Inactive Can't access websites in links

cluelessattech · Mar 13, 2016

I am totally clueless when it comes to computers. I am using my boyfriend's computer but he's too busy working to help me fix this. Plus, we've tried so many times already. There are constant audio ads playing in the forefront (not even background. corny joke) and sometimes several at a time. I read a post on here that had links to websites but every time I click the link it says I can't access the website. I tether my phone to the computer for internet, and I had to use my phone to download kaspersky tdsskiller and transfer it to my computer because I couldn't access their page or download it at all using the computer. The tdsskiller worked for half a day but now the ads are back. This has been going on for months now and it got to the point that we don't use the computer any more because all you can hear are these super annoying aggressive ads. Again, I have no idea what I am doing but I'm trying to understand some of the jargon used so I can fix this. In other words, I need someone with a lot of patience to help me.

cluelessattech · Mar 13, 2016

Ok I was able to download FRST on my phone and transfer it to the computer and I ran the scan. I know the next step is to copy and paste the logs but I think I will wait to see if someone responds to help first...

cluelessattech · Mar 13, 2016

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:05-03-2016 01
Ran by larry_1eh12qy (administrator) on DESKTOP-F5H5IAK (13-03-2016 10:26:59)
Running from C:\Users\larry_1eh12qy\Desktop
Loaded Profiles: larry_1eh12qy (Available Profiles: larry_1eh12qy)
Platform: Windows 10 Pro Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Chrome)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool:

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(AMD) C:\Windows\System32\atiesrxx.exe
(Hewlett-Packard Company) C:\Windows\System32\hpservice.exe
(unique) C:\Windows\plant.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(gabby) C:\Windows\experience.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Rosetta Stone Ltd.) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
(Connectify) C:\Program Files (x86)\Connectify\ConnectifyService.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectifyd.exe
(AMD) C:\Windows\System32\atieclxx.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
() C:\Program Files (x86)\visit\deranged.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Connectify) C:\Program Files (x86)\Connectify\Connectify.exe
() C:\Program Files (x86)\Faveset Klink\kclientgui.exe
(windows 99) C:\Program Files (x86)\rotten\partner.exe
() C:\Program Files (x86)\Faveset Klink\adb.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
() C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
(Microsoft Corporation) C:\Windows\SysWOW64\rdrleakdiag.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Kaspersky Lab ZAO) C:\Users\larry_1eh12qy\AppData\Local\Temp\{7623E2C9-FE00-4B8D-83F6-0F67CFF4ED9A}\{074C6B80-03C3-459F-B194-7807335B5B35}.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Google Inc.) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.ZuneVideo_3.6.15731.0_x64__8wekyb3d8bbwe\Video.UI.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-08-09] (Synaptics Incorporated)
HKLM\...\Run: [cutoauto] => C:\Program Files (x86)\rotten\pretty.exe [42736 2015-12-24] ()
HKLM\...\Run: [interpee] => C:\Program Files (x86)\rotten\partner.exe [35840 2015-12-24] (windows 99)
HKLM\...\Run: [autoauto] => C:\Program Files (x86)\rotten\partner.exe [35840 2015-12-24] (windows 99)
HKLM\...\Run: [Connectify Hotspot] => C:\Program Files (x86)\Connectify\Connectify.exe [4140088 2016-02-16] (Connectify)
HKLM-x32\...\Run: [cutoauto] => C:\Program Files (x86)\rotten\pretty.exe [42736 2015-12-24] ()
HKLM-x32\...\Run: [interpee] => C:\Program Files (x86)\rotten\partner.exe [35840 2015-12-24] (windows 99)
HKLM-x32\...\Run: [autoauto] => C:\Program Files (x86)\rotten\partner.exe [35840 2015-12-24] (windows 99)
HKU\S-1-5-21-1290549310-2546065428-2348837155-1006\...\Run: [rutoauto] => C:\Program Files (x86)\rotten\partner.exe [35840 2015-12-24] (windows 99)
HKU\S-1-5-21-1290549310-2546065428-2348837155-1006\...\Run: [dutoauto] => C:\Program Files (x86)\rotten\pretty.exe [42736 2015-12-24] ()
HKU\S-1-5-21-1290549310-2546065428-2348837155-1006\...\Run: [interpee] => C:\Program Files (x86)\rotten\partner.exe [35840 2015-12-24] (windows 99)
HKU\S-1-5-21-1290549310-2546065428-2348837155-1006\...\Policies\Explorer: [NoLowDiskSpaceChecks] 1
Startup: C:\Users\larry_1eh12qy\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\intr.lnk [2015-12-24]
ShortcutTarget: intr.lnk -> C:\Program Files (x86)\rotten\partner.exe (windows 99)

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKLM\SOFTWARE\Policies\Microsoft\Windows\CurrentVersion\Internet Settings: [ProxySettingsPerUser] 1 <======= ATTENTION (Restriction - ProxySettings)
ProxyEnable: [HKLM] => Proxy is enabled.
ProxyEnable: [HKLM-x32] => Proxy is enabled.
ProxyServer: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
ProxyServer: [HKLM-x32] => http=127.0.0.1:8877;https=127.0.0.1:8877
AutoConfigURL: [HKLM] => http=127.0.0.1:8877;https=127.0.0.1:8877
ProxyEnable: [S-1-5-21-1290549310-2546065428-2348837155-1006] => Proxy is enabled.
ProxyServer: [S-1-5-21-1290549310-2546065428-2348837155-1006] => http=127.0.0.1:8877;https=127.0.0.1:8877
Tcpip\..\Interfaces\{0081c255-8b2d-40a7-b2ac-70cf82b3098b}: [DhcpNameServer] 66.1.112.132 66.1.116.132
Tcpip\..\Interfaces\{a29e2119-c568-4d71-a1b4-3e166504b1e9}: [DhcpNameServer] 209.18.47.61 209.18.47.62
ManualProxies: 1http=127.0.0.1:8877;https=127.0.0.1:8877

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
HKU\S-1-5-21-1290549310-2546065428-2348837155-1006\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
BHO: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus64.dll [2015-09-22] (Eyeo GmbH)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\ssv.dll [2016-01-17] (Oracle Corporation)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\jp2ssv.dll [2016-01-17] (Oracle Corporation)
BHO-x32: Adblock Plus for IE Browser Helper Object -> {FFCB3198-32F3-4E8B-9539-4324694ED664} -> C:\Program Files\Adblock Plus for IE\AdblockPlus32.dll [2015-09-22] (Eyeo GmbH)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2016-01-08] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2016-01-08] (Microsoft Corporation)

FireFox:
========
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @java.com/DTPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\dtplugin\npDeployJava1.dll [2016-01-17] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.66.2 -> C:\Program Files (x86)\Java\jre1.8.0_66\bin\plugin2\npjp2.dll [2016-01-17] (Oracle Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.5\npGoogleUpdate3.dll [2016-02-05] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.2.1 -> C:\Program Files (x86)\VideoLAN\VLC\npvlc.dll [2015-04-13] (VideoLAN)
FF HKLM-x32\...\Firefox\Extensions: [jid1-xNAj4KGyf5wyhg@jetpack] - C:\Program Files (x86)\Faster Web\faster-web.xpi => not found

Chrome:
=======
CHR Profile: C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-11-20]
CHR Extension: (Google Docs) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-11-20]
CHR Extension: (Google Drive) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-11-20]
CHR Extension: (YouTube) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-11-20]
CHR Extension: (Adblock Plus) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-02-03]
CHR Extension: (Google Search) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-11-20]
CHR Extension: (Save the Day) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default\Extensions\enmmbcfhecnpnnifkdkocjabgkjpcicl [2015-12-27]
CHR Extension: (Type Scout - Better Typing!

) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default\Extensions\fedokkaolmkkoeedicihicdeppjjeamj [2015-12-27]
CHR Extension: (Google Sheets) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-11-20]
CHR Extension: (Google Docs Offline) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-11-20]
CHR Extension: (Pixlr Touch Up) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jklljiahjgoglchglekebfljnmbaleig [2015-12-27]
CHR Extension: (Night Time In New York City) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default\Extensions\jnimonidkipnhnpgkhgliocfnnpgkhek [2015-12-27]
CHR Extension: (Ball And Wall) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default\Extensions\kcmmmjjfnehcoglgiddaebjngdbgpiih [2015-12-27]
CHR Extension: (Auto HD For YouTube™) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default\Extensions\koiaokdomkpjdgniimnkhgbilbjgpeak [2015-12-27]
CHR Extension: (Webcam Toy) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default\Extensions\lfbgimoladefibpklnfmkpknadbklade [2015-12-27]
CHR Extension: (Chrome Web Store Payments) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-11-20]
CHR Extension: (Gmail) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-11-20]
CHR Profile: C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Profile 1
CHR Extension: (Google Docs) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\aohghmighlieiainnegkcijnfilokake [2016-02-13]
CHR Extension: (Google Drive) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\apdfllckaahabafndbhieahigkjlhalf [2016-02-13]
CHR Extension: (YouTube) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2016-02-13]
CHR Extension: (Adblock Plus) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2016-03-13]
CHR Extension: (Google Search) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2016-02-13]
CHR Extension: (Google Docs Offline) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2016-02-13]
CHR Extension: (Chrome Web Store Payments) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2016-02-13]
CHR Extension: (Gmail) - C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\Profile 1\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2016-02-13]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 AMD FUEL Service; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\Fuel.Service.exe [344064 2015-08-21] (Advanced Micro Devices, Inc.) [File not signed]
R2 available; C:\WINDOWS\plant.exe [14336 2015-12-24] (unique) [File not signed]
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2016-01-08] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2016-01-08] (Microsoft Corporation)
R2 Connectify; C:\Program Files (x86)\Connectify\ConnectifyService.exe [256568 2016-02-16] (Connectify)
S3 Origin Client Service; C:\Program Files (x86)\Origin\OriginClientService.exe [2104840 2015-12-08] (Electronic Arts)
S3 Realtek11nSU; C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtlService.exe [40960 2009-12-07] (Realtek) [File not signed]
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-08-09] (Synaptics Incorporated)
R2 ubiquitous; C:\WINDOWS\experience.exe [9728 2015-12-24] (gabby) [File not signed]
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-30] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-30] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 AODDriver4.3; C:\Program Files\ATI Technologies\ATI.ACE\Fuel\amd64\AODDriver2.sys [59616 2014-02-11] (Advanced Micro Devices)
R3 AtiHDAudioService; C:\Windows\system32\drivers\AtihdWT6.sys [102912 2015-08-24] (Advanced Micro Devices)
R1 cfywlan2; C:\Windows\system32\DRIVERS\cfywlan2.sys [46088 2016-02-24] (Connectify)
R1 cnnctfy4; C:\Windows\system32\DRIVERS\cnnctfy4.sys [53216 2016-02-24] (Connectify)
R3 netr28x; C:\Windows\system32\DRIVERS\netr28x.sys [2554528 2015-12-15] (MediaTek Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [589824 2015-10-30] (Realtek )
S3 rzjoystk; C:\Windows\System32\drivers\rzjoystk.sys [19968 2012-10-18] (Razer USA Ltd)
S3 RzSynapse; C:\Windows\System32\drivers\RzSynapse.sys [166400 2012-10-18] (Razer USA Ltd)
R3 tapklink; C:\Windows\System32\drivers\tapklink.sys [31232 2011-10-23] (Faveset LLC)
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-10-30] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [293216 2015-10-30] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-30] (Microsoft Corporation)

