Page 1 of 4 1234 LastLast
Results 1 to 10 of 35

Thread: first system scan scan hangs on Zlob.ZipCodec

  1. 2016-03-17, 22:52 #1
    Incognito70
    Incognito70 is offline
    Junior Member
    Join Date
    Mar 2016
    Posts
    23

    Default first system scan scan hangs on Zlob.ZipCodec

    Been doing some research and have seen there is no further actions that can be done with explicit instructions. Presently SB S&D is Version 2.4 and by running a scan gets hung up just like Big Sam on Zblob.ZipCodec file and goes no further. Initially when this started a page popped up on the monitor upon clicking on an advertisement which I have explicitly avoided since. I have run Wireshark and noticed an IP pop up in France that I'm not familiar with and lag spikes that are out of this world while playing BF4 ranging from 300 - 800 when normally its about 30. Malwarebytes doesn't pick up any infections or issues as well as Avast or AVG. Presently I am running Windows 10 Pro and am a student. So by preserving this OS would certainly be gracious. As of now, I will be on standby awaiting direction.
    Help me Obi Wan, Your my only hope.
  2. 2016-03-17, 23:04 #2
    Incognito70
    Incognito70 is offline
    Junior Member
    Join Date
    Mar 2016
    Posts
    23

    Default

    Don't see anywhere on how to edit the post so I'll add this, when this first happened a page that could not be closed popped up and provided a number to call that was within the U.S. to have the FTP virus removed. Wish I had taken a screenshot of it but as we all know hind sight is 20/20. Figured that if I called the number this would be a long battle to get control back that would eventually lead to reformat or reimage.
  3. 2016-03-18, 01:34 #3
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    when this first happened a page that could not be closed popped up and provided a number to call that was within the U.S. to have the FTP virus removed.
    Thats a scam and never click on links offering to help you believe me, it goes the other direction.


    Please back up your registry!

    Backup the Registry:
    Credit: Dakeyras

    Modifying the Registry can create unforeseen problems, so it always wise to create a backup before doing so.

    • Please download the installer for Registry Backup from here or here and save to your desktop.
    • Right-click on tweaking.com_registry_backup_setup.exe and select Run as Administrator >> Follow the prompts for a default installation
    • Ensure the option Open "Tweaking.com - Registry Backup" When Install Completes is selected >> Next > >> Finish
    • Once the GUI(graphical user interface) has appeared/loaded:-



    • Click on Backup Now >> once the process is complete the below will be displayed in the GUI:-



    • Close Tweaking.com - Registry Backup

    Note: There will now be a folder at the root of the Hard-Drive named C:\RegBackup, do not delete this as it is the actual backup just created.

    A tutorial for Registry Backup explaining the various features be viewed HERE


    ``````````````````````````````````````````````````````
    Instruction for producing the Farbar Recovery Scan Tool (FRST) and aswMBR logs

    Farbar Log

    Please download Farbar Recovery Scan Tool and save it to your desktop.

    Note:
    You need to run the version compatible with your system. If you are not sure which version applies to your system download both of them and try to run them. Only one of them will run on your system, that will be the right version.

    (A simple way to check your system: Start --> Computer (right click) --> Properties
    How to determine whether a computer is running a 32-bit version or 64-bit version of the Windows operating system

    • Right click to run as administrator (XP users click run after receipt of Windows Security Warning - Open File). When the tool opens click Yes to disclaimer.
    • Please make sure All Users is checked


    • Do not check
      *List BCD
      *Drivers MD5
      *Shortcut txt

    Or your logs will be too long to post.


    • Press Scan button.
    • It will produce a log called FRST.txt in the same directory the tool is run from.
    • Please don't run the Farbar Recovery Scan Tool (FRST.txt) from your "Downloads" folder or from "Temporary Internet Files"
    • Please copy and paste log into your topic.
    • The first time the tool is run it generates another log (Addition.txt - also located in the same directory as FRST.exe/FRST64.exe). Please attach that along with the FRST.txt into your reply.



    aswMBR Log

    Important! Please do NOT perform any fix options offered in aswMBR, we just need to see the report.

    Please download aswMBR to your desktop.


    • Double click the aswMBR icon to run it.
    • If a prompt stating: The computer supports "Virtualization Technology" appears select Yes
    • Click the Scan button to start scan.
    • If you are asked to update the Avast Virus database please allow it to do so.
    • When it finishes, press the Save Log button, save the logfile to your desktop and post its contents in your reply with the Farbar (FRST) log.


    If you can't post all these logs in one reply please make multiple posts.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  4. 2016-03-18, 22:24 #4
    Incognito70
    Incognito70 is offline
    Junior Member
    Join Date
    Mar 2016
    Posts
    23

    Default

    Errors! 14/16 registry files backed up.
    C:\USers\DefaultAppPool\AppData\Local|Microsoft\UsrClass.Dat (Size 8.00 KB)
    C:\Users\DefaultAppPool\ntuser.dat (Size 256.00 KB)

    Currently using fallback backup method instead of volume shadow copy service

    Only things I see that could be of assistance. I f this is correct then I will proceed. Standing by.........
  5. 2016-03-18, 22:50 #5
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    I think what it's telling us is the Registry Hive Corrupted.

    It is safe to go on and run Farbar Recovery Scan Tool.
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
  6. 2016-03-19, 01:28 #6
    Incognito70
    Incognito70 is offline
    Junior Member
    Join Date
    Mar 2016
    Posts
    23

    Default

    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
    Ran by Shawn (administrator) on SHAWN-PC (18-03-2016 19:12:00)
    Running from C:\Users\Shawn\Desktop
    Loaded Profiles: Shawn (Available Profiles: Shawn & Laura & DefaultAppPool)
    Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: IE)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic...ery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (Creative Technology Ltd) C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\AvastSvc.exe
    (Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
    (Microsoft Corporation) C:\Windows\System32\mqsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    () C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe
    () C:\Windows\System32\PnkBstrA.exe
    (Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe
    () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
    (VMware, Inc.) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe
    (Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    (Microsoft Corporation) C:\Windows\System32\dllhost.exe
    (Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe
    (Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    () C:\Windows\DAODx.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
    (NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
    (Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe
    (Microsoft Corporation) C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE
    (Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe
    (Microsoft Corporation) C:\Windows\SysWOW64\rundll32.exe
    (Safer-Networking Ltd.) C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe
    (AVAST Software) C:\Program Files\AVAST Software\Avast\avastui.exe
    (Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
    (Electronic Arts) C:\Program Files (x86)\Origin\Origin.exe
    () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    (Tweaking.com) C:\Program Files (x86)\Tweaking.com\Registry Backup\TweakingRegistryBackup.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.17801.0_x64__8wekyb3d8bbwe\Video.UI.exe
    () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (NVIDIA Corporation) C:\Users\Shawn\AppData\Local\NVIDIA\NvBackend\ApplicationOntology\NvOAWrapperCache.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8492800 2015-06-24] (Realtek Semiconductor)
    HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [2789248 2016-02-17] (NVIDIA Corporation)
    HKLM\...\Run: [ShadowPlay] => "C:\WINDOWS\system32\rundll32.exe" C:\WINDOWS\system32\nvspcap64.dll,ShadowPlayOnSystemStart
    HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-12-17] (Apple Inc.)
    HKLM-x32\...\Run: [P17RunE] => RunDll32 P17RunE.dll,RunDLLEntry
    HKLM-x32\...\Run: [RzWizard] => C:\Program Files (x86)\Razer\RzWizard\RzWizard.exe [254464 2014-05-20] (Razer Inc.)
    HKLM-x32\...\Run: [BCSSync] => C:\Program Files (x86)\Microsoft Office\Office14\BCSSync.exe [89184 2012-11-05] (Microsoft Corporation)
    HKLM-x32\...\Run: [VMonitorVMUVC] => C:\Program Files (x86)\Vimicro Corporation\VMUVC\VMonitor.exe [143360 2008-08-29] (Vimicro Corporation)
    HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
    HKLM-x32\...\Run: [SDTray] => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe [4101576 2014-06-24] (Safer-Networking Ltd.)
    HKLM-x32\...\Run: [AvastUI.exe] => C:\Program Files\AVAST Software\Avast\AvastUI.exe [7137664 2016-03-10] (AVAST Software)
    Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
    HKU\S-1-5-21-1437170364-1528473509-2599310780-1000\...\Run: [OfficeSyncProcess] => C:\Program Files (x86)\Microsoft Office\Office14\MSOSYNC.EXE [721504 2015-09-02] (Microsoft Corporation)
    HKU\S-1-5-21-1437170364-1528473509-2599310780-1000\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)
    HKU\S-1-5-21-1437170364-1528473509-2599310780-1000\...\Run: [SpybotPostWindows10UpgradeReInstall] => C:\Program Files\Common Files\AV\Spybot - Search and Destroy\Test.exe [1011200 2015-07-28] (Safer-Networking Ltd.)
    HKU\S-1-5-21-1437170364-1528473509-2599310780-1000\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8641240 2016-02-12] (Piriform Ltd)
    HKU\S-1-5-21-1437170364-1528473509-2599310780-1000\...\RunOnce: [Uninstall C:\Users\Shawn\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Shawn\AppData\Local\Microsoft\OneDrive\17.3.6201.1019_1\amd64"
    ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => C:\Program Files\AVAST Software\Avast\ashShA64.dll [2016-03-10] (AVAST Software)
    BootExecute: autocheck autochk * sdnclean64.exe

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.0.1
    Tcpip\..\Interfaces\{a09129a5-8cef-4dac-addb-ebcf051cd880}: [DhcpNameServer] 192.168.0.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-1437170364-1528473509-2599310780-1000\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/p/?LinkId=619797&pc=UE03&ocid=UE03DHP
    HKU\S-1-5-21-1437170364-1528473509-2599310780-1000\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?pc=UE03&ocid=UE03DHP
    BHO: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE64.dll [2016-03-10] (AVAST Software)
    BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    BHO-x32: Groove GFS Browser Helper -> {72853161-30C5-4D22-B7F9-0BBC1D38A37E} -> C:\Program Files (x86)\Microsoft Office\Office14\GROOVEEX.DLL [2013-12-19] (Microsoft Corporation)
    BHO-x32: avast! Online Security -> {8E5E2654-AD2D-48bf-AC2D-D17F00898D06} -> C:\Program Files\AVAST Software\Avast\aswWebRepIE.dll [2016-03-10] (AVAST Software)
    BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
    DPF: HKLM-x32 {02BCC737-B171-4746-94C9-0D8A0B2C0089} hxxp://office.microsoft.com/_layouts/ClientBin/ieawsdc32.cab
    DPF: HKLM-x32 {0D41B8C5-2599-4893-8183-00195EC8D5F9} hxxp://support.asus.com/select/asusTek_sys_ctrl3.cab
    DPF: HKLM-x32 {D4B68B83-8710-488B-A692-D74B50BA558E} hxxp://ccfiles.creative.com/Web/softwareupdate/ocx/15113/CTPIDPDE.cab
    DPF: HKLM-x32 {E705A591-DA3C-4228-B0D5-A356DBA42FBF} hxxp://ccfiles.creative.com/Web/softwareupdate/su2/ocx/20015/CTSUEng.cab
    DPF: HKLM-x32 {F6ACF75C-C32C-447B-9BEF-46B766368D29} hxxp://files.creative.com/Web/softwareupdate/ocx/150323/CTPID.cab

    FireFox:
    ========
    FF ProfilePath: C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\7cvxa88t.default
    FF Homepage: hxxps://mysearch.avg.com/?cid={1B00F294-29D8-4757-9152-E4C3866925F9}&mid=17147fa2921447cc8728c1f60ea56606-044f05f187d7db7cedd6a59a39ecf6bedb5e37a7&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215av&pr=fr&d=2015-12-06 10:40:28&v=4.2.1.951&pid=wtu&sg=&sap=hp
    FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_21_0_0_182.dll [2016-03-10] ()
    FF Plugin: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelogx64.dll [No File]
    FF Plugin: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelogx64.dll [No File]
    FF Plugin: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelogx64.dll [2015-04-30] (EA Digital Illusions CE AB)
    FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_21_0_0_182.dll [2016-03-10] ()
    FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2015-10-14] ()
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.5\\npsitesafety.dll [No File]
    FF Plugin-x32: @esn.me/esnsonar,version=0.70.4 -> C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\npesnsonar.dll [2011-11-03] (ESN Social Software AB)
    FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll [No File]
    FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll [No File]
    FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [No File]
    FF Plugin-x32: @esn/esnlaunch,version=2.3.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.3.0\npesnlaunch.dll [2013-09-16] (ESN Social Software AB)
    FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [No File]
    FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
    FF Plugin-x32: @esn/npbattlelog,version=2.7.1 -> C:\Program Files (x86)\Battlelog Web Plugins\2.7.1\npbattlelog.dll [2015-04-30] (EA Digital Illusions CE AB)
    FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> c:\Program Files (x86)\Microsoft Silverlight\5.1.41212.0\npctrl.dll [2015-12-12] ( Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
    FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
    FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2016-03-08] (NVIDIA Corporation)
    FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2016-03-08] (NVIDIA Corporation)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-02] (Google Inc.)
    FF Plugin-x32: @videolan.org/vlc,version=2.0.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: @videolan.org/vlc,version=2.1.5 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2014-07-22] (VideoLAN)
    FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-12-18] (Adobe Systems Inc.)
    FF Plugin HKU\S-1-5-21-1437170364-1528473509-2599310780-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Shawn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
    FF SearchPlugin: C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\7cvxa88t.default\searchplugins\avg-secure-search.xml [2016-03-10]
    FF Extension: AVG Web TuneUp - C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\7cvxa88t.default\Extensions\avg@toolbar.xpi [2016-02-02]
    FF HKLM\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF Extension: Avast Online Security - C:\Program Files\AVAST Software\Avast\WebRep\FF [2016-03-10]
    FF HKLM\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF
    FF Extension: Avast SafePrice - C:\Program Files\AVAST Software\Avast\SafePrice\FF [2016-03-10]
    FF HKLM-x32\...\Firefox\Extensions: [{F003DA68-8256-4b37-A6C4-350FA04494DF}] - C:\Program Files\Logitech\SetPointP\LogiSmoothFirefoxExt => not found
    FF HKLM-x32\...\Firefox\Extensions: [wrc@avast.com] - C:\Program Files\AVAST Software\Avast\WebRep\FF
    FF HKLM-x32\...\Firefox\Extensions: [sp@avast.com] - C:\Program Files\AVAST Software\Avast\SafePrice\FF

