Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

BSOD and other problems ESET online sees something

This is a discussion on BSOD and other problems ESET online sees something within the Resolved HJT Threads forums, part of the Tech Support Forum category. Sorry, this may take 2 posts to post as a lot of screen shots on the general account and some


 
 
Thread Tools Search this Thread
Old 12-19-2015, 09:21 AM   #1
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,091
OS: Windows 10 home premium 64-bit



Sorry, this may take 2 posts to post as a lot of screen shots on the general account and some on the admin account.

I had my win 7 upgraded to win 10 about 4 weeks ago with the computer manufacturer (Puget Systems).

I've been having problems with magnifier working and error messages (even did a system restore to the earliest point). Then today problems with FF and Chrome. When vids wouldn't run in FF I tried to open in chrome and got a BSOD (see screen shots - probably in a second posting on this as on the other account). I called the number and got weird advice from the MS people. Almost seemed like a scam so I screen shot everything.

They said that windows defender wasn't any good and to install something else and they said not comodo when I bought that up.

They said I needed my computer company to do a system tuneup and one time resolution - whatever that means. I think system tuneup is stuff I routinely do like disk defragmenter (which I do every other day), cleaning files (use CCleaner (used to use old timers TFC but that doesn't run on win10) - I don't use the registry stuff, just cleaning up files), backing up files - I may be wrong about all this.

I run ESET online scanner after downloading any new program or problems or if nothing once/month to be sure.

Anyway, ESET online also found something (but I think maybe download for the last CCleaner update and I went in and deleted that).

So, I don't know what is wrong with my computer but if it's malware thought should have it checked out.

Thank you.

DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10586.20
Run by 777 at 9:01:16 on 2015-12-19
Microsoft Windows 10 Home 10.0.10586.0.1252.1.1033.18.7105.5426 [GMT -8:00]
.
AV: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Enabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\Windows\System32\WUDFHost.exe
C:\WINDOWS\system32\igfxCUIService.exe
C:\Program Files\Sandboxie\SbieSvc.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\WINDOWS\system32\svchost.exe -k NetworkService
C:\WINDOWS\System32\spoolsv.exe
C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\armsvc.exe
C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\WINDOWS\system32\taskeng.exe
C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
C:\WINDOWS\Microsoft.Net\Framework64\v3.0\WPF\PresentationFontCache.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Windows Defender\MpCmdRun.exe
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\sihost.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\igfxEM.exe
C:\WINDOWS\system32\igfxHK.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxTray.exe
C:\Windows\System32\RuntimeBroker.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
C:\Users\777\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Users\777\AppData\Local\FluxSoftware\Flux\flux.exe
C:\Program Files\Common Files\Microsoft Shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uLocal Page = %11%\blank.htm
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
uRun: [OneDrive] "C:\Users\777\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
uRun: [f.lux] "C:\Users\777\AppData\Local\FluxSoftware\Flux\flux.exe" /noshow
mRun: [CanonQuickMenu] C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE /logon
mRun: [IJNetworkScannerSelectorEX] C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe /FORCE
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\PROGRA~2\MICROS~1\Office14\EXCEL.EXE/3000
IE: Se&nd to OneNote - C:\PROGRA~2\MICROS~1\Office14\ONBttnIE.dll/105
IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIE.dll
IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files (x86)\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
.
INFO: HKCU has more than 50 listed domains.
If you wish to scan all of them, select the 'Force scan all domains' option.
.
TCP: NameServer = 192.168.0.1 205.171.2.25
TCP: Interfaces\{d3d0495a-0e40-4629-919d-47020fe6d347} : DHCPNameServer = 192.168.0.1 205.171.2.25
Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
SSODL: WebCheck - <orphaned>
LSA: Security Packages = ""
mASetup: {8A69D345-D564-463c-AFF1-A69D9E530F96} - "C:\Program Files (x86)\Google\Chrome\Application\47.0.2526.106\Installer\chrmstp.exe" --configure-user-settings --verbose-logging --system-level --multi-install --chrome
mASetup: {A6EADE66-0000-0000-484E-7E8A45000000} - "C:\WINDOWS\SysWOW64\Rundll32.exe" "C:\Program Files (x86)\Adobe\Acrobat Reader DC\Esl\AiodLite.dll",CreateReaderUserSettings
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll
x64-BHO: Office Document Cache Handler: {B4F3A835-0E21-4959-BA22-42B3008E02FF} - C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL
x64-TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll
x64-Run: [RTHDVCPL] "C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe" -s
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll
x64-IE: {789FE86F-6FC4-46A1-9849-EDE0DB0C95CA} - {FFFDC614-B694-4AE6-AB38-5D6374584B52} - C:\Program Files\Microsoft Office\Office14\ONBttnIELinkedNotes.dll
x64-Filter: text/xml - {807573E5-5146-11D5-A672-00B0D022E945} - C:\Program Files\Common Files\Microsoft Shared\OFFICE14\MSOXMLMF.DLL
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: windows.tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
================= FIREFOX ===================
.
FF - ProfilePath - C:\Users\777\AppData\Roaming\Mozilla\Firefox\Profiles\rtq5fwqz.default\
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL
FF - plugin: C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL
FF - plugin: C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll
FF - plugin: C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll
FF - plugin: C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll
FF - plugin: C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_19_0_0_245.dll
.
============= SERVICES / DRIVERS ===============
.
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-10-29 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-10-29 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-10-29 199008]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-10-29 218624]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-10-29 87040]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-10-29 8192]
R2 asComSvc;ASUS Com Service;C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [2015-11-12 936728]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-10-29 43944]
