Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Support
Windows Malware Removal Help & Support
Computer hi jack off and online
Message
<blockquote data-quote="Liger" data-source="post: 520742" data-attributes="member: 53808"><p>Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016</p><p>Ran by User (administrator) on CASHTRADERS (05-07-2016 21:31:55)</p><p>Running from C:\Users\User\Downloads</p><p>Loaded Profiles: User (Available Profiles: User & barry & Michael)</p><p>Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom)</p><p>Internet Explorer Version 11 (Default browser: Chrome)</p><p>Boot Mode: Normal</p><p>Tutorial for Farbar Recovery Scan Tool: <a href="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/" target="_blank">FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials</a></p><p></p><p>[code]</p><p></p><p>==================== Processes (Whitelisted) =================</p><p></p><p>(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)</p><p></p><p>() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe</p><p>(Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe</p><p>(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe</p><p>(Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe</p><p>(Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe</p><p>(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe</p><p>(Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe</p><p>(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe</p><p>(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe</p><p>(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe</p><p>() C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe</p><p>(Microsoft Corporation) C:\Windows\System32\SkyDrive.exe</p><p>(Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe</p><p>(Intel Corporation) C:\Windows\System32\igfxext.exe</p><p>(Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe</p><p>() C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe</p><p>(Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe</p><p>(WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe</p><p>(iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe</p><p>(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe</p><p>(Microsoft Corporation) C:\Windows\System32\WWAHost.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe</p><p>(Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe</p><p>(Kaspersky Lab ZAO) C:\Users\User\AppData\Local\Temp\{DF8C6191-A4F8-4903-A065-E74B5D134F71}\{D1929069-BD95-4C77-904E-4686D13FD27E}.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Microsoft Corporation) C:\Windows\System32\Taskmgr.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p>(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p></p><p>==================== Registry (Whitelisted) ===========================</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)</p><p></p><p>HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated)</p><p>HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc)</p><p>HKLM\...\Run: [RtsCM] => C:\windows\RTSCM64.EXE [168152 2015-07-11] (Realtek Semiconductor Corp.)</p><p>HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.)</p><p>HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink)</p><p>HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.)</p><p>HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe"</p><p>HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.)</p><p>HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation)</p><p>HKLM-x32\...\Run: [mbot_gb_62] => [X]</p><p>HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft)</p><p>Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation)</p><p>HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-06-17] (Qualcomm®Atheros®)</p><p>HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\Run: [AutoHideMouseCursor] => "C:\Users\User\AppData\Local\Temp\Temp1_AutoHideMouseCursor (1).zip\AutoHideMouseCursor.exe" -bg <===== ATTENTION</p><p>SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation)</p><p>SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation)</p><p>ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File</p><p>ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {01271CDF-E110-4F3A-AFA6-5A9EA8B176C2} => C:\windows\SYSTEM32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)</p><p>ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2012-12-27] (Bitcasa, Inc)</p><p>ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2012-12-27] (Bitcasa, Inc)</p><p>ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)</p><p>ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {01271CDF-E110-4F3A-AFA6-5A9EA8B176C2} => C:\windows\SysWOW64\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)</p><p>ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation)</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-10-17]</p><p>ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing)</p><p>Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-10-17]</p><p>ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.)</p><p>CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION</p><p></p><p>==================== Internet (Whitelisted) ====================</p><p></p><p>(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)</p><p></p><p>Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net</p><p>Tcpip\Parameters: [DhcpNameServer] 192.168.1.254</p><p>Tcpip\..\Interfaces\{EEEB8153-09E6-4770-A624-BE46C4626F0F}: [NameServer] 8.8.8.8</p><p>Tcpip\..\Interfaces\{EEEB8153-09E6-4770-A624-BE46C4626F0F}: [DhcpNameServer] 192.168.1.254</p><p></p><p>Internet Explorer:</p><p>==================</p><p>HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.msn.com/?pc=MSE1"]www.msn.com/?pc=MSE1[/URL]</p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.msn.com/?pc=MSE1"]www.msn.com/?pc=MSE1[/URL]</p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://[URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome"]www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome[/URL]</p><p>HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=WD8&Tid=00033BB0&OHP=http%3A%2F%2Fwww.symantec.com%2Fredirects%2Fsecurity%5Fresponse%2Ffix%5Fhomepage%2Findex.jsp%3Flg%3Den%26pid%3DN360%26pvid%3D21.1.0.18&OSP=</p><p>HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/?type=502468&fr=spigot-yhp-ie</p><p>HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com</p><p>HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://[URL="http://www.msn.com/?pc=MSE1"]www.msn.com/?pc=MSE1[/URL]</p><p>SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://[URL="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1"]www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1[/URL]</p><p>SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://[URL="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1"]www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1[/URL]</p><p>SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = </p><p>SearchScopes: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = </p><p>SearchScopes: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> {706C3937-4161-4756-B6D5-B970A3FD84EE} URL = </p><p>SearchScopes: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> {C370EE6D-BD0F-4C2C-A2B8-1A391B10F9C2} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms}</p><p>BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File</p><p>BHO: TidyNetwork -> {C2260217-D66E-347E-E803-75AB650D31FC} -> C:\Program Files (x86)\TidyNetwork\petn64.dll => No File</p><p>BHO: FreeFLVConverter -> {DC7CE5D0-3608-4FD0-8853-D5822E02135D} -> C:\Program Files (x86)\Free FLV Converter\FreeFLVConverter_x64.dll [2014-01-31] (Free FLV Converter)</p><p>BHO-x32: No Name -> {0025320D-4D37-4C73-9A5C-0C28F04068A3} -> C:\Users\User\AppData\LocalLow\IE-BHO\bho.dll => No File</p><p>BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll => No File</p><p>BHO-x32: TidyNetwork -> {C2260217-D66E-347E-E803-75AB650D31FC} -> C:\Program Files (x86)\TidyNetwork\petn.dll => No File</p><p>BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll => No File</p><p>BHO-x32: FreeFLVConverter -> {DC7CE5D0-3608-4FD0-8853-D5822E02135D} -> C:\Program Files (x86)\Free FLV Converter\FreeFLVConverter.dll [2014-01-31] (Free FLV Converter)</p><p>Toolbar: HKLM - FindWide Toolbar - {ED5CF73E-B2CC-44BE-B977-1026C4D7D8E6} - C:\Program Files (x86)\TNT2\Profiles\10801\passport64.dll No File</p><p>Toolbar: HKLM-x32 - FindWide Toolbar - {ED5CF73E-B2CC-44BE-B977-1026C4D7D8E6} - C:\Program Files (x86)\TNT2\Profiles\10801\passport.dll No File</p><p>Toolbar: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File</p><p>Toolbar: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> FindWide Toolbar - {ED5CF73E-B2CC-44BE-B977-1026C4D7D8E6} - C:\Program Files (x86)\TNT2\Profiles\10801\passport64.dll No File</p><p>Toolbar: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File</p><p></p><p>FireFox:</p><p>========</p><p>FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)</p><p>FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.)</p><p>FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation)</p><p>FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation)</p><p>FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [No File]</p><p>FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [No File]</p><p>FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation)</p><p>FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)</p><p>FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.)</p><p>FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)</p><p>FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN)</p><p>FF Plugin HKU\S-1-5-21-2966991898-3599612516-2177771990-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File]</p><p>FF Plugin HKU\S-1-5-21-2966991898-3599612516-2177771990-1001: @tnt2ghost.com/Plugin -> C:\Users\User\AppData\Local\TNT2\2.0.0.1702\npTNT2ghost.dll [No File]</p><p>FF Plugin HKU\S-1-5-21-2966991898-3599612516-2177771990-1001: @tnt2npapi.com/Plugin -> C:\Users\User\AppData\Local\TNT2\2.0.0.1702\npTNT2.dll [No File]</p><p>FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found</p><p>FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff => not found</p><p>FF HKLM-x32\...\Firefox\Extensions: [extension@Free_FLV_Converter.com] - C:\Program Files (x86)\Free FLV Converter\extension@Free_FLV_Converter.com</p><p>FF Extension: FreeFLVConverter - C:\Program Files (x86)\Free FLV Converter\extension@Free_FLV_Converter.com [2014-02-21] [not signed]</p><p>FF HKLM-x32\...\Firefox\Extensions: [searchpredict@speedbit.com] - C:\Program Files (x86)\SearchPredict\PRFireFox => not found</p><p>FF HKLM-x32\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox => not found</p><p>StartMenuInternet: FIREFOX.EXE - firefox.exe</p><p></p><p>Chrome: </p><p>=======</p><p>CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default</p><p>CHR Extension: (VLC for Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\acdmpikaaapgadcocbfobfmkeloofnfb [2014-10-14]</p><p>CHR Extension: (ajpgkpeckebdhofmmjfgcjjiiejpodla) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-09-26]</p><p>CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04]</p><p>CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04]</p><p>CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04]</p><p>CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-15]</p><p>CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25]</p><p>CHR Extension: (Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej [2014-10-25]</p><p>CHR Extension: (videos+Media+Players) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\hadldngabdmgfehgdojfmcmgnhlcckgp [2014-10-03] [UpdateUrl: hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/64969.xml] <==== ATTENTION</p><p>CHR Extension: (Browsers+_App+_Pro+) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago [2014-09-25] [UpdateUrl: hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/65055.xml] <==== ATTENTION</p><p>CHR Extension: (Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-10-25]</p><p>CHR Extension: (Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\ippenodjaoidmkkfdlmdhofiebnpjddb [2014-10-25] [UpdateUrl: hxxp://wwwbrowsesmartne-a.akamaihd.net/update/chrome] <==== ATTENTION</p><p>CHR Extension: (Wajam) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2014-11-05]</p><p>CHR Extension: (Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp [2014-10-25]</p><p>CHR Extension: (videos_MediaPlayers_v1.1) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\kjpifmjicccpbkfjdkehimhgklfkbanh [2014-10-23]</p><p>CHR Extension: (CinPl-2.5cV23.09) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb [2014-09-24]</p><p>CHR Extension: (Norton Security Toolbar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-11-07]</p><p>CHR Extension: (RelevantKnowledge) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle [2014-10-25]</p><p>CHR Extension: (neebplgakaahbhdphmkckjjcegoiijjo) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2014-09-27]</p><p>CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-25]</p><p>CHR Extension: (Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\ohenffmfbnoidogjgebadealdkecjdal [2014-10-25]</p><p>CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2014-09-21]</p><p>CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-03]</p><p>CHR Extension: (CinemaPro-ShopT1.3V29.09) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\plimopelmdneikoknbgpopffpbmlhgpa [2014-09-29]</p><p>CHR Extension: (HC-PRO1.2V29.09) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\pmepfkpjangbajhmnkaghmajcncgekdp [2014-09-29]</p><p>CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default</p><p>CHR Extension: (Adblock for Youtube™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-04-23]</p><p>CHR Extension: (AdRemover for Google Chrome™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcefmojpghnaceadnghednjhbmphipkb [2016-07-05]</p><p>CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08]</p><p>CHR Extension: (Adblock Pro) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2016-05-16]</p><p></p><p>==================== Services (Whitelisted) ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated)</p><p>R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-06-17] (Windows (R) Win 7 DDK provider) [File not signed]</p><p>R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-02-01] (Samsung Electronics CO., LTD.)</p><p>S4 FreeFLVConverterUpdt; C:\Program Files (x86)\Free FLV Converter\FreeFLVConverterUpdt.exe [252928 2014-01-31] () [File not signed]</p><p>R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed]</p><p>S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation)</p><p>R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation)</p><p>R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation)</p><p>R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3014488 2015-03-24] (Samsung Electronics CO., LTD.)</p><p>R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation)</p><p>R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation)</p><p>S3 WsDrvInst; C:\Program Files (x86)\iSkysoft\TunesOver\DriverInstall.exe [103104 2015-09-17] (Wondershare)</p><p>R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-10] ()</p><p>R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-06-17] (Atheros) [File not signed]</p><p></p><p>===================== Drivers (Whitelisted) ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2015-07-11] (Qualcomm Atheros Communications, Inc.)</p><p>R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2014-06-17] (Qualcomm Atheros)</p><p>R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-06-17] (Qualcomm Atheros)</p><p>R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation)</p><p>R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink)</p><p>S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation)</p><p>R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-29] (Symantec Corporation)</p><p>R3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2013-02-04] (GEAR Software Inc.)</p><p>R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-07-11] (REALiX(tm))</p><p>R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-07-11] (Intel Corporation)</p><p>R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation)</p><p>R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider)</p><p>S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed]</p><p>S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation)</p><p>R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation)</p><p>R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation)</p><p>S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X]</p><p>S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X]</p><p>S3 SBIOSIO; \??\C:\Users\User\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X]</p><p></p><p>==================== NetSvcs (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p></p><p>==================== One Month Created files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2016-07-05 21:31 - 2016-07-05 21:32 - 00025316 _____ C:\Users\User\Downloads\FRST.txt</p><p>2016-07-05 21:27 - 2016-07-05 21:31 - 00000000 ____D C:\FRST</p><p>2016-07-05 21:25 - 2016-07-05 21:25 - 02390016 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe</p><p>2016-07-05 20:42 - 2016-07-05 20:44 - 00222874 _____ C:\TDSSKiller.3.1.0.9_05.07.2016_20.42.31_log.txt</p><p>2016-07-05 20:41 - 2016-07-05 20:42 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe</p><p>2016-07-05 20:31 - 2016-07-05 20:31 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices</p><p>2016-07-05 20:00 - 2016-07-05 20:00 - 00019961 _____ C:\Users\User\Downloads\AutoHideMouseCursor (1).zip</p><p>2016-06-22 19:24 - 2016-06-14 18:13 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe</p><p>2016-06-22 19:24 - 2016-06-14 18:13 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl</p><p>2016-06-22 15:17 - 2015-07-30 15:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll</p><p>2016-06-22 15:17 - 2015-07-30 14:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll</p><p>2016-06-22 14:03 - 2016-03-31 07:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll</p><p>2016-06-22 14:03 - 2016-03-31 04:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll</p><p>2016-06-22 14:02 - 2016-05-12 19:38 - 00135336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll</p><p>2016-06-22 14:02 - 2016-05-12 18:43 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll</p><p>2016-06-22 14:02 - 2016-05-12 17:17 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll</p><p>2016-06-22 14:02 - 2016-05-12 17:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll</p><p>2016-06-22 14:02 - 2016-05-12 17:07 - 01360896 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll</p><p>2016-06-22 14:02 - 2016-05-12 16:59 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL</p><p>2016-06-22 14:02 - 2016-05-12 16:43 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll</p><p>2016-06-22 14:02 - 2016-05-12 16:37 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll</p><p>2016-06-22 14:02 - 2016-01-10 18:50 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll</p><p>2016-06-22 14:02 - 2016-01-10 18:31 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll</p><p>2016-06-22 14:02 - 2016-01-10 18:16 - 00898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll</p><p>2016-06-22 14:02 - 2016-01-10 18:14 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll</p><p>2016-06-22 14:02 - 2016-01-10 18:12 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll</p><p>2016-06-22 14:02 - 2016-01-10 17:58 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll</p><p>2016-06-22 14:02 - 2016-01-10 17:51 - 00702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll</p><p>2016-06-22 14:02 - 2016-01-10 17:49 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll</p><p>2016-06-22 14:02 - 2016-01-10 17:40 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll</p><p>2016-06-22 14:01 - 2015-06-28 06:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll</p><p>2016-06-22 14:01 - 2015-06-28 06:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll</p><p>2016-06-22 14:01 - 2015-05-30 22:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll</p><p>2016-06-22 14:01 - 2015-05-30 20:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll</p><p>2016-06-22 14:01 - 2015-05-30 20:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll</p><p>2016-06-22 14:00 - 2016-05-06 16:45 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll</p><p>2016-06-22 14:00 - 2016-05-06 16:23 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll</p><p>2016-06-22 14:00 - 2015-12-02 16:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll</p><p>2016-06-22 14:00 - 2015-12-02 16:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll</p><p>2016-06-22 14:00 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys</p><p>2016-06-22 13:59 - 2016-04-06 22:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll</p><p>2016-06-22 13:59 - 2016-04-06 18:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll</p><p>2016-06-22 13:59 - 2016-04-06 17:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll</p><p>2016-06-22 