Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Windows 10 computer continiously infected with Pastaleads, BestPriceNinja, more


  • This topic is locked This topic is locked
24 replies to this topic

#1 dwellington

dwellington

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 02 March 2016 - 03:33 PM

Hey All

 

This problem isn't actually for my PC, but for my partner's PC. She's currently stationed in Uganda and I am trying to help fix the issues she's been having via TeamViewer.

 

Computer details: Windows 10 Home, connected to apartment provided WiFi - I personally think this is related to the issue.

 

Symptoms: She says that occasionally when she loads up a website, a new window appears that goes to some weird website. I'll try to get some more detail from he as I haven't been able to reproduce the issue myself. Previously she was also getting injected ads, and "Ads by DSNUnlocker" not sure if that's still happening now. She was also getting "Ads by DNSUnlocker" on her Android cellphone. I did some investigation into this and found this issue was due to injected code into google-analytics.com/ga.js, which I fixed by going to chrome://net-internals#hsts, and adding www.google-analytics.com to the HSTS set. She's now getting different ads on her Android phone, including popups saying she needs to update or download software which is pretty dangerous. I'm thinking it's all related.

 

Scanning with Malwarebytes, I get the following results:

Malwarebytes Anti-Malware
www.malwarebytes.org
 
Scan Date: 3/03/2016
Scan Time: 9:06 AM
Logfile: 
Administrator: Yes
 
Version: 2.2.0.1024
Malware Database: v2016.03.02.05
Rootkit Database: v2016.02.27.01
License: Free
Malware Protection: Disabled
Malicious Website Protection: Disabled
Self-protection: Disabled
 
OS: Windows 10
CPU: x64
File System: NTFS
User: yvonn
 
Scan Type: Threat Scan
Result: Completed
Objects Scanned: 338072
Time Elapsed: 8 min, 16 sec
 
Memory: Enabled
Startup: Enabled
Filesystem: Enabled
Archives: Enabled
Rootkits: Disabled
Heuristics: Enabled
PUP: Enabled
PUM: Enabled
 
Processes: 0
(No malicious items detected)
 
Modules: 0
(No malicious items detected)
 
Registry Keys: 0
(No malicious items detected)
 
Registry Values: 0
(No malicious items detected)
 
Registry Data: 0
(No malicious items detected)
 
Folders: 0
(No malicious items detected)
 
Files: 8
PUP.Optional.PastaLeads, C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, , [d726562c4950dd5936d90926e1237789], 
PUP.Optional.PastaLeads, C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, , [9c61e69c8712c472cd42d05f5fa5966a], 
PUP.Optional.BestPriceNinja, C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage, , [84796e14d6c344f27adf462005ff718f], 
PUP.Optional.BestPriceNinja, C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.bestpriceninja.com_0.localstorage-journal, , [3fbe6220d6c36ccac0994f173cc8cd33], 
PUP.Optional.eShopComp, C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage, , [11ec5f23a7f2082e360afe6dc0442fd1], 
PUP.Optional.eShopComp, C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_pstatic.eshopcomp.com_0.localstorage-journal, , [d42922601683171f221e72f983818977], 
PUP.Optional.CrossRider, C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage, , [08f5374b3168de588c13db93c83c8e72], 
PUP.Optional.CrossRider, C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_d19tqk5t6qcjac.cloudfront.net_0.localstorage-journal, , [53aa9de57f1afc3abce37bf38c786e92], 
 
Physical Sectors: 0
(No malicious items detected)
 
 

(end)

 

I've wiped these out several times now, but they just  keep coming back.
 
What to do?
Cheers


BC AdBot (Login to Remove)

 


#2 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:26 AM

Posted 02 March 2016 - 04:05 PM


:welcome: to BleepingComputer.

Hi there,

my name is Jo and I will help you with your computer problems.


Please follow these guidelines:
  • Read and follow the instructions in the sequence they are posted.
  • print or copy & save instructions.
  • back up all your private data / music / important files on another (external) drive before using our tools.
  • Do not install / uninstall any applications, unless otherwise instructed.
  • Use only that tools you have been instructed to use.
  • Copy and Paste the log files inside your post, unless otherwise instructed.
  • Ask for clarification, if you have any questions.
  • Stay with this topic til you get the all clean post.
  • My first language is not english. So please do not use slang or idioms. It could be hard for me to read. Thanks for your understanding.

***


:step1: Download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
    Vista / Windows 7/8 users right-click and select Run As Administrator.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

***


:step2: Please download Malwarebytes Anti-Rootkit and save it to your desktop.
  • Be sure to print out and follow the instructions provided on that same page.
  • Caution: This is a beta version so please be sure to read the disclaimer and back up all your data before using.
  • Double click on downloaded file. OK self extracting prompt.
  • MBAR will start. Click in the introduction screen "next" to continue.
  • Click in the following screen "Update" to obtain the latest malware definitions.
  • Once the update is complete select "Next" and click "Scan".
With some infections, you may see two messages boxes.
  • 'Could not load protection driver'. Click 'OK'.
  • 'Could not load DDA driver'. Click 'Yes' to this message, to allow the driver to load after a restart. Allow the computer to restart. Continue with the rest of these instructions.
  • If malware is found - do not press the Clean up button, please go to the MBAR folder and then copy/paste the contents of the MBAR-log-***.txt file to your next reply.
  • If there is no malware found, please let me know as well.

***


:step3: Please download AdwCleaner by Xplode and save to your Desktop.
Double-click AdwCleaner.exe
Vista / Windows 7/8 users right-click and select Run As Administrator.
  • Click on the Scan button.
  • AdwCleaner will begin...be patient as the scan may take some time to complete.
    The actual line should say "Pending. Please uncheck elements you do not want to remove" => scan is complete.
  • After the scan has finished, click on the Report button...a logfile (AdwCleaner[R0].txt) will open in Notepad for review.
  • The contents of the log file may be confusing. Unless you see a program name that you know should not be removed, don't worry about it.
    If you see an entry you want to keep, let me know about it.
  • Copy and paste the contents of that logfile in your next reply.
  • A copy of all logfiles are saved in the C:\AdwCleaner folder which was created when running the tool.

***


:step4: MiniToolbox by Farbar

Disable your antivirus if it does not allow you to download the tool!
Please download MiniToolBox, save it to your desktop and run it.
Place a checkmark in Select all, then click Go and post the result (MTB.txt). A copy of Result.txt will be saved in the same directory the tool is run.
Copy and paste the contents of that logfile in your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#3 dwellington

dwellington
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 02 March 2016 - 06:59 PM


 