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-13 10:26 - 2016-03-13 10:27 - 00016066 _____ C:\Users\larry_1eh12qy\Desktop\FRST.txt
2016-03-13 10:26 - 2016-03-13 10:26 - 00000000 ____D C:\FRST
2016-03-13 10:26 - 2016-03-13 10:25 - 01725440 ____N (Farbar) C:\Users\larry_1eh12qy\Desktop\FRST.exe
2016-03-13 10:26 - 2016-03-13 10:24 - 02374144 ____N (Farbar) C:\Users\larry_1eh12qy\Desktop\FRST64.exe
2016-03-13 09:55 - 2016-03-13 09:56 - 01049200 _____ C:\TDSSKiller.3.1.0.9_13.03.2016_09.55.38_log.txt
2016-03-13 09:26 - 2016-03-13 09:27 - 01088106 _____ C:\TDSSKiller.3.1.0.9_13.03.2016_09.26.48_log.txt
2016-03-13 09:23 - 2016-03-13 09:25 - 02078790 _____ C:\TDSSKiller.3.1.0.9_13.03.2016_09.23.21_log.txt
2016-03-12 16:18 - 2016-03-12 18:57 - 00003168 _____ C:\TDSSKiller.3.1.0.9_12.03.2016_15.18.55_log.txt
2016-03-12 16:16 - 2016-03-12 16:17 - 00092280 _____ C:\TDSSKiller.3.1.0.9_12.03.2016_15.16.25_log.txt
2016-03-12 16:09 - 2016-03-12 16:09 - 00047674 _____ C:\TDSSKiller.3.1.0.9_12.03.2016_15.09.05_log.txt
2016-03-12 16:08 - 2016-03-12 16:08 - 00000000 ____D C:\ProgramData\Kaspersky Lab Setup Files
2016-03-12 16:07 - 2016-03-12 16:08 - 00047674 _____ C:\TDSSKiller.3.1.0.9_12.03.2016_15.07.49_log.txt
2016-03-12 16:07 - 2016-03-12 16:05 - 01907824 ____N (Kaspersky Lab) C:\Users\larry_1eh12qy\Desktop\kis16.0.0.614en_8204.exe
2016-03-12 16:06 - 2016-03-12 16:00 - 04727984 ____N (Kaspersky Lab ZAO) C:\Users\larry_1eh12qy\Desktop\tdsskiller.exe
2016-03-10 11:26 - 2016-02-24 05:51 - 07474528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2016-03-10 11:26 - 2016-02-24 02:40 - 01224704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2016-03-10 11:26 - 2016-02-24 02:07 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2016-03-10 11:26 - 2016-02-24 01:55 - 01996288 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2016-03-10 11:26 - 2016-02-24 01:34 - 01707520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2016-03-10 11:26 - 2016-02-24 01:20 - 22376960 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2016-03-10 11:25 - 2016-03-01 01:31 - 00848168 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2016-03-10 11:25 - 2016-03-01 01:22 - 00709688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2016-03-10 11:25 - 2016-02-24 05:52 - 01997328 _____ (Microsoft Corporation) C:\WINDOWS\system32\KernelBase.dll
2016-03-10 11:25 - 2016-02-24 05:48 - 00713568 _____ (Microsoft Corporation) C:\WINDOWS\system32\invagent.dll
2016-03-10 11:25 - 2016-02-24 05:47 - 01173344 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeinv.dll
2016-03-10 11:25 - 2016-02-24 05:40 - 00513888 _____ (Microsoft Corporation) C:\WINDOWS\system32\devinv.dll
2016-03-10 11:25 - 2016-02-24 05:34 - 01613664 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2016-03-10 11:25 - 2016-02-24 05:28 - 03449168 _____ (Microsoft Corporation) C:\WINDOWS\system32\WSService.dll
2016-03-10 11:25 - 2016-02-24 05:15 - 01557768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\KernelBase.dll
2016-03-10 11:25 - 2016-02-24 04:58 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2016-03-10 11:25 - 2016-02-24 04:54 - 00127840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBSTOR.SYS
2016-03-10 11:25 - 2016-02-24 04:51 - 01322248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ole32.dll
2016-03-10 11:25 - 2016-02-24 04:50 - 00808800 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2016-03-10 11:25 - 2016-02-24 04:46 - 06607080 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2016-03-10 11:25 - 2016-02-24 04:43 - 00625000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2016-03-10 11:25 - 2016-02-24 04:39 - 00358752 _____ (Microsoft Corporation) C:\WINDOWS\system32\msv1_0.dll
2016-03-10 11:25 - 2016-02-24 04:39 - 00141560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthHost.exe
2016-03-10 11:25 - 2016-02-24 04:19 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2016-03-10 11:25 - 2016-02-24 04:14 - 00216416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2016-03-10 11:25 - 2016-02-24 04:11 - 01997152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2016-03-10 11:25 - 2016-02-24 04:11 - 00957608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ole32.dll
2016-03-10 11:25 - 2016-02-24 04:11 - 00703840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2016-03-10 11:25 - 2016-02-24 04:11 - 00652392 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2016-03-10 11:25 - 2016-02-24 04:11 - 00394080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2016-03-10 11:25 - 2016-02-24 04:11 - 00258280 _____ (Microsoft Corporation) C:\WINDOWS\system32\sqmapi.dll
2016-03-10 11:25 - 2016-02-24 04:10 - 00630632 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2016-03-10 11:25 - 2016-02-24 04:10 - 00576864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2016-03-10 11:25 - 2016-02-24 04:09 - 00640472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2016-03-10 11:25 - 2016-02-24 04:09 - 00147808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wermgr.exe
2016-03-10 11:25 - 2016-02-24 04:06 - 05242496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2016-03-10 11:25 - 2016-02-24 03:59 - 00294752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msv1_0.dll
2016-03-10 11:25 - 2016-02-24 03:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTypeHelperUtil.dll
2016-03-10 11:25 - 2016-02-24 03:39 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExtrasXmlParser.dll
2016-03-10 11:25 - 2016-02-24 03:38 - 00187744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2016-03-10 11:25 - 2016-02-24 03:38 - 00111616 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataTimeUtil.dll
2016-03-10 11:25 - 2016-02-24 03:37 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataLanguageUtil.dll
2016-03-10 11:25 - 2016-02-24 03:36 - 00060416 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenanceClient.dll
2016-03-10 11:25 - 2016-02-24 03:35 - 00540752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2016-03-10 11:25 - 2016-02-24 03:35 - 00523752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2016-03-10 11:25 - 2016-02-24 03:35 - 00220064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sqmapi.dll
2016-03-10 11:25 - 2016-02-24 03:35 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2016-03-10 11:25 - 2016-02-24 03:33 - 00538736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wer.dll
2016-03-10 11:25 - 2016-02-24 03:33 - 00141664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wermgr.exe
2016-03-10 11:25 - 2016-02-24 03:31 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontsub.dll
2016-03-10 11:25 - 2016-02-24 03:30 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfapigp.dll
2016-03-10 11:25 - 2016-02-24 03:28 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\POSyncServices.dll
2016-03-10 11:25 - 2016-02-24 03:23 - 00112640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthenum.sys
2016-03-10 11:25 - 2016-02-24 03:23 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\asycfilt.dll
2016-03-10 11:25 - 2016-02-24 03:23 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataPlatformHelperUtil.dll
2016-03-10 11:25 - 2016-02-24 03:22 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2016-03-10 11:25 - 2016-02-24 03:20 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\system32\VCardParser.dll
2016-03-10 11:25 - 2016-02-24 03:20 - 00167936 _____ (Microsoft Corporation) C:\WINDOWS\system32\dafBth.dll
2016-03-10 11:25 - 2016-02-24 03:20 - 00087552 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2016-03-10 11:25 - 2016-02-24 03:19 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2016-03-10 11:25 - 2016-02-24 03:19 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\seclogon.dll
2016-03-10 11:25 - 2016-02-24 03:15 - 00365568 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2016-03-10 11:25 - 2016-02-24 03:14 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExSMime.dll
2016-03-10 11:25 - 2016-02-24 03:13 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentActivation.dll
2016-03-10 11:25 - 2016-02-24 03:12 - 00243712 _____ (Microsoft Corporation) C:\WINDOWS\system32\cemapi.dll
2016-03-10 11:25 - 2016-02-24 03:12 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2016-03-10 11:25 - 2016-02-24 03:10 - 00093184 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpninprc.dll
2016-03-10 11:25 - 2016-02-24 03:09 - 00258560 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2016-03-10 11:25 - 2016-02-24 03:09 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSip.dll
2016-03-10 11:25 - 2016-02-24 03:07 - 00252928 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2016-03-10 11:25 - 2016-02-24 03:05 - 00208896 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2016-03-10 11:25 - 2016-02-24 03:03 - 00088576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\olepro32.dll
2016-03-10 11:25 - 2016-02-24 03:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2016-03-10 11:25 - 2016-02-24 03:01 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2016-03-10 11:25 - 2016-02-24 03:01 - 00146432 _____ (Microsoft Corporation) C:\WINDOWS\system32\AuthBroker.dll
2016-03-10 11:25 - 2016-02-24 03:01 - 00067584 _____ (Microsoft Corporation) C:\WINDOWS\system32\profext.dll
2016-03-10 11:25 - 2016-02-24 03:00 - 00214528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Scanners.dll
2016-03-10 11:25 - 2016-02-24 02:59 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2016-03-10 11:25 - 2016-02-24 02:59 - 00360448 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultsvc.dll
2016-03-10 11:25 - 2016-02-24 02:59 - 00318976 _____ (Microsoft Corporation) C:\WINDOWS\system32\domgmt.dll
2016-03-10 11:25 - 2016-02-24 02:58 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\scapi.dll
2016-03-10 11:25 - 2016-02-24 02:55 - 00790528 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2016-03-10 11:25 - 2016-02-24 02:55 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PackageStateRoaming.dll
2016-03-10 11:25 - 2016-02-24 02:55 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExtrasXmlParser.dll
2016-03-10 11:25 - 2016-02-24 02:54 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\FirewallAPI.dll
2016-03-10 11:25 - 2016-02-24 02:54 - 00288768 _____ (Microsoft Corporation) C:\WINDOWS\system32\vaultcli.dll
2016-03-10 11:25 - 2016-02-24 02:54 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsqmcons.exe
2016-03-10 11:25 - 2016-02-24 02:54 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTypeHelperUtil.dll
2016-03-10 11:25 - 2016-02-24 02:53 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataTimeUtil.dll
2016-03-10 11:25 - 2016-02-24 02:53 - 00037888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataLanguageUtil.dll
2016-03-10 11:25 - 2016-02-24 02:52 - 00451584 _____ (Microsoft Corporation) C:\WINDOWS\system32\werui.dll
2016-03-10 11:25 - 2016-02-24 02:52 - 00048128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PimIndexMaintenanceClient.dll
2016-03-10 11:25 - 2016-02-24 02:51 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2016-03-10 11:25 - 2016-02-24 02:49 - 00726528 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2016-03-10 11:25 - 2016-02-24 02:47 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontsub.dll
2016-03-10 11:25 - 2016-02-24 02:46 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wfapigp.dll
2016-03-10 11:25 - 2016-02-24 02:44 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2016-03-10 11:25 - 2016-02-24 02:44 - 00915456 _____ (Microsoft Corporation) C:\WINDOWS\system32\configurationclient.dll
2016-03-10 11:25 - 2016-02-24 02:44 - 00700416 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2016-03-10 11:25 - 2016-02-24 02:44 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\POSyncServices.dll
2016-03-10 11:25 - 2016-02-24 02:43 - 00957952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2016-03-10 11:25 - 2016-02-24 02:43 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2016-03-10 11:25 - 2016-02-24 02:42 - 00954368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthport.sys
2016-03-10 11:25 - 2016-02-24 02:42 - 00084992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BTHUSB.SYS
2016-03-10 11:25 - 2016-02-24 02:41 - 00982016 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxPackaging.dll
2016-03-10 11:25 - 2016-02-24 02:41 - 00436736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2016-03-10 11:25 - 2016-02-24 02:40 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\asycfilt.dll
2016-03-10 11:25 - 2016-02-24 02:40 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataPlatformHelperUtil.dll
2016-03-10 11:25 - 2016-02-24 02:39 - 01390592 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2016-03-10 11:25 - 2016-02-24 02:39 - 00164864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2016-03-10 11:25 - 2016-02-24 02:38 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VCardParser.dll
2016-03-10 11:25 - 2016-02-24 02:36 - 01847808 _____ (Microsoft Corporation) C:\WINDOWS\system32\WMPDMC.exe
2016-03-10 11:25 - 2016-02-24 02:34 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2016-03-10 11:25 - 2016-02-24 02:34 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2016-03-10 11:25 - 2016-02-24 02:32 - 00223744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExSMime.dll
2016-03-10 11:25 - 2016-02-24 02:32 - 00098304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentActivation.dll
2016-03-10 11:25 - 2016-02-24 02:31 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cemapi.dll
2016-03-10 11:25 - 2016-02-24 02:31 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2016-03-10 11:25 - 2016-02-24 02:28 - 00870912 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2016-03-10 11:25 - 2016-02-24 02:28 - 00196608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2016-03-10 11:25 - 2016-02-24 02:28 - 00135168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxSip.dll
2016-03-10 11:25 - 2016-02-24 02:25 - 00401408 _____ (Microsoft Corporation) C:\WINDOWS\system32\sharemediacpl.dll
2016-03-10 11:25 - 2016-02-24 02:23 - 00129024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll

cluelessattech · Mar 13, 2016

2016-03-10 11:25 - 2016-02-24 02:22 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\profext.dll
2016-03-10 11:25 - 2016-02-24 02:21 - 00315904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2016-03-10 11:25 - 2016-02-24 02:21 - 00168448 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Scanners.dll
2016-03-10 11:25 - 2016-02-24 02:18 - 01490432 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2016-03-10 11:25 - 2016-02-24 02:18 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2016-03-10 11:25 - 2016-02-24 02:18 - 00184832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PackageStateRoaming.dll
2016-03-10 11:25 - 2016-02-24 02:17 - 00369664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\FirewallAPI.dll
2016-03-10 11:25 - 2016-02-24 02:16 - 00394752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\werui.dll
2016-03-10 11:25 - 2016-02-24 02:13 - 00540160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2016-03-10 11:25 - 2016-02-24 02:11 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2016-03-10 11:25 - 2016-02-24 02:09 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2016-03-10 11:25 - 2016-02-24 02:09 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2016-03-10 11:25 - 2016-02-24 02:09 - 00552960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2016-03-10 11:25 - 2016-02-24 02:09 - 00228352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2016-03-10 11:25 - 2016-02-24 02:07 - 00890368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxPackaging.dll
2016-03-10 11:25 - 2016-02-24 02:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2016-03-10 11:25 - 2016-02-24 02:04 - 01497088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WMPDMC.exe
2016-03-10 11:25 - 2016-02-24 02:03 - 00769536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2016-03-10 11:25 - 2016-02-24 02:01 - 01831936 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2016-03-10 11:25 - 2016-02-24 02:00 - 02273792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2016-03-10 11:25 - 2016-02-24 02:00 - 01098752 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2016-03-10 11:25 - 2016-02-24 01:57 - 02158592 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2016-03-10 11:25 - 2016-02-24 01:43 - 00184320 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwbase.dll
2016-03-10 11:25 - 2016-02-24 01:22 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwbase.dll
2016-03-10 11:25 - 2016-02-24 01:18 - 18677760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2016-03-10 11:25 - 2016-02-24 01:12 - 19339776 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2016-03-10 11:25 - 2016-02-24 01:12 - 05321728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Data.Pdf.dll
2016-03-10 11:25 - 2016-02-24 01:10 - 24600576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2016-03-10 11:25 - 2016-02-24 01:09 - 06972416 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Data.Pdf.dll
2016-03-10 11:25 - 2016-02-24 01:05 - 12586496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2016-03-10 11:25 - 2016-02-24 01:03 - 14252544 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2016-03-10 11:25 - 2016-02-24 00:59 - 05661696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2016-03-10 11:25 - 2016-02-24 00:55 - 07835648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2016-03-08 08:42 - 2016-02-23 07:27 - 02654872 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2016-03-08 08:42 - 2016-02-23 07:25 - 01818696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2016-03-08 08:42 - 2016-02-23 06:34 - 01859960 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2016-03-08 08:42 - 2016-02-23 06:34 - 01542816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2016-03-08 08:42 - 2016-02-23 06:32 - 08705672 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2016-03-08 08:42 - 2016-02-23 06:32 - 01062480 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2016-03-08 08:42 - 2016-02-23 06:32 - 00369912 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiodg.exe
2016-03-08 08:42 - 2016-02-23 06:31 - 00536256 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2016-03-08 08:42 - 2016-02-23 06:31 - 00408120 _____ (Microsoft Corporation) C:\WINDOWS\system32\AUDIOKSE.dll
2016-03-08 08:42 - 2016-02-23 06:21 - 22564328 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2016-03-08 08:42 - 2016-02-23 05:45 - 02773096 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2016-03-08 08:42 - 2016-02-23 05:38 - 06952088 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2016-03-08 08:42 - 2016-02-23 05:30 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2016-03-08 08:42 - 2016-02-23 05:27 - 21124344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2016-03-08 08:42 - 2016-02-23 04:58 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2016-03-08 08:42 - 2016-02-23 04:58 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2016-03-08 08:42 - 2016-02-23 04:56 - 02186864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2016-03-08 08:42 - 2016-02-23 04:37 - 00617984 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2016-03-08 08:42 - 2016-02-23 04:29 - 00591872 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsRouterSvc.dll
2016-03-08 08:42 - 2016-02-23 04:28 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2016-03-08 08:42 - 2016-02-23 04:09 - 01054208 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2016-03-08 08:42 - 2016-02-23 04:06 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2016-03-08 08:42 - 2016-02-23 04:06 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2016-03-08 08:42 - 2016-02-23 04:02 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2016-03-08 08:42 - 2016-02-23 04:00 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2016-03-08 08:42 - 2016-02-23 03:58 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2016-03-08 08:42 - 2016-02-23 03:52 - 00456704 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipnathlp.dll
2016-03-08 08:42 - 2016-02-23 03:30 - 01731584 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2016-03-08 08:42 - 2016-02-23 03:24 - 02755584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2016-03-08 08:42 - 2016-02-23 03:22 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2016-03-08 08:42 - 2016-02-23 03:21 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2016-03-08 08:42 - 2016-02-23 03:17 - 02635264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2016-03-08 08:42 - 2016-02-23 02:59 - 01500672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2016-03-08 08:42 - 2016-02-23 02:55 - 04894208 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2016-03-08 08:42 - 2016-02-23 02:55 - 02229760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2016-03-08 08:42 - 2016-02-23 02:52 - 11545600 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2016-03-08 08:42 - 2016-02-23 02:50 - 09919488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2016-03-08 08:42 - 2016-02-23 02:39 - 13382656 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2016-03-08 08:42 - 2016-02-23 02:39 - 02581504 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2016-03-08 08:42 - 2016-02-23 02:36 - 12125696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2016-03-08 08:42 - 2016-02-23 02:36 - 03666432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2016-03-08 08:42 - 2016-02-23 02:30 - 02061312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2016-03-08 08:42 - 2016-02-08 23:24 - 00641536 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2016-03-08 08:42 - 2016-02-08 23:07 - 01626624 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2016-03-08 08:42 - 2016-02-08 23:04 - 01946624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2016-03-08 08:41 - 2016-02-23 07:29 - 01030416 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2016-03-08 08:41 - 2016-02-23 07:29 - 00874968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2016-03-08 08:41 - 2016-02-23 07:27 - 01317640 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2016-03-08 08:41 - 2016-02-23 07:27 - 01141504 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2016-03-08 08:41 - 2016-02-23 07:25 - 02152288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2016-03-08 08:41 - 2016-02-23 07:25 - 00563552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2016-03-08 08:41 - 2016-02-23 07:15 - 00779384 _____ (Microsoft Corporation) C:\WINDOWS\system32\taskschd.dll
2016-03-08 08:41 - 2016-02-23 07:08 - 00989536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2016-03-08 08:41 - 2016-02-23 06:33 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2016-03-08 08:41 - 2016-02-23 06:33 - 00389992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanapi.dll
2016-03-08 08:41 - 2016-02-23 06:32 - 02544264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2016-03-08 08:41 - 2016-02-23 06:32 - 01152328 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2016-03-08 08:41 - 2016-02-23 06:32 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2016-03-08 08:41 - 2016-02-23 06:31 - 01017032 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2016-03-08 08:41 - 2016-02-23 06:31 - 00819648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2016-03-08 08:41 - 2016-02-23 06:31 - 00476728 _____ (Microsoft Corporation) C:\WINDOWS\system32\msvproc.dll
2016-03-08 08:41 - 2016-02-23 06:25 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2016-03-08 08:41 - 2016-02-23 06:22 - 00572272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\taskschd.dll
2016-03-08 08:41 - 2016-02-23 06:17 - 00146272 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\appid.sys
2016-03-08 08:41 - 2016-02-23 05:40 - 00430944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb.sys
2016-03-08 08:41 - 2016-02-23 05:39 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2016-03-08 08:41 - 2016-02-23 05:38 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2016-03-08 08:41 - 2016-02-23 05:38 - 00980352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2016-03-08 08:41 - 2016-02-23 05:38 - 00895080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2016-03-08 08:41 - 2016-02-23 05:38 - 00882720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2016-03-08 08:41 - 2016-02-23 05:38 - 00450912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2016-03-08 08:41 - 2016-02-23 05:38 - 00420928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvproc.dll
2016-03-08 08:41 - 2016-02-23 05:37 - 00713824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2016-03-08 08:41 - 2016-02-23 05:32 - 00791744 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2016-03-08 08:41 - 2016-02-23 05:27 - 00376536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.MediaControl.dll
2016-03-08 08:41 - 2016-02-23 05:25 - 00534368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2016-03-08 08:41 - 2016-02-23 05:20 - 01139712 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblGameSave.dll
2016-03-08 08:41 - 2016-02-23 05:20 - 00238592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xboxgip.sys
2016-03-08 08:41 - 2016-02-23 05:19 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2016-03-08 08:41 - 2016-02-23 05:17 - 00649216 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2016-03-08 08:41 - 2016-02-23 05:12 - 00077824 _____ (Microsoft Corporation) C:\WINDOWS\system32\provpackageapidll.dll
2016-03-08 08:41 - 2016-02-23 05:10 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2016-03-08 08:41 - 2016-02-23 05:07 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LaunchWinApp.exe
2016-03-08 08:41 - 2016-02-23 05:07 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2016-03-08 08:41 - 2016-02-23 05:06 - 00129536 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2016-03-08 08:41 - 2016-02-23 05:01 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasl2tp.sys
2016-03-08 08:41 - 2016-02-23 05:00 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2016-03-08 08:41 - 2016-02-23 05:00 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\system32\wfdprov.dll
2016-03-08 08:41 - 2016-02-23 04:58 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2016-03-08 08:41 - 2016-02-23 04:57 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2016-03-08 08:41 - 2016-02-23 04:55 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bridge.sys
2016-03-08 08:41 - 2016-02-23 04:53 - 00115712 _____ (Microsoft Corporation) C:\WINDOWS\system32\srpapi.dll
2016-03-08 08:41 - 2016-02-23 04:53 - 00099328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2016-03-08 08:41 - 2016-02-23 04:52 - 00087040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2016-03-08 08:41 - 2016-02-23 04:51 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rfcomm.sys
2016-03-08 08:41 - 2016-02-23 04:50 - 00159232 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2016-03-08 08:41 - 2016-02-23 04:48 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppCapture.dll
2016-03-08 08:41 - 2016-02-23 04:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerClient.dll
2016-03-08 08:41 - 2016-02-23 04:40 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\SMSRouter.dll
2016-03-08 08:41 - 2016-02-23 04:39 - 00178176 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2016-03-08 08:41 - 2016-02-23 04:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2016-03-08 08:41 - 2016-02-23 04:38 - 00287712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.MediaControl.dll