13:59 - 2016-04-06 16:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll</p><p>2016-06-22 13:59 - 2015-12-03 20:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll</p><p>2016-06-22 13:59 - 2015-12-03 19:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll</p><p>2016-06-22 13:59 - 2015-06-15 23:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe</p><p>2016-06-22 13:59 - 2015-06-15 23:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll</p><p>2016-06-22 13:59 - 2015-06-15 22:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe</p><p>2016-06-22 13:59 - 2015-06-15 22:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll</p><p>2016-06-22 13:58 - 2016-03-11 15:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll</p><p>2016-06-22 13:58 - 2016-03-10 18:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll</p><p>2016-06-22 13:58 - 2016-03-10 17:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll</p><p>2016-06-22 13:57 - 2016-04-09 22:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll</p><p>2016-06-22 13:57 - 2016-04-09 22:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll</p><p>2016-06-22 13:57 - 2016-01-10 18:02 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll</p><p>2016-06-22 13:57 - 2016-01-10 17:43 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll</p><p>2016-06-22 13:57 - 2015-12-05 06:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll</p><p>2016-06-22 13:57 - 2015-12-03 19:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll</p><p>2016-06-22 13:57 - 2015-12-03 19:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax</p><p>2016-06-22 13:57 - 2015-12-03 19:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL</p><p>2016-06-22 13:57 - 2015-12-03 19:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL</p><p>2016-06-22 13:57 - 2015-12-03 19:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL</p><p>2016-06-22 13:57 - 2015-12-03 18:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll</p><p>2016-06-22 13:57 - 2015-12-03 18:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll</p><p>2016-06-22 13:57 - 2015-12-03 18:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL</p><p>2016-06-22 13:57 - 2015-12-03 18:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll</p><p>2016-06-22 13:57 - 2015-12-03 18:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL</p><p>2016-06-22 13:57 - 2015-12-03 18:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll</p><p>2016-06-22 13:57 - 2015-12-03 17:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL</p><p>2016-06-22 13:57 - 2015-12-03 17:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL</p><p>2016-06-22 13:56 - 2015-12-03 18:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax</p><p>2016-06-22 13:56 - 2015-12-03 18:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL</p><p>2016-06-22 13:56 - 2015-12-03 18:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL</p><p>2016-06-22 13:56 - 2015-12-03 18:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL</p><p>2016-06-22 13:55 - 2016-05-14 00:09 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys</p><p>2016-06-22 13:55 - 2016-03-03 02:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll</p><p>2016-06-22 13:55 - 2016-03-03 02:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll</p><p>2016-06-22 13:55 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys</p><p>2016-06-22 13:55 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys</p><p>2016-06-22 13:55 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll</p><p>2016-06-22 13:55 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll</p><p>2016-06-22 13:54 - 2016-04-10 05:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll</p><p>2016-06-22 13:54 - 2016-04-10 05:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll</p><p>2016-06-22 13:54 - 2016-03-03 17:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll</p><p>2016-06-22 13:54 - 2016-03-03 17:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll</p><p>2016-06-22 13:54 - 2015-07-16 01:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys</p><p>2016-06-22 13:54 - 2015-07-10 18:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll</p><p>2016-06-22 13:52 - 2016-05-09 22:35 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll</p><p>2016-06-22 13:52 - 2016-05-09 21:56 - 05270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll</p><p>2016-06-22 13:52 - 2016-05-09 21:45 - 07793152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll</p><p>2016-06-22 13:52 - 2016-05-09 21:23 - 05265920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll</p><p>2016-06-22 13:52 - 2015-12-11 01:13 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll</p><p>2016-06-22 13:52 - 2015-12-11 01:13 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll</p><p>2016-06-22 13:52 - 2015-12-11 01:13 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll</p><p>2016-06-22 13:52 - 2015-12-11 01:13 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll</p><p>2016-06-22 13:52 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll</p><p>2016-06-22 13:52 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll</p><p>2016-06-22 13:52 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll</p><p>2016-06-22 13:52 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll</p><p>2016-06-22 13:51 - 2016-05-16 22:13 - 00563016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys</p><p>2016-06-22 13:51 - 2016-05-16 22:13 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll</p><p>2016-06-22 13:51 - 2016-05-16 22:13 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll</p><p>2016-06-22 13:51 - 2016-05-16 22:13 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys</p><p>2016-06-22 13:51 - 2016-05-14 00:07 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys</p><p>2016-06-22 13:51 - 2016-05-14 00:07 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys</p><p>2016-06-22 13:51 - 2016-05-14 00:06 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys</p><p>2016-06-22 13:51 - 2016-05-13 23:34 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll</p><p>2016-06-22 13:51 - 2016-05-13 22:58 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll</p><p>2016-06-22 13:51 - 2016-04-06 19:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys</p><p>2016-06-22 13:51 - 2016-04-06 19:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys</p><p>2016-06-22 13:51 - 2016-04-06 19:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys</p><p>2016-06-22 13:51 - 2016-04-06 17:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll</p><p>2016-06-22 13:51 - 2016-02-03 16:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll</p><p>2016-06-22 13:51 - 2016-02-03 16:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll</p><p>2016-06-22 13:51 - 2016-02-03 16:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll</p><p>2016-06-22 13:51 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll</p><p>2016-06-22 13:51 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll</p><p>2016-06-22 13:51 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll</p><p>2016-06-22 13:51 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll</p><p>2016-06-22 13:51 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll</p><p>2016-06-22 13:51 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll</p><p>2016-06-22 13:51 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll</p><p>2016-06-22 13:51 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll</p><p>2016-06-22 13:51 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll</p><p>2016-06-22 13:51 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll</p><p>2016-06-22 13:51 - 2015-03-20 04:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll</p><p>2016-06-22 13:50 - 2016-03-29 02:42 - 07446368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe</p><p>2016-06-22 13:50 - 2016-02-11 21:17 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll</p><p>2016-06-22 13:50 - 2016-02-11 21:17 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi</p><p>2016-06-22 13:50 - 2016-02-11 21:17 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe</p><p>2016-06-22 13:50 - 2016-02-11 21:17 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi</p><p>2016-06-22 13:50 - 2016-02-11 21:17 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe</p><p>2016-06-22 13:50 - 2016-02-11 21:16 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll</p><p>2016-06-22 13:50 - 2016-02-09 19:07 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll</p><p>2016-06-22 13:48 - 2016-02-12 20:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe</p><p>2016-06-22 13:48 - 2016-02-12 16:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll</p><p>2016-06-22 13:48 - 2016-02-12 15:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll</p><p>2016-06-22 13:48 - 2016-02-12 15:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll</p><p>2016-06-22 13:48 - 2016-02-12 15:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll</p><p>2016-06-22 13:48 - 2016-02-12 15:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe</p><p>2016-06-22 13:48 - 2016-02-12 15:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll</p><p>2016-06-22 13:48 - 2016-02-12 15:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll</p><p>2016-06-22 13:48 - 2016-02-12 15:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe</p><p>2016-06-22 13:48 - 2016-02-12 15:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll</p><p>2016-06-22 13:48 - 2016-02-12 15:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll</p><p>2016-06-22 13:48 - 2016-02-12 15:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll</p><p>2016-06-22 13:48 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll</p><p>2016-06-22 13:48 - 2015-07-09 19:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll</p><p>2016-06-22 13:48 - 2015-06-27 04:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll</p><p>2016-06-22 13:48 - 2015-06-27 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll</p><p>2016-06-22 13:47 - 2016-05-18 06:31 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll</p><p>2016-06-22 13:47 - 2016-05-18 06:31 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll</p><p>2016-06-22 13:47 - 2016-05-14 00:04 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll</p><p>2016-06-22 13:47 - 2016-05-13 23:19 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll</p><p>2016-06-22 13:47 - 2016-02-06 19:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll</p><p>2016-06-22 13:47 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll</p><p>2016-06-22 13:47 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll</p><p>2016-06-22 13:47 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll</p><p>2016-06-22 13:47 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll</p><p>2016-06-22 13:47 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml</p><p>2016-06-22 13:47 - 2015-07-30 18:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll</p><p>2016-06-22 13:47 - 2015-07-30 17:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll</p><p>2016-06-22 13:47 - 2015-07-22 15:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll</p><p>2016-06-22 13:47 - 2015-07-22 15:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll</p><p>2016-06-22 13:47 - 2015-07-18 19:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll</p><p>2016-06-22 13:47 - 2015-07-18 19:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll</p><p>2016-06-22 13:47 - 2015-07-18 19:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll</p><p>2016-06-22 13:47 - 2015-07-18 19:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll</p><p>2016-06-22 13:47 - 2015-07-07 10:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys</p><p>2016-06-22 13:47 - 2015-07-07 10:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys</p><p>2016-06-22 13:47 - 2015-07-07 10:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys</p><p>2016-06-22 13:47 - 2015-07-01 23:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll</p><p>2016-06-22 13:47 - 2015-07-01 23:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll</p><p>2016-06-22 13:47 - 2015-07-01 22:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll</p><p>2016-06-22 13:47 - 2015-07-01 22:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll</p><p>2016-06-22 13:46 - 2016-04-10 08:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll</p><p>2016-06-22 13:46 - 2016-04-10 08:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll</p><p>2016-06-22 13:43 - 2016-05-20 22:25 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll</p><p>2016-06-22 13:43 - 2016-05-20 22:21 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll</p><p>2016-06-22 13:43 - 2016-04-22 20:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe</p><p>2016-06-22 13:43 - 2016-02-08 21:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll</p><p>2016-06-22 13:43 - 2016-02-08 18:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll</p><p>2016-06-22 13:43 - 2016-02-05 20:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL</p><p>2016-06-22 13:43 - 2016-02-05 20:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL</p><p>2016-06-22 13:43 - 2016-02-05 16:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll</p><p>2016-06-22 13:43 - 2016-02-05 16:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll</p><p>2016-06-22 13:43 - 2016-01-19 20:13 - 02175008 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll</p><p>2016-06-22 13:43 - 2016-01-19 20:13 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll</p><p>2016-06-22 13:43 - 2016-01-19 20:12 - 01133744 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll</p><p>2016-06-22 13:43 - 2016-01-19 19:23 - 01564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll</p><p>2016-06-22 13:43 - 2016-01-19 19:23 - 00548024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll</p><p>2016-06-22 13:43 - 2016-01-19 18:30 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll</p><p>2016-06-22 13:43 - 2016-01-19 17:37 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll</p><p>2016-06-22 13:43 - 2016-01-06 19:25 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys</p><p>2016-06-22 13:43 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll</p><p>2016-06-22 13:43 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll</p><p>2016-06-22 13:43 - 2015-06-15 23:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx</p><p>2016-06-22 13:43 - 2015-06-15 21:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx</p><p>2016-06-22 13:42 - 2016-05-21 18:28 - 25802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll</p><p>2016-06-22 13:42 - 2016-05-21 17:57 - 20341248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll</p><p>2016-06-22 13:42 - 2016-05-20 23:09 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll</p><p>2016-06-22 13:42 - 2016-05-20 23:08 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll</p><p>2016-06-22 13:42 - 2016-05-20 23:02 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:57 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:55 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:54 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:50 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:44 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:29 - 13815808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:27 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:25 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:19 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:16 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:14 - 04610048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:11 - 15420928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:11 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:09 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:09 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:08 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl</p><p>2016-06-22 13:42 - 2016-05-20 22:08 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll</p><p>2016-06-22 13:42 - 2016-05-20 22:06 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl</p><p>2016-06-22 13:42 - 2016-05-20 21:46 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll</p><p>2016-06-22 13:42 - 2016-05-20 21:42 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll</p><p>2016-06-22 13:42 - 2016-05-20 21:38 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll</p><p>2016-06-22 13:42 - 2016-05-20 21:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll</p><p>2016-06-22 13:42 - 2016-05-20 21:34 - 01544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll</p><p>2016-06-22 13:42 - 2016-05-20 21:23 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll</p><p>2016-06-22 13:42 - 2016-04-22 19:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll</p><p>2016-06-22 13:42 - 2016-02-08 19:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll</p><p>2016-06-22 13:42 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll</p><p>2016-06-22 13:42 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll</p><p>2016-06-22 13:42 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll</p><p>2016-06-22 13:42 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll</p><p>2016-06-22 13:42 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll</p><p>2016-06-22 13:42 - 2015-07-16 21:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec</p><p>2016-06-22 13:42 - 2015-07-16 20:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec</p><p>2016-06-22 13:42 - 2015-06-15 22:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll</p><p>2016-06-22 13:42 - 2015-06-15 21:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll</p><p>2016-06-22 13:41 - 2016-01-31 20:16 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS</p><p>2016-06-22 13:41 - 2015-07-09 18:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe</p><p>2016-06-22 13:41 - 2015-07-09 18:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe</p><p>2016-06-22 13:41 - 2015-07-09 17:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe</p><p>2016-06-22 13:39 - 2015-12-28 22:42 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSync.dll</p><p>2016-06-22 13:39 - 2015-12-28 21:31 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSync.dll</p><p>2016-06-22 13:39 - 2015-08-01 04:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe</p><p>2016-06-22 13:39 - 2015-08-01 04:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe</p><p>2016-06-22 13:39 - 2015-08-01 04:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll</p><p>2016-06-22 13:39 - 2015-08-01 04:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe</p><p>2016-06-22 13:39 - 2015-08-01 04:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe</p><p>2016-06-22 13:39 - 2015-07-14 04:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll</p><p>2016-06-22 13:39 - 2015-07-14 04:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll</p><p>2016-06-22 13:38 - 2016-04-11 07:21 - 00074584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys</p><p>2016-06-22 13:38 - 2015-08-03 22:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll</p><p>2016-06-22 13:38 - 2015-08-03 22:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll</p><p>2016-06-22 13:38 - 2015-08-01 15:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll</p><p>2016-06-22 13:38 - 2015-07-10 19:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll</p><p>2016-06-22 13:38 - 2015-07-10 18:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll</p><p>2016-06-22 13:38 - 2015-07-10 18:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll</p><p>2016-06-22 13:38 - 2015-07-10 17:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll</p><p>2016-06-22 13:37 - 2016-04-10 06:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys</p><p>2016-06-22 13:36 - 2015-07-14 04:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe</p><p>2016-06-22 13:35 - 2016-05-19 00:15 - 01379040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll</p><p>2016-06-22 13:35 - 2016-05-18 21:35 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll</p><p>2016-06-22 13:35 - 2016-02-04 18:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll</p><p>2016-06-22 13:35 - 2016-02-04 18:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll</p><p>2016-06-22 13:35 - 2015-12-17 19:29 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll</p><p>2016-06-22 13:35 - 2015-12-17 17:17 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll</p><p>2016-06-22 13:34 - 2016-05-14 21:01 - 00363104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll</p><p>2016-06-22 13:34 - 2016-05-14 21:01 - 00320720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll</p><p>2016-06-22 13:34 - 2016-05-14 00:07 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys</p><p>2016-06-22 13:34 - 2016-05-13 22:58 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll</p><p>2016-06-22 13:34 - 2016-05-13 22:45 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll</p><p>2016-06-22 13:34 - 2016-05-13 22:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll</p><p>2016-06-22 13:34 - 2016-05-13 22:26 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll</p><p>2016-06-22 13:34 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll</p><p>2016-06-22 13:34 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll</p><p>2016-06-22 13:34 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL</p><p>2016-06-22 13:34 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL</p><p>2016-06-22 13:34 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL</p><p>2016-06-22 13:34 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll</p><p>2016-06-22 13:34 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL</p><p>2016-06-22 13:34 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll</p><p>2016-06-22 13:34 - 2015-07-13 20:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll</p><p>2016-06-22 13:34 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys</p><p>2016-06-22 13:33 - 2016-03-03 17:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll</p><p>2016-06-22 13:33 - 2015-12-08 20:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll</p><p>2016-06-22 13:33 - 2015-12-08 20:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll</p><p>2016-06-18 12:44 - 2016-06-18 17:01 - 787646714 _____ C:\Users\User\Downloads\0268_contract_flw.wmv</p><p>2016-06-18 08:37 - 2016-06-18 08:37 - 00003184 _____ C:\WINDOWS\System32\Tasks\{F803D07D-53B6-44A6-9B4E-F993646F5F47}</p><p>2016-06-13 10:55 - 2016-06-13 10:56 - 16016336 _____ (Ventis Media Inc. ) C:\Users\User\Downloads\MediaMonkey_4.1.12.1798.exe</p><p>2016-06-09 09:24 - 2016-06-09 12:27 - 563919525 _____ C:\Users\User\Downloads\0265_catsuit_dom_prh.wmv</p><p>2016-06-08 12:41 - 2016-06-08 16:57 - 785022505 _____ C:\Users\User\Downloads\34346.wmv</p><p></p><p>==================== One Month Modified files and folders ========</p><p></p><p>(If an entry is included in the fixlist, the file/folder will be moved.)