Results of screen317's Security Check version 1.014 --- 12/23/15  

   x64 (UAC is enabled)  
 Internet Explorer 11  
``````````````Antivirus/Firewall Check:`````````````` 
 Windows Firewall Enabled!  
Windows Defender   
 WMI entry may not exist for antivirus; attempting automatic update. 
`````````Anti-malware/Other Utilities Check:````````` 
 Java 8 Update 66  
 Google Chrome (48.0.2564.109) 
 Google Chrome (48.0.2564.116) 
````````Process Check: objlist.exe by Laurent````````  
 Windows Defender MSMpEng.exe 
 Malwarebytes Anti-Malware mbam.exe  
 Windows Defender MpCmdRun.exe   
`````````````````System Health check````````````````` 
 Total Fragmentation on Drive C:  % 
````````````````````End of Log`````````````````````` 
 

 

Malwarebyes Anti-Rootkit found no malware.

 



# AdwCleaner v5.037 - Logfile created 03/03/2016 at 12:01:03
# Updated 28/02/2016 by Xplode
# Database : 2016-03-02.1 [Server]
# Operating system : Windows 10 Home  (x64)
# Username : yvonn - DESKTOP-SMO5HUA
# Running from : C:\Users\yvonn\Downloads\adwcleaner_5.037.exe
# Option : Scan
 
***** [ Services ] *****
 
 
***** [ Folders ] *****
 
 
***** [ Files ] *****
 
File Found : C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cafetututango.com_0.localstorage
File Found : C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_cafetututango.com_0.localstorage-journal
File Found : C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage
File Found : C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal
 
***** [ DLL ] *****
 
 
***** [ Shortcuts ] *****
 
 
***** [ Scheduled tasks ] *****
 
 
***** [ Registry ] *****
 
 
***** [ Web browsers ] *****
 
 
*************************
 
C:\AdwCleaner\AdwCleaner[S1].txt - [654 bytes] - [16/02/2016 14:45:13]
C:\AdwCleaner\AdwCleaner[S2].txt - [1181 bytes] - [03/03/2016 11:56:39]
C:\AdwCleaner\AdwCleaner[S3].txt - [1278 bytes] - [03/03/2016 12:01:03]
 
########## EOF - C:\AdwCleaner\AdwCleaner[S3].txt - [1351 bytes] ##########
 

 

 


MiniToolBox by Farbar  Version: 07-02-2016 01
Ran by yvonn (administrator) on 03-03-2016 at 12:56:59
Running from "C:\Users\yvonn\Downloads"
Microsoft Windows 10 Home  (X64)
Model: Satellite L510 Manufacturer: TOSHIBA
Boot Mode: Normal
***************************************************************************
 
========================= Flush DNS: ===================================
 
Windows IP Configuration
 
Successfully flushed the DNS Resolver Cache.
 
========================= IE Proxy Settings: ============================== 
 
Proxy is not enabled.
No Proxy Server is set.
 
"Reset IE Proxy Settings": IE Proxy Settings were reset.
========================= Hosts content: =================================
========================= IP Configuration: ================================
 
Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC = Wi-Fi (Connected)
Realtek PCIe FE Family Controller = Ethernet (Media disconnected)
 
 
# ----------------------------------
# IPv4 Configuration
# ----------------------------------
pushd interface ipv4
 
reset
set global icmpredirects=enabled
set interface interface="Ethernet" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 1" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Wi-Fi" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
set interface interface="Local Area Connection* 2" forwarding=enabled advertise=enabled nud=enabled ignoredefaultroutes=disabled
 
 
popd
# End of IPv4 configuration
 
 
 
Windows IP Configuration
 
   Host Name . . . . . . . . . . . . : DESKTOP-SMO5HUA
   Primary Dns Suffix  . . . . . . . : 
   Node Type . . . . . . . . . . . . : Hybrid
   IP Routing Enabled. . . . . . . . : No
   WINS Proxy Enabled. . . . . . . . : No
   DNS Suffix Search List. . . . . . : spekeapartments.com
 
Ethernet adapter Ethernet:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Realtek PCIe FE Family Controller
   Physical Address. . . . . . . . . : 00-26-6C-45-51-7C
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Local Area Connection* 2:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Microsoft Hosted Network Virtual Adapter
   Physical Address. . . . . . . . . : 68-A3-C4-44-23-DA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
 
Wireless LAN adapter Wi-Fi:
 
   Connection-specific DNS Suffix  . : spekeapartments.com
   Description . . . . . . . . . . . : Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
   Physical Address. . . . . . . . . : 68-A3-C4-44-23-DA
   DHCP Enabled. . . . . . . . . . . : Yes
   Autoconfiguration Enabled . . . . : Yes
   Link-local IPv6 Address . . . . . : fe80::74e3:16fc:1005:5a2e%3(Preferred) 
   IPv4 Address. . . . . . . . . . . : 192.168.1.150(Preferred) 
   Subnet Mask . . . . . . . . . . . : 255.255.255.0
   Lease Obtained. . . . . . . . . . : Tuesday, 1 March 2016 8:16:08 AM
   Lease Expires . . . . . . . . . . : Friday, 4 March 2016 7:30:11 AM
   Default Gateway . . . . . . . . . : 192.168.1.1
   DHCP Server . . . . . . . . . . . : 192.168.1.1
   DHCPv6 IAID . . . . . . . . . . . : 57189316
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-DF-33-71-00-26-6C-45-51-7C
   DNS Servers . . . . . . . . . . . : 8.8.8.8
                                       8.8.4.4
   NetBIOS over Tcpip. . . . . . . . : Enabled
 
Tunnel adapter Teredo Tunneling Pseudo-Interface:
 
   Connection-specific DNS Suffix  . : 
   Description . . . . . . . . . . . : Teredo Tunneling Pseudo-Interface
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
   IPv6 Address. . . . . . . . . . . : 2001:0:9d38:90d7:3809:705:d641:2c4c(Preferred) 
   Link-local IPv6 Address . . . . . : fe80::3809:705:d641:2c4c%6(Preferred) 
   Default Gateway . . . . . . . . . : ::
   DHCPv6 IAID . . . . . . . . . . . : 234881024
   DHCPv6 Client DUID. . . . . . . . : 00-01-00-01-1D-DF-33-71-00-26-6C-45-51-7C
   NetBIOS over Tcpip. . . . . . . . : Disabled
 
Tunnel adapter isatap.spekeapartments.com:
 
   Media State . . . . . . . . . . . : Media disconnected
   Connection-specific DNS Suffix  . : spekeapartments.com
   Description . . . . . . . . . . . : Microsoft ISATAP Adapter #5
   Physical Address. . . . . . . . . : 00-00-00-00-00-00-00-E0
   DHCP Enabled. . . . . . . . . . . : No
   Autoconfiguration Enabled . . . . : Yes
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Name:    google.com
Addresses:  2a00:1450:4009:80f::200e
 216.58.213.110
 
 
Pinging google.com [216.58.213.110] with 32 bytes of data:
Reply from 216.58.213.110: bytes=32 time=170ms TTL=49
Reply from 216.58.213.110: bytes=32 time=170ms TTL=49
 
Ping statistics for 216.58.213.110:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 170ms, Maximum = 170ms, Average = 170ms
Server:  google-public-dns-a.google.com
Address:  8.8.8.8
 
Name:    yahoo.com
Addresses:  2001:4998:58:c02::a9
 2001:4998:44:204::a7
 2001:4998:c:a06::2:4008
 98.139.183.24
 206.190.36.45
 98.138.253.109
 
 
Pinging yahoo.com [206.190.36.45] with 32 bytes of data:
Reply from 206.190.36.45: bytes=32 time=356ms TTL=45
Reply from 206.190.36.45: bytes=32 time=355ms TTL=45
 
Ping statistics for 206.190.36.45:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 355ms, Maximum = 356ms, Average = 355ms
 
Pinging 127.0.0.1 with 32 bytes of data:
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
Reply from 127.0.0.1: bytes=32 time<1ms TTL=128
 
Ping statistics for 127.0.0.1:
    Packets: Sent = 2, Received = 2, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
    Minimum = 0ms, Maximum = 0ms, Average = 0ms
===========================================================================
Interface List
  2...00 26 6c 45 51 7c ......Realtek PCIe FE Family Controller
  7...68 a3 c4 44 23 da ......Microsoft Hosted Network Virtual Adapter
  3...68 a3 c4 44 23 da ......Realtek RTL8191SE Wireless LAN 802.11n PCI-E NIC
  1...........................Software Loopback Interface 1
  6...00 00 00 00 00 00 00 e0 Teredo Tunneling Pseudo-Interface
  8...00 00 00 00 00 00 00 e0 Microsoft ISATAP Adapter #5
===========================================================================
 
IPv4 Route Table
===========================================================================
Active Routes:
Network Destination        Netmask          Gateway       Interface  Metric
          0.0.0.0          0.0.0.0      192.168.1.1    192.168.1.150     25
        127.0.0.0        255.0.0.0         On-link         127.0.0.1    306
        127.0.0.1  255.255.255.255         On-link         127.0.0.1    306
  127.255.255.255  255.255.255.255         On-link         127.0.0.1    306
      192.168.1.0    255.255.255.0         On-link     192.168.1.150    281
    192.168.1.150  255.255.255.255         On-link     192.168.1.150    281
    192.168.1.255  255.255.255.255         On-link     192.168.1.150    281
        224.0.0.0        240.0.0.0         On-link         127.0.0.1    306
        224.0.0.0        240.0.0.0         On-link     192.168.1.150    281
  255.255.255.255  255.255.255.255         On-link         127.0.0.1    306
  255.255.255.255  255.255.255.255         On-link     192.168.1.150    281
===========================================================================
Persistent Routes:
  None
 
IPv6 Route Table
===========================================================================
Active Routes:
 If Metric Network Destination      Gateway
  6    306 ::/0                     On-link
  1    306 ::1/128                  On-link
  6    306 2001::/32                On-link
  6    306 2001:0:9d38:90d7:3809:705:d641:2c4c/128
                                    On-link
  3    281 fe80::/64                On-link
  6    306 fe80::/64                On-link
  6    306 fe80::3809:705:d641:2c4c/128
                                    On-link
  3    281 fe80::74e3:16fc:1005:5a2e/128
                                    On-link
  1    306 ff00::/8                 On-link
  6    306 ff00::/8                 On-link
  3    281 ff00::/8                 On-link
===========================================================================
Persistent Routes:
  None
========================= Winsock entries =====================================
 
Catalog5 01 C:\Windows\SysWOW64\napinsp.dll [55808] (Microsoft Corporation)
Catalog5 02 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 03 C:\Windows\SysWOW64\pnrpnsp.dll [70656] (Microsoft Corporation)
Catalog5 04 C:\Windows\SysWOW64\NLAapi.dll [65024] (Microsoft Corporation)
Catalog5 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog5 06 C:\Windows\SysWOW64\winrnr.dll [23552] (Microsoft Corporation)
Catalog9 01 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 02 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 03 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 04 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 05 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 06 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 07 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 08 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 09 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 10 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
Catalog9 11 C:\Windows\SysWOW64\mswsock.dll [312160] (Microsoft Corporation)
x64-Catalog5 01 C:\Windows\System32\napinsp.dll [68096] (Microsoft Corporation)
x64-Catalog5 02 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 03 C:\Windows\System32\pnrpnsp.dll [87040] (Microsoft Corporation)
x64-Catalog5 04 C:\Windows\System32\NLAapi.dll [80896] (Microsoft Corporation)
x64-Catalog5 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog5 06 C:\Windows\System32\winrnr.dll [31744] (Microsoft Corporation)
x64-Catalog9 01 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 02 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 03 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 04 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 05 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 06 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 07 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 08 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 09 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 10 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
x64-Catalog9 11 C:\Windows\System32\mswsock.dll [357216] (Microsoft Corporation)
 
========================= Event log errors: ===============================
 
Application errors:
==================
Error: (03/01/2016 05:06:27 AM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Faulting module name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Exception code: 0xc0010003
Fault offset: 0x00b0bf7e
Faulting process id: 0x2d3c
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5
 
Error: (02/29/2016 12:00:02 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Faulting module name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Exception code: 0xc0010003
Fault offset: 0x00b0bf7e
Faulting process id: 0x2d3c
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5
 
Error: (02/29/2016 12:04:54 AM) (Source: Perflib) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (02/27/2016 10:16:14 PM) (Source: Application Error) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.35, time stamp: 0x566505bc