2016-03-08 08:41 - 2016-02-23 04:37 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2016-03-08 08:41 - 2016-02-23 04:37 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2016-03-08 08:41 - 2016-02-23 04:36 - 00216576 _____ (Microsoft Corporation) C:\WINDOWS\system32\QuickActionsDataModel.dll
2016-03-08 08:41 - 2016-02-23 04:34 - 00305664 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifiprofilessettinghandler.dll
2016-03-08 08:41 - 2016-02-23 04:34 - 00189952 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiDisplay.dll
2016-03-08 08:41 - 2016-02-23 04:33 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2016-03-08 08:41 - 2016-02-23 04:32 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2016-03-08 08:41 - 2016-02-23 04:31 - 00463360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansec.dll
2016-03-08 08:41 - 2016-02-23 04:27 - 00307712 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbmon.dll
2016-03-08 08:41 - 2016-02-23 04:26 - 00372224 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2016-03-08 08:41 - 2016-02-23 04:23 - 00412672 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanmsm.dll
2016-03-08 08:41 - 2016-02-23 04:22 - 00567808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2016-03-08 08:41 - 2016-02-23 04:20 - 00847360 _____ (Microsoft Corporation) C:\WINDOWS\system32\netlogon.dll
2016-03-08 08:41 - 2016-02-23 04:20 - 00606720 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2016-03-08 08:41 - 2016-02-23 04:20 - 00493568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2016-03-08 08:41 - 2016-02-23 04:20 - 00330240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-08 08:41 - 2016-02-23 04:19 - 00948736 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2016-03-08 08:41 - 2016-02-23 04:19 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\winspool.drv
2016-03-08 08:41 - 2016-02-23 04:18 - 00557056 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2016-03-08 08:41 - 2016-02-23 04:14 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.AccountsControl.dll
2016-03-08 08:41 - 2016-02-23 04:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LaunchWinApp.exe
2016-03-08 08:41 - 2016-02-23 04:12 - 00852480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2016-03-08 08:41 - 2016-02-23 04:11 - 00587776 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2016-03-08 08:41 - 2016-02-23 04:10 - 00997376 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2016-03-08 08:41 - 2016-02-23 04:10 - 00474624 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupShim.dll
2016-03-08 08:41 - 2016-02-23 04:09 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2016-03-08 08:41 - 2016-02-23 04:09 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2016-03-08 08:41 - 2016-02-23 04:06 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2016-03-08 08:41 - 2016-02-23 04:05 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2016-03-08 08:41 - 2016-02-23 04:04 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2016-03-08 08:41 - 2016-02-23 04:04 - 00673792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2016-03-08 08:41 - 2016-02-23 04:04 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2016-03-08 08:41 - 2016-02-23 04:02 - 00755712 _____ (Microsoft Corporation) C:\WINDOWS\system32\spoolsv.exe
2016-03-08 08:41 - 2016-02-23 04:02 - 00285696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mrxsmb10.sys
2016-03-08 08:41 - 2016-02-23 03:58 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2016-03-08 08:41 - 2016-02-23 03:58 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeBrokerServer.dll
2016-03-08 08:41 - 2016-02-23 03:58 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2016-03-08 08:41 - 2016-02-23 03:57 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TimeBrokerClient.dll
2016-03-08 08:41 - 2016-02-23 03:50 - 00266752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2016-03-08 08:41 - 2016-02-23 03:49 - 00200704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2016-03-08 08:41 - 2016-02-23 03:48 - 00838144 _____ (Microsoft Corporation) C:\WINDOWS\system32\uDWM.dll
2016-03-08 08:41 - 2016-02-23 03:47 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WiFiDisplay.dll
2016-03-08 08:41 - 2016-02-23 03:38 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2016-03-08 08:41 - 2016-02-23 03:37 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\system32\localspl.dll
2016-03-08 08:41 - 2016-02-23 03:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSync.dll
2016-03-08 08:41 - 2016-02-23 03:36 - 00713728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netlogon.dll
2016-03-08 08:41 - 2016-02-23 03:36 - 00379392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2016-03-08 08:41 - 2016-02-23 03:36 - 00250880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2016-03-08 08:41 - 2016-02-23 03:35 - 00400896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winspool.drv
2016-03-08 08:41 - 2016-02-23 03:31 - 00585216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.AccountsControl.dll
2016-03-08 08:41 - 2016-02-23 03:30 - 00646656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2016-03-08 08:41 - 2016-02-23 03:29 - 00349696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupShim.dll
2016-03-08 08:41 - 2016-02-23 03:28 - 00555520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncController.dll
2016-03-08 08:41 - 2016-02-23 03:28 - 00256512 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2016-03-08 08:41 - 2016-02-23 03:24 - 04827136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2016-03-08 08:41 - 2016-02-23 03:24 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2016-03-08 08:41 - 2016-02-23 03:24 - 00489984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2016-03-08 08:41 - 2016-02-23 03:21 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2016-03-08 08:41 - 2016-02-23 03:20 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2016-03-08 08:41 - 2016-02-23 03:14 - 00990720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncCore.dll
2016-03-08 08:41 - 2016-02-23 03:11 - 01390080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2016-03-08 08:41 - 2016-02-23 03:05 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSync.dll
2016-03-08 08:41 - 2016-02-23 03:01 - 02295808 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2016-03-08 08:41 - 2016-02-23 02:58 - 00450560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SyncController.dll
2016-03-08 08:41 - 2016-02-23 02:56 - 04412928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2016-03-08 08:41 - 2016-02-23 02:53 - 01799168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2016-03-08 08:41 - 2016-02-23 02:51 - 00754176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncCore.dll
2016-03-08 08:41 - 2016-02-23 02:42 - 03425792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2016-03-08 08:41 - 2016-02-23 02:41 - 02912256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CertEnroll.dll
2016-03-08 08:41 - 2016-02-23 02:35 - 07533568 _____ (Microsoft Corporation) C:\WINDOWS\system32\mstscax.dll
2016-03-08 08:41 - 2016-02-23 02:33 - 02604032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CertEnroll.dll
2016-03-08 08:41 - 2016-02-23 02:32 - 02793472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2016-03-08 08:41 - 2016-02-23 02:28 - 06740992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mstscax.dll
2016-03-08 08:41 - 2016-02-09 00:28 - 00277856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2016-03-08 08:41 - 2016-02-09 00:13 - 00185184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dumpsd.sys
2016-03-08 08:41 - 2016-02-08 23:18 - 00297472 _____ (Microsoft Corporation) C:\WINDOWS\system32\thumbcache.dll
2016-03-08 08:41 - 2016-02-08 23:18 - 00237056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\thumbcache.dll
2016-03-08 08:41 - 2016-02-08 23:07 - 00086016 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2016-02-24 06:35 - 2016-03-08 16:05 - 00000259 _____ C:\Users\larry_1eh12qy\AppData\Local\kclientgui.ini
2016-02-24 06:32 - 2016-02-24 06:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Faveset Klink
2016-02-24 05:59 - 2016-03-08 08:18 - 00000000 ____D C:\Program Files (x86)\Connectify
2016-02-24 05:59 - 2016-02-24 05:59 - 00053216 _____ (Connectify) C:\WINDOWS\system32\Drivers\cnnctfy4.sys
2016-02-24 05:59 - 2016-02-24 05:59 - 00046088 _____ (Connectify) C:\WINDOWS\system32\Drivers\cfywlan2.sys
2016-02-24 05:59 - 2016-02-24 05:59 - 00000362 _____ C:\Users\Public\Desktop\Connectify Hotspot 2016.lnk
2016-02-24 05:59 - 2016-02-24 05:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Connectify 2016
2016-02-24 05:57 - 2016-02-24 06:01 - 00000000 ____D C:\ProgramData\Connectify
2016-02-19 19:02 - 2016-02-19 19:02 - 00000000 ____D C:\WINDOWS\system32\log
2016-02-19 18:57 - 2016-02-21 22:33 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2016-02-19 18:57 - 2016-02-19 19:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2016-02-19 18:57 - 2016-02-19 18:57 - 00000000 ____D C:\Users\larry_1eh12qy\AppData\Roaming\SUPERAntiSpyware.com
2016-02-19 18:57 - 2016-02-19 18:57 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2016-02-19 18:56 - 2016-02-19 18:57 - 00000000 ____D C:\ProgramData\SUPERSetup
2016-02-19 18:51 - 2016-02-19 18:51 - 00000000 ____D C:\ProgramData\Lavasoft
2016-02-19 18:42 - 2016-02-19 18:47 - 00000000 ____D C:\AdwCleaner
2016-02-19 18:35 - 2016-03-08 08:29 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2016-02-19 18:35 - 2016-02-19 18:35 - 00000000 ____D C:\ProgramData\Malwarebytes
2016-02-19 18:35 - 2015-06-18 09:42 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2016-02-19 18:35 - 2015-06-18 09:41 - 00109272 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2016-02-19 18:35 - 2015-06-18 09:41 - 00025816 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mbam.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2016-03-13 10:28 - 2015-12-24 12:54 - 00003776 _____ C:\WINDOWS\System32\Tasks\7415287741528774152877415287
2016-03-13 10:28 - 2015-12-24 12:53 - 00004390 _____ C:\WINDOWS\System32\Tasks\323303
2016-03-13 10:28 - 2015-12-24 12:53 - 00003894 _____ C:\WINDOWS\System32\Tasks\Grapyy30404831Updates
2016-03-13 10:28 - 2015-12-24 12:53 - 00003758 _____ C:\WINDOWS\System32\Tasks\MySyy30404831ytemy
2016-03-13 10:25 - 2015-09-23 01:10 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2016-03-13 09:21 - 2015-12-24 12:53 - 00003928 _____ C:\WINDOWS\System32\Tasks\dRq4q9uI8vnbNCeMvqae-ni-2015-12-24-ni-11426
2016-03-13 09:21 - 2015-09-23 01:10 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2016-03-12 23:02 - 2016-01-27 20:57 - 00000000 ____D C:\Users\larry_1eh12qy\AppData\Roaming\vlc
2016-03-12 22:17 - 2015-11-22 20:04 - 00000000 ____D C:\Users\larry_1eh12qy\AppData\Roaming\uTorrent
2016-03-12 16:24 - 2015-10-30 03:21 - 00000000 ____D C:\WINDOWS\INF
2016-03-12 16:24 - 2015-08-24 16:46 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2016-03-12 16:18 - 2015-12-18 05:48 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2016-03-12 16:17 - 2015-12-18 05:34 - 00000000 ____D C:\Users\larry_1eh12qy
2016-03-12 16:17 - 2015-10-30 02:28 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2016-03-12 15:15 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\NDF
2016-03-11 07:07 - 2015-10-30 03:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2016-03-11 06:51 - 2015-12-18 05:23 - 00194392 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2016-03-10 23:13 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Portable Devices
2016-03-10 23:13 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2016-03-10 23:13 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2016-03-10 23:13 - 2015-10-30 03:24 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2016-03-10 13:54 - 2015-10-30 03:24 - 00000000 ___HD C:\Program Files\WindowsApps
2016-03-10 13:54 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2016-03-10 12:19 - 2015-08-24 16:31 - 00000000 ____D C:\WINDOWS\system32\MRT
2016-03-10 12:12 - 2015-08-24 16:31 - 143659408 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2016-03-09 15:43 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\rescache
2016-03-09 10:08 - 2015-08-24 16:44 - 00000000 __RHD C:\Users\Public\AccountPictures
2016-03-08 22:11 - 2015-10-30 05:07 - 00000000 ____D C:\Program Files\Windows Journal
2016-03-08 22:11 - 2015-10-30 03:24 - 00000000 __RSD C:\WINDOWS\Media
2016-03-08 22:11 - 2015-10-30 03:24 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2016-03-08 22:11 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2016-03-08 22:11 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2016-03-08 22:11 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2016-03-08 22:11 - 2015-10-30 03:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2016-03-08 22:11 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2016-03-08 22:11 - 2015-10-30 02:28 - 00000000 ____D C:\WINDOWS\system32\Dism
2016-03-08 08:16 - 2015-12-26 14:54 - 00000000 ____D C:\Users\larry_1eh12qy\Desktop\netsh winsock
2016-03-08 03:12 - 2015-10-30 03:26 - 00829944 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2016-03-08 03:12 - 2015-10-30 03:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2016-02-24 06:32 - 2015-12-26 16:20 - 00000000 ____D C:\Program Files (x86)\Faveset Klink
2016-02-19 19:43 - 2015-12-25 13:34 - 00000000 ____D C:\Users\larry_1eh12qy\AppData\Local\ElevatedDiagnostics