</p><p></p><p>2016-07-05 20:52 - 2016-04-23 17:41 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job</p><p>2016-07-05 20:30 - 2016-04-23 17:41 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job</p><p>2016-07-05 20:30 - 2015-04-03 13:05 - 00000000 ___RD C:\Users\User\OneDrive</p><p>2016-07-05 20:30 - 2014-10-22 12:40 - 00000482 _____ C:\WINDOWS\Tasks\RegCure Pro Startup.job</p><p>2016-07-05 20:30 - 2013-05-16 07:52 - 00000000 ____D C:\ProgramData\Samsung</p><p>2016-07-05 20:26 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT</p><p>2016-07-05 20:10 - 2015-11-17 13:05 - 00730464 _____ C:\WINDOWS\ntbtlog.txt</p><p>2016-07-05 19:47 - 2015-11-09 16:05 - 00000000 ____D C:\Users\User\AppData\Roaming\MediaMonkey</p><p>2016-07-05 08:47 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI</p><p>2016-07-04 11:24 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness</p><p>2016-06-22 21:54 - 2013-12-17 17:23 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2966991898-3599612516-2177771990-1001</p><p>2016-06-22 19:29 - 2014-11-22 02:01 - 00005388 _____ C:\WINDOWS\system32\PerfStringBackup.INI</p><p>2016-06-22 19:23 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf</p><p>2016-06-22 19:22 - 2013-08-22 15:44 - 00541624 _____ C:\WINDOWS\system32\FNTCACHE.DAT</p><p>2016-06-22 19:16 - 2014-11-22 01:45 - 00000000 ____D C:\Program Files\Windows Journal</p><p>2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData</p><p>2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB</p><p>2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\en-GB</p><p>2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions</p><p>2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender</p><p>2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender</p><p>2016-06-22 15:25 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp</p><p>2016-06-22 14:25 - 2013-12-30 22:06 - 00000000 ____D C:\WINDOWS\system32\MRT</p><p>2016-06-22 14:13 - 2013-12-30 22:06 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe</p><p>2016-06-21 16:51 - 2016-01-21 16:05 - 00000000 ____D C:\Users\Michael</p><p>2016-06-21 16:51 - 2016-01-04 21:46 - 00000000 ____D C:\Users\barry</p><p>2016-06-21 15:47 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps</p><p>2016-06-18 13:07 - 2013-12-24 20:09 - 00000000 ____D C:\Users\User\AppData\Roaming\Real</p><p>2016-06-18 08:38 - 2013-12-24 20:11 - 00000000 ____D C:\Program Files (x86)\Real</p><p>2016-06-18 08:38 - 2013-12-24 20:02 - 00000000 ____D C:\ProgramData\Real</p><p>2016-06-17 23:58 - 2016-04-23 17:42 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk</p><p>2016-06-17 23:58 - 2016-04-23 17:42 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk</p><p>2016-06-17 13:02 - 2013-05-16 05:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information</p><p>2016-06-17 13:02 - 2013-05-16 05:46 - 00000000 ____D C:\Program Files (x86)\Realtek</p><p>2016-06-17 12:59 - 2014-02-13 18:23 - 00000000 ____D C:\ProgramData\SPEEDbit</p><p>2016-06-15 21:40 - 2014-03-15 01:31 - 00484008 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe</p><p>2016-06-13 10:05 - 2016-04-04 20:48 - 00003344 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2966991898-3599612516-2177771990-1001</p><p>2016-06-13 10:05 - 2016-04-04 20:48 - 00003292 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2966991898-3599612516-2177771990-1001</p><p>2016-06-13 10:01 - 2013-05-16 08:01 - 00000000 ____D C:\ProgramData\Temp</p><p>2016-06-13 09:58 - 2013-12-25 00:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox</p><p></p><p>==================== Files in the root of some directories =======</p><p></p><p>2015-04-11 05:39 - 2015-06-18 06:38 - 0000115 _____ () C:\Users\User\AppData\Roaming\LogFile.txt</p><p>2013-12-24 21:03 - 2014-12-07 14:23 - 0000250 _____ () C:\Users\User\AppData\Roaming\WB.CFG</p><p>2014-09-30 11:54 - 2014-09-30 11:52 - 0612068 _____ (ClickMeIn Limited) C:\Users\User\AppData\Local\nsx821D.tmp</p><p>2014-09-23 09:06 - 2014-09-23 09:40 - 0000003 _____ () C:\Users\User\AppData\Local\proxy.log</p><p>2015-03-09 20:09 - 2015-03-09 20:09 - 0000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg</p><p>2015-07-11 15:19 - 2015-07-11 15:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl</p><p>2013-05-16 08:00 - 2013-02-19 08:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe</p><p>2013-05-16 08:00 - 2013-01-12 15:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml</p><p></p><p>Some files in TEMP:</p><p>====================</p><p>C:\Users\User\AppData\Local\Temp\cabex.dll</p><p>C:\Users\User\AppData\Local\Temp\GRRemove.exe</p><p>C:\Users\User\AppData\Local\Temp\lowproc.exe</p><p>C:\Users\User\AppData\Local\Temp\offer-E6EF00E5-E247-4655-BDE3-84CDE97C5AD4.exe</p><p>C:\Users\User\AppData\Local\Temp\Quarantine.exe</p><p>C:\Users\User\AppData\Local\Temp\sqlite3.dll</p><p>C:\Users\User\AppData\Local\Temp\stubhelper.dll</p><p>C:\Users\User\AppData\Local\Temp\TomsDownloader5B29520.exe</p><p>C:\Users\User\AppData\Local\Temp\unelevate.exe</p><p></p><p></p><p>==================== Bamital & volsnap =================</p><p></p><p>(There is no automatic fix for files that do not pass verification.)</p><p></p><p>C:\WINDOWS\system32\winlogon.exe => File is digitally signed</p><p>C:\WINDOWS\system32\wininit.exe => File is digitally signed</p><p>C:\WINDOWS\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed</p><p>C:\WINDOWS\system32\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed</p><p>C:\WINDOWS\system32\services.exe => File is digitally signed</p><p>C:\WINDOWS\system32\User32.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed</p><p>C:\WINDOWS\system32\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed</p><p>C:\WINDOWS\system32\rpcss.dll => File is digitally signed</p><p>C:\WINDOWS\system32\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed</p><p>C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed</p><p></p><p></p><p>LastRegBack: 2015-06-11 05:03</p><p></p><p>==================== End of FRST.txt ============================</p><p></p><p>Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016</p><p>Ran by User (2016-07-05 21:34:42)</p><p>Running from C:\Users\User\Downloads</p><p>Windows 8.1 (Update) (X64) (2015-03-13 06:29:42)</p><p>Boot Mode: Normal</p><p>==========================================================</p><p></p><p></p><p>==================== Accounts: =============================</p><p></p><p>Administrator (S-1-5-21-2966991898-3599612516-2177771990-500 - Administrator - Disabled)</p><p>barry (S-1-5-21-2966991898-3599612516-2177771990-1002 - Limited - Enabled) => C:\Users\barry</p><p>Guest (S-1-5-21-2966991898-3599612516-2177771990-501 - Limited - Disabled)</p><p>Michael (S-1-5-21-2966991898-3599612516-2177771990-1003 - Limited - Enabled) => C:\Users\Michael</p><p>User (S-1-5-21-2966991898-3599612516-2177771990-1001 - Administrator - Enabled) => C:\Users\User</p><p></p><p>==================== Security Center ========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed.)</p><p></p><p>AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p>AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}</p><p></p><p>==================== Installed Programs ======================</p><p></p><p>(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)</p><p></p><p>7-Zip 15.09 beta (x64) (HKLM\...\7-Zip) (Version: 15.09 - Igor Pavlov)</p><p>Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated)</p><p>Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.)</p><p>Advanced File Optimizer (HKLM-x32\...\Advanced File Optimizer_is1) (Version: 2.1.1000.10518 - Systweak Software)</p><p>AnyTrans 4.7.4 (HKLM-x32\...\{E580ED1F-AAF8-4F7E-B174-54BFA2B94E0B}}_is1) (Version: 4.7.4 - iMobie Inc.)</p><p>Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team)</p><p>AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies)</p><p>Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.)</p><p>CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.)</p><p>CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.)</p><p>D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden</p><p>Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.)</p><p>Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden</p><p>E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.)</p><p>Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden</p><p>Free FLV Converter (HKLM-x32\...\Free FLV Converter) (Version: 7.13 - Free FLV Converter)</p><p>Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden</p><p>Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.)</p><p>Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden</p><p>Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36843 - Intel Corporation)</p><p>Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)</p><p>Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation)</p><p>Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation)</p><p>Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)</p><p>iSkysoft TunesOver ( Version 3.8.1 ) (HKLM-x32\...\{84A89F3A-B59A-4324-8598-3611853769C8}_is1) (Version: 3.8.1 - iSkysoft)</p><p>iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.)</p><p>MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)</p><p>Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation)</p><p>Microsoft SkyDrive (HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation)</p><p>Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)</p><p>Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)</p><p>Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden</p><p>Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation)</p><p>PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden</p><p>Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.326 - Qualcomm Atheros Communications)</p><p>Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros)</p><p>Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden</p><p>RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.2.15.0 - ParetoLogic, Inc.) <==== ATTENTION</p><p>S Agent (Version: 1.1.52 - Samsung Electronics CO., LTD.) Hidden</p><p>Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.)</p><p>Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden</p><p>SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.)</p><p>Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.)</p><p>Snap.Do Engine (HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\{eb392a6a-a80a-4725-bb70-5173e0d6dc30}) (Version: 10.235.1.13231 - ReSoft Ltd.) <==== ATTENTION</p><p>Songbird 2.2.0 (Build 2453) (HKLM-x32\...\Songbird-release-2453) (Version: - )</p><p>Support Center FAQ (x32 Version: 1.0.17 - Samsung Electronics CO., LTD.) Hidden</p><p>swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden</p><p>Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION</p><p>User Guide (HKLM-x32\...\{029A9E80-E460-4108-8825-3A449EC9A26A}) (Version: 1.2.00 - Samsung Electronics CO., LTD.)</p><p>videos_MediaPlayers_v1.1 (HKLM-x32\...\videos_MediaPlayers_v1.1) (Version: 1.35.9.29 - enter) <==== ATTENTION</p><p>VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN)</p><p>Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.)</p><p>Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation)</p><p>WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)</p><p>WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. )</p><p></p><p>==================== Custom CLSID (Whitelisted): ==========================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>CustomCLSID: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001_Classes\CLSID\{ED5CF73E-B2CC-44BE-B977-1026C4D7D8E6}\InprocServer32 -> C:\Program Files (x86)\TNT2\Profiles\10801\passport64.dll => No File</p><p></p><p>==================== Scheduled Tasks (Whitelisted) =============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>Task: {067D0F00-0FA3-46A5-9514-4114E43C1143} - System32\Tasks\power_gaming_helper_service => C:\Program Files (x86)\Power Gaming\power_gaming_helper_service.exe <==== ATTENTION</p><p>Task: {17D451B4-FBC8-49D6-9101-F8534C3D3EC3} - System32\Tasks\{4C2920F5-1B54-40E3-9461-E85CD4B1CC31} => pcalua.exe -a "C:\Program Files (x86)\BrowseSmart\BrowseSmartUn.exe" -c REP_BD_</p><p>Task: {192137E6-913C-4A2C-B23A-E3AAB40252FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-23] (Google Inc.)</p><p>Task: {1AE6E271-F1BE-4587-AB77-17406076944D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)</p><p>Task: {2486B511-3AC6-42D1-B7DE-FEAE313587C1} - System32\Tasks\{F803D07D-53B6-44A6-9B4E-F993646F5F47} => pcalua.exe -a "C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe" -c RealNetworks|RealPlayer|16.0</p><p>Task: {2E91BE0E-9283-4484-B048-A1C56B1FAC3D} - System32\Tasks\Uninstaller_SkipUac_User => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe</p><p>Task: {37970E22-6454-4387-B0B6-261019D1347B} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe</p><p>Task: {3A7A3D09-0540-42BA-8B38-4035C4E044A8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2966991898-3599612516-2177771990-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe</p><p>Task: {3AA9C0CA-270E-4565-B792-2E832DCC049A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2966991898-3599612516-2177771990-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe</p><p>Task: {3BF38695-1E2B-43C7-A112-A130A82A3D6C} - System32\Tasks\franzy_shopping_deals_helper_service => C:\Program Files (x86)\Franzy Shopping Deals\franzy_shopping_deals_helper_service.exe <==== ATTENTION</p><p>Task: {43C29C62-26E4-4149-8402-95F8AED4030D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-22] (Microsoft Corporation)</p><p>Task: {444DFDB5-E1FB-402D-8BC9-22FC063FF351} - System32\Tasks\Driver Booster SkipUAC (User) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe</p><p>Task: {48EB9BFA-7B34-48DB-A0AD-04E5F100CD8C} - System32\Tasks\Norton Security Scan for User => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation)</p><p>Task: {4C35FFD7-EC3E-4C13-B2D0-2F8795F9C2E6} - System32\Tasks\{DBD8AE61-7537-4F19-9C5A-E09D797012FD} => pcalua.exe -a "C:\Program Files (x86)\ShopperPro\SPremove.exe" <==== ATTENTION</p><p>Task: {5282A820-DF67-4F46-AE8F-C07AD3C50FBB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-23] (Google Inc.)</p><p>Task: {529D06B4-1B04-433F-B350-46717E5BE8E1} - \RegClean Pro -> No File <==== ATTENTION</p><p>Task: {632EFA4D-8B18-4AD3-A7B0-2555DD6A5078} - System32\Tasks\FFMPEGUpd => C:\PROGRA~2\FFMPEG\FFMPEG~1.EXE</p><p>Task: {9246EA83-3997-4269-872A-6A60FCBDB9E3} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-02-04] (Samsung Electronics CO., LTD.)</p><p>Task: {A4C88BA3-9A86-4B48-B501-155145D97965} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe</p><p>Task: {BC8A7E7E-0587-4BB0-A5D8-D40F57E2C14E} - System32\Tasks\RegCure Pro_sch_2A74612F-59E0-11E4-BEEC-1867B0A6A649 => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION</p><p>Task: {BF8AAA95-FF24-48E9-B298-636B3EA7F68F} - System32\Tasks\tmptsk9525 => C:\Users\User\AppData\Local\Temp\65055_updater.exe <==== ATTENTION</p><p>Task: {D4614DF8-00E3-4410-B86B-A34B52F960C9} - System32\Tasks\RegCure Pro Startup => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe</p><p>Task: {D7CD9B60-1121-4AED-BB3B-1424EED72899} - System32\Tasks\cool_deals_helper_service => C:\Program Files (x86)\Cool Deals\cool_deals_helper_service.exe <==== ATTENTION</p><p>Task: {E56013A4-8B9A-4314-BB24-9BFC0EE14FA4} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2013-02-01] (Samsung Electronics CO., LTD.)</p><p>Task: {EF061B38-C9FF-4B47-9EE4-92EC5BDA9A54} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation)</p><p>Task: {F14EF34C-A70F-4EBF-9CF3-40CE79317C17} - System32\Tasks\AdobeAAMUpdater-1.0-CashTraders-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated)</p><p></p><p>(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)</p><p></p><p>Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe</p><p>Task: C:\WINDOWS\Tasks\RegCure Pro Startup.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe</p><p>Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_User.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe</p><p></p><p>==================== Shortcuts =============================</p><p></p><p>(The entries could be listed to be restored or removed.)</p><p></p><p>==================== Loaded Modules (Whitelisted) ==============</p><p></p><p>2015-03-10 20:46 - 2015-03-10 20:44 - 00620056 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe</p><p>2013-02-01 02:52 - 2013-02-01 02:52 - 00085040 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe</p><p>2014-06-17 08:32 - 2014-06-17 08:32 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll</p><p>2014-06-17 08:29 - 2014-06-17 08:29 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll</p><p>2014-06-17 08:35 - 2014-06-17 08:35 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe</p><p>2015-02-04 16:11 - 2015-02-04 16:11 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll</p><p>2015-07-03 05:50 - 2015-07-03 05:50 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll</p><p>2013-05-16 05:45 - 2013-01-14 19:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll</p><p>2013-02-01 02:52 - 2013-02-01 02:52 - 00029232 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll</p><p>2013-02-01 02:52 - 2013-02-01 02:52 - 01106480 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll</p><p>2013-02-01 02:52 - 2013-02-01 02:52 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll</p><p>2013-02-01 02:52 - 2013-02-01 02:52 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll</p><p>2013-02-01 02:52 - 2013-02-01 02:52 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll</p><p>2013-02-01 02:52 - 2013-02-01 02:52 - 00027184 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll</p><p>2013-02-01 02:52 - 2013-02-01 02:52 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll</p><p>2013-02-01 02:52 - 2013-02-01 02:52 - 00060976 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll</p><p>2013-02-01 02:52 - 2013-02-01 02:52 - 00103472 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll</p><p>2015-10-27 16:50 - 2014-10-31 17:40 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll</p><p>2015-10-27 16:50 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll</p><p>2016-06-17 23:58 - 2016-06-15 10:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll</p><p>2016-06-17 23:58 - 2016-06-15 10:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll</p><p>2016-06-17 23:58 - 2016-06-15 10:15 - 17599640 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll</p><p></p><p>==================== Alternate Data Streams (Whitelisted) =========</p><p></p><p>(If an entry is included in the fixlist, only the ADS will be removed.)</p><p></p><p>AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118]</p><p>AlternateDataStreams: C:\ProgramData\Temp:862BDB1A [132]</p><p>AlternateDataStreams: C:\ProgramData\Temp:D346F792 [128]</p><p></p><p>==================== Safe Mode (Whitelisted) ===================</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)</p><p></p><p></p><p>==================== Association (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, the registry item will be restored to default or removed.)</p><p></p><p></p><p>==================== Internet Explorer trusted/restricted ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry.)</p><p></p><p></p><p>==================== Hosts content: ===============================</p><p></p><p>(If needed Hosts: directive could be included in the fixlist to reset Hosts.)