088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\VEEventDispatcher.dll
2015-12-29 23:19 - 2015-09-17 05:40 - 01162240 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Speech.dll
2015-12-29 23:19 - 2015-09-17 05:39 - 00587264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2015-12-29 23:19 - 2015-09-17 05:38 - 00058368 _____ (Microsoft Corporation) C:\Windows\SysWOW64\usoapi.dll
2015-12-29 23:19 - 2015-09-17 05:37 - 00454656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MbaeApi.dll
2015-12-29 23:19 - 2015-09-17 05:35 - 02207232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2015-12-29 23:19 - 2015-09-17 05:35 - 01820160 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2015-12-29 23:19 - 2015-09-17 05:35 - 00828928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Devices.Bluetooth.dll
2015-12-29 23:19 - 2015-09-17 05:34 - 00253440 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SensorsApi.dll
2015-12-29 23:19 - 2015-09-17 05:32 - 00336384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CredProvDataModel.dll
2015-12-29 23:19 - 2015-09-17 05:32 - 00313856 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LockAppBroker.dll
2015-12-29 23:19 - 2015-09-17 05:31 - 00268800 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ncryptprov.dll
2015-12-29 23:19 - 2015-09-17 05:29 - 01104384 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UIAutomationCore.dll
2015-12-29 23:19 - 2015-09-17 05:29 - 00701952 _____ (Microsoft Corporation) C:\Windows\SysWOW64\JpMapControl.dll
2015-12-29 23:19 - 2015-09-17 05:29 - 00677888 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapControlCore.dll
2015-12-29 23:19 - 2015-09-17 05:26 - 00899584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\RemoteNaturalLanguage.dll
2015-12-29 23:19 - 2015-09-17 05:16 - 00512000 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CoreMessaging.dll
2015-12-29 23:18 - 2015-11-25 05:32 - 00113184 _____ (Microsoft Corporation) C:\Windows\system32\userenv.dll
2015-12-29 23:18 - 2015-11-25 04:59 - 00092992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\userenv.dll
2015-12-29 23:18 - 2015-11-25 04:36 - 00022528 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\usb8023.sys
2015-12-29 23:18 - 2015-11-25 04:26 - 00181760 _____ (Microsoft Corporation) C:\Windows\system32\shutdownux.dll
2015-12-29 23:18 - 2015-11-25 04:25 - 00067072 _____ (Microsoft Corporation) C:\Windows\system32\profext.dll
2015-12-29 23:18 - 2015-11-25 04:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\kbdgeoqw.dll
2015-12-29 23:18 - 2015-11-25 04:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZST.DLL
2015-12-29 23:18 - 2015-11-25 04:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZEL.DLL
2015-12-29 23:18 - 2015-11-25 04:22 - 00007168 _____ (Microsoft Corporation) C:\Windows\system32\KBDAZE.DLL
2015-12-29 23:18 - 2015-11-25 04:07 - 00053248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\profext.dll
2015-12-29 23:18 - 2015-11-25 04:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kbdgeoqw.dll
2015-12-29 23:18 - 2015-11-25 04:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZST.DLL
2015-12-29 23:18 - 2015-11-25 04:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZEL.DLL
2015-12-29 23:18 - 2015-11-25 04:04 - 00007168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KBDAZE.DLL
2015-12-29 23:18 - 2015-11-05 05:01 - 00607408 _____ (Microsoft Corporation) C:\Windows\system32\fontdrvhost.exe
2015-12-29 23:18 - 2015-11-05 04:18 - 00539728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\fontdrvhost.exe
2015-12-29 23:18 - 2015-09-25 03:11 - 00257024 _____ (Microsoft Corporation) C:\Windows\system32\UserDataAccountApis.dll
2015-12-29 23:18 - 2015-09-25 03:11 - 00223232 _____ (Microsoft Corporation) C:\Windows\system32\PhoneCallHistoryApis.dll
2015-12-29 23:18 - 2015-09-25 02:59 - 00720896 _____ (Microsoft Corporation) C:\Windows\system32\EmailApis.dll
2015-12-29 23:18 - 2015-09-25 02:59 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\AppointmentApis.dll
2015-12-29 23:18 - 2015-09-25 02:59 - 00590336 _____ (Microsoft Corporation) C:\Windows\system32\MessagingDataModel2.dll
2015-12-29 23:18 - 2015-09-25 02:47 - 00195584 _____ (Microsoft Corporation) C:\Windows\SysWOW64\UserDataAccountApis.dll
2015-12-29 23:18 - 2015-09-25 02:47 - 00172032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\PhoneCallHistoryApis.dll
2015-12-29 23:18 - 2015-09-25 02:32 - 00466432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MessagingDataModel2.dll
2015-12-29 23:18 - 2015-09-17 06:48 - 00584656 _____ (Microsoft Corporation) C:\Windows\system32\mf.dll
2015-12-29 23:18 - 2015-09-17 06:48 - 00505696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2015-12-29 23:18 - 2015-09-17 06:48 - 00395088 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2015-12-29 23:18 - 2015-09-17 06:48 - 00243760 _____ (Microsoft Corporation) C:\Windows\system32\mfps.dll
2015-12-29 23:18 - 2015-09-17 06:37 - 01168736 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ndis.sys
2015-12-29 23:18 - 2015-09-17 06:26 - 00508248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mf.dll
2015-12-29 23:18 - 2015-09-17 06:09 - 00269312 _____ (Microsoft Corporation) C:\Windows\system32\provengine.dll
2015-12-29 23:18 - 2015-09-17 06:09 - 00143360 _____ (Microsoft Corporation) C:\Windows\system32\provops.dll
2015-12-29 23:18 - 2015-09-17 06:08 - 00494592 _____ (Microsoft Corporation) C:\Windows\system32\StoreAgent.dll
2015-12-29 23:18 - 2015-09-17 06:08 - 00026624 _____ (Microsoft Corporation) C:\Windows\system32\LicenseManagerShellext.exe
2015-12-29 23:18 - 2015-09-17 06:06 - 00149504 _____ (Microsoft Corporation) C:\Windows\system32\tetheringservice.dll
2015-12-29 23:18 - 2015-09-17 06:05 - 00483328 _____ (Microsoft Corporation) C:\Windows\system32\OneDriveSettingSyncProvider.dll
2015-12-29 23:18 - 2015-09-17 06:03 - 00187904 _____ (Microsoft Corporation) C:\Windows\system32\provisioningcsp.dll
2015-12-29 23:18 - 2015-09-17 06:00 - 00446976 _____ (Microsoft Corporation) C:\Windows\system32\MapConfiguration.dll
2015-12-29 23:18 - 2015-09-17 05:57 - 00137728 _____ (Microsoft Corporation) C:\Windows\system32\VEStoreEventHandlers.dll
2015-12-29 23:18 - 2015-09-17 05:56 - 00317440 _____ (Microsoft Corporation) C:\Windows\system32\configmanager2.dll
2015-12-29 23:18 - 2015-09-17 05:55 - 00366592 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2015-12-29 23:18 - 2015-09-17 05:55 - 00120832 _____ (Microsoft Corporation) C:\Windows\system32\omadmclient.exe
2015-12-29 23:18 - 2015-09-17 05:54 - 00324096 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-12-29 23:18 - 2015-09-17 05:52 - 00856576 _____ (Microsoft Corporation) C:\Windows\system32\MPSSVC.dll
2015-12-29 23:18 - 2015-09-17 05:52 - 00371712 _____ (Microsoft Corporation) C:\Windows\system32\nlasvc.dll
2015-12-29 23:18 - 2015-09-17 05:52 - 00204800 _____ (Microsoft Corporation) C:\Windows\system32\wcmcsp.dll
2015-12-29 23:18 - 2015-09-17 05:52 - 00162304 _____ (Microsoft Corporation) C:\Windows\system32\SubscriptionMgr.dll
2015-12-29 23:18 - 2015-09-17 05:50 - 00421888 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Internal.Bluetooth.dll
2015-12-29 23:18 - 2015-09-17 05:50 - 00221184 _____ (Microsoft Corporation) C:\Windows\system32\LocationPeWiFi.dll
2015-12-29 23:18 - 2015-09-17 05:50 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\LocationPeCell.dll
2015-12-29 23:18 - 2015-09-17 05:49 - 00439296 _____ (Microsoft Corporation) C:\Windows\system32\LocationWebproxy.dll
2015-12-29 23:18 - 2015-09-17 05:49 - 00342016 _____ (Microsoft Corporation) C:\Windows\system32\LocationGeofences.dll
2015-12-29 23:18 - 2015-09-17 05:49 - 00268800 _____ (Microsoft Corporation) C:\Windows\system32\LocationFramework.dll
2015-12-29 23:18 - 2015-09-17 05:49 - 00215552 _____ (Microsoft Corporation) C:\Windows\system32\LocationCrowdsource.dll
2015-12-29 23:18 - 2015-09-17 05:49 - 00176640 _____ (Microsoft Corporation) C:\Windows\system32\LocationPeIP.dll
2015-12-29 23:18 - 2015-09-17 05:49 - 00095744 _____ (Microsoft Corporation) C:\Windows\system32\LocationWiFiAdapter.dll
2015-12-29 23:18 - 2015-09-17 05:48 - 00273920 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.LockScreen.dll
2015-12-29 23:18 - 2015-09-17 05:47 - 00371712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OneDriveSettingSyncProvider.dll
2015-12-29 23:18 - 2015-09-17 05:47 - 00186880 _____ (Microsoft Corporation) C:\Windows\system32\cloudAP.dll
2015-12-29 23:18 - 2015-09-17 05:46 - 00928256 _____ (Microsoft Corporation) C:\Windows\system32\JpMapControl.dll
2015-12-29 23:18 - 2015-09-17 05:46 - 00621056 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2015-12-29 23:18 - 2015-09-17 05:46 - 00414208 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentClient.dll
2015-12-29 23:18 - 2015-09-17 05:46 - 00224256 _____ (Microsoft Corporation) C:\Windows\system32\KnobsCore.dll
2015-12-29 23:18 - 2015-09-17 05:46 - 00030208 _____ (Microsoft Corporation) C:\Windows\system32\syncmlhook.dll
2015-12-29 23:18 - 2015-09-17 05:45 - 00832512 _____ (Microsoft Corporation) C:\Windows\system32\MapsStore.dll
2015-12-29 23:18 - 2015-09-17 05:44 - 00599552 _____ (Microsoft Corporation) C:\Windows\system32\wpnapps.dll
2015-12-29 23:18 - 2015-09-17 05:44 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\syncutil.dll
2015-12-29 23:18 - 2015-09-17 05:43 - 00328704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MapConfiguration.dll
2015-12-29 23:18 - 2015-09-17 05:39 - 00247808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-12-29 23:18 - 2015-09-17 05:32 - 00195072 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-12-29 23:18 - 2015-09-17 05:30 - 00311808 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppXDeploymentClient.dll
2015-12-29 23:18 - 2015-09-17 05:28 - 00473088 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wpnapps.dll
2015-12-29 23:12 - 2015-12-29 23:12 - 00026880 _____ (Western Digital Technologies, Inc.) C:\Windows\system32\Drivers\wdcsam64.sys
2015-12-29 22:42 - 2015-12-29 22:42 - 00000000 ____D C:\Users\David\Tracing
2015-12-29 22:35 - 2015-12-29 22:35 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-12-29 22:34 - 2015-12-29 22:34 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-12-29 22:34 - 2011-02-18 16:11 - 00439320 _____ (Intel Corporation) C:\Windows\system32\Drivers\iaStor.sys
2015-12-29 22:33 - 2015-12-29 22:33 - 00000000 ____D C:\Users\David\AppData\Roaming\Intel
2015-12-29 22:31 - 2015-12-30 00:05 - 00000000 ____D C:\ProgramData\Intel
2015-12-29 22:31 - 2015-12-29 22:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel PROSet Wireless
2015-12-29 22:31 - 2015-12-29 22:31 - 00000000 ____D C:\Program Files\Intel
2015-12-29 22:31 - 2015-12-29 22:31 - 00000000 ____D C:\Program Files\Common Files\Intel
2015-12-29 22:31 - 2015-12-29 22:31 - 00000000 ____D C:\Program Files (x86)\Cisco
2015-12-29 22:29 - 2015-12-30 01:20 - 00000000 ____D C:\ProgramData\NVIDIA
2015-12-29 22:29 - 2010-12-16 00:10 - 00053248 _____ (Windows XP Bundled build C-Centric Single User) C:\Windows\SysWOW64\CSVer.dll
2015-12-29 22:25 - 2016-01-03 01:47 - 00000000 ____D C:\Users\David\Desktop\OLD STUFF
2015-12-29 22:15 - 2016-01-03 22:17 - 00000000 ____D C:\Users\David\AppData\Roaming\Skype
2015-12-29 22:15 - 2015-12-29 22:15 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-12-29 22:15 - 2015-12-29 22:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-12-29 22:14 - 2015-12-29 22:15 - 00000000 ____D C:\ProgramData\Skype
2015-12-29 21:10 - 2015-12-29 21:38 - 00000000 ____D C:\Users\David\AppData\Local\Mozilla
2015-12-29 21:10 - 2015-12-29 21:34 - 00000000 ____D C:\Users\David\AppData\Roaming\Mozilla
2015-12-29 21:10 - 2015-12-29 21:10 - 00001228 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
2015-12-29 21:09 - 2015-12-29 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-29 21:09 - 2015-12-29 21:10 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-29 21:07 - 2015-12-29 21:07 - 00000000 ____D C:\Users\David\AppData\Roaming\Macromedia
2015-12-29 21:05 - 2015-12-29 21:05 - 00000000 ____D C:\Users\David\AppData\Local\MicrosoftEdge
2015-12-29 21:01 - 2015-12-29 21:02 - 00002363 _____ C:\Users\David\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-29 21:01 - 2015-12-29 21:02 - 00000000 ___RD C:\Users\David\OneDrive
2015-12-29 21:01 - 2015-12-29 21:01 - 00000000 ____D C:\Users\David\AppData\Local\NVIDIA
2015-12-29 20:58 - 2015-12-29 20:58 - 00000000 ____D C:\Users\David\AppData\Local\Publishers
2015-12-29 20:57 - 2016-01-03 21:16 - 00000000 ____D C:\Users\David
2015-12-29 20:57 - 2016-01-03 01:35 - 00000000 ____D C:\Users\David\AppData\Roaming\Adobe
2015-12-29 20:57 - 2015-12-30 02:26 - 00000000 ____D C:\Users\David\AppData\Local\VirtualStore
2015-12-29 20:57 - 2015-12-30 00:22 - 00000000 ____D C:\Users\David\AppData\Local\Packages
2015-12-29 20:57 - 2015-12-29 20:57 - 00016148 _____ C:\Windows\system32\DESKTOP-JB62KTA_defaultuser0_HistoryPrediction.bin
2015-12-29 20:57 - 2015-12-29 20:57 - 00000020 ___SH C:\Users\David\ntuser.ini
2015-12-29 20:57 - 2015-12-29 20:57 - 00000000 _SHDL C:\Users\David\My Documents
2015-12-29 20:57 - 2015-12-29 20:57 - 00000000 _SHDL C:\Users\David\Documents\My Videos
2015-12-29 20:57 - 2015-12-29 20:57 - 00000000 _SHDL C:\Users\David\Documents\My Pictures
2015-12-29 20:57 - 2015-12-29 20:57 - 00000000 _SHDL C:\Users\David\Documents\My Music
2015-12-29 20:57 - 2015-12-29 20:57 - 00000000 ____D C:\Users\David\AppData\Local\TileDataLayer
2015-12-29 20:52 - 2015-12-30 04:43 - 00000000 ____D C:\Windows\SysWOW64\RTCOM
2015-12-29 20:52 - 2015-12-29 20:52 - 00193336 _____ (Intel Corporation) C:\Windows\system32\Drivers\TeeDriverW8x64.sys
2015-12-29 20:52 - 2015-12-29 20:52 - 00000000 ____D C:\Windows\system32\SRSLabs
2015-12-29 20:52 - 2015-12-29 20:52 - 00000000 ____D C:\Program Files\Realtek
2015-12-29 20:51 - 2015-12-30 04:41 - 04592384 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\Drivers\RTKVHD64.sys
2015-12-29 20:51 - 2015-12-30 04:41 - 02954224 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RltkAPO64.dll