Faulting module name: QuickActions.dll, version: 0.0.0.0, time stamp: 0x56650458
Exception code: 0xc0000005
Fault offset: 0x0000000000001931
Faulting process id: 0x2a84
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5
 
Error: (02/26/2016 05:32:07 PM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Faulting module name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Exception code: 0xc0010003
Fault offset: 0x00b0bf7e
Faulting process id: 0x2b80
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5
 
Error: (02/24/2016 03:59:06 PM) (Source: Application Error) (User: )
Description: Faulting application name: SystemSettingsBroker.exe, version: 10.0.10586.0, time stamp: 0x5632d7b4
Faulting module name: KERNELBASE.dll, version: 10.0.10586.103, time stamp: 0x56a8489c
Exception code: 0xe06d7363
Fault offset: 0x0000000000071f08
Faulting process id: 0x1138
Faulting application start time: 0xSystemSettingsBroker.exe0
Faulting application path: SystemSettingsBroker.exe1
Faulting module path: SystemSettingsBroker.exe2
Report Id: SystemSettingsBroker.exe3
Faulting package full name: SystemSettingsBroker.exe4
Faulting package-relative application ID: SystemSettingsBroker.exe5
 
Error: (02/24/2016 03:58:59 PM) (Source: Application Error) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.35, time stamp: 0x566505bc
Faulting module name: QuickActions.dll, version: 0.0.0.0, time stamp: 0x56650458
Exception code: 0xc0000005
Fault offset: 0x0000000000001931
Faulting process id: 0xc68
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5
 
Error: (02/24/2016 02:27:43 AM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Faulting module name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Exception code: 0xc0010003
Fault offset: 0x00b0bf7e
Faulting process id: 0x2674
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5
 
Error: (02/23/2016 07:52:38 AM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Faulting module name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Exception code: 0xc0010003
Fault offset: 0x00b0bf7e
Faulting process id: 0x20d0
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5
 
Error: (02/23/2016 03:40:08 AM) (Source: Application Error) (User: )
Description: Faulting application name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Faulting module name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Exception code: 0xc0010003
Fault offset: 0x00b0bf7e
Faulting process id: 0x20d0
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5
 
 
System errors:
=============
Error: (03/01/2016 08:22:48 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
 
Error: (03/01/2016 08:22:47 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (03/01/2016 05:14:19 AM) (Source: Microsoft-Windows-Kernel-Power) (User: )
Description: 4
 
Error: (03/01/2016 05:14:17 AM) (Source: DCOM) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/29/2016 08:35:04 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 8 0x0 0x0
 
Error: (02/29/2016 08:35:04 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 2 0xdeaddeed 0xeeec
 
Error: (02/29/2016 08:35:04 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 1 0xc 0x4
 
Error: (02/29/2016 07:39:57 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 8 0x0 0x0
 
Error: (02/29/2016 07:39:56 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 2 0xdeaddeed 0xeeec
 
Error: (02/29/2016 07:39:56 AM) (Source: Microsoft-Windows-WLAN-AutoConfig) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 1 0xc 0x4
 
 
Microsoft Office Sessions:
=========================
Error: (03/01/2016 05:06:27 AM) (Source: Application Error)(User: )
Description: Skype.exe7.18.85.11256bb5065Skype.exe7.18.85.11256bb5065c001000300b0bf7e2d3c01d1713649004498C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exea5680e9d-f283-450a-bc45-2e01660fa7de
 
Error: (02/29/2016 12:00:02 PM) (Source: Application Error)(User: )
Description: Skype.exe7.18.85.11256bb5065Skype.exe7.18.85.11256bb5065c001000300b0bf7e2d3c01d1713649004498C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exe776de101-1a73-47da-a553-589c65200c63
 
Error: (02/29/2016 12:04:54 AM) (Source: Perflib)(User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (02/27/2016 10:16:14 PM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.10586.35566505bcQuickActions.dll0.0.0.056650458c000000500000000000019312a8401d16eaf541dd0cdC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dlld30d9d39-36aa-475a-a98a-7ee01cdf0ebcMicrosoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewyApp
 
Error: (02/26/2016 05:32:07 PM) (Source: Application Error)(User: )
Description: Skype.exe7.18.85.11256bb5065Skype.exe7.18.85.11256bb5065c001000300b0bf7e2b8001d16e63c48c937cC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.execbf4da90-ec1b-4f62-b0b1-b4682651a23b
 
Error: (02/24/2016 03:59:06 PM) (Source: Application Error)(User: )
Description: SystemSettingsBroker.exe10.0.10586.05632d7b4KERNELBASE.dll10.0.10586.10356a8489ce06d73630000000000071f08113801d16e80837fd2d6C:\Windows\System32\SystemSettingsBroker.exeC:\Windows\system32\KERNELBASE.dll2661ea8d-8ab0-4cfc-afc0-2fd5e165a83d
 
Error: (02/24/2016 03:58:59 PM) (Source: Application Error)(User: )
Description: ShellExperienceHost.exe10.0.10586.35566505bcQuickActions.dll0.0.0.056650458c00000050000000000001931c6801d16b52af259fd3C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll07457a89-56af-461b-8a79-f7aabe07edc5Microsoft.Windows.ShellExperienceHost_10.0.10586.0_neutral_neutral_cw5n1h2txyewyApp
 
Error: (02/24/2016 02:27:43 AM) (Source: Application Error)(User: )
Description: Skype.exe7.18.85.11256bb5065Skype.exe7.18.85.11256bb5065c001000300b0bf7e267401d16da2354eecaeC:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exe6594a682-cef8-47ee-b072-b393e7180bde
 
Error: (02/23/2016 07:52:38 AM) (Source: Application Error)(User: )
Description: Skype.exe7.18.85.11256bb5065Skype.exe7.18.85.11256bb5065c001000300b0bf7e20d001d16c7b861118d3C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exe2bd023e7-d791-4141-920b-35ca8c0b5dd0
 
Error: (02/23/2016 03:40:08 AM) (Source: Application Error)(User: )
Description: Skype.exe7.18.85.11256bb5065Skype.exe7.18.85.11256bb5065c001000300b0bf7e20d001d16c7b861118d3C:\Program Files (x86)\Skype\Phone\Skype.exeC:\Program Files (x86)\Skype\Phone\Skype.exeddbea3bd-e6a7-4498-98ea-64368f0c36ba
 
 
CodeIntegrity Errors:
===================================
  Date: 2016-03-03 08:36:13.215
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-14 08:01:50.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-13 10:47:17.027
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-11 07:22:55.495
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-30 03:18:44.062
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-21 03:03:31.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-12 07:05:48.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-09 10:19:10.837
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-09 05:16:04.301
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-20 11:46:08.843
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
=========================== Installed Programs ============================
 
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
CameraHelperMsi (HKLM-x32\...\{15634701-BACE-4449-8B25-1567DA8C9FD3}) (Version: 13.51.815.0 - Logitech) Hidden
erLT (HKLM-x32\...\{3EE9BCAE-E9A9-45E5-9B1C-83A4D357E05C}) (Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
foobar2000 v1.3.9 (HKLM-x32\...\foobar2000) (Version: 1.3.9 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\{DC7D9EC9-2AD1-33A7-92CF-5F5051E62843}) (Version: 46.0.2490.86 - Google, Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Update Helper (HKLM-x32\...\{60EC980A-BDA2-4CB6-A427-B07A5498B4CA}) (Version: 1.3.29.5 - Google Inc.) Hidden
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
K-Lite Codec Pack 11.7.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.7.0 - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Quiplash (HKLM-x32\...\Steam App 351510) (Version:  - Jackbox Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.55321 - TeamViewer)
The Jackbox Party Pack (HKLM-x32\...\Steam App 331670) (Version:  - Jackbox Games, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinDirStat 1.1.2 (HKCU\...\WinDirStat) (Version:  - )
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
========================= Devices: ================================
 
 
========================= Memory info: ===================================
 
Percentage of memory in use: 68%
Total physical RAM: 3963.98 MB
Available physical RAM: 1258.66 MB
Total Virtual: 5249.16 MB
Available Virtual: 953.72 MB
 
========================= Partitions: =====================================
 
1 Drive c: () (Fixed) (Total:111.3 GB) (Free:20.75 GB) NTFS
 
========================= Users: ========================================
 
User accounts for \\DESKTOP-SMO5HUA
 
Administrator            DefaultAccount           Guest                    
yvonn                    
 
========================= Minidump Files ==================================
 
No minidump file found
 
========================= Restore Points ==================================
 
 
**** End of log ****
 

 

 

Thanks a lot!



#4 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:26 AM

Posted 02 March 2016 - 07:04 PM

OK, now please follow this malware removal guide step by step:
http://www.bleepingcomputer.com/virus-removal/remove-pastaleads-and-pastaquotes

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#5 dwellington

dwellington
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 02 March 2016 - 10:41 PM

Hey

There is no PastaLeads/PastaQuotes applications installed in Add/Remove programs. I ran RKill but it didn't find anything to kill. EMISISoft didn't find any malware either, and I re-ran that with the "use direct disk access" option enabled too. Please let me know what to do next! Cheers

 

Edit: Malwarebytes still finds the 8 above threats.


Edited by dwellington, 02 March 2016 - 10:53 PM.


#6 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:26 AM

Posted 03 March 2016 - 03:38 AM

Hi,

Uninstall Chrome

restart the pc

Re-install Chrome but enable only plugins/addons that you really need!

---

turn off all computers, iphones, ...
then unplug the power cable from the router,
then unplug the power cable from the (Cable) modem

....let it OFF for about 5 minutes.

Then with the computers still off,
plug back in the Cable modem power cable.

...when all the lights come on:
then plug in the router,

when all the lights come back on:
then start all computers:

Now check if your problem still exists.
Post results here!
 

***


How the computer is running now?


***


Edited by Jo*, 03 March 2016 - 03:45 AM.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#7 dwellington

dwellington
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 03 March 2016 - 03:49 AM

Hey Jo

 

The network setup for the apartment is a network jack in the wall (the internet is provided as part of the apartment), with a network cable between that and a D-Link DIR-600 wireless router. The laptop connects to the router wirelessly. My partner is currently working out of town, and I don't have physical access to the machine, only a remote connection. The computer however was shut down earlier today and is back on now with the problem continuing. 

 

Cheers



#8 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:26 AM

Posted 03 March 2016 - 03:54 AM


OK,

please make sure that the router reset will be done later.

Can you uninstall/re-install Chrome:

Uninstall Chrome

restart the pc

Re-install Chrome but enable only plugins/addons that you really need!

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#9 dwellington

dwellington
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 03 March 2016 - 04:29 AM

Same result, 8 threats in Malwarebytes.



#10 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:26 AM

Posted 03 March 2016 - 04:37 AM


I will ask a moderator to move your Topic to this Forum Section:
http://www.bleepingcomputer.com/forums/f/22/virus-trojan-spyware-and-malware-removal-logs/

There we can use advanced tools and scripts.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#11 dwellington

dwellington
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 03 March 2016 - 04:59 AM

Thanks a lot



#12 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:26 AM

Posted 03 March 2016 - 07:42 AM

Please download Farbar Recovery Scan Tool and save it to your Desktop.

Note: You need to run the version compatible with your system. If you are not sure which version applies to your system, download both of them and try to run them. Only one of them will run on your system, that will be the right version.
  • Right-click FRST then click "Run as administrator" (XP users: click run after receipt of Windows Security Warning - Open File).
  • When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • When finished, it will produce a log called FRST.txt in the same directory the tool was run from.
  • Please copy and paste the log in your next reply.