</p><p></p><p>2012-07-26 06:26 - 2014-09-24 11:21 - 00000867 ____A C:\WINDOWS\system32\Drivers\etc\hosts</p><p></p><p>127.0.0.1 d3oxij66pru1i3.cloudfront.net</p><p></p><p>==================== Other Areas ============================</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg</p><p>DNS Servers: 8.8.8.8</p><p>HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)</p><p>Windows Firewall is enabled.</p><p></p><p>==================== MSCONFIG/TASK MANAGER disabled items ==</p><p></p><p>(Currently there is no automatic fix for this section.)</p><p></p><p>MSCONFIG\Services: Apple Mobile Device => 2</p><p>MSCONFIG\Services: Bonjour Service => 2</p><p>MSCONFIG\Services: globalUpdate => 2</p><p>MSCONFIG\Services: globalUpdatem => 3</p><p>MSCONFIG\Services: gusvc => 3</p><p>MSCONFIG\Services: MozillaMaintenance => 3</p><p>MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2</p><p>MSCONFIG\Services: Registry Helper Service => 2</p><p>MSCONFIG\Services: vToolbarUpdater18.4.0 => 2</p><p>HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"</p><p>HKLM\...\StartupApproved\Run: => "Bitcasa"</p><p>HKLM\...\StartupApproved\Run: => "RtHDVBg"</p><p>HKLM\...\StartupApproved\Run: => "HotKeysCmds"</p><p>HKLM\...\StartupApproved\Run: => "IgfxTray"</p><p>HKLM\...\StartupApproved\Run: => "Persistence"</p><p>HKLM\...\StartupApproved\Run: => "RtHDVCpl"</p><p>HKLM\...\StartupApproved\Run32: => "APSDaemon"</p><p>HKLM\...\StartupApproved\Run32: => "ApnTBMon"</p><p>HKLM\...\StartupApproved\Run32: => "BrowserSafeguard"</p><p>HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8"</p><p>HKLM\...\StartupApproved\Run32: => "CLVirtualDrive"</p><p>HKLM\...\StartupApproved\Run32: => "mobilegeni daemon"</p><p>HKLM\...\StartupApproved\Run32: => "CommonToolkitTray"</p><p>HKLM\...\StartupApproved\Run32: => "Internet Helper Anti-phishing"</p><p>HKLM\...\StartupApproved\Run32: => "iTunesHelper"</p><p>HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"</p><p>HKLM\...\StartupApproved\Run32: => "SPDriver"</p><p>HKLM\...\StartupApproved\Run32: => "KiesTrayAgent"</p><p>HKLM\...\StartupApproved\Run32: => "RemoteControl10"</p><p>HKLM\...\StartupApproved\Run32: => "IminentMessenger"</p><p>HKLM\...\StartupApproved\Run32: => "Iminent"</p><p>HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher"</p><p>HKLM\...\StartupApproved\Run32: => "TkBellExe"</p><p>HKLM\...\StartupApproved\Run32: => "Registry Helper"</p><p>HKLM\...\StartupApproved\Run32: => "ConvertAd"</p><p>HKLM\...\StartupApproved\Run32: => "OfferBoulevard"</p><p>HKLM\...\StartupApproved\Run32: => "vProt"</p><p>HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "BitTorrent"</p><p>HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "Bubble Dock"</p><p>HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "FDPRO-516"</p><p>HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "PC Health Kit"</p><p>HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE"</p><p>HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "SearchProtection"</p><p>HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "Browser Infrastructure Helper"</p><p>HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "IDMSQ"</p><p></p><p>==================== FirewallRules (Whitelisted) ===============</p><p></p><p>(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)</p><p></p><p>FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139</p><p>FirewallRules: [{A01230FF-F1F3-4466-A73E-096DFBB8B13B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe</p><p>FirewallRules: [{235B4728-55F3-4EB1-9A11-3D944112DEFC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe</p><p>FirewallRules: [{78C11C67-5538-420C-A728-ACE1AED5E5A3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe</p><p>FirewallRules: [{820C5759-FD0B-44C1-B267-D1551D44531D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe</p><p>FirewallRules: [{7432915F-FA26-4779-B6D3-5EDC3147F939}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe</p><p>FirewallRules: [{EE03B8DE-9243-44F4-984A-74F6BABB9AB7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe</p><p>FirewallRules: [{A63D1163-061B-4EA6-87DE-22434990C53C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe</p><p>FirewallRules: [{39B679ED-0FB6-405E-91AB-2E223ED99FA7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe</p><p>FirewallRules: [{C77950A3-5A7A-4595-AFE5-FA62F1D17ADD}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe</p><p>FirewallRules: [{45ABDF5A-0737-4CFD-8E03-6A35BA446039}] => (Allow) C:\Program Files (x86)\Bench\Proxy\proc.exe</p><p>FirewallRules: [{EC51764F-81D8-4BEC-A5FF-E93D6D3E8D29}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe</p><p>FirewallRules: [{0EAD5651-38F2-4FBD-A7AE-41A2819FBF2E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe</p><p>FirewallRules: [{FC6B1D68-EFB5-4445-A1D6-6DFE2B2D840B}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe</p><p>FirewallRules: [{9ED27726-82E4-4FEC-8D1F-40885D35FC75}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe</p><p>FirewallRules: [{86BC5F82-DB78-4D81-AFDF-4DDA89104218}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe</p><p>FirewallRules: [{F5B6F858-FD2C-4FB4-AC5A-A6A0C48D8136}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe</p><p>FirewallRules: [{2B120B6E-1538-48B6-9051-043A5026C9E1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe</p><p>FirewallRules: [{D12ADE26-E5FF-441E-8BFB-A889DD2A2B36}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe</p><p>FirewallRules: [{3861950F-64EE-4021-B4C5-15590F4A4CBA}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe</p><p>FirewallRules: [{911E651E-B275-40A5-A5AB-12F16AA871AD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe</p><p>FirewallRules: [{F56349AE-FBC1-4C60-ACAD-88372827E9A3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe</p><p>FirewallRules: [{29570562-D000-4FDA-B16F-A00EF972A6E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{625A100D-13BE-4C82-BAC1-2B6A60EA99C1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{A2F8432B-D5C4-41F8-ADB5-153A98505E24}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{67198470-134E-4277-AA6C-353EFDC02177}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe</p><p>FirewallRules: [{FF498182-713B-4EA2-81ED-97E98B4CC1BC}] => (Allow) LPort=1900</p><p>FirewallRules: [{68D97DB3-57F7-4DC0-B9A8-2614EDCBF22F}] => (Allow) LPort=2869</p><p>FirewallRules: [{B0E3A871-97CC-428D-8B57-0FF74693A650}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe</p><p>FirewallRules: [{B98D0942-D8B3-46F3-A21C-3C7BFB00324E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE</p><p>FirewallRules: [{84F871C5-A220-4F5E-A123-A035B2D57BE0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe</p><p>FirewallRules: [TCP Query User{F267B9D7-B349-49C9-80CE-79020EFE73DF}C:\program files (x86)\songbird\songbird.exe] => (Allow) C:\program files (x86)\songbird\songbird.exe</p><p>FirewallRules: [UDP Query User{D6E9B108-4BA3-4E34-B6BF-20D0E6AC225D}C:\program files (x86)\songbird\songbird.exe] => (Allow) C:\program files (x86)\songbird\songbird.exe</p><p>FirewallRules: [TCP Query User{CD54379F-349F-4B83-AE4F-A9B9753789F9}C:\program files (x86)\songbird\songbird.exe] => (Block) C:\program files (x86)\songbird\songbird.exe</p><p>FirewallRules: [UDP Query User{E51FD9B3-8845-41F4-9E98-468C8F930BA7}C:\program files (x86)\songbird\songbird.exe] => (Block) C:\program files (x86)\songbird\songbird.exe</p><p>FirewallRules: [{79FA9221-CD16-4F10-8E5C-DAA07FB6D68E}] => (Allow) C:\Program Files\iTunes\iTunes.exe</p><p>FirewallRules: [TCP Query User{B7258EEC-9216-42C2-A887-65B3CBBF9C0D}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe</p><p>FirewallRules: [UDP Query User{04ACDEC5-A98B-458A-89F3-40F02C986CAF}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe</p><p>FirewallRules: [TCP Query User{022644F4-E66C-48AD-A012-89BAFE17D2BB}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe</p><p>FirewallRules: [UDP Query User{800B11B5-9DA9-40B1-A93E-ACDCA76BF687}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe</p><p>FirewallRules: [TCP Query User{9B1B18EB-90D5-46FB-BA48-B1F9F725C344}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe</p><p>FirewallRules: [UDP Query User{A9CE91DD-33C4-4802-990B-D0EFAFB893FB}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe</p><p>FirewallRules: [{D123C5CC-4EA0-4263-A4CA-5A069381BEDE}] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe</p><p>FirewallRules: [{2958A8A8-F23F-4CC3-A2E8-8190E31CD04F}] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe</p><p>FirewallRules: [TCP Query User{F27C7AD1-0CC1-42C0-B8C9-85FC983C919A}C:\users\user\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\user\appdata\roaming\bittorrent\bittorrent.exe</p><p>FirewallRules: [UDP Query User{895DA32A-E592-4809-AF5D-EF776CBB7CE5}C:\users\user\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\user\appdata\roaming\bittorrent\bittorrent.exe</p><p>FirewallRules: [{B930571F-B83C-441A-BA5A-50C12F050210}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe</p><p></p><p>==================== Restore Points =========================</p><p></p><p>17-06-2016 13:00:33 Removed Realtek Ethernet Controller Driver</p><p>22-06-2016 14:04:08 Windows Update</p><p></p><p>==================== Faulty Device Manager Devices =============</p><p></p><p></p><p>==================== Event log errors: =========================</p><p></p><p>Application errors:</p><p>==================</p><p>Error: (07/05/2016 07:40:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS)</p><p>Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.</p><p></p><p>Error: (07/05/2016 06:32:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS)</p><p>Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.</p><p></p><p>Error: (07/05/2016 11:38:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS)</p><p>Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.</p><p></p><p>Error: (07/05/2016 09:38:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS)</p><p>Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.</p><p></p><p>Error: (07/05/2016 08:42:58 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: mmc.exe, version: 6.3.9600.17415, time stamp: 0x54504e26</p><p>Faulting module name: devmgr.dll_unloaded, version: 6.3.9600.17415, time stamp: 0x54504b46</p><p>Exception code: 0xc000041d</p><p>Fault offset: 0x00000000000202ff</p><p>Faulting process ID: 0xdd0</p><p>Faulting application start time: 0xmmc.exe0</p><p>Faulting application path: mmc.exe1</p><p>Faulting module path: mmc.exe2</p><p>Report ID: mmc.exe3</p><p>Faulting package full name: mmc.exe4</p><p>Faulting package-relative application ID: mmc.exe5</p><p></p><p>Error: (07/05/2016 08:42:48 AM) (Source: Application Error) (EventID: 1000) (User: )</p><p>Description: Faulting application name: mmc.exe, version: 6.3.9600.17415, time stamp: 0x54504e26</p><p>Faulting module name: devmgr.dll_unloaded, version: 6.3.9600.17415, time stamp: 0x54504b46</p><p>Exception code: 0xc0000005</p><p>Fault offset: 0x00000000000202ff</p><p>Faulting process ID: 0xdd0</p><p>Faulting application start time: 0xmmc.exe0</p><p>Faulting application path: mmc.exe1</p><p>Faulting module path: mmc.exe2</p><p>Report ID: mmc.exe3</p><p>Faulting package full name: mmc.exe4</p><p>Faulting package-relative application ID: mmc.exe5</p><p></p><p>Error: (07/05/2016 07:41:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS)</p><p>Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.</p><p></p><p>Error: (07/05/2016 07:17:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS)</p><p>Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.</p><p></p><p>Error: (07/04/2016 09:34:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS)</p><p>Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.</p><p></p><p>Error: (07/04/2016 08:13:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS)</p><p>Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information.</p><p></p><p></p><p>System errors:</p><p>=============</p><p>Error: (07/05/2016 08:26:18 PM) (Source: BTHUSB) (EventID: 5) (User: )</p><p>Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it.</p><p></p><p>Error: (07/05/2016 08:25:51 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS)</p><p>Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC}</p><p></p><p>Error: (07/05/2016 08:25:51 PM) (Source: DCOM) (EventID: 10010) (User: CASHTRADERS)</p><p>Description: {3EB3C877-1F16-487C-9050-104DBCD66683}</p><p></p><p>Error: (07/05/2016 08:25:10 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS)</p><p>Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}</p><p></p><p>Error: (07/05/2016 08:25:10 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS)</p><p>Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}</p><p></p><p>Error: (07/05/2016 08:25:09 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS)</p><p>Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}</p><p></p><p>Error: (07/05/2016 08:25:09 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS)</p><p>Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}</p><p></p><p>Error: (07/05/2016 08:25:08 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS)</p><p>Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}</p><p></p><p>Error: (07/05/2016 08:25:08 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS)</p><p>Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}</p><p></p><p>Error: (07/05/2016 08:25:07 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS)</p><p>Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030}</p><p></p><p></p><p>CodeIntegrity:</p><p>===================================</p><p> Date: 2016-07-05 21:30:56.182</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2016-07-05 21:30:55.623</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2016-07-05 21:30:55.167</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2016-07-05 21:30:54.259</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2016-07-05 21:30:53.925</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2016-07-05 21:30:53.613</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2016-07-05 21:30:53.175</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2016-07-05 21:30:52.570</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2016-07-05 21:30:52.238</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p> Date: 2016-07-05 21:30:51.930</p><p> Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.</p><p></p><p></p><p>==================== Memory info =========================== </p><p></p><p>Processor: Intel(R) Pentium(R) CPU 2117U @ 1.80GHz</p><p>Percentage of memory in use: 60%</p><p>Total physical RAM: 3969.93 MB</p><p>Available physical RAM: 1549.24 MB</p><p>Total Virtual: 8833.93 MB</p><p>Available Virtual: 5824.23 MB</p><p></p><p>==================== Drives ================================</p><p></p><p>Drive c: () (Fixed) (Total:440.42 GB) (Free:197.12 GB) NTFS</p><p></p><p>==================== MBR & Partition Table ==================</p><p></p><p>========================================================</p><p>Disk: 0 (Size: 465.8 GB) (Disk ID: DD49C7C1)</p><p></p><p>Partition: GPT.</p><p></p><p>==================== End of Addition.txt ============================</p><p></p><p>[/code]</p></blockquote><p></p>
[QUOTE="Liger, post: 520742, member: 53808"] Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version: 02-07-2016 Ran by User (administrator) on CASHTRADERS (05-07-2016 21:31:55) Running from C:\Users\User\Downloads Loaded Profiles: User (Available Profiles: User & barry & Michael) Platform: Windows 8.1 (Update) (X64) Language: English (United Kingdom) Internet Explorer Version 11 (Default browser: Chrome) Boot Mode: Normal Tutorial for Farbar Recovery Scan Tool: [URL="http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/"]FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials[/URL] [code] ==================== Processes (Whitelisted) ================= (If an entry is included in the fixlist, the process will be closed. The file will not be moved.) () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe (Windows (R) Win 7 DDK provider) C:\Program Files (x86)\Bluetooth Suite\AdminService.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe (Intel(R) Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\Jhi_service.exe (Samsung Electronics CO., LTD.) C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe (Atheros) C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe (Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe (Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe (Microsoft Corporation) C:\Windows\System32\SkyDrive.exe (Samsung Electronics CO., LTD.) C:\Program Files (x86)\Samsung\Settings\sSettings.exe (Intel Corporation) C:\Windows\System32\igfxext.exe (Qualcomm®Atheros®) C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe (Nico Mak Computing) C:\Program Files\WinZip\FAH\FAHWindow64.exe (WinZip Computing, S.L.) C:\Program Files\WinZip\WzPreloader.exe (iSkySoft) C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Samsung Electronics CO., LTD.) C:\Program Files\Samsung\S Agent\CommonAgent.exe (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\livecomm.exe (Microsoft Corporation) C:\Windows\System32\WWAHost.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe (Kaspersky Lab ZAO) C:\Users\User\AppData\Local\Temp\{DF8C6191-A4F8-4903-A065-E74B5D134F71}\{D1929069-BD95-4C77-904E-4686D13FD27E}.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Microsoft Corporation) C:\Windows\System32\Taskmgr.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe (Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Registry (Whitelisted) =========================== (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.) HKLM\...\Run: [AdobeAAMUpdater-1.0] => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [499608 2011-06-16] (Adobe Systems Incorporated) HKLM\...\Run: [Bitcasa] => C:\Program Files\Bitcasa\Bitcasa.exe [4365824 2012-12-27] (Bitcasa, Inc) HKLM\...\Run: [RtsCM] => C:\windows\RTSCM64.EXE [168152 2015-07-11] (Realtek Semiconductor Corp.) HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-23] (Apple Inc.) HKLM-x32\...\Run: [RemoteControl10] => C:\Program Files (x86)\CyberLink\PowerDVD10\PDVD10Serv.exe [97392 2012-08-15] (CyberLink Corp.) HKLM-x32\...\Run: [CLMLServer_For_P2G8] => C:\Program Files (x86)\CyberLink\Power2Go8\CLMLSvc_P2G8.exe [111120 2012-06-08] (CyberLink) HKLM-x32\...\Run: [CLVirtualDrive] => C:\Program Files (x86)\CyberLink\Power2Go8\VirtualDrive.exe [491120 2012-07-12] (CyberLink Corp.) HKLM-x32\...\Run: [Adobe Reader Speed Launcher] => "C:\Program Files (x86)\Adobe\Reader 10.0\Reader\Reader_sl.exe" HKLM-x32\...\Run: [KiesTrayAgent] => C:\Program Files (x86)\Samsung\Kies\KiesTrayAgent.exe [310640 2013-03-07] (Samsung Electronics Co., Ltd.) HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [256896 2014-07-11] (Oracle Corporation) HKLM-x32\...\Run: [mbot_gb_62] => [X] HKLM-x32\...\Run: [iSkysoft Helper Compact.exe] => C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\ISHelper.exe [2066432 2014-10-31] (iSkySoft) Winlogon\Notify\igfxcui: C:\windows\system32\igfxdev.dll (Intel Corporation) HKLM\...\Policies\Explorer\Run: [BtvStack] => C:\Program Files (x86)\Bluetooth Suite\BtvStack.exe [134784 2014-06-17] (Qualcomm®Atheros®) HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\Run: [AutoHideMouseCursor] => "C:\Users\User\AppData\Local\Temp\Temp1_AutoHideMouseCursor (1).zip\AutoHideMouseCursor.exe" -bg <===== ATTENTION SSODL: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\system32\CbFsMntNtf3.dll (EldoS Corporation) SSODL-x32: EldosMountNotificator - {5FF49FE8-B332-4CB9-B102-FB6951629E55} - C:\windows\SysWow64\CbFsMntNtf3.dll (EldoS Corporation) ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File ShellIconOverlayIdentifiers: [1EldosIconOverlay] -> {01271CDF-E110-4F3A-AFA6-5A9EA8B176C2} => C:\windows\SYSTEM32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation) ShellIconOverlayIdentifiers: [BitcasaIconOverlay] -> {A6975448-A999-49BB-B3E4-7730CF6A82C0} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2012-12-27] (Bitcasa, Inc) ShellIconOverlayIdentifiers: [BitcasaProgressOverlay] -> {6FB8D52A-0064-45B2-B687-F596FEAD09C2} => C:\Program Files\Bitcasa\ExplorerMenu.dll [2012-12-27] (Bitcasa, Inc) ShellIconOverlayIdentifiers: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\system32\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [1EldosIconOverlay] -> {01271CDF-E110-4F3A-AFA6-5A9EA8B176C2} => C:\windows\SysWOW64\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation) ShellIconOverlayIdentifiers-x32: [EldosIconOverlay] -> {5BB532A2-BF14-4CCC-86B7-71B81EF6F8BC} => C:\windows\SysWow64\CbFsMntNtf3.dll [2012-08-06] (EldoS Corporation) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\FAH.lnk [2015-10-17] ShortcutTarget: FAH.lnk -> C:\Program Files\WinZip\FAH\FAHConsole.exe (Nico Mak Computing) Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\WinZip Preloader.lnk [2015-10-17] ShortcutTarget: WinZip Preloader.lnk -> C:\Program Files\WinZip\WzPreloader.exe (WinZip Computing, S.L.) CHR HKLM\SOFTWARE\Policies\Google: Restriction <======= ATTENTION ==================== Internet (Whitelisted) ==================== (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.) Hosts: 127.0.0.1 d3oxij66pru1i3.cloudfront.net Tcpip\Parameters: [DhcpNameServer] 192.168.1.254 Tcpip\..