==================== Files in the root of some directories =======

2015-12-24 12:53 - 2015-12-24 12:53 - 0000105 _____ () C:\Users\larry_1eh12qy\AppData\Local\dottmpfile.txt
2015-12-07 17:34 - 2015-12-07 17:34 - 0006144 _____ () C:\Users\larry_1eh12qy\AppData\Local\installer.exe
2015-12-07 17:33 - 2015-12-07 17:33 - 0006656 _____ () C:\Users\larry_1eh12qy\AppData\Local\installer4.exe
2016-02-24 06:35 - 2016-03-08 16:05 - 0000259 _____ () C:\Users\larry_1eh12qy\AppData\Local\kclientgui.ini
2015-12-24 12:54 - 2015-12-24 12:54 - 0009216 _____ () C:\Users\larry_1eh12qy\AppData\Local\ssvtum.dll
2015-09-10 09:09 - 2015-09-10 09:09 - 0008192 _____ () C:\Users\larry_1eh12qy\AppData\Local\uid.exe
2015-12-24 12:54 - 2015-12-24 12:54 - 0002560 _____ () C:\Users\larry_1eh12qy\AppData\Local\uninstall.exe
2016-01-28 12:20 - 2016-01-28 12:20 - 0000000 _____ () C:\Users\larry_1eh12qy\AppData\Local\{628E9A90-D837-4CE0-B6DA-07F9DA229B97}