    Chrome:
    =======
    CHR HKLM-x32\...\Chrome\Extension: [eofcbnmajmjmplflapaojjnihcjkigck] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChromeSp.crx [2016-03-10]
    CHR HKLM-x32\...\Chrome\Extension: [gomekmidlodglbbmalcneegieacbdmki] - C:\Program Files\AVAST Software\Avast\WebRep\Chrome\aswWebRepChrome.crx [2016-03-10]

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-10-07] (Apple Inc.)
    R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe [922240 2011-06-13] ()
    R2 asHmComSvc; C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe [915584 2010-12-02] ()
    R2 avast! Antivirus; C:\Program Files\AVAST Software\Avast\AvastSvc.exe [237096 2016-03-10] (AVAST Software)
    S3 Creative ALchemy AL6 Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\AL6Licensing.exe [79360 2012-10-26] (Creative Labs) [File not signed]
    S3 Creative Audio Engine Licensing Service; C:\Program Files (x86)\Common Files\Creative Labs Shared\Service\CTAELicensing.exe [79360 2012-10-26] (Creative Labs) [File not signed]
    R2 CTAudSvcService; C:\Program Files (x86)\Creative\Shared Files\CTAudSvc.exe [307200 2008-11-18] (Creative Technology Ltd) [File not signed]
    R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)
    R2 GfExperienceService; C:\Program Files\NVIDIA Corporation\GeForce Experience Service\GfExperienceService.exe [1164672 2016-02-17] (NVIDIA Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 NvNetworkService; C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe [1880960 2016-02-17] (NVIDIA Corporation)
    R3 NvStreamNetworkSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe [6474112 2016-02-17] (NVIDIA Corporation)
    R2 NvStreamSvc; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamService.exe [2609024 2016-02-17] (NVIDIA Corporation)
    S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2016-02-02] (Electronic Arts)
    R2 PnkBstrA; C:\WINDOWS\system32\PnkBstrA.exe [76152 2015-11-15] ()
    R2 PnkBstrA; C:\WINDOWS\SysWOW64\PnkBstrA.exe [76888 2015-11-15] ()
    S3 rpcapd; C:\Program Files (x86)\WinPcap\rpcapd.exe [118520 2013-02-28] (Riverbed Technology, Inc.)
    S2 RzWizardService; C:\Program Files (x86)\Razer\RzWizard\RzWizardService.exe [367616 2014-05-20] (Razer Inc.) [File not signed]
    R2 SDScannerService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe [1738168 2014-06-24] (Safer-Networking Ltd.)
    R2 SDUpdateService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe [2088408 2014-06-27] (Safer-Networking Ltd.)
    R2 SDWSCService; C:\Program Files (x86)\Spybot - Search & Destroy 2\SDWSCSvc.exe [171928 2014-04-25] (Safer-Networking Ltd.)
    S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
    S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [13440 2010-08-24] ()
    R2 aswHwid; C:\Windows\system32\drivers\aswHwid.sys [37656 2016-03-10] (AVAST Software)
    R2 aswMonFlt; C:\Windows\system32\drivers\aswMonFlt.sys [107792 2016-03-10] (AVAST Software)
    R1 aswRdr; C:\Windows\system32\drivers\aswRdr2.sys [103064 2016-03-10] (AVAST Software)
    R0 aswRvrt; C:\Windows\System32\Drivers\aswRvrt.sys [74544 2016-03-10] (AVAST Software)
    R1 aswSnx; C:\Windows\system32\drivers\aswSnx.sys [1070904 2016-03-10] (AVAST Software)
    R1 aswSP; C:\Windows\system32\drivers\aswSP.sys [463744 2016-03-10] (AVAST Software)
    R2 aswStm; C:\Windows\system32\drivers\aswStm.sys [165344 2016-03-10] (AVAST Software)
    R0 aswVmm; C:\Windows\System32\Drivers\aswVmm.sys [287016 2016-03-10] (AVAST Software)
    S3 dot4; C:\Windows\system32\DRIVERS\Dot4.sys [151968 2015-08-06] (Windows (R) Win 7 DDK provider)
    S3 Dot4Print; C:\Windows\System32\drivers\Dot4Prt.sys [27040 2015-08-06] (Windows (R) Win 7 DDK provider)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    S3 MotioninJoyXFilter; C:\Windows\System32\drivers\MijXfilt.sys [121416 2012-05-12] (MotioninJoy) [File not signed]
    R3 NPF; C:\Windows\System32\drivers\npf.sys [36600 2013-02-28] (Riverbed Technology, Inc.)
    R3 NvStreamKms; C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamKms.sys [28032 2016-02-17] (NVIDIA Corporation)
    R3 nvvad_WaveExtensible; C:\Windows\system32\drivers\nvvad64v.sys [47760 2015-12-18] (NVIDIA Corporation)
    R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
    R0 vsock; C:\Windows\System32\drivers\vsock.sys [75512 2015-10-18] (VMware, Inc.)
    S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
    S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
    S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)
    S3 WsAudio_Device(1); C:\Windows\System32\drivers\VirtualAudio1.sys [31080 2013-01-25] (Wondershare)
    S3 WsAudio_Device(2); C:\Windows\System32\drivers\VirtualAudio2.sys [31080 2013-01-25] (Wondershare)
    S3 WsAudio_Device(3); C:\Windows\System32\drivers\VirtualAudio3.sys [31080 2013-01-25] (Wondershare)
    S3 WsAudio_Device(4); C:\Windows\System32\drivers\VirtualAudio4.sys [31080 2013-01-25] (Wondershare)
    S3 WsAudio_Device(5); C:\Windows\System32\drivers\VirtualAudio5.sys [31080 2013-01-25] (Wondershare)
    U3 idsvc; no ImagePath