R2 igfxCUIService2.0.0.0;Intel(R) HD Graphics Control Panel Service;C:\WINDOWS\System32\igfxCUIService.exe [2015-11-12 359848]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-10-29 78848]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-29 43944]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-10-29 20480]
R3 SbieDrv;SbieDrv;C:\Program Files\Sandboxie\SbieDrv.sys [2015-10-22 192648]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-29 43944]
R3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-10-29 118112]
R3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-10-29 364464]
R3 WUDFWpdMtp;WUDFWpdMtp;C:\WINDOWS\System32\drivers\WUDFRd.sys [2015-10-29 216064]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-10-29 43944]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-10-29 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-10-29 43944]
S3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-29 43944]
S3 bcmfn;bcmfn Service;C:\WINDOWS\System32\drivers\bcmfn.sys [2015-10-29 9728]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-10-29 9728]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-10-29 43944]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-29 37376]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-12-12 117248]
S3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-10-29 43944]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-10-29 31744]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-29 43944]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-10-29 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-10-29 50016]
S3 iai2c;Intel(R) Serial IO I2C Host Controller;C:\WINDOWS\System32\drivers\iai2c.sys [2015-10-29 81408]
S3 iaLPSS2i_I2C;Intel(R) Serial IO I2C Driver v2;C:\WINDOWS\System32\drivers\iaLPSS2i_I2C.sys [2015-10-29 165888]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-10-29 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-10-29 113152]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-10-29 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-10-29 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-29 43944]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-10-29 117760]
S3 IntcDAud;Intel(R) Display Audio;C:\WINDOWS\System32\drivers\IntcDAud.sys [2015-8-8 473864]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-10-29 46432]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-10-29 26624]
S3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-10-29 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-10-29 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-10-29 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-10-29 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-10-29 43944]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-10-29 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-10-29 58720]
S3 PhoneSvc;Phone Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-10-29 930656]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-10-29 1297408]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-10-29 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-10-29 43944]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-10-29 79200]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-10-29 34144]
S3 TieringEngineService;Storage Tiers Management;C:\WINDOWS\System32\TieringEngineService.exe [2015-10-29 290304]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-10-29 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-10-29 46592]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-10-29 45056]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-10-29 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-10-29 254816]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-10-29 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-10-29 131424]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-10-29 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-10-29 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-10-29 27488]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-10-29 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-10-29 43944]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-10-29 43944]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-10-29 694784]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-10-29 43944]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-10-29 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-10-29 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-10-29 43944]
S3 WSDScan;WSD Scan Support;C:\WINDOWS\System32\drivers\WSDScan.sys [2015-10-29 24576]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-10-29 238592]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-10-29 26112]
S4 CDPSvc;Connected Device Platform Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
S4 DiagTrack;Connected User Experiences and Telemetry;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-10-29 43944]
S4 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-10-29 43944]
S4 tzautoupdate;Auto Time Zone Updater;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-10-29 43944]