\Interfaces\{EEEB8153-09E6-4770-A624-BE46C4626F0F}: [NameServer] 8.8.8.8 Tcpip\..\Interfaces\{EEEB8153-09E6-4770-A624-BE46C4626F0F}: [DhcpNameServer] 192.168.1.254 Internet Explorer: ================== HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.msn.com/?pc=MSE1"]www.msn.com/?pc=MSE1[/URL] HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://[URL="http://www.msn.com/?pc=MSE1"]www.msn.com/?pc=MSE1[/URL] HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://[URL="http://www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome"]www.microsoft.com/isapi/redir.dll?prd=ie&pver=5.5&ar=msnhome[/URL] HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,First Home Page = hxxp://go.microsoft.com/fwlink/?LinkID=226786&Mkt=en-GB&Src=WD8&Tid=00033BB0&OHP=http%3A%2F%2Fwww.symantec.com%2Fredirects%2Fsecurity%5Fresponse%2Ffix%5Fhomepage%2Findex.jsp%3Flg%3Den%26pid%3DN360%26pvid%3D21.1.0.18&OSP= HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxps://uk.search.yahoo.com/?type=502468&fr=spigot-yhp-ie HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://samsung13.msn.com HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Software\Microsoft\Internet Explorer\Main,Secondary Start Pages = hxxp://[URL="http://www.msn.com/?pc=MSE1"]www.msn.com/?pc=MSE1[/URL] SearchScopes: HKLM -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = hxxp://[URL="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1"]www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1[/URL] SearchScopes: HKLM-x32 -> {006ee092-9658-4fd6-bd8e-a21a348e59f5} URL = hxxp://[URL="http://www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1"]www.bing.com/search?q={searchTerms}&form=MSSEDF&pc=MSE1[/URL] SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = SearchScopes: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> {6A1806CD-94D4-4689-BA73-E35EA1EA9990} URL = SearchScopes: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> {706C3937-4161-4756-B6D5-B970A3FD84EE} URL = SearchScopes: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> {C370EE6D-BD0F-4C2C-A2B8-1A391B10F9C2} URL = hxxps://uk.search.yahoo.com/search?fr=chr-greentree_ie&ei=utf-8&ilc=12&type=502468&p={searchTerms} BHO: ExplorerWnd Helper -> {10921475-03CE-4E04-90CE-E2E7EF20C814} -> C:\Program Files (x86)\IObit\IObit Uninstaller\UninstallExplorer64.dll => No File BHO: TidyNetwork -> {C2260217-D66E-347E-E803-75AB650D31FC} -> C:\Program Files (x86)\TidyNetwork\petn64.dll => No File BHO: FreeFLVConverter -> {DC7CE5D0-3608-4FD0-8853-D5822E02135D} -> C:\Program Files (x86)\Free FLV Converter\FreeFLVConverter_x64.dll [2014-01-31] (Free FLV Converter) BHO-x32: No Name -> {0025320D-4D37-4C73-9A5C-0C28F04068A3} -> C:\Users\User\AppData\LocalLow\IE-BHO\bho.dll => No File BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll => No File BHO-x32: TidyNetwork -> {C2260217-D66E-347E-E803-75AB650D31FC} -> C:\Program Files (x86)\TidyNetwork\petn.dll => No File BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll => No File BHO-x32: FreeFLVConverter -> {DC7CE5D0-3608-4FD0-8853-D5822E02135D} -> C:\Program Files (x86)\Free FLV Converter\FreeFLVConverter.dll [2014-01-31] (Free FLV Converter) Toolbar: HKLM - FindWide Toolbar - {ED5CF73E-B2CC-44BE-B977-1026C4D7D8E6} - C:\Program Files (x86)\TNT2\Profiles\10801\passport64.dll No File Toolbar: HKLM-x32 - FindWide Toolbar - {ED5CF73E-B2CC-44BE-B977-1026C4D7D8E6} - C:\Program Files (x86)\TNT2\Profiles\10801\passport.dll No File Toolbar: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> No Name - {2318C2B1-4965-11D4-9B18-009027A5CD4F} - No File Toolbar: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> FindWide Toolbar - {ED5CF73E-B2CC-44BE-B977-1026C4D7D8E6} - C:\Program Files (x86)\TNT2\Profiles\10801\passport64.dll No File Toolbar: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001 -> No Name - {0329E7D6-6F54-462D-93F6-F5C3118BADF2} - No File FireFox: ======== FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @adobe.com/ShockwavePlayer -> C:\WINDOWS\SysWOW64\Adobe\Director\np32dsw_1217157.dll [2015-02-16] (Adobe Systems, Inc.) FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] () FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation) FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation) FF Plugin-x32: @java.com/DTPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [No File] FF Plugin-x32: @java.com/JavaPlugin,version=10.65.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [No File] FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.30514.0\npctrl.dll [2014-05-13] ( Microsoft Corporation) FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3503.0728 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-07-27] (Microsoft Corporation) FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.30.3\npGoogleUpdate3.dll [2016-05-11] (Google Inc.) FF Plugin-x32: @videolan.org/vlc,version=2.0.0 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN) FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2013-12-09] (VideoLAN) FF Plugin HKU\S-1-5-21-2966991898-3599612516-2177771990-1001: @lightspark.github.com/Lightspark;version=1 -> C:\Program Files (x86)\Lightspark 0.5.3-git\nplightsparkplugin.dll [No File] FF Plugin HKU\S-1-5-21-2966991898-3599612516-2177771990-1001: @tnt2ghost.com/Plugin -> C:\Users\User\AppData\Local\TNT2\2.0.0.1702\npTNT2ghost.dll [No File] FF Plugin HKU\S-1-5-21-2966991898-3599612516-2177771990-1001: @tnt2npapi.com/Plugin -> C:\Users\User\AppData\Local\TNT2\2.0.0.1702\npTNT2.dll [No File] FF HKLM-x32\...\Firefox\Extensions: [{ABDE892B-13A8-4d1b-88E6-365A6E755758}] - C:\ProgramData\RealNetworks\RealDownloader\BrowserPlugins\Firefox\Ext => not found FF HKLM-x32\...\Firefox\Extensions: [ext@flash-Enhancer.com] - C:\Program Files (x86)\AmiExt\flashEnhancer\ff => not found FF HKLM-x32\...\Firefox\Extensions: [extension@Free_FLV_Converter.com] - C:\Program Files (x86)\Free FLV Converter\extension@Free_FLV_Converter.com FF Extension: FreeFLVConverter - C:\Program Files (x86)\Free FLV Converter\extension@Free_FLV_Converter.com [2014-02-21] [not signed] FF HKLM-x32\...\Firefox\Extensions: [searchpredict@speedbit.com] - C:\Program Files (x86)\SearchPredict\PRFireFox => not found FF HKLM-x32\...\Firefox\Extensions: [{0329E7D6-6F54-462D-93F6-F5C3118BADF2}] - C:\Program Files (x86)\SPEEDbit Video Downloader\SPFireFox => not found StartMenuInternet: FIREFOX.EXE - firefox.exe Chrome: ======= CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default CHR Extension: (VLC for Chrome) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\acdmpikaaapgadcocbfobfmkeloofnfb [2014-10-14] CHR Extension: (ajpgkpeckebdhofmmjfgcjjiiejpodla) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\ajpgkpeckebdhofmmjfgcjjiiejpodla [2014-09-26] CHR Extension: (Google Docs) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-02-04] CHR Extension: (Google Drive) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-02-04] CHR Extension: (YouTube) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-02-04] CHR Extension: (Adblock Plus) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2014-10-15] CHR Extension: (Google Search) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2014-10-25] CHR Extension: (Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\ehmnjgkmbpbohelngpclcdhgochdeoej [2014-10-25] CHR Extension: (videos+Media+Players) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\hadldngabdmgfehgdojfmcmgnhlcckgp [2014-10-03] [UpdateUrl: hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/64969.xml] <==== ATTENTION CHR Extension: (Browsers+_App+_Pro+) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\hoidflomjnnnbiemmkjdjkkialmhbago [2014-09-25] [UpdateUrl: hxxps://w9u6a2p6.ssl.hwcdn.net/plugin/chrome/update/65055.xml] <==== ATTENTION CHR Extension: (Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\idhngdhcfkoamngbedgpaokgjbnpdiji [2014-10-25] CHR Extension: (Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\ippenodjaoidmkkfdlmdhofiebnpjddb [2014-10-25] [UpdateUrl: hxxp://wwwbrowsesmartne-a.akamaihd.net/update/chrome] <==== ATTENTION CHR Extension: (Wajam) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\jpmbfleldcgkldadpdinhjjopdfpjfjp [2014-11-05] CHR Extension: (Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\kbjlipmgfoamgjaogmbihaffnpkpjajp [2014-10-25] CHR Extension: (videos_MediaPlayers_v1.1) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\kjpifmjicccpbkfjdkehimhgklfkbanh [2014-10-23] CHR Extension: (CinPl-2.5cV23.09) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\ljefoakgfhcoeobgicjgejglnpfpemgb [2014-09-24] CHR Extension: (Norton Security Toolbar) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\mkfokfffehpeedafpekjeddnmnjhmcmk [2014-11-07] CHR Extension: (RelevantKnowledge) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\mkndcbhcgphcfkkddanakjiepeknbgle [2014-10-25] CHR Extension: (neebplgakaahbhdphmkckjjcegoiijjo) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\neebplgakaahbhdphmkckjjcegoiijjo [2014-09-27] CHR Extension: (Google Wallet) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2014-10-25] CHR Extension: (Store) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\ohenffmfbnoidogjgebadealdkecjdal [2014-10-25] CHR Extension: (No Name) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\pbjikboenpfhbbejgkoklgkhjpfogcam [2014-09-21] CHR Extension: (Gmail) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-03-03] CHR Extension: (CinemaPro-ShopT1.3V29.09) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\plimopelmdneikoknbgpopffpbmlhgpa [2014-09-29] CHR Extension: (HC-PRO1.2V29.09) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Backup default\Extensions\pmepfkpjangbajhmnkaghmajcncgekdp [2014-09-29] CHR Profile: C:\Users\User\AppData\Local\Google\Chrome\User Data\Default CHR Extension: (Adblock for Youtube™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\cmedhionkhpnakcndndgjdbohmhepckk [2016-04-23] CHR Extension: (AdRemover for Google Chrome™) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\mcefmojpghnaceadnghednjhbmphipkb [2016-07-05] CHR Extension: (Chrome Web Store Payments) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-04-08] CHR Extension: (Adblock Pro) - C:\Users\User\AppData\Local\Google\Chrome\User Data\Default\Extensions\ocifcklkibdehekfnmflempfgjhbedch [2016-05-16] ==================== Services (Whitelisted) ======================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R2 AdobeActiveFileMonitor11.0; C:\Program Files (x86)\Adobe\Elements 11 Organizer\PhotoshopElementsFileAgent.exe [172104 2013-01-26] (Adobe Systems Incorporated) R2 AtherosSvc; C:\Program Files (x86)\Bluetooth Suite\adminservice.exe [322176 2014-06-17] (Windows (R) Win 7 DDK provider) [File not signed] R2 Easy Launcher; C:\Program Files (x86)\Samsung\Settings\CmdServer\EasyLauncher.exe [1594416 2013-02-01] (Samsung Electronics CO., LTD.) S4 FreeFLVConverterUpdt; C:\Program Files (x86)\Free FLV Converter\FreeFLVConverterUpdt.exe [252928 2014-01-31] () [File not signed] R2 Intel(R) Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel(R) Corporation) [File not signed] S3 Intel(R) Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel(R) Corporation) R2 Intel(R) ME Service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\FWService\IntelMeFWService.exe [131032 2013-01-14] (Intel Corporation) R2 jhi_service; C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\DAL\jhi_service.exe [165336 2013-01-14] (Intel Corporation) R2 SWUpdateService; C:\ProgramData\Samsung\SW Update Service\SWMAgent.exe [3014488 2015-03-24] (Samsung Electronics CO., LTD.) R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [366552 2015-07-07] (Microsoft Corporation) R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [23824 2015-07-07] (Microsoft Corporation) S3 WsDrvInst; C:\Program Files (x86)\iSkysoft\TunesOver\DriverInstall.exe [103104 2015-09-17] (Wondershare) R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [620056 2015-03-10] () R2 ZAtheros Bt and Wlan Coex Agent; C:\Program Files (x86)\Bluetooth Suite\Ath_CoexAgent.exe [323584 2014-06-17] (Atheros) [File not signed] ===================== Drivers (Whitelisted) ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) R3 athr; C:\Windows\system32\DRIVERS\athwbx.sys [4265984 2015-07-11] (Qualcomm Atheros Communications, Inc.) R3 BTATH_HID; C:\Windows\system32\DRIVERS\btath_hid.sys [223432 2014-06-17] (Qualcomm Atheros) R3 BTATH_LWFLT; C:\Windows\system32\DRIVERS\btath_lwflt.sys [77464 2014-06-17] (Qualcomm Atheros) R1 cbfs3; C:\windows\system32\drivers\cbfs3.sys [352456 2012-08-06] (EldoS Corporation) R1 CLVirtualDrive; C:\Windows\system32\DRIVERS\CLVirtualDrive.sys [92536 2012-06-25] (CyberLink) S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3357024 2013-08-22] (Broadcom Corporation) R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [487216 2014-09-29] (Symantec Corporation) R3 GEARAspiWDM; C:\Windows\SysWOW64\Drivers\GEARAspiWDM.sys [15664 2013-02-04] (GEAR Software Inc.) R1 HWiNFO32; C:\WINDOWS\SysWOW64\drivers\HWiNFO64A.SYS [26528 2015-07-11] (REALiX(tm)) R3 MEIx64; C:\Windows\system32\DRIVERS\TeeDriverx64.sys [129312 2015-07-11] (Intel Corporation) R0 PxHlpa64; C:\Windows\System32\Drivers\PxHlpa64.sys [56336 2012-08-09] (Corel Corporation) R3 RadioHIDMini; C:\Windows\System32\drivers\RadioHIDMini.sys [23408 2012-07-27] (Windows (R) Win 7 DDK provider) S3 USBAAPL64; C:\Windows\System32\Drivers\usbaapl64.sys [54784 2012-12-13] (Apple, Inc.) [File not signed] S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44560 2015-07-07] (Microsoft Corporation) R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [270168 2015-07-07] (Microsoft Corporation) R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [114520 2015-07-07] (Microsoft Corporation) S3 IntcAzAudAddService; \SystemRoot\system32\drivers\RTKVHD64.sys [X] S3 rtsuvc; \SystemRoot\system32\DRIVERS\rtsuvc.sys [X] S3 SBIOSIO; \??\C:\Users\User\AppData\Local\Temp\__Samsung_Update\SBIOSIO64.sys [X] ==================== NetSvcs (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) ==================== One Month Created files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-05 21:31 - 2016-07-05 21:32 - 00025316 _____ C:\Users\User\Downloads\FRST.txt 2016-07-05 21:27 - 2016-07-05 21:31 - 00000000 ____D C:\FRST 2016-07-05 21:25 - 2016-07-05 21:25 - 02390016 _____ (Farbar) C:\Users\User\Downloads\FRST64.exe 2016-07-05 20:42 - 2016-07-05 20:44 - 00222874 _____ C:\TDSSKiller.3.1.0.9_05.07.2016_20.42.31_log.txt 2016-07-05 20:41 - 2016-07-05 20:42 - 04727984 _____ (Kaspersky Lab ZAO) C:\Users\User\Downloads\tdsskiller.exe 2016-07-05 20:31 - 2016-07-05 20:31 - 00000000 ___RD C:\Users\User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\BT Devices 2016-07-05 20:00 - 2016-07-05 20:00 - 00019961 _____ C:\Users\User\Downloads\AutoHideMouseCursor (1).zip 2016-06-22 19:24 - 2016-06-14 18:13 - 00828408 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe 2016-06-22 19:24 - 2016-06-14 18:13 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl 2016-06-22 15:17 - 2015-07-30 15:04 - 00124624 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll 2016-06-22 15:17 - 2015-07-30 14:48 - 00103120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll 2016-06-22 14:03 - 2016-03-31 07:50 - 01307328 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll 2016-06-22 14:03 - 2016-03-31 04:40 - 00747520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll 2016-06-22 14:02 - 2016-05-12 19:38 - 00135336 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpapi.dll 2016-06-22 14:02 - 2016-05-12 18:43 - 00115704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gpapi.dll 2016-06-22 14:02 - 2016-05-12 17:17 - 00331776 _____ (Microsoft Corporation) C:\WINDOWS\system32\polstore.dll 2016-06-22 14:02 - 2016-05-12 17:08 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\FwRemoteSvr.dll 2016-06-22 14:02 - 2016-05-12 17:07 - 01360896 _____ (Microsoft Corporation) C:\WINDOWS\system32\gpsvc.dll 2016-06-22 14:02 - 2016-05-12 16:59 - 00398848 _____ (Microsoft Corporation) C:\WINDOWS\system32\IPSECSVC.DLL 2016-06-22 14:02 - 2016-05-12 16:43 - 00291328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\polstore.dll 2016-06-22 14:02 - 2016-05-12 16:37 - 00050176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FwRemoteSvr.dll 2016-06-22 14:02 - 2016-01-10 18:50 - 00062464 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfgbkend.dll 2016-06-22 14:02 - 2016-01-10 18:31 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msorcl32.dll 2016-06-22 14:02 - 2016-01-10 18:16 - 00898048 _____ (Microsoft Corporation) C:\WINDOWS\system32\CPFilters.dll 2016-06-22 14:02 - 2016-01-10 18:14 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cfgbkend.dll 2016-06-22 14:02 - 2016-01-10 18:12 - 00532480 _____ (Microsoft Corporation) C:\WINDOWS\system32\EncDec.dll 2016-06-22 14:02 - 2016-01-10 17:58 - 00166400 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxoci.dll 2016-06-22 14:02 - 2016-01-10 17:51 - 00702976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CPFilters.dll 2016-06-22 14:02 - 2016-01-10 17:49 - 00443392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EncDec.dll 2016-06-22 14:02 - 2016-01-10 17:40 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mtxoci.dll 2016-06-22 14:01 - 2015-06-28 06:07 - 00442712 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll 2016-06-22 14:01 - 2015-06-28 06:06 - 00332120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll 2016-06-22 14:01 - 2015-05-30 22:18 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\system32\werdiagcontroller.dll 2016-06-22 14:01 - 2015-05-30 20:36 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll 2016-06-22 14:01 - 2015-05-30 20:35 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll 2016-06-22 14:00 - 2016-05-06 16:45 - 00748544 _____ (Microsoft Corporation) C:\WINDOWS\system32\StructuredQuery.dll 2016-06-22 14:00 - 2016-05-06 16:23 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StructuredQuery.dll 2016-06-22 14:00 - 2015-12-02 16:04 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\qedit.dll 2016-06-22 14:00 - 2015-12-02 16:01 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qedit.dll 2016-06-22 14:00 - 2015-11-05 09:59 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys 2016-06-22 13:59 - 2016-04-06 22:13 - 00137976 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncrypt.dll 2016-06-22 13:59 - 2016-04-06 18:49 - 00120384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncrypt.dll 2016-06-22 13:59 - 2016-04-06 17:52 - 00432128 _____ (Microsoft Corporation) C:\WINDOWS\system32\schannel.dll 2016-06-22 13:59 - 2016-04-06 16:48 - 00357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schannel.dll 2016-06-22 13:59 - 2015-12-03 20:42 - 00106960 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptsslp.dll 2016-06-22 13:59 - 2015-12-03 19:52 - 00091416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptsslp.dll 2016-06-22 13:59 - 2015-06-15 23:41 - 00065024 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe 2016-06-22 13:59 - 2015-06-15 23:24 - 03320320 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll 2016-06-22 13:59 - 2015-06-15 22:16 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe 2016-06-22 13:59 - 2015-06-15 22:09 - 03607552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll 2016-06-22 13:58 - 2016-03-11 15:48 - 00833024 _____ (Microsoft Corporation) C:\WINDOWS\system32\samsrv.dll 2016-06-22 13:58 - 2016-03-10 18:03 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\samlib.dll 2016-06-22 13:58 - 2016-03-10 17:48 - 00064512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\samlib.dll 2016-06-22 13:57 - 2016-04-09 22:58 - 00534016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll 2016-06-22 13:57 - 2016-04-09 22:50 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll 2016-06-22 13:57 - 2016-01-10 18:02 - 00987648 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll 2016-06-22 13:57 - 2016-01-10 17:43 - 00801792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 02745184 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVDECOD.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 02528784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVDECOD.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 02450240 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVENCOD.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 02447136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVENCOD.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 02334104 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 02324744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 01877504 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2adec.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 01798480 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMALFXGFXDSP.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 01484888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2adec.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 01288128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 01210200 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOD.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 01150232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMADMOE.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 01115640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 01037680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOD.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00914672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMADMOE.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00850680 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetcore.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 00735496 _____ (Microsoft Corporation) C:\WINDOWS\system32\evr.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 00700360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetcore.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 00629600 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP4SDECD.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\evr.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 00557856 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSDECD.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00498472 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 00492736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSDECD.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00463776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP4SDECD.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00399776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 00299080 _____ (Microsoft Corporation) C:\WINDOWS\system32\VIDRESZR.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00275312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MPG4DECD.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00274280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP43DECD.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00250520 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPG4DECD.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00248432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP43DECD.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00246856 _____ (Microsoft Corporation) C:\WINDOWS\system32\RESAMPLEDMO.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00244296 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 00229272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RESAMPLEDMO.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00203016 _____ (Microsoft Corporation) C:\WINDOWS\system32\COLORCNV.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00184912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\COLORCNV.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00183856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VIDRESZR.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\system32\MP3DMOD.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00110544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 00099136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MP3DMOD.DLL 2016-06-22 13:57 - 2015-12-05 06:58 - 00090904 _____ (Microsoft Corporation) C:\WINDOWS\system32\devenum.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 00090392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfvdsp.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 00081032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\devenum.dll 2016-06-22 13:57 - 2015-12-05 06:58 - 00076936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfvdsp.dll 2016-06-22 13:57 - 2015-12-03 19:07 - 00340992 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll 2016-06-22 13:57 - 2015-12-03 19:07 - 00289792 _____ (Microsoft Corporation) C:\WINDOWS\system32\ksproxy.ax 2016-06-22 13:57 - 2015-12-03 19:05 - 00644608 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVXENCD.DLL 2016-06-22 13:57 - 2015-12-03 19:02 - 01664000 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOE.DLL 2016-06-22 13:57 - 2015-12-03 19:00 - 00451072 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMVSENCD.DLL 2016-06-22 13:57 - 2015-12-03 18:58 - 00378880 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysFxUI.dll 2016-06-22 13:57 - 2015-12-03 18:36 - 01697792 _____ (Microsoft Corporation) C:\WINDOWS\system32\quartz.dll 2016-06-22 13:57 - 2015-12-03 18:30 - 00468480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFWMAAEC.DLL 2016-06-22 13:57 - 2015-12-03 18:28 - 00519680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll 2016-06-22 13:57 - 2015-12-03 18:27 - 00736256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVXENCD.DLL 2016-06-22 13:57 - 2015-12-03 18:06 - 01501184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\quartz.dll 2016-06-22 13:57 - 2015-12-03 17:40 - 01010688 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMSPDMOD.DLL 2016-06-22 13:57 - 2015-12-03 17:29 - 00887296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOD.DLL 2016-06-22 13:56 - 2015-12-03 18:28 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ksproxy.ax 2016-06-22 13:56 - 2015-12-03 18:24 - 01411584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMSPDMOE.DLL 2016-06-22 13:56 - 2015-12-03 18:23 - 00402432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMVSENCD.DLL 2016-06-22 13:56 - 2015-12-03 18:01 - 00743936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFWMAAEC.DLL 2016-06-22 13:55 - 2016-05-14 00:09 - 04169216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys 2016-06-22 13:55 - 2016-03-03 02:39 - 01661576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll 2016-06-22 13:55 - 2016-03-03 02:39 - 01212248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll 2016-06-22 13:55 - 2015-10-13 18:10 - 00559616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys 2016-06-22 13:55 - 2015-10-13 18:10 - 00108032 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys 2016-06-22 13:55 - 2015-08-27 03:43 - 22372152 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll 2016-06-22 13:55 - 2015-08-27 03:42 - 19795904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll 2016-06-22 13:54 - 2016-04-10 05:21 - 01763376 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsCodecs.dll 2016-06-22 13:54 - 2016-04-10 05:21 - 01489088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WindowsCodecs.dll 2016-06-22 13:54 - 2016-03-03 17:47 - 02345472 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll 2016-06-22 13:54 - 2016-03-03 17:33 - 01556992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll 2016-06-22 13:54 - 2015-07-16 01:29 - 00101720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys 2016-06-22 13:54 - 2015-07-10 18:54 - 01217024 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll 2016-06-22 13:52 - 2016-05-09 22:35 - 07075328 _____ (Microsoft Corporation) C:\WINDOWS\system32\glcndFilter.dll 2016-06-22 13:52 - 2016-05-09 21:56 - 05270016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\glcndFilter.dll 2016-06-22 13:52 - 2016-05-09 21:45 - 07793152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll 2016-06-22 13:52 - 2016-05-09 21:23 - 05265920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll 2016-06-22 13:52 - 2015-12-11 01:13 - 01164800 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll 2016-06-22 13:52 - 2015-12-11 01:13 - 00705024 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll 2016-06-22 13:52 - 2015-12-11 01:13 - 00505344 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll 2016-06-22 13:52 - 2015-12-11 01:13 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\aepic.dll 2016-06-22 13:52 - 2015-11-21 17:59 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll 2016-06-22 13:52 - 2015-11-21 17:49 - 01344000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll 2016-06-22 13:52 - 2015-11-21 17:47 - 00522240 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll 2016-06-22 13:52 - 2015-11-21 17:40 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll 2016-06-22 13:51 - 2016-05-16 22:13 - 00563016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys 2016-06-22 13:51 - 2016-05-16 22:13 - 00397224 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcryptprimitives.dll 2016-06-22 13:51 - 2016-05-16 22:13 - 00340872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcryptprimitives.dll 2016-06-22 13:51 - 2016-05-16 22:13 - 00178008 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys 2016-06-22 13:51 - 2016-05-14 00:07 - 00675328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv2.sys 2016-06-22 13:51 - 2016-05-14 00:07 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srv.sys 2016-06-22 13:51 - 2016-05-14 00:06 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\srvnet.sys 2016-06-22 13:51 - 2016-05-13 23:34 - 00445440 _____ (Microsoft Corporation) C:\WINDOWS\system32\certcli.dll 2016-06-22 13:51 - 2016-05-13 22:58 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\certcli.dll 2016-06-22 13:51 - 2016-04-06 19:20 - 00201728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb20.sys 2016-06-22 13:51 - 2016-04-06 19:19 - 00401920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys 2016-06-22 13:51 - 2016-04-06 19:19 - 00284672 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys 2016-06-22 13:51 - 2016-04-06 17:57 - 01441792 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll 2016-06-22 13:51 - 2016-02-03 16:09 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll 2016-06-22 13:51 - 2016-02-03 16:00 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll 2016-06-22 13:51 - 2016-02-03 16:00 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll 2016-06-22 13:51 - 2015-11-09 01:41 - 01540728 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll 2016-06-22 13:51 - 2015-11-08 22:23 - 01994752 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll 2016-06-22 13:51 - 2015-11-08 22:13 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll 2016-06-22 13:51 - 2015-11-08 22:01 - 01753600 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll 2016-06-22 13:51 - 2015-11-08 21:52 - 01559552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll 2016-06-22 13:51 - 2015-11-08 21:48 - 01376256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll 2016-06-22 13:51 - 2015-11-08 21:42 - 01490944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll 2016-06-22 13:51 - 2015-09-07 17:22 - 00477184 _____ (Microsoft Corporation) C:\WINDOWS\system32\puiobj.dll 2016-06-22 13:51 - 2015-09-07 16:54 - 00367104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\puiobj.dll 2016-06-22 13:51 - 2015-09-07 16:30 - 01091584 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll 2016-06-22 13:51 - 2015-03-20 04:49 - 00309760 _____ (Microsoft Corporation) C:\WINDOWS\system32\compstui.dll 2016-06-22 13:50 - 2016-03-29 02:42 - 07446368 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe 2016-06-22 13:50 - 2016-02-11 21:17 - 01737088 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll 2016-06-22 13:50 - 2016-02-11 21:17 - 01663184 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi 2016-06-22 13:50 - 2016-02-11 21:17 - 01523208 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe 2016-06-22 13:50 - 2016-02-11 21:17 - 01490120 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi 2016-06-22 13:50 - 2016-02-11 21:17 - 01358952 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe 2016-06-22 13:50 - 2016-02-11 21:16 - 01501488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll 2016-06-22 13:50 - 2016-02-09 19:07 - 00246784 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-system-events.dll 2016-06-22 13:48 - 2016-02-12 20:14 - 00136904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe 2016-06-22 13:48 - 2016-02-12 16:14 - 03708416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll 2016-06-22 13:48 - 2016-02-12 15:55 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUSettingsProvider.dll 2016-06-22 13:48 - 2016-02-12 15:54 - 00140288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuwebv.dll 2016-06-22 13:48 - 2016-02-12 15:54 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\wudriver.dll 2016-06-22 13:48 - 2016-02-12 15:54 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapp.exe 2016-06-22 13:48 - 2016-02-12 15:51 - 00124928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuwebv.dll 2016-06-22 13:48 - 2016-02-12 15:51 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wudriver.dll 2016-06-22 13:48 - 2016-02-12 15:51 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapp.exe 2016-06-22 13:48 - 2016-02-12 15:48 - 02244096 _____ (Microsoft Corporation) C:\WINDOWS\system32\wucltux.dll 2016-06-22 13:48 - 2016-02-12 15:47 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll 2016-06-22 13:48 - 2016-02-12 15:46 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll 2016-06-22 13:48 - 2015-11-20 19:18 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll 2016-06-22 13:48 - 2015-07-09 19:40 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSetupUI.dll 2016-06-22 13:48 - 2015-06-27 04:08 - 00066048 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups.dll 2016-06-22 13:48 - 2015-06-27 03:14 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wups.dll 2016-06-22 13:47 - 2016-05-18 06:31 - 00372568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll 2016-06-22 13:47 - 2016-05-18 06:31 - 00315224 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll 2016-06-22 13:47 - 2016-05-14 00:04 - 00044032 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll 2016-06-22 13:47 - 2016-05-13 23:19 - 00035840 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll 2016-06-22 13:47 - 2016-02-06 19:08 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll 2016-06-22 13:47 - 2015-10-28 16:49 - 02775552 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll 2016-06-22 13:47 - 2015-10-28 16:29 - 02462720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll 2016-06-22 13:47 - 2015-09-24 17:42 - 00348672 _____ (Microsoft Corporation) C:\WINDOWS\system32\bdesvc.dll 2016-06-22 13:47 - 2015-09-24 17:40 - 00737280 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll 2016-06-22 13:47 - 2015-09-12 14:47 - 00414559 _____ C:\WINDOWS\system32\ApnDatabase.xml 2016-06-22 13:47 - 2015-07-30 18:18 - 00268288 _____ (Microsoft Corporation) C:\WINDOWS\system32\InkEd.dll 2016-06-22 13:47 - 2015-07-30 17:22 - 00230912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InkEd.dll 2016-06-22 13:47 - 2015-07-22 15:33 - 01728000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll 2016-06-22 13:47 - 2015-07-22 15:25 - 01546752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll 2016-06-22 13:47 - 2015-07-18 19:31 - 00194048 _____ (Microsoft Corporation) C:\WINDOWS\system32\shacct.dll 2016-06-22 13:47 - 2015-07-18 19:29 - 00655872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll 2016-06-22 13:47 - 2015-07-18 19:29 - 00148480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shacct.dll 2016-06-22 13:47 - 2015-07-18 19:27 - 00520192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll 2016-06-22 13:47 - 2015-07-07 10:40 - 00270168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdFilter.sys 2016-06-22 13:47 - 2015-07-07 10:40 - 00114520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdNisDrv.sys 2016-06-22 13:47 - 2015-07-07 10:40 - 00044560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdBoot.sys 2016-06-22 13:47 - 2015-07-01 23:19 - 00228864 _____ (Microsoft Corporation) C:\WINDOWS\system32\WebClnt.dll 2016-06-22 13:47 - 2015-07-01 23:16 - 00104448 _____ (Microsoft Corporation) C:\WINDOWS\system32\davclnt.dll 2016-06-22 13:47 - 2015-07-01 22:37 - 00198656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WebClnt.dll 2016-06-22 13:47 - 2015-07-01 22:35 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\davclnt.dll 2016-06-22 13:46 - 2016-04-10 08:48 - 00738096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d10level9.dll 2016-06-22 13:46 - 2016-04-10 08:48 - 00613624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d10level9.dll 2016-06-22 13:43 - 2016-05-20 22:25 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iepeers.dll 2016-06-22 13:43 - 2016-05-20 22:21 - 00128000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iepeers.dll 2016-06-22 13:43 - 2016-04-22 20:14 - 00725504 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe 2016-06-22 13:43 - 2016-02-08 21:29 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hlink.dll 2016-06-22 13:43 - 2016-02-08 18:15 - 02880000 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll 2016-06-22 13:43 - 2016-02-05 20:07 - 00292696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMASF.DLL 2016-06-22 13:43 - 2016-02-05 20:07 - 00243032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMASF.DLL 2016-06-22 13:43 - 2016-02-05 16:03 - 15432704 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll 2016-06-22 13:43 - 2016-02-05 16:00 - 13318144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll 2016-06-22 13:43 - 2016-01-19 20:13 - 02175008 _____ (Microsoft Corporation) C:\WINDOWS\system32\combase.dll 2016-06-22 13:43 - 2016-01-19 20:13 - 01063464 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinTypes.dll 2016-06-22 13:43 - 2016-01-19 20:12 - 01133744 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll 2016-06-22 13:43 - 2016-01-19 19:23 - 01564496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\combase.dll 2016-06-22 13:43 - 2016-01-19 19:23 - 00548024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinTypes.dll 2016-06-22 13:43 - 2016-01-19 18:30 - 00862720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll 2016-06-22 13:43 - 2016-01-19 17:37 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wincorlib.dll 2016-06-22 13:43 - 2016-01-06 19:25 - 00140800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxdav.sys 2016-06-22 13:43 - 2015-11-10 00:25 - 01048576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll 2016-06-22 13:43 - 2015-09-10 17:07 - 00076288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmled.dll 2016-06-22 13:43 - 2015-06-15 23:02 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\tdc.ocx 2016-06-22 13:43 - 2015-06-15 21:47 - 00073216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\tdc.ocx 2016-06-22 13:42 - 2016-05-21 18:28 - 25802752 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll 2016-06-22 13:42 - 2016-05-21 17:57 - 20341248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll 2016-06-22 13:42 - 2016-05-20 23:09 - 00572416 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll 2016-06-22 13:42 - 2016-05-20 23:08 - 02895360 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll 2016-06-22 13:42 - 2016-05-20 23:02 - 06051328 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll 2016-06-22 13:42 - 2016-05-20 22:57 - 00497664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll 2016-06-22 13:42 - 2016-05-20 22:55 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MshtmlDac.dll 2016-06-22 13:42 - 2016-05-20 22:54 - 00817664 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll 2016-06-22 13:42 - 2016-05-20 22:50 - 02287104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll 2016-06-22 13:42 - 2016-05-20 22:44 - 00663552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll 2016-06-22 13:42 - 2016-05-20 22:29 - 13815808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll 2016-06-22 13:42 - 2016-05-20 22:27 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmled.dll 2016-06-22 13:42 - 2016-05-20 22:25 - 00315392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtrans.dll 2016-06-22 13:42 - 2016-05-20 22:21 - 00279040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtrans.dll 2016-06-22 13:42 - 2016-05-20 22:19 - 01032704 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcomm.dll 2016-06-22 13:42 - 2016-05-20 22:16 - 00880128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcomm.dll 2016-06-22 13:42 - 2016-05-20 22:14 - 04610048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll 2016-06-22 13:42 - 2016-05-20 22:12 - 00230400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\webcheck.dll 2016-06-22 13:42 - 2016-05-20 22:11 - 15420928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll 2016-06-22 13:42 - 2016-05-20 22:11 - 00262144 _____ (Microsoft Corporation) C:\WINDOWS\system32\webcheck.dll 2016-06-22 13:42 - 2016-05-20 22:09 - 00693248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll 2016-06-22 13:42 - 2016-05-20 22:09 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll 2016-06-22 13:42 - 2016-05-20 22:08 - 02055680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl 2016-06-22 13:42 - 2016-05-20 22:08 - 00806400 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll 2016-06-22 13:42 - 2016-05-20 22:06 - 02131968 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl 2016-06-22 13:42 - 2016-05-20 21:46 - 02597888 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll 2016-06-22 13:42 - 2016-05-20 21:42 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll 2016-06-22 13:42 - 2016-05-20 21:38 - 01310208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll 2016-06-22 13:42 - 2016-05-20 21:38 - 00710144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieapfltr.dll 2016-06-22 13:42 - 2016-05-20 21:34 - 01544192 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll 2016-06-22 13:42 - 2016-05-20 21:23 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieapfltr.dll 2016-06-22 13:42 - 2016-04-22 19:52 - 00330752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll 2016-06-22 13:42 - 2016-02-08 19:14 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\hlink.dll 2016-06-22 13:42 - 2015-11-10 01:04 - 00476160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieui.dll 2016-06-22 13:42 - 2015-11-08 23:02 - 00615936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieui.dll 2016-06-22 13:42 - 2015-09-10 18:18 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\MshtmlDac.dll 2016-06-22 13:42 - 2015-09-10 17:51 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxtmsft.dll 2016-06-22 13:42 - 2015-09-10 17:17 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxtmsft.dll 2016-06-22 13:42 - 2015-07-16 21:36 - 00417792 _____ (Microsoft Corporation) C:\WINDOWS\system32\html.iec 2016-06-22 13:42 - 2015-07-16 20:50 - 00341504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\html.iec 2016-06-22 13:42 - 2015-06-15 22:58 - 00199680 _____ (Microsoft Corporation) C:\WINDOWS\system32\msrating.dll 2016-06-22 13:42 - 2015-06-15 21:44 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msrating.dll 2016-06-22 13:41 - 2016-01-31 20:16 - 00148832 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS 2016-06-22 13:41 - 2015-07-09 18:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe 2016-06-22 13:41 - 2015-07-09 18:13 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe 2016-06-22 13:41 - 2015-07-09 17:30 - 00212992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe 2016-06-22 13:39 - 2015-12-28 22:42 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinSync.dll 2016-06-22 13:39 - 2015-12-28 21:31 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WinSync.dll 2016-06-22 13:39 - 2015-08-01 04:47 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schtasks.exe 2016-06-22 13:39 - 2015-08-01 04:45 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\schtasks.exe 2016-06-22 13:39 - 2015-08-01 04:38 - 01265152 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll 2016-06-22 13:39 - 2015-08-01 04:37 - 00468992 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskeng.exe 2016-06-22 13:39 - 2015-08-01 04:37 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskeng.exe 2016-06-22 13:39 - 2015-07-14 04:22 - 02529880 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll 2016-06-22 13:39 - 2015-07-14 04:21 - 01901776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll 2016-06-22 13:38 - 2016-04-11 07:21 - 00074584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\volmgr.sys 2016-06-22 13:38 - 2015-08-03 22:15 - 00074928 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidapi.dll 2016-06-22 13:38 - 2015-08-03 22:15 - 00065600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\appidapi.dll 2016-06-22 13:38 - 2015-08-01 15:22 - 00039936 _____ (Microsoft Corporation) C:\WINDOWS\system32\appidsvc.dll 2016-06-22 13:38 - 2015-07-10 19:19 - 01101824 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdvidcrl.dll 2016-06-22 13:38 - 2015-07-10 18:14 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rdvidcrl.dll 2016-06-22 13:38 - 2015-07-10 18:13 - 07032320 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll 2016-06-22 13:38 - 2015-07-10 17:31 - 06213120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll 2016-06-22 13:37 - 2016-04-10 06:37 - 01549144 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys 2016-06-22 13:36 - 2015-07-14 04:27 - 00063488 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsync.exe 2016-06-22 13:35 - 2016-05-19 00:15 - 01379040 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll 2016-06-22 13:35 - 2016-05-18 21:35 - 01097216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll 2016-06-22 13:35 - 2016-02-04 18:24 - 00603648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll 2016-06-22 13:35 - 2016-02-04 18:02 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll 2016-06-22 13:35 - 2015-12-17 19:29 - 00131584 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpudd.dll 2016-06-22 13:35 - 2015-12-17 17:17 - 03547648 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdpcorets.dll 2016-06-22 13:34 - 2016-05-14 21:01 - 00363104 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2_32.dll 2016-06-22 13:34 - 2016-05-14 21:01 - 00320720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ws2_32.dll 2016-06-22 13:34 - 2016-05-14 00:07 - 00281088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netbt.sys 2016-06-22 13:34 - 2016-05-13 22:58 - 00339456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mswsock.dll 2016-06-22 13:34 - 2016-05-13 22:45 - 00802816 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll 2016-06-22 13:34 - 2016-05-13 22:35 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mswsock.dll 2016-06-22 13:34 - 2016-05-13 22:26 - 00631808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll 2016-06-22 13:34 - 2015-11-21 19:32 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll 2016-06-22 13:34 - 2015-11-21 18:50 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntvdm64.dll 2016-06-22 13:34 - 2015-10-08 17:08 - 01083904 _____ (Microsoft Corporation) C:\WINDOWS\system32\IKEEXT.DLL 2016-06-22 13:34 - 2015-08-10 19:15 - 00845312 _____ (Microsoft Corporation) C:\WINDOWS\system32\BFE.DLL 2016-06-22 13:34 - 2015-08-10 19:06 - 00422400 _____ (Microsoft Corporation) C:\WINDOWS\system32\FWPUCLNT.DLL 2016-06-22 13:34 - 2015-08-10 18:49 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\nshwfp.dll 2016-06-22 13:34 - 2015-08-10 17:56 - 00272384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FWPUCLNT.DLL 2016-06-22 13:34 - 2015-08-10 17:46 - 00561664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\nshwfp.dll 2016-06-22 13:34 - 2015-07-13 20:46 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\csrsrv.dll 2016-06-22 13:34 - 2014-11-10 19:06 - 00136512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wfplwfs.sys 2016-06-22 13:33 - 2016-03-03 17:13 - 00059392 _____ (Microsoft Corporation) C:\WINDOWS\system32\basesrv.dll 2016-06-22 13:33 - 2015-12-08 20:08 - 00685432 _____ (Microsoft Corporation) C:\WINDOWS\system32\advapi32.dll 2016-06-22 13:33 - 2015-12-08 20:07 - 00507176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\advapi32.dll 2016-06-18 12:44 - 2016-06-18 17:01 - 787646714 _____ C:\Users\User\Downloads\0268_contract_flw.wmv 2016-06-18 08:37 - 2016-06-18 08:37 - 00003184 _____ C:\WINDOWS\System32\Tasks\{F803D07D-53B6-44A6-9B4E-F993646F5F47} 2016-06-13 10:55 - 2016-06-13 10:56 - 16016336 _____ (Ventis Media Inc. ) C:\Users\User\Downloads\MediaMonkey_4.1.12.1798.exe 2016-06-09 09:24 - 2016-06-09 12:27 - 563919525 _____ C:\Users\User\Downloads\0265_catsuit_dom_prh.wmv 2016-06-08 12:41 - 2016-06-08 16:57 - 785022505 _____ C:\Users\User\Downloads\34346.wmv ==================== One Month Modified files and folders ======== (If an entry is included in the fixlist, the file/folder will be moved.) 2016-07-05 20:52 - 2016-04-23 17:41 - 00000930 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job 2016-07-05 20:30 - 2016-04-23 17:41 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job 2016-07-05 20:30 - 2015-04-03 13:05 - 00000000 ___RD C:\Users\User\OneDrive 2016-07-05 20:30 - 2014-10-22 12:40 - 00000482 _____ C:\WINDOWS\Tasks\RegCure Pro Startup.job 2016-07-05 20:30 - 2013-05-16 07:52 - 00000000 ____D C:\ProgramData\Samsung 2016-07-05 20:26 - 2013-08-22 15:45 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT 2016-07-05 20:10 - 2015-11-17 13:05 - 00730464 _____ C:\WINDOWS\ntbtlog.txt 2016-07-05 19:47 - 2015-11-09 16:05 - 00000000 ____D C:\Users\User\AppData\Roaming\MediaMonkey 2016-07-05 08:47 - 2013-08-22 14:25 - 00524288 ___SH C:\WINDOWS\system32\config\BBI 2016-07-04 11:24 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\AppReadiness 2016-06-22 21:54 - 2013-12-17 17:23 - 00003600 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-2966991898-3599612516-2177771990-1001 2016-06-22 19:29 - 2014-11-22 02:01 - 00005388 _____ C:\WINDOWS\system32\PerfStringBackup.INI 2016-06-22 19:23 - 2013-08-22 14:36 - 00000000 ____D C:\WINDOWS\Inf 2016-06-22 19:22 - 2013-08-22 15:44 - 00541624 _____ C:\WINDOWS\system32\FNTCACHE.DAT 2016-06-22 19:16 - 2014-11-22 01:45 - 00000000 ____D C:\Program Files\Windows Journal 2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ___RD C:\WINDOWS\ToastData 2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB 2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\system32\en-GB 2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ____D C:\WINDOWS\PolicyDefinitions 2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files\Windows Defender 2016-06-22 19:16 - 2013-08-22 16:36 - 00000000 ____D C:\Program Files (x86)\Windows Defender 2016-06-22 15:25 - 2012-07-26 08:59 - 00000000 ____D C:\WINDOWS\CbsTemp 2016-06-22 14:25 - 2013-12-30 22:06 - 00000000 ____D C:\WINDOWS\system32\MRT 2016-06-22 14:13 - 2013-12-30 22:06 - 142482544 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe 2016-06-21 16:51 - 2016-01-21 16:05 - 00000000 ____D C:\Users\Michael 2016-06-21 16:51 - 2016-01-04 21:46 - 00000000 ____D C:\Users\barry 2016-06-21 15:47 - 2013-08-22 16:36 - 00000000 ___HD C:\Program Files\WindowsApps 2016-06-18 13:07 - 2013-12-24 20:09 - 00000000 ____D C:\Users\User\AppData\Roaming\Real 2016-06-18 08:38 - 2013-12-24 20:11 - 00000000 ____D C:\Program Files (x86)\Real 2016-06-18 08:38 - 2013-12-24 20:02 - 00000000 ____D C:\ProgramData\Real 2016-06-17 23:58 - 2016-04-23 17:42 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome.lnk 2016-06-17 23:58 - 2016-04-23 17:42 - 00002203 _____ C:\Users\Public\Desktop\Google Chrome.lnk 2016-06-17 13:02 - 2013-05-16 05:46 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information 2016-06-17 13:02 - 2013-05-16 05:46 - 00000000 ____D C:\Program Files (x86)\Realtek 2016-06-17 12:59 - 2014-02-13 18:23 - 00000000 ____D C:\ProgramData\SPEEDbit 2016-06-15 21:40 - 2014-03-15 01:31 - 00484008 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe 2016-06-13 10:05 - 2016-04-04 20:48 - 00003344 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2966991898-3599612516-2177771990-1001 2016-06-13 10:05 - 2016-04-04 20:48 - 00003292 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2966991898-3599612516-2177771990-1001 2016-06-13 10:01 - 2013-05-16 08:01 - 00000000 ____D C:\ProgramData\Temp 2016-06-13 09:58 - 2013-12-25 00:56 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox ==================== Files in the root of some directories ======= 2015-04-11 05:39 - 2015-06-18 06:38 - 0000115 _____ () C:\Users\User\AppData\Roaming\LogFile.txt 2013-12-24 21:03 - 2014-12-07 14:23 - 0000250 _____ () C:\Users\User\AppData\Roaming\WB.CFG 2014-09-30 11:54 - 2014-09-30 11:52 - 0612068 _____ (ClickMeIn Limited) C:\Users\User\AppData\Local\nsx821D.tmp 2014-09-23 09:06 - 2014-09-23 09:40 - 0000003 _____ () C:\Users\User\AppData\Local\proxy.log 2015-03-09 20:09 - 2015-03-09 20:09 - 0000017 _____ () C:\Users\User\AppData\Local\resmon.resmoncfg 2015-07-11 15:19 - 2015-07-11 15:19 - 0000000 ____H () C:\ProgramData\DP45977C.lfl 2013-05-16 08:00 - 2013-02-19 08:34 - 2064264 _____ (Samsung Electronics) C:\ProgramData\MakeMarkerFile.exe 2013-05-16 08:00 - 2013-01-12 15:51 - 0003004 _____ () C:\ProgramData\MakeMarkerFile.xml Some files in TEMP: ==================== C:\Users\User\AppData\Local\Temp\cabex.dll C:\Users\User\AppData\Local\Temp\GRRemove.exe C:\Users\User\AppData\Local\Temp\lowproc.exe C:\Users\User\AppData\Local\Temp\offer-E6EF00E5-E247-4655-BDE3-84CDE97C5AD4.exe C:\Users\User\AppData\Local\Temp\Quarantine.exe C:\Users\User\AppData\Local\Temp\sqlite3.dll C:\Users\User\AppData\Local\Temp\stubhelper.dll C:\Users\User\AppData\Local\Temp\TomsDownloader5B29520.exe C:\Users\User\AppData\Local\Temp\unelevate.exe ==================== Bamital & volsnap ================= (There is no automatic fix for files that do not pass verification.) C:\WINDOWS\system32\winlogon.exe => File is digitally signed C:\WINDOWS\system32\wininit.exe => File is digitally signed C:\WINDOWS\explorer.exe => File is digitally signed C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed C:\WINDOWS\system32\svchost.exe => File is digitally signed C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed C:\WINDOWS\system32\services.exe => File is digitally signed C:\WINDOWS\system32\User32.dll => File is digitally signed C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed C:\WINDOWS\system32\userinit.exe => File is digitally signed C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed C:\WINDOWS\system32\rpcss.dll => File is digitally signed C:\WINDOWS\system32\dnsapi.dll => File is digitally signed C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed LastRegBack: 2015-06-11 05:03 ==================== End of FRST.txt ============================ Additional scan result of Farbar Recovery Scan Tool (x64) Version: 02-07-2016 Ran by User (2016-07-05 21:34:42) Running from C:\Users\User\Downloads Windows 8.1 (Update) (X64) (2015-03-13 06:29:42) Boot Mode: Normal ========================================================== ==================== Accounts: ============================= Administrator (S-1-5-21-2966991898-3599612516-2177771990-500 - Administrator - Disabled) barry (S-1-5-21-2966991898-3599612516-2177771990-1002 - Limited - Enabled) => C:\Users\barry Guest (S-1-5-21-2966991898-3599612516-2177771990-501 - Limited - Disabled) Michael (S-1-5-21-2966991898-3599612516-2177771990-1003 - Limited - Enabled) => C:\Users\Michael User (S-1-5-21-2966991898-3599612516-2177771990-1001 - Administrator - Enabled) => C:\Users\User ==================== Security Center ======================== (If an entry is included in the fixlist, it will be removed.) AV: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} AS: Windows Defender (Enabled - Out of date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46} ==================== Installed Programs ====================== (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.) 7-Zip 15.09 beta (x64) (HKLM\...\7-Zip) (Version: 15.09 - Igor Pavlov) Adobe Photoshop Elements 11 (HKLM-x32\...\Adobe Photoshop Elements 11) (Version: 11.0 - Adobe Systems Incorporated) Adobe Shockwave Player 12.1 (HKLM-x32\...\Adobe Shockwave Player) (Version: 12.1.7.157 - Adobe Systems, Inc.) Advanced File Optimizer (HKLM-x32\...\Advanced File Optimizer_is1) (Version: 2.1.1000.10518 - Systweak Software) AnyTrans 4.7.4 (HKLM-x32\...\{E580ED1F-AAF8-4F7E-B174-54BFA2B94E0B}}_is1) (Version: 4.7.4 - iMobie Inc.) Audacity 2.1.1 (HKLM-x32\...\Audacity®_is1) (Version: 2.1.1 - Audacity Team) AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.0.411 - AVG Technologies) Bitcasa version 0.9.20.4135 (HKLM\...\{EDA09459-AD7D-4434-BA0C-647F6703EA12}_is1) (Version: 0.9.20.4135 - Bitcasa Inc.) CyberLink Power2Go 8 (HKLM-x32\...\InstallShield_{2A87D48D-3FDF-41fd-97CD-A1E370EFFFE2}) (Version: 8.0.0.1912 - CyberLink Corp.) CyberLink PowerDVD 10 (HKLM-x32\...\InstallShield_{DEC235ED-58A4-4517-A278-C41E8DAEAB3B}) (Version: 10.0.4421.02 - CyberLink Corp.) D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden Easy File Share (HKLM-x32\...\{A7C37D4B-F37A-42E8-9B6A-B28C18AD4C12}) (Version: 1.3.6 - Samsung Electronics CO.,LTD.) Elements 11 Organizer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden E-POP (HKLM-x32\...\{F06DD8D9-9DC8-430C-835C-C9BF21E05CC1}) (Version: 1.0.1 - Samsung Electronics CO., LTD.) Fotogalerie (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Free FLV Converter (HKLM-x32\...\Free FLV Converter) (Version: 7.13 - Free FLV Converter) Galerie de photos (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Google Chrome (HKLM-x32\...\Google Chrome) (Version: 51.0.2704.103 - Google Inc.) Google Update Helper (x32 Version: 1.3.30.3 - Google Inc.) Hidden Intel(R) Manageability Engine Firmware Recovery Agent (HKLM-x32\...\{A6C48A9F-694A-4234-B3AA-62590B668927}) (Version: 1.0.0.36843 - Intel Corporation) Intel(R) Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation) Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3368 - Intel Corporation) Intel(R) Rapid Storage Technology (HKLM-x32\...\{3E29EE6C-963A-4aae-86C1-DC237C4A49FC}) (Version: 11.7.0.1013 - Intel Corporation) Intel(R) SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation) iSkysoft TunesOver ( Version 3.8.1 ) (HKLM-x32\...\{84A89F3A-B59A-4324-8598-3611853769C8}_is1) (Version: 3.8.1 - iSkysoft) iTunes (HKLM\...\{96984DE8-1DB8-425C-AC8C-3098BC696F04}) (Version: 12.3.0.44 - Apple Inc.) MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.) Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.30514.0 - Microsoft Corporation) Microsoft SkyDrive (HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\SkyDriveSetup.exe) (Version: 16.4.6013.0910 - Microsoft Corporation) Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation) Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation) Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation) Movie Maker (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden Norton Security Scan (HKLM-x32\...\NSS) (Version: 4.1.0.28 - Symantec Corporation) PSE11 STI Installer (x32 Version: 11.0 - Adobe Systems Incorporated) Hidden Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.326 - Qualcomm Atheros Communications) Qualcomm Atheros Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 10.0 - Qualcomm Atheros) Raccolta foto (x32 Version: 16.4.3503.0728 - Microsoft Corporation) Hidden RegCure Pro (HKLM-x32\...\{C547F361-5750-4CD1-9FB6-BC93827CB6C1}) (Version: 3.2.15.0 - ParetoLogic, Inc.) <==== ATTENTION S Agent (Version: 1.1.52 - Samsung Electronics CO., LTD.) Hidden Samsung Kies (HKLM-x32\...\InstallShield_{758C8301-2696-4855-AF45-534B1200980A}) (Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Samsung Kies (x32 Version: 2.5.2.13021_11 - Samsung Electronics Co., Ltd.) Hidden SAMSUNG USB Driver for Mobile Phones (HKLM\...\{D0795B21-0CDA-4a92-AB9E-6E92D8111E44}) (Version: 1.5.25.0 - SAMSUNG Electronics Co., Ltd.) Settings (HKLM-x32\...\{8CB5C357-12E5-41B1-A024-D57D4E6F32D9}) (Version: 2.0.1 - Samsung Electronics CO., LTD.) Snap.Do Engine (HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\{eb392a6a-a80a-4725-bb70-5173e0d6dc30}) (Version: 10.235.1.13231 - ReSoft Ltd.) <==== ATTENTION Songbird 2.2.0 (Build 2453) (HKLM-x32\...\Songbird-release-2453) (Version: - ) Support Center FAQ (x32 Version: 1.0.17 - Samsung Electronics CO., LTD.) Hidden swMSM (x32 Version: 12.0.0.1 - Adobe Systems, Inc) Hidden Updater (HKLM-x32\...\{D54E3D9F-FEB8-4D2D-A138-B69A5C80080B}) (Version: 2.6.53 - Creative Island Media, LLC) <==== ATTENTION User Guide (HKLM-x32\...\{029A9E80-E460-4108-8825-3A449EC9A26A}) (Version: 1.2.00 - Samsung Electronics CO., LTD.) videos_MediaPlayers_v1.1 (HKLM-x32\...\videos_MediaPlayers_v1.1) (Version: 1.35.9.29 - enter) <==== ATTENTION VLC media player 2.1.2 (HKLM-x32\...\VLC media player) (Version: 2.1.2 - VideoLAN) Windows Driver Package - Samsung Electronics Co. Ltd. (RadioHIDMini) HIDClass (08/23/2013 6.2.8400.4218) (HKLM\...\26BFE384C802803107F583AE1A739E4FEB56134B) (Version: 08/23/2013 6.2.8400.4218 - Samsung Electronics Co. Ltd.) Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3503.0728 - Microsoft Corporation) WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH) WinZip 19.5 (HKLM\...