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-18 19:12 - 2016-03-18 19:12 - 00021240 _____ C:\Users\Shawn\Desktop\FRST.txt
    2016-03-18 19:11 - 2016-03-18 19:11 - 02374144 _____ (Farbar) C:\Users\Shawn\Desktop\FRST64.exe
    2016-03-18 16:13 - 2016-03-18 16:13 - 00000207 _____ C:\WINDOWS\tweaking.com-regbackup-SHAWN-PC-Windows-10-Pro-(64-bit).dat
    2016-03-18 16:13 - 2016-03-18 16:13 - 00000000 ____D C:\RegBackup
    2016-03-18 16:12 - 2016-03-18 16:12 - 00002312 _____ C:\Users\Public\Desktop\Tweaking.com - Registry Backup.lnk
    2016-03-18 16:12 - 2016-03-18 16:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tweaking.com
    2016-03-18 16:12 - 2016-03-18 16:12 - 00000000 ____D C:\Program Files (x86)\Tweaking.com
    2016-03-18 16:11 - 2016-03-18 16:12 - 00017970 _____ C:\WINDOWS\Tweaking.com - Registry Backup Setup Log.txt
    2016-03-18 16:11 - 2016-03-18 16:11 - 04777232 _____ (Tweaking.com) C:\Users\Shawn\Desktop\tweaking.com_registry_backup_setup.exe
    2016-03-18 00:39 - 2016-03-18 00:39 - 00003040 _____ C:\WINDOWS\System32\Tasks\avast! Windows 10 Start Menu helper
    2016-03-17 22:55 - 2016-03-17 22:55 - 01767476 _____ C:\Users\Shawn\Documents\031720161055.pcapng
    2016-03-14 09:04 - 2016-03-14 09:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple
    2016-03-14 09:04 - 2016-03-14 09:04 - 00000000 ____D C:\Program Files (x86)\Apple Software Update
    2016-03-13 05:13 - 2016-03-13 05:13 - 59189236 _____ C:\Users\Shawn\Documents\031320160515.pcapng
    2016-03-12 02:09 - 2016-03-12 02:09 - 65609048 _____ C:\Users\Shawn\Documents\031220160109am.pcapng
    2016-03-11 06:44 - 2016-03-11 06:44 - 00233392 _____ C:\Users\Shawn\Documents\cc_20160311_054401.reg
    2016-03-11 06:33 - 2016-03-11 06:45 - 00093350 _____ C:\TDSSKiller.3.1.0.9_11.03.2016_05.33.59_log.txt
    2016-03-11 06:22 - 2016-03-11 06:22 - 00002856 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2016-03-11 06:22 - 2016-03-11 06:22 - 00000863 _____ C:\Users\Public\Desktop\CCleaner.lnk
    2016-03-11 06:22 - 2016-03-11 06:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
    2016-03-11 06:22 - 2016-03-11 06:22 - 00000000 ____D C:\Program Files\CCleaner
    2016-03-10 20:06 - 2016-03-10 20:06 - 00000000 ____D C:\Users\Laura\AppData\Roaming\AVAST Software
    2016-03-10 20:06 - 2016-03-10 20:06 - 00000000 ____D C:\Users\Laura\AppData\Local\CrashDumps
    2016-03-10 15:21 - 2016-03-08 01:05 - 00110016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
    2016-03-10 15:20 - 2016-03-10 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Vulkan 1.0.3.0
    2016-03-10 15:20 - 2016-03-10 15:20 - 00000000 ____D C:\Program Files (x86)\VulkanRT
    2016-03-10 15:20 - 2016-02-13 20:47 - 00125720 _____ C:\WINDOWS\SysWOW64\vulkan-1.dll
    2016-03-10 15:20 - 2016-02-13 20:46 - 00126232 _____ C:\WINDOWS\system32\vulkan-1.dll
    2016-03-10 15:20 - 2016-02-13 20:45 - 00045848 _____ C:\WINDOWS\system32\vulkaninfo.exe
    2016-03-10 15:20 - 2016-02-13 20:45 - 00042264 _____ C:\WINDOWS\SysWOW64\vulkaninfo.exe
    2016-03-10 15:17 - 2016-03-08 05:27 - 42968120 _____ C:\WINDOWS\system32\nvcompiler.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 37609528 _____ C:\WINDOWS\SysWOW64\nvcompiler.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 22971960 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglv64.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 21322480 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvopencl.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 20863920 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuda.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 18906048 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglv32.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 17732960 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvopencl.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 17368424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvd3dumx.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 17325400 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuda.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 10547128 _____ C:\WINDOWS\system32\nvptxJitCompiler.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 08657936 _____ C:\WINDOWS\SysWOW64\nvptxJitCompiler.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 02613696 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcuvid.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 02257344 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvcuvid.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 01922496 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436451.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 01571776 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436451.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 00955328 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvFBC64.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 00885184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\NvIFR64.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 00750016 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvFBC.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 00692160 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\NvIFR.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 00678704 _____ C:\WINDOWS\system32\nvfatbinaryLoader.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 00571912 _____ C:\WINDOWS\SysWOW64\nvfatbinaryLoader.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 00545632 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvumdshimx.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 00448824 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvumdshim.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 00175552 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvinitx.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 00153208 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvinit.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 00151184 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvoglshim64.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 00128696 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvoglshim32.dll
    2016-03-10 15:17 - 2016-03-08 05:27 - 00000139 _____ C:\WINDOWS\SysWOW64\nv-vk32.json
    2016-03-10 15:17 - 2016-03-08 05:27 - 00000139 _____ C:\WINDOWS\system32\nv-vk64.json
    2016-03-10 05:32 - 2016-03-18 19:12 - 00000000 ____D C:\FRST
    2016-03-10 03:05 - 2016-03-10 03:05 - 00000020 ___SH C:\Users\DefaultAppPool\ntuser.ini
    2016-03-10 00:41 - 2016-03-17 00:31 - 00004280 _____ C:\WINDOWS\System32\Tasks\avast! Emergency Update
    2016-03-10 00:41 - 2016-03-10 00:41 - 01070904 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsnx.sys
    2016-03-10 00:41 - 2016-03-10 00:41 - 00463744 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswsp.sys
    2016-03-10 00:41 - 2016-03-10 00:41 - 00107792 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswmonflt.sys
    2016-03-10 00:41 - 2016-03-10 00:41 - 00001979 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Avast Free Antivirus.lnk
    2016-03-10 00:41 - 2016-03-10 00:41 - 00001967 _____ C:\Users\Public\Desktop\Avast Free Antivirus.lnk
    2016-03-10 00:41 - 2016-03-10 00:41 - 00000000 ____D C:\Users\Shawn\AppData\Roaming\AVAST Software
    2016-03-10 00:41 - 2016-03-10 00:40 - 00165344 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswStm.sys
    2016-03-10 00:41 - 2016-03-10 00:40 - 00103064 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRdr2.sys
    2016-03-10 00:41 - 2016-03-10 00:40 - 00037656 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswHwid.sys
    2016-03-10 00:40 - 2016-03-10 00:40 - 00398152 _____ (AVAST Software) C:\WINDOWS\system32\aswBoot.exe
    2016-03-10 00:39 - 2016-03-10 00:39 - 00052184 _____ (AVAST Software) C:\WINDOWS\avastSS.scr
    2016-03-10 00:32 - 2016-03-10 01:05 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2016-03-10 00:32 - 2016-03-10 00:40 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2016-03-10 00:32 - 2016-03-10 00:32 - 00001464 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot-S&D Start Center.lnk
    2016-03-10 00:32 - 2016-03-10 00:32 - 00001452 _____ C:\Users\Public\Desktop\Spybot-S&D Start Center.lnk
    2016-03-10 00:32 - 2016-03-10 00:32 - 00000000 ____D C:\WINDOWS\System32\Tasks\Safer-Networking
    2016-03-10 00:32 - 2016-03-10 00:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Spybot - Search & Destroy 2
    2016-03-10 00:32 - 2013-09-20 11:49 - 00021040 _____ (Safer Networking Limited) C:\WINDOWS\system32\sdnclean64.exe
    2016-03-08 21:54 - 2016-03-01 00:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
    2016-03-08 21:54 - 2016-03-01 00:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
    2016-03-08 21:54 - 2016-02-24 04:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
    2016-03-08 21:54 - 2016-02-24 04:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2016-03-08 21:54 - 2016-02-24 04:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
    2016-03-08 21:54 - 2016-02-24 04:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
    2016-03-08 21:54 - 2016-02-24 04:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
    2016-03-08 21:54 - 2016-02-24 04:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
    2016-03-08 21:54 - 2016-02-24 04:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
    2016-03-08 21:54 - 2016-02-24 04:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
    2016-03-08 21:54 - 2016-02-24 03:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
    2016-03-08 21:54 - 2016-02-24 03:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
    2016-03-08 21:54 - 2016-02-24 03:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
    2016-03-08 21:54 - 2016-02-24 03:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
    2016-03-08 21:54 - 2016-02-24 03:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
    2016-03-08 21:54 - 2016-02-24 03:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
    2016-03-08 21:54 - 2016-02-24 03:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
    2016-03-08 21:54 - 2016-02-24 03:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
    2016-03-08 21:54 - 2016-02-24 03:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
    2016-03-08 21:54 - 2016-02-24 03:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
    2016-03-08 21:54 - 2016-02-24 03:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
    2016-03-08 21:54 - 2016-02-24 03:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
    2016-03-08 21:54 - 2016-02-24 03:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
    2016-03-08 21:54 - 2016-02-24 03:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
    2016-03-08 21:54 - 2016-02-24 03:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
    2016-03-08 21:54 - 2016-02-24 03:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
    2016-03-08 21:54 - 2016-02-24 03:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2016-03-08 21:54 - 2016-02-24 03:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
    2016-03-08 21:54 - 2016-02-24 03:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
    2016-03-08 21:54 - 2016-02-24 03:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
    2016-03-08 21:54 - 2016-02-24 03:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
    2016-03-08 21:54 - 2016-02-24 02:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
    2016-03-08 21:54 - 2016-02-24 02:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
    2016-03-08 21:54 - 2016-02-24 02:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
    2016-03-08 21:54 - 2016-02-24 02:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
    2016-03-08 21:54 - 2016-02-24 02:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
    2016-03-08 21:54 - 2016-02-24 02:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
    2016-03-08 21:54 - 2016-02-24 02:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
    2016-03-08 21:54 - 2016-02-24 02:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2016-03-08 21:54 - 2016-02-24 02:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
    2016-03-08 21:54 - 2016-02-24 02:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
    2016-03-08 21:54 - 2016-02-24 02:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
    2016-03-08 21:54 - 2016-02-24 02:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
    2016-03-08 21:54 - 2016-02-24 02:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
    2016-03-08 21:54 - 2016-02-24 02:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
    2016-03-08 21:54 - 2016-02-24 02:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
    2016-03-08 21:54 - 2016-02-24 02:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
    2016-03-08 21:54 - 2016-02-24 02:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
    2016-03-08 21:54 - 2016-02-24 02:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
    2016-03-08 21:54 - 2016-02-24 02:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
    2016-03-08 21:54 - 2016-02-24 02:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
    2016-03-08 21:54 - 2016-02-24 02:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
    2016-03-08 21:54 - 2016-02-24 02:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
    2016-03-08 21:54 - 2016-02-24 02:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2016-03-08 21:54 - 2016-02-24 02:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
    2016-03-08 21:54 - 2016-02-24 02:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
    2016-03-08 21:54 - 2016-02-24 02:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
    2016-03-08 21:54 - 2016-02-24 02:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
    2016-03-08 21:54 - 2016-02-24 02:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
    2016-03-08 21:54 - 2016-02-24 02:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
    2016-03-08 21:54 - 2016-02-24 02:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
    2016-03-08 21:54 - 2016-02-24 02:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
    2016-03-08 21:54 - 2016-02-24 02:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
    2016-03-08 21:54 - 2016-02-24 02:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
    2016-03-08 21:54 - 2016-02-24 02:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
    2016-03-08 21:54 - 2016-02-24 02:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
    2016-03-08 21:54 - 2016-02-24 02:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
    2016-03-08 21:54 - 2016-02-24 02:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2016-03-08 21:54 - 2016-02-24 02:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
    2016-03-08 21:54 - 2016-02-24 02:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
    2016-03-08 21:54 - 2016-02-24 02:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
    2016-03-08 21:54 - 2016-02-24 01:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
    2016-03-08 21:54 - 2016-02-24 01:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
    2016-03-08 21:54 - 2016-02-24 01:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
    2016-03-08 21:54 - 2016-02-24 01:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
    2016-03-08 21:54 - 2016-02-24 01:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
    2016-03-08 21:54 - 2016-02-24 01:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
    2016-03-08 21:54 - 2016-02-24 01:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
    2016-03-08 21:54 - 2016-02-24 01:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
    2016-03-08 21:54 - 2016-02-24 01:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
    2016-03-08 21:54 - 2016-02-24 01:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
    2016-03-08 21:54 - 2016-02-24 01:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
    2016-03-08 21:54 - 2016-02-24 01:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
    2016-03-08 21:54 - 2016-02-24 01:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
    2016-03-08 21:54 - 2016-02-24 01:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
    2016-03-08 21:54 - 2016-02-24 01:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
    2016-03-08 21:54 - 2016-02-24 01:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
    2016-03-08 21:54 - 2016-02-24 01:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
    2016-03-08 21:54 - 2016-02-24 01:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
    2016-03-08 21:54 - 2016-02-24 01:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
    2016-03-08 21:54 - 2016-02-24 01:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
    2016-03-08 21:54 - 2016-02-24 01:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
    2016-03-08 21:54 - 2016-02-24 01:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
    2016-03-08 21:54 - 2016-02-24 01:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
    2016-03-08 21:54 - 2016-02-24 01:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
    2016-03-08 21:54 - 2016-02-24 01:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
    2016-03-08 21:54 - 2016-02-24 01:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
    2016-03-08 21:54 - 2016-02-24 01:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
    2016-03-08 21:54 - 2016-02-24 01:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2016-03-08 21:54 - 2016-02-24 01:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
    2016-03-08 21:54 - 2016-02-24 01:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
    2016-03-08 21:54 - 2016-02-24 01:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2016-03-08 21:54 - 2016-02-24 01:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
    2016-03-08 21:54 - 2016-02-24 01:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
    2016-03-08 21:54 - 2016-02-24 01:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
    2016-03-08 21:54 - 2016-02-24 01:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
    2016-03-08 21:54 - 2016-02-24 01:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
    2016-03-08 21:54 - 2016-02-24 01:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
    2016-03-08 21:54 - 2016-02-24 01:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
    2016-03-08 21:54 - 2016-02-24 01:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
    2016-03-08 21:54 - 2016-02-24 01:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
    2016-03-08 21:54 - 2016-02-24 01:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
    2016-03-08 21:54 - 2016-02-24 01:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
    2016-03-08 21:54 - 2016-02-24 01:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
    2016-03-08 21:54 - 2016-02-24 01:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
    2016-03-08 21:54 - 2016-02-24 01:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
    2016-03-08 21:54 - 2016-02-24 01:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
    2016-03-08 21:54 - 2016-02-24 01:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
    2016-03-08 21:54 - 2016-02-24 01:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
    2016-03-08 21:54 - 2016-02-24 01:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
    2016-03-08 21:54 - 2016-02-24 01:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
    2016-03-08 21:54 - 2016-02-24 01:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
    2016-03-08 21:54 - 2016-02-24 01:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
    2016-03-08 21:54 - 2016-02-24 01:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
    2016-03-08 21:54 - 2016-02-24 01:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
    2016-03-08 21:54 - 2016-02-24 01:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2016-03-08 21:54 - 2016-02-24 01:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
    2016-03-08 21:54 - 2016-02-24 01:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
    2016-03-08 21:54 - 2016-02-24 01:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
    2016-03-08 21:54 - 2016-02-24 01:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
    2016-03-08 21:54 - 2016-02-24 01:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2016-03-08 21:54 - 2016-02-24 01:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
    2016-03-08 21:54 - 2016-02-24 01:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
    2016-03-08 21:54 - 2016-02-24 01:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
    2016-03-08 21:54 - 2016-02-24 01:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
    2016-03-08 21:54 - 2016-02-24 01:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2016-03-08 21:54 - 2016-02-24 01:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
    2016-03-08 21:54 - 2016-02-24 01:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
    2016-03-08 21:54 - 2016-02-24 00:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2016-03-08 21:54 - 2016-02-24 00:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
    2016-03-08 21:54 - 2016-02-24 00:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
    2016-03-08 21:54 - 2016-02-24 00:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
    2016-03-08 21:54 - 2016-02-24 00:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
    2016-03-08 21:54 - 2016-02-24 00:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2016-03-08 21:54 - 2016-02-24 00:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2016-03-08 21:54 - 2016-02-24 00:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2016-03-08 21:54 - 2016-02-24 00:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
    2016-03-08 21:54 - 2016-02-24 00:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2016-03-08 21:54 - 2016-02-24 00:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
    2016-03-08 21:54 - 2016-02-24 00:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
    2016-03-08 21:54 - 2016-02-24 00:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
    2016-03-08 21:54 - 2016-02-23 23:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2016-03-08 21:54 - 2016-02-23 23:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2016-03-01 19:12 - 2016-03-01 19:12 - 305291156 _____ C:\Users\Shawn\Documents\POSSIBLE FTP HACK.pcapng
    2016-03-01 14:22 - 2016-02-23 06:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
    2016-03-01 14:22 - 2016-02-23 05:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
    2016-03-01 14:22 - 2016-02-23 05:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
    2016-03-01 14:22 - 2016-02-23 04:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
    2016-03-01 14:22 - 2016-02-23 03:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
    2016-03-01 14:22 - 2016-02-23 03:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
    2016-03-01 14:22 - 2016-02-23 03:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
    2016-03-01 14:22 - 2016-02-23 02:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2016-03-01 14:22 - 2016-02-23 02:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
    2016-03-01 14:22 - 2016-02-23 01:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2016-03-01 14:22 - 2016-02-23 01:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2016-03-01 14:22 - 2016-02-23 01:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
    2016-03-01 14:22 - 2016-02-23 01:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2016-03-01 14:22 - 2016-02-23 01:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2016-03-01 14:22 - 2016-02-23 01:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2016-03-01 14:22 - 2016-02-08 22:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
    2016-03-01 14:22 - 2016-02-08 22:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
    2016-03-01 14:21 - 2016-02-23 06:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2016-03-01 14:21 - 2016-02-23 06:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2016-03-01 14:21 - 2016-02-23 06:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
    2016-03-01 14:21 - 2016-02-23 06:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2016-03-01 14:21 - 2016-02-23 06:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2016-03-01 14:21 - 2016-02-23 06:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
    2016-03-01 14:21 - 2016-02-23 05:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
    2016-03-01 14:21 - 2016-02-23 05:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
    2016-03-01 14:21 - 2016-02-23 05:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
    2016-03-01 14:21 - 2016-02-23 05:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
    2016-03-01 14:21 - 2016-02-23 05:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