2015-12-29 20:51 - 2015-12-30 04:41 - 00023696 _____ (Realtek Semiconductor Corp.) C:\Windows\system32\RtkCoLDR64.dll
2015-12-29 20:51 - 2015-12-29 20:51 - 05804772 _____ C:\Windows\system32\Drivers\rtvienna.dat
2015-12-29 20:50 - 2015-12-30 01:21 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-12-29 20:50 - 2015-12-30 01:21 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-12-29 20:47 - 2015-12-29 20:47 - 01721216 _____ (Microsoft Corporation) C:\Windows\system32\WdfCoInstaller01009.dll
2015-12-29 20:47 - 2015-12-29 20:47 - 01390904 _____ (Motorola Solutions, Inc.) C:\Windows\system32\Drivers\btmhsf.sys
2015-12-29 20:47 - 2015-12-29 20:47 - 00080184 _____ (Motorola Solutions, Inc.) C:\Windows\system32\btmwu.dll
2015-12-29 20:47 - 2015-12-29 20:47 - 00069088 _____ (Intel Corporation) C:\Windows\system32\Drivers\iBtFltCoex.sys
2015-12-29 20:47 - 2015-12-29 20:47 - 00032168 _____ (Windows ® Win 7 DDK provider) C:\Windows\system32\Drivers\RadioHIDMini.sys
2015-12-29 20:47 - 2015-12-29 20:47 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_iBtFltCoex_01009.Wdf
2015-12-29 20:46 - 2015-12-29 22:35 - 00000000 ____D C:\Program Files (x86)\Intel
2015-12-29 20:45 - 2015-12-29 20:45 - 13059896 _____ (Intel Corporation) C:\Windows\system32\igd10umd64.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 13037568 _____ (Intel Corporation) C:\Windows\system32\ig4icd64.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 12814752 _____ (Intel Corporation) C:\Windows\system32\igdumd64.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 11352688 _____ (Intel Corporation) C:\Windows\SysWOW64\igd10umd32.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 11223896 _____ (Intel Corporation) C:\Windows\SysWOW64\igdumd32.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 10820096 _____ (Intel Corporation) C:\Windows\SysWOW64\ig4icd32.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 09016320 _____ (Intel Corporation) C:\Windows\system32\igfxress.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 05916080 _____ (Intel Corporation) C:\Windows\system32\GfxUI.exe
2015-12-29 20:45 - 2015-12-29 20:45 - 05384176 _____ (Intel Corporation) C:\Windows\system32\Drivers\igdkmd64.sys
2015-12-29 20:45 - 2015-12-29 20:45 - 03520000 _____ (Intel Corporation) C:\Windows\system32\igfxcmjit64.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 03129856 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmjit32.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 01981696 _____ C:\Windows\system32\iglhxa64.cpa
2015-12-29 20:45 - 2015-12-29 20:45 - 01067696 _____ (Intel Corporation) C:\Windows\system32\igfxcmrt64.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00963452 _____ C:\Windows\SysWOW64\igcodeckrng600.bin
2015-12-29 20:45 - 2015-12-29 20:45 - 00963452 _____ C:\Windows\system32\igcodeckrng600.bin
2015-12-29 20:45 - 2015-12-29 20:45 - 00957472 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxcmrt32.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00584192 _____ (Intel Corporation) C:\Windows\system32\igfx11cmrt64.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00551424 _____ (Intel Corporation) C:\Windows\SysWOW64\igfx11cmrt32.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00544552 _____ (Intel Corporation) C:\Windows\system32\iglhsip64.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00539312 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhsip32.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00523184 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.exe
2015-12-29 20:45 - 2015-12-29 20:45 - 00453552 _____ (Intel Corporation) C:\Windows\system32\igfxpers.exe
2015-12-29 20:45 - 2015-12-29 20:45 - 00451584 _____ (Intel Corporation) C:\Windows\system32\igfxdev.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00449024 _____ (Intel Corporation) C:\Windows\system32\igfxrell.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00448512 _____ (Intel Corporation) C:\Windows\system32\igfxrfra.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00448512 _____ (Intel Corporation) C:\Windows\system32\igfxresn.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00448000 _____ (Intel Corporation) C:\Windows\system32\igfxrrus.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00448000 _____ (Intel Corporation) C:\Windows\system32\igfxrrom.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrsky.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrptg.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrplk.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrnld.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrita.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrhrv.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00447488 _____ (Intel Corporation) C:\Windows\system32\igfxrdeu.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00446976 _____ (Intel Corporation) C:\Windows\system32\igfxrhun.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00446976 _____ (Intel Corporation) C:\Windows\system32\igfxrfin.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00446976 _____ (Intel Corporation) C:\Windows\system32\igfxrcsy.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00446464 _____ (Intel Corporation) C:\Windows\system32\igfxrtrk.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00446464 _____ (Intel Corporation) C:\Windows\system32\igfxrsve.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00446464 _____ (Intel Corporation) C:\Windows\system32\igfxrslv.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00446464 _____ (Intel Corporation) C:\Windows\system32\igfxrptb.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00446464 _____ (Intel Corporation) C:\Windows\system32\igfxrnor.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00445952 _____ (Intel Corporation) C:\Windows\system32\igfxrtha.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00445952 _____ (Intel Corporation) C:\Windows\system32\igfxrdan.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00444416 _____ (Intel Corporation) C:\Windows\system32\igfxrheb.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00444416 _____ (Intel Corporation) C:\Windows\system32\igfxrara.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00440832 _____ (Intel Corporation) C:\Windows\system32\igfxrjpn.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00439808 _____ (Intel Corporation) C:\Windows\system32\igfxrkor.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00437760 _____ (Intel Corporation) C:\Windows\system32\igfxrcht.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00437248 _____ (Intel Corporation) C:\Windows\system32\igfxrchs.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00418816 _____ (Intel Corporation) C:\Windows\system32\igfxTMM.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00411056 _____ (Intel Corporation) C:\Windows\system32\hkcmd.exe
2015-12-29 20:45 - 2015-12-29 20:45 - 00393216 _____ (Intel Corporation) C:\Windows\system32\igfxpph.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00339456 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxdv32.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00294912 _____ (Intel Corporation) C:\Windows\system32\igfxrenu.lrc
2015-12-29 20:45 - 2015-12-29 20:45 - 00290224 _____ (Intel Corporation) C:\Windows\SysWOW64\IntelCpHeciSvc.exe
2015-12-29 20:45 - 2015-12-29 20:45 - 00272928 _____ C:\Windows\SysWOW64\igvpkrng600.bin
2015-12-29 20:45 - 2015-12-29 20:45 - 00272928 _____ C:\Windows\system32\igvpkrng600.bin
2015-12-29 20:45 - 2015-12-29 20:45 - 00266152 _____ (Intel Corporation) C:\Windows\system32\igfxext.exe
2015-12-29 20:45 - 2015-12-29 20:45 - 00231312 _____ (Intel Corporation) C:\Windows\system32\iglhcp64.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00223664 _____ C:\Windows\system32\Gfxres.th-TH.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00210106 _____ C:\Windows\system32\Gfxres.el-GR.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00197040 _____ (Intel Corporation) C:\Windows\system32\difx64.exe
2015-12-29 20:45 - 2015-12-29 20:45 - 00194880 _____ (Intel Corporation) C:\Windows\SysWOW64\iglhcp32.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00194245 _____ C:\Windows\system32\Gfxres.ru-RU.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00183808 _____ (Intel Corporation) C:\Windows\system32\gfxSrvc.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00183216 _____ (Intel Corporation) C:\Windows\system32\igfxtray.exe
2015-12-29 20:45 - 2015-12-29 20:45 - 00166170 _____ C:\Windows\system32\Gfxres.ar-SA.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00163421 _____ C:\Windows\system32\Gfxres.ja-JP.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00159008 _____ C:\Windows\system32\Gfxres.he-IL.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00151040 _____ (Intel Corporation) C:\Windows\system32\igfxdo.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00149682 _____ C:\Windows\system32\Gfxres.it-IT.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00148042 _____ C:\Windows\system32\Gfxres.ko-KR.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00147393 _____ C:\Windows\system32\Gfxres.de-DE.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00147288 _____ C:\Windows\system32\Gfxres.es-ES.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00146004 _____ C:\Windows\system32\Gfxres.ro-RO.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00145491 _____ C:\Windows\system32\Gfxres.fr-FR.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00144645 _____ C:\Windows\system32\Gfxres.tr-TR.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00144260 _____ C:\Windows\system32\Gfxres.pt-BR.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00144020 _____ C:\Windows\system32\Gfxres.nl-NL.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00143932 _____ C:\Windows\system32\Gfxres.hu-HU.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00142882 _____ C:\Windows\system32\Gfxres.sv-SE.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00142877 _____ C:\Windows\system32\Gfxres.pt-PT.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00142717 _____ C:\Windows\system32\Gfxres.pl-PL.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00142289 _____ C:\Windows\system32\Gfxres.cs-CZ.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00142008 _____ C:\Windows\system32\Gfxres.fi-FI.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00141838 _____ C:\Windows\system32\Gfxres.sk-SK.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00141049 _____ C:\Windows\system32\Gfxres.hr-HR.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00137889 _____ C:\Windows\system32\Gfxres.sl-SI.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00137784 _____ C:\Windows\system32\Gfxres.nb-NO.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00137141 _____ C:\Windows\system32\Gfxres.da-DK.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00135680 _____ (Intel Corporation) C:\Windows\system32\igfxcpl.cpl
2015-12-29 20:45 - 2015-12-29 20:45 - 00132623 _____ C:\Windows\system32\Gfxres.en-US.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00126300 _____ C:\Windows\system32\Gfxres.zh-TW.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00124928 _____ (Intel Corporation) C:\Windows\system32\igfxCoIn_v4229.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00124650 _____ C:\Windows\system32\Gfxres.zh-CN.resources
2015-12-29 20:45 - 2015-12-29 20:45 - 00119296 _____ (Intel Corporation) C:\Windows\system32\hccutils.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00110080 _____ C:\Windows\system32\igdde64.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00102912 _____ C:\Windows\system32\IccLibDll_x64.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00090112 _____ C:\Windows\SysWOW64\igdde32.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00072704 _____ (Intel Corporation) C:\Windows\system32\igfxsrvc.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00059425 _____ C:\Windows\system32\iglhxo64.vp
2015-12-29 20:45 - 2015-12-29 20:45 - 00059398 _____ C:\Windows\system32\iglhxg64.vp
2015-12-29 20:45 - 2015-12-29 20:45 - 00059230 _____ C:\Windows\system32\iglhxc64.vp
2015-12-29 20:45 - 2015-12-29 20:45 - 00059104 _____ C:\Windows\system32\iglhxc64_dev.vp
2015-12-29 20:45 - 2015-12-29 20:45 - 00058796 _____ C:\Windows\system32\iglhxg64_dev.vp
2015-12-29 20:45 - 2015-12-29 20:45 - 00058109 _____ C:\Windows\system32\iglhxo64_dev.vp
2015-12-29 20:45 - 2015-12-29 20:45 - 00041288 _____ (Intel Corporation) C:\Windows\system32\igfxexps.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00033792 _____ (Intel Corporation) C:\Windows\SysWOW64\igfxexps32.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00018432 _____ ( ) C:\Windows\system32\IGFXDEVLib.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00017082 _____ C:\Windows\system32\iglhxs64.vp
2015-12-29 20:45 - 2015-12-29 20:45 - 00001074 _____ C:\Windows\system32\iglhxa64.vp
2015-12-29 20:45 - 2015-12-29 20:45 - 00000268 _____ C:\Windows\system32\GfxUI.exe.config
2015-12-29 20:45 - 2015-12-29 20:45 - 00000000 ____H C:\Windows\system32\Drivers\Msft_Kernel_ETD_01009.Wdf
2015-12-29 20:45 - 2015-12-29 20:45 - 00000000 ____D C:\Program Files\Elantech
2015-12-29 20:45 - 2015-12-29 20:44 - 00032328 _____ (ELAN Microelectronic Corp.) C:\Windows\system32\Drivers\ETDSMBus.sys
2015-12-29 20:44 - 2015-12-29 20:44 - 00483400 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\Drivers\ETD.sys
2015-12-29 20:44 - 2015-12-29 20:44 - 00062680 _____ (ELAN Microelectronics Corp.) C:\Windows\system32\ETDCoInstaller15005.dll
2015-12-29 20:40 - 2015-12-29 20:40 - 00004608 _____ C:\Windows\SECOH-QAD.exe
2015-12-29 20:40 - 2015-12-29 20:40 - 00003584 _____ C:\Windows\SECOH-QAD.dll
2015-12-29 20:32 - 2015-12-29 20:32 - 00000000 ____D C:\Windows\CSC
2015-12-29 20:14 - 2015-12-29 20:14 - 00000000 ____H C:\Windows\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-12-23 11:03 - 2015-12-29 20:11 - 00008192 __RSH C:\BOOTSECT.BAK