Note 2: The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that, along with the FRST.txt into your next reply.

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#13 dwellington

dwellington
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 03 March 2016 - 01:49 PM

 

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:02-03-2016

Ran by yvonn (administrator) on DESKTOP-SMO5HUA (04-03-2016 07:45:51)
Running from C:\Users\yvonn\Downloads
Loaded Profiles: yvonn (Available Profiles: yvonn)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
 
==================== Processes (Whitelisted) =================
 
(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)
 
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2service.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.29.5\GoogleCrashHandler64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_w32.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\tv_x64.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Skype Technologies S.A.) C:\Program Files (x86)\Skype\Phone\Skype.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
(Logitech Inc.) C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe
() C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
(Google) C:\Program Files (x86)\Google\Drive\googledrivesync.exe
(Emsisoft Ltd) C:\Program Files\Emsisoft Anti-Malware\a2guard.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jucheck.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.16941.0_x64__8wekyb3d8bbwe\Video.UI.exe
(Microsoft Corporation) C:\Windows\System32\cmd.exe
(Oracle Corporation) C:\Program Files\Java\jre1.8.0_66\bin\javaw.exe
(FileZilla Project) C:\Program Files\FileZilla FTP Client\filezilla.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\TeamViewer_Desktop.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Farbar) C:\Users\yvonn\Downloads\FRST64 (1).exe
 
 
==================== Registry (Whitelisted) ===========================
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)
 
HKLM\...\Run: [emsisoft anti-malware] => c:\program files\emsisoft anti-malware\a2guard.exe [9239064 2016-02-26] (Emsisoft Ltd)
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [596528 2015-11-09] (Oracle Corporation)
HKLM-x32\...\Run: [APSDaemon] => C:\Program Files (x86)\Common Files\Apple\Apple Application Support\APSDaemon.exe [59720 2013-09-13] (Apple Inc.)
HKLM-x32\...\Run: [QuickTime Task] => C:\Program Files (x86)\QuickTime\QTTask.exe [421888 2015-08-06] (Apple Inc.)
HKLM-x32\...\Run: [LWS] => C:\Program Files (x86)\Logitech\LWS\Webcam Software\LWS.exe [204136 2012-09-13] (Logitech Inc.)
HKU\S-1-5-21-573740418-3995116694-3947795330-1001\...\Run: [GoogleDriveSync] => C:\Program Files (x86)\Google\Drive\googledrivesync.exe [23499656 2016-01-15] (Google)
HKU\S-1-5-21-573740418-3995116694-3947795330-1001\...\Run: [GoogleChromeAutoLaunch_89C7B3880F535F38C084E21CB6CF9EC4] => C:\Program Files (x86)\Google\Chrome\Application\chrome.exe [874648 2016-03-02] (Google Inc.)
HKU\S-1-5-21-573740418-3995116694-3947795330-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [50605696 2016-02-10] (Skype Technologies S.A.)
HKU\S-1-5-21-573740418-3995116694-3947795330-1001\Control Panel\Desktop\\SCRNSAVE.EXE -> C:\Windows\system32\scrnsave.scr [31744 2015-10-30] (Microsoft Corporation)
ShellIconOverlayIdentifiers: [  GoogleDriveBlacklisted] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D42} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSynced] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D40} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
ShellIconOverlayIdentifiers: [  GoogleDriveSyncing] -> {81539FE6-33C7-4CE7-90C7-1C7B8F2F2D41} => C:\Program Files (x86)\Google\Drive\googledrivesync64.dll [2016-01-15] (Google)
 
==================== Internet (Whitelisted) ====================
 
(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)
 
Tcpip\Parameters: [DhcpNameServer] 41.190.192.172 8.8.8.8
Tcpip\..\Interfaces\{16bf66d8-f67b-4a97-a70a-fd76c86dff53}: [NameServer] 8.8.8.8,8.8.4.4
Tcpip\..\Interfaces\{16bf66d8-f67b-4a97-a70a-fd76c86dff53}: [DhcpNameServer] 41.190.192.172 8.8.8.8
 
Internet Explorer:
==================
SearchScopes: HKU\S-1-5-21-573740418-3995116694-3947795330-1001 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = 
BHO: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files\Java\jre1.8.0_66\bin\ssv.dll [2015-11-19] (Oracle Corporation)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-19] (Oracle Corporation)
BHO-x32: Java™ Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2015-11-19] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java™ Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2015-11-19] (Oracle Corporation)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
 
FireFox:
========
FF Plugin: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-19] (Oracle Corporation)
FF Plugin: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-19] (Oracle Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-17] (VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2015-11-19] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-04] (Google Inc.)
 
Chrome: 
=======
CHR Profile: C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-19]
CHR Extension: (Google Docs) - C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-19]
CHR Extension: (Google Drive) - C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-19]
CHR Extension: (YouTube) - C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-19]
CHR Extension: (Google Search) - C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-19]
CHR Extension: (Google Sheets) - C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-19]
CHR Extension: (Google Docs Offline) - C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-19]
CHR Extension: (AdBlock) - C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2016-02-18]
CHR Extension: (Application Launcher for Drive (by Google)) - C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Extensions\lmjegmlicamnimmfhcmpkclmigmmcbeh [2015-11-19]
CHR Extension: (Google Mail Checker) - C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Extensions\mihcahmgecmbnbcchbopgniflfhgnkff [2015-11-19]
CHR Extension: (Chrome Web Store Payments) - C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-19]
CHR Extension: (Gmail) - C:\Users\yvonn\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-19]
CHR HKU\S-1-5-21-573740418-3995116694-3947795330-1001\SOFTWARE\Google\Chrome\Extensions\...\Chrome\Extension: [lmjegmlicamnimmfhcmpkclmigmmcbeh] - hxxps://clients2.google.com/service/update2/crx
 
==================== Services (Whitelisted) ========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R2 a2AntiMalware; C:\Program Files\Emsisoft Anti-Malware\a2service.exe [10970064 2016-03-03] (Emsisoft Ltd)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 TeamViewer; C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe [6940944 2016-02-16] (TeamViewer GmbH)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)
 
===================== Drivers (Whitelisted) ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
R1 epp; C:\PROGRAM FILES\EMSISOFT ANTI-MALWARE\epp.sys [124080 2016-02-11] (Emsisoft Ltd)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek                                            )
R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [45728 2015-08-07] (Toshiba Corporation)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
 
==================== NetSvcs (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
 
==================== One Month Created files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-04 07:45 - 2016-03-04 07:45 - 00012380 _____ C:\Users\yvonn\Downloads\FRST.txt
2016-03-04 07:42 - 2016-03-04 07:42 - 02371584 _____ (Farbar) C:\Users\yvonn\Downloads\FRST64 (1).exe
2016-03-04 07:22 - 2016-03-04 07:22 - 00000000 ____D C:\Users\yvonn\Downloads\The.Piano.1993.REMASTERED.BDRip.x264-PHOBOS
2016-03-03 23:52 - 2016-03-04 06:41 - 00000000 ____D C:\Users\yvonn\Downloads\Homeland.S04.BDRip.X264-REWARD
2016-03-03 23:28 - 2016-03-03 23:51 - 00000000 ____D C:\Users\yvonn\Downloads\Greys.Anatomy.S12E11.HDTV.x264-LOL
2016-03-03 23:04 - 2016-03-03 23:26 - 00000000 ____D C:\Users\yvonn\Downloads\Greys.Anatomy.S12E10.HDTV.x264-KILLERS
2016-03-03 22:35 - 2016-03-03 23:02 - 00000000 ____D C:\Users\yvonn\Downloads\Greys.Anatomy.S12E09.HDTV.x264-LOL
2016-03-03 22:04 - 2016-03-03 22:34 - 00000000 ____D C:\Users\yvonn\Downloads\Greys.Anatomy.S12E08.HDTV.x264-KILLERS
2016-03-03 22:04 - 2016-03-03 22:04 - 00002344 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk
2016-03-03 22:04 - 2016-03-03 22:04 - 00002332 _____ C:\Users\Public\Desktop\Google Chrome.lnk
2016-03-03 21:56 - 2016-03-03 21:56 - 00987728 _____ (Google Inc.) C:\Users\yvonn\Downloads\ChromeSetup.exe
2016-03-03 20:03 - 2016-03-03 20:07 - 00000000 ____D C:\Users\yvonn\Downloads\VICE.S04E00.Special.Report-Fighting.ISIS.720p.HDTV.x264-BATV
2016-03-03 19:41 - 2016-03-04 07:29 - 00000000 ____D C:\Users\yvonn\Downloads\VICE.S04E04.720p.HDTV.x264-BATV
2016-03-03 17:07 - 2016-03-03 20:42 - 00000000 ____D C:\Users\yvonn\Desktop\Camera Capture
2016-03-03 16:37 - 2016-03-03 17:05 - 00000000 ____D C:\Users\yvonn\.yawcam
2016-03-03 16:37 - 2016-03-03 16:37 - 00001138 _____ C:\Users\yvonn\Desktop\Yawcam.lnk
2016-03-03 16:37 - 2016-03-03 16:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Yawcam
2016-03-03 16:36 - 2016-03-03 16:37 - 00000000 ____D C:\Program Files (x86)\Yawcam
2016-03-03 16:32 - 2016-03-03 16:33 - 04797556 _____ (Magnus Lundvall ) C:\Users\yvonn\Desktop\yawcam_install.exe
2016-03-03 16:24 - 2016-03-03 16:24 - 00000000 ____D C:\ProgramData\Emsisoft
2016-03-03 13:48 - 2016-03-03 13:48 - 00000000 ____D C:\Users\yvonn\AppData\Local\TeamViewer
2016-03-03 13:32 - 2016-03-03 13:32 - 00000937 _____ C:\Users\Public\Desktop\Emsisoft Anti-Malware.lnk
2016-03-03 13:32 - 2016-03-03 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Emsisoft Anti-Malware
2016-03-03 13:31 - 2016-03-04 07:46 - 00000000 ____D C:\Program Files\Emsisoft Anti-Malware
2016-03-03 13:18 - 2016-03-03 13:27 - 205471992 _____ (Emsisoft Ltd. ) C:\Users\yvonn\Downloads\EmsisoftAntiMalwareSetup.exe
2016-03-03 12:56 - 2016-03-03 12:57 - 00028651 _____ C:\Users\yvonn\Downloads\MTB.txt
2016-03-03 12:56 - 2016-03-03 12:56 - 00891392 _____ (Farbar) C:\Users\yvonn\Downloads\MiniToolBox.exe
2016-03-03 11:59 - 2016-03-03 12:00 - 01518592 _____ C:\Users\yvonn\Downloads\adwcleaner_5.037.exe
2016-03-03 11:38 - 2016-03-03 11:54 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2016-03-03 11:15 - 2016-03-03 11:15 - 00000000 ____D C:\Users\yvonn\Desktop\123
2016-03-03 10:31 - 2016-03-03 10:32 - 16563352 _____ (Malwarebytes Corp.) C:\Users\yvonn\Desktop\mbar-1.09.3.1001.exe
2016-03-03 10:21 - 2016-03-03 10:21 - 00852798 _____ C:\Users\yvonn\Downloads\SecurityCheck.exe
2016-03-03 09:58 - 2016-03-04 07:26 - 00000000 ____D C:\Users\yvonn\Downloads\Broad.City.S03E01.720p.HDTV.x264-AVS
2016-03-02 09:55 - 2016-02-24 00:23 - 00713568 _____ (Microsoft Corporation) C:\Windows\system32\invagent.dll
2016-03-02 09:55 - 2016-02-24 00:22 - 01173344 _____ (Microsoft Corporation) C:\Windows\system32\aeinv.dll
2016-03-02 09:55 - 2016-02-24 00:15 - 00513888 _____ (Microsoft Corporation) C:\Windows\system32\devinv.dll
2016-03-02 09:55 - 2016-02-23 23:34 - 01859960 _____ C:\Windows\SysWOW64\CoreUIComponents.dll
2016-03-02 09:55 - 2016-02-23 23:34 - 01542816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ntdll.dll
2016-03-02 09:55 - 2016-02-23 23:32 - 00369912 _____ (Microsoft Corporation) C:\Windows\system32\audiodg.exe
2016-03-02 09:55 - 2016-02-23 23:31 - 00536256 _____ (Microsoft Corporation) C:\Windows\system32\AudioSes.dll
2016-03-02 09:55 - 2016-02-23 23:22 - 00572272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\taskschd.dll
2016-03-02 09:55 - 2016-02-23 23:21 - 22564328 _____ (Microsoft Corporation) C:\Windows\system32\shell32.dll
2016-03-02 09:55 - 2016-02-23 23:21 - 06606568 _____ (Microsoft Corporation) C:\Windows\system32\windows.storage.dll
2016-03-02 09:55 - 2016-02-23 22:39 - 00502112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupEngine.dll
2016-03-02 09:55 - 2016-02-23 22:38 - 06952088 _____ (Microsoft Corp.) C:\Windows\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-02 09:55 - 2016-02-23 22:38 - 02180136 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfcore.dll
2016-03-02 09:55 - 2016-02-23 22:38 - 00980352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfasfsrcsnk.dll
2016-03-02 09:55 - 2016-02-23 22:38 - 00895080 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsrcsnk.dll
2016-03-02 09:55 - 2016-02-23 22:38 - 00882720 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmp4srcsnk.dll
2016-03-02 09:55 - 2016-02-23 22:38 - 00709176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfsvr.dll
2016-03-02 09:55 - 2016-02-23 22:38 - 00450912 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFCaptureEngine.dll
2016-03-02 09:55 - 2016-02-23 22:38 - 00420928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msvproc.dll
2016-03-02 09:55 - 2016-02-23 22:37 - 00713824 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmpeg2srcsnk.dll