\{CD95F661-A5C4-44F5-A6AA-ECDD91C240E9}) (Version: 19.5.11475 - WinZip Computing, S.L. ) ==================== Custom CLSID (Whitelisted): ========================== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) CustomCLSID: HKU\S-1-5-21-2966991898-3599612516-2177771990-1001_Classes\CLSID\{ED5CF73E-B2CC-44BE-B977-1026C4D7D8E6}\InprocServer32 -> C:\Program Files (x86)\TNT2\Profiles\10801\passport64.dll => No File ==================== Scheduled Tasks (Whitelisted) ============= (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) Task: {067D0F00-0FA3-46A5-9514-4114E43C1143} - System32\Tasks\power_gaming_helper_service => C:\Program Files (x86)\Power Gaming\power_gaming_helper_service.exe <==== ATTENTION Task: {17D451B4-FBC8-49D6-9101-F8534C3D3EC3} - System32\Tasks\{4C2920F5-1B54-40E3-9461-E85CD4B1CC31} => pcalua.exe -a "C:\Program Files (x86)\BrowseSmart\BrowseSmartUn.exe" -c REP_BD_ Task: {192137E6-913C-4A2C-B23A-E3AAB40252FF} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-23] (Google Inc.) Task: {1AE6E271-F1BE-4587-AB77-17406076944D} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation) Task: {2486B511-3AC6-42D1-B7DE-FEAE313587C1} - System32\Tasks\{F803D07D-53B6-44A6-9B4E-F993646F5F47} => pcalua.exe -a "C:\Program Files (x86)\Real\RealPlayer\Update\r1puninst.exe" -c RealNetworks|RealPlayer|16.0 Task: {2E91BE0E-9283-4484-B048-A1C56B1FAC3D} - System32\Tasks\Uninstaller_SkipUac_User => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe Task: {37970E22-6454-4387-B0B6-261019D1347B} - System32\Tasks\ParetoLogic Update Version3_triggeronce => c:\program files (x86)\common files\paretologic\uus3\Pareto_Update3.exe Task: {3A7A3D09-0540-42BA-8B38-4035C4E044A8} - System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-2966991898-3599612516-2177771990-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {3AA9C0CA-270E-4565-B792-2E832DCC049A} - System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-2966991898-3599612516-2177771990-1001 => C:\Program Files (x86)\Real\RealUpgrade\RealUpgrade.exe Task: {3BF38695-1E2B-43C7-A112-A130A82A3D6C} - System32\Tasks\franzy_shopping_deals_helper_service => C:\Program Files (x86)\Franzy Shopping Deals\franzy_shopping_deals_helper_service.exe <==== ATTENTION Task: {43C29C62-26E4-4149-8402-95F8AED4030D} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-06-22] (Microsoft Corporation) Task: {444DFDB5-E1FB-402D-8BC9-22FC063FF351} - System32\Tasks\Driver Booster SkipUAC (User) => C:\Program Files (x86)\IObit\Driver Booster\DriverBooster.exe Task: {48EB9BFA-7B34-48DB-A0AD-04E5F100CD8C} - System32\Tasks\Norton Security Scan for User => C:\Program Files (x86)\Norton Security Scan\Engine\4.1.0.28\Nss.exe [2014-01-27] (Symantec Corporation) Task: {4C35FFD7-EC3E-4C13-B2D0-2F8795F9C2E6} - System32\Tasks\{DBD8AE61-7537-4F19-9C5A-E09D797012FD} => pcalua.exe -a "C:\Program Files (x86)\ShopperPro\SPremove.exe" <==== ATTENTION Task: {5282A820-DF67-4F46-AE8F-C07AD3C50FBB} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2016-04-23] (Google Inc.) Task: {529D06B4-1B04-433F-B350-46717E5BE8E1} - \RegClean Pro -> No File <==== ATTENTION Task: {632EFA4D-8B18-4AD3-A7B0-2555DD6A5078} - System32\Tasks\FFMPEGUpd => C:\PROGRA~2\FFMPEG\FFMPEG~1.EXE Task: {9246EA83-3997-4269-872A-6A60FCBDB9E3} - System32\Tasks\SAgent => C:\Program Files\Samsung\S Agent\CommonAgent.exe [2015-02-04] (Samsung Electronics CO., LTD.) Task: {A4C88BA3-9A86-4B48-B501-155145D97965} - System32\Tasks\Trojan Killer => C:\Program Files\GridinSoft Trojan Killer\trojankiller.exe Task: {BC8A7E7E-0587-4BB0-A5D8-D40F57E2C14E} - System32\Tasks\RegCure Pro_sch_2A74612F-59E0-11E4-BEEC-1867B0A6A649 => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe <==== ATTENTION Task: {BF8AAA95-FF24-48E9-B298-636B3EA7F68F} - System32\Tasks\tmptsk9525 => C:\Users\User\AppData\Local\Temp\65055_updater.exe <==== ATTENTION Task: {D4614DF8-00E3-4410-B86B-A34B52F960C9} - System32\Tasks\RegCure Pro Startup => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe Task: {D7CD9B60-1121-4AED-BB3B-1424EED72899} - System32\Tasks\cool_deals_helper_service => C:\Program Files (x86)\Cool Deals\cool_deals_helper_service.exe <==== ATTENTION Task: {E56013A4-8B9A-4314-BB24-9BFC0EE14FA4} - System32\Tasks\Settings => C:\Program Files (x86)\Samsung\Settings\sSettings.exe [2013-02-01] (Samsung Electronics CO., LTD.) Task: {EF061B38-C9FF-4B47-9EE4-92EC5BDA9A54} - System32\Tasks\ISM-UpdateService-4e00205a-2ab1-4423-8f77-cc25b82cde1d-Logon => C:\Program Files (x86)\Intel\Intel(R) ME FW Recovery Agent\bin\Bootstrap.exe [2012-09-13] (Intel Corporation) Task: {F14EF34C-A70F-4EBF-9CF3-40CE79317C17} - System32\Tasks\AdobeAAMUpdater-1.0-CashTraders-User => C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\UWA\UpdaterStartupUtility.exe [2011-06-16] (Adobe Systems Incorporated) (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.) Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe Task: C:\WINDOWS\Tasks\RegCure Pro Startup.job => C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe C:\Program Files (x86)\ParetoLogic\RegCure Pro\RegCurePro.exe Task: C:\WINDOWS\Tasks\Uninstaller_SkipUac_User.job => C:\Program Files (x86)\IObit\IObit Uninstaller\IObitUninstaler.exe ==================== Shortcuts ============================= (The entries could be listed to be restored or removed.) ==================== Loaded Modules (Whitelisted) ============== 2015-03-10 20:46 - 2015-03-10 20:44 - 00620056 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe 2013-02-01 02:52 - 2013-02-01 02:52 - 00085040 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdServer.exe 2014-06-17 08:32 - 2014-06-17 08:32 - 00011264 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll 2014-06-17 08:29 - 2014-06-17 08:29 - 00086016 _____ () C:\Program Files (x86)\Bluetooth Suite\Modules\Map\MAP.dll 2014-06-17 08:35 - 2014-06-17 08:35 - 00012928 _____ () C:\Program Files (x86)\Bluetooth Suite\ActivateDesktop.exe 2015-02-04 16:11 - 2015-02-04 16:11 - 00088624 _____ () C:\Program Files\Samsung\S Agent\ToastX64.dll 2015-07-03 05:50 - 2015-07-03 05:50 - 00183296 _____ () C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.5.9600.20911_x64__8wekyb3d8bbwe\ErrorReporting.dll 2013-05-16 05:45 - 2013-01-14 19:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\ACE.dll 2013-02-01 02:52 - 2013-02-01 02:52 - 00029232 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmdWrapper.dll 2013-02-01 02:52 - 2013-02-01 02:52 - 01106480 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsCmd.dll 2013-02-01 02:52 - 2013-02-01 02:52 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\EasySettingsBase.dll 2013-02-01 02:52 - 2013-02-01 02:52 - 00056440 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\HookDllPS2.dll 2013-02-01 02:52 - 2013-02-01 02:52 - 00211064 _____ () C:\Program Files (x86)\Samsung\Settings\CmdServer\WinCRT.dll 2013-02-01 02:52 - 2013-02-01 02:52 - 00027184 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsAPI.dll 2013-02-01 02:52 - 2013-02-01 02:52 - 00111152 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsBase.dll 2013-02-01 02:52 - 2013-02-01 02:52 - 00060976 _____ () C:\Program Files (x86)\Samsung\Settings\EasyMovieEnhancer.dll 2013-02-01 02:52 - 2013-02-01 02:52 - 00103472 _____ () C:\Program Files (x86)\Samsung\Settings\EasySettingsCmdClient.dll 2015-10-27 16:50 - 2014-10-31 17:40 - 01498112 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\DAQExp.dll 2015-10-27 16:50 - 2014-05-19 18:19 - 00137728 _____ () C:\Program Files (x86)\Common Files\iSkysoft\iSkysoft Helper Compact\CBSCreateVC.dll 2016-06-17 23:58 - 2016-06-15 10:15 - 01745560 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libglesv2.dll 2016-06-17 23:58 - 2016-06-15 10:15 - 00091288 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\libegl.dll 2016-06-17 23:58 - 2016-06-15 10:15 - 17599640 _____ () C:\Program Files (x86)\Google\Chrome\Application\51.0.2704.103\PepperFlash\pepflashplayer.dll ==================== Alternate Data Streams (Whitelisted) ========= (If an entry is included in the fixlist, only the ADS will be removed.) AlternateDataStreams: C:\ProgramData\Temp:373E1720 [118] AlternateDataStreams: C:\ProgramData\Temp:862BDB1A [132] AlternateDataStreams: C:\ProgramData\Temp:D346F792 [128] ==================== Safe Mode (Whitelisted) =================== (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.) ==================== Association (Whitelisted) =============== (If an entry is included in the fixlist, the registry item will be restored to default or removed.) ==================== Internet Explorer trusted/restricted =============== (If an entry is included in the fixlist, it will be removed from the registry.) ==================== Hosts content: =============================== (If needed Hosts: directive could be included in the fixlist to reset Hosts.) 2012-07-26 06:26 - 2014-09-24 11:21 - 00000867 ____A C:\WINDOWS\system32\Drivers\etc\hosts 127.0.0.1 d3oxij66pru1i3.cloudfront.net ==================== Other Areas ============================ (Currently there is no automatic fix for this section.) HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\User\AppData\Roaming\Microsoft\Windows Photo Viewer\Windows Photo Viewer Wallpaper.jpg DNS Servers: 8.8.8.8 HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 0) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1) Windows Firewall is enabled. ==================== MSCONFIG/TASK MANAGER disabled items == (Currently there is no automatic fix for this section.) MSCONFIG\Services: Apple Mobile Device => 2 MSCONFIG\Services: Bonjour Service => 2 MSCONFIG\Services: globalUpdate => 2 MSCONFIG\Services: globalUpdatem => 3 MSCONFIG\Services: gusvc => 3 MSCONFIG\Services: MozillaMaintenance => 3 MSCONFIG\Services: RealNetworks Downloader Resolver Service => 2 MSCONFIG\Services: Registry Helper Service => 2 MSCONFIG\Services: vToolbarUpdater18.4.0 => 2 HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0" HKLM\...\StartupApproved\Run: => "Bitcasa" HKLM\...\StartupApproved\Run: => "RtHDVBg" HKLM\...\StartupApproved\Run: => "HotKeysCmds" HKLM\...\StartupApproved\Run: => "IgfxTray" HKLM\...\StartupApproved\Run: => "Persistence" HKLM\...\StartupApproved\Run: => "RtHDVCpl" HKLM\...\StartupApproved\Run32: => "APSDaemon" HKLM\...\StartupApproved\Run32: => "ApnTBMon" HKLM\...\StartupApproved\Run32: => "BrowserSafeguard" HKLM\...\StartupApproved\Run32: => "CLMLServer_For_P2G8" HKLM\...\StartupApproved\Run32: => "CLVirtualDrive" HKLM\...\StartupApproved\Run32: => "mobilegeni daemon" HKLM\...\StartupApproved\Run32: => "CommonToolkitTray" HKLM\...\StartupApproved\Run32: => "Internet Helper Anti-phishing" HKLM\...\StartupApproved\Run32: => "iTunesHelper" HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched" HKLM\...\StartupApproved\Run32: => "SPDriver" HKLM\...\StartupApproved\Run32: => "KiesTrayAgent" HKLM\...\StartupApproved\Run32: => "RemoteControl10" HKLM\...\StartupApproved\Run32: => "IminentMessenger" HKLM\...\StartupApproved\Run32: => "Iminent" HKLM\...\StartupApproved\Run32: => "Adobe Reader Speed Launcher" HKLM\...\StartupApproved\Run32: => "TkBellExe" HKLM\...\StartupApproved\Run32: => "Registry Helper" HKLM\...\StartupApproved\Run32: => "ConvertAd" HKLM\...\StartupApproved\Run32: => "OfferBoulevard" HKLM\...\StartupApproved\Run32: => "vProt" HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "BitTorrent" HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "Bubble Dock" HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "FDPRO-516" HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "PC Health Kit" HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_BCEA24321E5E4F1401136BBEDFB545FE" HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "SearchProtection" HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "Browser Infrastructure Helper" HKU\S-1-5-21-2966991898-3599612516-2177771990-1001\...\StartupApproved\Run: => "IDMSQ" ==================== FirewallRules (Whitelisted) =============== (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.) FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139 FirewallRules: [{A01230FF-F1F3-4466-A73E-096DFBB8B13B}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{235B4728-55F3-4EB1-9A11-3D944112DEFC}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgemca.exe FirewallRules: [{78C11C67-5538-420C-A728-ACE1AED5E5A3}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{820C5759-FD0B-44C1-B267-D1551D44531D}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgmfapx.exe FirewallRules: [{7432915F-FA26-4779-B6D3-5EDC3147F939}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{EE03B8DE-9243-44F4-984A-74F6BABB9AB7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgdiagex.exe FirewallRules: [{A63D1163-061B-4EA6-87DE-22434990C53C}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{39B679ED-0FB6-405E-91AB-2E223ED99FA7}] => (Allow) C:\Program Files (x86)\AVG\AVG2015\avgnsa.exe FirewallRules: [{C77950A3-5A7A-4595-AFE5-FA62F1D17ADD}] => (Allow) C:\Program Files (x86)\Bench\Proxy\pwdg.exe FirewallRules: [{45ABDF5A-0737-4CFD-8E03-6A35BA446039}] => (Allow) C:\Program Files (x86)\Bench\Proxy\proc.exe FirewallRules: [{EC51764F-81D8-4BEC-A5FF-E93D6D3E8D29}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{0EAD5651-38F2-4FBD-A7AE-41A2819FBF2E}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{FC6B1D68-EFB5-4445-A1D6-6DFE2B2D840B}] => (Allow) C:\Users\User\AppData\Local\Microsoft\SkyDrive\SkyDrive.exe FirewallRules: [{9ED27726-82E4-4FEC-8D1F-40885D35FC75}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{86BC5F82-DB78-4D81-AFDF-4DDA89104218}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgemca.exe FirewallRules: [{F5B6F858-FD2C-4FB4-AC5A-A6A0C48D8136}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{2B120B6E-1538-48B6-9051-043A5026C9E1}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgmfapx.exe FirewallRules: [{D12ADE26-E5FF-441E-8BFB-A889DD2A2B36}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{3861950F-64EE-4021-B4C5-15590F4A4CBA}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgdiagex.exe FirewallRules: [{911E651E-B275-40A5-A5AB-12F16AA871AD}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{F56349AE-FBC1-4C60-ACAD-88372827E9A3}] => (Allow) C:\Program Files (x86)\AVG\AVG2014\avgnsa.exe FirewallRules: [{29570562-D000-4FDA-B16F-A00EF972A6E5}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{625A100D-13BE-4C82-BAC1-2B6A60EA99C1}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe FirewallRules: [{A2F8432B-D5C4-41F8-ADB5-153A98505E24}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{67198470-134E-4277-AA6C-353EFDC02177}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe FirewallRules: [{FF498182-713B-4EA2-81ED-97E98B4CC1BC}] => (Allow) LPort=1900 FirewallRules: [{68D97DB3-57F7-4DC0-B9A8-2614EDCBF22F}] => (Allow) LPort=2869 FirewallRules: [{B0E3A871-97CC-428D-8B57-0FF74693A650}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe FirewallRules: [{B98D0942-D8B3-46F3-A21C-3C7BFB00324E}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD10.EXE FirewallRules: [{84F871C5-A220-4F5E-A123-A035B2D57BE0}] => (Allow) C:\Program Files (x86)\CyberLink\PowerDVD10\PowerDVD Cinema\PowerDVDCinema10.exe FirewallRules: [TCP Query User{F267B9D7-B349-49C9-80CE-79020EFE73DF}C:\program files (x86)\songbird\songbird.exe] => (Allow) C:\program files (x86)\songbird\songbird.exe FirewallRules: [UDP Query User{D6E9B108-4BA3-4E34-B6BF-20D0E6AC225D}C:\program files (x86)\songbird\songbird.exe] => (Allow) C:\program files (x86)\songbird\songbird.exe FirewallRules: [TCP Query User{CD54379F-349F-4B83-AE4F-A9B9753789F9}C:\program files (x86)\songbird\songbird.exe] => (Block) C:\program files (x86)\songbird\songbird.exe FirewallRules: [UDP Query User{E51FD9B3-8845-41F4-9E98-468C8F930BA7}C:\program files (x86)\songbird\songbird.exe] => (Block) C:\program files (x86)\songbird\songbird.exe FirewallRules: [{79FA9221-CD16-4F10-8E5C-DAA07FB6D68E}] => (Allow) C:\Program Files\iTunes\iTunes.exe FirewallRules: [TCP Query User{B7258EEC-9216-42C2-A887-65B3CBBF9C0D}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe FirewallRules: [UDP Query User{04ACDEC5-A98B-458A-89F3-40F02C986CAF}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe FirewallRules: [TCP Query User{022644F4-E66C-48AD-A012-89BAFE17D2BB}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe FirewallRules: [UDP Query User{800B11B5-9DA9-40B1-A93E-ACDCA76BF687}C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe] => (Block) C:\program files (x86)\mediamonkey\mediamonkey (non-skinned).exe FirewallRules: [TCP Query User{9B1B18EB-90D5-46FB-BA48-B1F9F725C344}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [UDP Query User{A9CE91DD-33C4-4802-990B-D0EFAFB893FB}C:\program files (x86)\mediamonkey\mediamonkey.exe] => (Allow) C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [{D123C5CC-4EA0-4263-A4CA-5A069381BEDE}] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [{2958A8A8-F23F-4CC3-A2E8-8190E31CD04F}] => (Block) C:\program files (x86)\mediamonkey\mediamonkey.exe FirewallRules: [TCP Query User{F27C7AD1-0CC1-42C0-B8C9-85FC983C919A}C:\users\user\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\user\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [UDP Query User{895DA32A-E592-4809-AF5D-EF776CBB7CE5}C:\users\user\appdata\roaming\bittorrent\bittorrent.exe] => (Block) C:\users\user\appdata\roaming\bittorrent\bittorrent.exe FirewallRules: [{B930571F-B83C-441A-BA5A-50C12F050210}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe ==================== Restore Points ========================= 17-06-2016 13:00:33 Removed Realtek Ethernet Controller Driver 22-06-2016 14:04:08 Windows Update ==================== Faulty Device Manager Devices ============= ==================== Event log errors: ========================= Application errors: ================== Error: (07/05/2016 07:40:02 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS) Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/05/2016 06:32:17 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS) Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/05/2016 11:38:14 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS) Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/05/2016 09:38:01 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS) Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/05/2016 08:42:58 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mmc.exe, version: 6.3.9600.17415, time stamp: 0x54504e26 Faulting module name: devmgr.dll_unloaded, version: 6.3.9600.17415, time stamp: 0x54504b46 Exception code: 0xc000041d Fault offset: 0x00000000000202ff Faulting process ID: 0xdd0 Faulting application start time: 0xmmc.exe0 Faulting application path: mmc.exe1 Faulting module path: mmc.exe2 Report ID: mmc.exe3 Faulting package full name: mmc.exe4 Faulting package-relative application ID: mmc.exe5 Error: (07/05/2016 08:42:48 AM) (Source: Application Error) (EventID: 1000) (User: ) Description: Faulting application name: mmc.exe, version: 6.3.9600.17415, time stamp: 0x54504e26 Faulting module name: devmgr.dll_unloaded, version: 6.3.9600.17415, time stamp: 0x54504b46 Exception code: 0xc0000005 Fault offset: 0x00000000000202ff Faulting process ID: 0xdd0 Faulting application start time: 0xmmc.exe0 Faulting application path: mmc.exe1 Faulting module path: mmc.exe2 Report ID: mmc.exe3 Faulting package full name: mmc.exe4 Faulting package-relative application ID: mmc.exe5 Error: (07/05/2016 07:41:56 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS) Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/05/2016 07:17:34 AM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS) Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/04/2016 09:34:32 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS) Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. Error: (07/04/2016 08:13:28 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: CASHTRADERS) Description: Activation of application Microsoft.BingTravel_8wekyb3d8bbwe!AppexTravel failed with error: -2144927148 See the Microsoft-Windows-TWinUI/Operational log for additional information. System errors: ============= Error: (07/05/2016 08:26:18 PM) (Source: BTHUSB) (EventID: 5) (User: ) Description: The Bluetooth driver expected an HCI event with a certain size but did not receive it. Error: (07/05/2016 08:25:51 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS) Description: 1084ShellHWDetectionUnavailable{DD522ACC-F821-461A-A407-50B198B896DC} Error: (07/05/2016 08:25:51 PM) (Source: DCOM) (EventID: 10010) (User: CASHTRADERS) Description: {3EB3C877-1F16-487C-9050-104DBCD66683} Error: (07/05/2016 08:25:10 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS) Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030} Error: (07/05/2016 08:25:10 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS) Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030} Error: (07/05/2016 08:25:09 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS) Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030} Error: (07/05/2016 08:25:09 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS) Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030} Error: (07/05/2016 08:25:08 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS) Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030} Error: (07/05/2016 08:25:08 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS) Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030} Error: (07/05/2016 08:25:07 PM) (Source: DCOM) (EventID: 10005) (User: CASHTRADERS) Description: 1084WSearchUnavailable{9E175B68-F52A-11D8-B9A5-505054503030} CodeIntegrity: =================================== Date: 2016-07-05 21:30:56.182 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-05 21:30:55.623 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-05 21:30:55.167 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-05 21:30:54.259 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-05 21:30:53.925 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-05 21:30:53.613 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-05 21:30:53.175 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-05 21:30:52.570 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-05 21:30:52.238 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. Date: 2016-07-05 21:30:51.930 Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements. ==================== Memory info =========================== Processor: Intel(R) Pentium(R) CPU 2117U @ 1.80GHz Percentage of memory in use: 60% Total physical RAM: 3969.93 MB Available physical RAM: 1549.24 MB Total Virtual: 8833.93 MB Available Virtual: 5824.23 MB ==================== Drives ================================ Drive c: () (Fixed) (Total:440.42 GB) (Free:197.12 GB) NTFS ==================== MBR & Partition Table ================== ======================================================== Disk: 0 (Size: 465.8 GB) (Disk ID: DD49C7C1) Partition: GPT. ==================== End of Addition.txt ============================ [/code] [/QUOTE]
Insert quotes…
Verification
Post reply
Top