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-01-03 22:20 - 2015-07-10 09:05 - 00000000 ____D C:\Windows
2016-01-03 22:19 - 2015-09-21 12:21 - 02754258 _____ C:\Windows\system32\PerfStringBackup.INI
2016-01-03 22:19 - 2015-09-16 15:36 - 00819238 _____ C:\Windows\system32\perfh00C.dat
2016-01-03 22:19 - 2015-09-16 15:36 - 00153918 _____ C:\Windows\system32\perfc00C.dat
2016-01-03 22:19 - 2015-09-16 15:32 - 00770182 _____ C:\Windows\system32\perfh007.dat
2016-01-03 22:19 - 2015-09-16 15:32 - 00153838 _____ C:\Windows\system32\perfc007.dat
2016-01-03 22:19 - 2015-07-10 11:02 - 00000000 ____D C:\Windows\INF
2016-01-03 22:12 - 2015-07-10 12:21 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-01-03 22:11 - 2015-07-10 09:05 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-01-03 21:39 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\AppReadiness
2016-01-03 21:16 - 2015-09-21 12:17 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-01-02 17:49 - 2015-05-29 21:59 - 00000000 ____D C:\Users\David\Desktop\SVT Down
2016-01-01 21:16 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\rescache
2016-01-01 21:11 - 2015-07-10 10:55 - 00000000 ____D C:\Windows\CbsTemp
2016-01-01 21:10 - 2015-07-10 13:11 - 00000000 ____D C:\Windows\SysWOW64\winrm
2016-01-01 21:10 - 2015-07-10 13:11 - 00000000 ____D C:\Windows\SysWOW64\WCN
2016-01-01 21:10 - 2015-07-10 13:11 - 00000000 ____D C:\Windows\SysWOW64\slmgr
2016-01-01 21:10 - 2015-07-10 13:11 - 00000000 ____D C:\Windows\SysWOW64\Printing_Admin_Scripts
2016-01-01 21:10 - 2015-07-10 13:11 - 00000000 ____D C:\Windows\system32\winrm
2016-01-01 21:10 - 2015-07-10 13:11 - 00000000 ____D C:\Windows\system32\WCN
2016-01-01 21:10 - 2015-07-10 13:11 - 00000000 ____D C:\Windows\system32\slmgr
2016-01-01 21:10 - 2015-07-10 13:11 - 00000000 ____D C:\Windows\system32\Printing_Admin_Scripts
2016-01-01 21:10 - 2015-07-10 11:04 - 00000000 ___SD C:\Windows\SysWOW64\DiagSvcs
2016-01-01 21:10 - 2015-07-10 11:04 - 00000000 ___RD C:\Windows\MiracastView
2016-01-01 21:10 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\SysWOW64\MUI
2016-01-01 21:10 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\system32\MUI
2016-01-01 21:10 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\PolicyDefinitions
2016-01-01 21:10 - 2015-07-10 09:05 - 00000000 ____D C:\Windows\system32\Sysprep
2016-01-01 21:10 - 2015-07-10 09:05 - 00000000 ____D C:\Windows\servicing
2016-01-01 21:09 - 2015-07-10 11:04 - 00000000 ___RD C:\Windows\ImmersiveControlPanel
2016-01-01 21:09 - 2015-07-10 11:04 - 00000000 ___RD C:\Windows\DevicesFlow
2016-01-01 21:07 - 2015-09-21 12:27 - 00000000 ____D C:\Windows\SysWOW64\XPSViewer
2016-01-01 21:07 - 2015-07-10 11:04 - 00000000 ___SD C:\Windows\SysWOW64\F12
2016-01-01 21:07 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\SysWOW64\oobe
2016-01-01 21:06 - 2015-07-10 13:14 - 00000000 ____D C:\Program Files\Windows Journal
2016-01-01 21:06 - 2015-07-10 11:04 - 00000000 ___SD C:\Windows\system32\F12
2016-01-01 21:06 - 2015-07-10 11:04 - 00000000 ___SD C:\Windows\system32\dsc
2016-01-01 21:06 - 2015-07-10 11:04 - 00000000 ___SD C:\Windows\system32\DiagSvcs
2016-01-01 21:06 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\SysWOW64\Com
2016-01-01 21:06 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-01-01 21:06 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\system32\oobe
2016-01-01 21:06 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\system32\migwiz
2016-01-01 21:06 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\system32\Com
2016-01-01 21:06 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\IME
2016-01-01 21:06 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\Help
2016-01-01 21:06 - 2015-07-10 11:04 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2016-01-01 21:06 - 2015-07-10 11:04 - 00000000 ____D C:\Program Files\Windows Defender
2016-01-01 21:06 - 2015-07-10 11:04 - 00000000 ____D C:\Program Files\Common Files\System
2016-01-01 21:06 - 2015-07-10 11:04 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2016-01-01 21:06 - 2015-07-10 11:04 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2016-01-01 21:06 - 2015-07-10 09:05 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-01-01 21:06 - 2015-07-10 09:05 - 00000000 ____D C:\Windows\system32\Dism
2015-12-31 17:24 - 2015-07-10 11:04 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-30 21:30 - 2015-09-21 22:11 - 00000000 ____D C:\Windows\Panther
2015-12-30 20:27 - 2015-04-25 06:33 - 00000000 ___HD C:\NST
2015-12-30 20:04 - 2015-07-10 13:12 - 00000000 ____D C:\Windows\OCR
2015-12-30 13:33 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\appcompat
2015-12-30 04:55 - 2015-07-10 12:20 - 00340032 _____ C:\Windows\system32\FNTCACHE.DAT
2015-12-30 03:44 - 2015-07-10 11:04 - 00000000 ___HD C:\Windows\ELAMBKUP
2015-12-30 02:31 - 2015-07-10 11:04 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-29 23:58 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2015-12-29 23:58 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\system32\appraiser
2015-12-29 23:57 - 2015-07-10 11:04 - 00000000 ___RD C:\Windows\PurchaseDialog
2015-12-29 23:57 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\Provisioning
2015-12-29 23:57 - 2015-07-10 11:04 - 00000000 ____D C:\Windows\L2Schemas
2015-12-29 23:28 - 2015-09-21 12:31 - 00000000 ____D C:\Windows\system32\MRT
2015-12-29 20:11 - 2015-07-10 11:04 - 00028672 _____ C:\Windows\system32\config\BCD-Template
2015-12-26 08:58 - 2015-07-10 11:06 - 00826872 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2015-12-26 08:58 - 2015-07-10 11:06 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-09 03:39 - 2015-09-21 12:32 - 00301728 ____N (Microsoft Corporation) C:\Windows\system32\MpSigStub.exe