Some files in TEMP:
====================
C:\Users\larry_1eh12qy\AppData\Local\Temp\Itibiti_Knctr_B.exe
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-1020526785118851535.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-1223979087214327545.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-1230812745112482316.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-1246294788239447190.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-1888753946353830001.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-1893216377472679030.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-2174862706027185179.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-2283189516030525188.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-2312172728059121534.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-2312517355947249936.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-242391870255344543.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-2551983414630660747.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-2610880089216016376.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-2823586274090295869.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-2863875674562482333.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-2908943129615594670.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-3275712719321877991.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-339110380064278922.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-3481312262060561369.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-3660106422282645548.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-3705080976752011925.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-3727819466019224505.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-3806098666734293036.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-3823312952274554668.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-3894556283587387879.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-4068683026543677142.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-4076160001768451542.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-4281042919945232816.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-4591230834461573255.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-4594866576185114302.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-4759654105338808129.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-485398797307149162.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-4925560125939283261.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-4940698769028960810.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-5076005922461694992.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-5324316138648762057.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-5827410316135351893.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-584009249351926513.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-5946220892514439673.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-5967680494571406520.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-5991640357317564144.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-608298911388312974.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-6145404541020269889.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-6160601731871429599.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-650591102151427942.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-7290588060891311648.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-731236903462320143.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-7879632270764570870.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-7963138180499695993.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-7976498451850820844.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-8082161101256601041.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-8348592608537916130.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-8433009115979821328.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-8561884633025111545.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-8770060438814860435.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-8876551432107439112.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-9025043759113718247.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\jansi-32-9117547714569922187.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\MediaPlayer__11426_il4692.exe
C:\Users\larry_1eh12qy\AppData\Local\Temp\msconfig.exe
C:\Users\larry_1eh12qy\AppData\Local\Temp\sqlite3.dll
C:\Users\larry_1eh12qy\AppData\Local\Temp\Uninstall.exe

==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed

LastRegBack: 2016-03-12 15:56

==================== End of FRST.txt ===========================

Broni · Mar 13, 2016

Welcome aboard

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.
If you're stuck, or you're not sure about certain step, always ask before doing anything else.
Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.
Never run more than one scan at a time.
Keep updating me regarding your computer behavior, good, or bad.
The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.
If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.
I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

==================================

You're not saying what your computer issues are.

I still need Addition.txt log from FRST.

cluelessattech · Mar 14, 2016

Well I have some kind of virus that plays audio ads constantly, and the virus apparently stops me from accessing some of the websites for things like tdsskiller. I had to download it on my phone and copy it into the computer. So links on here don't work for me, I have to google things on my phone and download them and copy them to the computer. I use my phone to put internet on my computer. I'll copy and paste the other things now too.

cluelessattech · Mar 14, 2016

Additional scan result of Farbar Recovery Scan Tool (x64) Version:05-03-2016 01
Ran by larry_1eh12qy (2016-03-13 10:28:42)
Running from C:\Users\larry_1eh12qy\Desktop
Windows 10 Pro Version 1511 (X64) (2015-12-18 09:56:48)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-1290549310-2546065428-2348837155-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-1290549310-2546065428-2348837155-503 - Limited - Disabled)
Guest (S-1-5-21-1290549310-2546065428-2348837155-501 - Limited - Disabled)
larry_1eh12qy (S-1-5-21-1290549310-2546065428-2348837155-1006 - Administrator - Enabled) => C:\Users\larry_1eh12qy

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Disabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

