Solved Firefox misbehaving Secure Connection Failed

[PhilipMoore62]

2015-07-10 03:59 - 2015-07-10 03:59 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcfg.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\icacls.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPoliciesBroker.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\witnesswmiv2provider.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\SetProxyCredential.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBCAMD2.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kbdhid.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00036704 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_0C_8086.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00036704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\battc.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\WcnEapAuthProxy.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\format.com
2015-07-10 03:59 - 2015-07-10 03:59 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\datusage.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00036192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\storvsc.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdhcinst.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\RacEngn.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcsubs.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\FDResPub.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\FdDevQuery.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\filetrace.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00035840 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceDisplayStatusManager.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00035664 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfpmp.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\winbrand.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\ndfetw.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00035328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Apphlpdm.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00035168 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_15b3.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00035168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wimmount.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxssrv.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasphone.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\pots.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpui.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\ipconfig.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\hid.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\extrac32.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbuhci.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Workplace.WorkplaceSettings.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\hidserv.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\findstr.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\RNDISMP.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dmvsc.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00033792 _____ (Microsoft Corporation) C:\WINDOWS\system32\choice.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\TsUsbGD.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmNotificationBroker.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00033280 _____ (Microsoft Corporation) C:\WINDOWS\system32\cofiredm.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmpapi.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcnsh.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\cacls.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\rtffilt.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mouhid.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fdc.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\CSystemEventsBrokerClient.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\bthpanapi.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WsmAgent.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\WofUtil.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\msisip.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\mode.com
2015-07-10 03:59 - 2015-07-10 03:59 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\ias.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vhf.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\DDOIProxy.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00031744 _____ (Microsoft Corporation) C:\WINDOWS\system32\APHostRes.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00031584 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\winhv.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00031528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfpmp.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxdm.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\InprocLogger.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifmon.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tape.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fcvsc.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00031072 _____ (Promise Technology, Inc.) C:\WINDOWS\system32\Drivers\stexstor.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\timeout.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxsstore.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasser.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdWNet.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BthhfHid.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00030720 _____ (Microsoft Corporation) C:\WINDOWS\system32\aeevts.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmiprop.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ureg.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcPing.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\eapprovp.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\clip.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmproxy.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncuprov.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSAMRNBSink.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\LldpNotify.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wacompen.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00029536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbd.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbohci.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\CmBatt.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\Dot3Conn.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cscdll.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00029184 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmpbk32.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00029024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SysResetErr.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00029024 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_19a2.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00029024 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_10df.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\winrshost.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\netiougc.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsutilext.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\dswave.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00028512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urschipidea.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00028512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\uefi.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00028512 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\atapi.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.System.Profile.SystemManufacturers.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Management.Provisioning.ProxyStub.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\more.com
2015-07-10 03:59 - 2015-07-10 03:59 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hidbatt.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\asyncmac.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00027944 _____ (Microsoft Corporation) C:\WINDOWS\system32\vmbuspipe.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcalua.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sermouse.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmutil.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\CheckNetIsolation.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00027488 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\urssynopsys.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgentc.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbprint.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmoleaututils.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00027136 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEject.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00026976 _____ (Microsoft Corporation) C:\WINDOWS\system32\streamci.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00026976 _____ (Advanced Micro Devices) C:\WINDOWS\system32\Drivers\amdxata.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\winusb.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\vdsldr.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\npsvctrig.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\delegatorprovider.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\davhlpr.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\WINSRPC.DLL
2015-07-10 03:59 - 2015-07-10 03:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\storagewmi_passthru.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\osbaseln.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\msimsg.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAgent.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vwifibus.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\HyperVideo.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\flpydisk.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\DefaultPrinterProvider.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\comp.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\chkwudrv.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\chkdsk.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ARP.EXE
2015-07-10 03:59 - 2015-07-10 03:59 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\WindowsUpdateElevatedInstaller.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\perfnet.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\netbtugc.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\NcdProp.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\fc.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseAppMgmtClient.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\xinputhid.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndistapi.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00025600 _____ (Microsoft Corporation) C:\WINDOWS\system32\bitsperf.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\WiFiConfigSP.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\sdbinst.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\irmon.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\VMBusHID.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcfgutils.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00024928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tbs.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSAMRNBSink.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\TtlsExt.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\sisbkup.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\serwvdrv.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Register-CimProvider.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\serenum.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00024416 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd1394.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\sort.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ROUTE.EXE
2015-07-10 03:59 - 2015-07-10 03:59 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvcpal.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Custom.ps.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mcd.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\cofire.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00023552 _____ (Microsoft Corporation) C:\WINDOWS\system32\adhapi.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmsDeviceAccessRevocation.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\mgmtapi.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCCSPal.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\lmhsvc.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhsvcctl.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\kdnic.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\system32\acu.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\xmlprovi.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\umdmxfrm.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\spopk.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\PnPutil.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\msdtcVSp1res.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ws2ifsl.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00022528 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmprocessxmlfiltered.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\isapnp.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\uniplat.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\replace.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasctrs.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\ndproxystub.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\energytask.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usb8023.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\BtaMPM.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00022016 _____ (Microsoft Corporation) C:\WINDOWS\system32\convert.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00021856 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cmimcext.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00021656 _____ C:\WINDOWS\system32\NetTrace.PLA.Diagnostics.xml
2015-07-10 03:59 - 2015-07-10 03:59 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\PING.EXE
2015-07-10 03:59 - 2015-07-10 03:59 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\nbtstat.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\fdPHost.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\diskperf.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00021504 _____ (Microsoft Corporation) C:\WINDOWS\system32\bridgeunattend.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshelper.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.BackgroundPlayback.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasdial.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiltcfg.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\NdisVirtualBus.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\genericusbfn.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\chkntfs.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\system32\attrib.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshqos.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Background.ps.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\tree.com
2015-07-10 03:59 - 2015-07-10 03:59 - 00020480 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmstplua.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00020184 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumbase.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00019992 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtIntcLpioDMA.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\winnlsres.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\smphost.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\runas.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\irclass.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\EsdSip.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00019968 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragproxy.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdhv1394.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasautou.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\PATHPING.EXE
2015-07-10 03:59 - 2015-07-10 03:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxp.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\irenum.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00019456 _____ (Microsoft Corporation) C:\WINDOWS\system32\doskey.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\setupetw.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msisadrv.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00019296 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\intelide.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\serialui.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\kernelceip.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\httpprxc.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\DmOmaCpMo.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00018784 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllhost.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00018656 _____ (Microsoft Corporation) C:\WINDOWS\system32\psapi.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsock32.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\syssetup.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntvdm64.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\netbios.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wmiacpi.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sfloppy.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\clb.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00017944 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WindowsTrustedRTProxy.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00017935 _____ C:\WINDOWS\system32\EventViewer_EventDetails.xsl
2015-07-10 03:59 - 2015-07-10 03:59 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\TRACERT.EXE
2015-07-10 03:59 - 2015-07-10 03:59 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole2.tlb
2015-07-10 03:59 - 2015-07-10 03:59 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\RmClient.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\mountvol.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\icsunattend.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\fhuxapi.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00017920 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmpushproxy.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00017624 _____ (Windows (R) Win 7 DDK provider) C:\WINDOWS\system32\Drivers\bcmfn2.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00017432 _____ (Microsoft Corporation) C:\WINDOWS\system32\HalExtPL080.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wowreg32.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\rasadhlp.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\print.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nrpsrv.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlmsprep.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\label.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\ktmutil.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\iscsilog.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterpriseetw.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00017408 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rasacd.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00017248 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwizres.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00017248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_07_1415.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\secinit.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityCommonPal.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\hnetmon.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\fsavailux.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\system32\find.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsmplpxy.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\subst.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\regidle.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\pstask.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRINFO.EXE
2015-07-10 03:59 - 2015-07-10 03:59 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\finger.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00016384 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\hyperkbd.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdnet_uart16550.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00016168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\drmkaud.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\TSChannel.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\snmptrap.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcwrun.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ifsutilx.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\MTConfig.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00015872 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_IS2022.DLL
2015-07-10 03:59 - 2015-07-10 03:59 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pciide.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\VmApplicationHealthMonitorProxy.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\spwinsat.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnpts.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00015200 _____ (Microsoft Corporation) C:\WINDOWS\system32\kdstub.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshirda.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpPortingLibrary.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanhlp.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winshfhc.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\winrssrv.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeSyncTask.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dnsext.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcommandlineutils.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\chcp.com
2015-07-10 03:59 - 2015-07-10 03:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\cfmifsproxy.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\system32\c_GSM7.DLL
2015-07-10 03:59 - 2015-07-10 03:59 - 00014552 _____ (Microsoft Corporation) C:\WINDOWS\system32\iumdll.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\usbperf.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensApi.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\recover.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\HOSTNAME.EXE
2015-07-10 03:59 - 2015-07-10 03:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPoliciesBrokerPS.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Dmpusbstor.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\DockInterface.ProxyStub.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\dhcpcmonitor.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00014336 _____ (Microsoft Corporation) C:\WINDOWS\system32\amsiproxy.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmcodecdspps.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\whhelper.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\svsvc.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProximityRtapiPal.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\mprext.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mskssrv.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmiso8601utils.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\dabapi.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmdext.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\C_ISCII.DLL
2015-07-10 03:59 - 2015-07-10 03:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyExtension.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\pcaevts.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\kd_02_1137.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\InfDefaultInstall.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Eap3Host.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vmgencounter.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpipmi.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\rastlsext.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\raschapext.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\MinstoreEvents.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-battery-events.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\dstokenclean.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\umpass.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rootmdm.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mstee.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpitime.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00012800 _____ (Microsoft Corporation) C:\WINDOWS\system32\acproxy.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wow64cpu.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\TCPSVCS.EXE
2015-07-10 03:59 - 2015-07-10 03:59 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\netwphelper.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpipagr.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\DefaultDeviceManager.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxlibres.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\TimeDateMUICallback.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\spnet.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\regedt32.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiwer.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\EasPoliciesBrokerHost.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mshidumdf.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\errdev.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00011776 _____ (Microsoft Corporation) C:\WINDOWS\system32\dcomcnfg.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\iprtprio.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\help.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\system32\CIRCoInst.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\spmpm.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Locator.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mspqm.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00010752 _____ (Microsoft Corporation) C:\WINDOWS\system32\acledit.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmcodecdspps.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\plasrv.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Nlsdl.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dllhst3g.exe
2015-07-10 03:59 - 2015-07-10 03:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\comcat.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\AutoWorkplaceN.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshhyperv.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\RpcNs4.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\osuninst.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mtxex.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\idndl.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\vms3cap.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mshidkmdf.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00008192 _____ C:\WINDOWS\system32\settings.dat
2015-07-10 03:59 - 2015-07-10 03:59 - 00008192 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\gpuenergydrv.sys
2015-07-10 03:59 - 2015-07-10 03:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\stdole32.tlb
2015-07-10 03:59 - 2015-07-10 03:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\shimeng.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-hal-events.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Firewall.cpl
2015-07-10 03:59 - 2015-07-10 03:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\FamilySafetyExt.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00007168 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrolluxdll.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-storage-tiering-events.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00006656 _____ (Microsoft Corporation) C:\WINDOWS\system32\microsoft-windows-sleepstudy-events.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\normaliz.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00004675 _____ C:\WINDOWS\system32\wsmanconfig_schema.xml
2015-07-10 03:59 - 2015-07-10 03:59 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\ws2help.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzsyncres.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\system32\defragres.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00004148 _____ C:\WINDOWS\system32\psmodulediscoveryprovider.mof
2015-07-10 03:59 - 2015-07-10 03:59 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\system32\TpmCertResources.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00004014 _____ C:\WINDOWS\system32\xwizard.dtd
2015-07-10 03:59 - 2015-07-10 03:59 - 00003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlanutil.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00003584 _____ (Microsoft Corporation) C:\WINDOWS\system32\bootstr.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\tzres.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\SyncRes.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\sfc.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\msafd.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lz32.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\lltdres.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\icmp.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmdskres2.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\DMAppsRes.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\bridgeres.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\winrsmgr.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00002560 _____ (Microsoft Corporation) C:\WINDOWS\system32\rnr20.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00002426 _____ C:\WINDOWS\system32\WsmTxt.xsl
2015-07-10 03:59 - 2015-07-10 03:59 - 00002269 _____ C:\WINDOWS\system32\WimBootCompress.ini
2015-07-10 03:59 - 2015-07-10 03:59 - 00002125 _____ C:\WINDOWS\system32\AppxProvisioning.xml
2015-07-10 03:59 - 2015-07-10 03:59 - 00001820 _____ C:\WINDOWS\system32\rasctrnm.h
2015-07-10 03:59 - 2015-07-10 03:59 - 00001559 _____ C:\WINDOWS\system32\WsmPty.xsl
2015-07-10 03:59 - 2015-07-10 03:59 - 00000843 _____ C:\WINDOWS\system32\onlinesetup.cmd
2015-07-10 03:59 - 2015-07-10 03:59 - 00000714 _____ C:\WINDOWS\system32\RestartManager.mof
2015-07-10 03:59 - 2015-07-10 03:59 - 00000614 _____ C:\WINDOWS\system32\WdsUnattendTemplate.xml
2015-07-10 03:59 - 2015-07-10 03:59 - 00000565 _____ C:\WINDOWS\system32\NdfEventView.xml
2015-07-10 03:59 - 2015-07-10 03:59 - 00000176 _____ C:\WINDOWS\system32\RestartManagerUninstall.mof
2015-07-10 03:59 - 2015-07-10 03:59 - 00000035 _____ C:\WINDOWS\system32\winrm.cmd
2015-07-10 03:55 - 2015-07-29 10:44 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-07-10 02:11 - 2015-07-10 02:11 - 00000164 _____ C:\WINDOWS\system32\config\FP
2015-07-10 02:07 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2015-07-10 02:07 - 2015-07-10 04:04 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-07-10 02:07 - 2015-07-10 02:07 - 00141824 _____ (Microsoft Corporation) C:\WINDOWS\system32\poqexec.exe
2015-07-10 02:07 - 2015-07-10 02:07 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\poqexec.exe
2015-07-10 02:05 - 2015-07-31 16:19 - 00524288 ___SH C:\WINDOWS\system32\config\BBI
2015-07-10 02:05 - 2015-07-29 10:14 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-07-10 02:05 - 2015-07-29 10:14 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-07-10 02:05 - 2015-07-29 09:41 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-07-10 02:05 - 2015-07-29 09:26 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-07-10 02:05 - 2015-07-29 09:20 - 00000000 __RHD C:\Users\Default
2015-07-10 02:05 - 2015-07-10 06:11 - 00000000 ____D C:\WINDOWS\servicing
2015-07-10 02:05 - 2015-07-10 02:05 - 00897024 _____ (Microsoft Corporation) C:\WINDOWS\system32\SmiEngine.dll
2015-07-10 02:05 - 2015-07-10 02:05 - 00618272 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxs.dll
2015-07-10 02:05 - 2015-07-10 02:05 - 00254816 _____ (Microsoft Corporation) C:\WINDOWS\system32\wdscore.dll
2015-07-10 02:05 - 2015-07-10 02:05 - 00243040 _____ (Microsoft Corporation) C:\WINDOWS\system32\cmipnpinstall.dll
2015-07-10 02:05 - 2015-07-10 02:05 - 00207200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wdscore.dll
2015-07-10 02:05 - 2015-07-10 02:05 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\PkgMgr.exe
2015-07-10 02:05 - 2015-07-10 02:05 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PkgMgr.exe