    2016-03-01 14:21 - 2016-02-23 05:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
    2016-03-01 14:21 - 2016-02-23 05:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
    2016-03-01 14:21 - 2016-02-23 05:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
    2016-03-01 14:21 - 2016-02-23 05:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
    2016-03-01 14:21 - 2016-02-23 05:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
    2016-03-01 14:21 - 2016-02-23 05:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
    2016-03-01 14:21 - 2016-02-23 05:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2016-03-01 14:21 - 2016-02-23 05:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
    2016-03-01 14:21 - 2016-02-23 05:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2016-03-01 14:21 - 2016-02-23 04:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
    2016-03-01 14:21 - 2016-02-23 04:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
    2016-03-01 14:21 - 2016-02-23 04:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
    2016-03-01 14:21 - 2016-02-23 04:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
    2016-03-01 14:21 - 2016-02-23 04:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
    2016-03-01 14:21 - 2016-02-23 04:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
    2016-03-01 14:21 - 2016-02-23 04:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
    2016-03-01 14:21 - 2016-02-23 04:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
    2016-03-01 14:21 - 2016-02-23 04:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
    2016-03-01 14:21 - 2016-02-23 04:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2016-03-01 14:21 - 2016-02-23 04:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2016-03-01 14:21 - 2016-02-23 04:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
    2016-03-01 14:21 - 2016-02-23 04:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
    2016-03-01 14:21 - 2016-02-23 04:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
    2016-03-01 14:21 - 2016-02-23 03:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
    2016-03-01 14:21 - 2016-02-23 03:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
    2016-03-01 14:21 - 2016-02-23 03:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
    2016-03-01 14:21 - 2016-02-23 03:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
    2016-03-01 14:21 - 2016-02-23 03:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
    2016-03-01 14:21 - 2016-02-23 03:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
    2016-03-01 14:21 - 2016-02-23 03:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
    2016-03-01 14:21 - 2016-02-23 03:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
    2016-03-01 14:21 - 2016-02-23 03:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
    2016-03-01 14:21 - 2016-02-23 03:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
    2016-03-01 14:21 - 2016-02-23 03:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
    2016-03-01 14:21 - 2016-02-23 03:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
    2016-03-01 14:21 - 2016-02-23 03:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
    2016-03-01 14:21 - 2016-02-23 03:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
    2016-03-01 14:21 - 2016-02-23 03:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
    2016-03-01 14:21 - 2016-02-23 03:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
    2016-03-01 14:21 - 2016-02-23 03:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
    2016-03-01 14:21 - 2016-02-23 03:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
    2016-03-01 14:21 - 2016-02-23 03:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
    2016-03-01 14:21 - 2016-02-23 03:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
    2016-03-01 14:21 - 2016-02-23 03:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
    2016-03-01 14:21 - 2016-02-23 03:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
    2016-03-01 14:21 - 2016-02-23 03:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2016-03-01 14:21 - 2016-02-23 03:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
    2016-03-01 14:21 - 2016-02-23 03:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
    2016-03-01 14:21 - 2016-02-23 03:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
    2016-03-01 14:21 - 2016-02-23 03:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
    2016-03-01 14:21 - 2016-02-23 03:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
    2016-03-01 14:21 - 2016-02-23 03:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2016-03-01 14:21 - 2016-02-23 03:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2016-03-01 14:21 - 2016-02-23 03:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
    2016-03-01 14:21 - 2016-02-23 02:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
    2016-03-01 14:21 - 2016-02-23 02:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
    2016-03-01 14:21 - 2016-02-23 02:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
    2016-03-01 14:21 - 2016-02-23 02:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
    2016-03-01 14:21 - 2016-02-23 02:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
    2016-03-01 14:21 - 2016-02-23 02:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
    2016-03-01 14:21 - 2016-02-23 02:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
    2016-03-01 14:21 - 2016-02-23 02:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
    2016-03-01 14:21 - 2016-02-23 02:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
    2016-03-01 14:21 - 2016-02-23 02:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
    2016-03-01 14:21 - 2016-02-23 02:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
    2016-03-01 14:21 - 2016-02-23 02:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
    2016-03-01 14:21 - 2016-02-23 02:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
    2016-03-01 14:21 - 2016-02-23 02:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
    2016-03-01 14:21 - 2016-02-23 02:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2016-03-01 14:21 - 2016-02-23 02:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
    2016-03-01 14:21 - 2016-02-23 02:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
    2016-03-01 14:21 - 2016-02-23 02:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
    2016-03-01 14:21 - 2016-02-23 02:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
    2016-03-01 14:21 - 2016-02-23 02:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
    2016-03-01 14:21 - 2016-02-23 02:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
    2016-03-01 14:21 - 2016-02-23 02:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
    2016-03-01 14:21 - 2016-02-23 01:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
    2016-03-01 14:21 - 2016-02-23 01:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
    2016-03-01 14:21 - 2016-02-23 01:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
    2016-03-01 14:21 - 2016-02-23 01:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
    2016-03-01 14:21 - 2016-02-23 01:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2016-03-01 14:21 - 2016-02-23 01:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
    2016-03-01 14:21 - 2016-02-23 01:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2016-03-01 14:21 - 2016-02-23 01:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
    2016-03-01 14:21 - 2016-02-23 01:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
    2016-03-01 14:21 - 2016-02-23 01:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2016-03-01 14:21 - 2016-02-23 01:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2016-03-01 14:21 - 2016-02-23 01:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
    2016-03-01 14:21 - 2016-02-08 23:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
    2016-03-01 14:21 - 2016-02-08 22:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
    2016-03-01 14:21 - 2016-02-08 22:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
    2016-03-01 14:21 - 2016-02-08 22:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
    2016-03-01 14:20 - 2016-02-23 06:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
    2016-03-01 14:20 - 2016-02-23 06:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
    2016-03-01 14:20 - 2016-02-23 06:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2016-03-01 14:20 - 2016-02-23 05:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
    2016-03-01 14:20 - 2016-02-23 05:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
    2016-03-01 14:20 - 2016-02-23 05:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
    2016-03-01 14:20 - 2016-02-23 04:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
    2016-03-01 14:20 - 2016-02-23 04:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
    2016-03-01 14:20 - 2016-02-23 04:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
    2016-03-01 14:20 - 2016-02-23 04:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
    2016-03-01 14:20 - 2016-02-23 04:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
    2016-03-01 14:20 - 2016-02-23 04:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
    2016-03-01 14:20 - 2016-02-23 04:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
    2016-03-01 14:20 - 2016-02-23 04:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
    2016-03-01 14:20 - 2016-02-23 04:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
    2016-03-01 14:20 - 2016-02-23 04:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
    2016-03-01 14:20 - 2016-02-23 04:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
    2016-03-01 14:20 - 2016-02-23 04:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
    2016-03-01 14:20 - 2016-02-23 04:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
    2016-03-01 14:20 - 2016-02-23 03:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
    2016-03-01 14:20 - 2016-02-23 03:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
    2016-03-01 14:20 - 2016-02-23 03:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
    2016-03-01 14:20 - 2016-02-23 03:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
    2016-03-01 14:20 - 2016-02-23 03:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
    2016-03-01 14:20 - 2016-02-23 03:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
    2016-03-01 14:20 - 2016-02-23 03:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
    2016-03-01 14:20 - 2016-02-23 03:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
    2016-03-01 14:20 - 2016-02-23 03:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
    2016-03-01 14:20 - 2016-02-23 03:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
    2016-03-01 14:20 - 2016-02-23 03:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
    2016-03-01 14:20 - 2016-02-23 03:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
    2016-03-01 14:20 - 2016-02-23 03:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
    2016-03-01 14:20 - 2016-02-23 03:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
    2016-03-01 14:20 - 2016-02-23 03:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
    2016-03-01 14:20 - 2016-02-23 03:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
    2016-03-01 14:20 - 2016-02-23 03:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
    2016-03-01 14:20 - 2016-02-23 03:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-03-01 14:20 - 2016-02-23 03:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
    2016-03-01 14:20 - 2016-02-23 03:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
    2016-03-01 14:20 - 2016-02-23 03:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
    2016-03-01 14:20 - 2016-02-23 03:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
    2016-03-01 14:20 - 2016-02-23 03:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
    2016-03-01 14:20 - 2016-02-23 03:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
    2016-03-01 14:20 - 2016-02-23 02:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
    2016-03-01 14:20 - 2016-02-23 02:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
    2016-03-01 14:20 - 2016-02-23 02:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
    2016-03-01 14:20 - 2016-02-23 02:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
    2016-03-01 14:20 - 2016-02-23 02:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
    2016-03-01 14:20 - 2016-02-23 02:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
    2016-03-01 14:20 - 2016-02-23 02:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
    2016-03-01 14:20 - 2016-02-23 02:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
    2016-03-01 14:20 - 2016-02-23 02:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
    2016-03-01 14:20 - 2016-02-23 02:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
    2016-03-01 14:20 - 2016-02-23 02:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
    2016-03-01 14:20 - 2016-02-23 02:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
    2016-03-01 14:20 - 2016-02-23 01:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
    2016-03-01 14:20 - 2016-02-23 01:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
    2016-03-01 14:20 - 2016-02-08 23:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
    2016-03-01 14:20 - 2016-02-08 22:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
    2016-02-24 00:25 - 2016-02-09 03:25 - 01924152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispco6436191.dll
    2016-02-24 00:25 - 2016-02-09 03:25 - 01573432 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvdispgenco6436191.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2016-03-18 19:06 - 2013-12-31 16:29 - 00000924 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2016-03-18 19:01 - 2012-09-16 19:59 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.exe
    2016-03-18 17:50 - 2014-02-05 18:08 - 00000830 _____ C:\WINDOWS\Tasks\Adobe Flash Player Updater.job
    2016-03-18 16:25 - 2012-09-16 19:59 - 00226168 _____ C:\WINDOWS\SysWOW64\PnkBstrB.ex0
    2016-03-18 06:05 - 2012-06-27 23:42 - 00000000 ____D C:\ProgramData\Origin
    2016-03-18 06:03 - 2013-12-31 16:29 - 00000920 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2016-03-18 05:57 - 2014-06-18 17:52 - 00000928 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1437170364-1528473509-2599310780-1000UA.job
    2016-03-18 01:18 - 2013-01-28 23:21 - 00004154 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{8270CB39-28C5-488A-BF08-21965367FFD9}
    2016-03-18 01:08 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\AppReadiness
    2016-03-18 00:44 - 2015-10-30 02:24 - 00000000 ___HD C:\Program Files\WindowsApps
    2016-03-17 22:31 - 2015-07-16 22:46 - 00105984 ___SH C:\Users\Shawn\Desktop\Thumbs.db
    2016-03-17 20:29 - 2015-10-30 02:21 - 00000000 ____D C:\WINDOWS\INF
    2016-03-17 19:21 - 2016-01-27 19:36 - 00000000 ____D C:\Users\Shawn\AppData\Local\CrashDumps
    2016-03-17 17:57 - 2014-06-18 17:52 - 00000906 _____ C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1437170364-1528473509-2599310780-1000Core.job
    2016-03-17 10:13 - 2014-08-18 22:33 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2016-03-17 01:01 - 2015-12-06 07:06 - 00000000 ___DC C:\WINDOWS\Panther
    2016-03-17 00:34 - 2015-12-06 05:20 - 01017908 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2016-03-17 00:28 - 2015-12-06 05:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2016-03-17 00:28 - 2015-12-06 05:15 - 00000000 ____D C:\ProgramData\NVIDIA
    2016-03-17 00:28 - 2015-12-06 05:08 - 00340680 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2016-03-17 00:27 - 2015-10-30 01:28 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
    2016-03-14 09:04 - 2014-03-07 22:25 - 00002535 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk
    2016-03-10 23:00 - 2015-10-30 02:11 - 00000000 ____D C:\WINDOWS\CbsTemp
    2016-03-10 20:07 - 2015-08-06 19:00 - 00002405 _____ C:\Users\Laura\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-03-10 20:07 - 2015-08-06 19:00 - 00000000 ___RD C:\Users\Laura\OneDrive
    2016-03-10 20:07 - 2015-07-20 10:03 - 00000000 ____D C:\Users\Laura\AppData\Local\NVIDIA Corporation
    2016-03-10 20:05 - 2015-08-06 17:40 - 00000000 __RHD C:\Users\Public\AccountPictures
    2016-03-10 20:02 - 2012-09-08 16:50 - 00000000 ____D C:\Users\Shawn\Desktop\HARD DRIVE 1
    2016-03-10 19:59 - 2013-12-14 15:05 - 00000000 ____D C:\Users\Shawn\Desktop\LAPTOP RECOVERY
    2016-03-10 15:21 - 2015-12-06 05:15 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2016-03-10 15:21 - 2014-07-29 18:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NVIDIA Corporation
    2016-03-10 03:05 - 2015-12-06 05:20 - 00000000 ____D C:\Users\DefaultAppPool
    2016-03-10 00:47 - 2015-11-01 12:30 - 00000000 ____D C:\ProgramData\Avg
    2016-03-10 00:47 - 2015-06-02 20:39 - 00000000 ____D C:\Users\Shawn\AppData\Local\Avg
    2016-03-10 00:47 - 2014-08-18 22:33 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2016-03-10 00:47 - 2013-05-14 17:49 - 00000000 ____D C:\Program Files (x86)\AVG
    2016-03-10 00:47 - 2013-05-14 17:46 - 00000000 ____D C:\ProgramData\MFAData
    2016-03-10 00:41 - 2013-03-24 10:58 - 00287016 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswvmm.sys
    2016-03-10 00:40 - 2013-03-24 10:58 - 00074544 _____ (AVAST Software) C:\WINDOWS\system32\Drivers\aswRvrt.sys
    2016-03-10 00:38 - 2015-11-01 12:29 - 00000000 ____D C:\Users\Shawn\AppData\Local\AvgSetupLog
    2016-03-10 00:38 - 2015-10-30 02:24 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
    2016-03-10 00:37 - 2012-06-27 23:31 - 00000000 ____D C:\ProgramData\AVAST Software
    2016-03-10 00:36 - 2015-07-01 17:50 - 00000000 ____D C:\Program Files\Common Files\AV
    2016-03-09 22:19 - 2015-12-01 21:30 - 12653504 _____ (NVIDIA Corporation) C:\WINDOWS\system32\Drivers\nvlddmkm.sys
    2016-03-09 20:14 - 2015-08-06 17:46 - 00002405 _____ C:\Users\Shawn\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2016-03-09 20:14 - 2015-08-06 17:46 - 00000000 ___RD C:\Users\Shawn\OneDrive
    2016-03-09 13:36 - 2014-08-18 22:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2016-03-09 13:36 - 2012-07-17 18:19 - 00001175 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk
    2016-03-09 13:15 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
    2016-03-09 13:15 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
    2016-03-09 13:15 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2016-03-09 13:15 - 2015-10-30 02:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
    2016-03-08 22:09 - 2013-07-14 19:02 - 00000000 ____D C:\WINDOWS\system32\MRT
    2016-03-08 22:04 - 2012-06-27 21:09 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2016-03-08 20:15 - 2015-11-05 19:10 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
    2016-03-08 05:27 - 2016-01-20 01:01 - 17320280 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvwgf2um.dll
    2016-03-08 05:27 - 2015-12-01 21:30 - 20061152 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvwgf2umx.dll
    2016-03-08 05:27 - 2015-12-01 21:30 - 14226864 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvd3dum.dll
    2016-03-08 05:27 - 2015-12-01 21:30 - 03681672 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvapi64.dll
    2016-03-08 05:27 - 2015-12-01 21:30 - 03259176 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvapi.dll
    2016-03-08 05:27 - 2015-12-01 21:30 - 00037702 _____ C:\WINDOWS\system32\nvinfo.pb
    2016-03-08 02:12 - 2015-10-30 02:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2016-03-08 02:12 - 2015-10-30 02:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2016-03-08 01:42 - 2016-01-20 01:03 - 00530880 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshext.dll
    2016-03-08 01:42 - 2016-01-20 01:03 - 00081856 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nv3dappshextr.dll
    2016-03-08 01:42 - 2015-12-06 05:15 - 06371384 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2016-03-08 01:42 - 2015-12-06 05:15 - 02992576 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2016-03-08 01:42 - 2015-12-06 05:15 - 02563128 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2016-03-08 01:42 - 2015-12-06 05:15 - 01264064 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    2016-03-08 01:42 - 2015-12-06 05:15 - 00393784 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2016-03-08 01:42 - 2015-12-06 05:15 - 00071224 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2016-03-06 23:22 - 2015-12-06 05:15 - 06203411 _____ C:\WINDOWS\system32\nvcoproc.bin
    2016-03-06 14:25 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\rescache
    2016-03-05 00:32 - 2015-12-06 05:21 - 00000000 ____D C:\Users\Shawn
    2016-03-04 12:03 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\NDF
    2016-03-03 03:02 - 2015-10-30 04:07 - 00000000 ____D C:\Program Files\Windows Journal
    2016-03-03 03:02 - 2015-10-30 02:24 - 00000000 __RSD C:\WINDOWS\Media
    2016-03-03 03:02 - 2015-10-30 02:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2016-03-03 03:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2016-03-03 03:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2016-03-03 03:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2016-03-03 03:02 - 2015-10-30 02:24 - 00000000 ____D C:\WINDOWS\bcastdvr
    2016-03-03 03:02 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2016-03-03 03:02 - 2015-10-30 01:28 - 00000000 ____D C:\WINDOWS\system32\Dism
    2016-03-02 15:16 - 2015-10-30 01:28 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2016-03-01 23:53 - 2016-01-05 01:07 - 00001816 _____ C:\Users\Public\Desktop\iTunes.lnk
    2016-03-01 23:53 - 2015-12-06 05:31 - 00001507 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
    2016-03-01 23:53 - 2015-12-03 20:10 - 00001255 _____ C:\Users\Public\Desktop\VMware Workstation 12 Player.lnk
    2016-03-01 23:53 - 2015-11-16 21:09 - 00001325 _____ C:\Users\Public\Desktop\Hex Workshop Hex Editor (64 bit).lnk
    2016-03-01 23:53 - 2015-11-05 19:10 - 00002118 _____ C:\Users\Public\Desktop\Acrobat Reader DC.lnk
    2016-03-01 23:53 - 2015-10-31 18:20 - 00001742 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Wireshark.lnk
    2016-03-01 23:53 - 2015-10-31 18:20 - 00001736 _____ C:\Users\Public\Desktop\Wireshark.lnk
    2016-03-01 23:53 - 2015-10-05 23:55 - 00001220 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Mozilla Firefox.lnk
    2016-03-01 23:53 - 2015-09-08 16:14 - 00001307 _____ C:\Users\Public\Desktop\Battlefield 4.lnk
    2016-03-01 23:53 - 2015-09-08 16:14 - 00001292 _____ C:\Users\Public\Desktop\Battlefield 4(64 bit).lnk
    2016-03-01 23:53 - 2014-09-20 23:51 - 00001168 _____ C:\Users\Public\Desktop\Battlefield 3.lnk
    2016-03-01 23:53 - 2014-09-20 22:11 - 00000977 _____ C:\Users\Public\Desktop\Origin.lnk
    2016-03-01 23:53 - 2014-09-06 21:25 - 00001869 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn.lnk
    2016-03-01 23:53 - 2014-09-06 21:25 - 00001863 _____ C:\Users\Public\Desktop\ImgBurn.lnk
    2016-03-01 23:53 - 2014-03-22 18:06 - 00002030 _____ C:\Users\Public\Desktop\Aspire-CCNA.lnk
    2016-03-01 23:53 - 2012-06-27 23:37 - 00001875 _____ C:\Users\Public\Desktop\Defraggler.lnk
    2016-03-01 23:53 - 2012-06-27 23:36 - 00001064 _____ C:\Users\Public\Desktop\VLC media player.lnk
    2016-03-01 23:53 - 2009-07-14 00:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
    2016-03-01 23:52 - 2015-07-16 22:46 - 00001325 _____ C:\Users\Shawn\Desktop\Laura - Shortcut.lnk
    2016-03-01 23:52 - 2015-04-06 18:08 - 00001825 _____ C:\Users\Shawn\Desktop\MagicISO.lnk
    2016-03-01 23:52 - 2013-07-24 20:45 - 00001878 _____ C:\Users\Shawn\Desktop\BFBC2.lnk
    2016-02-26 23:19 - 2015-05-18 21:06 - 00000000 ____D C:\Users\Shawn\Downloads\Guardians of the Galaxy -(2014) 720p BrRip x264 - FIRZON
    2016-02-24 06:32 - 2015-12-06 05:21 - 00000000 ____D C:\Users\Laura
    2016-02-24 00:26 - 2015-12-06 05:15 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2016-02-24 00:21 - 2014-07-29 18:36 - 00000000 ____D C:\Users\Shawn\AppData\Local\NVIDIA Corporation
    2016-02-24 00:21 - 2014-05-07 18:48 - 00000000 ____D C:\Users\Shawn\AppData\Local\NVIDIA
    2016-02-17 01:40 - 2016-01-20 00:57 - 00112216 _____ C:\WINDOWS\system32\NvRtmpStreamer64.dll
    2016-02-17 01:40 - 2014-07-29 18:36 - 01903344 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspcap64.dll
    2016-02-17 01:40 - 2014-07-29 18:36 - 01756424 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvspbridge64.dll
    2016-02-17 01:40 - 2014-07-29 18:36 - 01571624 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspcap.dll
    2016-02-17 01:40 - 2014-07-29 18:36 - 01316184 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvspbridge.dll

