WE'RE SURE THAT YOU'LL LOVE US!

Hey there! :wub: Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. Join 93084 other members! Anybody can ask, anybody can answer. Consistently helpful members may be invited to become staff. Here's how it works. Virus cleanup? Start here -> Malware Removal Forum.

Try What the Tech -- It's free!

Javascript Disabled Detected

You currently have javascript disabled. Several functions may not work. Please re-enable javascript to access full functionality.

EasyCalendar and possibly more fun scumware [Solved]

Started by Dean N , Oct 20 2015 07:33 PM

This topic is locked

21 replies to this topic

#1 Dean N

Authentic Member

Authentic Member
152 posts

Posted 20 October 2015 - 07:33 PM

Well, I screwed up and got my computer infected. I got a majority of it cleaned up, but there's still some stuff hanging around, including EasyCalendar. I'm getting persistent advertisement popups and occasional new tabs (Google Chrome) that hijack the browser.

Help!

Run date: 2015-10-20 20:33:01

-----------------------------

20:33:01.495 OS Version: Windows x64 6.2.9200

20:33:01.495 Number of processors: 4 586 0x3A09

20:33:01.495 ComputerName: DEANSPC UserName: Dean

20:33:04.349 Initialize success

20:33:04.399 VM: initialized successfully

20:33:04.400 VM: Intel CPU supported

20:33:16.941 VM: disk I/O iaStorA.sys

20:36:17.195 AVAST engine defs: 15102002

20:39:07.772 Disk 0 (boot) \Device\Harddisk0\DR0 -> \Device\0000002e

20:39:07.787 Disk 0 Vendor: TOSHIBA_MQ01ABD075 AX0A4M Size: 715404MB BusType: 11

20:39:07.912 Disk 0 MBR read successfully

20:39:07.912 Disk 0 MBR scan

20:39:07.912 Disk 0 unknown MBR code

20:39:07.928 Disk 0 Partition 1 00 EE GPT 2097151 MB offset 1

20:39:08.084 Disk 0 scanning C:\WINDOWS\system32\drivers

20:39:24.405 Service scanning

20:40:25.839 Modules scanning

20:40:25.839 Disk 0 trace - called modules:

20:40:25.871 ntoskrnl.exe CLASSPNP.SYS disk.sys storport.sys hal.dll iaStorA.sys

20:40:25.871 1 nt!IofCallDriver -> \Device\Harddisk0\DR0[0xffffe0007d0e4380]

20:40:25.871 3 CLASSPNP.SYS[fffff80178ce46c5] -> nt!IofCallDriver -> \Device\0000002e[0xffffe0007b3d4060]

20:40:28.498 AVAST engine scan C:\WINDOWS

20:40:31.247 AVAST engine scan C:\WINDOWS\system32

20:45:23.547 AVAST engine scan C:\WINDOWS\system32\drivers

20:46:06.843 AVAST engine scan C:\Users\Dean

20:47:12.374 File: C:\Users\Dean\AppData\Local\Installer\Install_20751\DCnswBC97.tmp **INFECTED** Win32:Malware-gen

20:47:12.660 File: C:\Users\Dean\AppData\Local\Installer\Install_23301\DCnswBC97.tmp **INFECTED** Win32:Malware-gen

20:52:36.189 Disk 0 MBR has been saved successfully to "C:\Users\Dean\Desktop\MBR.dat"

20:52:36.201 The log file has been saved successfully to "C:\Users\Dean\Desktop\aswMBR.txt"

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:18-10-2015

Ran by Dean (administrator) on DEANSPC (20-10-2015 20:59:57)

Running from C:\Users\Dean\Downloads

Loaded Profiles: Dean (Available Profiles: Dean & Administrator)

Platform: Windows 10 Home (X64) Language: English (United States)

Internet Explorer Version 11 (Default browser: Edge)

Boot Mode: Normal

Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo...very-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe

() C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe

(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe

(Apple Inc.) C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe

(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\Jhi_service.exe

(Intel® Corporation) C:\Program Files\Intel\iCLS Client\HeciServer.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe

(Win Developers Team) C:\Program Files (x86)\vdsmgr update\updateservice.exe

(TOSHIBA Corporation) C:\Windows\System32\TODDSrv.exe

(Win Developers Team) C:\Program Files (x86)\vdsmgr\runservice.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoService.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe

(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe

(Apple Inc.) C:\Program Files\iPod\bin\iPodService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\LMS\LMS.exe

(Intel Corporation) C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\UNS.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\TMachInfo.exe

(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe

(Intel Corporation) C:\Windows\System32\igfxEM.exe

(Intel Corporation) C:\Windows\System32\igfxHK.exe

(Intel Corporation) C:\Windows\System32\igfxTray.exe

(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\Teco\TecoResident.exe

(Apple Inc.) C:\Program Files\iTunes\iTunesHelper.exe

(Fitbit, Inc.) C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe

(TOSHIBA Corporation) C:\Program Files\TOSHIBA\TOSHIBA Service Station\ToshibaServiceStation.exe

(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe

() C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.10.5.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe

(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe

(Win Developers Team) C:\Program Files (x86)\vdsmgr\vdsmgr.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13427784 2013-03-18] (Realtek Semiconductor)

HKLM\...\Run: [TCrdMain] => C:\Program Files\TOSHIBA\Hotkey\TCrdMain_Win8.exe [2717176 2013-01-04] (TOSHIBA Corporation)

HKLM\...\Run: [TODDMain] => C:\Program Files (x86)\TOSHIBA\System Setting\TODDMain.exe [213136 2012-08-04] ()

HKLM\...\Run: [TecoResident] => C:\Program Files\TOSHIBA\Teco\TecoResident.exe [170848 2013-01-28] (TOSHIBA Corporation)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3946184 2015-08-06] (Synaptics Incorporated)

HKLM\...\Run: [iTunesHelper] => C:\Program Files\iTunes\iTunesHelper.exe [170256 2015-09-15] (Apple Inc.)

HKLM-x32\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)

HKU\S-1-5-21-2106972356-197434514-2111516588-1001\...\Run: [Messenger (Yahoo!)] => C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe [6595928 2012-05-25] (Yahoo! Inc.)

HKU\S-1-5-21-2106972356-197434514-2111516588-1001\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)

HKU\S-1-5-21-2106972356-197434514-2111516588-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [31344744 2015-02-26] (Skype Technologies S.A.)

HKU\S-1-5-21-2106972356-197434514-2111516588-1001\...\Run: [Fitbit Connect] => C:\Program Files (x86)\Fitbit Connect\Fitbit Connect.exe [4377256 2015-09-04] (Fitbit, Inc.)

HKU\S-1-5-21-2106972356-197434514-2111516588-1001\...\MountPoints2: {e863ad04-7b0b-11e3-824e-806e6f6e6963} - "D:\SETUP.EXE"

HKU\S-1-5-18\...\Run: [GarminExpressTrayApp] => C:\Program Files (x86)\Garmin\Express Tray\ExpressTray.exe [1403192 2015-09-11] (Garmin Ltd. or its subsidiaries)

AppInit_DLLs: C:\ProgramData\Flexfix\SilSancof.dll => C:\ProgramData\Flexfix\SilSancof.dll [518656 2015-10-18] ()

AppInit_DLLs-x32: C:\ProgramData\Flexfix\KinTontam.dll => C:\ProgramData\Flexfix\KinTontam.dll [320512 2015-10-18] ()

GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 75.75.76.76 75.75.75.75

Tcpip\..\Interfaces\{f95690ad-e721-40f7-ba8b-ac2ec40e6954}: [DhcpNameServer] 75.75.76.76 75.75.75.75

Internet Explorer:

==================

HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKU\S-1-5-21-2106972356-197434514-2111516588-1001\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION

HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130896711658437813&GUID=F60FE686-218C-4AA6-9A32-D2850C5D6241

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130896711658441922&GUID=F60FE686-218C-4AA6-9A32-D2850C5D6241

HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKLM\Software\Wow6432Node\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKU\S-1-5-21-2106972356-197434514-2111516588-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://go.microsoft.com/fwlink/?LinkID=617910&ResetID=130896711658458972&GUID=F60FE686-218C-4AA6-9A32-D2850C5D6241

HKU\S-1-5-21-2106972356-197434514-2111516588-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://www.microsoft.com/isapi/redir.dll?prd=ie&pver=6&ar=msnhome

HKU\S-1-5-21-2106972356-197434514-2111516588-1001\Software\Microsoft\Internet Explorer\Main,Default_Secondary_Page_URL = hxxp://mystart.toshiba.com

SearchScopes: HKU\S-1-5-21-2106972356-197434514-2111516588-1001 -> {7C3E91D1-3008-4275-BBB1-F4A3D368CDEE} URL =

BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

BHO-x32: Adobe PDF Link Helper -> {18DF081C-E8AD-4283-A596-FA578C2EBDC3} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelperShim.dll [2012-09-23] (Adobe Systems Incorporated)

BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)

StartMenuInternet: IEXPLORE.EXE - iexplore.exe

FireFox:

========

FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-10-30] ()

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI ipt;version=2.1.66 -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIIPT.dll [2012-09-28] (Intel Corporation)

FF Plugin-x32: @intel-webapi.intel.com/Intel WebAPI updater -> C:\Program Files (x86)\Intel\Intel® Management Engine Components\IPT\npIntelWebAPIUpdater.dll [2012-09-28] (Intel Corporation)

FF Plugin-x32: @messenger.yahoo.com/YahooMessengerStatePlugin;version=1.0.0.6 -> C:\Program Files (x86)\Yahoo!\Shared\npYState.dll [2012-05-25] (Yahoo! Inc.)

FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)

FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)

FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)

FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Reader 11.0\Reader\AIR\nppdf32.dll [2012-09-23] (Adobe Systems Inc.)

Chrome:

=======

CHR DefaultSearchURL: Default -> hxxp://www-searching.com/search.aspx?s=FAIzftpbl02,bc712e4c-c7e4-4662-b497-5d83a5c79c2b,&q={searchTerms}

CHR DefaultSearchKeyword: Default -> www-searching.com

CHR DefaultSuggestURL: Default -> hxxp://api.searchpredict.com/api/?rqtype=ffplugin&siteID=8661&dbCode=1&command={searchTerms}

CHR Profile: C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default

CHR Extension: (Google Slides) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-06-14]

CHR Extension: (Google Docs) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-06-14]

CHR Extension: (Google Drive) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-06-14]

CHR Extension: (YouTube) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-06-14]

CHR Extension: (Google Search) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-06-14]

CHR Extension: (Google Sheets) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-06-14]

CHR Extension: (Google Docs Offline) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-09-02]

CHR Extension: (AdBlock) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\gighmmpiobklfepjocnamgkkbiglidom [2015-06-14]

CHR Extension: (New Tab Redirect) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna [2015-07-17]

CHR Extension: (EasyCalendar) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk [2015-10-19]

CHR Extension: (Chrome Web Store Payments) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-06-14]

CHR Extension: (Gmail) - C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-06-14]

StartMenuInternet: Google Chrome - Chrome.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 Apple Mobile Device Service; C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe [77104 2015-09-02] (Apple Inc.)