 

[PhilipMoore62]

2015-07-10 02:05 - 2015-07-10 02:05 - 00191840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cmipnpinstall.dll
2015-07-10 02:05 - 2015-07-10 02:05 - 00135520 _____ (Microsoft Corporation) C:\WINDOWS\system32\SSShim.dll
2015-07-10 02:05 - 2015-07-10 02:05 - 00111456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SSShim.dll
2015-07-10 02:05 - 2015-07-10 02:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\sxstrace.exe
2015-07-10 02:05 - 2015-07-10 02:05 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2015-07-10 02:05 - 2015-07-10 02:05 - 00000000 ____D C:\WINDOWS\system32\SMI
2015-07-10 02:05 - 2015-07-10 02:05 - 00000000 ____D C:\WINDOWS\system32\downlevel
2015-07-05 17:32 - 2015-07-15 10:45 - 00000000 ____D C:\Program Files\Macrium
2015-07-05 17:29 - 2015-07-05 17:44 - 00278440 _____ C:\Reflect_Install.log
2015-07-05 17:23 - 2015-07-19 12:41 - 00000000 ____D C:\Users\Philip\Downloads\Macrium
2015-07-05 17:22 - 2015-07-15 10:45 - 00000000 ____D C:\ProgramData\Macrium
2015-07-05 17:22 - 2015-07-05 17:22 - 03545552 _____ (Paramount Software UK Ltd) C:\Users\Philip\Downloads\ReflectDL.exe
2015-07-05 10:30 - 2015-07-05 10:31 - 04718584 _____ (Avira Operations GmbH & Co. KG) C:\Users\Philip\Downloads\avira_en_av_559969c36d84b__ws.exe
2015-07-05 09:58 - 2015-07-05 13:14 - 00000000 ____D C:\Users\Philip\Documents\ProcessExplorer
2015-07-04 15:16 - 2015-07-04 15:16 - 00001116 _____ C:\Users\Philip\Desktop\Rescue.Scan Tools - Shortcut.lnk
2015-07-04 14:36 - 2015-07-04 14:36 - 00001134 _____ C:\EamClean.log
2015-07-04 14:29 - 2015-07-04 14:30 - 00388608 _____ (Trend Micro Inc.) C:\Users\Philip\Downloads\HijackThis(1).exe
2015-07-04 08:12 - 2015-07-04 08:12 - 41128904 _____ C:\Users\Philip\Downloads\Firefox Setup 39.0.exe
2015-07-04 08:10 - 2015-07-04 08:10 - 00264757 _____ C:\Users\Philip\Downloads\FHSetup(1).exe
2015-07-04 07:50 - 2015-07-04 07:51 - 00264757 _____ C:\Users\Philip\Downloads\FHSetup.exe
2015-07-03 14:41 - 2015-07-03 14:41 - 00001128 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CDBurnerXP.lnk
2015-07-03 14:41 - 2015-07-03 14:41 - 00000000 ____D C:\Program Files (x86)\CDBurnerXP
2015-07-03 13:43 - 2015-07-31 13:02 - 00000000 ____D C:\Support
2015-07-03 13:43 - 2015-07-03 13:43 - 00053248 _____ C:\WINDOWS\SysWOW64\zlib.dll
2015-07-03 12:11 - 1999-12-31 17:00 - 00881368 _____ (Realtek ) C:\WINDOWS\system32\Drivers\Rt630x64.sys
2015-07-03 12:11 - 1999-12-31 17:00 - 00073800 _____ (Realtek Semiconductor Corporation) C:\WINDOWS\system32\RtNicProp64.dll
2015-07-02 15:46 - 2015-07-02 15:46 - 00000000 ____D C:\WINDOWS\pss
2015-07-02 11:31 - 2015-07-02 11:31 - 00448512 _____ (OldTimer Tools) C:\Users\Philip\Downloads\TFC.exe
2015-07-02 10:19 - 2015-07-15 08:27 - 00000000 ____D C:\Users\Philip\Downloads\backups
2015-07-02 09:55 - 2015-07-02 09:55 - 00000000 ____D C:\ProgramData\Emsisoft
2015-07-02 07:49 - 2015-07-02 07:49 - 00035823 _____ C:\Users\Philip\Downloads\Result.txt
2015-07-02 07:48 - 2015-07-02 07:48 - 00892928 _____ (Farbar) C:\Users\Philip\Downloads\MiniToolBox.exe
2015-07-02 06:34 - 2015-07-31 13:46 - 00000000 ____D C:\ProgramData\Malwarebytes' Anti-Malware (portable)
2015-07-02 06:33 - 2015-07-02 06:33 - 16502728 _____ (Malwarebytes Corp.) C:\Users\Philip\Downloads\mbar-1.09.1.1004.exe
2015-07-01 14:15 - 2015-07-12 11:49 - 00799036 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-07-01 13:39 - 2015-07-01 13:39 - 00003878 _____ C:\Reset-TCPIP_01072015-133933.txt
2015-07-01 13:28 - 2015-07-01 13:28 - 00003918 _____ C:\Reset-TCPIP_01072015-132827.txt
2015-07-01 12:48 - 2015-07-01 12:48 - 00000000 ____D C:\Users\Philip\AppData\Local\acer
2015-07-01 12:48 - 2015-07-01 12:48 - 00000000 ____D C:\Users\Philip\abBox
2015-07-01 11:00 - 2014-11-07 19:03 - 00733696 _____ (Microsoft Corporation) C:\WINDOWS\system32\SkyDriveTelemetry.dll
2015-07-01 10:22 - 2015-07-01 10:22 - 00994931 _____ C:\Users\Philip\Downloads\PowerTool V4.5(en).zip
2015-07-01 10:20 - 2015-07-01 10:20 - 03301539 _____ C:\Users\Philip\Downloads\PowerTool V4.5.zip
2015-07-01 07:38 - 2015-07-01 07:38 - 24345872 _____ (Malwarebytes Corporation ) C:\Users\Philip\Downloads\Malwarebytes_Anti_Malware_v2.1.8.exe
2015-07-01 07:36 - 2015-07-30 17:09 - 00000000 ____D C:\Users\Philip\AppData\Local\Apple Inc
2015-07-01 07:35 - 2015-07-30 17:09 - 00000000 ____D C:\Users\Philip\Documents\Outlook Files
2015-07-01 07:30 - 2015-07-01 07:30 - 00000000 ____D C:\Users\Philip\Downloads\PowerToolV3.4.1
2015-07-01 07:13 - 2015-07-01 07:13 - 12908872 _____ C:\Users\Philip\Downloads\tweaking.com_windows_repair_aio_setup.exe
2015-07-01 07:08 - 2015-07-01 07:08 - 00667096 _____ C:\Users\Philip\Downloads\PowerToolV3.4.1.zip
2015-07-01 06:43 - 2015-07-01 06:43 - 00000000 ____D C:\Users\Philip\Downloads\XueTr
2015-07-01 06:42 - 2015-07-01 06:42 - 04251068 _____ C:\Users\Philip\Downloads\XueTr.zip
2015-07-01 06:38 - 2015-07-01 06:38 - 00000000 ____D C:\Users\Philip\Documents\PowerToolV3.4.1