µTorrent (HKU\S-1-5-21-1290549310-2546065428-2348837155-1006\...\uTorrent) (Version: 3.4.5.41865 - BitTorrent Inc.)
7-Zip 15.12 (x64) (HKLM\...\7-Zip) (Version: 15.12 - Igor Pavlov)
Adblock Plus for IE (32-bit and 64-bit) (HKLM\...\{0F347A49-E36C-4639-8D2E-003AD408B8B2}) (Version: 1.5 - Eyeo GmbH)
Age of Empires III - Complete Collection (HKLM-x32\...\Age of Empires III - Complete Collection_Origami_is1) (Version: 1.0 - R.G. Origami, Seraph1)
AMD Catalyst Control Center (HKLM-x32\...\WUCCCApp) (Version: 1.00.0000 - AMD)
Avira Launcher (HKLM-x32\...\{eac7da46-2097-4dd4-80a6-8b67cbb2b23f}) (Version: 1.1.53.13962 - Avira Operations GmbH & Co. KG)
Cisco EAP-FAST Module (HKLM-x32\...\{64BF0187-F3D2-498B-99EA-163AF9AE6EC9}) (Version: 2.2.14 - Cisco Systems, Inc.)
Cisco LEAP Module (HKLM-x32\...\{51C7AD07-C3F6-4635-8E8A-231306D810FE}) (Version: 1.0.19 - Cisco Systems, Inc.)
Cisco PEAP Module (HKLM-x32\...\{ED5776D5-59B4-46B7-AF81-5F2D94D7C640}) (Version: 1.1.6 - Cisco Systems, Inc.)
Connectify 2016 (HKLM\...\Connectify) (Version: 2016.0.3.36821 - Connectify)
Dolphin (HKLM-x32\...\Dolphin) (Version: 4.0.2 - Dolphin Development Team)
Don't Starve (HKLM-x32\...\GOGPACKDONTSTARVE_is1) (Version: 2.7.0.16 - GOG.com)
Faveset Klink (HKLM-x32\...\Faveset Klink) (Version: - Faveset LLC)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 49.0.2623.87 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.5 - Google Inc.) Hidden
Itibiti RTC (x32 Version: 0.0.1 - Itibiti Inc) Hidden
Java 8 Update 66 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218066F0}) (Version: 8.0.660.18 - Oracle Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.50727 (HKLM-x32\...\{15134cb0-b767-4960-a911-f2d16ae54797}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.50727 (HKLM-x32\...\{22154f09-719a-4619-bb71-5b3356999fbf}) (Version: 11.0.50727.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.30501 (HKLM-x32\...\{050d4fc8-5d48-4b8f-8972-47c82c46020f}) (Version: 12.0.30501.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.30501 (HKLM-x32\...\{f65db027-aff3-4070-886a-0d87064aabb1}) (Version: 12.0.30501.0 - Microsoft Corporation)
Minecraft1.7.2 (HKLM-x32\...\Minecraft1.7.2) (Version: - )
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
Nidhogg (HKLM-x32\...\TmlkaG9nZw==_is1) (Version: 1 - )
Origin (HKLM-x32\...\Origin) (Version: 9.7.2.53208 - Electronic Arts, Inc.)
Razer Synapse (HKLM-x32\...\{0D78BEE2-F8FF-4498-AF1A-3FF81CED8AC6}) (Version: 1.18.21.27343 - Razer Inc.)
REALTEK Wireless LAN Driver and Utility (HKLM-x32\...\{9C049499-055C-4a0c-A916-1D8CA1FF45EB}) (Version: 1.00.0142 - REALTEK Semiconductor Corp.)
Rosetta Stone Ltd Services (HKLM-x32\...\{3165E4A6-D5DE-46B0-8597-D55E2B826B84}) (Version: 3.2.21 - Rosetta Stone Ltd.)
Rosetta Stone TOTALe (HKLM-x32\...\{6B6BC189-D606-4BC7-9758-E6C364F76A55}) (Version: 4.5.5.0 - Rosetta Stone, Ltd)
SimCity™ (HKLM-x32\...\{F70FDE4B-8F86-4eb6-8C8E-636EC89F6419}) (Version: 4.0.86.0859 - Electronic Arts)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 8.0.0.9103 - Microsoft Corporation)
Skype™ 7.8 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.8.102 - Skype Technologies S.A.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
VLC media player (HKLM-x32\...\VLC media player) (Version: 2.2.1 - VideoLAN)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-1290549310-2546065428-2348837155-1006_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\larry_1eh12qy\AppData\Local\Microsoft\OneDrive\17.3.6281.1202_1\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {10B7207B-CE5C-4631-9B39-E1538F86BC3A} - System32\Tasks\26847238 => C:\Program Files (x86)\visit\deranged.exe [2015-12-24] () <==== ATTENTION
Task: {1C7DA0AD-EE59-4BA5-8BAD-9F607F724112} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {2B15F20D-3F7C-4F25-AA8B-EDBC1B73B345} - System32\Tasks\Grapyy30404831Updates => C:\Program Files (x86)\club\sweltering.exe [2015-12-24] (rot)
Task: {2C4913EA-D190-4652-A621-09519E88ED11} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2016-03-10] (Microsoft Corporation)
Task: {2E8482BF-575C-4277-9141-E51362FFE440} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-09-23] (Google Inc.)
Task: {517AEF74-2CA1-4CD9-AA4D-EDEB6EFAB851} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_ERROR_HB => C:\WINDOWS\system32\MRT.exe [2016-03-10] (Microsoft Corporation)
Task: {70037014-9C03-49D7-B1F2-0BFD3E10181A} - System32\Tasks\7415287741528774152877415287 => C:\Program Files (x86)\rotten\partner.exe [2015-12-24] (windows 99) <==== ATTENTION
Task: {8ADA419A-8C01-4E8D-ABE5-6CFFB9733221} - System32\Tasks\323303 => C:\Program Files (x86)\rotten\partner.exe [2015-12-24] (windows 99) <==== ATTENTION
Task: {D11320D4-6A6C-46C6-9FB2-B9B65C211727} - System32\Tasks\dRq4q9uI8vnbNCeMvqae-ni-2015-12-24-ni-11426 => C:\Program Files (x86)\rotten\partner.exe [2015-12-24] (windows 99)
Task: {D2CCE707-B1A0-4D97-BEE1-3C23C5D2FEE1} - System32\Tasks\MySyy30404831ytemy => C:\Program Files (x86)\club\sweltering.exe [2015-12-24] (rot)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-10-30 03:18 - 2015-10-30 03:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2016-03-08 08:42 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-24 12:44 - 2015-12-24 12:44 - 00012288 _____ () C:\Program Files (x86)\visit\deranged.exe
2016-03-08 08:42 - 2016-02-23 07:27 - 02654872 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-12-22 22:03 - 2015-12-07 00:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2016-03-08 08:41 - 2016-02-23 04:36 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2016-01-16 23:21 - 2016-01-04 21:29 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2016-01-16 23:21 - 2016-01-04 21:23 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2016-01-28 21:33 - 2016-01-16 01:10 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2016-01-28 21:33 - 2016-01-16 01:13 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2014-04-28 12:07 - 2014-04-28 12:07 - 00596480 _____ () C:\Program Files (x86)\Faveset Klink\kclientgui.exe
2013-02-16 12:51 - 2013-02-16 12:51 - 00815104 _____ () C:\Program Files (x86)\Faveset Klink\adb.exe
2015-12-20 21:47 - 2015-12-20 21:48 - 00144384 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeHost.exe
2016-02-24 05:59 - 2016-02-16 12:08 - 00898616 _____ () C:\Program Files (x86)\Connectify\log4cplus.dll
2016-03-11 08:58 - 2016-03-11 08:58 - 00335360 _____ () C:\WINDOWS\assembly\NativeImages_v4.0.30319_32\Windows.Foundation\267a156e54b735c6becd50d09e12cc69\Windows.Foundation.ni.dll
2015-12-20 21:47 - 2015-12-20 21:48 - 00141312 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkypeBackgroundTasks.dll
2015-12-20 21:48 - 2015-12-20 21:48 - 21845504 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\SkyWrap.dll
2015-12-20 21:47 - 2015-12-20 21:48 - 02940416 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\MessagingNativeCore.dll
2015-12-20 21:47 - 2015-12-20 21:48 - 00583168 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\MessagingEntityExtractionProxy.dll
2015-12-20 21:47 - 2015-12-20 21:48 - 01300992 _____ () C:\Program Files\WindowsApps\Microsoft.Messaging_2.12.15004.0_x86__8wekyb3d8bbwe\MessagingNativeBase.dll
2016-03-11 06:56 - 2016-03-07 22:48 - 01676440 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libglesv2.dll
2016-03-11 06:56 - 2016-03-07 22:48 - 00086168 _____ () C:\Program Files (x86)\Google\Chrome\Application\49.0.2623.87\libegl.dll
2016-03-10 11:07 - 2016-03-08 13:16 - 17541312 _____ () C:\Users\larry_1eh12qy\AppData\Local\Google\Chrome\User Data\PepperFlash\21.0.0.182\pepflashplayer.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\29371661.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\29371661.sys => ""="Driver"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-08-24 17:09 - 2015-08-24 17:04 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-1290549310-2546065428-2348837155-1006\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: Media is not connected to internet.
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Bluetooth.lnk"
HKLM\...\StartupApproved\StartupFolder: => "FAH.lnk"
HKLM\...\StartupApproved\StartupFolder: => "WinZip Preloader.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Update Notifier.lnk"
HKLM\...\StartupApproved\Run: => "cutoauto"
HKLM\...\StartupApproved\Run: => "autoauto"
HKLM\...\StartupApproved\Run: => "interpee"
HKLM\...\StartupApproved\Run32: => "Razer Synapse"
HKLM\...\StartupApproved\Run32: => "cutoauto"
HKLM\...\StartupApproved\Run32: => "autoauto"
HKLM\...\StartupApproved\Run32: => "interpee"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKU\S-1-5-21-1290549310-2546065428-2348837155-1006\...\StartupApproved\StartupFolder: => "intr.lnk"
HKU\S-1-5-21-1290549310-2546065428-2348837155-1006\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-1290549310-2546065428-2348837155-1006\...\StartupApproved\Run: => "dutoauto"
HKU\S-1-5-21-1290549310-2546065428-2348837155-1006\...\StartupApproved\Run: => "interpee"
HKU\S-1-5-21-1290549310-2546065428-2348837155-1006\...\StartupApproved\Run: => "rutoauto"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{7DAD8F10-8D81-47EB-866E-6FB292B2D484}] => (Allow) C:\Users\larry_1eh12qy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{27051432-4E5E-445E-9146-321655D0AA69}] => (Allow) C:\Users\larry_1eh12qy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{EDCCB3BC-02BD-4D3B-A901-16AEBEEFA53A}] => (Allow) C:\Users\larry_1eh12qy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{61D19F05-65AE-4A97-910C-64D587E022F0}] => (Allow) C:\Users\larry_1eh12qy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{5DDBE787-8C44-4167-9DC3-DC2AAC3BD02B}] => (Allow) C:\Users\larry_1eh12qy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{00957B7C-766B-48AE-B35C-050E4AE84E1E}] => (Allow) C:\Users\larry_1eh12qy\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{4C865F25-3C1C-4CE1-98F0-F295403F962A}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{7F82CF38-5DC8-463B-BEC1-DE43D339F1C4}] => (Allow) C:\Users\Larry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{0CE48B89-8A7D-41C8-ABB8-652629057844}] => (Allow) C:\Users\Larry\AppData\Roaming\uTorrent\uTorrent.exe
FirewallRules: [{24EA03BF-E115-46DB-A3B6-0EC464C75F9A}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{AB4E570B-E2BF-4FAD-AC58-932EACA06D93}] => (Allow) C:\Program Files (x86)\Origin Games\SimCity\SimCity\SimCity.exe
FirewallRules: [{4FBB00A9-2A63-45BC-86BA-F37E90253E29}] => (Allow) LPort=53
FirewallRules: [{A19F12F8-39D0-48A2-B2ED-095DC5113D83}] => (Allow) LPort=1542
FirewallRules: [{E24EF324-924A-4C50-AC76-988AE9735C1A}] => (Allow) LPort=1542
FirewallRules: [{DCC5384A-6F74-46F1-8B71-E26E723972F0}] => (Allow) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{7BD44DA1-BE60-4CF0-A818-15C9AB9CBB0B}] => (Allow) C:\Program Files (x86)\REALTEK\11n USB Wireless LAN Utility\RtWLan.exe
FirewallRules: [{053A20AF-389C-4FC0-AC44-3B06B61603B1}] => (Allow) C:\Program Files (x86)\rotten\partner.exe
FirewallRules: [{B0A4D9BE-5270-47D9-9B85-1358F61981CC}] => (Allow) C:\Program Files (x86)\rotten\partner.exe
FirewallRules: [{CDBB8E19-99E6-47DD-8EB4-1F64887CF2A1}] => (Allow) C:\Program Files (x86)\rotten\getcap.exe
FirewallRules: [{9CBE98CD-00E4-47F8-9DF9-1EC134F949F5}] => (Allow) C:\Program Files (x86)\rotten\getcap.exe
FirewallRules: [{1158A9DD-44A7-4EAA-9979-16A758179BA7}] => (Allow) C:\a\winonit.exe
FirewallRules: [{03914B82-018C-475F-9DA7-34142AA0B483}] => (Allow) C:\a\winonit.exe
FirewallRules: [{90BFF4CB-60B0-44B3-8FEC-941F019989D4}] => (Allow) C:\Program Files (x86)\rotten\pretty.exe
FirewallRules: [{96367A6E-9184-4D6C-B8A7-1ED7456443C1}] => (Allow) C:\Program Files (x86)\rotten\pretty.exe
FirewallRules: [{F764252C-137A-4F20-8D8B-0466EE8D697F}] => (Allow) C:\a\vchk.exe
FirewallRules: [{A31B36ED-2B2D-4587-B246-AB0F3DB65402}] => (Allow) C:\a\vchk.exe
FirewallRules: [{9C78BFE2-0F86-4A8F-B6C1-F7EEC9215A27}] => (Allow) C:\a\dRq4q9uI8vnbNCeMvqae-ni-2015-12-24-ni-11426.exe
FirewallRules: [{A163FE04-7F1D-4B20-8CC1-FAFD7506E79A}] => (Allow) C:\a\dRq4q9uI8vnbNCeMvqae-ni-2015-12-24-ni-11426.exe
FirewallRules: [{6CDF1375-5A09-419C-9AFD-ECEA5BF7D05A}] => (Allow) C:\Program Files (x86)\club\sweltering.exe
FirewallRules: [{FCEC0BBA-13C0-4BE9-8362-5A307B2F2E3E}] => (Allow) C:\Program Files (x86)\club\sweltering.exe
FirewallRules: [{B8347948-85EA-4276-97B5-A4A8488A5550}] => (Allow) C:\Program Files (x86)\visit\deranged.exe
FirewallRules: [{4BD35F58-B4DB-419E-8F19-EA87A745DDAF}] => (Allow) C:\Program Files (x86)\visit\deranged.exe
FirewallRules: [{E5E5E45E-3083-4A43-B013-B47B9B6E8528}] => (Allow) C:\WINDOWS\system32\rundll32.exe
FirewallRules: [{B574BE6B-85F4-42E5-BB91-5280A32C945A}] => (Block) %ProgramFiles% (x86)\Rosetta Stone\Rosetta Stone TOTALe\Rosetta Stone TOTALe.exe
FirewallRules: [{4A67B651-3D0B-4524-9941-11F282BE3D78}] => (Block) %ProgramFiles% (x86)\Rosetta Stone\Rosetta Stone TOTALe\RosettaStoneTOTALe.exe
FirewallRules: [{11063B6F-6E2C-478A-8DA2-F3079E862293}] => (Block) %ProgramFiles% (x86)\Rosetta Stone\Rosetta Stone V3\RosettaStoneVersion3.exe
FirewallRules: [{EBE59D59-4533-4FE4-A4D2-F31C4256F311}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{79A11886-3D7B-4813-857C-47A4D47D111F}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneLtdServices.exe
FirewallRules: [{7047CD80-72AC-4421-8005-8ED6FA1EFA55}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [{3B6EB9D0-72D8-4EEE-A31F-AF4265BD6472}] => (Allow) C:\Program Files (x86)\RosettaStoneLtdServices\RosettaStoneDaemon.exe
FirewallRules: [TCP Query User{E792C7E3-731C-4F78-9C0F-08CE0CE602E2}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [UDP Query User{13035733-A3F7-4E6F-80F6-18B1E7028217}C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe] => (Block) C:\program files (x86)\java\jre1.8.0_66\bin\javaw.exe
FirewallRules: [TCP Query User{C6A2B00C-E538-492D-BB12-892BB68B2264}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [UDP Query User{0DB63B50-6F54-45BC-971B-03240C825F5A}C:\program files (x86)\connectify\connectify.exe] => (Allow) C:\program files (x86)\connectify\connectify.exe
FirewallRules: [{F1F53B98-D59C-406F-B886-3C045A2AFD30}] => (Allow) C:\Program Files (x86)\Connectify\Connectify.exe
FirewallRules: [{EDD6FEF4-217D-4D75-B97D-4ABF6986550E}] => (Allow) C:\Program Files (x86)\Faveset Klink\kclientgui.exe
FirewallRules: [{A8C551FB-70A9-4C3F-B7C0-07D776BD042E}] => (Allow) C:\Program Files (x86)\Faveset Klink\kclientgui.exe
FirewallRules: [{A05F8924-44B3-46DC-A748-3936B4140E79}] => (Allow) C:\Program Files (x86)\Faveset Klink\kclientgui.exe
FirewallRules: [{8EDB76E8-91F3-4B29-A9F3-D6D7F899AA4F}] => (Allow) C:\Program Files (x86)\Faveset Klink\kclientgui.exe
FirewallRules: [{81DB0014-F21D-4CA8-9C7F-BAA5A772BBA0}] => (Allow) C:\Program Files (x86)\Faveset Klink\adb.exe
FirewallRules: [{65AA3016-D08C-4AE9-82FC-F8202EFE89C3}] => (Allow) C:\Program Files (x86)\Faveset Klink\adb.exe
FirewallRules: [{5ACE2B40-511B-4723-94DA-85887D4039C9}] => (Allow) C:\Program Files (x86)\Faveset Klink\adb.exe
FirewallRules: [{2288C6F0-C7BF-41F8-BDB8-C18E55AAFD7B}] => (Allow) C:\Program Files (x86)\Faveset Klink\adb.exe
FirewallRules: [{07A301B9-6CB6-4BF4-918B-5F26D25FFDB7}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{B523EB1C-FF41-4802-BAEF-5C89ED7487C1}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{7B519FB5-C63E-4F14-8C39-974FBFBB6D94}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{21945F8E-2815-4677-B1E0-23153471ED9A}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{5EEAC50F-548F-4566-9B9B-FFBCD741F6B5}] => (Allow) C:\Program Files (x86)\Connectify\ConnectifyNetServices.exe
FirewallRules: [{2E137534-9971-46FF-AB24-DA848A7A3F8C}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe

==================== Restore Points =========================

==================== Faulty Device Manager Devices =============

Name: Klink Virtual Network Adapter #4
Description: Klink Virtual Network Adapter
Class Guid: {4d36e972-e325-11ce-bfc1-08002be10318}
Manufacturer: Faveset LLC
Service: tapklink
Problem: : This device is not working properly because Windows cannot load the drivers required for this device. (Code 31)
Resolution: Update the driver

==================== Event log errors: =========================

Application errors:
==================
Error: (03/12/2016 11:03:03 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-F5H5IAK)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/12/2016 11:03:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-F5H5IAK)
Description: Activation of app microsoft.windowscommunicationsapps_8wekyb3d8bbwe!ppleae38af2e007f4358a809ac99a64a67c1 failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/12/2016 11:03:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-F5H5IAK)
Description: Activation of app NinjaKiwi.BloonsMonkeyCity_g04ay3csa72hr!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/12/2016 11:03:01 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: DESKTOP-F5H5IAK)
Description: Activation of app NinjaKiwi.14307A9B6AF61_g04ay3csa72hr!App failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (03/12/2016 03:57:07 PM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/11/2016 07:08:19 AM) (Source: Perflib) (EventID: 1008) (User: )
Description: BITSC:\Windows\System32\bitsperf.dll8

Error: (03/11/2016 07:07:13 AM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_EventSystem, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: LicenseManager.dll, version: 10.0.10586.35, time stamp: 0x5664ffca
Exception code: 0xc0000005
Fault offset: 0x0000000000047fca
Faulting process id: 0x434
Faulting application start time: 0xsvchost.exe_EventSystem0
Faulting application path: svchost.exe_EventSystem1
Faulting module path: svchost.exe_EventSystem2
Report Id: svchost.exe_EventSystem3
Faulting package full name: svchost.exe_EventSystem4
Faulting package-relative application ID: svchost.exe_EventSystem5

Error: (03/10/2016 12:10:00 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (03/08/2016 03:19:39 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: svchost.exe_EventSystem, version: 10.0.10586.0, time stamp: 0x5632d7ba
Faulting module name: LicenseManager.dll, version: 10.0.10586.35, time stamp: 0x5664ffca
Exception code: 0xc0000005
Fault offset: 0x0000000000047fca
Faulting process id: 0x498
Faulting application start time: 0xsvchost.exe_EventSystem0
Faulting application path: svchost.exe_EventSystem1
Faulting module path: svchost.exe_EventSystem2
Report Id: svchost.exe_EventSystem3
Faulting package full name: svchost.exe_EventSystem4
Faulting package-relative application ID: svchost.exe_EventSystem5

Error: (03/08/2016 12:05:02 PM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

System errors:
=============
Error: (03/13/2016 10:05:45 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-F5H5IAK)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-F5H5IAKlarry_1eh12qyS-1-5-21-1290549310-2546065428-2348837155-1006LocalHost (Using LRPC)Microsoft.WindowsStore_2015.25.5.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157

Error: (03/13/2016 09:22:25 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-F5H5IAK)
Description: machine-defaultLocalActivation{C2F03A33-21F5-47FA-B4BB-156362A2F239}{316CDED5-E4AE-4B15-9113-7055D84DCC97}DESKTOP-F5H5IAKlarry_1eh12qyS-1-5-21-1290549310-2546065428-2348837155-1006LocalHost (Using LRPC)Microsoft.WindowsStore_2015.25.5.0_x64__8wekyb3d8bbweS-1-15-2-1609473798-1231923017-684268153-4268514328-882773646-2760585773-1760938157

Error: (03/12/2016 11:03:03 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-F5H5IAK)
Description: CortanaUI.AppXn73w0hsq3g4wx1h9fhf7q02vw2wta6qc.mca

Error: (03/12/2016 11:03:01 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-F5H5IAK)
Description: microsoft.windowslive.calendar.AppXwkn9j84yh1kvnt49k5r8h6y1ecsv09hs.mca

Error: (03/12/2016 11:03:01 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-F5H5IAK)
Description: App.AppXf8744aqpe5h6ftbfdtdt8hx9p9tkzqvc.mca

Error: (03/12/2016 11:03:01 PM) (Source: DCOM) (EventID: 10010) (User: DESKTOP-F5H5IAK)
Description: App.AppX1dyvfh8d6xx4fevb1t03rhqmgp5nmsk7.mca

Error: (03/12/2016 11:02:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_328b4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/12/2016 11:02:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_328b4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/12/2016 11:02:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_328b4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (03/12/2016 11:02:59 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_328b4 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

CodeIntegrity:
===================================
Date: 2016-03-12 14:18:45.878
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-11 05:51:43.196
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-03-09 09:07:22.909
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume1\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2016-02-24 05:43:30.140
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-02-24 05:08:22.172
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-02-24 05:03:54.007
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-02-24 04:59:03.518
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-02-24 04:54:45.251
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-02-23 21:52:00.312
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

Date: 2016-02-23 21:37:00.345
Description: Code Integrity determined that a process (\Device\HarddiskVolume1\Windows\System32\svchost.exe) attempted to load \Device\HarddiskVolume1\Program Files (x86)\Elex-tech\YAC\iSafeSrvMon64.dll that did not meet the Windows signing level requirements.

==================== Memory info ===========================

Processor: AMD A6-3400M APU with Radeon(tm) HD Graphics
Percentage of memory in use: 31%
Total physical RAM: 7657.9 MB
Available physical RAM: 5230.15 MB
Total Virtual: 8873.9 MB
Available Virtual: 6305.67 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:660.98 GB) (Free:385.04 GB) NTFS
Drive d: (RECOVERY) (Fixed) (Total:17.37 GB) (Free:17.31 GB) NTFS
Drive e: (HP_TOOLS) (Fixed) (Total:0.1 GB) (Free:0.09 GB) FAT32
Drive g: (Stuff) (Fixed) (Total:19.53 GB) (Free:19.47 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 5A01AB4C)
Partition 1: (Not Active) - (Size=993 KB) - (Type=42)
Partition 2: (Active) - (Size=199 MB) - (Type=42)
Partition 3: (Not Active) - (Size=661 GB) - (Type=42)
Partition 4: (Not Active) - (Size=37.5 GB) - (Type=42)

==================== End of Addition.txt ============================

Broni · Mar 14, 2016

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs
Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator
Otherwise just double-click on RogueKiller.exe
Pre-scan will start. Let it finish.
Click on SCAN button.
Wait until the Status box shows Scan Finished
Click on Delete.
Wait until the Status box shows Deleting Finished.
Click on Report and copy/paste the content of the Notepad into your next reply.
RKreport.txt could also be found on your desktop.
If more than one log is produced post all logs.
If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to the following:
Launch Malwarebytes Anti-Malware
A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.
Click Finish.
On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link
After the update completes, click the 'Scan Now >>' button.
Or, on the Dashboard, click the Scan Now >> button.
If an update is available, click the Update Now button.
A Threat Scan will begin.
When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.
In most cases, a restart will be required.
Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Export'.
Click 'Text file (*.txt)'
In the Save File dialog box which appears, click on Desktop.
In the File name: box type a name for your scan log.
A message box named 'File Saved' should appear stating "Your file has been successfully exported".
Click Ok
Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.
Click on the History tab > Application Logs.
Double click on the Scan Log which shows the Date and time of the scan just performed.
Click 'Copy to Clipboard'
Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.
Double click on adwcleaner.exe to run the tool.
Click on Scan button.
When the scan has finished click on Clean button.
Your computer will be rebooted automatically. A text file will open after the restart.
Please post the contents of that logfile with your next reply.
You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.
Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator".
The tool will open and start scanning your system.
Please be patient as this can take a while to complete depending on your system's specifications.
On completion, a log (JRT.txt) is saved to your desktop and will automatically open.
Post the contents of JRT.txt into your next message.

Inactive Can't access websites in links

cluelessattech

Posts: 6 +0

cluelessattech

Posts: 6 +0

cluelessattech

Posts: 6 +0

cluelessattech

Posts: 6 +0

Broni

Posts: 56,041 +517

cluelessattech

Posts: 6 +0

cluelessattech

Posts: 6 +0

Broni

Posts: 56,041 +517

Similar threads

Latest posts