    ==================== Files in the root of some directories =======

    2014-05-29 19:33 - 2014-05-29 19:40 - 0000035 _____ () C:\Users\Shawn\AppData\Roaming\Statdisk.prefs
    2015-12-06 05:14 - 2015-12-06 05:14 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2016-03-15 07:07

    ==================== End of FRST.txt ============================
  7. 2016-03-19, 01:29 #7
    Incognito70
    Incognito70 is offline
    Junior Member
    Join Date
    Mar 2016
    Posts
    23

    Default

    Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
    Ran by Shawn (2016-03-18 19:13:32)
    Running from C:\Users\Shawn\Desktop
    Windows 10 Pro Version 1511 (X64) (2015-12-06 10:55:08)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-1437170364-1528473509-2599310780-500 - Administrator - Disabled)
    DefaultAccount (S-1-5-21-1437170364-1528473509-2599310780-503 - Limited - Disabled)
    Guest (S-1-5-21-1437170364-1528473509-2599310780-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-1437170364-1528473509-2599310780-1004 - Limited - Enabled)
    Laura (S-1-5-21-1437170364-1528473509-2599310780-1008 - Limited - Enabled) => C:\Users\Laura
    Shawn (S-1-5-21-1437170364-1528473509-2599310780-1000 - Administrator - Enabled) => C:\Users\Shawn

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AV: avast! Antivirus (Enabled - Up to date) {17AD7D40-BA12-9C46-7131-94903A54AD8B}
    AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Spybot - Search and Destroy (Enabled - Up to date) {9BC38DF1-3CCA-732D-A930-C1CA5F20A4B0}
    AS: avast! Antivirus (Enabled - Up to date) {ACCC9CA4-9C28-93C8-4B81-AFE241D3E736}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.010.20060 - Adobe Systems Incorporated)
    Adobe Flash Player 21 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 21.0.0.182 - Adobe Systems Incorporated)
    Apple Application Support (32-bit) (HKLM-x32\...\{7FA9ECCF-A2DE-4DA1-BFF3-81260DBDA68F}) (Version: 4.1.2 - Apple Inc.)
    Apple Application Support (64-bit) (HKLM\...\{691F30EB-9009-475A-B8A9-E1BF39598FD5}) (Version: 4.1.2 - Apple Inc.)
    Apple Mobile Device Support (HKLM\...\{3540181E-340A-4E7A-B409-31663472B2F7}) (Version: 9.1.0.6 - Apple Inc.)
    Apple Software Update (HKLM-x32\...\{56EC47AA-5813-4FF6-8E75-544026FBEA83}) (Version: 2.2.0.150 - Apple Inc.)
    Asmedia ASM104x USB 3.0 Host Controller Driver (HKLM-x32\...\{E4FB0B39-C991-4EE7-95DD-1A1A7857D33D}) (Version: 1.14.1.0 - Asmedia Technology)
    Aspire-CCNA (HKLM-x32\...\{B91A776E-8FCB-4B51-AB0C-2E573E2C6CC8}_is1) (Version: - Cisco Systems, Inc)
    Avast Free Antivirus (HKLM-x32\...\Avast) (Version: 11.1.2253 - AVAST Software)
    AVG 2015 (Version: 15.0.4315 - AVG Technologies) Hidden
    Battlefield 3™ (HKLM-x32\...\{76285C16-411A-488A-BCE3-C83CB933D8CF}) (Version: 1.6.0.0 - Electronic Arts)
    Battlefield 4™ (HKLM-x32\...\{ABADE36E-EC37-413B-8179-B432AD3FACE7}) (Version: 1.7.2.45672 - Electronic Arts)
    Battlefield: Bad Company™ 2 (HKLM-x32\...\{3AC8457C-0385-4BEA-A959-E095F05D6D67}) (Version: 1.0.1.0 - Electronic Arts)
    Battlelog Web Plugins (HKLM-x32\...\Battlelog Web Plugins) (Version: 2.3.0 - EA Digital Illusions CE AB)
    BF3 Settings Editor (HKLM\...\{0122EDA0-52FC-4EC2-9A31-A2A757A7D40E}) (Version: 2.3 - Realmware)
    Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)
    CCleaner (HKLM\...\CCleaner) (Version: 5.15 - Piriform)
    Creative ALchemy (HKLM-x32\...\ALchemy) (Version: 1.41 - Creative Technology Limited)
    Creative Audio Control Panel (HKLM-x32\...\AudioCS) (Version: 2.56 - Creative Technology Limited)
    Creative MediaSource 5 (HKLM-x32\...\{BEEFC4F8-2909-48B3-AFAA-55D3533FDEDD}) (Version: 5.26 - Creative Technology Limited)
    Creative Software AutoUpdate (HKLM-x32\...\Creative Software AutoUpdate) (Version: 1.40 - Creative Technology Limited)
    Creative Sound Blaster Properties x64 Edition (HKLM-x32\...\Creative Sound Blaster Properties x64 Edition) (Version: - )
    Creative WaveStudio 7 (HKLM-x32\...\WaveStudio 7) (Version: 7.14 - Creative Technology Limited)
    Defraggler (HKLM\...\Defraggler) (Version: 2.10 - Piriform)
    ESN Sonar (HKLM-x32\...\ESN Sonar-0.70.4) (Version: 0.70.4 - ESN Social Software AB)
    Facebook Video Calling 3.1.0.521 (HKLM-x32\...\{2091F234-EB58-4B80-8C96-8EB78C808CF7}) (Version: 3.1.521 - Skype Limited)
    Firmware Setup (x32 Version: 1.3.11.0 - Pro Control) Hidden
    Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)
    Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
    Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
    Hex Workshop v6.8 (HKLM\...\{A36AC685-4435-4C16-861F-221231DE165D}) (Version: 6.8.0.5419 - BreakPoint Software)
    Image Library Setup (x32 Version: 1.2.2 - Pro Control) Hidden
    ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
    iTunes (HKLM\...\{FBEB98F8-64E4-4FA3-A15E-4A9F42FF962E}) (Version: 12.3.2.35 - Apple Inc.)
    Library Manager Setup (x32 Version: 1.31.13.0 - Pro Control) Hidden
    Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft ASP.NET MVC 4 Runtime (HKLM-x32\...\{3FE312D5-B862-40CE-8E4E-A6D8ABF62736}) (Version: 4.0.40804.0 - Microsoft Corporation)
    Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
    Microsoft Office Outlook Connector (HKLM-x32\...\{95140000-0081-0409-0000-0000000FF1CE}) (Version: 14.0.6123.5001 - Microsoft Corporation)
    Microsoft Office Professional Plus 2010 (HKLM-x32\...\Office14.PROPLUS) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Office Project 2007 Service Pack 3 (SP3) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{8446EB22-A746-46DC-B1BD-E0DFA1F3CDDA}) (Version: - Microsoft)
    Microsoft Office Project Professional 2007 (HKLM-x32\...\PRJPRO) (Version: 12.0.6612.1000 - Microsoft Corporation)
    Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.41212.0 - Microsoft Corporation)
    Microsoft Visio Professional 2010 (HKLM-x32\...\Office14.VISIOR) (Version: 14.0.7015.1000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
    Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
    MotioninJoy Gamepad tool 0.7.1001 (HKLM\...\{330DAC67-5B62-452A-A0E4-6B4A5923940F}_is1) (Version: 0.7.1001 - www.motioninjoy.com)
    Mozilla Firefox 41.0.2 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 41.0.2 (x86 en-US)) (Version: 41.0.2 - Mozilla)
    Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 41.0.2.5765 - Mozilla)
    NVIDIA 3D Vision Controller Driver 364.44 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.NVIRUSB) (Version: 364.44 - NVIDIA Corporation)
    NVIDIA 3D Vision Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.3DVision) (Version: 364.51 - NVIDIA Corporation)
    NVIDIA GeForce Experience 2.10.2.40 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.GFExperience) (Version: 2.10.2.40 - NVIDIA Corporation)
    NVIDIA Graphics Driver 364.51 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.Driver) (Version: 364.51 - NVIDIA Corporation)
    NVIDIA HD Audio Driver 1.3.34.4 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_HDAudio.Driver) (Version: 1.3.34.4 - NVIDIA Corporation)
    NVIDIA PhysX System Software 9.15.0428 (HKLM\...\{B2FE1952-0186-46C3-BAEC-A80AA35AC5B8}_Display.PhysX) (Version: 9.15.0428 - NVIDIA Corporation)
    Origin (HKLM-x32\...\Origin) (Version: 9.4.22.2815 - Electronic Arts, Inc.)
    Pro Control Drivers Setup (x32 Version: 1.3.33.0 - Pro Control) Hidden
    Pro Control Studio (HKLM-x32\...\{2b00fd42-4610-4acb-8336-3d4d309051ec}) (Version: 1.40.8.0 - Pro Control)
    Pro Control Studio (x32 Version: 1.40.8.0 - Pro Control) Hidden
    Pro Control USB Driver (Version: 1.3.4.0 - Pro Control) Hidden
    PunkBuster Services (HKLM-x32\...\PunkBusterSvc) (Version: 0.993 - Even Balance, Inc.)
    Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 7.48.823.2011 - Realtek)
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
    Secure Download Manager (HKLM-x32\...\{4A5667B2-5D13-46C2-85B5-9D46A6096F61}) (Version: 3.1.0 - Kivuto Solutions Inc.)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-0011-0000-0000-0000000FF1CE}_Office14.PROPLUS_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
    Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{91140000-0057-0000-0000-0000000FF1CE}_Office14.VISIOR_{359ADBEC-068A-4CC9-9174-77AB8EDB867A}) (Version: - Microsoft)
    SHIELD Streaming (Version: 5.1.0270 - NVIDIA Corporation) Hidden
    SHIELD Wireless Controller Driver (Version: 2.10.2.40 - NVIDIA Corporation) Hidden
    Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
    Template Setup (x32 Version: 1.30.31.0 - Pro Control) Hidden
    Third Party Software Setup (x32 Version: 1.0.0.0 - Pro Control) Hidden
    Tweaking.com - Registry Backup (HKLM-x32\...\Tweaking.com - Registry Backup) (Version: 3.3.1 - Tweaking.com)
    Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{90120000-003B-0000-0000-0000000FF1CE}_PRJPRO_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
    Vimicro USB2.0 UVC PC Camera (HKLM-x32\...\{71A51A91-E7D3-11DB-A386-005056C00008}) (Version: 2010.03.02 - Vimicro Corporation)
    Visual Studio 2010 x64 Redistributables (HKLM\...\{21B133D6-5979-47F0-BE1C-F6A6B304693F}) (Version: 13.0.0.1 - AVG Technologies)
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    VLC media player (HKLM-x32\...\VLC media player) (Version: 2.1.5 - VideoLAN)
    VMware Player (HKLM\...\{49CDE7BF-ED37-4753-A02D-AE23F8CD9FF7}) (Version: 12.0.1 - VMware, Inc.)
    VoiceOver Kit (HKLM\...\{703D47B8-2869-4A50-B988-BDE18772A474}) (Version: 1.43.128.3 - Apple Inc.)
    Vulkan Run Time Libraries 1.0.3.0 (HKLM\...\VulkanRT1.0.3.0) (Version: 1.0.3.0 - LunarG, Inc.)
    Windows Phone app for desktop (HKLM-x32\...\{5F71448B-88EB-4357-9A98-8658D4C49C48}) (Version: 1.1.2726.0 - Microsoft Corporation)
    WinPcap 4.1.3 (HKLM-x32\...\WinPcapInst) (Version: 4.1.0.2980 - Riverbed Technology, Inc.)
    WinRAR 4.20 (64-bit) (HKLM\...\WinRAR archiver) (Version: 4.20.0 - win.rar GmbH)
    Wireshark 1.12.8 (32-bit) (HKLM-x32\...\Wireshark) (Version: 1.12.8 - The Wireshark developer community, hxxp://www.wireshark.org)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-1437170364-1528473509-2599310780-1000_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\Shawn\AppData\Local\Microsoft\OneDrive\17.3.6302.0225\FileCoAuth.exe (Microsoft Corporation)