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-07-31 16:26 - 2015-06-19 10:43 - 00000000 ____D C:\FRST
2015-07-31 16:03 - 2015-06-19 10:44 - 00000000 ____D C:\AdwCleaner
2015-07-31 15:49 - 2015-06-25 09:12 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-07-31 14:55 - 2015-06-25 09:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-07-31 14:55 - 2015-06-25 09:11 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-07-31 14:34 - 2015-06-25 12:50 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
2015-07-31 14:23 - 2015-06-25 07:25 - 00000000 ____D C:\Users\Philip\AppData\Local\CrashDumps
2015-07-31 14:11 - 2015-06-18 16:51 - 00000000 __RDO C:\Users\Philip\OneDrive
2015-07-31 13:02 - 2015-06-22 08:44 - 00000000 ____D C:\Users\Philip\Documents\Rescue.Scan Tools
2015-07-31 12:00 - 2013-08-22 08:36 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-07-31 10:57 - 2015-06-18 17:32 - 00183438 ____N C:\WINDOWS\Minidump\073115-19328-01.dmp
2015-07-30 17:09 - 2015-06-25 12:07 - 00000000 ____D C:\Users\Philip\AppData\Roaming\Apple Computer
2015-07-30 17:05 - 2015-06-28 06:54 - 00000000 ____D C:\Users\Philip\AppData\Local\Apple
2015-07-30 16:11 - 2015-06-25 07:41 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-07-30 14:09 - 2015-06-25 08:58 - 00000000 ____D C:\ProgramData\Oracle
2015-07-30 11:25 - 2015-06-19 11:36 - 00000000 ____D C:\Windows_Repair_Toolbox
2015-07-29 11:24 - 2015-06-25 14:41 - 00000000 ____D C:\Program Files\CCleaner
2015-07-29 10:32 - 2015-06-18 16:43 - 00000000 ____D C:\Users\Philip\AppData\Local\Packages
2015-07-29 10:31 - 2014-11-21 18:17 - 00000000 ____D C:\Program Files (x86)\Qualcomm Atheros
2015-07-29 10:06 - 2015-06-30 10:12 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-07-29 09:58 - 2015-06-25 07:12 - 00013338 _____ C:\WINDOWS\diagwrn.xml
2015-07-29 09:58 - 2015-06-25 07:12 - 00013338 _____ C:\WINDOWS\diagerr.xml
2015-07-29 09:55 - 2015-06-27 13:18 - 00002916 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-07-29 09:55 - 2015-06-27 06:21 - 00003708 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-733529448-3193121913-2867107617-1001
2015-07-29 09:41 - 2015-06-30 10:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office 2013
2015-07-29 09:41 - 2015-06-29 16:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RogueKiller
2015-07-29 09:41 - 2015-06-29 15:03 - 00000000 ____D C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-29 09:41 - 2015-06-29 15:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-07-29 09:41 - 2015-06-29 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MagicISO
2015-07-29 09:41 - 2015-06-29 13:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ImgBurn
2015-07-29 09:41 - 2015-06-29 13:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Process Hacker 2
2015-07-29 09:41 - 2015-06-29 08:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-Zip
2015-07-29 09:41 - 2015-06-25 16:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\KeyFinder
2015-07-29 09:41 - 2015-06-25 15:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-07-29 09:41 - 2015-06-25 14:41 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-07-29 09:41 - 2015-06-25 14:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-07-29 09:41 - 2015-06-25 14:16 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-07-29 09:41 - 2015-06-25 08:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-07-29 09:41 - 2014-11-21 18:48 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 12
2015-07-29 09:41 - 2014-11-21 18:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PRIVATE WiFi
2015-07-29 09:41 - 2014-09-15 21:51 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acer
2015-07-29 09:39 - 2013-08-22 06:36 - 00000000 ____D C:\Users\Default.migrated
2015-07-29 09:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-07-29 09:33 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-07-29 09:31 - 2014-09-15 22:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit PhantomPDF
2015-07-29 09:31 - 2014-09-15 21:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-07-29 09:31 - 2014-09-15 21:56 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector 10
2015-07-29 09:31 - 2014-09-15 21:53 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PhotoDirector 3
2015-07-29 09:31 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-07-29 09:31 - 2013-08-22 08:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-07-29 09:29 - 2014-09-15 20:52 - 00000000 ____D C:\Users\Administrator\AppData\Local\Packages
2015-07-29 08:19 - 2015-06-25 16:42 - 00000000 ____D C:\Users\Philip\Documents\BroniFixlistExamples
2015-07-23 10:30 - 2015-06-25 07:42 - 00000000 ____D C:\Users\Philip\AppData\Roaming\Mozilla
2015-07-22 08:15 - 2015-06-19 11:48 - 00000000 __RHD C:\MSOCache
2015-07-22 07:50 - 2014-11-21 18:23 - 00000000 ___HD C:\Program Files (x86)\Temp
2015-07-21 18:14 - 2014-09-15 21:51 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-07-21 14:34 - 2013-08-22 06:25 - 00000325 _____ C:\WINDOWS\win.ini
2015-07-21 10:53 - 2015-06-27 09:28 - 00000000 ____D C:\Program Files (x86)\Sophos
2015-07-21 10:42 - 2015-06-29 13:32 - 00000000 ____D C:\Users\Philip\AppData\Roaming\GlarySoft
2015-07-21 10:07 - 2015-06-28 15:41 - 00000000 ____D C:\Program Files (x86)\Emsisoft Anti-Malware
2015-07-20 09:44 - 2015-06-25 09:00 - 00110688 _____ (Oracle Corporation) C:\WINDOWS\system32\WindowsAccessBridge-64.dll
2015-07-20 09:44 - 2015-06-25 08:58 - 00000000 ____D C:\Program Files\Java
2015-07-20 07:19 - 2014-09-15 21:51 - 00000000 ____D C:\ProgramData\Package Cache
2015-07-19 12:42 - 2015-06-29 09:53 - 00000000 ____D C:\Users\Philip\Downloads\tahr-6.0.2_PAE
2015-07-19 12:40 - 2015-06-22 10:40 - 00000000 ____D C:\Users\Philip\Documents\Hirens.BootCD.15.2
2015-07-17 07:59 - 2015-06-28 16:56 - 00000000 ____D C:\Users\Philip\AppData\Local\Adobe
2015-07-15 14:01 - 2015-06-25 11:03 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-07-15 13:10 - 2014-09-15 21:51 - 00000000 ____D C:\ProgramData\Temp
2015-07-15 09:12 - 2015-06-30 15:36 - 00009052 _____ C:\Users\Philip\Downloads\hijackthis.log
2015-07-13 12:21 - 2015-06-25 12:04 - 00000000 ____D C:\Program Files\Common Files\Apple
2015-07-13 11:03 - 2015-06-25 14:31 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-07-11 07:47 - 2015-06-25 15:22 - 00000000 ____D C:\Users\Philip\AppData\Local\Google
2015-07-11 07:47 - 2015-06-25 15:22 - 00000000 ____D C:\Program Files (x86)\Google
2015-07-10 04:00 - 2013-08-22 08:44 - 00000001 ___SH C:\BOOTNXT
2015-07-05 03:08 - 2015-06-27 05:58 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-07-03 12:11 - 2014-11-21 18:10 - 00000000 ____D C:\Program Files (x86)\Realtek
2015-07-03 08:43 - 2015-06-25 11:03 - 130333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-07-03 07:43 - 2015-06-27 06:12 - 00000000 ____D C:\Program Files (x86)\Panda Security
2015-07-03 07:41 - 2015-06-27 06:12 - 00000000 ____D C:\Users\Philip\AppData\Roaming\Panda Security
2015-07-03 07:41 - 2015-06-27 06:11 - 00000000 ____D C:\ProgramData\Panda Security
2015-07-02 16:01 - 2015-06-29 15:04 - 00000000 ____D C:\Users\Philip\Documents\kav_rescue_10
2015-07-02 12:03 - 2015-06-27 06:13 - 00000000 ____D C:\ProgramData\panda_url_filtering
2015-07-01 14:25 - 2013-08-22 06:25 - 00000855 _____ C:\WINDOWS\system32\Drivers\etc\hosts_bak_786
2015-07-01 13:27 - 2015-06-29 06:42 - 00000000 ____D C:\Users\Philip\Documents\d7
2015-07-01 12:46 - 2015-06-25 07:27 - 00000000 ____D C:\Users\Philip\AppData\Local\clear.fi
2015-07-01 11:11 - 2013-08-22 08:36 - 00000000 ___RD C:\WINDOWS\ToastData
2015-07-01 07:34 - 2015-06-28 07:14 - 00000000 ____D C:\Users\Philip\AppData\Local\Apple Computer