==================== Files in the root of some directories =======

2016-01-03 00:49 - 2016-01-03 00:49 - 0000600 _____ () C:\Users\David\AppData\Roaming\winscp.rnd
2015-12-31 20:04 - 2015-12-31 20:04 - 0000003 _____ () C:\Users\David\AppData\Local\updater.log
2015-12-31 20:04 - 2015-12-31 20:04 - 0000424 _____ () C:\Users\David\AppData\Local\UserProducts.xml

Some files in TEMP:
====================
C:\Users\David\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-09-21 21:12

==================== End of FRST.txt ============================

 

Addition.txt

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by David (2016-01-03 17:22:05)
Running from C:\Users\David\Desktop
Windows 10 Pro (X64) (2015-12-29 20:40:35)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-290333495-2789279003-2495884081-500 - Administrator - Disabled) => C:\Users\Administrator
David (S-1-5-21-290333495-2789279003-2495884081-1002 - Administrator - Enabled) => C:\Users\David
DefaultAccount (S-1-5-21-290333495-2789279003-2495884081-503 - Limited - Disabled)
Guest (S-1-5-21-290333495-2789279003-2495884081-501 - Limited - Disabled)
zfvtspqy (S-1-5-21-290333495-2789279003-2495884081-1003 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: ESET Smart Security 9.0.349.0 (Enabled - Up to date) {19259FAE-8396-A113-46DB-15B0E7DFA289}
AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: ESET Smart Security 9.0.349.0 (Enabled - Up to date) {A2447E4A-A5AC-AE9D-7C6B-2EC29C58E834}
FW: ESET Personal firewall (Enabled) {211E1E8B-C9F9-A04B-6D84-BC85190CE5F2}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.267 - Adobe Systems Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)
Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)
Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
EasyBCD 2.2 (HKLM-x32\...\EasyBCD) (Version: 2.2 - NeoSmart Technologies)
ESET Smart Security (HKLM\...\{C7967963-BE1C-4ABA-839F-3CB206E50697}) (Version: 9.0.349.0 - ESET, spol. s r.o.)
ETDWare X64 15.7.0.1_WHQL (HKLM\...\Elantech) (Version: 15.7.0.1 - ELAN Microelectronic Corp.)
GlassFish Server Open Source Edition 4.1.1 (HKLM-x32\...\nbi-glassfish-mod-4.1.1.0.1) (Version:  - )
Intel® Control Center (HKLM-x32\...\{F8A9085D-4C7A-41a9-8A77-C8998A96C421}) (Version: 1.2.1.1007 - Intel Corporation)
Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 9.17.10.4229 - Intel Corporation)
Intel® Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 10.1.5.1001 - Intel Corporation)
Intel® PROSet/Wireless WiFi Software (HKLM\...\{DF7756DD-656A-45C3-BA71-74673E8259A9}) (Version: 15.00.0000.0642 - Intel Corporation)
iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java SE Development Kit 8 Update 66 (64-bit) (HKLM\...\{64A3A4F4-B792-11D6-A78A-00B0D0180660}) (Version: 8.0.660.18 - Oracle Corporation)
Lightshot-5.3.0.0 (HKLM-x32\...\{30A5B3C9-2084-4063-A32A-628A98DE512B}_is1) (Version: 5.3.0.0 - Skillbrains)
Microsoft Office 365 ProPlus - en-us (HKLM\...\O365ProPlusRetail - en-us) (Version: 15.0.4779.1002 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Mozilla Firefox 43.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 en-US)) (Version: 43.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.3 - Mozilla)
NetBeans IDE 8.1 (HKLM-x32\...\nbi-nb-base-8.1.0.0.201510222201) (Version: 8.1 - NetBeans.org)
NVIDIA GeForce Experience 2.8.1.21 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.8.1.21 - NVIDIA Corporation)
NVIDIA Graphics Driver 361.43 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 361.43 - NVIDIA Corporation)
NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4779.1002 - Microsoft Corporation) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7644 - Realtek Semiconductor Corp.)
SHIELD Streaming (Version: 4.1.0250 - NVIDIA Corporation) Hidden
SHIELD Wireless Controller Driver (Version: 2.8.1.21 - NVIDIA Corporation) Hidden
Skype™ 7.17 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.17.105 - Skype Technologies S.A.)
SoftEther VPN Client (HKLM\...\softether_sevpnclient) (Version: 4.19.9599 - SoftEther VPN Project)
Spotify (HKU\S-1-5-21-290333495-2789279003-2495884081-1002\...\Spotify) (Version: 1.0.20.94.g8f8543b3 - Spotify AB)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
System Requirements Lab (HKLM-x32\...\{F89CDED6-B1F1-489F-BA44-698BF6A737C2}) (Version: 6.1.6.0 - Husdawg, LLC)
The Sims 4 (HKLM-x32\...\VGhlU2ltczQ=_is1) (Version: 1 - )
The Sims™ 4 (HKLM-x32\...\{48EBEBBF-B9F8-4520-A3CF-89A730721917}) (Version: 1.0.732.20 - Electronic Arts Inc.)
WinRAR 5.30 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.30.0 - win.rar GmbH)
XAMPP (HKLM-x32\...\xampp) (Version: 5.6.15-1 - Bitnami)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-290333495-2789279003-2495884081-1002_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\David\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00F2623F-AA5F-442C-8560-146FBC57B195} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {1F567E23-73BF-4741-8F4E-A7C178174C72} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-10-13] (Microsoft Corporation)
Task: {2DC4677E-EEE5-4A2A-BFC2-74F83E109655} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentLogOn => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-30] (Microsoft Corporation)
Task: {3D9F0498-7A1C-4214-936D-05C3C46ECC9C} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {49D37F4E-8CB0-48F8-8060-763592F584C6} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-01-02] (Adobe Systems Incorporated)
Task: {4D7365E7-39E6-42B1-B8C8-02224AA49353} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-12-30] (Microsoft Corporation)
Task: {4DE99565-5E4B-4E36-A0A9-D00B8D139B1F} - System32\Tasks\Driver Booster SkipUAC (David) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
Task: {615AC0A0-FBD8-4869-8AC0-48784B393E4B} - System32\Tasks\Microsoft\Office\OfficeTelemetryAgentFallBack => C:\Program Files\Microsoft Office 15\root\Office15\msoia.exe [2015-12-30] (Microsoft Corporation)
Task: {A20B2CAE-96B0-4388-B8C9-A8AC43E1FEAA} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {AEEB7E6D-FB6C-4A1D-8FA4-80498E48369B} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2015-11-24] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\Windows\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-08-03 16:38 - 2015-08-03 16:38 - 00032768 _____ () C:\Windows\SYSTEM32\licensemanagerapi.dll
2015-12-30 01:20 - 2015-12-16 14:54 - 00126256 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-12-30 02:25 - 2015-10-13 04:34 - 00105640 _____ () C:\Program Files\Microsoft Office 15\ClientX64\ApiClient.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 00085800 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
2015-12-17 18:38 - 2015-12-17 18:38 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
2015-09-16 17:26 - 2015-09-16 17:26 - 00404480 _____ () C:\Windows\System32\diagtrack_wininternal.dll
2015-12-30 01:21 - 2015-12-16 16:59 - 00217720 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
2015-12-29 23:19 - 2015-09-17 06:48 - 02494712 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-12-29 23:19 - 2015-09-17 06:48 - 02494712 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-12-30 02:27 - 2015-12-30 02:27 - 08901184 _____ () C:\Program Files\Microsoft Office 15\root\VFS\ProgramFilesX64\Microsoft Office\Office15\1033\GrooveIntlResource.dll
2015-12-29 23:18 - 2015-09-17 05:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-29 23:20 - 2015-11-25 04:20 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-29 23:19 - 2015-11-25 04:17 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-29 23:20 - 2015-11-25 04:17 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-29 23:20 - 2015-09-17 05:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 11:00 - 2015-07-10 13:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-12-29 20:45 - 2015-12-29 20:45 - 00102912 _____ () C:\Windows\System32\IccLibDll_x64.dll
2015-12-30 21:13 - 2015-12-30 21:13 - 00169984 _____ () C:\Windows\assembly\NativeImages_v2.0.50727_32\IsdiInterop\68f0acc3b0c4b6b1ae2d418a3819e7b9\IsdiInterop.ni.dll
2015-12-29 22:35 - 2011-02-18 16:16 - 00058880 _____ () C:\Program Files (x86)\Intel\Intel® Rapid Storage Technology\IsdiInterop.dll
2015-12-05 18:21 - 2015-12-05 18:21 - 00933056 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
2012-06-14 21:11 - 2012-06-14 21:11 - 00325968 _____ () C:\ProgramData\Microsoft\Windows\WER\lua5.1.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)


==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-290333495-2789279003-2495884081-1002\...\driversupport.com -> hxxp://apps.driversupport.com
IE trusted site: HKU\S-1-5-21-290333495-2789279003-2495884081-1002\...\driversupport.com -> hxxps://apps.driversupport.com

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 11:04 - 2015-07-10 11:02 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-290333495-2789279003-2495884081-1002\Control Panel\Desktop\\Wallpaper -> C:\Windows\web\wallpaper\Windows\img0.jpg
DNS Servers: 172.16.0.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "SoftEther VPN Client Manager Startup.lnk"
HKLM\...\StartupApproved\Run32: => "Lightshot"
HKU\S-1-5-21-290333495-2789279003-2495884081-1002\...\StartupApproved\Run: => "DAEMON Tools Lite Automount"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{747199A9-D961-40D0-9E11-D5F009711DE3}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{6E2A5CFC-0C8E-48F3-B261-6465727BA3F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{4E799C5C-83CE-44F9-B7CE-A688FD29A0B4}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{18A94933-6779-4785-8F7C-4E28A1D286C2}] => (Allow) C:\Program Files\Intel\WiFi\bin\PanDhcpDns.exe
FirewallRules: [TCP Query User{945BBD64-788D-4EB8-94DD-062361CA88FE}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [UDP Query User{42FCA007-2924-492E-8271-E05B3A8FA5BF}C:\users\david\appdata\roaming\spotify\spotify.exe] => (Allow) C:\users\david\appdata\roaming\spotify\spotify.exe
FirewallRules: [TCP Query User{BD4A5D31-1F7B-40F6-AB3D-900DE8865EBA}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [UDP Query User{68439534-3136-40B4-A115-FA89AE2A85FC}C:\xampp\apache\bin\httpd.exe] => (Allow) C:\xampp\apache\bin\httpd.exe
FirewallRules: [{B2FDBFA8-8207-4AA0-A2D0-FE579606BFF0}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{01177D09-D3DB-488F-BD1E-B3FCBA96B0BC}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
FirewallRules: [{90C1FB5A-ADEA-43E3-8E17-7DADAAAAD014}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{29465A62-D705-4F95-9D31-50C9916AC2FF}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
FirewallRules: [{A9534611-5B27-473B-969A-91C87AC17961}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
FirewallRules: [{4931D401-AC3D-4657-856E-8AA861AF5EA3}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{9B6A39EA-5DCF-48BE-9634-9E944BCF6146}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
FirewallRules: [{891D2A68-F1EA-4BB0-8E66-DEEADD09B664}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\outlook.exe
FirewallRules: [{9B11D04E-DFF1-4294-A534-68575B3E7143}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{F0BB2CC8-8369-422A-8FC8-61273A0D06B4}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\Lync.exe
FirewallRules: [{47D2D0E6-9BD1-437B-876E-0954BAE76A37}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{44189DC4-5987-4640-B655-007EECA0DE31}] => (Allow) C:\Program Files\Microsoft Office 15\root\Office15\UcMapi.exe
FirewallRules: [{AD1FBC70-97FB-4613-A9C4-04670011D4DD}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{E1D5B533-C470-4DE9-A05E-179A5624D0C4}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe
FirewallRules: [{061E5E5F-5F6A-458A-8422-8F11A567DF1E}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{1DD3A40C-18F4-464A-BECD-BE78E9D26020}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\DBDownloader.exe
FirewallRules: [{E220931E-1CFD-4ACB-BF8C-FF27ECC456B1}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{8E699ED4-A032-4962-B2DE-AA7A566C817B}] => (Allow) C:\Program Files (x86)\IObit\Driver Booster\AutoUpdate.exe
FirewallRules: [{915B5EF7-BE72-4FE1-8B6B-DC55FAE09D11}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{8A939866-B7BD-432B-B39E-3ED7571F2006}] => (Allow) C:\Program Files (x86)\The Sims 4\Game\Bin\TS4.exe
FirewallRules: [{E8385698-CAAF-4A9B-92F4-93400236FB50}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{9DF73B4E-F625-45F9-A60E-5AC919A739E3}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{78D4E548-4D78-4B7E-A8EA-0CE6EA26FDCD}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3B4F88A1-1029-4F90-8B23-B2A44890AEA3}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{13A0C1ED-D3AC-4337-AA80-1F19B9DA936B}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient.exe
FirewallRules: [{169DA0E1-597B-4F66-A112-087B0257A75D}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd.exe
FirewallRules: [{28FF32FD-2B9D-46A4-BD7D-623F2DAF7EFE}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr.exe
FirewallRules: [{2B659EB2-D07B-4C7D-A19E-91EDED9341C4}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmd_x64.exe
FirewallRules: [{D365B8D6-E687-4B9D-92ED-7E5ADC4030FC}] => (Allow) C:\Program Files\SoftEther VPN Client\vpnclient_x64.exe
FirewallRules: [{05EF3BC1-A11E-4515-9B1E-1367FA940DCB}] => (Allow) C:\Program Files\SoftEther VPN Client\vpncmgr_x64.exe
FirewallRules: [{9C9B445A-8ED5-497D-90FA-C745792F76A4}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{62D9DE9F-5EAF-4752-A378-276D8FEFE4A2}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
FirewallRules: [{A83C16C1-D200-4D43-901A-D4265817F148}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{A9E16C9A-A059-4167-8FCF-4BB36AE06E1A}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
FirewallRules: [{AAACE18B-7211-4FF1-9DC8-C479407562B7}] => (Allow) C:\Program Files\iTunes\iTunes.exe

==================== Restore Points =========================

01-01-2016 20:57:24 Language Pack Removal
02-01-2016 21:09:14 Installed iTunes

==================== Faulty Device Manager Devices =============

Name: Unknown USB Device (Device Descriptor Request Failed)
Description: Unknown USB Device (Device Descriptor Request Failed)
Class Guid: {36fc9e60-c465-11cf-8056-444553540000}
Manufacturer: (Standard USB Host Controller)
Service:
Problem: : Windows has stopped this device because it has reported problems. (Code 43)
Resolution: One of the drivers controlling the device notified the operating system that the device failed in some manner. For more information about how to diagnose the problem, see the hardware documentation.