R2 dts_apo_service; C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe [16720 2013-03-25] ()

R2 Fitbit Connect; C:\Program Files (x86)\Fitbit Connect\FitbitConnectService.exe [5750440 2015-09-04] (Fitbit, Inc.)

S2 Flexfix; C:\ProgramData\\Flexfix\\Flexfix.exe [807936 2015-10-14] () [File not signed]

S2 Garmin Device Interaction Service; C:\Program Files (x86)\Garmin\Device Interaction Service\GarminService.exe [762272 2015-09-11] (Garmin Ltd. or its subsidiaries)

R2 igfxCUIService1.0.0.0; C:\Windows\system32\igfxCUIService.exe [328608 2015-08-06] (Intel Corporation)

R2 Intel® Capability Licensing Service Interface; C:\Program Files\Intel\iCLS Client\HeciServer.exe [732160 2012-12-10] (Intel® Corporation) [File not signed]

S3 Intel® Capability Licensing Service TCP IP Interface; C:\Program Files\Intel\iCLS Client\SocketHeciServer.exe [803872 2012-12-10] (Intel® Corporation)

R2 Intel® ME Service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\FWService\IntelMeFWService.exe [130592 2012-10-26] (Intel Corporation)

R2 jhi_service; C:\Program Files (x86)\Intel\Intel® Management Engine Components\DAL\jhi_service.exe [165488 2012-12-18] (Intel Corporation)

R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-06] (Synaptics Incorporated)

R2 System update service; C:\Program Files (x86)\vdsmgr update\updateservice.exe [240128 2015-10-14] (Win Developers Team) [File not signed]

R2 vdsmgr manager service; C:\Program Files (x86)\vdsmgr\runservice.exe [116224 2015-09-14] (Win Developers Team) [File not signed]

R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)

R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 RTSUER; C:\Windows\system32\Drivers\RtsUer.sys [410880 2015-08-06] (Realsil Semiconductor Corporation)

R3 RTWlanE; C:\Windows\system32\DRIVERS\rtwlane.sys [3453144 2015-07-10] (Realtek Semiconductor Corporation )

R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-08-06] (Synaptics Incorporated)

R3 Thotkey; C:\Windows\System32\drivers\Thotkey.sys [28632 2012-07-31] (Windows ® Win 7 DDK provider)

U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-10-18] ()

S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()

S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)

R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)

R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)

U3 aswMBR; C:\Users\Dean\AppData\Local\Temp\aswMBR.sys [62728 2015-10-20] () [File not signed]

U3 aswVmm; C:\Users\Dean\AppData\Local\Temp\aswVmm.sys [224896 2015-10-20] ()

S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-20 20:59 - 2015-10-20 21:00 - 00016873 _____ C:\Users\Dean\Downloads\FRST.txt

2015-10-20 20:52 - 2015-10-20 20:52 - 00001959 _____ C:\Users\Dean\Desktop\aswMBR.txt

2015-10-20 20:52 - 2015-10-20 20:52 - 00000512 _____ C:\Users\Dean\Desktop\MBR.dat

2015-10-20 20:35 - 2015-10-20 20:35 - 02196992 _____ (Farbar) C:\Users\Dean\Downloads\FRST64.exe

2015-10-20 20:32 - 2015-10-20 20:32 - 05200384 _____ (AVAST Software) C:\Users\Dean\Downloads\aswmbr.exe

2015-10-20 20:30 - 2015-10-20 20:30 - 00016148 _____ C:\WINDOWS\system32\DEANSPC_Dean_HistoryPrediction.bin

2015-10-19 23:31 - 2015-10-19 23:31 - 00000000 ___HD C:\OneDriveTemp

2015-10-18 23:28 - 2015-10-19 00:16 - 00000000 ____D C:\ProgramData\RogueKiller

2015-10-18 23:28 - 2015-10-18 23:28 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys

2015-10-18 23:27 - 2015-10-19 00:16 - 01691648 _____ C:\Users\Dean\Downloads\AdwCleaner.exe

2015-10-18 23:27 - 2015-10-18 23:28 - 18832456 _____ C:\Users\Dean\Downloads\RogueKiller.exe

2015-10-18 23:25 - 2015-10-18 23:27 - 00002514 _____ C:\Users\Dean\Desktop\Rkill.txt

2015-10-18 23:25 - 2015-10-18 23:25 - 02019656 _____ (Bleeping Computer, LLC) C:\Users\Dean\Downloads\rkill.exe

2015-10-18 18:18 - 2015-10-18 18:18 - 00003118 _____ C:\Users\Dean\Documents\cc_20151018_181844.reg

2015-10-18 17:59 - 2015-10-18 17:59 - 00034888 _____ C:\Users\Dean\Documents\cc_20151018_175906.reg

2015-10-18 17:38 - 2015-10-18 17:38 - 00001348 _____ C:\Users\Dean\Desktop\Revo Uninstaller.lnk

2015-10-18 17:38 - 2015-10-18 17:38 - 00000000 ____D C:\Program Files (x86)\VS Revo Group

2015-10-18 17:37 - 2015-10-18 17:38 - 02623656 _____ (VS Revo Group Ltd.) C:\Users\Dean\Downloads\revosetup.exe

2015-10-18 15:46 - 2015-10-19 00:21 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys

2015-10-18 15:45 - 2015-10-18 17:15 - 00001176 _____ C:\Users\Public\Desktop\Malwarebytes Anti-Malware.lnk

2015-10-18 15:45 - 2015-10-18 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware

2015-10-18 15:45 - 2015-10-18 15:45 - 00000000 ____D C:\ProgramData\Malwarebytes

2015-10-18 15:45 - 2015-10-18 15:45 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware

2015-10-18 15:45 - 2015-10-05 09:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys

2015-10-18 15:45 - 2015-10-05 09:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys

2015-10-18 15:45 - 2015-10-05 09:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys

2015-10-18 15:43 - 2015-10-18 15:44 - 22908888 _____ (Malwarebytes ) C:\Users\Dean\Downloads\mbam-setup-org-2.2.0.1024.exe

2015-10-18 15:36 - 2015-10-18 15:36 - 00000258 __RSH C:\ProgramData\ntuser.pol

2015-10-18 15:21 - 2015-10-18 15:21 - 00000000 ____D C:\WINDOWS\Minidump

2015-10-18 15:07 - 2015-10-18 17:13 - 00000000 ____D C:\Program Files (x86)\e218410f-1324-48ca-b7ab-4e4c56e0b7cc

2015-10-18 15:07 - 2015-10-18 17:13 - 00000000 ____D C:\Program Files (x86)\d43f27b0-7c8b-4ac2-8cd4-a1707474d0a7

2015-10-18 15:05 - 2015-10-18 15:05 - 00000000 ____D C:\Users\Dean\AppData\Local\CrashRpt

2015-10-18 15:04 - 2015-10-18 17:13 - 00000000 ____D C:\Program Files (x86)\d8d789e3-b07f-46a9-8ec7-558d0b0eded0

2015-10-18 15:03 - 2015-10-18 15:27 - 00000004 _____ C:\WINDOWS\SysWOW64\029B560A371F4E00AB32838EBC01B9E7

2015-10-18 14:54 - 2015-10-18 14:54 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Itibiti

2015-10-18 14:53 - 2015-10-18 14:57 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Opera Software

2015-10-18 14:53 - 2015-10-18 14:57 - 00000000 ____D C:\Users\Dean\AppData\Local\Opera Software

2015-10-18 14:53 - 2015-10-18 14:57 - 00000000 ____D C:\Program Files (x86)\Opera

2015-10-18 14:52 - 2013-08-22 09:25 - 00000824 _____ C:\WINDOWS\system32\Drivers\etc\hp.bak

2015-10-18 14:50 - 2015-10-18 17:13 - 00000000 ____D C:\Program Files\NixController

2015-10-18 14:50 - 2015-10-18 15:17 - 00000000 ____D C:\ProgramData\Flexfix

2015-10-18 14:50 - 2015-10-18 14:50 - 00000000 ____D C:\Users\Dean\AppData\Roaming\Mozilla

2015-10-18 14:48 - 2015-10-18 14:48 - 00000000 ____D C:\Users\Dean\AppData\Local\CEF

2015-10-18 14:48 - 2015-10-18 14:48 - 00000000 ____D C:\Program Files (x86)\vdsmgr update

2015-10-18 14:47 - 2015-10-18 14:48 - 00000000 ____D C:\Program Files (x86)\vdsmgr

2015-10-18 14:44 - 2015-10-18 14:44 - 01031591 _____ C:\Users\Dean\Downloads\Voice Of Music Service Manual Downloader (2).zip

2015-10-17 15:37 - 2015-10-17 15:37 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help

2015-10-17 15:37 - 2015-10-17 15:37 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help

2015-10-16 00:00 - 2015-10-16 00:00 - 00597516 _____ C:\Users\Dean\Downloads\pg47912-images.mobi

2015-10-16 00:00 - 2015-10-16 00:00 - 00580278 _____ C:\Users\Dean\Downloads\pg24364-images.mobi

2015-10-16 00:00 - 2015-10-16 00:00 - 00360872 _____ C:\Users\Dean\Downloads\pg49493-images.mobi

2015-10-13 22:51 - 2015-10-10 03:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll

2015-10-13 22:51 - 2015-10-10 02:40 - 21875712 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll

2015-10-13 22:51 - 2015-10-10 02:07 - 18806272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll

2015-10-13 22:51 - 2015-10-05 23:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll

2015-10-13 22:51 - 2015-10-05 22:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll

2015-10-13 22:51 - 2015-10-01 00:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi

2015-10-13 22:51 - 2015-10-01 00:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe

2015-10-13 22:51 - 2015-10-01 00:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi

2015-10-13 22:51 - 2015-10-01 00:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe

2015-10-13 22:51 - 2015-10-01 00:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe

2015-10-13 22:51 - 2015-09-30 23:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll

2015-10-13 22:51 - 2015-09-25 00:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll

2015-10-13 22:51 - 2015-09-25 00:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys

2015-10-13 22:51 - 2015-09-24 23:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll

2015-10-13 22:51 - 2015-09-24 23:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi

2015-10-13 22:51 - 2015-09-24 23:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll

2015-10-13 22:51 - 2015-09-24 23:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll

2015-10-13 22:51 - 2015-09-24 23:17 - 24595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll

2015-10-13 22:51 - 2015-09-24 23:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll

2015-10-13 22:51 - 2015-09-24 23:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll

2015-10-13 22:51 - 2015-09-24 23:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll

2015-10-13 22:51 - 2015-09-24 23:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll

2015-10-13 22:51 - 2015-09-24 23:04 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll

2015-10-13 22:51 - 2015-09-24 23:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll

2015-10-13 22:51 - 2015-09-24 23:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll

2015-10-13 22:51 - 2015-09-24 23:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll

2015-10-13 22:51 - 2015-09-24 23:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll

2015-10-13 22:51 - 2015-09-24 23:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll

2015-10-13 22:51 - 2015-09-24 23:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll

2015-10-13 22:51 - 2015-09-24 23:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll

2015-10-13 22:51 - 2015-09-24 23:02 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe

2015-10-13 22:51 - 2015-09-24 23:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll

2015-10-13 22:51 - 2015-09-24 23:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys

2015-10-13 22:51 - 2015-09-24 23:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll

2015-10-13 22:51 - 2015-09-24 23:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys

2015-10-13 22:51 - 2015-09-24 23:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll

2015-10-13 22:51 - 2015-09-24 23:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll

2015-10-13 22:51 - 2015-09-24 22:59 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll

2015-10-13 22:51 - 2015-09-24 22:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll

2015-10-13 22:51 - 2015-09-24 22:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll

2015-10-13 22:51 - 2015-09-24 22:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll

2015-10-13 22:51 - 2015-09-24 22:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll

2015-10-13 22:51 - 2015-09-24 22:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll

2015-10-13 22:51 - 2015-09-24 22:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll

2015-10-13 22:51 - 2015-09-24 22:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll

2015-10-13 22:51 - 2015-09-24 22:48 - 19325952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll

2015-10-13 22:51 - 2015-09-24 22:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll

2015-10-13 22:51 - 2015-09-24 22:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll

2015-10-13 22:51 - 2015-09-24 22:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll

2015-10-13 22:51 - 2015-09-24 22:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll

2015-10-13 22:51 - 2015-09-24 22:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll

2015-10-13 22:51 - 2015-09-24 22:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll

2015-10-13 22:51 - 2015-09-24 22:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll

2015-10-13 22:51 - 2015-09-24 22:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll

2015-10-13 22:51 - 2015-09-24 22:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll

2015-10-13 22:51 - 2015-09-24 22:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll

2015-10-13 22:51 - 2015-09-24 22:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll

2015-10-13 22:51 - 2015-09-24 22:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll

2015-10-13 22:51 - 2015-09-24 22:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll

2015-10-13 22:51 - 2015-09-24 22:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll

2015-10-13 22:51 - 2015-09-24 22:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll

2015-10-13 22:51 - 2015-09-24 22:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll

2015-10-13 22:51 - 2015-09-24 22:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll

2015-10-13 22:51 - 2015-09-24 22:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll

2015-10-13 22:51 - 2015-09-24 22:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll

2015-10-08 09:59 - 2015-10-08 09:59 - 00186880 _____ (TODO: <Company name>) C:\WINDOWS\system32\rsrcs.dll

2015-10-03 08:52 - 2015-10-18 17:15 - 00001035 _____ C:\Users\Public\Desktop\Minecraft.lnk

2015-10-03 08:52 - 2015-10-04 08:43 - 00000000 ____D C:\Users\Dean\AppData\Roaming\.minecraft

2015-10-03 08:52 - 2015-10-03 08:52 - 00000000 ____D C:\Users\Dean\AppData\Roaming\java

2015-10-03 08:52 - 2015-10-03 08:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Minecraft

2015-10-03 08:52 - 2015-10-03 08:52 - 00000000 ____D C:\Program Files (x86)\Minecraft

2015-10-03 08:51 - 2015-10-03 08:51 - 02314240 _____ C:\Users\Dean\Downloads\MinecraftInstaller.msi

2015-10-01 23:05 - 2015-10-01 23:05 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office

2015-10-01 23:04 - 2015-10-01 23:04 - 00000000 ____D C:\WINDOWS\PCHEALTH

2015-10-01 23:03 - 2015-10-01 23:03 - 00000000 ____D C:\WINDOWS\System32\Tasks\OfficeSoftwareProtectionPlatform

2015-10-01 23:01 - 2015-10-01 23:01 - 00000000 ____D C:\Program Files\Microsoft Office

2015-10-01 23:01 - 2015-10-01 23:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Analysis Services

2015-10-01 23:00 - 2015-10-19 03:22 - 00000000 ____D C:\ProgramData\Microsoft Help

2015-10-01 23:00 - 2015-10-01 23:00 - 00000000 ____D C:\Users\Dean\AppData\Local\Microsoft Help

2015-09-30 21:39 - 2015-09-17 02:50 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll

2015-09-30 21:39 - 2015-09-17 02:50 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll

2015-09-30 21:39 - 2015-09-17 02:49 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll

2015-09-30 21:39 - 2015-09-17 02:49 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll

2015-09-30 21:39 - 2015-09-17 02:49 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys

2015-09-30 21:39 - 2015-09-17 02:49 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe

2015-09-30 21:39 - 2015-09-17 02:48 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll

2015-09-30 21:39 - 2015-09-17 02:48 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll

2015-09-30 21:39 - 2015-09-17 02:48 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys

2015-09-30 21:39 - 2015-09-17 02:48 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll

2015-09-30 21:39 - 2015-09-17 02:48 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys

2015-09-30 21:39 - 2015-09-17 02:48 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll

2015-09-30 21:39 - 2015-09-17 02:48 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll

2015-09-30 21:39 - 2015-09-17 02:48 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll

2015-09-30 21:39 - 2015-09-17 02:48 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll

2015-09-30 21:39 - 2015-09-17 02:48 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll

2015-09-30 21:39 - 2015-09-17 02:47 - 01397088 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll

2015-09-30 21:39 - 2015-09-17 02:44 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll

2015-09-30 21:39 - 2015-09-17 02:43 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll

2015-09-30 21:39 - 2015-09-17 02:37 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll

2015-09-30 21:39 - 2015-09-17 02:28 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll

2015-09-30 21:39 - 2015-09-17 02:28 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll

2015-09-30 21:39 - 2015-09-17 02:28 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll

2015-09-30 21:39 - 2015-09-17 02:28 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe

2015-09-30 21:39 - 2015-09-17 02:27 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll

2015-09-30 21:39 - 2015-09-17 02:27 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll

2015-09-30 21:39 - 2015-09-17 02:26 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll

2015-09-30 21:39 - 2015-09-17 02:26 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll

2015-09-30 21:39 - 2015-09-17 02:26 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll

2015-09-30 21:39 - 2015-09-17 02:26 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll

2015-09-30 21:39 - 2015-09-17 02:25 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll

2015-09-30 21:39 - 2015-09-17 02:21 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll

2015-09-30 21:39 - 2015-09-17 02:20 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll

2015-09-30 21:39 - 2015-09-17 02:06 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll

2015-09-30 21:39 - 2015-09-17 02:05 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll

2015-09-30 21:39 - 2015-09-17 02:04 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll

2015-09-30 21:39 - 2015-09-17 02:04 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll

2015-09-30 21:39 - 2015-09-17 02:00 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll

2015-09-30 21:39 - 2015-09-17 02:00 - 02417664 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll

2015-09-30 21:39 - 2015-09-17 01:58 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll

2015-09-30 21:39 - 2015-09-17 01:57 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll

2015-09-30 21:39 - 2015-09-17 01:57 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll

2015-09-30 21:39 - 2015-09-17 01:56 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll

2015-09-30 21:39 - 2015-09-17 01:56 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll

2015-09-30 21:39 - 2015-09-17 01:55 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll

2015-09-30 21:39 - 2015-09-17 01:55 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll

2015-09-30 21:39 - 2015-09-17 01:54 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll

2015-09-30 21:39 - 2015-09-17 01:54 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll

2015-09-30 21:39 - 2015-09-17 01:53 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll

2015-09-30 21:39 - 2015-09-17 01:52 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll

2015-09-30 21:39 - 2015-09-17 01:52 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll

2015-09-30 21:39 - 2015-09-17 01:52 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll

2015-09-30 21:39 - 2015-09-17 01:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll

2015-09-30 21:39 - 2015-09-17 01:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll

2015-09-30 21:39 - 2015-09-17 01:51 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll

2015-09-30 21:39 - 2015-09-17 01:50 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll

2015-09-30 21:39 - 2015-09-17 01:49 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll

2015-09-30 21:39 - 2015-09-17 01:49 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll

2015-09-30 21:39 - 2015-09-17 01:49 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll

2015-09-30 21:39 - 2015-09-17 01:48 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll

2015-09-30 21:39 - 2015-09-17 01:48 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll

2015-09-30 21:39 - 2015-09-17 01:48 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll

2015-09-30 21:39 - 2015-09-17 01:48 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll

2015-09-30 21:39 - 2015-09-17 01:47 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll

2015-09-30 21:39 - 2015-09-17 01:45 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll

2015-09-30 21:39 - 2015-09-17 01:45 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll

2015-09-30 21:39 - 2015-09-17 01:45 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll

2015-09-30 21:39 - 2015-09-17 01:44 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll

2015-09-30 21:39 - 2015-09-17 01:43 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll

2015-09-30 21:39 - 2015-09-17 01:43 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll

2015-09-30 21:39 - 2015-09-17 01:42 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll

2015-09-30 21:39 - 2015-09-17 01:41 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll

2015-09-30 21:39 - 2015-09-17 01:40 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll

2015-09-30 21:39 - 2015-09-17 01:40 - 01918464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll

2015-09-30 21:39 - 2015-09-17 01:40 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll

2015-09-30 21:39 - 2015-09-17 01:39 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll

2015-09-30 21:39 - 2015-09-17 01:38 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll

2015-09-30 21:39 - 2015-09-17 01:37 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll

2015-09-30 21:39 - 2015-09-17 01:35 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll

2015-09-30 21:39 - 2015-09-17 01:35 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll

2015-09-30 21:39 - 2015-09-17 01:35 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll

2015-09-30 21:39 - 2015-09-17 01:35 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll

2015-09-30 21:39 - 2015-09-17 01:34 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll

2015-09-30 21:39 - 2015-09-17 01:32 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll

2015-09-30 21:39 - 2015-09-17 01:32 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll

2015-09-30 21:39 - 2015-09-17 01:29 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll

2015-09-30 21:39 - 2015-09-17 01:29 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll

2015-09-30 21:39 - 2015-09-17 01:29 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll

2015-09-30 21:39 - 2015-09-17 01:29 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll

2015-09-30 21:39 - 2015-09-17 01:26 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll

2015-09-30 21:39 - 2015-09-17 01:16 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll

2015-09-30 21:39 - 2015-09-12 22:05 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll

2015-09-30 21:39 - 2015-09-12 21:41 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll

2015-09-30 21:38 - 2015-09-19 01:14 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll

2015-09-30 21:38 - 2015-09-17 02:50 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys

2015-09-30 21:38 - 2015-09-17 02:50 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll

2015-09-30 21:38 - 2015-09-17 02:49 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll

2015-09-30 21:38 - 2015-09-17 02:48 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll

2015-09-30 21:38 - 2015-09-17 02:48 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS

2015-09-30 21:38 - 2015-09-17 02:48 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys

2015-09-30 21:38 - 2015-09-17 02:48 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS

2015-09-30 21:38 - 2015-09-17 02:48 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys

2015-09-30 21:38 - 2015-09-17 02:48 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys

2015-09-30 21:38 - 2015-09-17 02:48 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys

2015-09-30 21:38 - 2015-09-17 02:48 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll

2015-09-30 21:38 - 2015-09-17 02:37 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys

2015-09-30 21:38 - 2015-09-17 02:28 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll

2015-09-30 21:38 - 2015-09-17 02:28 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll

2015-09-30 21:38 - 2015-09-17 02:26 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll

2015-09-30 21:38 - 2015-09-17 02:26 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll

2015-09-30 21:38 - 2015-09-17 02:11 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll

2015-09-30 21:38 - 2015-09-17 02:10 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll

2015-09-30 21:38 - 2015-09-17 02:09 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll

2015-09-30 21:38 - 2015-09-17 02:09 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll

2015-09-30 21:38 - 2015-09-17 02:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll

2015-09-30 21:38 - 2015-09-17 02:08 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll

2015-09-30 21:38 - 2015-09-17 02:08 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe

2015-09-30 21:38 - 2015-09-17 02:06 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll

2015-09-30 21:38 - 2015-09-17 02:06 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll

2015-09-30 21:38 - 2015-09-17 02:05 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll

2015-09-30 21:38 - 2015-09-17 02:04 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll

2015-09-30 21:38 - 2015-09-17 02:03 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll

2015-09-30 21:38 - 2015-09-17 02:03 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll

2015-09-30 21:38 - 2015-09-17 02:03 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe

2015-09-30 21:38 - 2015-09-17 02:03 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll

2015-09-30 21:38 - 2015-09-17 02:03 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe

2015-09-30 21:38 - 2015-09-17 02:02 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll

2015-09-30 21:38 - 2015-09-17 02:02 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll

2015-09-30 21:38 - 2015-09-17 02:00 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll

2015-09-30 21:38 - 2015-09-17 02:00 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll

2015-09-30 21:38 - 2015-09-17 01:57 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll

2015-09-30 21:38 - 2015-09-17 01:57 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll

2015-09-30 21:38 - 2015-09-17 01:56 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll

2015-09-30 21:38 - 2015-09-17 01:55 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll

2015-09-30 21:38 - 2015-09-17 01:55 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll

2015-09-30 21:38 - 2015-09-17 01:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll

2015-09-30 21:38 - 2015-09-17 01:55 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll

2015-09-30 21:38 - 2015-09-17 01:55 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll

2015-09-30 21:38 - 2015-09-17 01:55 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe

2015-09-30 21:38 - 2015-09-17 01:55 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll

2015-09-30 21:38 - 2015-09-17 01:54 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll

2015-09-30 21:38 - 2015-09-17 01:52 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll

2015-09-30 21:38 - 2015-09-17 01:52 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll

2015-09-30 21:38 - 2015-09-17 01:52 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll

2015-09-30 21:38 - 2015-09-17 01:52 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll

2015-09-30 21:38 - 2015-09-17 01:52 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll

2015-09-30 21:38 - 2015-09-17 01:52 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll

2015-09-30 21:38 - 2015-09-17 01:52 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll

2015-09-30 21:38 - 2015-09-17 01:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll

2015-09-30 21:38 - 2015-09-17 01:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll

2015-09-30 21:38 - 2015-09-17 01:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll

2015-09-30 21:38 - 2015-09-17 01:50 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll

2015-09-30 21:38 - 2015-09-17 01:50 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys

2015-09-30 21:38 - 2015-09-17 01:50 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll

2015-09-30 21:38 - 2015-09-17 01:50 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll

2015-09-30 21:38 - 2015-09-17 01:50 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys

2015-09-30 21:38 - 2015-09-17 01:49 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll

2015-09-30 21:38 - 2015-09-17 01:49 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll

2015-09-30 21:38 - 2015-09-17 01:49 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll

2015-09-30 21:38 - 2015-09-17 01:49 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll

2015-09-30 21:38 - 2015-09-17 01:49 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll

2015-09-30 21:38 - 2015-09-17 01:49 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll

2015-09-30 21:38 - 2015-09-17 01:49 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll

2015-09-30 21:38 - 2015-09-17 01:48 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll

2015-09-30 21:38 - 2015-09-17 01:48 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll

2015-09-30 21:38 - 2015-09-17 01:47 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll

2015-09-30 21:38 - 2015-09-17 01:47 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll

2015-09-30 21:38 - 2015-09-17 01:46 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll

2015-09-30 21:38 - 2015-09-17 01:46 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll

2015-09-30 21:38 - 2015-09-17 01:46 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll

2015-09-30 21:38 - 2015-09-17 01:46 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll

2015-09-30 21:38 - 2015-09-17 01:46 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll

2015-09-30 21:38 - 2015-09-17 01:46 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe

2015-09-30 21:38 - 2015-09-17 01:46 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll

2015-09-30 21:38 - 2015-09-17 01:46 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll

2015-09-30 21:38 - 2015-09-17 01:45 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll

2015-09-30 21:38 - 2015-09-17 01:45 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll

2015-09-30 21:38 - 2015-09-17 01:44 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll

2015-09-30 21:38 - 2015-09-17 01:44 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll

2015-09-30 21:38 - 2015-09-17 01:44 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll

2015-09-30 21:38 - 2015-09-17 01:43 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll

2015-09-30 21:38 - 2015-09-17 01:43 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll

2015-09-30 21:38 - 2015-09-17 01:39 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll

2015-09-30 21:38 - 2015-09-17 01:36 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll

2015-09-30 21:38 - 2015-09-17 01:32 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll

2015-09-30 21:38 - 2015-09-17 01:31 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll

2015-09-30 21:38 - 2015-09-17 01:30 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll

2015-09-30 21:38 - 2015-09-17 01:28 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll

2015-09-23 21:41 - 2015-10-18 17:15 - 00001827 _____ C:\Users\Public\Desktop\iTunes.lnk

2015-09-23 21:41 - 2015-09-23 21:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes

2015-09-23 21:40 - 2015-09-23 21:41 - 00000000 ____D C:\Program Files\iTunes

2015-09-23 21:40 - 2015-09-23 21:40 - 00000000 ____D C:\Program Files\iPod

2015-09-23 21:40 - 2015-09-23 21:40 - 00000000 ____D C:\Program Files (x86)\iTunes

2015-09-23 21:38 - 2015-09-23 21:38 - 00000000 ____D C:\WINDOWS\System32\Tasks\Apple

2015-09-23 21:38 - 2015-09-23 21:38 - 00000000 ____D C:\Program Files\Bonjour

2015-09-23 21:38 - 2015-09-23 21:38 - 00000000 ____D C:\Program Files (x86)\Bonjour

2015-09-23 21:38 - 2015-09-23 21:38 - 00000000 ____D C:\Program Files (x86)\Apple Software Update

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-10-20 21:00 - 2014-01-07 09:16 - 00000000 ____D C:\FRST

2015-10-20 20:36 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\AppReadiness

2015-10-20 20:36 - 2015-07-10 06:55 - 00000000 ____D C:\WINDOWS\CbsTemp

2015-10-20 20:35 - 2015-06-28 01:16 - 00004148 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{6E5FEF78-0ED2-4C8A-B6AF-AC8B300020E8}

2015-10-20 20:33 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sru

2015-10-20 00:19 - 2015-06-14 18:53 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job

2015-10-19 23:31 - 2015-06-27 19:23 - 00000000 ____D C:\Users\Dean\OneDrive

2015-10-19 23:31 - 2015-06-14 18:53 - 00000918 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job

2015-10-19 08:12 - 2015-07-15 20:08 - 00000000 ____D C:\Users\Dean\AppData\Local\CrashDumps

2015-10-19 00:19 - 2015-07-10 08:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT

2015-10-19 00:19 - 2015-07-10 05:05 - 00524288 ___SH C:\WINDOWS\system32\config\BBI

2015-10-19 00:18 - 2015-08-05 23:56 - 00000000 ____D C:\Users\Dean

2015-10-19 00:17 - 2014-01-04 19:05 - 00000000 ____D C:\AdwCleaner

2015-10-18 22:14 - 2015-07-17 00:08 - 00000000 __SHD C:\WINDOWS\SysWOW64\AI_RecycleBin

2015-10-18 21:33 - 2015-07-16 23:08 - 00002248 _____ C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Start Menu.lnk

2015-10-18 18:09 - 2015-06-14 15:39 - 00000000 ____D C:\Users\Dean\AppData\Local\Packages

2015-10-18 18:02 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\NDF

2015-10-18 17:17 - 2015-07-10 09:12 - 00000000 ____D C:\WINDOWS\OCR

2015-10-18 17:16 - 2015-09-07 23:56 - 00002523 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Apple Software Update.lnk

2015-10-18 17:16 - 2015-08-06 00:29 - 00002378 _____ C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk

2015-10-18 17:16 - 2015-08-06 00:01 - 00001540 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk

2015-10-18 17:16 - 2015-07-17 00:00 - 00002286 _____ C:\Users\Dean\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\PC App Store.lnk

2015-10-18 17:16 - 2013-09-20 01:43 - 00002389 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Toshiba Start.lnk

2015-10-18 17:16 - 2013-04-10 00:40 - 00002429 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe Reader XI.lnk

2015-10-18 17:16 - 2013-04-10 00:39 - 00001969 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office.lnk

2015-10-18 17:15 - 2015-09-14 21:21 - 00001968 _____ C:\Users\Public\Desktop\Garmin Express.lnk

2015-10-18 17:15 - 2013-09-20 01:42 - 00002067 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Toshiba Book Place.lnk

2015-10-18 17:15 - 2013-04-10 01:30 - 00001062 _____ C:\Users\Public\Desktop\Desktop Assist.lnk

2015-10-18 17:13 - 2013-04-10 00:39 - 00000000 ____D C:\Program Files (x86)\Adobe

2015-10-18 15:36 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy

2015-10-18 15:36 - 2013-08-22 11:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy

2015-10-18 14:46 - 2014-04-16 23:08 - 00000000 ____D C:\Users\Dean\Documents\Audio

2015-10-15 22:08 - 2015-08-01 18:36 - 00000000 ____D C:\Users\Dean\Documents\Manuals

2015-10-15 04:37 - 2015-08-06 00:09 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI

2015-10-15 04:32 - 2015-07-10 08:20 - 00285208 _____ C:\WINDOWS\system32\FNTCACHE.DAT

2015-10-15 04:30 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\appraiser

2015-10-13 23:03 - 2015-06-18 22:06 - 00000000 ____D C:\WINDOWS\system32\MRT

2015-10-13 23:00 - 2015-06-18 22:06 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe

2015-10-02 13:36 - 2015-07-10 07:06 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe

2015-10-02 13:36 - 2015-07-10 07:06 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl

2015-10-01 23:04 - 2013-04-10 00:38 - 00000000 ____D C:\Program Files (x86)\Microsoft Office

2015-10-01 23:03 - 2015-07-10 07:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared

2015-10-01 23:01 - 2015-07-10 09:14 - 00000000 ____D C:\WINDOWS\ShellNew

2015-10-01 04:02 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\rescache

2015-10-01 03:42 - 2015-07-10 07:04 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility

2015-10-01 03:41 - 2015-07-10 07:04 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12