    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {0B1203DF-3F90-4BAE-B8C2-D1B1C55DF607} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {10A00FB2-8DA3-4E81-9F3E-D57B4D6D715F} - System32\Tasks\{8DBE5EAA-CB74-4F29-A2D8-E77B88A8E46D} => pcalua.exe -a C:\Users\Shawn\Downloads\Advanced\autorun(1).exe -d C:\Users\Shawn\Downloads\Advanced
    Task: {1960E23A-C7F4-405B-BB3E-71D6AF36EC60} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {1B4366BC-BC4D-455D-ABCB-A7D57A8084CF} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW1 => C:\Windows\ehome\ehPrivJob.exe
    Task: {1DC65BFA-D874-401C-921C-86BAE13DB5D6} - System32\Tasks\Microsoft\Windows\Media Center\StartRecording => C:\Windows\ehome\ehrec.exe
    Task: {1F1EA5C4-2A54-4A92-912C-B1538575E4D5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {203DE395-1C01-4479-A675-EB1A4DAAE203} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    Task: {267301EB-50B9-409E-943D-1E06ADF41C2F} - System32\Tasks\Microsoft\Windows\Media Center\OCURActivate => C:\Windows\ehome\ehPrivJob.exe
    Task: {27E4D7A9-B448-4D02-8D06-2DC066572A70} - System32\Tasks\{92F58179-D5B3-48DD-AFD0-38E2717F9C03} => pcalua.exe -a C:\Users\Shawn\Downloads\DRV_UVC_20100510_mirror_flip_345I342E_Default.exe -d C:\Users\Shawn\Downloads
    Task: {28F36AB9-FF58-480C-9E4B-460098AA8A43} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate => C:\Windows\ehome\mcupdate.exe
    Task: {34D6DB05-5BB8-46AF-8A60-2B10999C8D32} - System32\Tasks\Microsoft\Windows\Media Center\ObjectStoreRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {364DC852-4FBB-4EB9-8036-751DE5EA4AA2} - System32\Tasks\0915avUpdateInfo => C:\ProgramData\Avg_Update_0915av\0915av_AVG-Secure-Search-Update.exe [2015-07-26] ()
    Task: {3DC572C1-F0B9-477D-A41A-2A6AD5B376A8} - System32\Tasks\1215tbUpdateInfo => C:\ProgramData\Avg_Update_1215tb\1215tb_{6F3EA555-0251-4DD5-904C-CB7EF2318966}.exe [2015-12-18] ()
    Task: {3FCC25A1-D232-40C8-AAD0-3224EDD46187} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDImmunize.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {4B655513-FEA2-446E-B91E-048E8B687740} - System32\Tasks\Microsoft\Windows\Media Center\RegisterSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {5F800112-F4A6-45D6-94BC-7AD0DD1BDC28} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2016-02-12] (Piriform Ltd)
    Task: {6097D0F8-DFB9-43A0-9B05-BB200C7033F5} - System32\Tasks\{00C63FCE-75E0-4041-8456-0693BD4F83C8} => pcalua.exe -a C:\Users\Shawn\Downloads\pbsetup.exe -d C:\Users\Shawn\Downloads
    Task: {65A9C357-5A2B-43E6-9DC1-C67CC85E96B2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {666471B4-73B9-4084-921F-004BD68DE297} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
    Task: {674E1D92-DA32-4A77-9342-2EDFB2B3635C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {6926F3C8-0466-4788-A4B3-039534C15DE7} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1437170364-1528473509-2599310780-1000Core => C:\Users\Shawn\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: {6AFB98E3-6A56-4AA1-9113-C1CEF27C1541} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {73F7BC0D-FB61-4645-BF81-686F81653676} - System32\Tasks\Microsoft\Windows\Media Center\PBDADiscoveryW2 => C:\Windows\ehome\ehPrivJob.exe
    Task: {7B217AF7-4DE6-453F-8F9F-E9D93EE556BE} - System32\Tasks\Microsoft\Windows\Media Center\PvrScheduleTask => C:\Windows\ehome\mcupdate.exe
    Task: {7D1351BB-C9EB-4864-B7AD-4E608BD9F5B3} - System32\Tasks\Microsoft\Windows\Media Center\ehDRMInit => C:\Windows\ehome\ehPrivJob.exe
    Task: {81DC8F50-8DD3-4D87-A28D-2E3269D1C1C7} - System32\Tasks\Microsoft\Windows\Media Center\MediaCenterRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {85388C17-0619-48C4-BBA4-6377A111E46E} - System32\Tasks\ASUS\RunDAOD => C:\Windows\DAODx.exe [2009-03-30] ()
    Task: {881208D4-CA33-4684-8117-8115AC28F75A} - System32\Tasks\Microsoft\Windows\Media Center\SqlLiteRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {8A412829-6B8E-4E78-866B-EC89B492A9BE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {8B672A73-5D42-4178-ABAA-0644F4E1D907} - System32\Tasks\Microsoft\Windows\Media Center\InstallPlayReady => C:\Windows\ehome\ehPrivJob.exe
    Task: {8F306F34-176D-4499-B2FF-27CF4C671BA9} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Check for updates => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe [2014-06-27] (Safer-Networking Ltd.)
    Task: {910B97D8-755E-47CE-82F3-735EA3CA3B31} - System32\Tasks\Microsoft\Windows\Media Center\ActivateWindowsSearch => C:\Windows\ehome\ehPrivJob.exe
    Task: {935C9F65-E37F-4609-921A-BEDE633C0BAF} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-03-08] (Microsoft Corporation)
    Task: {9712A06A-9173-428F-AD19-1DF6A52E7284} - System32\Tasks\avast! Emergency Update => C:\Program Files\AVAST Software\Avast\AvastEmUpdate.exe [2016-03-10] (AVAST Software)
    Task: {991F998C-1133-49F9-9A7F-D414917CA5D1} - System32\Tasks\SidebarExecute => C:\Program Files\Windows Sidebar\sidebar.exe
    Task: {9CC31D2C-8639-4485-8FB5-AA55E27D5B88} - System32\Tasks\0615avUpdateInfo => C:\ProgramData\Avg_Update_0615av\0615av_AVG-Secure-Search-Update.exe [2015-05-07] ()
    Task: {A5066F25-F9D8-42B8-94E8-DFD90ADE79EE} - System32\Tasks\Microsoft\Windows\Media Center\PvrRecoveryTask => C:\Windows\ehome\mcupdate.exe
    Task: {AEBC825E-AC39-4D98-ABED-CA244545EDA4} - System32\Tasks\avast! Windows 10 Start Menu helper => c:\program files\avast software\avast\asww10mon.exe [2016-03-18] (AVAST Software)
    Task: {BB4A578E-E857-4DC1-964A-4946F0EF0523} - System32\Tasks\Microsoft\Windows\Media Center\DispatchRecoveryTasks => C:\Windows\ehome\ehPrivJob.exe
    Task: {BCD7C916-04E2-4B33-84E7-458CBD995849} - System32\Tasks\Microsoft\Windows\Media Center\ConfigureInternetTimeService => C:\Windows\ehome\ehPrivJob.exe
    Task: {BDB6C1C8-3EFA-4E7E-ACA8-79B4A6CE89A3} - System32\Tasks\Microsoft\Windows\Media Center\UpdateRecordPath => C:\Windows\ehome\ehPrivJob.exe
    Task: {C6A53B2B-2029-4CEE-8C93-E222B212FB45} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {C80471E5-BCAD-457D-BBEE-178D17BE16E8} - System32\Tasks\{A0645A81-A12F-418A-8219-B5C7F1B3B9A1} => pcalua.exe -a C:\Users\Shawn\Downloads\pbsetup\pbsetup.exe -d C:\Users\Shawn\Downloads\pbsetup
    Task: {C9717761-866C-47E2-A559-9DAE0088C55C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {CF85A212-BEAB-4BF4-8986-787ABBD5E3D2} - System32\Tasks\Microsoft\Windows\Media Center\ReindexSearchRoot => C:\Windows\ehome\ehPrivJob.exe
    Task: {D25684A4-9F64-4E47-8C0F-598858D07CC1} - System32\Tasks\Microsoft\Windows\Media Center\PeriodicScanRetry => C:\Windows\ehome\MCUpdate.exe
    Task: {D4974838-D374-4343-8A4E-563910CF62EA} - System32\Tasks\Safer-Networking\Spybot - Search and Destroy\Scan the system => C:\Program Files (x86)\Spybot - Search & Destroy 2\SDScan.exe [2014-06-24] (Safer-Networking Ltd.)
    Task: {D520A0B2-94BB-4CDA-A3D6-3DAF265CCC57} - System32\Tasks\Microsoft\Windows\Media Center\OCURDiscovery => C:\Windows\ehome\ehPrivJob.exe
    Task: {D7A3AD09-65AC-4A65-8BD0-5D715349CC70} - System32\Tasks\FacebookUpdateTaskUserS-1-5-21-1437170364-1528473509-2599310780-1000UA => C:\Users\Shawn\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: {DCD2B74C-1DA7-400A-81F8-15B4DBB7CD03} - System32\Tasks\Microsoft\Windows\Media Center\RecordingRestart => C:\Windows\ehome\ehrec.exe
    Task: {E2C8A391-C3F7-4FF4-9251-610F6F284624} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {E3319EBD-CF1B-4FF1-958D-A92CA8DE204D} - System32\Tasks\Microsoft\Windows\Media Center\mcupdate_scheduled => C:\Windows\ehome\mcupdate.exe
    Task: {E86591A8-1C87-4E18-A44F-762DC27DBDE8} - System32\Tasks\Adobe Flash Player Updater => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe [2016-03-10] (Adobe Systems Incorporated)
    Task: {EA674455-4C2E-40CC-B128-936F796F678A} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-08-31] (Google Inc.)
    Task: {EA7EB10D-CBD5-4891-9A31-F8DE72EF2A29} - System32\Tasks\{0F8F38AE-5F4D-44F6-94BB-344440535BD9} => pcalua.exe -a C:\Users\Shawn\Downloads\DriverInstall_IncludeDX9.0c.exe -d C:\Users\Shawn\Downloads
    Task: {EC3F19A3-1072-4DF3-B76E-327DAD249825} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2016-02-23] (Apple Inc.)
    Task: {F1F73B18-6E63-4A4F-BEF1-01D3096E532C} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-08] (Microsoft Corporation)
    Task: {F5F6B050-73E7-4AE3-B4E3-5C415A52AEF6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {FAEE548D-5B79-4816-AB8F-717111225C4B} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-12-14] (Adobe Systems Incorporated)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\0615avUpdateInfo.job => C:\ProgramData\Avg_Update_0615av\0615av_AVG-Secure-Search-Update.exe
    Task: C:\WINDOWS\Tasks\Adobe Flash Player Updater.job => C:\Windows\SysWOW64\Macromed\Flash\FlashPlayerUpdateService.exe
    Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1437170364-1528473509-2599310780-1000Core.job => C:\Users\Shawn\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\WINDOWS\Tasks\FacebookUpdateTaskUserS-1-5-21-1437170364-1528473509-2599310780-1000UA.job => C:\Users\Shawn\AppData\Local\Facebook\Update\FacebookUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Shortcuts =============================

    (The entries could be listed to be restored or removed.)