==================== Event log errors: =========================

Application errors:
==================
Error: (01/03/2016 10:09:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DPC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/03/2016 09:24:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DPC)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/03/2016 09:24:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DPC)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/03/2016 09:17:17 PM) (Source: SideBySide) (EventID: 35) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/03/2016 01:01:12 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iREB-r7.exe, version: 6.0.0.0, time stamp: 0x513ccbb4
Faulting module name: KERNELBASE.dll, version: 6.2.10240.16384, time stamp: 0x559f3b2a
Exception code: 0x80000003
Fault offset: 0x00132bd2
Faulting process id: 0x%9
Faulting application start time: 0xiREB-r7.exe0
Faulting application path: iREB-r7.exe1
Faulting module path: iREB-r7.exe2
Report Id: iREB-r7.exe3
Faulting package full name: iREB-r7.exe4
Faulting package-relative application ID: iREB-r7.exe5

Error: (01/02/2016 11:39:15 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sn0wbreeze-v2.9.14.exe, version: 4.0.0.0, time stamp: 0x51661405
Faulting module name: KERNELBASE.dll, version: 6.2.10240.16384, time stamp: 0x559f3b2a
Exception code: 0x80000003
Fault offset: 0x00132bd2
Faulting process id: 0x%9
Faulting application start time: 0xsn0wbreeze-v2.9.14.exe0
Faulting application path: sn0wbreeze-v2.9.14.exe1
Faulting module path: sn0wbreeze-v2.9.14.exe2
Report Id: sn0wbreeze-v2.9.14.exe3
Faulting package full name: sn0wbreeze-v2.9.14.exe4
Faulting package-relative application ID: sn0wbreeze-v2.9.14.exe5

Error: (01/02/2016 11:38:37 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sn0wbreeze-v2.9.14.exe, version: 4.0.0.0, time stamp: 0x51661405
Faulting module name: KERNELBASE.dll, version: 6.2.10240.16384, time stamp: 0x559f3b2a
Exception code: 0x80000003
Fault offset: 0x00132bd2
Faulting process id: 0x%9
Faulting application start time: 0xsn0wbreeze-v2.9.14.exe0
Faulting application path: sn0wbreeze-v2.9.14.exe1
Faulting module path: sn0wbreeze-v2.9.14.exe2
Report Id: sn0wbreeze-v2.9.14.exe3
Faulting package full name: sn0wbreeze-v2.9.14.exe4
Faulting package-relative application ID: sn0wbreeze-v2.9.14.exe5

Error: (01/02/2016 11:38:20 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: sn0wbreeze-v2.9.14.exe, version: 4.0.0.0, time stamp: 0x51661405
Faulting module name: KERNELBASE.dll, version: 6.2.10240.16384, time stamp: 0x559f3b2a
Exception code: 0x80000003
Fault offset: 0x00132bd2
Faulting process id: 0x%9
Faulting application start time: 0xsn0wbreeze-v2.9.14.exe0
Faulting application path: sn0wbreeze-v2.9.14.exe1
Faulting module path: sn0wbreeze-v2.9.14.exe2
Report Id: sn0wbreeze-v2.9.14.exe3
Faulting package full name: sn0wbreeze-v2.9.14.exe4
Faulting package-relative application ID: sn0wbreeze-v2.9.14.exe5

Error: (01/02/2016 11:38:01 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: redsn0w.exe, version: 0.0.0.0, time stamp: 0x50926b8e
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x00000000
Faulting process id: 0xd14
Faulting application start time: 0xredsn0w.exe0
Faulting application path: redsn0w.exe1
Faulting module path: redsn0w.exe2
Report Id: redsn0w.exe3
Faulting package full name: redsn0w.exe4
Faulting package-relative application ID: redsn0w.exe5

Error: (01/02/2016 11:15:42 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: iCL0udin_v1.0.exe, version: 1.0.0.0, time stamp: 0x54a3733d
Faulting module name: KERNELBASE.dll, version: 10.0.10240.16384, time stamp: 0x559f3b2a
Exception code: 0xe0434352
Fault offset: 0x000b3e28
Faulting process id: 0x1114
Faulting application start time: 0xiCL0udin_v1.0.exe0
Faulting application path: iCL0udin_v1.0.exe1
Faulting module path: iCL0udin_v1.0.exe2
Report Id: iCL0udin_v1.0.exe3
Faulting package full name: iCL0udin_v1.0.exe4
Faulting package-relative application ID: iCL0udin_v1.0.exe5


System errors:
=============
Error: (01/03/2016 10:11:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (01/03/2016 10:11:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (01/03/2016 10:11:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 10003) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (01/03/2016 10:11:21 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/03/2016 10:10:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/03/2016 10:10:11 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/03/2016 10:10:11 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (01/03/2016 10:10:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Zero Configuration Service service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/03/2016 10:10:10 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The SoftEther VPN Client service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/03/2016 10:10:10 PM) (Source: Service Control Manager) (EventID: 7034) (User: )
Description: The Intel® PROSet/Wireless Registry Service service terminated unexpectedly.  It has done this 1 time(s).


==================== Memory info ===========================

Processor: Intel® Core™ i5-2450M CPU @ 2.50GHz
Percentage of memory in use: 52%
Total physical RAM: 4009.54 MB
Available physical RAM: 1906.79 MB
Total Virtual: 5161.54 MB
Available Virtual: 3103.39 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:179 GB) (Free:96.01 GB) NTFS ==>[drive with boot components (obtained from BCD)]
Drive e: (Local Disk) (Fixed) (Total:247.6 GB) (Free:162.37 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 5BC53D8B)
Partition 1: (Active) - (Size=179 GB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=286.7 GB) - (Type=OF Extended)

==================== End of Addition.txt ============================



#4 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:01 PM

Posted 03 January 2016 - 05:42 PM

Step 1

YjhLJro.pngSystemLook

  • Please download SystemLook (x64) and save the file to your Desktop.
  • Right-Click SystemLook_x64.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Copy the entire contents of the codebox below and paste into the textfield.
    :regfind
    zerohorizon
    
  • Click the Ji0XpU4.png button to start the scan.
  • Upon completion, a log (SystemLook.txt) will open. Copy the contents of the log and paste in your next reply.
  • Click the OCFv7xc.png button.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#5 MasonX

MasonX
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marietta, GA, US
  • Local time:02:01 PM

Posted 03 January 2016 - 06:23 PM

SystemLook 30.07.11 by jpshortstuff
Log created at 18:19 on 03/01/2016 by David
Administrator - Elevation successful

========== regfind ==========

Searching for "zerohorizon"
No data found.

-= EOF =-



#6 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:01 PM

Posted 03 January 2016 - 06:24 PM

Step 1

herdprotect.png

Please download HerdProtect by Reason Software (portable edition) and save the file to your desktop.
Temporary disable your AntiVirus and AntiSpyware protection - instructions here.

  • Right-click on herdprotect-logo-200x200.png icon and select RunAsAdmin.jpg Run as Administrator to install the scanner.
  • It will ask for the location - leave the default one (%ProgramFiles%) or select another, convenient one.
  • Agree to the terms, select Launch herdProtect and click Finish.
  • Click Scan. It may take a while, depending on your system and connection specs. Please be patient.
  • When it finishes click on Save Results.
  • A Notepad with a report should open.

Please include the contens of that report in your next reply.
This type of scan often produces false positives. In any case do not remove on your own any of its findings! Removal will be made after the careful analysis of the scan results.
Upon completion of the cleaning you may remove HerdProtect if you wish so. To do it just delete its directory (chosen by you when installing the tool).


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#7 MasonX

MasonX
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marietta, GA, US
  • Local time:02:01 PM

Posted 03 January 2016 - 06:57 PM

Saved date:          1/3/2016 18:54:54 PM
Files detected:     44
Files scanned:         10,497
Processes scanned:     74
Modules scanned:     864
ASEPs scanned:         557
Downloads scanned:     0
Deep analysis:         4/2
---------------------------------------------------------------------------------

Files

---------------------------------------------------------------------------------