.
=============== Created Last 30 ================
.
2015-12-19 16:35:17 11154520 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{FDD59327-8C51-4A4B-BB06-1A237F701557}\mpengine.dll
2015-12-19 15:29:59 -------- d-----w- C:\ProgramData\WRData
2015-12-18 16:04:40 11154520 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\Backup\mpengine.dll
2015-12-12 19:44:25 -------- d-----w- C:\Users\777\AppData\Local\FluxSoftware
2015-12-12 19:12:58 -------- d-----w- C:\Users\777\AppData\Local\Comms
2015-12-12 19:11:17 -------- d-----w- C:\Users\777\AppData\Local\Publishers
2015-12-12 19:10:02 -------- d-----w- C:\Users\777\AppData\Local\Mozilla
2015-12-12 18:56:47 -------- d-----r- C:\Users\777\OneDrive
2015-12-12 18:55:35 -------- d-----w- C:\Users\777\AppData\Local\ActiveSync
2015-12-12 18:54:11 -------- d-----r- C:\Users\777\Searches
2015-12-12 18:54:11 -------- d-----r- C:\Users\777\Contacts
2015-12-12 17:59:30 75264 ----a-w- C:\WINDOWS\System32\wwanprotdim.dll
2015-12-12 17:40:09 1190000 ----a-w- C:\ProgramData\Microsoft\Windows Defender\Definition Updates\{295B625E-A0CE-4262-AD53-4B559927C24C}\gapaengine.dll
2015-12-09 20:02:26 -------- d-----w- C:\Program Files (x86)\ESET
2015-11-27 17:34:56 -------- d-----w- C:\Program Files\CCleaner
2015-11-24 14:29:42 -------- d-----w- C:\Program Files\VideoLAN
2015-11-23 22:16:09 -------- d--h--w- C:\ProgramData\CanonIJQuickMenu
2015-11-23 22:13:16 -------- d-----w- C:\ProgramData\CanonIJPLM
2015-11-23 22:11:56 -------- d-----w- C:\ProgramData\Canon IJ Network Tool
2015-11-23 22:11:52 336896 ----a-w- C:\WINDOWS\SysWow64\CNC_C9L.dll
2015-11-23 22:11:52 15872 ----a-w- C:\WINDOWS\SysWow64\CNHMCA.dll
2015-11-23 22:11:37 39424 ----a-w- C:\WINDOWS\System32\CNMN6UI.DLL
2015-11-23 22:11:37 380928 ----a-w- C:\WINDOWS\SysWow64\CNMNPPM.DLL
2015-11-23 22:11:37 375296 ----a-w- C:\WINDOWS\System32\CNMN6PPM.DLL
2015-11-23 22:11:37 -------- d-----w- C:\WINDOWS\System32\STRING
2015-11-23 22:10:11 -------- d-----w- C:\ProgramData\CanonIJWSpt
2015-11-23 22:08:26 -------- d-----w- C:\Program Files\Canon
2015-11-23 22:07:51 369664 ----a-w- C:\WINDOWS\System32\CNC_C9L.dll
2015-11-23 22:07:51 316928 ----a-w- C:\WINDOWS\System32\CNC_C9C.dll
2015-11-23 22:07:51 17920 ----a-w- C:\WINDOWS\System32\CNHMCA6.dll
2015-11-23 22:07:51 105984 ----a-w- C:\WINDOWS\System32\CNC_C9I.dll
2015-11-23 21:35:27 -------- d-----w- C:\Program Files (x86)\Canon
.
==================== Find3M ====================
.
2015-12-19 16:54:24 180 ----a-w- C:\WINDOWS\System32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-09 03:39:31 301728 ------w- C:\WINDOWS\System32\MpSigStub.exe
2015-12-07 04:57:01 973664 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2015-12-07 04:55:42 1281376 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2015-12-07 04:49:31 412512 ----a-w- C:\WINDOWS\System32\wifitask.exe
2015-12-07 04:47:58 116720 ----a-w- C:\WINDOWS\SysWow64\mfps.dll
2015-12-07 04:47:57 925064 ----a-w- C:\WINDOWS\SysWow64\mfplat.dll
2015-12-07 04:47:57 898184 ----a-w- C:\WINDOWS\SysWow64\mfsrcsnk.dll
2015-12-07 04:47:54 716928 ----a-w- C:\WINDOWS\SysWow64\mfmpeg2srcsnk.dll
2015-12-07 04:45:46 264544 ----a-w- C:\WINDOWS\System32\ContentDeliveryManager.Utilities.dll
2015-12-07 04:15:40 1035776 ----a-w- C:\WINDOWS\System32\XboxNetApiSvc.dll
2015-12-07 04:15:08 75776 ----a-w- C:\WINDOWS\System32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-07 04:10:37 824320 ----a-w- C:\WINDOWS\System32\WpcWebFilter.dll
2015-12-07 04:09:36 30208 ----a-w- C:\WINDOWS\System32\StorageUsage.dll
2015-12-07 04:09:27 92160 ----a-w- C:\WINDOWS\System32\policymanagerprecheck.dll
2015-12-07 04:09:07 133120 ----a-w- C:\WINDOWS\System32\flvprophandler.dll
2015-12-07 04:07:43 134656 ----a-w- C:\WINDOWS\System32\wificonnapi.dll
2015-12-07 04:07:34 77312 ----a-w- C:\WINDOWS\System32\ProvPluginEng.dll
2015-12-07 04:07:13 16984064 ----a-w- C:\WINDOWS\System32\Windows.UI.Xaml.dll
2015-12-07 0452 231936 ----a-w- C:\WINDOWS\System32\KnobsCore.dll
2015-12-07 0438 199168 ----a-w- C:\WINDOWS\System32\InstallAgent.exe
2015-12-07 0436 50176 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2015-12-07 0432 572928 ----a-w- C:\WINDOWS\SysWow64\WpcWebFilter.dll
2015-12-07 04:05:28 36864 ----a-w- C:\WINDOWS\System32\BackgroundTransferHost.exe
2015-12-07 04:05:15 192000 ----a-w- C:\WINDOWS\System32\provisioningcsp.dll
2015-12-07 04:04:28 56320 ----a-w- C:\WINDOWS\System32\provtool.exe
2015-12-07 04:04:20 66560 ----a-w- C:\WINDOWS\System32\moshost.dll
2015-12-07 04:03:46 13017600 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.Xaml.dll
2015-12-07 04:02:54 477696 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2015-12-07 04:02:49 161280 ----a-w- C:\WINDOWS\SysWow64\InstallAgent.exe
2015-12-07 04:02:01 269824 ----a-w- C:\WINDOWS\System32\moshostcore.dll
2015-12-07 04:01:43 34304 ----a-w- C:\WINDOWS\SysWow64\BackgroundTransferHost.exe
2015-12-07 04:01:07 543232 ----a-w- C:\WINDOWS\System32\StoreAgent.dll