==================== Files in the root of some directories =======

2015-07-14 08:34 - 2015-07-14 08:34 - 0200897 _____ () C:\Users\Philip\AppData\Local\ars.cache
2015-07-14 08:35 - 2015-07-14 08:35 - 0450966 _____ () C:\Users\Philip\AppData\Local\census.cache
2015-07-14 08:17 - 2015-07-14 08:17 - 0000036 _____ () C:\Users\Philip\AppData\Local\housecall.guid.cache
2015-07-16 06:48 - 2015-07-16 06:48 - 0000017 _____ () C:\Users\Philip\AppData\Local\resmon.resmoncfg
2015-07-14 08:26 - 2015-07-14 08:26 - 0000010 _____ () C:\Users\Philip\AppData\Local\sponge.last.runtime.cache
2015-07-29 09:23 - 2015-07-29 09:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\Philip\AppData\Local\Temp\dllnt_dump.dll


==================== Bamital & volsnap Check =================

(There is no automatic fix for files that do not pass verification.)

C:\Windows\System32\winlogon.exe => File is digitally signed
C:\Windows\System32\wininit.exe => File is digitally signed
C:\Windows\explorer.exe => File is digitally signed
C:\Windows\SysWOW64\explorer.exe => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\SysWOW64\svchost.exe => File is digitally signed
C:\Windows\System32\services.exe => File is digitally signed
C:\Windows\System32\User32.dll => File is digitally signed
C:\Windows\SysWOW64\User32.dll => File is digitally signed
C:\Windows\System32\userinit.exe => File is digitally signed
C:\Windows\SysWOW64\userinit.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed
C:\Windows\System32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-07-29 09:20

Addition text to follow:

==================== End of log ============================

 

[PhilipMoore62]

Additional scan result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by Philip (2015-07-31 16:34:04)
Running from C:\Users\Philip\Documents\Rescue.Scan Tools
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-733529448-3193121913-2867107617-500 - Administrator - Disabled) => C:\Users\Administrator
DefaultAccount (S-1-5-21-733529448-3193121913-2867107617-503 - Limited - Disabled)
Guest (S-1-5-21-733529448-3193121913-2867107617-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-733529448-3193121913-2867107617-1003 - Limited - Enabled)
Philip (S-1-5-21-733529448-3193121913-2867107617-1001 - Administrator - Enabled) => C:\Users\Philip

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

7 Quick Fix version 2.0 (HKLM-x32\...\{C61ECCDA-A9D1-49E6-B0EF-2990C3108DF2}_is1) (Version: 2.0 - LeeLu Soft)
7-Zip 15.05 beta x64 (HKLM\...\7-Zip) (Version: - )
7-Zip 9.20 (x64 edition) (HKLM\...\{23170F69-40C1-2702-0920-000001000000}) (Version: 9.20.00.0 - Igor Pavlov)
abDocs (HKLM-x32\...\{CA4FE8B0-298C-4E5D-A486-F33B126D6A0A}) (Version: 1.07.2004 - Acer Incorporated)
abDocs Office AddIn (HKLM-x32\...\{DCBF3379-246B-47E1-8173-639B63940838}) (Version: 3.02.2000 - Acer Incorporated)
abFiles (HKLM-x32\...\{13885028-098C-4799-9B71-27DAC96502D5}) (Version: 2.00.3006 - Acer Incorporated)
abMedia (HKLM-x32\...\{E9AF1707-3F3A-49E2-8345-4F2D629D0876}) (Version: 2.08.2003.3 - Acer Incorporated)
abPhoto (HKLM-x32\...\{B5AD89F2-03D3-4206-8487-018298007DD0}) (Version: 3.03.2004.4 - Acer Incorporated)
Acer Care Center (HKLM\...\{A424844F-CDB3-45E2-BB77-1DDE4A091E76}) (Version: 1.00.3013 - Acer Incorporated)
Acer Explorer Agent (HKLM\...\{4D0F42CF-1693-43D9-BDC8-19141D023EE0}) (Version: 2.00.3000 - Acer Incorporated)
Acer Launch Manager (HKLM\...\{C18D55BD-1EC6-466D-B763-8EEDDDA9100E}) (Version: 8.00.8115 - Acer Incorporated)
Acer Portal (HKLM-x32\...\{A5AD0B17-F34D-49BE-A157-C8B3D52ACD13}) (Version: 3.06.2004 - Acer Incorporated)
Acer Power Management (HKLM\...\{E438A632-CADC-49E4-9492-C9F50F9AE37F}) (Version: 7.01.8100 - Acer Incorporated)
Acer Quick Access (HKLM\...\{C1FA525F-D701-4B31-9D32-504FC0CF0B98}) (Version: 1.01.3016.0 - Acer Incorporated)
Acer Recovery Management (HKLM\...\{07F2005A-8CAC-4A4B-83A2-DA98A722CA61}) (Version: 6.00.8108 - Acer Incorporated)
Acer User Experience Improvement Program App Monitor Plugin (HKLM\...\{978724F6-1863-4DD5-9E66-FB77F5AB5613}) (Version: 1.02.3005 - Acer Incorporated)
Acer User Experience Improvement Program Framework (HKLM\...\{12A718F2-2357-4D41-9E1F-18583A4745F7}) (Version: 1.02.3005 - Acer Incorporated)
Acer Video Player (HKLM-x32\...\{B6846F20-4821-11E3-8F96-0800200C9A66}) (Version: 1.00.2010.3 - Acer Incorporated)
Ad-Aware Web Companion (x32 Version: 2.0.1025.2130 - Lavasoft) Hidden
Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Aloha TriPeaks (x32 Version: 2.2.0.98 - WildTangent) Hidden
Amazon 1Button App (HKLM-x32\...\{FF0A904E-8827-4F6E-9A59-900D4C997AD1}) (Version: 1.0.8 - Amazon)
AOP Framework (HKLM-x32\...\{4A37A114-702F-4055-A4B6-16571D4A5353}) (Version: 3.07.2004.0 - Acer Incorporated)
Apple Application Support (32-bit) (HKLM-x32\...\{7FE25256-B7C1-480D-B736-10A67A833AEA}) (Version: 3.2 - Apple Inc.)
Apple Application Support (64-bit) (HKLM\...\{B255D495-4734-4E9B-B4F5-96702FD4A7B9}) (Version: 3.2 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{5D61F006-168C-4B8B-B7FD-F113C10AE0E4}) (Version: 8.2.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Bejeweled 2 Deluxe (x32 Version: 2.2.0.95 - WildTangent) Hidden
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.08 - Piriform)
CDBurnerXP (HKLM-x32\...\{7E265513-8CDA-4631-B696-F40D983F3B07}_is1) (Version: 4.5.5.5666 - CDBurnerXP)
CyberLink PhotoDirector 3 (HKLM-x32\...\InstallShield_{39337565-330E-4ab6-A9AE-AC81E0720B10}) (Version: 3.0.1.4917 - CyberLink Corp.)
CyberLink PowerDirector 10 (HKLM-x32\...\InstallShield_{B0B4F6D2-F2AE-451A-9496-6F2F6A897B32}) (Version: 10.0.0.4220 - CyberLink Corp.)
CyberLink PowerDVD 12 (HKLM-x32\...\InstallShield_{B46BEA36-0B71-4A4E-AE41-87241643FA0A}) (Version: 12.0.4609.02 - CyberLink Corp.)
Defraggler (HKLM\...\Defraggler) (Version: 2.19 - Piriform)
ELAN HIDI2C Filter Driver X64 13.6.1.1_WHQL (HKLM\...\Elantech) (Version: 13.6.1.1 - ELAN Microelectronic Corp.)
Farm to Fork Collector's Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
Foxit PhantomPDF (HKLM-x32\...\{D4DF5498-C95C-4A02-9951-725FB2D7BC0D}) (Version: 6.0.121.624 - Foxit Corporation)
Game Explorer Categories - genres (HKLM-x32\...\WildTangentGameProvider-acer-genres) (Version: 11.0.0.7 - WildTangent, Inc.)
Game Explorer Categories - main (HKLM-x32\...\WildTangentGameProvider-acer-main) (Version: 11.0.0.7 - WildTangent, Inc.)
Genesys USB Mass Storage Device (HKLM-x32\...\{959B7F35-2819-40C5-A0CD-3C53B5FCC935}) (Version: 4.3.2.1.1002 - Genesys Logic)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.125 - Google Inc.)
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
Governor of Poker 2 Premium Edition (x32 Version: 3.0.2.59 - WildTangent) Hidden
gpedt.msc 1.0 (HKLM-x32\...\{10B9C608-BF7C-4CCF-A658-C01D969DCA21}_is1) (Version: - Richard)
iCloud (HKLM\...\{709A2D23-C25E-47B5-9268-CB6FEE648504}) (Version: 4.1.1.53 - Apple Inc.)
ImgBurn (HKLM-x32\...\ImgBurn) (Version: 2.5.8.0 - LIGHTNING UK!)
Intel(R) Processor Graphics (HKLM-x32\...\{F0E3AD40-2BBD-4360-9C76-B9AC9A5886EA}) (Version: 10.18.10.4252 - Intel Corporation)
Intel(R) Sideband Fabric Device Driver (HKLM-x32\...\C5A8BC6E-723A-4C0F-96E1-C426D1A4BCA9) (Version: 1.70.305.16316 - Intel Corporation)
Intel(R) Trusted Execution Engine (HKLM\...\{176E2755-0A17-42C6-88E2-192AB2131278}) (Version: 1.0.0.1064 - Intel Corporation)
iTunes (HKLM\...\{6CF1A7E2-8001-4870-9F18-3C6CDD6FE9E3}) (Version: 12.2.1.16 - Apple Inc.)
Java 8 Update 51 (64-bit) (HKLM\...\{26A24AE4-039D-4CA4-87B4-2F86418051F0}) (Version: 8.0.510 - Oracle Corporation)
Java 8 Update 51 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218051F0}) (Version: 8.0.510 - Oracle Corporation)
Jewel Match 3 (x32 Version: 3.0.2.59 - WildTangent) Hidden
King Oddball (x32 Version: 3.0.2.48 - WildTangent) Hidden
LavasoftTcpService (x32 Version: 2.3.4.7 - Lavasoft) Hidden
LUXOR Evolved (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic Academy (x32 Version: 2.2.0.98 - WildTangent) Hidden
Magic ISO Maker v5.5 (build 0281) (HKLM-x32\...\Magic ISO Maker v5.5 (build 0281)) (Version: - )
Magical Jelly Bean KeyFinder (HKLM-x32\...\KeyFinder_is1) (Version: 2.0.10.10 - Magical Jelly Bean)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 365 - en-us (HKLM\...\O365HomePremRetail - en-us) (Version: 15.0.4727.1003 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40620.0 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.4148 (HKLM-x32\...\{1F1C2DFC-2D24-3E06-BCB8-725134ADF989}) (Version: 9.0.30729.4148 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{d491dd9d-2eda-4d75-b504-1a201436e7fd}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 39.0 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 39.0 (x86 en-US)) (Version: 39.0 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 39.0 - Mozilla)
Nightly 42.0a1 (x64 en-US) (HKLM\...\Nightly 42.0a1 (x64 en-US)) (Version: 42.0a1 - Mozilla)
Office 15 Click-to-Run Extensibility Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Licensing Component (Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Office 15 Click-to-Run Localization Component (x32 Version: 15.0.4727.1003 - Microsoft Corporation) Hidden
Peggle Nights (x32 Version: 2.2.0.98 - WildTangent) Hidden
Picasa 3 (HKLM-x32\...\Picasa 3) (Version: 3.9.140.239 - Google, Inc.)
Plants vs. Zombies - Game of the Year (x32 Version: 3.0.2.59 - WildTangent) Hidden
Polar Bowler 1st Frame (x32 Version: 3.0.2.59 - WildTangent) Hidden
Process Hacker 2.36 (r6153) (HKLM\...\Process_Hacker2_is1) (Version: 2.36.0.6153 - wj32)
Qualcomm Atheros Bluetooth Suite (64) (HKLM\...\{A84A4FB1-D703-48DB-89E0-68B6499D2801}) (Version: 8.0.1.338 - Qualcomm Atheros Communications)
Qualcomm Atheros WLAN and Bluetooth Client Installation Program (HKLM-x32\...\{28006915-2739-4EBE-B5E8-49B25D32EB33}) (Version: 12.55 - Qualcomm Atheros)
Realtek Ethernet Controller Driver (HKLM-x32\...\{8833FFB6-5B0C-4764-81AA-06DFEED9A476}) (Version: 8.38.115.2015 - Realtek)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
Reason Core Security (HKLM-x32\...\Reason Core Security) (Version: 1.0.8.0 - Reason Software Company Inc.)
Revo Uninstaller 1.95 (HKLM-x32\...\Revo Uninstaller) (Version: 1.95 - VS Revo Group)
RogueKiller version 10 (HKLM\...\8B3D7924-ED89-486B-8322-E8594065D5CB_is1) (Version: 10 - Adlice Software)
SlimDrivers (HKLM-x32\...\{5AD12E7A-D739-4451-9BD1-3610EC56D8F5}) (Version: 2.2.45206 - SlimWare Utilities, Inc.)
Spotify (HKU\S-1-5-21-733529448-3193121913-2867107617-1001\...\Spotify) (Version: 1.0.10.107.gd0dfca3a - Spotify AB)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1194 - SUPERAntiSpyware.com)
The Chronicles of Emerland Solitaire (x32 Version: 3.0.2.51 - WildTangent) Hidden
Trinklit Supreme (x32 Version: 2.2.0.98 - WildTangent) Hidden
Update Installer for WildTangent Games App (x32 Version: - WildTangent) Hidden
WildTangent Games (HKLM-x32\...\WildTangent wildgames Master Uninstall) (Version: 1.0.4.0 - WildTangent)
WildTangent Games App (x32 Version: 4.0.11.13 - WildTangent) Hidden
WinDirStat 1.1.2 (HKU\S-1-5-21-733529448-3193121913-2867107617-1001\...\WinDirStat) (Version: - )
Windows Repair Toolbox version 1.0.0.9 (HKLM-x32\...\{A8D7DA31-9E70-437D-97C4-C4887752E029}_is1) (Version: 1.0.0.9 - Alexandre Miguel Canotilho Coelho)
WinRAR 5.21 (64-bit) (HKLM\...\WinRAR archiver) (Version: 5.21.0 - win.rar GmbH)
Zuma's Revenge (x32 Version: 2.2.0.97 - WildTangent) Hidden