File path:         c:\users\david\appdata\local\temp\hyd7d88.tmp.1451848483\hta\3rdparty\occomsdk.dll
Publisher:         TODO: <Company name>
Signer:         OpenCandy
MD5:             dd40ddfae58c293f07d5c2a310727d04
SHA-1:             e1ba32f464f2982f70abb2f2b6c8960f62c87845
Created:         1/3/2016 7:14:46 PM
Detections:         2
Determination:         Adware
            - Panda Antivirus as PUP/OpenCandy (Adware)
            - Reason Heuristics as PUP.OpenCandy.TODOCompanyname (M) (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\david\appdata\local\temp\hyd7d88.tmp.1451848483\hta\3rdparty\ocsetuphlp.dll
Publisher:         OpenCandy, Inc.
Signer:         OpenCandy
MD5:             4adb06a360a9d49ca302a7cf11705403
SHA-1:             4f592c5f94a3c1e4c71be050655bcaa6cea4fa89
Created:         1/3/2016 7:14:46 PM
Detections:         10
Determination:         Adware
            - Malwarebytes as PUP.Optional.OpenCandy (Adware)
            - ESET NOD32 as Win32/OpenCandy.C potentially unsafe (variant) (Adware)
            - Agnitum Outpost as Riskware.Agent (Adware)
            - SUPERAntiSpyware as PUP.OpenCandy/Variant (Adware)
            - Dr.Web as Adware.OpenCandy.146 (Adware)
            - G Data as Win32.Application.OpenCandy (Adware)
            - Baidu Antivirus as Adware.Win32.OpenCandy (Adware)
            - AVG as OpenCandy (Adware)
            - Panda Antivirus as PUP/OpenCandy (Adware)
            - Reason Heuristics as PUP.OpenCandy.Installer (M) (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\david\appdata\local\temp\hyd7d88.tmp.1451848483_permissionscopy\updates\3.4.5_41372\utorrentie.exe
Publisher:         BitTorrent Inc.
MD5:             233b5852363bfb41d73d219fa8528af4
SHA-1:             e11ccbf55a729cc9d0689b21fd2b620abcdb8532
Created:         1/3/2016 7:14:51 PM
Detections:         3
Determination:         Inconclusive
            - Avira AntiVirus as W32/Sality.AT (Undefined)
            - Antiy Labs AVL as Trojan/Win32.SGeneric (Undefined)
            - Zillya! Antivirus as Downloader.Agent.Win32.293502 (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\downloads\frst64.exe
Publisher:         Farbar
MD5:             c9e61a27dcd99f65dfd406a48d74a217
SHA-1:             e714be355063862c8a509301656a574cd44b798c
Created:         1/3/2016 7:06:52 PM
Detections:         2
Determination:         Ignore detections (false positive)
            - Zillya! Antivirus as Trojan.Disfa.Win32.41659 (Undefined)
            - Jiangmin as Trojan.Autoit.aw (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\downloads\highlands mod installer 1.8.exe
Publisher:         
Signer:         Skyworxz, LLC
MD5:             bb3243df7343d4ef8ce420429b6ae21c
SHA-1:             95bb886bd492a936f49ab5ee7e80f8146cff15ce
Created:         12/31/2015 1:31:31 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Clam AntiVirus as Php.Exploit.CVE_2015_2331-3 (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\frst64(1).exe
Publisher:         Farbar
MD5:             c9e61a27dcd99f65dfd406a48d74a217
SHA-1:             e714be355063862c8a509301656a574cd44b798c
Created:         1/3/2016 10:20:42 PM
Detections:         2
Determination:         Ignore detections (false positive)
            - Zillya! Antivirus as Trojan.Disfa.Win32.41659 (Undefined)
            - Jiangmin as Trojan.Autoit.aw (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\systemlook_x64.exe
Publisher:         
MD5:             f783ec309d42813f74319eb776153b2b
SHA-1:             81700a60e7da41f84e46d27a6f71d12c5376bca9
Created:         1/3/2016 11:18:48 PM
Detections:         1
Determination:         Inconclusive
            - Emsisoft Anti-Malware as Gen:Variant.Adware.Hotbar.14 (Adware)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\techniclauncher.exe
Publisher:         
Signer:         Syndicate LLC
MD5:             7bfa3754b26c3597cb5376ce4769b5d6
SHA-1:             f98e151ba667ea46164859659767fa7b4109a5fa
Created:         1/3/2016 12:38:11 AM
Detections:         2
Determination:         Inconclusive
            - Jiangmin as TrojanSpy.MSIL.mjw (Undefined)
            - ESET NOD32 as Detection.Undefined (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\mcp918\runtime\bin\python\bz2.pyd
Publisher:         
MD5:             2309952a1136740f3871869cc13ab620
SHA-1:             7d9eb3ef678537c0026dc06e36f4d42b96b2627f
Created:         12/30/2015 9:03:50 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\mcp918\runtime\bin\python\python27.dll
Publisher:         Python Software Foundation
MD5:             fb9ecb14a14328711eef9aace1686614
SHA-1:             bd76a10cd66ff833bc24b6008cd502c4d2eabc1a
Created:         12/30/2015 9:03:50 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\mcp918\runtime\bin\python\select.pyd
Publisher:         
MD5:             3449bbfac55bfa14cdfd83e2d90f3d7e
SHA-1:             6bd778f81d672453b06e09dd405bd45e22062a70
Created:         12/30/2015 9:03:50 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\mcp918\runtime\bin\python\sqlite3.dll
Publisher:         
MD5:             cf2fb22554b51181867efa2fadbf0059
SHA-1:             a96515be43041c243a939ca142175a805c827837
Created:         12/30/2015 9:03:50 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\mcp918\runtime\bin\python\_ctypes.pyd
Publisher:         
MD5:             f9982f8b1176597b81ed1285d1616ce7
SHA-1:             7cf74cce8b20adeeff83e29eacc028bdf2d7c18a
Created:         12/30/2015 9:03:50 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\mcp918\runtime\bin\python\_hashlib.pyd
Publisher:         
MD5:             199bde23ef347dbccc6bf5a112b43c93
SHA-1:             ba98ef27c64eb858ac7c3ae6ff1dece53094e753
Created:         12/30/2015 9:03:50 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\mcp918\runtime\bin\python\_socket.pyd
Publisher:         
MD5:             07789a8c23bcebe32f8bfd4ce4af5ffb
SHA-1:             132d7ad9d2a7c3ff51b246fd14f0a4f738d68e10
Created:         12/30/2015 9:03:50 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\mcp918\runtime\bin\python\_sqlite3.pyd
Publisher:         
MD5:             8af159910fa00e5d5ec5e3b0823dbc76
SHA-1:             6b59fe4cda77c8f884629c1cbf6e08c55025509b
Created:         12/30/2015 9:03:50 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\mcp918\runtime\bin\python\_ssl.pyd
Publisher:         
MD5:             12fb0bcc8b79ecadd52ba8d97e08bfed
SHA-1:             b52b26e16841d3b03f36792df7ed1825aa95ee54
Created:         12/30/2015 9:03:50 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - XVirus List as Win.Detected (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\putty.exe
Publisher:         Simon Tatham
MD5:             33c9d1e56152e212367e9c5b01671e45
SHA-1:             9ded3ce2ae09c37ca173bbd3dcb57258b72cdbd5
Created:         11/20/2015 5:35:48 PM
Detections:         3
Determination:         Ignore detections (false positive)
            - Trend Micro House Call as HT_SWRORT_EK26000B.UVPM (Undefined)
            - Clam AntiVirus as Win.Trojan.Rozena-1123 (Undefined)
            - Rising Antivirus as PE:Malware.Generic(Thunder)!1.A1C4 [F] (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\ps stuff\sky obs 8-23-2015\iris\iris.exe
Publisher:         
MD5:             b1fa4aafb86a9d8ee4778e61fc08478f
SHA-1:             6a26949b686cac686749ac7aac52d6d723c0ce73
Created:         8/24/2015 2:03:49 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as HW32.Laneul (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\ps3\1406381705_gta v.exe
Publisher:         XB36Hazard
MD5:             edc12081eef9df52c85179b1b4a458ee
SHA-1:             285eb130a9a6459b74953dc7b846a44f776873ad
Created:         10/1/2015 11:38:12 PM
Detections:         10
Determination:         UndefinedMalware
            - Antiy Labs AVL as Trojan/Win32.SGeneric (Undefined)
            - McAfee as Artemis!EDC12081EEF9 (Undefined)
            - Zillya! Antivirus as Trojan.Agent.Win32.495652 (Undefined)
            - Norman as Suspicious_Gen4.HIOKW
            - Kaspersky as Trojan.MSIL.Agent (Undefined)
            - Agnitum Outpost as Trojan.Agent (Undefined)
            - Sophos as Mal/Generic-S (Undefined)
            - McAfee Web Gateway as BehavesLike.Win32.BadFile.vc (Undefined)
            - Vba32 AntiVirus as Trojan.MSIL.Agent (Undefined)
            - IKARUS anti.virus as Trojan.MSIL.Agent (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\ps3\gta v2.exe
Publisher:         XB36Hazard
MD5:             1a9acb00666d00a846ad96271cebbd0f
SHA-1:             477c4181bd3f08727ae4dccfc59c312b353671d0
Created:         10/1/2015 11:21:27 PM
Detections:         4
Determination:         Inconclusive
            - Kaspersky as UDS:DangerousObject.Multi.Generic (Undefined)
            - Rising Antivirus as PE:Malware.RDM.35!5.29[F1] (Undefined)
            - McAfee Web Gateway as Artemis (Undefined)
            - McAfee as Artemis!1A9ACB00666D (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\random stuff\gsmartcontrol-0.8.7-win32\freetype6.dll
Publisher:         
MD5:             d4eb57e2e08db3797a934bd977d5fe83
SHA-1:             dc27e57cc0054cd3ecc21865f2933070aaa7250d
Created:         10/15/2015 4:51:43 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\random stuff\gsmartcontrol-0.8.7-win32\gdk-pixbuf-query-loaders.exe
Publisher:         
MD5:             c5c42bbeffa3b2777953504cae2f0e1f
SHA-1:             aabcc423773c74c380c9029866f31fd91593623e
Created:         10/15/2015 4:51:43 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\random stuff\gsmartcontrol-0.8.7-win32\gspawn-win32-helper-console.exe
Publisher:         
MD5:             7ea9a534cf21a4c1169ce21096d4621a
SHA-1:             10dd6ff19316f739c4de381f1cc00d587c445f0a
Created:         10/15/2015 4:51:43 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\random stuff\gsmartcontrol-0.8.7-win32\gspawn-win32-helper.exe
Publisher:         
MD5:             21e00561e799da988686edf219a890c0
SHA-1:             2138bcde1ae90d4e28022f6eb59c84e45e6a4c58
Created:         10/15/2015 4:51:43 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\random stuff\gsmartcontrol-0.8.7-win32\gtk-query-immodules-2.0.exe
Publisher:         
MD5:             003f406772f394035a3caf6417197ca7
SHA-1:             e9d4dd034ed6056de3aad6e9f76155ceac3c7c45
Created:         10/15/2015 4:51:42 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\random stuff\gsmartcontrol-0.8.7-win32\libexpat-1.dll
Publisher:         
MD5:             c90dcdc78fd601db5dea6b00bb09622d
SHA-1:             febe195ece7b3da98dbfa10691ff7493de1de68d
Created:         10/15/2015 4:51:42 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\random stuff\gsmartcontrol-0.8.7-win32\pango-querymodules.exe
Publisher:         
MD5:             c988d78304a66069df64ec45aa317b6c
SHA-1:             d995c55ebb5b153de9dba6fbef4822685d62c93e
Created:         10/15/2015 4:51:43 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\random stuff\gsmartcontrol-0.8.7-win32\smartctl.exe
Publisher:         
MD5:             5e995a8e787a0dd4f929dec1e3d62841
SHA-1:             97956bd8425bd7387effa7eb0007029706065141
Created:         10/15/2015 4:51:42 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as HW32.TsCabk (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\random stuff\gsmartcontrol-0.8.7-win32\update-smart-drivedb.exe
Publisher:         
MD5:             c343650e665e514bbf061f6d968d4c23
SHA-1:             a601df606fb790b9ebd654546243cc3ca38336ed
Created:         10/15/2015 4:51:43 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Vba32 AntiVirus as suspected of Trojan.Downloader.gen.h (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\random stuff\gsmartcontrol-0.8.7-win32\lib\gtk-2.0\2.10.0\engines\libpixmap.dll
Publisher:         
MD5:             4c32611b6df63f16d915d2be9c529973
SHA-1:             a16deb648d889cd7ace750640c11976b4857111c
Created:         10/15/2015 4:51:43 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\random stuff\gsmartcontrol-0.8.7-win32\lib\gtk-2.0\modules\modules\libgail.dll
Publisher:         
MD5:             821d9e7dd599795f0f96071882da1caf
SHA-1:             3aaea8e7c712b4f55c930d085985194473d5b852
Created:         10/15/2015 4:51:43 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.HfsAutoB (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\random stuff\her story\steam_api.dll
Publisher:         Valve Corporation
MD5:             d91ccaffaa7370738d66679db9bcf383
SHA-1:             c73aafc389cc8bb9d58e42bb5b2b5fe19c9cd508
Created:         7/11/2015 4:10:03 PM
Detections:         3
Determination:         Inconclusive
            - Bkav FE as HW32.Packed (Undefined)
            - Clam AntiVirus as Win.Trojan.Wysotot (Undefined)
            - Sophos as Mal/VMProtBad-A (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\random stuff\testdisk-7.0\fidentify_win.exe
Publisher:         
MD5:             9b85477b537595a7e98517ccb53e09a7
SHA-1:             e1363c24efc0a3ef242ae7e47cfc37c559ef9cdf
Created:         10/15/2015 4:56:48 PM
Detections:         4
Determination:         Ignore detections (false positive)
            - The Hacker as Posible_Worm32 (Undefined)
            - Trend Micro House Call as Suspicious_GEN.F47V0418 (Undefined)
            - IKARUS anti.virus as Trojan.Crypt
            - Qihoo 360 Security as HEUR/QVM11.1.Malware.Gen (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\random stuff\testdisk-7.0\libssp-0.dll
Publisher:         
MD5:             7aed7006f99df1e8600c7db5c55ae9bf
SHA-1:             5597b9a29d0924daf6b9fdb14d135e3b69cc0d9c
Created:         10/15/2015 4:56:49 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Antiy Labs AVL as VCS/Environment.DigitalFN

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\random stuff\testdisk-7.0\photorec_win.exe
Publisher:         CGSecurity
MD5:             4efda8d9c5630b4bab68bb492964cb89
SHA-1:             f7d9bf57188dbfe2e168870e77e366d8b2e29017
Created:         10/15/2015 4:56:46 PM
Detections:         2
Determination:         Ignore detections (false positive)
            - Avira AntiVirus as TR/Crypt.XPACK.Gen2
            - IKARUS anti.virus as Trojan.Crypt