2015-10-01 03:41 - 2015-07-10 07:04 - 00000000 ___SD C:\WINDOWS\system32\F12

2015-10-01 03:41 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog

2015-10-01 03:41 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns

2015-10-01 03:41 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform

2015-10-01 03:41 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Provisioning

2015-10-01 03:41 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\L2Schemas

2015-09-23 21:40 - 2015-09-07 23:55 - 00000000 ____D C:\Program Files\Common Files\Apple

==================== Files in the root of some directories =======

2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Dean\AppData\Roaming\HSl3jNW6bxDXYobL3Db

2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Dean\AppData\Roaming\yQX1Vm3c

Some files in TEMP:

====================

C:\Users\Dean\AppData\Local\Temp\avg23B7.exe

C:\Users\Dean\AppData\Local\Temp\c5w.exe

C:\Users\Dean\AppData\Local\Temp\dllnt_dump.dll

C:\Users\Dean\AppData\Local\Temp\nsvD47E.exe

C:\Users\Dean\AppData\Local\Temp\Opera_NI_stable.exe

C:\Users\Dean\AppData\Local\Temp\sqlite3.dll

C:\Users\Dean\AppData\Local\Temp\Uninstall.exe

C:\Users\Dean\AppData\Local\Temp\Updater.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed

C:\WINDOWS\system32\wininit.exe => File is digitally signed

C:\WINDOWS\explorer.exe => File is digitally signed

C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed

C:\WINDOWS\system32\svchost.exe => File is digitally signed

C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed

C:\WINDOWS\system32\services.exe => File is digitally signed

C:\WINDOWS\system32\User32.dll => File is digitally signed

C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed

C:\WINDOWS\system32\userinit.exe => File is digitally signed

C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed

C:\WINDOWS\system32\rpcss.dll => File is digitally signed

C:\WINDOWS\system32\dnsapi.dll => File is digitally signed

C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed

C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2015-10-15 04:43

==================== End of FRST.txt ============================

Additional scan result of Farbar Recovery Scan Tool (x64) Version:18-10-2015

Ran by Dean (2015-10-20 21:01:02)

Running from C:\Users\Dean\Downloads

Windows 10 Home (X64) (2015-08-06 04:22:58)

Boot Mode: Normal

==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2106972356-197434514-2111516588-500 - Administrator - Disabled) => C:\Users\Administrator

Dean (S-1-5-21-2106972356-197434514-2111516588-1001 - Administrator - Enabled) => C:\Users\Dean

DefaultAccount (S-1-5-21-2106972356-197434514-2111516588-503 - Limited - Disabled)

Guest (S-1-5-21-2106972356-197434514-2111516588-501 - Limited - Disabled)

HomeGroupUser$ (S-1-5-21-2106972356-197434514-2111516588-1005 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Reader XI MUI (HKLM-x32\...\{AC76BA86-7AD7-FFFF-7B44-AB0000000001}) (Version: 11.0.00 - Adobe Systems Incorporated)

ANT Drivers Installer x64 (Version: 2.3.4 - Garmin Ltd or its subsidiaries) Hidden

Apple Application Support (64-bit) (HKLM\...\{C9C0FE2C-602E-49D7-8C42-5B9E8FF04798}) (Version: 4.0.2 - Apple Inc.)

Apple Mobile Device Support (HKLM\...\{FD244E19-6EFE-4A2D-948A-0D45D4C168BE}) (Version: 9.0.0.26 - Apple Inc.)

Apple Software Update (HKLM-x32\...\{FFD1F7F1-1AC9-4BC4-A908-0686D635ABAF}) (Version: 2.1.4.131 - Apple Inc.)

Bonjour (HKLM\...\{56DDDFB8-7F79-4480-89D5-25E1F52AB28F}) (Version: 3.1.0.1 - Apple Inc.)

CCleaner (HKLM\...\CCleaner) (Version: 5.07 - Piriform)

DTS Sound (HKLM-x32\...\{5A5BA3BD-630B-4707-A46C-788CF6A82AD9}) (Version: 1.00.0057 - DTS, Inc.)

Elevated Installer (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden

Fitbit Connect (HKLM-x32\...\{9EC69368-C1C7-48BA-AD93-01EFC142DDF9}) (Version: 2.0.0.6630 - Fitbit Inc.)

Garmin Express (HKLM-x32\...\{44d9dfc0-3a4a-4439-870f-f97550a9bc8d}) (Version: 4.1.8.0 - Garmin Ltd or its subsidiaries)

Garmin Express (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden

Garmin Express Tray (x32 Version: 4.1.8.0 - Garmin Ltd or its subsidiaries) Hidden

Google Chrome (HKLM-x32\...\Google Chrome) (Version: 46.0.2490.71 - Google Inc.)

Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden

Intel® Management Engine Components (HKLM-x32\...\{65153EA5-8B6E-43B6-857B-C6E4FC25798A}) (Version: 8.1.30.1349 - Intel Corporation)

Intel® Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.3345 - Intel Corporation)

Intel® Rapid Storage Technology (HKLM\...\{409CB30E-E457-4008-9B1A-ED1B9EA21140}) (Version: 12.0.4.1001 - Intel Corporation)

Intel® SDK for OpenCL - CPU Only Runtime Package (HKLM-x32\...\{FCB3772C-B7D0-4933-B1A9-3707EBACC573}) (Version: 2.0.0.37149 - Intel Corporation)

Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden

iTunes (HKLM\...\{88509E20-3936-4D88-A1C0-B274C7BB5151}) (Version: 12.3.0.44 - Apple Inc.)

Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)

Microsoft Office (HKLM-x32\...\{90150000-0138-0409-0000-0000000FF1CE}) (Version: 15.0.4454.1510 - Microsoft Corporation)

Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)

Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)

Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)

Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)

Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)

Microsoft XNA Framework Redistributable 4.0 (HKLM-x32\...\{2BFC7AA0-544C-4E3A-8796-67F3BE655BE9}) (Version: 4.0.20823.0 - Microsoft Corporation)

Minecraft (HKLM-x32\...\{1C16BCA3-EBC1-49F6-8623-8FBFB9CCC872}) (Version: 1.0.3.0 - Mojang)

MSXML 4.0 SP3 Parser (KB2758694) (HKLM-x32\...\{1D95BA90-F4F8-47EC-A882-441C99D30C1E}) (Version: 4.30.2117.0 - Microsoft Corporation)

PlayReady PC Runtime amd64 (HKLM\...\{BCA9334F-B6C9-4F65-9A73-AC5A329A4D04}) (Version: 1.3.0 - Microsoft Corporation)

Qualcomm Atheros Communications Inc.® AR81Family Gigabit/Fast Ethernet Driver (HKLM-x32\...\{3108C217-BE83-42E4-AE9E-A56A2A92E549}) (Version: 2.1.0.13 - Qualcomm Atheros Communications Inc.)

Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.6865 - Realtek Semiconductor Corp.)

Realtek USB Card Reader (HKLM-x32\...\{1E496A68-4943-424E-829D-5C3C85B7B8F2}) (Version: 6.2.9200.39041 - Realtek Semiconductor Corp.)

Realtek WLAN Driver (HKLM-x32\...\{9D3D8C60-A55F-4fed-B2B9-173001290E16}) (Version: 2.00.0021 - REALTEK Semiconductor Corp.)

Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)

Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)

SketchUp 2015 (HKLM\...\{350488A4-1540-4103-8F01-B27503891EB0}) (Version: 15.3.331 - Trimble Navigation Limited)

Skype™ 7.2 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.2.103 - Skype Technologies S.A.)

Synaptics Pointing Device Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.16.3 - Synaptics Incorporated)

TOSHIBA Application Installer (HKLM-x32\...\{970472D0-F5F9-4158-A6E3-1AE49EFEF2D3}) (Version: 9.0.1.5 - TOSHIBA)

TOSHIBA Audio Enhancement (HKLM\...\{1515F5E3-29EA-4CD1-A981-032D88880F09}) (Version: 2.0.15.4 - Toshiba Corporation)

Toshiba Book Place (HKLM-x32\...\{11244D6B-9842-440F-8579-6A4D771A0D9B}) (Version: 3.3.9661 - K-NFB Reading Technology, Inc.)

TOSHIBA Desktop Assist (HKLM\...\{95CCACF0-010D-45F0-82BF-858643D8BC02}) (Version: 1.01.02.6405 - Toshiba Corporation)

TOSHIBA eco Utility (HKLM\...\{5944B9D4-3C2A-48DE-931E-26B31714A2F7}) (Version: 2.0.3.6403 - Toshiba Corporation)

TOSHIBA Function Key (HKLM\...\{16562A90-71BC-41A0-B890-D91B0C267120}) (Version: 1.00.6629.6406 - Toshiba Corporation)

TOSHIBA Password Utility (HKLM-x32\...\{B1786E63-2127-42C9-95A3-146E5F727BF1}) (Version: v2.0.0.7 - Toshiba Corporation)

TOSHIBA Quality Application (HKLM-x32\...\{E69992ED-A7F6-406C-9280-1C156417BC49}) (Version: 1.0.8 - TOSHIBA)

TOSHIBA Recovery Media Creator (HKLM-x32\...\{B65BBB06-1F8E-48F5-8A54-B024A9E15FDF}) (Version: 3.0.01.55004008 - Toshiba Corporation)

TOSHIBA Resolution+ Plug-in for Windows Media Player (HKLM-x32\...\{6CB76C9D-80C2-4CB3-A4CD-D96B239E3F94}) (Version: 1.2.5.03 - Toshiba Corporation)

TOSHIBA Service Station (HKLM\...\{6499E894-43F8-458B-AE35-724F4732BCDE}) (Version: 2.5.6 - Toshiba Corporation)

TOSHIBA System Driver (HKLM-x32\...\{1E6A96A1-2BAB-43EF-8087-30437593C66C}) (Version: 1.00.0020 - Toshiba Corporation)

TOSHIBA System Settings (HKLM-x32\...\{05A55927-DB9B-4E26-BA44-828EBFF829F0}) (Version: 1.00.0007.32003 - Toshiba Corporation)

TOSHIBA User's Guide (HKLM-x32\...\{3384E1D9-3F18-4A98-8655-180FEF0DFC02}) (Version: 1.00.02 - TOSHIBA)

TOSHIBA VIDEO PLAYER (HKLM\...\{FF07604E-C860-40E9-A230-E37FA41F103A}) (Version: 5.3.5.59 - Toshiba Corporation)

vdsmgr manager (HKLM-x32\...\vdsmgr manager) (Version: 15.1.51.92 - Win Developers Team)

Windows Driver Package - Dynastream Innovations, Inc. ANT LibUSB Drivers (04/11/2012 1.2.40.201) (HKLM\...\F9D2A789F9CFF8CEC36B544F53877C80F1F73C46) (Version: 04/11/2012 1.2.40.201 - Dynastream Innovations, Inc.)