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-733529448-3193121913-2867107617-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-733529448-3193121913-2867107617-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Philip\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-733529448-3193121913-2867107617-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Philip\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-733529448-3193121913-2867107617-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Philip\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-733529448-3193121913-2867107617-1001_Classes\CLSID\{820D63D5-8CFF-46DE-86AF-4997DEDD6DB5}\localserver32 -> C:\WINDOWS\system32\igfxEM.exe (Intel Corporation)
CustomCLSID: HKU\S-1-5-21-733529448-3193121913-2867107617-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Philip\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-733529448-3193121913-2867107617-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Philip\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-733529448-3193121913-2867107617-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Philip\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-733529448-3193121913-2867107617-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Philip\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-733529448-3193121913-2867107617-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Philip\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-733529448-3193121913-2867107617-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Philip\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-733529448-3193121913-2867107617-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Philip\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)

==================== Restore Points =========================

29-07-2015 10:24:09 Installed Qualcomm Atheros WLAN and Bluetooth Client Installatio銌챢⨀蠀爤ȏ牴ȏ犈ȏ
29-07-2015 16:47:33 Restore Point Created by FRST
29-07-2015 16:49:44 Restore Point Created by FRST
30-07-2015 07:49:28 Restore Point Created by FRST
31-07-2015 09:27:17 Revo Uninstaller's restore point - Yahoo Search Set
31-07-2015 11:59:12 Restore Point Created by FRST