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\random stuff\testdisk-7.0\testdisk_win.exe
Publisher:         CGSecurity
MD5:             ac98ba3f9bb5a8f32b86f9a121fec846
SHA-1:             14468bcbd319d7aaeb9e2bd1f5e805e5165fdc79
Created:         10/15/2015 4:56:47 PM
Detections:         2
Determination:         Ignore detections (false positive)
            - Avira AntiVirus as TR/Crypt.XPACK.Gen2
            - IKARUS anti.virus as Trojan.Crypt

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\old stuff\spek\paint2soundprereqfiles\paint2soundv101.exe
Publisher:         
MD5:             6574186400dd3675ed7e82ff8ed7b762
SHA-1:             fa5d7613a820edf7bd7171ccc2b4c2a314060826
Created:         10/19/2015 11:35:05 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - CMC Antivirus as Packed.Win32.Zcrypt.3!O

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\svt down\disasm_engine.dll
Publisher:         
MD5:             d3e3e2f1326f256ac4b3ed90dd49947e
SHA-1:             6d0633ed7019a2884ccb76d2552eea211e1771c3
Created:         5/29/2015 11:00:07 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Bkav FE as W32.Clod93c.Trojan (Undefined)

---------------------------------------------------------------------------------

File path:         c:\users\david\desktop\svt down\proxy.exe
Publisher:         
MD5:             9067c82b1582fda3a35bff556f3c9998
SHA-1:             de10a8fcbf84d4056b2e34a1fcd23dabd6781a0e
Created:         5/29/2015 11:00:09 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - Trend Micro House Call as TROJ_GEN.F47V0216 (Undefined)

---------------------------------------------------------------------------------

File path:         c:\windows\secoh-qad.exe
Publisher:         
MD5:             38de5b216c33833af710e88f7f64fc98
SHA-1:             66c72019eafa41bbf3e708cc3824c7c4447bdab6
Created:         12/29/2015 8:40:18 PM
Detections:         1
Determination:         Inconclusive
            - Reason Heuristics as Threat.Win.Reputation (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files\intel\wifi\bin\langresources\esn\ihvuiesn.dll
Publisher:         Intel® Corporation
MD5:             cd8924f16c1d68de06b667b5c4bda579
SHA-1:             701d58afeb5b69ac3e57bcd6742a380d798c1e26
Created:         12/8/2011 6:30:42 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - The Hacker as Trojan/Buzus.gdqz (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files\intel\wifi\instbin\tracedbcnv.dll
Publisher:         Intel® Corporation
MD5:             77e0d88a4ad21679d92667cda056b0d9
SHA-1:             67d41aee7475809be1e029ebeff18e140b7f7cae
Created:         12/8/2011 5:27:30 PM
Detections:         1
Determination:         Ignore detections (false positive)
            - ByteHero BDV as Trojan.Malware.Win32.xPack.i (Undefined)

---------------------------------------------------------------------------------

File path:         c:\program files\nvidia corporation\nvstreamsrv\nvinject.dll
Publisher:         NVIDIA Corporation
Signer:         NVIDIA Corporation PE Sign v2014
MD5:             90b167b0c03680683cf789bba403358d
SHA-1:             fe112aa846013bba676cbf9833f3403c9a443a4d
Created:         12/30/2015 1:21:11 AM
Detections:         1
Determination:         Ignore detections (false positive)
            - Rising Antivirus as PE:Trojan.Kuluoz!6.1EFA (Undefined)
 



#8 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:01 PM

Posted 04 January 2016 - 04:11 AM

Do the "redirects" happen in all browsers or just in FF?


regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#9 MasonX

MasonX
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marietta, GA, US
  • Local time:02:01 PM

Posted 04 January 2016 - 06:15 AM

It happened once in IE, where I got redirected to a sub domain of "buy-targeted-traffic.com".
But I only use Firefox, so I can't really tell.

Because it happened in IE and FF, I'll guess all browsers.

#10 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:01 PM

Posted 04 January 2016 - 04:20 PM

Step 1

rzqZvBe.pngMiniToolBox

  • Please download MiniToolBox and save the file to your Desktop.
  • Close any open windows.
  • Right-Click MiniToolBox.exe and select AVOiBNU.jpg Run as administrator to run the programme.
  • Check the following items:
    • njvAG80.png
    • 6N6QY9z.png
    • zmWTIXg.png
    • VAFn5gg.png
    • AtULTyM.png
    • 4roTXa5.png
    • kLju9nY.png
    • chxHkm0.png
    • 6KiAnDw.png
    • fd89mAB.png
    • vz7b54X.png
  • Click 9Z8u2SR.png.
  • A log (Result.txt) will be created on your Desktop. Copy the contents of the log and paste in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#11 MasonX

MasonX
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marietta, GA, US
  • Local time:02:01 PM

Posted 04 January 2016 - 06:06 PM

MiniToolBox by Farbar  Version: 02-11-2015
Ran by David (administrator) on 04-01-2016 at 23:00:51
Running from "C:\Users\David\Downloads"
Microsoft Windows 10 Pro  (X64)
Boot Mode: Normal
***************************************************************************

========================= Flush DNS: ===================================

Windows IP Configuration

Successfully flushed the DNS Resolver Cache.

========================= IE Proxy Settings: ==============================

Proxy is not enabled.
No Proxy Server is set.

"Reset IE Proxy Settings": IE Proxy Settings were reset.

========================= FF Proxy Settings: ==============================

"network.proxy.type", 0

"Reset FF Proxy Settings": Firefox Proxy settings were reset.

========================= Hosts content: =================================
========================= IP Configuration: ================================

Realtek PCIe GBE Family Controller = Ethernet (Connected)
Intel® Centrino® Wireless-N 130 Driver = Wi-Fi (Media disconnected)
Bluetooth Device (Personal Area Network) = Bluetooth Network Connection (Media disconnected)
VPN Client Adapter - VPN = VPN - VPN Client (Media disconnected)


# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4

reset
set global
set interface interface="VPN - VPN Client" forwarding=disabled advertise=disabled metric=1 siteprefixlength=0 nud=disabled routerdiscovery=disabled managedaddress=disabled otherstateful=disabled weakhostsend=disabled weakhostreceive=disabled ignoredefaultroutes=disabled advertisedrouterlifetime=0 advertisedefaultroute=disabled currenthoplimit=0 forcearpndwolpattern=disabled enabledirectedmacwolpattern=disabled ecncapability=ecndisabled


popd
# End of IPv4 configuration



Windows IP Configuration

   Host Name . . . . . . . . . . . . : DPC
   Primary Dns Suffix  . . . . . . . :
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : home

Ethernet adapter VPN - VPN Client:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : VPN Client Adapter - VPN
   Physical Address. . . . . . . . . : 00-AC-0D-80-67-C0
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Wi-Fi:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Intel® Centrino® Wireless-N 130
   Physical Address. . . . . . . . . : DC-A9-71-99-8B-B7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Wireless LAN adapter Local Area Connection* 3:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : DC-A9-71-99-8B-B8
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Ethernet adapter Ethernet:

   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Realtek PCIe GBE Family Controller
   Physical Address. . . . . . . . . : E8-03-9A-19-4E-D7
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::f5e3:79b4:5d5b:6cbf%11(Preferred)
   IPv4 Address. . . . . . . . . . . : 172.16.0.70(Preferred)
   Subnet Mask . . . . . . . . . . . : 255.255.0.0
   Lease Obtained. . . . . . . . . . : Sunday, January 3, 2016 10:12:31 PM
   Lease Expires . . . . . . . . . . : Tuesday, January 5, 2016 6:25:39 PM
   Default Gateway . . . . . . . . . : 172.16.0.1
   DHCP Server . . . . . . . . . . . : 172.16.0.80
   DHCPv6 IAID . . . . . . . . . . . : 65536922
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-14-A1-F8-E8-03-9A-19-4E-D7
   DNS Servers . . . . . . . . . . . : 172.16.0.1
   NetBIOS over Tcpip. . . . . . . . : Enabled

Ethernet adapter Bluetooth Network Connection:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Bluetooth Device (Personal Area Network)
   Physical Address. . . . . . . . . : DC-A9-71-99-8B-BB
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter isatap.home:

   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : home
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes

Tunnel adapter Teredo Tunneling Pseudo-Interface:

   Connection-specific DNS Suffix  . :
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:6abd:2cb0:3cd6:a952:467c(Preferred)
   Link-local IPv6 Address . . . . . : fe80::2cb0:3cd6:a952:467c%6(Preferred)
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 268435456
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1E-14-A1-F8-E8-03-9A-19-4E-D7
   NetBIOS over Tcpip. . . . . . . . : Disabled
Server:  api.home
Address:  172.16.0.1

Name:    google.com
Addresses:  2a00:1450:4009:80c::200e
      216.58.210.14


Pinging google.com [216.58.210.14] with 32 bytes of data:
Reply from 216.58.210.14: bytes=32 time=8ms TTL=55
Reply from 216.58.210.14: bytes=32 time=8ms TTL=55

Ping statistics for 216.58.210.14:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 8ms, Maximum = 8ms, Average = 8ms
Server:  api.home
Address:  172.16.0.1

Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
      2001:4998:c:a06::2:4008
      2001:4998:44:204::a7
      98.138.253.109
      98.139.183.24
      206.190.36.45


Pinging yahoo.com [98.139.183.24] with 32 bytes of data:
Reply from 98.139.183.24: bytes=32 time=106ms TTL=45
Reply from 98.139.183.24: bytes=32 time=106ms TTL=45

Ping statistics for 98.139.183.24:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 106ms, Maximum = 106ms, Average = 106ms

Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128

Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  9...00 ac 0d 80 67 c0 ......VPN Client Adapter - VPN
 10...dc a9 71 99 8b b7 ......Intel® Centrino® Wireless-N 130
  8...dc a9 71 99 8b b8 ......Microsoft Hosted Network Virtual Adapter
 11...e8 03 9a 19 4e d7 ......Realtek PCIe GBE Family Controller
  7...dc a9 71 99 8b bb ......Bluetooth Device (Personal Area Network)
  1...........................Software Loopback Interface 1
  4...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
===========================================================================

IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0       172.16.0.1      172.16.0.70     20
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
       172.16.0.0      255.255.0.0         On-link       172.16.0.70    276
      172.16.0.70  255.255.255.255         On-link       172.16.0.70    276
   172.16.255.255  255.255.255.255         On-link       172.16.0.70    276
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link       172.16.0.70    276
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link       172.16.0.70    276
===========================================================================
Persistent Routes:
  None

IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  6    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  6    306 2001::/32                On-link
  6    306 2001:0:9d38:6abd:2cb0:3cd6:a952:467c/128
                                    On-link
 11    276 fe80::/64                On-link
  6    306 fe80::/64                On-link
  6    306 fe80::2cb0:3cd6:a952:467c/128
                                    On-link
 11    276 fe80::f5e3:79b4:5d5b:6cbf/128
                                    On-link
  1    306 ff00::/8                 On-link
 11    276 ff00::/8                 On-link
  6    306 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================

Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [54784] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70144] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [64000] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog5 07 C:\Windows\SysWOW64\wshbth.dll [51200] (Microsoft Corporation)
Catalog5 08 C:\Program Files (x86)\Bonjour\mdnsNSP.dll [122128] (Apple Inc.)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
Catalog9 12 C:\Windows\SysWOW64\mswsock.dll [306528] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [67072] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [79872] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog5 07 C:\Windows\System32\wshbth.dll [62976] (Microsoft Corporation)
x64-Catalog5 08 C:\Program Files\Bonjour\mdnsNSP.dll [133392] (Apple Inc.)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)
x64-Catalog9 12 C:\Windows\System32\mswsock.dll [364384] (Microsoft Corporation)

========================= Event log errors: ===============================

Application errors:
==================
Error: (01/04/2016 10:56:02 PM) (Source: Microsoft-Windows-CAPI2) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.


Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (01/04/2016 06:25:44 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DPC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/04/2016 02:49:39 AM) (Source: Microsoft-Windows-Immersive-Shell) (User: DPC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/03/2016 11:52:43 PM) (Source: Application Error) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
Faulting module name: LSASRV.dll, version: 10.0.10240.16392, time stamp: 0x55a868f9
Exception code: 0xc0000005
Fault offset: 0x000000000004e20e
Faulting process id: 0x1a38
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5

Error: (01/03/2016 11:30:26 PM) (Source: Application Error) (User: )
Description: Faulting application name: herdProtectScan.exe, version: 1.0.3.9, time stamp: 0x549300f9
Faulting module name: LSASRV.dll, version: 10.0.10240.16392, time stamp: 0x55a868f9
Exception code: 0xc0000005
Fault offset: 0x000000000004e20e
Faulting process id: 0x1a38
Faulting application start time: 0xherdProtectScan.exe0
Faulting application path: herdProtectScan.exe1
Faulting module path: herdProtectScan.exe2
Report Id: herdProtectScan.exe3
Faulting package full name: herdProtectScan.exe4
Faulting package-relative application ID: herdProtectScan.exe5

Error: (01/03/2016 10:09:46 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DPC)
Description: Activation of app Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/03/2016 09:24:30 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DPC)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/03/2016 09:24:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (User: DPC)
Description: Activation of app Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge failed with error: -2144927149 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (01/03/2016 09:17:17 PM) (Source: SideBySide) (User: )
Description: Activation context generation failed for "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"1".Error in manifest or policy file "UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"2" on line UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"3.
Component identity found in manifest does not match the identity of the component requested.
Reference is UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0".
Definition is UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0".
Please use sxstrace.exe for detailed diagnosis.

Error: (01/03/2016 01:01:12 AM) (Source: Application Error) (User: )
Description: Faulting application name: iREB-r7.exe, version: 6.0.0.0, time stamp: 0x513ccbb4
Faulting module name: KERNELBASE.dll, version: 6.2.10240.16384, time stamp: 0x559f3b2a
Exception code: 0x80000003
Fault offset: 0x00132bd2
Faulting process id: 0x%9
Faulting application start time: 0xiREB-r7.exe0
Faulting application path: iREB-r7.exe1
Faulting module path: iREB-r7.exe2
Report Id: iREB-r7.exe3
Faulting package full name: iREB-r7.exe4
Faulting package-relative application ID: iREB-r7.exe5


System errors:
=============
Error: (01/04/2016 06:45:02 PM) (Source: Schannel) (User: NT AUTHORITY)
Description: A fatal error occurred when attempting to access the SSL server credential private key. The error code returned from the cryptographic module is 0x8009030d. The internal error state is 10001.

Error: (01/04/2016 02:49:41 AM) (Source: DCOM) (User: DPC)
Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (01/04/2016 02:49:39 AM) (Source: DCOM) (User: DPC)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca

Error: (01/04/2016 02:49:37 AM) (Source: Service Control Manager) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/03/2016 10:11:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (01/03/2016 10:11:42 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (01/03/2016 10:11:24 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN Extensibility Module has stopped unexpectedly.

Module Path: C:\Windows\System32\IWMSSvc.dll

Error: (01/03/2016 10:11:21 PM) (Source: Service Control Manager) (User: )
Description: The Sync Host_Session3 service terminated unexpectedly.  It has done this 1 time(s).  The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (01/03/2016 10:10:11 PM) (Source: Service Control Manager) (User: )
Description: The Intel® Rapid Storage Technology service terminated unexpectedly.  It has done this 1 time(s).

Error: (01/03/2016 10:10:11 PM) (Source: Service Control Manager) (User: )
Description: The iPod Service service terminated unexpectedly.  It has done this 1 time(s).


Microsoft Office Sessions:
=========================
Error: (01/04/2016 10:56:02 PM) (Source: Microsoft-Windows-CAPI2)(User: )
Description:
Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.

Error: (01/04/2016 06:25:44 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DPC)
Description: Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp-2144927148

Error: (01/04/2016 02:49:39 AM) (Source: Microsoft-Windows-Immersive-Shell)(User: DPC)
Description: Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI-2144927141

Error: (01/03/2016 11:52:43 PM) (Source: Application Error)(User: )
Description: herdProtectScan.exe1.0.3.9549300f9LSASRV.dll10.0.10240.1639255a868f9c0000005000000000004e20e1a3801d1467e69b33e62C:\Program Files\Reason\herdProtect\Scanner_Portable\herdProtectScan.exeC:\Windows\SYSTEM32\LSASRV.dlla3dd5625-7ef4-4fab-8841-b43cfd6cf3ae

Error: (01/03/2016 11:30:26 PM) (Source: Application Error)(User: )
Description: herdProtectScan.exe1.0.3.9549300f9LSASRV.dll10.0.10240.1639255a868f9c0000005000000000004e20e1a3801d1467e69b33e62C:\Program Files\Reason\herdProtect\Scanner_Portable\herdProtectScan.exeC:\Windows\SYSTEM32\LSASRV.dll6c4c7f07-3763-4522-a0b3-e8951e5fc26b

Error: (01/03/2016 10:09:46 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DPC)
Description: Microsoft.XboxApp_8wekyb3d8bbwe!Microsoft.XboxApp-2144927148

Error: (01/03/2016 09:24:30 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DPC)
Description: Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge-2144927149

Error: (01/03/2016 09:24:23 PM) (Source: Microsoft-Windows-Immersive-Shell)(User: DPC)
Description: Microsoft.MicrosoftEdge_8wekyb3d8bbwe!MicrosoftEdge-2144927149

Error: (01/03/2016 09:17:17 PM) (Source: SideBySide)(User: )
Description: UccApi,processorArchitecture="AMD64",type="win32",version="15.0.0.0"UccApi,processorArchitecture="x86",type="win32",version="15.0.0.0"C:\Program Files\Microsoft Office 15\root\office15\lync.exe.ManifestC:\Program Files\Microsoft Office 15\root\office15\UccApi.DLL1

Error: (01/03/2016 01:01:12 AM) (Source: Application Error)(User: )
Description: iREB-r7.exe6.0.0.0513ccbb4KERNELBASE.dll6.2.10240.16384559f3b2a8000000300132bd2


========================= Memory info: ===================================

Percentage of memory in use: 91%
Total physical RAM: 4009.54 MB
Available physical RAM: 354.52 MB
Total Virtual: 6279 MB
Available Virtual: 720.27 MB

========================= Partitions: =====================================

1 Drive c: () (Fixed) (Total:179 GB) (Free:94.24 GB) NTFS
3 Drive e: (Local Disk) (Fixed) (Total:247.6 GB) (Free:162.37 GB) NTFS

========================= Users: ========================================

User accounts for \\DPC

Administrator            David                    DefaultAccount           
Guest                    zfvtspqy                 

========================= Restore Points ==================================

01-01-2016 20:57:24 Language Pack Removal
02-01-2016 21:09:14 Installed iTunes
04-01-2016 22:55:48 Language Pack Removal

**** End of log ****
 



#12 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:01 PM

Posted 05 January 2016 - 03:11 PM

Step 1

frst.pngfrstfix.png

Press thew8.png + R on your keyboard at the same time. Type notepad and click OK.
  • Copy the entire content of the codebox below and paste into the notepad document:
    CloseProcesses:
    File: C:\ProgramData\Microsoft\Windows\WER\wermgr.exe 
    HKLM-x32\...\Run: [wermgr] => C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [6786560 2015-01-09] (Microsoft Corporation)
    
  • Click File, Save As and type fixlist.txt as the File Name.
Both files, FRST and fixlist.txt have to be in the same location or the fix will not work!
  • Right-click on FRST.gif icon and select RunAsAdmin.jpg Run as Administrator to start the tool.
    (XP users click run after receipt of Windows Security Warning - Open File).
  • Press the Fix button just once and wait.
  • If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
  • When finished FRST will generate a log on the Desktop, called Fixlog.txt.
Please post it to your reply.

How is your computer running now? What problems and symptoms are still present?

Edited by deeprybka, 05 January 2016 - 03:11 PM.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#13 MasonX

MasonX
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marietta, GA, US
  • Local time:02:01 PM

Posted 05 January 2016 - 03:37 PM

Fix result of Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by David (2016-01-05 15:29:35) Run:1
Running from C:\Users\David\Desktop
Loaded Profiles: David (Available Profiles: David & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
CloseProcesses:
File: C:\ProgramData\Microsoft\Windows\WER\wermgr.exe
HKLM-x32\...\Run: [wermgr] => C:\ProgramData\Microsoft\Windows\WER\wermgr.exe [6786560 2015-01-09] (Microsoft Corporation)
*****************

Processes closed successfully.

========================= File: C:\ProgramData\Microsoft\Windows\WER\wermgr.exe ========================

File not signed
MD5: 8B4829318F9DE0CC7A23F7E018E443A8
Creation and modification date: 2015-01-09 13:16 - 2015-01-09 13:16
Size: 6786560
Attributes: ----A
Company Name: Microsoft Corporation
Internal Name: ams_runtime
Original Name: wermgr.exe
Product: Microsoft® Windows® Operating System
Description: Windows Problem Reporting
File Version: 6.1.7600.16385
Product Version: 6.1.7600.16385
Copyright: © Microsoft Corporation. All rights reserved.

====== End of File: ======

HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\wermgr => value removed successfully


The system needed a reboot.

==== End of Fixlog 15:29:41 ====

I'll post here tomorrow and tell you if the problems persist.



#14 deeprybka

deeprybka

  • Malware Response Team
  • 5,198 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:09:01 PM

Posted 05 January 2016 - 03:46 PM

I'll post here tomorrow and tell you if the problems persist.


Ok. Please do the following as well:

Step 1

frst.pngfrstsearch.png
  • Start FRST with Administrator privileges.
  • Write the following text into the Search textbox:
wermgr.exe
  • Click on the Search Files button.
  • When finished, a log file (Search.txt) pops up and is saved to the same location the tool was run from.
  • Please copy and paste its contents in your next reply.

regards,
deeprybka
:busy:
Neminem laede, immo omnes, quantum potes, iuva. Arthur Schopenhauer
 
unite_blue.png
asap.png

#15 MasonX

MasonX
  • Topic Starter

  • Members
  • 9 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Marietta, GA, US
  • Local time:02:01 PM

Posted 05 January 2016 - 04:30 PM

Farbar Recovery Scan Tool (x64) Version:31-12-2015
Ran by David (2016-01-05 16:24:47)
Running from C:\Users\David\Desktop
Boot Mode: Normal

================== Search Files: "wermgr.exe" =============

C:\Windows\WinSxS\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10240.16392_none_cc586dace83434aa\wermgr.exe
[2015-07-10 11:00][2015-07-10 11:00] 0141152 ____A (Microsoft Corporation) BCFF424B4D86A1F0AEE494BFBA96B467 [File is digitally signed]

C:\Windows\WinSxS\x86_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10240.16384_none_cc588840e8341557\wermgr.exe
[2015-07-10 11:00][2015-12-30 23:14] 0000012 ____A () 8BC92667C1313D3428F42458EC3A57D4 [File not signed]

C:\Windows\WinSxS\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10240.16392_none_28770930a091a5e0\wermgr.exe
[2015-07-10 11:00][2015-07-10 11:00] 0146784 ____A (Microsoft Corporation) 8445088CD24FDCE9CFB91EF8ED825338 [File is digitally signed]

C:\Windows\WinSxS\amd64_microsoft-windows-errorreportingcore_31bf3856ad364e35_10.0.10240.16384_none_287723c4a091868d\wermgr.exe
[2015-07-10 11:00][2015-12-30 22:23] 0000012 ____A () 8BC92667C1313D3428F42458EC3A57D4 [File not signed]

C:\Windows\SysWOW64\wermgr.exe
[2015-07-10 11:00][2015-07-10 11:00] 0141152 ____A (Microsoft Corporation) BCFF424B4D86A1F0AEE494BFBA96B467 [File is digitally signed]

C:\Windows\System32\wermgr.exe
[2015-07-10 11:00][2015-07-10 11:00] 0146784 ____A (Microsoft Corporation) 8445088CD24FDCE9CFB91EF8ED825338 [File is digitally signed]

C:\ProgramData\Microsoft\Windows\WER\wermgr.exe
[2015-01-09 13:16][2015-01-09 13:16] 6786560 ____A (Microsoft Corporation) 8B4829318F9DE0CC7A23F7E018E443A8 [File not signed]

====== End of Search ======






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users