2015-12-07 04:00:55 323072 ----a-w- C:\WINDOWS\System32\MSFlacDecoder.dll
2015-12-07 04:00:52 203776 ----a-w- C:\WINDOWS\System32\NetSetupSvc.dll
2015-12-07 04:00:51 210432 ----a-w- C:\WINDOWS\System32\wcmcsp.dll
2015-12-07 04:00:40 618496 ----a-w- C:\WINDOWS\System32\StorSvc.dll
2015-12-07 03:59:52 286208 ----a-w- C:\WINDOWS\System32\provhandlers.dll
2015-12-07 03:59:49 292352 ----a-w- C:\WINDOWS\System32\provengine.dll
2015-12-07 03:59:37 558080 ----a-w- C:\WINDOWS\System32\MBMediaManager.dll
2015-12-07 03:59:16 165376 ----a-w- C:\WINDOWS\System32\provdatastore.dll
2015-12-07 03:58:17 459776 ----a-w- C:\WINDOWS\System32\MapConfiguration.dll
2015-12-07 03:57:48 387072 ----a-w- C:\WINDOWS\System32\qdvd.dll
2015-12-07 03:57:40 409088 ----a-w- C:\WINDOWS\SysWow64\StoreAgent.dll
2015-12-07 03:57:28 270848 ----a-w- C:\WINDOWS\SysWow64\MSFlacDecoder.dll
2015-12-07 03:56:27 497152 ----a-w- C:\WINDOWS\System32\mfmkvsrcsnk.dll
2015-12-07 03:56:18 607232 ----a-w- C:\WINDOWS\System32\wcmsvc.dll
2015-12-07 03:55:38 7979008 ----a-w- C:\WINDOWS\System32\mos.dll
2015-12-07 03:55:02 346112 ----a-w- C:\WINDOWS\SysWow64\MapConfiguration.dll
2015-12-07 03:54:56 850432 ----a-w- C:\WINDOWS\System32\MapsStore.dll
2015-12-07 03:54:56 569856 ----a-w- C:\WINDOWS\SysWow64\qdvd.dll
2015-12-07 03:53:28 381952 ----a-w- C:\WINDOWS\SysWow64\mfmkvsrcsnk.dll
2015-12-07 03:51:16 1318912 ----a-w- C:\WINDOWS\System32\wifinetworkmanager.dll
2015-12-07 03:51:00 223232 ----a-w- C:\WINDOWS\System32\fveapibase.dll
2015-12-07 03:50:55 1131520 ----a-w- C:\WINDOWS\System32\Windows.Media.Audio.dll
2015-12-07 03:49:01 1105920 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.Audio.dll
2015-12-07 03:48:02 6297088 ----a-w- C:\WINDOWS\SysWow64\mos.dll
2015-12-07 03:47:02 3428864 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2015-12-07 03:45:53 683008 ----a-w- C:\WINDOWS\SysWow64\Windows.Networking.BackgroundTransfer.dll
2015-12-07 03:45:45 900608 ----a-w- C:\WINDOWS\System32\Windows.Networking.BackgroundTransfer.dll
2015-12-07 03:45:44 2582016 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2015-12-07 03:44:48 2796032 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2015-12-07 03:43:35 931328 ----a-w- C:\WINDOWS\System32\MSMPEG2ENC.DLL
2015-12-07 03:43:07 2598400 ----a-w- C:\WINDOWS\System32\NetworkMobileSettings.dll
2015-12-07 03:41:02 2061824 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2015-12-07 03:40:47 3593216 ----a-w- C:\WINDOWS\System32\win32kfull.sys
2015-12-07 03:40:23 1995776 ----a-w- C:\WINDOWS\System32\ActiveSyncProvider.dll
2015-12-07 03:40:08 1706496 ----a-w- C:\WINDOWS\SysWow64\ActiveSyncProvider.dll
2015-12-07 03:39:24 764928 ----a-w- C:\WINDOWS\System32\fveapi.dll
2015-12-07 03:38:14 871936 ----a-w- C:\WINDOWS\SysWow64\MSMPEG2ENC.DLL
2015-12-07 03:33:04 375296 ----a-w- C:\WINDOWS\System32\MDEServer.exe
2015-12-07 03:32:46 126464 ----a-w- C:\WINDOWS\System32\dialserver.dll
2015-12-01 07:12:09 2152800 ----a-w- C:\WINDOWS\System32\drivers\ntfs.sys
2015-12-01 00:33:29 826872 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-12-01 00:33:29 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-11-24 14:49:20 192216 ----a-w- C:\WINDOWS\System32\drivers\MBAMSwissArmy.sys
2015-11-24 12:07:40 1817160 ----a-w- C:\WINDOWS\System32\ntdll.dll
2015-11-24 1129 1540768 ----a-w- C:\WINDOWS\SysWow64\ntdll.dll
2015-11-24 10:26:50 1399224 ----a-w- C:\WINDOWS\System32\user32.dll
2015-11-24 10:01:57 2756096 ----a-w- C:\WINDOWS\System32\mshtml.tlb
2015-11-24 09:54:15 7680 ----a-w- C:\WINDOWS\System32\readingviewresources.dll
2015-11-24 09:53:39 115200 ----a-w- C:\WINDOWS\System32\win32k.sys
2015-11-24 09:45:01 18944 ----a-w- C:\WINDOWS\System32\wshrm.dll
2015-11-24 09:37:04 147968 ----a-w- C:\WINDOWS\System32\drivers\rmcast.sys
2015-11-24 09:26:34 1337240 ----a-w- C:\WINDOWS\SysWow64\user32.dll
2015-11-24 09:19:35 182784 ----a-w- C:\WINDOWS\System32\shutdownux.dll
2015-11-24 09:12:41 523776 ----a-w- C:\WINDOWS\System32\catsrvut.dll
2015-11-24 08:58:24 604672 ----a-w- C:\WINDOWS\System32\vbscript.dll
2015-11-24 08:55:41 1393664 ----a-w- C:\WINDOWS\System32\win32kbase.sys
2015-11-24 08:54:21 2756096 ----a-w- C:\WINDOWS\SysWow64\mshtml.tlb
2015-11-24 08:52:05 1717248 ----a-w- C:\WINDOWS\System32\GdiPlus.dll
2015-11-24 08:49:47 1648640 ----a-w- C:\WINDOWS\System32\comsvcs.dll
2015-11-24 08:14:34 415744 ----a-w- C:\WINDOWS\SysWow64\catsrvut.dll
2015-11-24 08:03:47 503296 ----a-w- C:\WINDOWS\SysWow64\vbscript.dll
2015-11-24 07:59:27 1467392 ----a-w- C:\WINDOWS\SysWow64\GdiPlus.dll
2015-11-24 07:57:56 1328128 ----a-w- C:\WINDOWS\SysWow64\comsvcs.dll
2015-11-24 07:35:50 22393856 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-11-24 07:29:31 2352128 ----a-w- C:\WINDOWS\System32\authui.dll
2015-11-24 07:11:35 18678272 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2015-11-24 07:04:25 2155008 ----a-w- C:\WINDOWS\SysWow64\authui.dll
.
============= FINISH: 9:02:00.70 ===============
Attached Thumbnails
Click image for larger version