2016-03-02 09:55 - 2016-02-23 22:30 - 02919320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iertutil.dll
2016-03-02 09:55 - 2016-02-23 22:27 - 21124344 _____ (Microsoft Corporation) C:\Windows\SysWOW64\shell32.dll
2016-03-02 09:55 - 2016-02-23 22:26 - 05241984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\windows.storage.dll
2016-03-02 09:55 - 2016-02-23 21:58 - 00187744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\AppxAllUserStore.dll
2016-03-02 09:55 - 2016-02-23 21:58 - 00052224 _____ (Microsoft Corporation) C:\Windows\system32\jsproxy.dll
2016-03-02 09:55 - 2016-02-23 21:56 - 02186864 _____ (Microsoft Corporation) C:\Windows\SysWOW64\d3d11.dll
2016-03-02 09:55 - 2016-02-23 21:55 - 00221600 _____ (Microsoft Corporation) C:\Windows\SysWOW64\sqmapi.dll
2016-03-02 09:55 - 2016-02-23 21:54 - 00539256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wer.dll
2016-03-02 09:55 - 2016-02-23 21:54 - 00141664 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wermgr.exe
2016-03-02 09:55 - 2016-02-23 21:38 - 00287712 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.MediaControl.dll
2016-03-02 09:55 - 2016-02-23 21:28 - 00275456 _____ (Microsoft Corporation) C:\Windows\system32\AudioEndpointBuilder.dll
2016-03-02 09:55 - 2016-02-23 21:14 - 00029696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\LaunchWinApp.exe
2016-03-02 09:55 - 2016-02-23 21:09 - 01054208 _____ (Microsoft Corporation) C:\Windows\system32\audiosrv.dll
2016-03-02 09:55 - 2016-02-23 21:06 - 00065536 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininetlui.dll
2016-03-02 09:55 - 2016-02-23 21:06 - 00045568 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jsproxy.dll
2016-03-02 09:55 - 2016-02-23 21:05 - 00161280 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InstallAgent.exe
2016-03-02 09:55 - 2016-02-23 21:00 - 02624512 _____ (Microsoft Corporation) C:\Windows\system32\InputService.dll
2016-03-02 09:55 - 2016-02-23 20:58 - 00345600 _____ (Microsoft Corporation) C:\Windows\system32\TextInputFramework.dll
2016-03-02 09:55 - 2016-02-23 20:57 - 00031744 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TimeBrokerClient.dll
2016-03-02 09:55 - 2016-02-23 20:52 - 00456704 _____ (Microsoft Corporation) C:\Windows\system32\ipnathlp.dll
2016-03-02 09:55 - 2016-02-23 20:50 - 00266752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MSFlacDecoder.dll
2016-03-02 09:55 - 2016-02-23 20:49 - 00200704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\DisplayManager.dll
2016-03-02 09:55 - 2016-02-23 20:47 - 00157184 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WiFiDisplay.dll
2016-03-02 09:55 - 2016-02-23 20:38 - 00480256 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MCRecvSrc.dll
2016-03-02 09:55 - 2016-02-23 20:37 - 00394752 _____ (Microsoft Corporation) C:\Windows\SysWOW64\werui.dll
2016-03-02 09:55 - 2016-02-23 20:36 - 00713728 _____ (Microsoft Corporation) C:\Windows\SysWOW64\netlogon.dll
2016-03-02 09:55 - 2016-02-23 20:36 - 00379392 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mfmkvsrcsnk.dll
2016-03-02 09:55 - 2016-02-23 20:36 - 00250880 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 09:55 - 2016-02-23 20:35 - 00400896 _____ (Microsoft Corporation) C:\Windows\SysWOW64\winspool.drv
2016-03-02 09:55 - 2016-02-23 20:31 - 00585216 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.AccountsControl.dll
2016-03-02 09:55 - 2016-02-23 20:31 - 00228352 _____ (Microsoft Corporation) C:\Windows\SysWOW64\deviceaccess.dll
2016-03-02 09:55 - 2016-02-23 20:30 - 00646656 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-02 09:55 - 2016-02-23 20:29 - 00949248 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Unistore.dll
2016-03-02 09:55 - 2016-02-23 20:29 - 00349696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\NetSetupShim.dll
2016-03-02 09:55 - 2016-02-23 20:26 - 01498112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WMPDMC.exe
2016-03-02 09:55 - 2016-02-23 20:24 - 01105920 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.Audio.dll
2016-03-02 09:55 - 2016-02-23 20:24 - 00489984 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.dll
2016-03-02 09:55 - 2016-02-23 20:22 - 01944576 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputService.dll
2016-03-02 09:55 - 2016-02-23 20:21 - 00245760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\TextInputFramework.dll
2016-03-02 09:55 - 2016-02-23 20:21 - 00133632 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-02 09:55 - 2016-02-23 20:20 - 00083456 _____ (Microsoft Corporation) C:\Windows\SysWOW64\InputLocaleManager.dll
2016-03-02 09:55 - 2016-02-23 20:05 - 00503296 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSync.dll
2016-03-02 09:55 - 2016-02-23 19:59 - 01500672 _____ (Microsoft Corporation) C:\Windows\SysWOW64\urlmon.dll
2016-03-02 09:55 - 2016-02-23 19:58 - 00450560 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SyncController.dll
2016-03-02 09:55 - 2016-02-23 19:56 - 04412928 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ExplorerFrame.dll
2016-03-02 09:55 - 2016-02-23 19:55 - 02229760 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wininet.dll
2016-03-02 09:55 - 2016-02-23 19:55 - 01707520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ActiveSyncProvider.dll
2016-03-02 09:55 - 2016-02-23 19:53 - 01799168 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.UI.Logon.dll
2016-03-02 09:55 - 2016-02-23 19:52 - 11545600 _____ (Microsoft Corporation) C:\Windows\system32\twinui.dll
2016-03-02 09:55 - 2016-02-23 19:51 - 00754176 _____ (Microsoft Corporation) C:\Windows\SysWOW64\SettingSyncCore.dll
2016-03-02 09:55 - 2016-02-23 19:50 - 09919488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\twinui.dll
2016-03-02 09:55 - 2016-02-23 19:36 - 19341312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mshtml.dll
2016-03-02 09:55 - 2016-02-23 19:36 - 18680320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\edgehtml.dll
2016-03-02 09:55 - 2016-02-23 19:36 - 12125696 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ieframe.dll
2016-03-02 09:55 - 2016-02-23 19:36 - 03666432 _____ (Microsoft Corporation) C:\Windows\SysWOW64\jscript9.dll
2016-03-02 09:55 - 2016-02-23 19:33 - 02604032 _____ (Microsoft Corporation) C:\Windows\SysWOW64\CertEnroll.dll
2016-03-02 09:55 - 2016-02-23 19:32 - 02793472 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Windows.Media.dll
2016-03-02 09:55 - 2016-02-23 19:30 - 02061312 _____ (Microsoft Corporation) C:\Windows\SysWOW64\MFMediaEngine.dll
2016-03-02 09:55 - 2016-02-23 19:28 - 06740992 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mstscax.dll
2016-03-02 09:55 - 2016-02-23 19:26 - 12587520 _____ (Microsoft Corporation) C:\Windows\SysWOW64\wmp.dll
2016-03-02 09:55 - 2016-02-09 16:24 - 00641536 _____ (Microsoft Corporation) C:\Windows\system32\enterprisecsps.dll
2016-03-02 09:55 - 2016-02-09 16:18 - 00237056 _____ (Microsoft Corporation) C:\Windows\SysWOW64\thumbcache.dll
2016-03-02 09:55 - 2016-02-09 16:07 - 01626624 _____ (Microsoft Corporation) C:\Windows\SysWOW64\dwmcore.dll
2016-03-02 09:51 - 2016-02-24 00:15 - 00779384 _____ (Microsoft Corporation) C:\Windows\system32\taskschd.dll
2016-03-02 09:51 - 2016-02-24 00:09 - 01614176 _____ (Microsoft Corporation) C:\Windows\system32\diagtrack.dll
2016-03-02 09:51 - 2016-02-24 00:08 - 00989536 _____ (Microsoft Corporation) C:\Windows\system32\SecConfig.efi
2016-03-02 09:51 - 2016-02-23 23:33 - 00389992 _____ (Microsoft Corporation) C:\Windows\system32\wlanapi.dll
2016-03-02 09:51 - 2016-02-23 23:32 - 08705672 _____ (Microsoft Corp.) C:\Windows\system32\Windows.Media.Protection.PlayReady.dll
2016-03-02 09:51 - 2016-02-23 23:31 - 00476728 _____ (Microsoft Corporation) C:\Windows\system32\msvproc.dll
2016-03-02 09:51 - 2016-02-23 22:45 - 00259336 _____ (Microsoft Corporation) C:\Windows\system32\sqmapi.dll
2016-03-02 09:51 - 2016-02-23 22:40 - 00430944 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb.sys
2016-03-02 09:51 - 2016-02-23 22:25 - 00534368 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\USBHUB3.SYS
2016-03-02 09:51 - 2016-02-23 22:20 - 01139712 _____ (Microsoft Corporation) C:\Windows\system32\XblGameSave.dll
2016-03-02 09:51 - 2016-02-23 22:20 - 00238592 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xboxgip.sys
2016-03-02 09:51 - 2016-02-23 22:19 - 00029696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\xinputhid.sys
2016-03-02 09:51 - 2016-02-23 22:17 - 00649216 _____ (Microsoft Corporation) C:\Windows\system32\ngcsvc.dll
2016-03-02 09:51 - 2016-02-23 22:12 - 00077824 _____ (Microsoft Corporation) C:\Windows\system32\provpackageapidll.dll
2016-03-02 09:51 - 2016-02-23 22:10 - 00027648 _____ (Microsoft Corporation) C:\Windows\system32\WiFiConfigSP.dll
2016-03-02 09:51 - 2016-02-23 22:07 - 00037376 _____ (Microsoft Corporation) C:\Windows\system32\LaunchWinApp.exe
2016-03-02 09:51 - 2016-02-23 22:07 - 00026112 _____ (Microsoft Corporation) C:\Windows\system32\wlansvcpal.dll
2016-03-02 09:51 - 2016-02-23 22:01 - 00104960 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\rasl2tp.sys
2016-03-02 09:51 - 2016-02-23 22:00 - 00048640 _____ (Microsoft Corporation) C:\Windows\system32\wfdprov.dll
2016-03-02 09:51 - 2016-02-23 21:57 - 00199168 _____ (Microsoft Corporation) C:\Windows\system32\InstallAgent.exe
2016-03-02 09:51 - 2016-02-23 21:53 - 00099328 _____ (Microsoft Corporation) C:\Windows\system32\ngckeyenum.dll
2016-03-02 09:51 - 2016-02-23 21:48 - 00041984 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerClient.dll
2016-03-02 09:51 - 2016-02-23 21:39 - 00178176 _____ (Microsoft Corporation) C:\Windows\system32\psmsrv.dll
2016-03-02 09:51 - 2016-02-23 21:37 - 00617984 _____ (Microsoft Corporation) C:\Windows\system32\StorSvc.dll
2016-03-02 09:51 - 2016-02-23 21:34 - 00305664 _____ (Microsoft Corporation) C:\Windows\system32\wifiprofilessettinghandler.dll
2016-03-02 09:51 - 2016-02-23 21:34 - 00189952 _____ (Microsoft Corporation) C:\Windows\system32\WiFiDisplay.dll
2016-03-02 09:51 - 2016-02-23 21:31 - 00463360 _____ (Microsoft Corporation) C:\Windows\system32\wlansec.dll
2016-03-02 09:51 - 2016-02-23 21:30 - 00360448 _____ (Microsoft Corporation) C:\Windows\system32\vaultsvc.dll
2016-03-02 09:51 - 2016-02-23 21:27 - 00307712 _____ (Microsoft Corporation) C:\Windows\system32\usbmon.dll
2016-03-02 09:51 - 2016-02-23 21:25 - 00288768 _____ (Microsoft Corporation) C:\Windows\system32\vaultcli.dll
2016-03-02 09:51 - 2016-02-23 21:25 - 00229376 _____ (Microsoft Corporation) C:\Windows\system32\wsqmcons.exe
2016-03-02 09:51 - 2016-02-23 21:23 - 00412672 _____ (Microsoft Corporation) C:\Windows\system32\wlanmsm.dll
2016-03-02 09:51 - 2016-02-23 21:20 - 00847360 _____ (Microsoft Corporation) C:\Windows\system32\netlogon.dll
2016-03-02 09:51 - 2016-02-23 21:20 - 00606720 _____ (Microsoft Corporation) C:\Windows\system32\wcmsvc.dll
2016-03-02 09:51 - 2016-02-23 21:20 - 00330240 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-02 09:51 - 2016-02-23 21:19 - 00948736 _____ (Microsoft Corporation) C:\Windows\system32\XblAuthManager.dll
2016-03-02 09:51 - 2016-02-23 21:19 - 00517632 _____ (Microsoft Corporation) C:\Windows\system32\winspool.drv
2016-03-02 09:51 - 2016-02-23 21:18 - 00557056 _____ (Microsoft Corporation) C:\Windows\system32\PsmServiceExtHost.dll
2016-03-02 09:51 - 2016-02-23 21:12 - 00852480 _____ (Microsoft Corporation) C:\Windows\system32\Windows.ApplicationModel.Store.dll
2016-03-02 09:51 - 2016-02-23 21:11 - 01224704 _____ (Microsoft Corporation) C:\Windows\system32\Unistore.dll
2016-03-02 09:51 - 2016-02-23 21:10 - 00997376 _____ (Microsoft Corporation) C:\Windows\system32\schedsvc.dll
2016-03-02 09:51 - 2016-02-23 21:09 - 01390592 _____ (Microsoft Corporation) C:\Windows\system32\win32kbase.sys
2016-03-02 09:51 - 2016-02-23 21:09 - 00988160 _____ (Microsoft Corporation) C:\Windows\system32\SharedStartModel.dll
2016-03-02 09:51 - 2016-02-23 21:06 - 01848832 _____ (Microsoft Corporation) C:\Windows\system32\WMPDMC.exe
2016-03-02 09:51 - 2016-02-23 21:06 - 01213440 _____ (Microsoft Corporation) C:\Windows\system32\wwansvc.dll
2016-03-02 09:51 - 2016-02-23 21:04 - 00673792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.dll
2016-03-02 09:51 - 2016-02-23 21:04 - 00382464 _____ (Microsoft Corporation) C:\Windows\system32\wuuhext.dll
2016-03-02 09:51 - 2016-02-23 21:02 - 01318912 _____ (Microsoft Corporation) C:\Windows\system32\wifinetworkmanager.dll
2016-03-02 09:51 - 2016-02-23 21:02 - 00755712 _____ (Microsoft Corporation) C:\Windows\system32\spoolsv.exe
2016-03-02 09:51 - 2016-02-23 21:02 - 00285696 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxsmb10.sys
2016-03-02 09:51 - 2016-02-23 20:58 - 00163840 _____ (Microsoft Corporation) C:\Windows\system32\TimeBrokerServer.dll
2016-03-02 09:51 - 2016-02-23 20:54 - 00402432 _____ (Microsoft Corporation) C:\Windows\system32\sharemediacpl.dll
2016-03-02 09:51 - 2016-02-23 20:47 - 01490432 _____ (Microsoft Corporation) C:\Windows\system32\UserDataService.dll
2016-03-02 09:51 - 2016-02-23 20:41 - 03594240 _____ (Microsoft Corporation) C:\Windows\system32\win32kfull.sys
2016-03-02 09:51 - 2016-02-23 20:37 - 01118208 _____ (Microsoft Corporation) C:\Windows\system32\localspl.dll