    ==================== Loaded Modules (Whitelisted) ==============

    2014-09-19 21:31 - 2011-06-13 16:36 - 00922240 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.14\atkexComSvc.exe
    2015-09-09 10:09 - 2015-11-15 19:45 - 00076152 _____ () C:\WINDOWS\system32\PnkBstrA.exe
    2015-01-20 23:35 - 2015-01-20 23:35 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll
    2015-10-13 05:45 - 2015-10-13 05:45 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll
    2016-02-24 00:21 - 2016-02-17 01:56 - 01416064 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\MessageBus.dll
    2016-01-20 00:56 - 2016-02-17 01:56 - 00299392 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamBase.dll
    2016-02-24 00:21 - 2016-02-17 01:56 - 03613056 _____ () C:\Program Files\NVIDIA Corporation\NvStreamSrv\Poco.dll
    2014-09-19 21:31 - 2010-12-02 10:15 - 00915584 _____ () C:\Program Files (x86)\ASUS\AAHM\1.00.14\aaHMSvc.exe
    2015-10-30 02:18 - 2015-10-30 02:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
    2015-12-06 05:15 - 2016-03-08 01:42 - 00134712 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2016-03-01 14:21 - 2016-02-23 06:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2009-03-30 01:32 - 2009-03-30 01:32 - 00032768 ____R () C:\Windows\DAODx.exe
    2016-03-01 14:21 - 2016-02-23 06:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2013-09-05 01:17 - 2013-09-05 01:17 - 04300456 _____ () C:\Program Files\Common Files\microsoft shared\OFFICE14\Cultures\OFFICE.ODF
    2010-10-20 15:23 - 2010-10-20 15:23 - 08801632 _____ () C:\Program Files\Microsoft Office\Office14\1033\GrooveIntlResource.dll
    2015-12-18 19:53 - 2015-12-06 23:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
    2016-03-01 14:21 - 2016-02-23 03:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2016-01-14 19:19 - 2016-01-04 20:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2016-01-14 19:19 - 2016-01-04 20:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2016-01-27 18:45 - 2016-01-16 00:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2016-01-27 18:45 - 2016-01-16 00:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2016-01-22 16:33 - 2016-01-22 16:33 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeHost.exe
    2016-03-04 01:04 - 2016-03-04 01:04 - 00016384 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe
    2016-03-04 01:04 - 2016-03-04 01:04 - 16062976 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll
    2016-03-04 01:04 - 2016-03-04 01:04 - 00291328 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_16.302.8200.0_x64__8wekyb3d8bbwe\StoreRatingPromotion.dll
    2016-03-10 00:39 - 2016-03-10 00:39 - 00113496 _____ () C:\Program Files\AVAST Software\Avast\log.dll
    2016-03-10 00:39 - 2016-03-10 00:39 - 00133768 _____ () C:\Program Files\AVAST Software\Avast\JsonRpcServer.dll
    2016-03-16 15:54 - 2016-03-16 15:54 - 02841600 _____ () C:\Program Files\AVAST Software\Avast\defs\16031600\algo.dll
    2016-03-10 00:39 - 2016-03-10 00:39 - 00480760 _____ () C:\Program Files\AVAST Software\Avast\ffl2.dll
    2016-03-17 00:31 - 2016-03-17 00:31 - 02841600 _____ () C:\Program Files\AVAST Software\Avast\defs\16031601\algo.dll
    2016-03-10 00:39 - 2016-03-10 00:39 - 00307808 _____ () C:\Program Files\AVAST Software\Avast\browser_pass.dll
    2016-03-18 18:59 - 2016-03-18 18:59 - 02856960 _____ () C:\Program Files\AVAST Software\Avast\defs\16031802\algo.dll
    2016-03-10 00:32 - 2014-05-13 13:04 - 00109400 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlThirdParty150.bpl
    2016-03-10 00:32 - 2014-05-13 13:04 - 00167768 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\snlFileFormats150.bpl
    2016-03-10 00:32 - 2014-05-13 13:04 - 00416600 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\DEC150.bpl
    2016-03-10 00:32 - 2012-08-23 11:38 - 00574840 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\sqlite3.dll
    2016-03-10 00:32 - 2012-04-03 18:06 - 00565640 _____ () C:\Program Files (x86)\Spybot - Search & Destroy 2\av\BDSmartDB.dll
    2014-09-19 21:31 - 2016-03-17 00:28 - 00032256 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.14\PEbiosinterface32.dll
    2014-09-19 21:31 - 2010-06-29 10:58 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.00.14\ATKEX.dll
    2015-10-18 19:33 - 2015-10-18 19:33 - 01301696 _____ () C:\Program Files (x86)\VMware\VMware Player\libxml2.dll
    2015-08-06 19:03 - 2016-02-17 02:02 - 00020352 _____ () C:\Program Files (x86)\NVIDIA Corporation\Update Core\detoured.dll
    2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll
    2016-03-10 00:40 - 2016-03-10 00:40 - 40539648 _____ () C:\Program Files\AVAST Software\Avast\libcef.dll
    2014-09-20 22:12 - 2016-02-02 22:49 - 01016832 _____ () C:\Program Files (x86)\Origin\platforms\qwindows.dll
    2014-09-20 22:12 - 2016-02-02 22:49 - 00028160 _____ () C:\Program Files (x86)\Origin\imageformats\qgif.dll
    2014-09-20 22:12 - 2016-02-02 22:49 - 00029696 _____ () C:\Program Files (x86)\Origin\imageformats\qico.dll
    2014-09-20 22:12 - 2016-02-02 22:49 - 00256000 _____ () C:\Program Files (x86)\Origin\imageformats\qjpeg.dll
    2014-09-20 22:12 - 2016-02-02 22:49 - 00266240 _____ () C:\Program Files (x86)\Origin\imageformats\qmng.dll
    2014-09-20 22:12 - 2016-02-02 22:49 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qtga.dll
    2014-09-20 22:12 - 2016-02-02 22:49 - 00346112 _____ () C:\Program Files (x86)\Origin\imageformats\qtiff.dll
    2014-09-20 22:12 - 2016-02-02 22:49 - 00023552 _____ () C:\Program Files (x86)\Origin\imageformats\qwbmp.dll
    2014-09-20 22:12 - 2016-02-02 22:49 - 00243200 _____ () C:\Program Files (x86)\Origin\mediaservice\wmfengine.dll
    2016-01-22 16:33 - 2016-01-22 16:33 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
    2016-01-22 16:33 - 2016-01-22 16:33 - 22330368 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.13.20000.0_x86__8wekyb3d8bbwe\SkyWrap.dll
    2015-04-30 03:54 - 2015-04-30 03:54 - 00319288 _____ () C:\Program Files (x86)\Battlelog Web Plugins\launcher-162.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)


    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)


    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2009-07-13 21:34 - 2009-06-10 16:00 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-1437170364-1528473509-2599310780-1000\Control Panel\Desktop\\Wallpaper -> c:\windows\web\wallpaper\windows\img0.jpg
    DNS Servers: 192.168.0.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\Run32: => "VMonitorVMUVC"

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [MSMQ-In-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-TCP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-In-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [MSMQ-Out-UDP] => (Allow) %systemroot%\system32\mqsvc.exe
    FirewallRules: [WCF-NetTcpActivator-In-TCP-64bit] => (Allow) LPort=808
    FirewallRules: [{6CD7B44A-D839-4AC1-8F27-8FCB44B53F20}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    FirewallRules: [{1DCAF26C-E297-4A45-BD76-7BE124A5E3BD}] => (Allow) C:\Program Files (x86)\VMware\VMware Player\vmware-authd.exe
    FirewallRules: [{C8788E46-DCF1-4558-9450-9722390E6331}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
    FirewallRules: [{C239DB0A-9EC8-4834-A303-CBDB2C6760C3}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
    FirewallRules: [{DCD113C8-10B4-432C-9A9F-2068CCD2A33E}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
    FirewallRules: [{A33E50DF-931F-4A4D-A37A-430297E93836}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
    FirewallRules: [{4EF64F90-C3B5-4A65-A690-184F51B8DDF2}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
    FirewallRules: [{97B60041-538A-46F3-9DA9-8E99E53D1783}] => (Allow) C:\Program Files (x86)\Battlelog Web Plugins\Sonar\0.70.4\SonarHost.exe
    FirewallRules: [{A71F7A7E-FAF4-4F92-80EC-60EC03A20B1B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{D5E74570-3E1F-47D4-A121-218528B4B7C7}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{C89241FE-60D3-46AB-8D80-A8C7460394AB}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{93A924F2-1F32-4E61-9B5E-F6EFFB0903DC}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{24750C4A-0D72-4333-BF3E-D2DB6105A26A}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{A964EFF6-4F8C-4715-AACC-19AC93C5E9CB}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
    FirewallRules: [{A2A37706-3FB8-4B9D-BCD4-4BE1CA11BEFA}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{A0D115A3-1BE3-453B-95C4-5D56244A3CF6}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe
    FirewallRules: [{05E741AC-FDDC-4356-98B7-65300CD6DD30}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{125F207C-12F0-4D08-A088-B05D3F599F1A}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe
    FirewallRules: [{130963C8-CF6E-4D81-B4F3-658522060909}] => (Block) C:\program files (x86)\origin games\battlefield 4\bf4.exe
    FirewallRules: [{311CDAE6-063F-4590-B3FF-B452281FF3CA}] => (Block) C:\program files (x86)\origin games\battlefield 4\bf4.exe
    FirewallRules: [UDP Query User{05DC2449-FA3D-4EDF-AB10-4A92E480EE86}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
    FirewallRules: [TCP Query User{0D62E557-6039-4FD6-85AB-88193A6523F7}C:\program files (x86)\origin games\battlefield 4\bf4.exe] => (Allow) C:\program files (x86)\origin games\battlefield 4\bf4.exe
    FirewallRules: [{F700D67C-F73C-4A8C-8817-CCB30F0D83FE}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{363F2BB3-C10E-4908-8A2C-0E35F8FBD743}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\nvstreamer.exe
    FirewallRules: [{3F9AD0DF-B5B2-40E0-BAF9-082AA83A4802}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamUserAgent.exe
    FirewallRules: [{E28B2F54-039F-4F8D-810D-A9B69C54675B}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{8D01BDBF-2FA7-47D7-9218-9C10A15CCEB8}] => (Allow) C:\Program Files\NVIDIA Corporation\NvStreamSrv\NvStreamNetworkService.exe
    FirewallRules: [{7AF03403-D08C-4E97-AF0D-49B45F6DE824}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{C08BB9CD-D150-494C-82AE-8A22689FEE11}] => (Allow) C:\Windows\SysWOW64\PnkBstrA.exe
    FirewallRules: [{BED6B201-9C10-439E-9C02-B093CA1E06FD}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [{4C865198-DF39-4C6F-AF67-16683622F30B}] => (Allow) C:\Windows\SysWOW64\PnkBstrB.exe
    FirewallRules: [TCP Query User{09C67FF6-6A6F-42B8-B8FF-6346BCC35D5B}C:\users\shawn\downloads\advanced\autorun(1).exe] => (Allow) C:\users\shawn\downloads\advanced\autorun(1).exe
    FirewallRules: [UDP Query User{3313482B-09BD-479E-B2E5-46B571B67AA3}C:\users\shawn\downloads\advanced\autorun(1).exe] => (Allow) C:\users\shawn\downloads\advanced\autorun(1).exe
    FirewallRules: [{A2A88C45-BC0D-4330-98B9-9EA8E2047781}] => (Block) C:\users\shawn\downloads\advanced\autorun(1).exe
    FirewallRules: [{A42CBD13-AEE4-4676-B0B4-4D550BBA3646}] => (Block) C:\users\shawn\downloads\advanced\autorun(1).exe
    FirewallRules: [{CF726296-B767-41F9-B3C5-54C11143A203}] => (Allow) C:\Program Files (x86)\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe
    FirewallRules: [{11EEB469-FAF9-4600-9049-D3E1530EF1BA}] => (Allow) C:\Program Files (x86)\Electronic Arts\Battlefield Bad Company 2\BFBC2Updater.exe
    FirewallRules: [TCP Query User{D18118F8-FFA5-4F05-8856-535C46720EF6}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe] => (Allow) C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe
    FirewallRules: [UDP Query User{9AC371D1-267F-4C3C-93B2-9416178C91C1}C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe] => (Allow) C:\program files (x86)\electronic arts\battlefield bad company 2\bfbc2game.exe
    FirewallRules: [TCP Query User{831214E9-D839-416E-A755-7E8144838FDA}C:\program files (x86)\aspire-ccna\bin\aspire.exe] => (Allow) C:\program files (x86)\aspire-ccna\bin\aspire.exe
    FirewallRules: [UDP Query User{8C23D84B-E770-47E2-8417-DBB5080993B5}C:\program files (x86)\aspire-ccna\bin\aspire.exe] => (Allow) C:\program files (x86)\aspire-ccna\bin\aspire.exe
    FirewallRules: [{0C1FAA70-04AA-46FC-AF9C-9192CF8A3B9F}] => (Block) C:\program files (x86)\aspire-ccna\bin\aspire.exe
    FirewallRules: [{3D44B082-F835-4A3C-AE86-F50509A2C3D6}] => (Block) C:\program files (x86)\aspire-ccna\bin\aspire.exe
    FirewallRules: [{4FBA207D-74E5-4FAD-9E36-8EB147C7CFF9}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{3152510A-00B4-4E15-98A7-717B81482922}] => (Allow) C:\Program Files (x86)\NVIDIA Corporation\NetService\NvNetworkService.exe
    FirewallRules: [{50A85A3C-BA6D-4546-AB8F-9A4263264337}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
    FirewallRules: [{9D1F395D-1890-42B8-A170-281C599B946C}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 3\bf3.exe
    FirewallRules: [TCP Query User{E39ECAD7-C432-4611-A7E3-509B2A1DBA2D}C:\program files (x86)\bitlord\bitlord.exe] => (Block) C:\program files (x86)\bitlord\bitlord.exe
    FirewallRules: [UDP Query User{7F9797A3-FFC9-4FAA-969D-4D674458CBAE}C:\program files (x86)\bitlord\bitlord.exe] => (Block) C:\program files (x86)\bitlord\bitlord.exe
    FirewallRules: [{4C848D21-6BC4-4B0D-BF8D-4F3DB7803D31}] => (Allow) C:\Program Files (x86)\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe
    FirewallRules: [{102655E3-4AD5-4F03-BBDD-DD62BD1180E6}] => (Allow) C:\Program Files (x86)\Electronic Arts\Battlefield Bad Company 2\BFBC2Game.exe
    FirewallRules: [{483A8572-6411-4150-BCAB-94E21FD6B435}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
    FirewallRules: [{B6EA980E-4B5C-4FAC-B64B-3D8CEDF04877}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4WebHelper.exe
    FirewallRules: [{FAF3CBC0-3435-423B-8122-1464F4B54997}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
    FirewallRules: [{251423BD-C1A7-4BAF-959B-20DB1ABFCF75}] => (Allow) C:\Program Files (x86)\Origin Games\Battlefield 4\BF4X86WebHelper.exe
    FirewallRules: [{30B42EB8-DBF9-4088-A4B2-982FB1BF9821}] => (Allow) C:\Program Files\iTunes\iTunes.exe
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
    StandardProfile\AuthorizedApplications: [C:\Program Files (x86)\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

    ==================== Restore Points =========================

    08-03-2016 22:01:32 Windows Update
    10-03-2016 00:34:10 Removed AVG
    18-03-2016 17:39:32 Scheduled Checkpoint

    ==================== Faulty Device Manager Devices =============

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.