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 06:25 - 2015-07-30 16:46 - 00000747 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {0A0DF8B6-0F33-49F8-87B0-1DE3E1391558} - System32\Tasks\Microsoft\Office\Office Automatic Updates => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {0C8F369F-49B8-4EF6-B833-CD2851B0EEF7} - System32\Tasks\Microsoft\Windows\SetupSQMTask => C:\WINDOWS\SYSTEM32\OOBE\SETUPSQM.EXE [2015-07-10] (Microsoft Corporation)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {0CDC32EE-65BF-4EEA-980C-AE0171E11601} - \TweakBit\Speedtest Optimizer\Start Speedtest Optimizer оn logon No Task File <==== ATTENTION
Task: {14B16BAC-5B03-4619-87A8-AAAF4252CEC8} - System32\Tasks\Recovery Management\Notification => C:\Program Files\Acer\Acer Recovery Management\Notification\Notification.exe [2014-06-17] (Acer Incorporated)
Task: {1641F54C-1E57-4902-AB65-EE2B65E5629D} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Schedule Scan => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {1D34C3B1-75AC-4CE2-87DA-C608E0EC205D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess No Task File <==== ATTENTION
Task: {1D3D099E-EE1E-4907-8BA2-BA8F12D11AA6} - System32\Tasks\Microsoft\Windows\Location\Notifications => C:\Windows\System32\LocationNotificationWindows.exe [2015-07-10] (Microsoft Corporation)
Task: {1D4E4E72-9432-434B-A1AC-AB334724021A} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-25] (Google Inc.)
Task: {2281159B-A889-46D8-8F54-8339971E6E9B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig No Task File <==== ATTENTION
Task: {2C97A00A-1C5C-4318-B5CC-8A1A126B77F9} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\KeyPreGenTask
Task: {364EF645-362D-4213-993E-7D16A050946E} - System32\Tasks\Microsoft\Windows\RetailDemo\CleanupOfflineContent
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {4454A8D0-2E4E-4A02-BF67-48DF6A7BFAB4} - System32\Tasks\Microsoft\Windows\Maps\MapsUpdateTask
Task: {4D440083-A998-4A1F-AAFC-03D2E3F3BBCE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-07-17] (Piriform Ltd)
Task: {53B42A73-1251-455A-A3C8-BE635039C076} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d No Task File <==== ATTENTION
Task: {5BB91470-2376-4E59-8172-7F4E428E9B29} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B No Task File <==== ATTENTION
Task: {5E5515C1-7D87-4904-B9CE-FD29EB2ADB72} - System32\Tasks\Microsoft\Windows\Sysmain\ResPriStaticDbSync
Task: {611C823C-437B-46E7-9683-5312DFFCFD7B} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Policy Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {711EE2F9-A611-4773-AF8E-D4B278A6718D} - System32\Tasks\Microsoft\Windows\CertificateServicesClient\AikCertEnrollTask
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {744C9FEA-08B7-43E1-A729-0F94647D655C} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Resume On Boot => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {7953D632-ABFF-4634-BA55-6F5B12E0634C} - System32\Tasks\Apple\AppleSoftwareUpdate => C:\Program Files (x86)\Apple Software Update\SoftwareUpdate.exe [2011-06-01] (Apple Inc.)
Task: {7A003965-A297-4DC6-B15B-852D798391E0} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Reboot => C:\Windows\system32\MusNotification.exe [2015-07-29] (Microsoft Corporation)
Task: {7EEC400E-DDF7-41E3-8186-6E19E287D4D2} - System32\Tasks\Microsoft\Office\Office ClickToRun Service Monitor => C:\Program Files\Microsoft Office 15\ClientX64\OfficeC2RClient.exe [2015-05-19] (Microsoft Corporation)
Task: {7F8CBC22-4091-4322-9630-C9F224B59473} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d No Task File <==== ATTENTION
Task: {82B6BC8A-8F36-4000-9B2A-4DCB513978EB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d No Task File <==== ATTENTION
Task: {848DCC36-520C-4946-BF68-C7EFFEFA2F84} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_ReadyToReboot => C:\windows\system32\MusNotification.exe [2015-07-29] (Microsoft Corporation)
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-07-29] (Microsoft Corporation)
Task: {93CEEE26-E573-494D-9463-956B12EAACBA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION
Task: {A364E297-00AD-490D-900E-22AC34598C71} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\Maintenance Install => C:\Windows\system32\usoclient.exe [2015-07-10] (Microsoft Corporation)
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {A8CB0CB8-1866-497F-A9F9-47C811CDC64E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd No Task File <==== ATTENTION
Task: {AAAAA7DB-DC1D-4DDB-8193-4E0B0823E376} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d No Task File <==== ATTENTION
Task: {AC29E64E-3271-47BA-B8F1-914523CF379B} - System32\Tasks\Microsoft\Windows\WindowsUpdate\Automatic App Update
Task: {AC73FA68-8E24-47F4-9185-B14325051B4D} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-06-25] (Google Inc.)
Task: {B9B36D41-C776-424E-9A13-5387E17A2CEB} - System32\Tasks\Microsoft\Windows\WCM\WiFiTask => C:\Windows\System32\WiFiTask.exe [2015-07-10] (Microsoft Corporation)
Task: {C2162702-FFEB-48C0-AA5F-2DA3A8887D61} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Installation
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {CD62ACFC-97EA-4619-8340-9C1182567A22} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-07-03] (Microsoft Corporation)
Task: {D2401052-A382-42DE-9C79-D1CF3563F654} - System32\Tasks\Microsoft\Windows\LanguageComponentsInstaller\Uninstallation
Task: {D9764EF5-112C-4781-9EE5-D7375C6C75DB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent No Task File <==== ATTENTION
Task: {DAF2BAE3-1C5B-4CB5-9F62-0911C031A15A} - System32\Tasks\Microsoft\Windows\DiskFootprint\Diagnostics => C:\Windows\system32\disksnapshot.exe [2015-07-10] (Microsoft Corporation)
Task: {E173C28C-55D3-4D56-8BC1-CFFD1D829E43} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent No Task File <==== ATTENTION
Task: {EA3F661E-B31C-44A9-B40C-E3D5D56149D4} - System32\Tasks\Microsoft\Windows\UpdateOrchestrator\USO_UxBroker_Display => C:\windows\system32\MusNotification.exe [2015-07-29] (Microsoft Corporation)
Task: {F4D7501D-3CFB-4F34-AB61-D78CD4161514} - System32\Tasks\Microsoft\Office\Office Subscription Maintenance => C:\Program Files\Microsoft Office 15\root\vfs\ProgramFilesCommonx86\Microsoft Shared\OFFICE15\OLicenseHeartbeat.exe [2015-06-30] (Microsoft Corporation)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job => 0x000A010001AE1A682D7C474AAE877CB9C27D3FB64600D400000000003C000A00200000000014730F000000000513040020200401000000000000000000000000000000000000180043003A005C00570049004E0044004F00570053005C006500780070006C006F007200650072002E0065007800650000000C002F004E004F0055004100430043004800450043004B000000000018004500780070006C006F007200650072005300680065006C006C0055006E0065006C00650076006100740065006400000000000000080003130400000000000000
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-07-29 10:12 - 2015-07-29 10:12 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-07-29 10:12 - 2015-07-29 10:12 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2015-07-29 10:12 - 2015-07-29 10:12 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-07-29 10:12 - 2015-07-29 10:12 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2014-09-15 22:04 - 2014-08-22 18:21 - 00111872 _____ () C:\Program Files (x86)\Acer\clear.fi plug-in\Clearfishellext_x64.dll
2015-07-10 04:00 - 2015-07-10 06:14 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-07-10 04:00 - 2015-07-10 06:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-07-29 10:12 - 2015-07-29 10:12 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-07-10 04:00 - 2015-07-10 06:14 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-07-10 03:59 - 2015-07-10 03:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-29 10:12 - 2015-07-29 10:12 - 06576640 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-07-29 10:12 - 2015-07-29 10:12 - 00883200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-07-29 10:12 - 2015-07-29 10:12 - 01806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-07-29 10:12 - 2015-07-29 10:12 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-29 10:12 - 2015-07-29 10:12 - 00577024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-07-10 04:00 - 2015-07-10 06:14 - 00210432 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-07-29 10:12 - 2015-07-29 10:12 - 00181248 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\nodert-buffer-utils\bin\NodeRT_Buffer_Utils.node
2015-07-29 10:12 - 2015-07-29 10:12 - 00559616 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.storage.streams\bin\NodeRT_Windows_Storage_Streams.node
2015-07-29 10:12 - 2015-07-29 10:12 - 00643072 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation.diagnostics\bin\NodeRT_Windows_Foundation_Diagnostics.node
2015-07-10 04:00 - 2015-07-10 06:14 - 00037888 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\winrt-projections\bin\Winrt_Projections.node
2015-07-29 10:12 - 2015-07-29 10:12 - 00796160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http\bin\NodeRT_Windows_Web_Http.node
2015-07-29 10:12 - 2015-07-29 10:12 - 00961536 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.headers\bin\NodeRT_Windows_Web_Http_Headers.node
2015-07-29 10:12 - 2015-07-29 10:12 - 00204288 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.web.http.filters\bin\NodeRT_Windows_Web_Http_Filters.node
2015-07-29 10:12 - 2015-07-29 10:12 - 00397824 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.foundation\bin\NodeRT_Windows_Foundation.node
2015-07-29 10:12 - 2015-07-29 10:12 - 00074240 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.networking\bin\NodeRT_Windows_Networking.node
2015-07-29 10:12 - 2015-07-29 10:12 - 00093696 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.security.cryptography\bin\NodeRT_Windows_Security_Cryptography.node
2015-07-29 10:12 - 2015-07-29 10:12 - 00124416 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\dss_service\node_modules\windows.cortana.pal\bin\NodeRT_Windows_Cortana_PAL.node
2015-01-04 07:59 - 2015-01-04 07:59 - 00011264 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\ActivateDesktopDebugger\ActivateDesktopDebugger.dll
2015-01-04 07:55 - 2015-01-04 07:55 - 00086016 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\Modules\Map\MAP.dll
2015-01-04 08:03 - 2015-01-04 08:03 - 00012928 _____ () C:\Program Files (x86)\Qualcomm Atheros\Bluetooth Suite\ActivateDesktop.exe

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\Users\Philip\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\iaioi2ce.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-733529448-3193121913-2867107617-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\Philip\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 216.228.160.4 - 216.228.160.3
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

MSCONFIG\Services: Apple Mobile Device Service => 2
MSCONFIG\Services: AtherosSvc => 2
MSCONFIG\Services: Bonjour Service => 2
MSCONFIG\Services: CCDMonitorService => 2
MSCONFIG\Services: cphs => 3
MSCONFIG\Services: ePowerSvc => 3
MSCONFIG\Services: GamesAppIntegrationService => 2
MSCONFIG\Services: GamesAppService => 3
MSCONFIG\Services: gupdate => 2
MSCONFIG\Services: gupdatem => 3
MSCONFIG\Services: gusvc => 3
MSCONFIG\Services: ICCS => 3
MSCONFIG\Services: igfxCUIService1.0.0.0 => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service Interface => 2
MSCONFIG\Services: Intel(R) Capability Licensing Service TCP IP Interface => 3
MSCONFIG\Services: LMSvc => 2
MSCONFIG\Services: MBAMService => 2
MSCONFIG\Services: MozillaMaintenance => 3
MSCONFIG\Services: QASvc => 3
MSCONFIG\Services: RichVideo => 2
MSCONFIG\Services: RMSvc => 3
MSCONFIG\Services: rsEngineSvc => 2
MSCONFIG\Services: UEIPSvc => 3
HKLM\...\StartupApproved\Run: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "abDocsDllLoader"
HKLM\...\StartupApproved\Run32: => "SunJavaUpdateSched"
HKLM\...\StartupApproved\Run32: => "PSUAMain"
HKLM\...\StartupApproved\Run32: => "GEARS"
HKU\S-1-5-21-733529448-3193121913-2867107617-1001\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-733529448-3193121913-2867107617-1001\...\StartupApproved\Run: => "SUPERAntiSpyware"
HKU\S-1-5-21-733529448-3193121913-2867107617-1001\...\StartupApproved\Run: => "GoogleChromeAutoLaunch_79E03DDA57221DD184735CE95D8488A3"
HKU\S-1-5-21-733529448-3193121913-2867107617-1001\...\StartupApproved\Run: => "GUDelayStartup"
HKU\S-1-5-21-733529448-3193121913-2867107617-1001\...\StartupApproved\Run: => "ApplePhotoStreams"
HKU\S-1-5-21-733529448-3193121913-2867107617-1001\...\StartupApproved\Run: => "i6188"
HKU\S-1-5-21-733529448-3193121913-2867107617-1001\...\StartupApproved\Run: => "AcerPortal"
HKU\S-1-5-21-733529448-3193121913-2867107617-1001\...\StartupApproved\Run: => "OneDrive"
HKU\S-1-5-21-733529448-3193121913-2867107617-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-733529448-3193121913-2867107617-1001\...\StartupApproved\Run: => "iCloudServices"
HKU\S-1-5-21-733529448-3193121913-2867107617-1001\...\StartupApproved\Run: => "iCloudDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppsvc.exe
FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (07/31/2015 03:15:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: The program WinStore.Mobile.exe version 2015.7.22.2 stopped interacting with Windows and was closed. To see if more information about the problem is available, check the problem history in the Security and Maintenance control panel.

Process ID: f0c

Start Time: 01d0cbde4c381fc0

Termination Time: 4294967295

Application Path: C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.7.22.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe

Report Id: 9839b9f4-37d1-11e5-835b-acb57d0672e9

Faulting package full name: Microsoft.WindowsStore_2015.7.22.0_x64__8wekyb3d8bbwe

Faulting package-relative application ID: App

Error: (07/31/2015 03:15:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: PHILIPSCOMPUTER)
Description: Package Microsoft.WindowsStore_2015.7.22.0_x64__8wekyb3d8bbwe+App was terminated because it took too long to suspend.