2016-03-02 09:51 - 2016-02-23 20:37 - 00613376 _____ (Microsoft Corporation) C:\Windows\system32\SettingSync.dll
2016-03-02 09:51 - 2016-02-23 20:30 - 02275840 _____ (Microsoft Corporation) C:\Windows\system32\wuaueng.dll
2016-03-02 09:51 - 2016-02-23 20:17 - 02635264 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Logon.dll
2016-03-02 09:51 - 2016-02-23 20:14 - 00990720 _____ (Microsoft Corporation) C:\Windows\system32\SettingSyncCore.dll
2016-03-02 09:51 - 2016-02-23 20:11 - 01390080 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Shell.dll
2016-03-02 09:51 - 2016-02-23 20:01 - 02295808 _____ (Microsoft Corporation) C:\Windows\system32\wlansvc.dll
2016-03-02 09:51 - 2016-02-23 19:55 - 04894208 _____ (Microsoft Corporation) C:\Windows\system32\jscript9.dll
2016-03-02 09:51 - 2016-02-23 19:42 - 03425792 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.dll
2016-03-02 09:51 - 2016-02-23 19:41 - 02912256 _____ (Microsoft Corporation) C:\Windows\system32\CertEnroll.dll
2016-03-02 09:51 - 2016-02-23 19:35 - 07533568 _____ (Microsoft Corporation) C:\Windows\system32\mstscax.dll
2016-03-02 09:51 - 2016-02-09 17:28 - 00277856 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\sdbus.sys
2016-03-02 09:51 - 2016-02-09 17:13 - 00185184 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dumpsd.sys
2016-03-02 09:51 - 2016-02-09 16:18 - 00297472 _____ (Microsoft Corporation) C:\Windows\system32\thumbcache.dll
2016-03-02 09:50 - 2016-02-24 00:29 - 01030416 _____ (Microsoft Corporation) C:\Windows\system32\winresume.efi
2016-03-02 09:50 - 2016-02-24 00:29 - 00874968 _____ (Microsoft Corporation) C:\Windows\system32\winresume.exe
2016-03-02 09:50 - 2016-02-24 00:27 - 07475040 _____ (Microsoft Corporation) C:\Windows\system32\ntoskrnl.exe
2016-03-02 09:50 - 2016-02-24 00:27 - 02654872 _____ C:\Windows\system32\CoreUIComponents.dll
2016-03-02 09:50 - 2016-02-24 00:27 - 01317640 _____ (Microsoft Corporation) C:\Windows\system32\winload.efi
2016-03-02 09:50 - 2016-02-24 00:27 - 01141504 _____ (Microsoft Corporation) C:\Windows\system32\winload.exe
2016-03-02 09:50 - 2016-02-24 00:25 - 02152288 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\ntfs.sys
2016-03-02 09:50 - 2016-02-24 00:25 - 01818696 _____ (Microsoft Corporation) C:\Windows\system32\ntdll.dll
2016-03-02 09:50 - 2016-02-23 23:33 - 00696160 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupEngine.dll
2016-03-02 09:50 - 2016-02-23 23:32 - 02544264 _____ (Microsoft Corporation) C:\Windows\system32\mfcore.dll
2016-03-02 09:50 - 2016-02-23 23:32 - 01152328 _____ (Microsoft Corporation) C:\Windows\system32\mfasfsrcsnk.dll
2016-03-02 09:50 - 2016-02-23 23:32 - 01062480 _____ (Microsoft Corporation) C:\Windows\system32\mfmp4srcsnk.dll
2016-03-02 09:50 - 2016-02-23 23:32 - 00498448 _____ (Microsoft Corporation) C:\Windows\system32\MFCaptureEngine.dll
2016-03-02 09:50 - 2016-02-23 23:31 - 01017032 _____ (Microsoft Corporation) C:\Windows\system32\mfsrcsnk.dll
2016-03-02 09:50 - 2016-02-23 23:31 - 00847656 _____ (Microsoft Corporation) C:\Windows\system32\mfsvr.dll
2016-03-02 09:50 - 2016-02-23 23:31 - 00819648 _____ (Microsoft Corporation) C:\Windows\system32\mfmpeg2srcsnk.dll
2016-03-02 09:50 - 2016-02-23 23:31 - 00408120 _____ (Microsoft Corporation) C:\Windows\system32\AUDIOKSE.dll
2016-03-02 09:50 - 2016-02-23 23:25 - 03671888 _____ (Microsoft Corporation) C:\Windows\system32\iertutil.dll
2016-03-02 09:50 - 2016-02-23 23:17 - 00146272 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\appid.sys
2016-03-02 09:50 - 2016-02-23 22:49 - 00216416 _____ (Microsoft Corporation) C:\Windows\system32\AppxAllUserStore.dll
2016-03-02 09:50 - 2016-02-23 22:45 - 02773096 _____ (Microsoft Corporation) C:\Windows\system32\d3d11.dll
2016-03-02 09:50 - 2016-02-23 22:45 - 01998176 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgkrnl.sys
2016-03-02 09:50 - 2016-02-23 22:45 - 00576352 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms2.sys
2016-03-02 09:50 - 2016-02-23 22:45 - 00394080 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\dxgmms1.sys
2016-03-02 09:50 - 2016-02-23 22:44 - 00640984 _____ (Microsoft Corporation) C:\Windows\system32\wer.dll
2016-03-02 09:50 - 2016-02-23 22:44 - 00147808 _____ (Microsoft Corporation) C:\Windows\system32\wermgr.exe
2016-03-02 09:50 - 2016-02-23 22:32 - 00791744 _____ (Microsoft Corporation) C:\Windows\system32\generaltel.dll
2016-03-02 09:50 - 2016-02-23 22:27 - 00376536 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.MediaControl.dll
2016-03-02 09:50 - 2016-02-23 22:06 - 00129536 _____ (Microsoft Corporation) C:\Windows\system32\flvprophandler.dll
2016-03-02 09:50 - 2016-02-23 22:00 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-02 09:50 - 2016-02-23 21:58 - 00069632 _____ (Microsoft Corporation) C:\Windows\system32\wininetlui.dll
2016-03-02 09:50 - 2016-02-23 21:58 - 00025088 _____ (Microsoft Corporation) C:\Windows\system32\irmon.dll
2016-03-02 09:50 - 2016-02-23 21:55 - 00114688 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\bridge.sys
2016-03-02 09:50 - 2016-02-23 21:53 - 00115712 _____ (Microsoft Corporation) C:\Windows\system32\srpapi.dll
2016-03-02 09:50 - 2016-02-23 21:52 - 00087040 _____ (Microsoft Corporation) C:\Windows\system32\MDMAppInstaller.exe
2016-03-02 09:50 - 2016-02-23 21:50 - 00159232 _____ (Microsoft Corporation) C:\Windows\system32\DeviceCensus.exe
2016-03-02 09:50 - 2016-02-23 21:48 - 00086528 _____ (Microsoft Corporation) C:\Windows\system32\AppCapture.dll
2016-03-02 09:50 - 2016-02-23 21:40 - 00074240 _____ (Microsoft Corporation) C:\Windows\system32\SMSRouter.dll
2016-03-02 09:50 - 2016-02-23 21:38 - 00320000 _____ (Microsoft Corporation) C:\Windows\system32\MSFlacDecoder.dll
2016-03-02 09:50 - 2016-02-23 21:37 - 00274944 _____ (Microsoft Corporation) C:\Windows\system32\DisplayManager.dll
2016-03-02 09:50 - 2016-02-23 21:37 - 00204288 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupSvc.dll
2016-03-02 09:50 - 2016-02-23 21:36 - 00216576 _____ (Microsoft Corporation) C:\Windows\system32\QuickActionsDataModel.dll
2016-03-02 09:50 - 2016-02-23 21:33 - 00558080 _____ (Microsoft Corporation) C:\Windows\system32\MBMediaManager.dll
2016-03-02 09:50 - 2016-02-23 21:32 - 00414720 _____ (Microsoft Corporation) C:\Windows\system32\bcastdvr.exe
2016-03-02 09:50 - 2016-02-23 21:29 - 00591872 _____ (Microsoft Corporation) C:\Windows\system32\SmsRouterSvc.dll
2016-03-02 09:50 - 2016-02-23 21:28 - 00685568 _____ (Microsoft Corporation) C:\Windows\system32\scapi.dll
2016-03-02 09:50 - 2016-02-23 21:26 - 00372224 _____ (Microsoft Corporation) C:\Windows\system32\MDEServer.exe
2016-03-02 09:50 - 2016-02-23 21:22 - 00567808 _____ (Microsoft Corporation) C:\Windows\system32\MCRecvSrc.dll
2016-03-02 09:50 - 2016-02-23 21:22 - 00451584 _____ (Microsoft Corporation) C:\Windows\system32\werui.dll
2016-03-02 09:50 - 2016-02-23 21:20 - 00493568 _____ (Microsoft Corporation) C:\Windows\system32\mfmkvsrcsnk.dll
2016-03-02 09:50 - 2016-02-23 21:14 - 00828928 _____ (Microsoft Corporation) C:\Windows\system32\Windows.AccountsControl.dll
2016-03-02 09:50 - 2016-02-23 21:13 - 00915456 _____ (Microsoft Corporation) C:\Windows\system32\configurationclient.dll
2016-03-02 09:50 - 2016-02-23 21:13 - 00286720 _____ (Microsoft Corporation) C:\Windows\system32\deviceaccess.dll
2016-03-02 09:50 - 2016-02-23 21:11 - 00587776 _____ (Microsoft Corporation) C:\Windows\system32\bisrv.dll
2016-03-02 09:50 - 2016-02-23 21:10 - 00474624 _____ (Microsoft Corporation) C:\Windows\system32\NetSetupShim.dll
2016-03-02 09:50 - 2016-02-23 21:09 - 00870400 _____ (Microsoft Corporation) C:\Windows\system32\modernexecserver.dll
2016-03-02 09:50 - 2016-02-23 21:04 - 01131520 _____ (Microsoft Corporation) C:\Windows\system32\Windows.Media.Audio.dll
2016-03-02 09:50 - 2016-02-23 20:58 - 00175616 _____ (Microsoft Corporation) C:\Windows\system32\Windows.UI.Core.TextInput.dll
2016-03-02 09:50 - 2016-02-23 20:58 - 00108544 _____ (Microsoft Corporation) C:\Windows\system32\InputLocaleManager.dll
2016-03-02 09:50 - 2016-02-23 20:48 - 00838144 _____ (Microsoft Corporation) C:\Windows\system32\uDWM.dll
2016-03-02 09:50 - 2016-02-23 20:30 - 01832448 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentExtensions.dll
2016-03-02 09:50 - 2016-02-23 20:30 - 01731584 _____ (Microsoft Corporation) C:\Windows\system32\urlmon.dll
2016-03-02 09:50 - 2016-02-23 20:28 - 00555520 _____ (Microsoft Corporation) C:\Windows\system32\SyncController.dll
2016-03-02 09:50 - 2016-02-23 20:28 - 00256512 _____ (Microsoft Corporation) C:\Windows\system32\accountaccessor.dll
2016-03-02 09:50 - 2016-02-23 20:26 - 02158592 _____ (Microsoft Corporation) C:\Windows\system32\AppXDeploymentServer.dll
2016-03-02 09:50 - 2016-02-23 20:25 - 01996288 _____ (Microsoft Corporation) C:\Windows\system32\ActiveSyncProvider.dll
2016-03-02 09:50 - 2016-02-23 20:24 - 04827136 _____ (Microsoft Corporation) C:\Windows\system32\ExplorerFrame.dll
2016-03-02 09:50 - 2016-02-23 20:24 - 02755584 _____ (Microsoft Corporation) C:\Windows\system32\wininet.dll
2016-03-02 09:50 - 2016-02-23 19:50 - 22396416 _____ (Microsoft Corporation) C:\Windows\system32\edgehtml.dll
2016-03-02 09:50 - 2016-02-23 19:40 - 24603136 _____ (Microsoft Corporation) C:\Windows\system32\mshtml.dll
2016-03-02 09:50 - 2016-02-23 19:39 - 13382656 _____ (Microsoft Corporation) C:\Windows\system32\ieframe.dll
2016-03-02 09:50 - 2016-02-23 19:39 - 02581504 _____ (Microsoft Corporation) C:\Windows\system32\MFMediaEngine.dll
2016-03-02 09:50 - 2016-02-23 19:33 - 14254080 _____ (Microsoft Corporation) C:\Windows\system32\wmp.dll
2016-03-02 09:50 - 2016-02-09 16:07 - 00086016 _____ (Microsoft Corporation) C:\Windows\system32\DeviceEnroller.exe
2016-03-02 09:50 - 2016-02-09 16:04 - 01946624 _____ (Microsoft Corporation) C:\Windows\system32\dwmcore.dll
2016-03-02 09:49 - 2016-02-24 00:25 - 00563552 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\acpi.sys
2016-02-26 10:40 - 2016-02-26 10:40 - 00025312 _____ C:\Users\yvonn\Downloads\Addition.txt
2016-02-26 10:39 - 2016-03-04 07:45 - 00000000 ____D C:\FRST
2016-02-26 10:25 - 2016-02-26 10:25 - 02371072 _____ (Farbar) C:\Users\yvonn\Downloads\FRST64.exe
2016-02-26 10:08 - 2016-03-04 07:24 - 00000000 ____D C:\Users\yvonn\Downloads\Brooklyn.Nine-Nine.S03E16.720p.HDTV.x264-AVS
2016-02-24 10:04 - 2016-03-03 16:20 - 00002856 _____ C:\Users\yvonn\Desktop\Rkill.txt
2016-02-24 10:04 - 2016-02-24 10:04 - 02032072 _____ (Bleeping Computer, LLC) C:\Users\yvonn\Downloads\rkill.exe
2016-02-22 04:54 - 2016-02-22 04:54 - 00000000 ____D C:\Users\yvonn\AppData\Roaming\TheJackboxPartyPack
2016-02-22 04:54 - 2016-02-22 04:54 - 00000000 ____D C:\Users\yvonn\AppData\Roaming\Macromedia
2016-02-21 10:54 - 2016-02-21 10:54 - 00000000 _____ C:\Users\yvonn\Downloads\comment_card.asp
2016-02-18 03:15 - 2016-02-18 03:15 - 00535441 _____ C:\Users\yvonn\Downloads\Passport - Y M Dwight.pdf
2016-02-18 02:22 - 2016-02-18 02:23 - 00358772 _____ C:\Users\yvonn\Downloads\VISA_REGIME.pdf
2016-02-18 02:07 - 2016-02-18 02:12 - 04685502 _____ C:\Users\yvonn\Downloads\NAI16116_UG_BSM_MGT_A3L_170216_ICRC_Premises.pdf
2016-02-16 14:55 - 2016-02-16 16:38 - 00000000 ____D C:\Users\yvonn\AppData\Roaming\AVAST Software
2016-02-16 14:48 - 2016-02-16 14:49 - 03840080 _____ (AVAST Software) C:\Users\yvonn\Downloads\avast-browser-cleanup-sfx.exe
2016-02-16 14:43 - 2016-03-03 12:01 - 00000000 ____D C:\AdwCleaner
2016-02-12 20:28 - 2016-02-17 04:26 - 00000000 ____D C:\Users\yvonn\Desktop\Movies
2016-02-10 08:11 - 2016-01-29 19:57 - 04502352 _____ (Microsoft Corporation) C:\Windows\explorer.exe
2016-02-10 08:11 - 2016-01-29 19:33 - 04064320 _____ (Microsoft Corporation) C:\Windows\SysWOW64\explorer.exe
2016-02-10 08:11 - 2016-01-27 19:15 - 01557776 _____ (Microsoft Corporation) C:\Windows\SysWOW64\KernelBase.dll
2016-02-10 08:11 - 2016-01-27 19:01 - 01997328 _____ (Microsoft Corporation) C:\Windows\system32\KernelBase.dll
2016-02-10 08:11 - 2016-01-27 18:59 - 00304752 _____ (Microsoft Corporation) C:\Windows\system32\systemreset.exe
2016-02-10 08:11 - 2016-01-27 18:57 - 01824264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\combase.dll
2016-02-10 08:11 - 2016-01-27 18:57 - 00820704 _____ (Microsoft Corporation) C:\Windows\SysWOW64\WinTypes.dll
2016-02-10 08:11 - 2016-01-27 18:55 - 00081112 _____ (Microsoft Corporation) C:\Windows\SysWOW64\OpenWith.exe
2016-02-10 08:11 - 2016-01-27 18:54 - 00295264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msv1_0.dll
2016-02-10 08:11 - 2016-01-27 18:46 - 02606824 _____ (Microsoft Corporation) C:\Windows\system32\combase.dll
2016-02-10 08:11 - 2016-01-27 18:46 - 01270072 _____ (Microsoft Corporation) C:\Windows\system32\WinTypes.dll
2016-02-10 08:11 - 2016-01-27 18:44 - 00604928 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\cng.sys
2016-02-10 08:11 - 2016-01-27 18:44 - 00085320 _____ (Microsoft Corporation) C:\Windows\system32\OpenWith.exe
2016-02-10 08:11 - 2016-01-27 18:43 - 00359776 _____ (Microsoft Corporation) C:\Windows\system32\msv1_0.dll
2016-02-10 08:11 - 2016-01-27 18:21 - 00162816 _____ (Microsoft Corporation) C:\Windows\SysWOW64\msorcl32.dll