    Name:
    Description:
    Class Guid:
    Manufacturer:
    Service:
    Problem: : The drivers for this device are not installed. (Code 28)
    Resolution: To install the drivers for this device, click "Update Driver", which starts the Hardware Update wizard.


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (03/18/2016 05:39:43 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
    Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

    Details:
    AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

    System Error:
    Access is denied.
    .

    Error: (03/18/2016 07:22:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1453

    Error: (03/18/2016 07:22:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1453

    Error: (03/18/2016 07:22:59 AM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second

    Error: (03/18/2016 01:00:49 AM) (Source: Perflib) (EventID: 1008) (User: )
    Description: BITSC:\Windows\System32\bitsperf.dll8

    Error: (03/17/2016 10:56:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Shawn-PC)
    Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/17/2016 10:56:23 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: Shawn-PC)
    Description: Activation of app Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (03/17/2016 10:14:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledSPRetry 1468

    Error: (03/17/2016 10:14:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: m->NextScheduledEvent 1468

    Error: (03/17/2016 10:14:20 PM) (Source: Bonjour Service) (EventID: 100) (User: )
    Description: Task Scheduling Error: Continuously busy for more than a second


    System errors:
    =============
    Error: (03/18/2016 01:48:00 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_75cb31a service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (03/17/2016 10:56:23 PM) (Source: DCOM) (EventID: 10010) (User: Shawn-PC)
    Description: App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca

    Error: (03/17/2016 10:56:23 PM) (Source: DCOM) (EventID: 10010) (User: Shawn-PC)
    Description: App.AppXwdz8g2fxr36xz0tdtagygnvemf85s7gg.mca

    Error: (03/17/2016 10:56:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Access_3ae3c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (03/17/2016 10:56:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The User Data Storage_3ae3c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (03/17/2016 10:56:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Contact Data_3ae3c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (03/17/2016 10:56:20 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
    Description: The Sync Host_3ae3c service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

    Error: (03/17/2016 12:33:02 AM) (Source: Service Control Manager) (EventID: 7022) (User: )
    Description: The Delivery Optimization service hung on starting.

    Error: (03/17/2016 12:29:00 AM) (Source: Service Control Manager) (EventID: 7000) (User: )
    Description: The NetPipeActivator service failed to start due to the following error:
    %%1053

    Error: (03/17/2016 12:29:00 AM) (Source: Service Control Manager) (EventID: 7009) (User: )
    Description: A timeout was reached (30000 milliseconds) while waiting for the NetPipeActivator service to connect.


    CodeIntegrity:
    ===================================
    Date: 2016-03-12 03:08:26.968
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-03-11 05:16:25.370
    Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

    Date: 2016-03-09 23:36:50.713
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-03-09 23:36:50.683
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-03-09 23:34:51.527
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-03-09 23:34:51.496
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-03-09 14:05:08.411
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-03-09 14:05:08.395
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-03-09 12:35:54.107
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

    Date: 2016-03-09 12:35:54.089
    Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Program Files (x86)\AVG\Av\avgidsagent.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.


    ==================== Memory info ===========================

    Processor: AMD FX(tm)-4100 Quad-Core Processor
    Percentage of memory in use: 26%
    Total physical RAM: 8138.44 MB
    Available physical RAM: 5958.12 MB
    Total Virtual: 16330.44 MB
    Available Virtual: 13379.77 MB

    ==================== Drives ================================

    Drive c: () (Fixed) (Total:771.96 GB) (Free:490.98 GB) NTFS ==>[drive with boot components (obtained from BCD)]
    Drive e: (New Volume) (Fixed) (Total:159.11 GB) (Free:17.53 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: EDC7DE1E)
    Partition 1: (Active) - (Size=772 GB) - (Type=07 NTFS)
    Partition 2: (Not Active) - (Size=450 MB) - (Type=27)
    Partition 3: (Not Active) - (Size=159.1 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
  8. 2016-03-19, 01:33 #8
    Incognito70
    Incognito70 is offline
    Junior Member
    Join Date
    Mar 2016
    Posts
    23

    Default

    aswMBR is still scanning. seems really in depth. Will post results as soon as they come through.
  9. 2016-03-19, 02:18 #9
    Incognito70
    Incognito70 is offline
    Junior Member
    Join Date
    Mar 2016
    Posts
    23

    Default

    aswMBR version 1.0.1.2252 Copyright(c) 2014 AVAST Software
    Run date: 2016-03-18 19:16:42
    -----------------------------
    19:16:42.175 OS Version: Windows x64 6.2.9200
    19:16:42.176 Number of processors: 4 586 0x102
    19:16:42.177 ComputerName: SHAWN-PC UserName: Shawn
    19:16:45.156 Initialize success
    19:16:45.190 VM: initialized successfully
    19:16:45.192 VM: Amd CPU supported
    19:16:47.348 AVAST engine defs: 16031802
    19:16:53.651 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002d
    19:16:53.653 Disk 0 Vendor: ST31000520AS CC32 Size: 953869MB BusType: 11
    19:16:53.770 Disk 0 MBR read successfully
    19:16:53.777 Disk 0 MBR scan
    19:16:53.786 Disk 0 Windows 7 default MBR code
    19:16:53.795 Disk 0 Partition 1 80 (A) 07 HPFS/NTFS NTFS 790492 MB offset 2048
    19:16:53.828 Disk 0 Partition 2 00 27 Hidden NTFS WinRE NTFS 450 MB offset 1618929664
    19:16:53.840 Disk 0 Partition 3 00 07 HPFS/NTFS NTFS 162924 MB offset 1619851264
    19:16:53.871 Disk 0 scanning C:\WINDOWS\system32\drivers
    19:17:03.442 Service scanning
    19:17:15.544 Modules scanning
    19:17:15.575 Disk 0 trace - called modules:
    19:17:15.608 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll storahci.sys
    19:17:15.615 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe00164647060]
    19:17:15.621 3 CLASSPNP.SYS[fffff801fedd7d95] -> nt!IofCallDriver -> \Device\0000002d[0xffffe00164359060]
    19:17:16.851 AVAST engine scan C:\WINDOWS
    19:17:18.834 AVAST engine scan C:\WINDOWS\system32
    19:19:36.920 AVAST engine scan C:\WINDOWS\system32\drivers
    19:19:56.086 AVAST engine scan C:\Users\Shawn
    19:39:56.505 AVAST engine scan C:\ProgramData
    19:42:21.817 Disk 0 statistics 3885236/0/0 @ 1.64 MB/s
    19:42:21.833 Scan finished successfully
    20:15:04.662 Disk 0 MBR has been saved successfully to "C:\Users\Shawn\Desktop\MBR.dat"
    20:15:04.666 The log file has been saved successfully to "C:\Users\Shawn\Desktop\aswMBR.txt"


    There ya go. Hope it helps. BTW, ran the registry back a second time and it saved all 16 perimeters.
  10. 2016-03-19, 02:55 #10
    Juliet
    Juliet is offline
    Security Expert-emeritus Juliet's Avatar
    Join Date
    Feb 2007
    Location
    Deep South
    Posts
    4,084

    Default

    Please open Notepad *Do Not Use Wordpad!* or use any other text editor than Notepad or the script will fail. (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the text present inside the quote box below:
    To do this highlight the contents of the box and right click on it and select copy.
    Paste this into the open notepad. save it to the Desktop as fixlist.txt
    NOTE. It's important that both files, FRST/FRST64 and fixlist.txt are in the same location or the fix will not work.
    It needs to be saved Next to the "Farbar Recovery Scan Tool" (If asked to overwrite existing one please allow)





    start
    CreateRestorePoint:
    CloseProcesses:
    BHO-x32: No Name -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> No File
    FF Homepage: hxxps://mysearch.avg.com/?cid={1B00F294-29D8-4757-9152-E4C3866925F9}&mid=17147fa2921447cc8728c1f60ea56606-044f05f187d7db7cedd6a59a39ecf6bedb5e37a7&lang=en&ds=AVG&coid=avgtbavg&cmpid=1215av&pr=fr&d=2015-12-06 10:40:28&v=4.2.1.951&pid=wtu&sg=&sap=hp
    FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.2.5\\npsitesafety.dll [No File]
    FF Plugin-x32: @esn/esnlaunch,version=1.132.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.132.0\npesnlaunch.dll [No File]
    FF Plugin-x32: @esn/esnlaunch,version=1.140.0 -> C:\Program Files (x86)\Battlelog Web Plugins\1.140.0\npesnlaunch.dll [No File]
    FF Plugin-x32: @esn/esnlaunch,version=2.1.4 -> C:\Program Files (x86)\Battlelog Web Plugins\2.1.4\npesnlaunch.dll [No File]
    FF Plugin-x32: @esn/npbattlelog,version=2.5.0 -> C:\Program Files (x86)\Battlelog Web Plugins\2.5.0\npbattlelog.dll [No File]
    FF Plugin-x32: @esn/npbattlelog,version=2.6.2 -> C:\Program Files (x86)\Battlelog Web Plugins\2.6.2\npbattlelog.dll [No File]
    FF Plugin HKU\S-1-5-21-1437170364-1528473509-2599310780-1000: @Skype Limited.com/Facebook Video Calling Plugin -> C:\Users\Shawn\AppData\Local\Facebook\Video\Skype\npFacebookVideoCalling.dll [No File]
    FF SearchPlugin: C:\Users\Shawn\AppData\Roaming\Mozilla\Firefox\Profiles\7cvxa88t.default\searchplugins\avg-secure-search.xml [2016-03-10]
    Task: {1960E23A-C7F4-405B-BB3E-71D6AF36EC60} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {1F1EA5C4-2A54-4A92-912C-B1538575E4D5} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
    Task: {203DE395-1C01-4479-A675-EB1A4DAAE203} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
    ask: {65A9C357-5A2B-43E6-9DC1-C67CC85E96B2} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {674E1D92-DA32-4A77-9342-2EDFB2B3635C} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {6AFB98E3-6A56-4AA1-9113-C1CEF27C1541} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {8A412829-6B8E-4E78-866B-EC89B492A9BE} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {C6A53B2B-2029-4CEE-8C93-E222B212FB45} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {C9717761-866C-47E2-A559-9DAE0088C55C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {E2C8A391-C3F7-4FF4-9251-610F6F284624} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: {F5F6B050-73E7-4AE3-B4E3-5C415A52AEF6} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\0615avUpdateInfo.job => C:\ProgramData\Avg_Update_0615av\0615av_AVG-Secure-Search-Update.exe
    CMD: ipconfig /flushdns
    CMD: netsh winsock reset all
    CMD: netsh int ipv4 reset
    CMD: netsh int ipv6 reset
    CMD: bitsadmin /reset /allusers
    EmptyTemp:
    End
    Open FRST/FRST64 and press the > Fix < button just once and wait.
    If for some reason the tool needs a restart, please make sure you let the system restart normally. After that let the tool complete its run.
    When finished FRST will generate a log on the Desktop (Fixlog.txt). Please post it to your reply.
    ~~~~~~~~~~~~~~~~~~~~~~~~~~~`

    AdwCleaner
    • Please download AdwCleaner and save the file to your Desktop.
    • Right-Click AdwCleaner.exe and select Run as administrator to run the programme.
    • Follow the prompts.
    • Click Scan.
    • Upon completion, click Report. A log (AdwCleaner[SX].txt) will open. Briefly check the log for anything you know to be legitimate.
    • Ensure anything you know to be legitimate does not have a checkmark, and click Clean.
    • Follow the prompts and allow your computer to reboot.
    • After rebooting, a log (AdwCleaner[SX].txt) will open. Copy the contents of the log and paste in your next reply.

    -- File and registry key backups are made for anything removed using this tool. Should a legitimate entry be removed (otherwise known as a 'false-positive'), simple steps can be taken to restore the entry. Please do not overly concern yourself with the contents of AdwCleaner[R0].txt.

    ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~



    Please download Junkware Removal Tool
    or from here http://downloads.malwarebytes.org/file/jrt
    to your desktop.
    • Shut down your protection software now to avoid potential conflicts.
    • Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
    • The tool will open and start scanning your system.
    • Please be patient as this can take a while to complete depending on your system's specifications.
    • On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
    • Post the contents of JRT.txt into your next message.


    ~~~~~~~~~~~~~~~~~~~~~~~``
    please post
    Fixlog.txt
    AdwCleaner[C1].txt
    JRT.txt
    Windows Insider MVP Consumer Security 2009 - 2017
    Please do not PM me for Malware help, we all benefit from posting on the open board.
« Previous Thread | Next Thread »

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  

Forum Rules