Error: (07/31/2015 02:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10240.16401, time stamp: 0x55b1a820
Faulting module name: ShellExperienceHost.exe, version: 10.0.10240.16401, time stamp: 0x55b1a820
Exception code: 0xc000027b
Fault offset: 0x0000000000076127
Faulting process id: 0x1744
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (07/31/2015 02:22:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: SearchUI.exe, version: 10.0.10240.16401, time stamp: 0x55b1a665
Faulting module name: SearchUI.exe, version: 10.0.10240.16401, time stamp: 0x55b1a665
Exception code: 0xc000027b
Fault offset: 0x000000000012b7b1
Faulting process id: 0x1440
Faulting application start time: 0xSearchUI.exe0
Faulting application path: SearchUI.exe1
Faulting module path: SearchUI.exe2
Report Id: SearchUI.exe3
Faulting package full name: SearchUI.exe4
Faulting package-relative application ID: SearchUI.exe5

Error: (07/31/2015 02:22:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: ShellExperienceHost.exe, version: 10.0.10240.16401, time stamp: 0x55b1a820
Faulting module name: ShellExperienceHost.exe, version: 10.0.10240.16401, time stamp: 0x55b1a820
Exception code: 0xc000027b
Fault offset: 0x0000000000076127
Faulting process id: 0xfe8
Faulting application start time: 0xShellExperienceHost.exe0
Faulting application path: ShellExperienceHost.exe1
Faulting module path: ShellExperienceHost.exe2
Report Id: ShellExperienceHost.exe3
Faulting package full name: ShellExperienceHost.exe4
Faulting package-relative application ID: ShellExperienceHost.exe5

Error: (07/31/2015 02:19:07 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5588) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (07/31/2015 02:19:07 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5588) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (07/31/2015 02:18:57 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5588) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (07/31/2015 02:18:57 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (5588) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (07/31/2015 02:18:46 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (5588) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.


System errors:
=============
Error: (07/31/2015 04:26:10 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%2

Error: (07/31/2015 04:26:09 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The avast! HardwareID service failed to start due to the following error:
%%2

Error: (07/31/2015 04:21:55 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Delivery Optimization service failed to start due to the following error:
%%1083

Error: (07/31/2015 04:19:50 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (07/31/2015 03:59:48 PM) (Source: Service Control Manager) (EventID: 7000) (User: )
Description: The Delivery Optimization service failed to start due to the following error:
%%1083

Error: (07/31/2015 03:57:39 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (07/31/2015 03:57:04 PM) (Source: Service Control Manager) (EventID: 7032) (User: )
Description: The Service Control Manager tried to take a corrective action (Restart the service) after the unexpected termination of the Windows Search service, but this action failed with the following error:
%%1056

Error: (07/31/2015 03:56:34 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 2 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/31/2015 03:56:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Windows Search service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 30000 milliseconds: Restart the service.

Error: (07/31/2015 03:56:31 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Print Spooler service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 5000 milliseconds: Restart the service.


Microsoft Office:
=========================
Error: (07/31/2015 03:15:08 PM) (Source: Application Hang) (EventID: 1002) (User: )
Description: WinStore.Mobile.exe2015.7.22.2f0c01d0cbde4c381fc04294967295C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.7.22.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe9839b9f4-37d1-11e5-835b-acb57d0672e9Microsoft.WindowsStore_2015.7.22.0_x64__8wekyb3d8bbweApp

Error: (07/31/2015 03:15:04 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: PHILIPSCOMPUTER)
Description: Microsoft.WindowsStore_2015.7.22.0_x64__8wekyb3d8bbwe+App

Error: (07/31/2015 02:23:45 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ShellExperienceHost.exe10.0.10240.1640155b1a820ShellExperienceHost.exe10.0.10240.1640155b1a820c000027b0000000000076127174401d0cbd72e7a2ef2C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exec19fb2f2-0ceb-4849-88bb-a3e9c5182c4e

Error: (07/31/2015 02:22:33 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: SearchUI.exe10.0.10240.1640155b1a665SearchUI.exe10.0.10240.1640155b1a665c000027b000000000012b7b1144001d0cbd70379e5c5C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exeC:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe827fcf66-c801-4478-b963-562aea5c110b

Error: (07/31/2015 02:22:24 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: ShellExperienceHost.exe10.0.10240.1640155b1a820ShellExperienceHost.exe10.0.10240.1640155b1a820c000027b0000000000076127fe801d0cbd6fe1c8311C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exeC:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe873d6058-5435-4099-b0e2-a52da29dbeac

Error: (07/31/2015 02:19:07 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost5588-1032

Error: (07/31/2015 02:19:07 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost5588C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (07/31/2015 02:18:57 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost5588-1032

Error: (07/31/2015 02:18:57 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost5588C:\WINDOWS\system32\edbtmp.log-1032 (0xfffffbf8)5 (0x00000005)Access is denied.

Error: (07/31/2015 02:18:46 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost5588-1032


==================== Memory info ===========================

Processor: Intel(R) Pentium(R) CPU N3540 @ 2.16GHz
Percentage of memory in use: 68%
Total physical RAM: 1929.7 MB
Available physical RAM: 609.41 MB
Total Virtual: 2141.7 MB
Available Virtual: 504.13 MB

==================== Drives ================================

Drive c: (Local Disk ) (Fixed) (Total:449.87 GB) (Free:366.34 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (Size: 465.8 GB) (Disk ID: E9E577D2)

Partition: GPT Partition Type.

==================== End of log ============================

 

[Broni]

Download attached fixlist.txt file and save it to the Desktop.
NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

Run FRST(FRST64) and press the Fix button just once and wait.
The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.

 

[PhilipMoore62]

So after your expert advice, it appears as if all things are back to normal. I really appreciate your promptness and attention to detail THANK YOU.
What appeared to happen was that due to crap and infections AND my antispyware program I was running (Avast) all things together apparently were the cause of my issues.
I have already downloaded/installed avast antispyware back onto the machine with no issues.
Am I going to be ok with Avast as an antispyware program?
Following is the requested FarBar log.
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
S4 rsEngineSvc; "C:\Program Files\Reason\Security\rsEngineSvc.exe" [X]
2015-07-14 08:34 - 2015-07-14 08:34 - 0200897 _____ () C:\Users\Philip\AppData\Local\ars.cache
2015-07-14 08:35 - 2015-07-14 08:35 - 0450966 _____ () C:\Users\Philip\AppData\Local\census.cache
2015-07-14 08:17 - 2015-07-14 08:17 - 0000036 _____ () C:\Users\Philip\AppData\Local\housecall.guid.cache
2015-07-16 06:48 - 2015-07-16 06:48 - 0000017 _____ () C:\Users\Philip\AppData\Local\resmon.resmoncfg
2015-07-14 08:26 - 2015-07-14 08:26 - 0000010 _____ () C:\Users\Philip\AppData\Local\sponge.last.runtime.cache
2015-07-29 09:23 - 2015-07-29 09:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Philip\AppData\Local\Temp\dllnt_dump.dll
Task: {0CDC32EE-65BF-4EEA-980C-AE0171E11601} - \TweakBit\Speedtest Optimizer\Start Speedtest Optimizer ?n logon No Task File <==== ATTENTION
Task: {1D34C3B1-75AC-4CE2-87DA-C608E0EC205D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess No Task File <==== ATTENTION
Task: {2281159B-A889-46D8-8F54-8339971E6E9B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig No Task File <==== ATTENTION
Task: {53B42A73-1251-455A-A3C8-BE635039C076} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d No Task File <==== ATTENTION
Task: {5BB91470-2376-4E59-8172-7F4E428E9B29} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B No Task File <==== ATTENTION
Task: {7F8CBC22-4091-4322-9630-C9F224B59473} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d No Task File <==== ATTENTION
Task: {82B6BC8A-8F36-4000-9B2A-4DCB513978EB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d No Task File <==== ATTENTION
Task: {93CEEE26-E573-494D-9463-956B12EAACBA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION
Task: {A8CB0CB8-1866-497F-A9F9-47C811CDC64E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd No Task File <==== ATTENTION
Task: {AAAAA7DB-DC1D-4DDB-8193-4E0B0823E376} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d No Task File <==== ATTENTION
Task: {D9764EF5-112C-4781-9EE5-D7375C6C75DB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent No Task File <==== ATTENTION
Task: {E173C28C-55D3-4D56-8BC1-CFFD1D829E43} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\Philip\OneDrive:ms-properties

ONCE AGAIN Thank you for your assistance. I'm hoping over a period of time that I can become some what of an expert myself!

 

[Broni]

The above is incorrect.
You just posted content of my fixlist script.
Please re-read my instructions and redo.

 

[PhilipMoore62]

My apologies I believe this is the correct log.
Fix result of Farbar Recovery Scan Tool (x64) Version:30-07-2015
Ran by Philip (2015-07-31 17:31:08) Run:33
Running from C:\Users\Philip\Documents\Rescue.Scan Tools
Loaded Profiles: Philip (Available Profiles: Philip & Administrator)
Boot Mode: Normal
==============================================

fixlist content:
*****************
ShellIconOverlayIdentifiers: [00avast] -> {472083B0-C522-11CF-8763-00608CC02F24} => No File
S4 rsEngineSvc; "C:\Program Files\Reason\Security\rsEngineSvc.exe" [X]
2015-07-14 08:34 - 2015-07-14 08:34 - 0200897 _____ () C:\Users\Philip\AppData\Local\ars.cache
2015-07-14 08:35 - 2015-07-14 08:35 - 0450966 _____ () C:\Users\Philip\AppData\Local\census.cache
2015-07-14 08:17 - 2015-07-14 08:17 - 0000036 _____ () C:\Users\Philip\AppData\Local\housecall.guid.cache
2015-07-16 06:48 - 2015-07-16 06:48 - 0000017 _____ () C:\Users\Philip\AppData\Local\resmon.resmoncfg
2015-07-14 08:26 - 2015-07-14 08:26 - 0000010 _____ () C:\Users\Philip\AppData\Local\sponge.last.runtime.cache
2015-07-29 09:23 - 2015-07-29 09:23 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
C:\Users\Philip\AppData\Local\Temp\dllnt_dump.dll
Task: {0CDC32EE-65BF-4EEA-980C-AE0171E11601} - \TweakBit\Speedtest Optimizer\Start Speedtest Optimizer ?n logon No Task File <==== ATTENTION
Task: {1D34C3B1-75AC-4CE2-87DA-C608E0EC205D} - \Microsoft\Windows\Setup\gwx\launchtrayprocess No Task File <==== ATTENTION
Task: {2281159B-A889-46D8-8F54-8339971E6E9B} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig No Task File <==== ATTENTION
Task: {53B42A73-1251-455A-A3C8-BE635039C076} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d No Task File <==== ATTENTION
Task: {5BB91470-2376-4E59-8172-7F4E428E9B29} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B No Task File <==== ATTENTION
Task: {7F8CBC22-4091-4322-9630-C9F224B59473} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d No Task File <==== ATTENTION
Task: {82B6BC8A-8F36-4000-9B2A-4DCB513978EB} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d No Task File <==== ATTENTION
Task: {93CEEE26-E573-494D-9463-956B12EAACBA} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d No Task File <==== ATTENTION
Task: {A8CB0CB8-1866-497F-A9F9-47C811CDC64E} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd No Task File <==== ATTENTION
Task: {AAAAA7DB-DC1D-4DDB-8193-4E0B0823E376} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d No Task File <==== ATTENTION
Task: {D9764EF5-112C-4781-9EE5-D7375C6C75DB} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent No Task File <==== ATTENTION
Task: {E173C28C-55D3-4D56-8BC1-CFFD1D829E43} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent No Task File <==== ATTENTION
AlternateDataStreams: C:\Users\Philip\OneDrive:ms-properties