2016-02-10 08:11 - 2016-01-27 18:15 - 00031232 _____ (Microsoft Corporation) C:\Windows\SysWOW64\ztrace_maps.dll
2016-02-10 08:11 - 2016-01-27 18:11 - 00118272 _____ (Microsoft Corporation) C:\Windows\SysWOW64\mtxoci.dll
2016-02-10 08:11 - 2016-01-27 18:10 - 00099840 _____ (Microsoft Corporation) C:\Windows\SysWOW64\hlink.dll
2016-02-10 08:11 - 2016-01-27 18:08 - 00299008 _____ (Microsoft Corporation) C:\Windows\system32\microsoft-windows-system-events.dll
2016-02-10 08:11 - 2016-01-27 18:08 - 00036864 _____ (Microsoft Corporation) C:\Windows\system32\ztrace_maps.dll
2016-02-10 08:11 - 2016-01-27 18:07 - 00203264 _____ (Microsoft Corporation) C:\Windows\SysWOW64\iassam.dll
2016-02-10 08:11 - 2016-01-27 18:04 - 00147456 _____ (Microsoft Corporation) C:\Windows\system32\mtxoci.dll
2016-02-10 08:11 - 2016-01-27 18:02 - 00109056 _____ (Microsoft Corporation) C:\Windows\system32\hlink.dll
2016-02-10 08:11 - 2016-01-27 18:01 - 00792064 _____ (Microsoft Corporation) C:\Windows\SysWOW64\kerberos.dll
2016-02-10 08:11 - 2016-01-27 17:59 - 00258048 _____ (Microsoft Corporation) C:\Windows\system32\iassam.dll
2016-02-10 08:11 - 2016-01-27 17:57 - 00764928 _____ (Microsoft Corporation) C:\Windows\system32\Chakradiag.dll
2016-02-10 08:11 - 2016-01-27 17:52 - 00970752 _____ (Microsoft Corporation) C:\Windows\system32\kerberos.dll
2016-02-10 08:11 - 2016-01-27 17:50 - 00144384 _____ (Microsoft Corporation) C:\Windows\system32\Drivers\mrxdav.sys
2016-02-10 08:11 - 2016-01-27 17:49 - 05662208 _____ (Microsoft Corporation) C:\Windows\SysWOW64\Chakra.dll
2016-02-10 08:11 - 2016-01-27 17:44 - 00063488 _____ (Microsoft Corporation) C:\Windows\SysWOW64\cfgbkend.dll
2016-02-10 08:11 - 2016-01-27 17:42 - 01387520 _____ (Microsoft Corporation) C:\Windows\system32\lsasrv.dll
2016-02-10 08:11 - 2016-01-27 17:38 - 07835648 _____ (Microsoft Corporation) C:\Windows\system32\Chakra.dll
2016-02-10 08:11 - 2016-01-27 17:32 - 01087488 _____ (Microsoft Corporation) C:\Windows\system32\reseteng.dll
2016-02-10 08:11 - 2016-01-27 17:31 - 00079360 _____ (Microsoft Corporation) C:\Windows\system32\cfgbkend.dll
2016-02-07 05:12 - 2016-02-07 05:12 - 00000000 ____D C:\Users\Default\AppData\Local\Google
2016-02-07 05:12 - 2016-02-07 05:12 - 00000000 ____D C:\Users\Default User\AppData\Local\Google
2016-02-06 08:02 - 2016-02-06 08:03 - 01531760 _____ C:\Users\yvonn\Downloads\numérisation0184.pdf
2016-02-06 05:41 - 2016-02-06 05:41 - 00034660 _____ C:\Users\yvonn\Downloads\2015-11-18_CyriaqueBaricako_AuthorizationPage_101859.pdf
2016-02-05 05:03 - 2016-02-06 05:25 - 00010850 _____ C:\Users\yvonn\Desktop\Notes on W6 FT.txt
2016-02-04 04:42 - 2016-02-04 04:42 - 01454197 _____ C:\Users\yvonn\Downloads\Closure of 4th Quarter 2015-Response to URCS letter.pdf
 
==================== One Month Modified files and folders ========
 
(If an entry is included in the fixlist, the file/folder will be moved.)
 
2016-03-04 07:33 - 2016-01-21 17:05 - 00000000 ____D C:\Users\yvonn\Desktop\New TV Episodes
2016-03-04 07:27 - 2015-11-19 21:23 - 00000000 ____D C:\Users\yvonn\AppData\Roaming\Skype
2016-03-04 07:02 - 2015-11-19 20:46 - 00000938 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-04 05:02 - 2015-11-19 20:46 - 00000934 _____ C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-04 04:26 - 2015-10-30 20:24 - 00000000 ____D C:\Windows\AppReadiness
2016-03-03 22:08 - 2016-02-01 10:57 - 00192216 _____ (Malwarebytes) C:\Windows\system32\Drivers\MBAMSwissArmy.sys
2016-03-03 22:04 - 2015-11-19 20:46 - 00000000 ____D C:\Program Files (x86)\Google
2016-03-03 20:14 - 2015-11-19 20:49 - 00000000 ____D C:\Program Files (x86)\TeamViewer
2016-03-03 17:24 - 2015-11-19 21:07 - 00000000 ____D C:\Users\yvonn\AppData\Roaming\FileZilla
2016-03-03 16:43 - 2015-10-30 20:21 - 00000000 ____D C:\Windows\INF
2016-03-03 16:37 - 2015-11-19 20:36 - 00000000 ____D C:\Users\yvonn
2016-03-03 16:30 - 2015-11-19 21:56 - 00000000 ___RD C:\Users\yvonn\Google Drive
2016-03-03 16:17 - 2015-11-19 20:38 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-03 14:07 - 2015-10-30 20:11 - 00000000 ____D C:\Windows\CbsTemp
2016-03-03 14:04 - 2015-11-19 20:39 - 00834360 _____ C:\Windows\system32\PerfStringBackup.INI
2016-03-03 13:56 - 2015-11-19 20:32 - 00000006 ____H C:\Windows\Tasks\SA.DAT
2016-03-03 13:56 - 2015-11-19 20:30 - 00194200 _____ C:\Windows\system32\FNTCACHE.DAT
2016-03-03 13:56 - 2015-10-30 19:28 - 00262144 ___SH C:\Windows\system32\config\BBI
2016-03-03 13:55 - 2015-10-30 22:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-03 13:55 - 2015-10-30 20:24 - 00000000 __RSD C:\Windows\Media
2016-03-03 13:55 - 2015-10-30 20:24 - 00000000 ___RD C:\Windows\PurchaseDialog
2016-03-03 13:55 - 2015-10-30 20:24 - 00000000 ____D C:\Windows\system32\WinBioPlugIns
2016-03-03 13:55 - 2015-10-30 20:24 - 00000000 ____D C:\Windows\system32\SystemResetPlatform
2016-03-03 13:55 - 2015-10-30 20:24 - 00000000 ____D C:\Windows\system32\appraiser
2016-03-03 13:55 - 2015-10-30 20:24 - 00000000 ____D C:\Windows\bcastdvr
2016-03-03 13:55 - 2015-10-30 20:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-03 13:55 - 2015-10-30 20:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-03 13:55 - 2015-10-30 20:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-03 13:55 - 2015-10-30 20:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-03 13:55 - 2015-10-30 19:28 - 00000000 ____D C:\Windows\SysWOW64\Dism
2016-03-03 13:55 - 2015-10-30 19:28 - 00000000 ____D C:\Windows\system32\Dism
2016-03-03 13:54 - 2015-11-19 20:49 - 00000000 ____D C:\Program Files (x86)\Steam
2016-03-03 11:15 - 2016-02-01 10:56 - 00109272 _____ (Malwarebytes) C:\Windows\system32\Drivers\mbamchameleon.sys
2016-03-03 03:13 - 2015-10-30 20:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-01 05:06 - 2015-12-10 00:38 - 00000000 ____D C:\Users\yvonn\AppData\Local\CrashDumps
2016-02-27 22:13 - 2016-01-21 22:55 - 00001040 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TeamViewer 11.lnk
2016-02-20 09:19 - 2015-11-19 20:50 - 00000000 ____D C:\ProgramData\Skype
2016-02-20 03:19 - 2015-10-30 20:24 - 00000000 ____D C:\Windows\system32\NDF
2016-02-16 23:24 - 2015-11-30 05:39 - 00000000 ____D C:\Users\yvonn\AppData\Roaming\vlc
2016-02-14 23:55 - 2015-10-30 20:24 - 00000000 ____D C:\Windows\rescache
2016-02-11 10:18 - 2016-01-11 06:36 - 00000000 ____D C:\Users\yvonn\AppData\Local\ElevatedDiagnostics
2016-02-10 08:44 - 2015-12-10 06:12 - 00000000 ____D C:\Windows\system32\MRT
2016-02-10 08:39 - 2015-12-10 06:12 - 146614896 _____ (Microsoft Corporation) C:\Windows\system32\MRT.exe
2016-02-07 05:13 - 2015-11-19 20:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Drive
2016-02-04 08:01 - 2015-10-30 20:26 - 00828920 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerApp.exe
2016-02-04 08:01 - 2015-10-30 20:26 - 00176632 _____ (Adobe Systems Incorporated) C:\Windows\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-04 04:57 - 2015-11-19 20:46 - 00003996 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineUA
2016-02-04 04:57 - 2015-11-19 20:46 - 00003764 _____ C:\Windows\System32\Tasks\GoogleUpdateTaskMachineCore
 
Some files in TEMP:
====================
C:\Users\yvonn\AppData\Local\Temp\SkypeSetup.exe
 
 
==================== Bamital & volsnap =================
 
(There is no automatic fix for files that do not pass verification.)
 
C:\Windows\system32\winlogon.exe => File is digitally signed
C:\Windows\system32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\system32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\system32\services.exe => File is digitally signed
C:\Windows\system32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\system32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\system32\rpcss.dll => File is digitally signed
C:\Windows\system32\dnsapi.dll => File is digitally signed
C:\Windows\SysWOW64\dnsapi.dll => File is digitally signed
C:\Windows\system32\Drivers\volsnap.sys => File is digitally signed
 
 
LastRegBack: 2016-03-02 08:50
 
==================== End of FRST.txt ============================


#14 Jo*

Jo*

  • Malware Response Team
  • 3,319 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Germany
  • Local time:07:26 AM

Posted 03 March 2016 - 02:01 PM

The FRST.log is clean.

The first time the tool is run it generates another log (Addition.txt - also located in the same directory the tool was run from). Please also paste that

Graduate of the WTT Classroom
Cheers,
Jo
If I have been helping you, and I have not replied to your latest post in 36 hours please send me a PM.


#15 dwellington

dwellington
  • Topic Starter

  • Members
  • 12 posts
  • OFFLINE
  •  
  • Local time:07:26 PM

Posted 03 March 2016 - 02:13 PM

 

Additional scan result of Farbar Recovery Scan Tool (x64) Version:24-02-2016

Ran by yvonn (2016-02-26 10:40:12)
Running from C:\Users\yvonn\Downloads
Windows 10 Home Version 1511 (X64) (2015-11-19 07:34:07)
Boot Mode: Normal
==========================================================
 
 
==================== Accounts: =============================
 
Administrator (S-1-5-21-573740418-3995116694-3947795330-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-573740418-3995116694-3947795330-503 - Limited - Disabled)
Guest (S-1-5-21-573740418-3995116694-3947795330-501 - Limited - Disabled)
yvonn (S-1-5-21-573740418-3995116694-3947795330-1001 - Administrator - Enabled) => C:\Users\yvonn
 
==================== Security Center ========================
 
(If an entry is included in the fixlist, it will be removed.)
 
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
 
==================== Installed Programs ======================
 
(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)
 
Apple Application Support (HKLM-x32\...\{46F044A5-CE8B-4196-984E-5BD6525E361D}) (Version: 2.3.6 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
CameraHelperMsi (x32 Version: 13.51.815.0 - Logitech) Hidden
erLT (x32 Version: 1.20.138.34 - Logitech, Inc.) Hidden
FileZilla Client 3.14.1 (HKLM-x32\...\FileZilla Client) (Version: 3.14.1 - Tim Kosse)
foobar2000 v1.3.9 (HKLM-x32\...\foobar2000) (Version: 1.3.9 - Peter Pawlowski)
Google Chrome (HKLM-x32\...\{DC7D9EC9-2AD1-33A7-92CF-5F5051E62843}) (Version: 46.0.2490.86 - Google, Inc.)
Google Drive (HKLM-x32\...\{EF61675D-9BBC-4EC7-B906-F13BE8D3BD20}) (Version: 1.27.1227.2094 - Google, Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Java 8 Update 66 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
K-Lite Codec Pack 11.7.0 Basic (HKLM-x32\...\KLiteCodecPack_is1) (Version: 11.7.0 - )
Logitech Webcam Software (HKLM-x32\...\{D40EB009-0499-459c-A8AF-C9C110766215}) (Version: 2.80 - Logitech Inc.)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
QuickTime 7 (HKLM-x32\...\{80CEEB1E-0A6C-45B9-A312-37A1D25FDEBC}) (Version: 7.78.80.95 - Apple Inc.)
Quiplash (HKLM-x32\...\Steam App 351510) (Version:  - Jackbox Games, Inc.)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.18 (HKLM-x32\...\{FC965A47-4839-40CA-B618-18F486F042C6}) (Version: 7.18.112 - Skype Technologies S.A.)
Steam (HKLM-x32\...\Steam) (Version: 2.10.91.91 - Valve Corporation)
Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 17.0.10.51 - Synaptics Incorporated)
TeamViewer 11 (HKLM-x32\...\TeamViewer) (Version: 11.0.53254 - TeamViewer)
The Jackbox Party Pack (HKLM-x32\...\Steam App 331670) (Version:  - Jackbox Games, Inc.)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
WinDirStat 1.1.2 (HKU\S-1-5-21-573740418-3995116694-3947795330-1001\...\WinDirStat) (Version:  - )
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
 
==================== Custom CLSID (Whitelisted): ==========================
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
CustomCLSID: HKU\S-1-5-21-573740418-3995116694-3947795330-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\yvonn\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)
 
==================== Scheduled Tasks (Whitelisted) =============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
Task: {241955F2-712C-4017-A457-B8692B7C482D} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-19] (Google Inc.)
Task: {526C79D9-4EC0-45F7-8170-75EAE5E15A8D} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {834BB066-61BF-42BD-A368-8DAC48B52B73} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2014-08-06] (Synaptics Incorporated)
Task: {B8C3F66C-1224-4053-9F22-C8A09F6A4211} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-19] (Google Inc.)
Task: {E38A6832-B584-4497-9C7F-89C4E2BD664A} - System32\Tasks\klcp_update => C:\Program Files (x86)\K-Lite Codec Pack\Tools\CodecTweakTool.exe [2015-11-20] ()
Task: {E6C39140-9DBB-4560-B83D-1119D7422F20} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\Windows\system32\MRT.exe [2016-02-10] (Microsoft Corporation)
 
(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)
 
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\Windows\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
 
==================== Shortcuts =============================
 
(The entries could be listed to be restored or removed.)
 
==================== Loaded Modules (Whitelisted) ==============
 
2015-10-30 20:17 - 2015-10-30 20:17 - 00028672 _____ () C:\Windows\SYSTEM32\efsext.dll