Name:	threat found on eset online scan.jpg
Views:	131
Size:	110.0 KB
ID:	266482   Click image for larger version

Name:	eset online threat.jpg
Views:	114
Size:	107.4 KB
ID:	266490  
Attached Files
File Type: txt attach.txt (21.7 KB, 50 views)
tierra is offline  
Sponsored Links
Advertisement
 
Old 12-19-2015, 09:26 AM   #2
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,091
OS: Windows 10 home premium 64-bit



Here are the rest of the attachments. I couldn't add them in edit.
Attached Thumbnails
Click image for larger version

Name:	bsod.jpg
Views:	272
Size:	112.5 KB
ID:	266506   Click image for larger version

Name:	error back for magnifier.jpg
Views:	176
Size:	164.8 KB
ID:	266514   Click image for larger version

Name:	problem.jpg
Views:	148
Size:	125.5 KB
ID:	266522  

Click image for larger version

Name:	system tuneup.jpg
Views:	184
Size:	119.8 KB
ID:	266530   Click image for larger version

Name:	tasl manger.jpg
Views:	154
Size:	108.6 KB
ID:	266538  
tierra is offline  
Old 12-22-2015, 11:06 AM   #3
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,091
OS: Windows 10 home premium 64-bit



BUMP, please
tierra is offline  
Sponsored Links
Advertisement
 
Old 12-29-2015, 01:16 PM   #4
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

Those BSODs are fake. And the number you called is a scam.

There is nothing wrong with WinDefender. No need for another AV.

That ESET find was not malicious, just bundled with a 3rd party toolbar. The fact that ESET found nothing, suggests malware isn't necessarily the cause of your problems.

You will likely have to seek help in one of our other forums once we are done here.

Please only run the tools in your normal Admin account for now. We will address other accounts, if necessary, in due time.

Also, make sure you are booting from Normal startup under System Configuration before proceeding.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up and restore your files - Windows Help

------------------------------------------------------

Also, if you haven't done so already, you might want to create a USB recovery drive. It's really easy and quick.

Create a recovery drive - Windows Help -

------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-29-2015, 01:33 PM   #5
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,091
OS: Windows 10 home premium 64-bit



Hi Chemist,

Thank you for replying.

I know I shouldn't have, but it's taken so long to get a response that I already did the following:

Ran Adwarecleaner scan and clean:

# AdwCleaner v5.026 - Logfile created 29/12/2015 at 06:40:17
# Updated 21/12/2015 by Xplode
# Database : 2015-12-23.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : 777 - DESKTOP-QE9K77P
# Running from : C:\Users\777\Desktop\AdwCleaner.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****


***** [ Folders ] *****


***** [ Files ] *****


***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****


***** [ Registry ] *****


***** [ Web browsers ] *****

[-] [C:\Users\4\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : aol.com
[-] [C:\Users\4\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : ask.com

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [874 bytes] ##########


I also ran JRT and here are the results:

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Junkware Removal Tool (JRT) by Malwarebytes
Version: 8.0.1 (11.24.2015)
Operating System: Windows 10 Home x64
Ran by 777 (Administrator) on 2015-12-29 at 6:46:46.30
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~




File System: 0




Registry: 0





~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-12-29 at 6:48:15.50
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

When I opened tools in CCleaner there was a program I didn't know and my computer company claimed they didn't install when they upgraded my computer from win 7 to win 10. It wasn't in add/remove in control panel, so I removed Candy Crush Soda Saga king.com 2015-12-17 1.57.200.0 via CCleaner.

I'll post the results of FRST64 once I finish running it.
tierra is offline  
Old 12-29-2015, 01:36 PM   #6
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,091
OS: Windows 10 home premium 64-bit



Additional scan result of Farbar Recovery Scan Tool (x64) Version:29-12-2015
Ran by 777 (2015-12-29 13:34:42)
Running from C:\Users\777\Desktop
Windows 10 Home (X64) (2015-11-12 21:03:30)
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