Windows Driver Package - Silicon Labs Software (DSI_SiUSBXp_3_1) USB (02/06/2007 3.1) (HKLM\...\D1506E0025B5A3F9EB8270FE81C1EEDD9388B8A2) (Version: 02/06/2007 3.1 - Silicon Labs Software)

Yahoo! Messenger (HKLM-x32\...\Yahoo! Messenger) (Version: - Yahoo! Inc.)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2106972356-197434514-2111516588-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)

==================== Restore Points =========================

03-10-2015 08:51:39 Installed Minecraft

13-10-2015 23:00:12 Windows Update

17-10-2015 15:34:14 Windows Update

18-10-2015 17:38:58 Revo Uninstaller's restore point - YTDownloader

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {06DDD38E-4998-481C-A7CD-52A7FA58304F} - System32\Tasks\Norton Anti-Theft\Norton Error Analyzer => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe

Task: {10D173BC-43D3-4657-BE6A-E666792DA2DA} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-13] (Microsoft Corporation)

Task: {1EA67F80-25F8-475C-839B-79401E4F7037} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION

Task: {263D32AB-55A1-429B-BC2C-02A8A7C9A2AC} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION

Task: {2722CF76-0A83-4F18-9628-BE157E40840D} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION

Task: {2C2E6983-0AC1-4CEC-B9EF-1F7FF109680B} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-14] (Google Inc.)

Task: {2EB7A469-E4CA-4FD4-848E-BA4F276BFD5C} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION

Task: {357059A4-EF62-4F2D-9D9E-A04511B7CC88} - \SmartWeb Upgrade Trigger Task -> No File <==== ATTENTION

Task: {3C30E072-BA0B-4360-892B-61466671FDC9} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION

Task: {3D8AEE08-5745-4BD8-985A-28DD65CAA635} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-14] (Google Inc.)

Task: {3E1EC4E1-F179-4A25-82F2-68FEBC921C62} - \snp -> No File <==== ATTENTION

Task: {3FC527E6-5CA3-430E-9685-3666178610AF} - \Smp -> No File <==== ATTENTION

Task: {4576FC77-E161-423E-B339-CD9C9333AEE7} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION

Task: {4641F2DB-EF28-4241-9B26-7275C2703D73} - \snf -> No File <==== ATTENTION

Task: {474CCC1D-3438-46EA-A908-40B54A6B7893} - System32\Tasks\Norton Anti-Theft\Norton Error Processor => C:\Program Files (x86)\Norton Anti-Theft\Engine\1.10.0.9\SymErr.exe

Task: {4E4503D6-9831-4579-8DFD-BF8DF3263945} - \SPBIW_UpdateTask_Time_323439303131323637382d2a55456c2d5a34575b413234 -> No File <==== ATTENTION

Task: {4F4408C9-910F-4BFC-BF64-1CFF598CD71B} - \One System Care Monitor -> No File <==== ATTENTION

Task: {4F77D8A1-54CE-4C53-B3BB-1F434436B2CF} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION

Task: {52053390-6403-42E6-B0D4-D15A9A2DD284} - \Inst_Rep -> No File <==== ATTENTION

Task: {5A09DC67-C552-483D-8B47-900FF77B5BB0} - \IBUpd -> No File <==== ATTENTION

Task: {5E6BAD8E-CF3D-4885-9079-727FECD9C0A8} - \WindApp Update -> No File <==== ATTENTION

Task: {62C59948-0239-4422-8D7E-4FDCE07DE9D7} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2015-08-27] (Apple Inc.)

Task: {78C50C62-2EEA-4AF5-849F-5E7076E57E0A} - System32\Tasks\TOSHIBA\Service Station => C:\Program Files\TOSHIBA\Toshiba Service Station\ToshibaServiceStation.exe [2013-03-19] (TOSHIBA Corporation)

Task: {8474A7CD-7D27-4415-ADC0-8DAC32750518} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-06-01] (Piriform Ltd)

Task: {8D47DEA1-7162-4FA4-85E6-36B8529EAC02} - System32\Tasks\GarminUpdaterTask => C:\Program Files (x86)\Garmin\Express SelfUpdater\ExpressSelfUpdater.exe [2015-09-11] ()

Task: {8DE66AA4-BA96-4670-AC05-DB3F7BC81430} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

Task: {967EF386-20E7-4A5D-978D-E8AF6310120B} - System32\Tasks\Synaptics TouchPad Enhancements => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [2015-08-06] (Synaptics Incorporated)

Task: {9A5D1168-BEE0-4015-B517-E83A25E5F4DF} - \Selection Tools Update -> No File <==== ATTENTION

Task: {A39F895E-2D34-4763-B63A-881BACCD9C11} - \SMW_UpdateTask_Time_323439303131323637382d2a55456c2d5a34575b413234 -> No File <==== ATTENTION

Task: {B5A3D792-3BF1-4477-A406-F174CB0FDC9D} - \ShopperProJSUpd -> No File <==== ATTENTION

Task: {BF7F86C2-DD5D-4BC0-B3F6-B8D4361ABA96} - \SwiftSearch Auto Updater 1.10.0.25 Pending Update -> No File <==== ATTENTION

Task: {D5C17015-EDC3-4E07-B888-80041885F842} - \One System Care Run Delay -> No File <==== ATTENTION

Task: {DA769271-468D-48F7-960B-A384457EE313} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION

Task: {EA262D4C-42DE-437A-9A51-39596AEBF2AA} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION

Task: {EAD00C26-AABC-43DA-B3C7-43E52A5C2804} - \SwiftSearch Auto Updater 1.10.0.25 Core -> No File <==== ATTENTION

Task: {F38C92A3-66E3-4303-BC80-F3311EFF6E01} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

Task: C:\WINDOWS\Tasks\Synaptics TouchPad Enhancements.job => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-06 03:43 - 2015-08-06 03:43 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll

2013-03-25 19:44 - 2013-03-25 19:44 - 00016720 _____ () C:\Program Files (x86)\DTS, Inc\DTS Studio Sound\dts_apo_service.exe

2015-08-18 22:41 - 2015-08-11 05:14 - 00404480 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll

2015-05-15 16:26 - 2015-05-15 16:26 - 00085832 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\zlib1.dll

2015-09-15 14:25 - 2015-09-15 14:25 - 01328912 _____ () C:\Program Files\Common Files\Apple\Apple Application Support\libxml2.dll

2015-09-30 21:39 - 2015-09-17 02:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll

2015-09-30 21:39 - 2015-09-17 02:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll

2015-09-30 21:38 - 2015-09-17 01:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll

2015-07-10 06:59 - 2015-07-10 06:59 - 00143360 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll

2015-09-30 21:39 - 2015-09-17 01:44 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll

2015-09-30 21:38 - 2015-09-17 01:42 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll

2015-09-30 21:38 - 2015-09-17 01:42 - 01808384 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll

2015-09-30 21:39 - 2015-09-17 01:43 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll

2015-07-10 07:00 - 2015-07-10 09:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll

2012-07-18 21:38 - 2012-07-18 21:38 - 00020904 _____ () C:\Program Files\TOSHIBA\Hotkey\SmoothView.dll

2015-10-03 14:54 - 2015-10-03 14:54 - 00012288 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.exe

2015-10-03 14:54 - 2015-10-03 14:54 - 10814464 _____ () C:\Program Files\WindowsApps\Microsoft.Windows.Photos_15.1001.16470.0_x64__8wekyb3d8bbwe\Microsoft.Photos.dll

2015-10-07 20:51 - 2015-10-07 20:51 - 08395776 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.10.5.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll

2015-10-07 20:51 - 2015-10-07 20:51 - 02311680 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.10.5.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll

2013-09-20 01:17 - 2013-01-14 13:25 - 01200088 _____ () C:\Program Files (x86)\Intel\Intel® Management Engine Components\UNS\ACE.dll

2014-12-11 17:40 - 2014-12-11 17:40 - 40622592 ____R () C:\Program Files (x86)\Fitbit Connect\libcef.dll

2015-10-15 10:20 - 2015-10-08 20:53 - 01532744 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libglesv2.dll

2015-10-15 10:20 - 2015-10-08 20:53 - 00081224 _____ () C:\Program Files (x86)\Google\Chrome\Application\46.0.2490.71\libegl.dll

2015-10-15 21:01 - 2015-10-15 13:20 - 16493256 _____ () C:\Users\Dean\AppData\Local\Google\Chrome\User Data\PepperFlash\19.0.0.226\pepflashplayer.dll

2015-08-19 04:25 - 2015-08-19 04:25 - 50411008 _____ () C:\Program Files (x86)\vdsmgr\libcef.dll

2015-01-14 06:55 - 2015-01-14 06:55 - 00386560 _____ () C:\Program Files (x86)\vdsmgr\log4cplusU.dll

2015-08-19 04:25 - 2015-08-19 04:25 - 01874432 _____ () C:\Program Files (x86)\vdsmgr\libglesv2.dll

2015-08-19 04:25 - 2015-08-19 04:25 - 00075264 _____ () C:\Program Files (x86)\vdsmgr\libegl.dll

2015-08-25 04:39 - 2015-08-25 04:39 - 16392904 _____ () C:\Program Files (x86)\vdsmgr\plugins\pepflashplayer32_18_0_0_232.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\Reprise:wupeogjxldtlfudivq`qsp`26hfm

AlternateDataStreams: C:\Users\Dean\OneDrive:ms-properties

AlternateDataStreams: C:\Users\Dean\SkyDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2106972356-197434514-2111516588-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Dean\AppData\Local\Microsoft\Windows\Themes\RoamedThemeFiles\DesktopBackground\internet explorer wallpaper.bmp

DNS Servers: 75.75.76.76 - 75.75.75.75

HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)

Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2106972356-197434514-2111516588-1001\...\StartupApproved\Run: => "Messenger (Yahoo!)"

HKU\S-1-5-21-2106972356-197434514-2111516588-1001\...\StartupApproved\Run: => "GarminExpressTrayApp"

HKU\S-1-5-21-2106972356-197434514-2111516588-1001\...\StartupApproved\Run: => "Pokki"

HKU\S-1-5-21-2106972356-197434514-2111516588-1001\...\StartupApproved\Run: => "Skype"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

FirewallRules: [UDP Query User{5B5BC03E-A486-4459-B8D4-CC949C1070FF}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe

FirewallRules: [TCP Query User{AC9D4CE6-13FE-4144-BB0F-A0F784D0D435}C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe] => (Block) C:\program files (x86)\yahoo!\messenger\yahoomessenger.exe

FirewallRules: [{93AB9907-2FE8-4197-89EA-EC92F71E2725}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [{70AD900B-35B6-49DB-9791-BB84CD4B888E}] => (Allow) C:\Program Files (x86)\Yahoo!\Messenger\YahooMessenger.exe

FirewallRules: [TCP Query User{E5817330-BA18-468A-9976-D3B2959139BA}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [UDP Query User{8AB52210-BC2C-4B58-9524-38909FC33DD2}C:\program files (x86)\skype\phone\skype.exe] => (Block) C:\program files (x86)\skype\phone\skype.exe

FirewallRules: [{B431D191-5B0D-4FA9-954B-291A18F0CAD5}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{88833954-7A06-414B-8244-70E626CE5A9F}] => (Allow) C:\Program Files\Bonjour\mDNSResponder.exe

FirewallRules: [{7D63F5EB-D931-4BB1-ADB9-D0C167B40CA0}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{131023D3-0F5B-450E-B0A3-001C8D346F59}] => (Allow) C:\Program Files (x86)\Bonjour\mDNSResponder.exe