2015-10-30 20:18 - 2015-10-30 20:18 - 00185856 _____ () C:\Windows\SYSTEM32\ism32k.dll
2015-12-05 07:02 - 2015-11-22 23:47 - 02653816 _____ () C:\Windows\system32\CoreUIComponents.dll
2015-12-05 07:02 - 2015-11-22 23:47 - 02653816 _____ () C:\Windows\System32\CoreUIComponents.dll
2015-10-16 23:02 - 2015-10-16 23:02 - 00043480 _____ () C:\Program Files\FileZilla FTP Client\fzshellext_64.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00264040 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\CameraHelperShell.exe
2016-01-29 07:14 - 2016-01-29 08:48 - 00618688 _____ () C:\Program Files\WindowsApps\Microsoft.Office.OneNote_17.6741.18061.0_x64__8wekyb3d8bbwe\Microsoft.Applications.Telemetry.Windows.dll
2016-02-20 22:06 - 2016-02-19 01:15 - 02046616 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libglesv2.dll
2016-02-20 22:06 - 2016-02-19 01:15 - 00097944 _____ () C:\Program Files (x86)\Google\Chrome\Application\48.0.2564.116\libegl.dll
2016-01-20 07:12 - 2016-01-05 14:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-20 07:13 - 2016-01-05 14:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-29 05:12 - 2016-01-16 18:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-29 05:12 - 2016-01-16 18:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-12-20 05:54 - 2015-12-07 17:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-20 05:54 - 2015-12-07 17:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 02144104 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtCore4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 07955304 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtGui4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00341352 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\QtXml4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00028008 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QGif4.dll
2012-09-13 00:38 - 2012-09-13 00:38 - 00127336 _____ () C:\Program Files (x86)\Logitech\LWS\Webcam Software\imageformats\QJpeg4.dll
2012-09-13 00:39 - 2012-09-13 00:39 - 00336232 _____ () C:\Program Files (x86)\Common Files\logishrd\LWSPlugins\LWS\Applets\CameraHelper\DevManagerCore.dll
2015-11-19 21:25 - 2015-10-06 05:18 - 00778752 _____ () C:\Program Files (x86)\Steam\SDL2.dll
2015-11-19 21:25 - 2015-07-04 05:12 - 04962816 _____ () C:\Program Files (x86)\Steam\v8.dll
2015-11-19 21:25 - 2015-11-10 15:44 - 02541648 _____ () C:\Program Files (x86)\Steam\video.dll
2015-11-19 21:25 - 2015-09-24 13:33 - 02549248 _____ () C:\Program Files (x86)\Steam\libavcodec-56.dll
2015-11-19 21:25 - 2015-09-24 13:33 - 00491008 _____ () C:\Program Files (x86)\Steam\libavformat-56.dll
2015-11-19 21:25 - 2015-09-24 13:33 - 00332800 _____ () C:\Program Files (x86)\Steam\libavresample-2.dll
2015-11-19 21:25 - 2015-09-24 13:33 - 00442880 _____ () C:\Program Files (x86)\Steam\libavutil-54.dll
2015-11-19 21:25 - 2015-09-24 13:33 - 00485888 _____ () C:\Program Files (x86)\Steam\libswscale-3.dll
2015-11-19 21:25 - 2015-07-04 05:12 - 01556992 _____ () C:\Program Files (x86)\Steam\icui18n.dll
2015-11-19 21:25 - 2015-07-04 05:12 - 01187840 _____ () C:\Program Files (x86)\Steam\icuuc.dll
2015-11-19 21:25 - 2015-11-10 15:44 - 00806992 _____ () C:\Program Files (x86)\Steam\bin\chromehtml.DLL
2015-11-19 21:25 - 2015-11-04 11:00 - 00201728 _____ () C:\Program Files (x86)\Steam\bin\openvr_api.dll
2015-11-19 21:25 - 2015-10-09 11:20 - 45010208 _____ () C:\Program Files (x86)\Steam\bin\libcef.dll
2016-01-11 10:36 - 2016-01-11 10:36 - 00932032 ____R () C:\Program Files (x86)\Skype\Phone\ssScreenVVS2.dll
 
==================== Alternate Data Streams (Whitelisted) =========
 
(If an entry is included in the fixlist, only the ADS will be removed.)
 
 
==================== Safe Mode (Whitelisted) ===================
 
(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)
 
 
==================== EXE Association (Whitelisted) ===============
 
(If an entry is included in the fixlist, the registry item will be restored to default or removed.)
 
 
==================== Internet Explorer trusted/restricted ===============
 
(If an entry is included in the fixlist, it will be removed from the registry.)
 
 
==================== Hosts content: ===============================
 
(If needed Hosts: directive could be included in the fixlist to reset Hosts.)
 
2015-10-30 20:24 - 2015-10-30 20:21 - 00000824 ____A C:\Windows\system32\Drivers\etc\hosts
 
 
==================== Other Areas ============================
 
(Currently there is no automatic fix for this section.)
 
HKU\S-1-5-21-573740418-3995116694-3947795330-1001\Control Panel\Desktop\\Wallpaper -> 
DNS Servers: 8.8.8.8 - 8.8.4.4
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.
 
==================== MSCONFIG/TASK MANAGER disabled items ==
 
(Currently there is no automatic fix for this section.)
 
 
==================== FirewallRules (Whitelisted) ===============
 
(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)
 
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{016EDA93-E761-4D08-A8F6-7CA8F23A9D29}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{6DB1399D-CE72-47B3-A4F7-87926B3CEEB9}] => (Allow) C:\Program Files (x86)\Steam\Steam.exe
FirewallRules: [{4C1A25FB-0D9F-45E5-99C7-CFE8D68DD64F}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{14483EF6-EE88-4312-AEE2-C45EDAEDCA6E}] => (Allow) C:\Program Files (x86)\Common Files\Apple\Apple Application Support\WebKit2WebProcess.exe
FirewallRules: [{851B470D-A7EA-45BF-BE65-815F1E219B74}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{E4A63D80-BFAE-4F59-9A24-52EE77508BEA}] => (Allow) C:\Program Files (x86)\Steam\bin\steamwebhelper.exe
FirewallRules: [{3A0BCFAB-9C2D-45BF-B1D1-8BA445012863}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack\TJPP.exe
FirewallRules: [{7E4653DD-7C9E-4AC1-AE1C-C35C3AD45335}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\The Jackbox Party Pack\TJPP.exe
FirewallRules: [{B990DEA6-0A10-4844-A1E4-A872A18481FE}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quiplash\Quiplash.exe
FirewallRules: [{860E9A3F-D4EB-4D7A-AC98-CE1C66B384DB}] => (Allow) C:\Program Files (x86)\Steam\steamapps\common\Quiplash\Quiplash.exe
FirewallRules: [{F55C5C96-F6DC-498E-AB28-2509A39429CE}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{5DDBA97F-2EA6-496D-8246-4787D7FAD896}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer.exe
FirewallRules: [{6CB364FB-9900-43DD-A363-B6778359C3AF}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{E8949090-3DC2-43B3-AC26-00FFEFA464F3}] => (Allow) C:\Program Files (x86)\TeamViewer\TeamViewer_Service.exe
FirewallRules: [{0A0B7E0C-5FBB-438B-9554-5E316C464082}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
 
==================== Restore Points =========================
 
ATTENTION: System Restore is disabled
 
==================== Faulty Device Manager Devices =============
 
 
==================== Event log errors: =========================
 
Application errors:
==================
Error: (02/24/2016 03:59:06 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SystemSettingsBroker.exe, version: 10.0.10586.0, time stamp: 0x5632d7b4
Faulting module name: KERNELBASE.dll, version: 10.0.10586.103, time stamp: 0x56a8489c
Exception code: 0xe06d7363
Fault offset: 0x0000000000071f08
Faulting process id: 0x1138
Faulting application start time: 0xSystemSettingsBroker.exe0
Faulting application path: SystemSettingsBroker.exe1
Faulting module path: SystemSettingsBroker.exe2
Report Id: SystemSettingsBroker.exe3
Faulting package full name: SystemSettingsBroker.exe4
Faulting package-relative application ID: SystemSettingsBroker.exe5
 
Error: (02/24/2016 03:58:59 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.35, time stamp: 0x566505bc
Faulting module name: QuickActions.dll, version: 0.0.0.0, time stamp: 0x56650458
Exception code: 0xc0000005
Fault offset: 0x0000000000001931
Faulting process id: 0xc68
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5
 
Error: (02/24/2016 02:27:43 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Faulting module name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Exception code: 0xc0010003
Fault offset: 0x00b0bf7e
Faulting process id: 0x2674
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5
 
Error: (02/23/2016 07:52:38 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Faulting module name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Exception code: 0xc0010003
Fault offset: 0x00b0bf7e
Faulting process id: 0x20d0
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5
 
Error: (02/23/2016 03:40:08 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Faulting module name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Exception code: 0xc0010003
Fault offset: 0x00b0bf7e
Faulting process id: 0x20d0
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5
 
Error: (02/21/2016 08:41:30 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8
 
Error: (02/21/2016 07:31:48 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Faulting module name: Skype.exe, version: 7.18.85.112, time stamp: 0x56bb5065
Exception code: 0xc0010003
Fault offset: 0x00b0bf7e
Faulting process id: 0x13a4
Faulting application start time: 0xSkype.exe0
Faulting application path: Skype.exe1
Faulting module path: Skype.exe2
Report Id: Skype.exe3
Faulting package full name: Skype.exe4
Faulting package-relative application ID: Skype.exe5
 
Error: (02/21/2016 01:11:02 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: googledrivesync.exe, version: 1.27.1227.2094, time stamp: 0x509418e4
Faulting module name: pyexpat.pyd, version: 0.0.0.0, time stamp: 0x55b99e69
Exception code: 0xc0000005
Fault offset: 0x00011160
Faulting process id: 0x11ec
Faulting application start time: 0xgoogledrivesync.exe0
Faulting application path: googledrivesync.exe1
Faulting module path: googledrivesync.exe2
Report Id: googledrivesync.exe3
Faulting package full name: googledrivesync.exe4
Faulting package-relative application ID: googledrivesync.exe5
 
Error: (02/19/2016 07:37:11 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.35, time stamp: 0x566505bc
Faulting module name: QuickActions.dll, version: 0.0.0.0, time stamp: 0x56650458
Exception code: 0xc0000005
Fault offset: 0x0000000000001931
Faulting process id: 0x6d8
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5
 
Error: (02/18/2016 10:56:29 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10586.35, time stamp: 0x566505bc
Faulting module name: Windows.UI.Xaml.dll, version: 10.0.10586.71, time stamp: 0x5699d8e0
Exception code: 0xc000027b
Fault offset: 0x00000000006fce8b
Faulting process id: 0x290c
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5
 
 
System errors:
=============
Error: (02/26/2016 07:26:17 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (02/26/2016 07:26:17 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/26/2016 06:52:41 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/25/2016 07:49:15 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (02/25/2016 04:34:52 AM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
Description: 4
 
Error: (02/25/2016 04:34:51 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
Error: (02/24/2016 11:30:18 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 8 0x0 0x0
 
Error: (02/24/2016 11:30:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 2 0xdeaddeed 0xeeec
 
Error: (02/24/2016 11:30:17 PM) (Source: Microsoft-Windows-WLAN-AutoConfig) (EventID: 4003) (User: NT AUTHORITY)
Description: WLAN AutoConfig detected limit connectivity, performing Reset/Recover.adapter.
 
 Code: 1 0xc 0x4
 
Error: (02/24/2016 11:15:58 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable
 
 
CodeIntegrity:
===================================
  Date: 2016-02-14 08:01:50.453
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-13 10:47:17.027
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-02-11 07:22:55.495
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-30 03:18:44.062
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-21 03:03:31.006
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-12 07:05:48.901
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-09 10:19:10.837
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2016-01-09 05:16:04.301
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-20 11:46:08.843
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
  Date: 2015-12-14 05:41:41.911
  Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.
 
 
==================== Memory info =========================== 
 
Processor: Pentium® Dual-Core CPU T4500 @ 2.30GHz
Percentage of memory in use: 57%
Total physical RAM: 3963.98 MB
Available physical RAM: 1704.45 MB
Total Virtual: 4667.98 MB
Available Virtual: 1613.03 MB
 
==================== Drives ================================
 
Drive c: () (Fixed) (Total:111.3 GB) (Free:22.38 GB) NTFS
 
==================== MBR & Partition Table ==================
 
========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 111.8 GB) (Disk ID: 67F22987)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=111.3 GB) - (Type=07 NTFS)
 
==================== End of Addition.txt ============================





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users