1a (S-1-5-21-2060484803-181986161-1338721117-1003 - Limited - Enabled) => C:\Users\1a
4 (S-1-5-21-2060484803-181986161-1338721117-1002 - Limited - Enabled) => C:\Users\4
777 (S-1-5-21-2060484803-181986161-1338721117-1004 - Administrator - Enabled) => C:\Users\777
93 (S-1-5-21-2060484803-181986161-1338721117-1001 - Administrator - Enabled) => C:\Users\Teresa
Administrator (S-1-5-21-2060484803-181986161-1338721117-500 - Administrator - Disabled)
DefaultAccount (S-1-5-21-2060484803-181986161-1338721117-503 - Limited - Disabled)
Guest (S-1-5-21-2060484803-181986161-1338721117-501 - Limited - Disabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Acrobat Reader DC (HKLM-x32\...\{AC76BA86-7AD7-1033-7B44-AC0F074E4100}) (Version: 15.009.20079 - Adobe Systems Incorporated)
Adobe Flash Player 20 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 20.0.0.235 - Adobe Systems Incorporated)
Canon Easy-WebPrint EX (HKLM-x32\...\Easy-WebPrint EX) (Version: 1.6.0.0 - Canon Inc.)
Canon IJ Network Scanner Selector EX (HKLM-x32\...\Canon_IJ_Network_Scanner_Selector_EX) (Version: 1.5.2.3 - Canon Inc.)
Canon IJ Network Tool (HKLM-x32\...\Canon_IJ_Network_UTILITY) (Version: 3.5.0 - Canon Inc.)
Canon IJ Scan Utility (HKLM-x32\...\Canon_IJ_Scan_Utility) (Version: 1.1.10.15 - Canon Inc.)
Canon Inkjet Printer/Scanner/Fax Extended Survey Program (HKLM-x32\...\CANONIJPLM100) (Version: 4.2.0 - Canon Inc.)
Canon MG6600 series MP Drivers (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_Canon_MG6600_series) (Version: 1.00 - Canon Inc.)
Canon MG6600 series On-screen Manual (HKLM-x32\...\Canon MG6600 series On-screen Manual) (Version: 7.7.0 - Canon Inc.)
Canon MG6600 series User Registration (HKLM-x32\...\Canon MG6600 series User Registration) (Version: - *Canon Inc.)
Canon My Image Garden (HKLM-x32\...\Canon My Image Garden) (Version: 3.3.0 - Canon Inc.)
Canon My Image Garden Design Files (HKLM-x32\...\Canon My Image Garden Design Files) (Version: 3.2.0 - Canon Inc.)
Canon My Printer (HKLM-x32\...\CanonMyPrinter) (Version: 3.3.0 - Canon Inc.)
Canon Quick Menu (HKLM-x32\...\CanonQuickMenu) (Version: 2.6.1 - Canon Inc.)
CCleaner (HKLM\...\CCleaner) (Version: 5.13 - Piriform)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
f.lux (HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\Flux) (Version: - )
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 47.0.2526.106 - Google Inc.)
Google Update Helper (x32 Version: 1.3.29.1 - Google Inc.) Hidden
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft Office Home and Student 2010 (HKLM-x32\...\Office14.SingleImage) (Version: 14.0.7015.1000 - Microsoft Corporation)
Microsoft Visual C++ 2005 Redistributable (HKLM-x32\...\{710f4c1c-cc18-4c49-8cbf-51240c89a1a2}) (Version: 8.0.61001 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.60610 (HKLM-x32\...\{a1909659-0a08-4554-8af1-2175904903a1}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.60610 (HKLM-x32\...\{95716cce-fc71-413f-8ad5-56c2892d4b3a}) (Version: 11.0.60610.1 - Microsoft Corporation)
Microsoft Visual Studio 2010 Tools for Office Runtime (x64) (HKLM\...\Microsoft Visual Studio 2010 Tools for Office Runtime (x64)) (Version: 10.0.50903 - Microsoft Corporation)
Mozilla Firefox 43.0.3 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 43.0.3 (x86 en-US)) (Version: 43.0.3 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 43.0.3.5835 - Mozilla)
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7503 - Realtek Semiconductor Corp.)
Sandboxie 5.06 (64-bit) (HKLM\...\Sandboxie) (Version: 5.06 - Sandboxie Holdings, LLC)
Service Pack 2 for Microsoft Office 2010 (KB2687455) 32-Bit Edition (HKLM-x32\...\{90140000-003D-0000-0000-0000000FF1CE}_Office14.SingleImage_{DE28B448-32E8-4E8F-84F0-A52B21A49B5B}) (Version: - Microsoft)
SpywareBlaster 5.4 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.4.0 - BrightFort LLC)
VLC media player (HKLM\...\VLC media player) (Version: 2.2.1 - VideoLAN)
Windows Driver Package - U.S. Robotics Corporation Model 5637 Voice Driver (01/28/2011 3.1.0.46) (HKLM\...\E7AE3AA66CA6D8D4AA8DED5BEED78DB3BEDFED27) (Version: 01/28/2011 3.1.0.46 - U.S. Robotics Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2060484803-181986161-1338721117-1004_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\777\AppData\Local\Microsoft\OneDrive\17.3.6281.1202\FileCoAuth.exe (Microsoft Corporation)