FirewallRules: [{18CC6C7E-84E7-4D7A-90D6-EA35B15A1C4E}] => (Allow) C:\Program Files\iTunes\iTunes.exe

FirewallRules: [{3B7EE382-3D49-4DC0-8334-14A666B71513}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

FirewallRules: [{E279C8C5-C3B9-411C-A47F-E853189305B4}] => (Allow) 㩃啜敳獲䑜慥屮灁䑰瑡屡潒浡湩屧摶浳牧癜獤杭⹲硥e

FirewallRules: [{FCBBBE1A-4412-40CD-B826-0C1FFE5BC75C}] => (Allow) 㩃啜敳獲䑜慥屮灁䑰瑡屡潒浡湩屧摶浳牧畜摰瑡獥牥楶散攮數

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:

==================

Error: (10/20/2015 01:04:05 AM) (Source: Application Hang) (EventID: 1002) (User: )

Description: The program chrome.exe version 46.0.2490.71 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: 1cbc

Start Time: 01d10af4af8f7a46

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: fbda7440-76e7-11e5-826b-008cfa734ef9

Faulting package full name:

Faulting package-relative application ID:

Error: (10/20/2015 01:03:37 AM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 1bf8

Start Time: 01d10af4a488c6e4

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: eb1a56cd-76e7-11e5-826b-008cfa734ef9

Faulting package full name:

Faulting package-relative application ID:

Error: (10/19/2015 11:36:15 PM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 1d5c

Start Time: 01d10ae8606f70a5

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: b6926547-76db-11e5-826b-008cfa734ef9

Faulting package full name:

Faulting package-relative application ID:

Error: (10/19/2015 11:34:35 PM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 1e4c

Start Time: 01d10ae7e3e331b3

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: 7b10abad-76db-11e5-826b-008cfa734ef9

Faulting package full name:

Faulting package-relative application ID:

Error: (10/19/2015 10:10:48 PM) (Source: Application Hang) (EventID: 1002) (User: )

Process ID: 2540

Start Time: 01d10adaba032c53

Termination Time: 4294967295

Application Path: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

Report Id: c5db6581-76cf-11e5-826b-008cfa734ef9

Faulting package full name:

Faulting package-relative application ID:

Error: (10/19/2015 09:57:35 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: Local Hostname DeansPC.local already in use; will try DeansPC-2.local instead

Error: (10/19/2015 09:57:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: ProbeCount 2; will deregister 4 DeansPC.local. Addr 10.0.0.7

Error: (10/19/2015 09:57:34 PM) (Source: Bonjour Service) (EventID: 100) (User: )

Description: mDNSCoreReceiveResponse: Received from 10.0.0.7:5353 16 DeansPC.local. AAAA 2601:0548:4101:2660:650F:8102:E221:3DB0

Error: (10/19/2015 08:12:37 AM) (Source: Application Error) (EventID: 1000) (User: )

Description: Faulting application name: vdsmgr.exe, version: 1.0.0.2, time stamp: 0x5602b03b

Faulting module name: libcef.dll, version: 3.2454.1308.0, time stamp: 0x55d43b7a

Exception code: 0x80000003

Fault offset: 0x001792b9

Faulting process id: 0x2590

Faulting application start time: 0xvdsmgr.exe0

Faulting application path: vdsmgr.exe1

Faulting module path: vdsmgr.exe2

Report Id: vdsmgr.exe3

Faulting package full name: vdsmgr.exe4

Faulting package-relative application ID: vdsmgr.exe5

Error: (10/19/2015 03:57:50 AM) (Source: ESENT) (EventID: 413) (User: )

Description: SettingSyncHost (6028) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

System errors:

=============

Error: (10/20/2015 08:32:35 PM) (Source: bowser) (EventID: 8003) (User: )

Description: The master browser has received a server announcement from the computer ADMINIB-ODVLBB4

that believes that it is the master browser for the domain on transport NetBT_Tcpip_{F95690AD-E721-40F7-BA8B-AC2EC40E6954}.

The master browser is stopping or an election is being forced.

Error: (10/19/2015 11:34:38 PM) (Source: DCOM) (EventID: 10010) (User: NT AUTHORITY)

Description: {784E29F4-5EBE-4279-9948-1E8FE941646D}

Error: (10/19/2015 10:33:08 PM) (Source: DCOM) (EventID: 10010) (User: DEANSPC)

Description: {9BA05972-F6A8-11CF-A442-00A0C90A8F39}

Error: (10/19/2015 10:33:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the Sync Host_Session2 service to connect.

Error: (10/19/2015 10:33:07 PM) (Source: Service Control Manager) (EventID: 7009) (User: )

Description: A timeout was reached (30000 milliseconds) while waiting for the User Data Storage_Session2 service to connect.

Error: (10/19/2015 10:33:07 PM) (Source: Service Control Manager) (EventID: 7032) (User: )

Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the User Data Storage_Session2 service, but this action failed with the following error:

%%1056

Error: (10/19/2015 10:32:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The User Data Access_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/19/2015 10:32:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The User Data Storage_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/19/2015 10:32:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Contact Data_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (10/19/2015 10:32:57 PM) (Source: Service Control Manager) (EventID: 7031) (User: )

Description: The Sync Host_Session2 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

CodeIntegrity:

===================================

Date: 2015-10-20 20:35:53.381

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Bonjour\mdnsNSP.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-20 20:35:53.359

Date: 2015-10-20 20:34:27.920

Date: 2015-10-20 20:34:27.891

Date: 2015-10-20 20:34:27.418

Date: 2015-10-20 20:34:27.392

Date: 2015-10-20 00:12:11.276

Description: Code Integrity determined that a process (\Device\HarddiskVolume4\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume4\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-10-19 00:17:08.213

Date: 2015-10-19 00:17:08.190

Date: 2015-10-18 23:37:32.168

==================== Memory info ===========================

Processor: Intel® Core™ i3-3120M CPU @ 2.50GHz

Percentage of memory in use: 36%

Total physical RAM: 8071.27 MB

Available physical RAM: 5136.43 MB

Total Virtual: 9351.27 MB

Available Virtual: 5741.84 MB

==================== Drives ================================

Drive c: (TI10664600G) (Fixed) (Total:685.27 GB) (Free:635.46 GB) NTFS

==================== MBR & Partition Table ==================

========================================================

Disk: 0 (Size: 698.6 GB) (Disk ID: 00000000)

Partition: GPT.

==================== End of Addition.txt ============================

Advertisements

Register to Remove

#2 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 21 October 2015 - 03:43 PM

:welcome:

Lets do some general cleanup and go from there

-AdwCleaner-by Xplode

Click on this link to download : ADWCleaner TO YOUR DESKTOP

Click on ONE of the Two Blue Download Now buttons That have a blue arrow beside them and save it to your desktop.

Use my link only, do not do a search for AdwCleaner as there is a bogus copy going around by scammers

Do not click on any links in the top Advertisment.

Close all open programs and internet browsers.

Double click on AdwCleaner.exe to run the tool.

Click on Scan.

After the scan is complete click on "Clean"

Confirm each time with Ok.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the content of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

===============================================================================

Please download Junkware Removal Tool TO YOUR DESKTOP

Download the one from Bleeping Computer

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

===============================================================================

Download Malwarebytes' Anti-Malware TO YOUR DESKTOP

Windows XP : Double click on the icon to run it.

Windows Vista, Windows 7 & 8 : Right click and select "Run as Administrator"

0841859c-1a35-4dbd-b41a-e720629e3e22_zps

On the Dashboard click on Update Now

Go to the Setting Tab

Under Setting go to Detection and Protection

Under PUP and PUM make sure both are set to show Treat Detections as Malware

Go to Advanced setting and make sure Automatically Quarantine Detected Items is checked

Then on the Dashboard click on Scan

Make sure to select THREAT SCAN

Then click on Scan

When the scan is finished on the bottom right click on SAVE RESULTS then select Copy to Clipboard

Please paste the log back into this thread for review

Exit Malwarebytes

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#3 Dean N

Authentic Member

Authentic Member
152 posts

Posted 21 October 2015 - 07:01 PM

Hi Ken,

Thank you for your help.

# AdwCleaner v5.014 - Logfile created 21/10/2015 at 19:46:17

# Updated 18/10/2015 by Xplode

# Database : 2015-10-18.5 [Server]

# Operating system : Windows 10 Home (x64)

# Username : Dean - DEANSPC

# Running from : C:\Users\Dean\Downloads\AdwCleaner (1).exe

# Option : Cleaning

# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

[-] Folder Deleted : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk

[!] Folder Not Deleted : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk

***** [ Files ] *****

[-] File Deleted : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jcgcoifbkbphhjnekfkmohklfaimhikk_0.localstorage

[-] File Deleted : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jcgcoifbkbphhjnekfkmohklfaimhikk_0.localstorage-journal

[-] File Deleted : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jcgcoifbkbphhjnekfkmohklfaimhikk_0.localstorage

[-] File Deleted : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_jcgcoifbkbphhjnekfkmohklfaimhikk_0.localstorage-journal

[-] File Deleted : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage

[-] File Deleted : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_nps.pastaleads.com_0.localstorage-journal

[-] File Deleted : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage

[-] File Deleted : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxp_pstatic.bestpriceninja.com_0.localstorage-journal

[-] File Deleted : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage

[-] File Deleted : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_pstatic.bestpriceninja.com_0.localstorage-journal

[-] File Deleted : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage

[-] File Deleted : C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\hxxps_hdapp1008-a.akamaihd.net_0.localstorage-journal

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{0014298C-A9BA-440D-AAA8-AD12C7010EE5}

[-] Key Deleted : HKLM\SYSTEM\CurrentControlSet\Control\Class\{181A06EA-B82C-47DE-B851-E20FD0E1CC7D}

***** [ Web browsers ] *****

[-] [C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Secure Preferences] [Extension] Deleted : jcgcoifbkbphhjnekfkmohklfaimhikk

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C2].txt - [3167 bytes] ##########

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Junkware Removal Tool (JRT) by Malwarebytes

Version: 7.6.4 (09.28.2015:1)

OS: Windows 10 Home x64

Ran by Dean on Wed 10/21/2015 at 19:53:15.67

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

~~~ Registry Values

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Bar

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Search Page

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Search\\Default_Search_URL

Successfully repaired: [Registry Value] HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\SearchURL\\Default

Successfully repaired: [Registry Value] HKEY_LOCAL_MACHINE\Software\Microsoft\Internet Explorer\SearchURL\\Default

Successfully repaired: [Registry Value] HKEY_USERS\.DEFAULT\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-18\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-19\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-20\Software\Microsoft\Internet Explorer\Main\\Start Page

Successfully repaired: [Registry Value] HKEY_USERS\S-1-5-21-2106972356-197434514-2111516588-1001\Software\Microsoft\Internet Explorer\Main\\Start Page

~~~ Registry Keys

Successfully deleted: [Registry Key] HKEY_CURRENT_USER\Software\Policies\Microsoft\Internet Explorer

~~~ Files

Successfully deleted: [File] C:\WINDOWS\SysWOW64\findit.xml