*****************

"HKLM\Software\Microsoft\Windows\CurrentVersion\Explorer\ShellIconOverlayIdentifiers\00avast" => key removed successfully
"HKCR\CLSID\{472083B0-C522-11CF-8763-00608CC02F24}" => key removed successfully
rsEngineSvc => service removed successfully
C:\Users\Philip\AppData\Local\ars.cache => moved successfully.
C:\Users\Philip\AppData\Local\census.cache => moved successfully.
C:\Users\Philip\AppData\Local\housecall.guid.cache => moved successfully.
C:\Users\Philip\AppData\Local\resmon.resmoncfg => moved successfully.
C:\Users\Philip\AppData\Local\sponge.last.runtime.cache => moved successfully.
C:\ProgramData\DP45977C.lfl => moved successfully.
C:\Users\Philip\AppData\Local\Temp\dllnt_dump.dll => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{0CDC32EE-65BF-4EEA-980C-AE0171E11601}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0CDC32EE-65BF-4EEA-980C-AE0171E11601}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\TweakBit\Speedtest Optimizer\Start Speedtest Optimizer ?n logon => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1D34C3B1-75AC-4CE2-87DA-C608E0EC205D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1D34C3B1-75AC-4CE2-87DA-C608E0EC205D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{2281159B-A889-46D8-8F54-8339971E6E9B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2281159B-A889-46D8-8F54-8339971E6E9B}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{53B42A73-1251-455A-A3C8-BE635039C076}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{53B42A73-1251-455A-A3C8-BE635039C076}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5BB91470-2376-4E59-8172-7F4E428E9B29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5BB91470-2376-4E59-8172-7F4E428E9B29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{7F8CBC22-4091-4322-9630-C9F224B59473}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{7F8CBC22-4091-4322-9630-C9F224B59473}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{82B6BC8A-8F36-4000-9B2A-4DCB513978EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{82B6BC8A-8F36-4000-9B2A-4DCB513978EB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93CEEE26-E573-494D-9463-956B12EAACBA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93CEEE26-E573-494D-9463-956B12EAACBA}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8CB0CB8-1866-497F-A9F9-47C811CDC64E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8CB0CB8-1866-497F-A9F9-47C811CDC64E}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{AAAAA7DB-DC1D-4DDB-8193-4E0B0823E376}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{AAAAA7DB-DC1D-4DDB-8193-4E0B0823E376}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{D9764EF5-112C-4781-9EE5-D7375C6C75DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{D9764EF5-112C-4781-9EE5-D7375C6C75DB}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{E173C28C-55D3-4D56-8BC1-CFFD1D829E43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{E173C28C-55D3-4D56-8BC1-CFFD1D829E43}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"C:\Users\Philip\OneDrive" => ":ms-properties" ADS not found.

==== End of Fixlog 17:31:10 ====

 

[Broni]

There you go

Last scans...

Download Security Check from here or here and save it to your Desktop.

• Double-click SecurityCheck.exe
• Follow the onscreen instructions inside of the black box.
• A Notepad document should open automatically called checkup.txt; please post the contents of that document.

NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run

Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
Make sure the following options are checked:

• Internet Services
• Windows Firewall
• System Restore
• Security Center
• Windows Update
• Windows Defender
• Other Services

Press "Scan".
It will create a log (FSS.txt) in the same directory the tool is run.
Please copy and paste the log to your reply.

Download Temp File Cleaner (TFC)
Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe

• Double click on TFC.exe to run the program.
• Click on Start button to begin cleaning process.
• TFC will close all running programs, and it may ask you to restart computer.

Download Sophos Free Virus Removal Tool and save it to your desktop.

• Double click the icon and select Run
• Click Next
• Select I accept the terms in this license agreement, then click Next twice
• Click Install
• Click Finish to launch the program
• Once the virus database has been updated click Start Scanning
• If any threats are found click Details, then View log file... (bottom left hand corner)
• Copy and paste the results in your reply
• Close the Notepad document, close the Threat Details screen, then click Start cleanup
• Click Exit to close the program

 

[PhilipMoore62]

Hopefully I've sent you the correct report this time,
Results of screen317's Security Check version 1.006
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
avast! Antivirus
Antivirus up to date!
`````````Anti-malware/Other Utilities Check:`````````
Ad-Aware
Java 8 Update 51
Adobe Flash Player 18.0.0.209
Mozilla Firefox (39.0)
Google Chrome (43.0.2357.134)
Google Chrome (44.0.2403.125)
````````Process Check: objlist.exe by Laurent````````
Ad-Aware AAWService.exe is disabled!
Ad-Aware AAWTray.exe is disabled!
AVAST Software Avast AvastSvc.exe
AVAST Software Avast AvastUI.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````

 

[PhilipMoore62]

Farbar Service Scanner Version: 26-07-2015
Ran by Philip (administrator) on 01-08-2015 at 10:39:01
Running from "C:\Users\Philip\Downloads"
Microsoft Windows 10 Home (X64)
Boot Mode: Normal
****************************************************************

Internet Services:
============

Connection Status:
==============
Localhost is accessible.
LAN connected.
Google IP is accessible.
Google.com is accessible.
Yahoo.com is accessible.


Windows Firewall:
=============

Firewall Disabled Policy:
==================


System Restore:
============

System Restore Policy:
========================


Action Center:
============


Windows Update:
============

Windows Autoupdate Disabled Policy:
============================


Windows Defender:
==============
WinDefend Service is not running. Checking service configuration:
The start type of WinDefend service is set to Demand. The default start type is Auto.
The ImagePath of WinDefend: ""%ProgramFiles%\Windows Defender\MsMpEng.exe"".


Windows Defender Disabled Policy:
==========================
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows Defender]
"DisableAntiSpyware"=DWORD:1


Other Services:
==============


File Check:
========
C:\Windows\System32\nsisvc.dll => File is digitally signed
C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
C:\Windows\System32\dhcpcore.dll => File is digitally signed
C:\Windows\System32\drivers\afd.sys => File is digitally signed
C:\Windows\System32\drivers\tdx.sys => File is digitally signed
C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
C:\Windows\System32\dnsrslvr.dll => File is digitally signed
C:\Windows\System32\mpssvc.dll => File is digitally signed
C:\Windows\System32\bfe.dll => File is digitally signed
C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
C:\Windows\System32\wscsvc.dll => File is digitally signed
C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
C:\Windows\System32\wuaueng.dll => File is digitally signed
C:\Windows\System32\qmgr.dll => File is digitally signed
C:\Windows\System32\es.dll => File is digitally signed
C:\Windows\System32\cryptsvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
C:\Windows\System32\ipnathlp.dll => File is digitally signed
C:\Windows\System32\iphlpsvc.dll => File is digitally signed
C:\Windows\System32\svchost.exe => File is digitally signed
C:\Windows\System32\rpcss.dll => File is digitally signed


**** End of log ****

 

[PhilipMoore62]

rocesses
:Services
:Reg
:Files
echo,Y|cacls "%WinDir%\system32\drivers\etc\hosts" /G everyone:f /c
ipconfig /flushdns /c
:Commands
[purity]
[emptytemp]
[EMPTYFLASH]
[resethosts]
[createrestorepoint]

 

[PhilipMoore62]

Hi Broni,
Currently I'm waiting for the Sophos Virus Removal Tool to complete.

What brought on this infestation in my opinion was when I updated from Win 8.1 to 10.
That is when everything started going south.
I'm feeling frustrated as careful as I am not to allow anything suspicious on to my system I end up with an embarrassing amount of infections.
So to my question:
Is it likely that the simple update to Win 10 was what brought about the virus attack?

 

[PhilipMoore62]

Hi Broni,
SOPHOS virus scan completed without any issues reported.

 

[Broni]

It's not possible Windows upgrade brought something malicious.

Your computer is clean

1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
This is a very crucial step so make sure you don't skip it.
Download

DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

Double-click Delfix.exe to start the tool.
Make sure the following items are checked:

• Activate UAC (optional; some users prefer to keep it off)
• Remove disinfection tools
• Create registry backup
• Purge System Restore
• Reset system settings

Now click "Run" and wait patiently.
Once finished a logfile will be created. You don't have to attach it to your next reply.

2. Make sure Windows Updates are current.

3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

4. Check if your browser plugins are up to date.
Firefox - https://www.mozilla.org/en-US/plugincheck/
other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now")

5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

8. Download and install Secunia Personal Software Inspector (PSI): https://www.techspot.com/downloads/4898-secunia-personal-software-inspector-psi.html. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

11. Read:
How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

12. Please, let me know, how your computer is doing.

 

[PhilipMoore62]

The computer is back up and running just as if I had done nothing to it! lol
This was a particularly interesting assistance you've provided
I'm hoping that I may have learned enough this time such that hopefully I won't have be back in contact any time soon!
Seriously Broni, THANK YOU SO MUCH

 

[Broni]

Way to go!!
Good luck and stay safe