~~~ Folders

Successfully deleted: [Folder] C:\Users\Dean\Appdata\Local\crashrpt

Successfully deleted: [Folder] C:\Users\Dean\Appdata\Local\installer

Successfully deleted: [Folder] C:\Users\Dean\AppData\Roaming\itibiti

Successfully deleted: [Folder] C:\WINDOWS\SysWOW64\ai_recyclebin

~~~ Chrome

Successfully deleted: [Folder] C:\Users\Dean\Appdata\Local\Google\Chrome\User Data\Default\Extensions\icpgjfneehieebagbmdbhnlpiopdcmna

[C:\Users\Dean\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - default search provider reset

[C:\Users\Dean\Appdata\Local\Google\Chrome\User Data\Default\Preferences] - Extensions Deleted:

icpgjfneehieebagbmdbhnlpiopdcmna

[C:\Users\Dean\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - default search provider reset

[C:\Users\Dean\Appdata\Local\Google\Chrome\User Data\Default\Secure Preferences] - Extensions Deleted:

[

icpgjfneehieebagbmdbhnlpiopdcmna

]

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Scan was completed on Wed 10/21/2015 at 19:56:32.98

End of JRT log

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Malwarebytes Anti-Malware

www.malwarebytes.org

Scan Date: 10/21/2015

Scan Time: 8:03 PM

Logfile:

Administrator: Yes

Version: 2.2.0.1024

Malware Database: v2015.10.21.07

Rootkit Database: v2015.10.16.01

License: Free

Malware Protection: Disabled

Malicious Website Protection: Disabled

Self-protection: Disabled

OS: Windows 10

CPU: x64

File System: NTFS

User: Dean

Scan Type: Threat Scan

Result: Completed

Objects Scanned: 379793

Time Elapsed: 19 min, 6 sec

Memory: Enabled

Startup: Enabled

Filesystem: Enabled

Archives: Enabled

Rootkits: Disabled

Heuristics: Enabled

PUP: Enabled

PUM: Enabled

Processes: 0

(No malicious items detected)

Modules: 0

(No malicious items detected)

Registry Keys: 5

PUP.Optional.Linkury, HKLM\SOFTWARE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, , [5f3c65f4cfbc2a0c9ea94b4982810af6],

PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\IELNKSRCH, , [4c4f17424b4076c08e810341a360946c],

PUP.Optional.Linkury, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\WINDOWS\CURRENTVERSION\APP PATHS\Stpro.exe, , [118a99c0f596e25496b1662e2dd6ac54],

Adware.NowUSeeIt, HKU\S-1-5-21-2106972356-197434514-2111516588-1001\SOFTWARE\NowUSeeItPlayer, , [762589d00883b581bc796456e51efd03],

PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2106972356-197434514-2111516588-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{IELNKSRCH}, , [72290a4fb0db55e1f8511459bd45ec14],

Registry Values: 6

PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|DisplayName, Search the web, , [4c4f17424b4076c08e810341a360946c]

PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\ielnksrch|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWvsniqknnm6GRBGUgaT078BkXjyjxaXscGfhkl2kZWRygpn8bCXKYWybpld96__8te704cR5xCRfJPHae-eLA6rQTaUscxMSp5g4Ip2k050q0LxzG5sJ5j23U1A7atPf4-PeETrQFP2ycyY7KupmEeNTc6A,,&q={searchTerms}, , [a0fb4712c8c35dd94ac677cd7390a25e]

PUP.Optional.Linkury, HKU\S-1-5-21-2106972356-197434514-2111516588-1001\ENVIRONMENT|SNF, C:\ProgramData\Flexfixs\snp.sc, , [dac15efbe1aa9e9857b57eebe1229868]

PUP.Optional.Linkury, HKU\S-1-5-21-2106972356-197434514-2111516588-1001\ENVIRONMENT|SNP, http://%66%65%65%64.%73%6E%61%70%64%6F.%63%6F%6D?publisher=APSnapdoAMRev&co=US&userid=fc037d1a-b26e-4b14-7886-fb9ebda480ae&searchtype=sc&installDate=18/10/2015&barcodeid=50027003&channelid=3, , [0a91203929622412ec21d1982ad9ed13]

PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2106972356-197434514-2111516588-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|DisplayName, Search the web, , [72290a4fb0db55e1f8511459bd45ec14]

PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2106972356-197434514-2111516588-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES\{ielnksrch}|URL, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWvsniqknnm6GRBGUgaT078BkXjyjxaXscGfhkl2kZWRygpn8bCXKYWybpld96__8te704cR5xCRfJPHae-eLA6rQTaUscxMSp5g4Ip2k050q0LxzG5sJ5j23U1A7atPf4-PeETrQFP2ycyY7KupmEeNTc6A,,&q={searchTerms}, , [5d3e75e4cdbe9f978a83192b34cf8b75]

Registry Data: 3

PUP.Optional.Linkury.ShrtCln, HKLM\SOFTWARE\WOW6432NODE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),,[cfcc51086f1c71c544ee57d60ff5837d]

PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2106972356-197434514-2111516588-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\MAIN|SearchAssistant, http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWvsniqknnm6GRBGUgaT078BkXjyjxaXscGfhkl2kZWRygpn8bCXKYWybpld96__8te704cR5xCRfJPHae-eLA6rQTaUscxMSp5g4Ip2k050q0LxzG5sJ5j23U1A7atPf4-PeETrQFP2ycyY7KupmEeNTc6A,,&q={searchTerms}, Good: (www.google.com), Bad: (http://%66%65%65%64.%73%6F%6E%69%63-%73%65%61%72%63%68.%63%6F%6D/?p=mKO_AwFzXIpYRaHdGIjVkxlyIP4NYe17aVLWvsniqknnm6GRBGUgaT078BkXjyjxaXscGfhkl2kZWRygpn8bCXKYWybpld96__8te704cR5xCRfJPHae-eLA6rQTaUscxMSp5g4Ip2k050q0LxzG5sJ5j23U1A7atPf4-PeETrQFP2ycyY7KupmEeNTc6A,,&q={searchTerms}),,[712a4a0fc0cbef470f1d41ec57adf40c]

PUP.Optional.Linkury.ShrtCln, HKU\S-1-5-21-2106972356-197434514-2111516588-1001\SOFTWARE\MICROSOFT\INTERNET EXPLORER\SEARCHSCOPES|DefaultScope, {ielnksrch}, Good: ({0633EE93-D776-472f-A0FF-E1416B8B2E3A}), Bad: ({ielnksrch}),,[cccf5ffa0c7fb77f1a156cc155aff10f]

Folders: 8

PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk, , [c7d43821a4e7eb4b3014135644be7888],

PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_0, , [c7d43821a4e7eb4b3014135644be7888],

PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_0\_locales, , [c7d43821a4e7eb4b3014135644be7888],

PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_0\_locales\en, , [c7d43821a4e7eb4b3014135644be7888],

PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_0\_locales\en_US, , [c7d43821a4e7eb4b3014135644be7888],

PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_0\_metadata, , [c7d43821a4e7eb4b3014135644be7888],

PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Flexfixs, , [1982da7f97f441f597fcdd74659fd32d],

Files: 25

PUP.Optional.PricePeep, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage, , [2c6f9cbd0a817bbb7adb1c5a38cb55ab],

PUP.Optional.PricePeep, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.pricepeep00.pricepeep.net_0.localstorage-journal, , [e2b92336fb90e94d98bd5d1939cab050],

PUP.Optional.PastaLeads, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage, , [950677e27615ec4a8874fb9b50b334cc],

PUP.Optional.PastaLeads, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_nps.pastaleads.com_0.localstorage-journal, , [c0dbcc8de3a8c3731ddf474f31d24eb2],

PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage, , [a3f8421799f2a393bf3ee7af1be808f8],

PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\https_static.re-markit00.re-markit.co_0.localstorage-journal, , [3f5c85d4c1cab87ef30a12843ac926da],

PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage, , [05964d0c9fec47ef50ad0492976c39c7],

PUP.Optional.ReMarkit.PrxySvrRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Local Storage\http_static.re-markit00.re-markit.co_0.localstorage-journal, , [a5f61049800b10263ebffe9810f327d9],

PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_0\background.html, , [c7d43821a4e7eb4b3014135644be7888],

PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_0\background.js, , [c7d43821a4e7eb4b3014135644be7888],

PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_0\ga.js, , [c7d43821a4e7eb4b3014135644be7888],

PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_0\icon_128.png, , [c7d43821a4e7eb4b3014135644be7888],

PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_0\icon_16.png, , [c7d43821a4e7eb4b3014135644be7888],

PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_0\main.js, , [c7d43821a4e7eb4b3014135644be7888],

PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_0\manifest.json, , [c7d43821a4e7eb4b3014135644be7888],

PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_0\popup.html, , [c7d43821a4e7eb4b3014135644be7888],

PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_0\popup.js, , [c7d43821a4e7eb4b3014135644be7888],

PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_0\_metadata\computed_hashes.json, , [c7d43821a4e7eb4b3014135644be7888],

PUP.Optional.EasyCalendar.ChrPRST, C:\Users\Dean\AppData\Local\Google\Chrome\User Data\Default\Extensions\jcgcoifbkbphhjnekfkmohklfaimhikk\1.0.0_0\_metadata\verified_contents.json, , [c7d43821a4e7eb4b3014135644be7888],

PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Flexfixs\ff.HP, , [1982da7f97f441f597fcdd74659fd32d],

PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Flexfixs\ff.NT, , [1982da7f97f441f597fcdd74659fd32d],

PUP.Optional.Linkury.ShrtCln, C:\ProgramData\Flexfixs\snp.sc, , [1982da7f97f441f597fcdd74659fd32d],

Physical Sectors: 0

(No malicious items detected)

(end)

#4 ken545

Forum God

Retired Classroom Teacher
23,225 posts

Interests:Fighting Malware and cooking some great Italian and TexMex food

Posted 22 October 2015 - 03:39 AM

Good Morning

Good so far, as far as Malwarebytes, those entries showed show Quarantined but they do not, they need to be gone. You might have to run Malwarebytes again and make sure there all removed

Running from C:\Users\Dean\Downloads <-- Your running FRST64 from your downloads folder, our tools and scanners work more efficiently when run from the Desktop in lieu of being buried in some folder, so go to your Downloads folder and look for FRST64, right click on it and select CUT, then come back to your Desktop and right click on a blank space and select PASTE, then we will have FRST64 exactly where we want it to be.

After you do that open up FRST64 by right clicking on it and select Run as Administrator, make sure Additions is checked, run a new scan and post both the FRST64 and Additions logs please

The forum is staffed by volunteers who donate their time and expertise.
If you feel you have been helped, please consider a donation.

Find us on Facebook
Please LIKE and SHARE

Just a reminder that threads will be closed if no reply in 3 days.

#5 Dean N

Authentic Member

Authentic Member
152 posts

Posted 22 October 2015 - 07:34 AM

Ok, I deleted the entries from Malwarebytes. I had left them in quarantine; I was unsure if you wanted me to hold them there or delete them.

I moved FRST64; here are the logs.

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:21-10-2015 01

Ran by Dean (administrator) on DEANSPC (22-10-2015 08:17:42)

Running from C:\Users\Dean\Desktop