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {0CFE2E40-6A97-48C5-9F38-DE82315CF1B0} - System32\Tasks\Microsoft\Windows\UPnP\UPnPHostConfig => config upnphost start= auto
Task: {9804E84F-5E3C-414A-9C86-338B424AE0A6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-12-12] (Microsoft Corporation)
Task: {9BC38A99-0DB0-4F46-8A1E-A266538719EE} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-12-08] (Piriform Ltd)
Task: {A92EFA29-DEA1-4005-B652-38A42630BA02} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)
Task: {CCFDA5C1-E6BD-4202-9A3D-5DE549010880} - System32\Tasks\Adobe Acrobat Update Task => C:\Program Files (x86)\Common Files\Adobe\ARM\1.0\AdobeARM.exe [2015-10-28] (Adobe Systems Incorporated)
Task: {F0DCAA17-2691-4C3F-897A-FFB01FBF7D10} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-11-12] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Shortcuts =============================

(The entries could be listed to be restored or removed.)

==================== Loaded Modules (Whitelisted) ==============

2015-11-12 12:54 - 2015-11-12 11:55 - 00936728 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
2015-11-23 14:13 - 2013-06-28 15:28 - 00084616 _____ () C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE
2015-10-29 23:18 - 2015-10-29 23:18 - 00185856 _____ () C:\WINDOWS\SYSTEM32\ism32k.dll
2015-12-12 09:59 - 2015-11-22 02:47 - 02653816 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-12 09:59 - 2015-11-22 02:47 - 02653816 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-11-12 12:07 - 2015-11-12 12:07 - 00405416 _____ () C:\WINDOWS\system32\igfxTray.exe
2015-12-18 08:12 - 2015-12-06 20:14 - 00093696 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\Windows.UI.Shell.SharedUtilities.dll
2015-12-18 08:12 - 2015-12-06 20:00 - 00472064 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-12-18 08:12 - 2015-12-06 19:37 - 07992832 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-12-18 08:12 - 2015-12-06 19:33 - 00591360 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-12-18 08:12 - 2015-12-06 19:34 - 02483200 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-12-18 08:12 - 2015-12-06 19:36 - 04089856 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-11-12 12:54 - 2015-12-29 12:35 - 00033936 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\PEbiosinterface32.dll
2015-11-12 12:54 - 2015-11-12 11:55 - 00104448 _____ () C:\Program Files (x86)\ASUS\AXSP\1.01.02\ATKEX.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\1001movie.com -> 1001movie.com

There are 6091 more sites.


==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-07-10 03:04 - 2015-07-10 03:02 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2060484803-181986161-1338721117-1004\Control Panel\Desktop\\Wallpaper -> C:\Users\777\AppData\Roaming\Microsoft\Windows\Themes\TranscodedWallpaper
DNS Servers: 192.168.0.1 - 205.171.2.25
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\Run32: => "IJNetworkScannerSelectorEX"
HKLM\...\StartupApproved\Run32: => "CanonQuickMenu"
HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\StartupApproved\Run: => "CCleaner Monitoring"
HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\StartupApproved\Run: => "OneDrive"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{84F18A18-6F86-4FCA-8088-E1403921C915}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{5CB82096-347A-49FF-8A4D-C2E27CCB4E54}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{10E0B658-4D13-4E8C-A32A-FE10A24EE3E2}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [{27D1F131-F5E8-4A4F-B3C3-FBA51E9093F1}] => (Allow) C:\Program Files (x86)\Mozilla Firefox\firefox.exe
FirewallRules: [TCP Query User{32F2CDAA-3F35-4431-89AE-60B86EFE450F}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [UDP Query User{68D4A1AE-46A4-4B87-A5E0-36C5DE0B2EB4}C:\windows\system32\wfs.exe] => (Allow) C:\windows\system32\wfs.exe
FirewallRules: [{DD4721CD-3928-448A-BF7E-12187C40C4D4}] => (Block) C:\windows\system32\wfs.exe
FirewallRules: [{463BFF22-56BA-42B6-B822-339AF837F3C4}] => (Block) C:\windows\system32\wfs.exe
FirewallRules: [{9709A281-ED38-4B3E-AC24-FA03BB1578AB}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
FirewallRules: [TCP Query User{BEB39883-B59A-421E-A683-9E2BB11BD98B}C:\users\4\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\4\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe
FirewallRules: [UDP Query User{83E7D00C-7E1C-487F-BE71-3E1B1BD070D0}C:\users\4\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe] => (Allow) C:\users\4\appdata\local\logmein rescue applet\lmir0001.tmp\lmi_rescue.exe

==================== Restore Points =========================

12-12-2015 11:44:03 best restore after setting up accounts
19-12-2015 08:35:33 Windows Update
24-12-2015 06:58:52 Windows Update
29-12-2015 06:46:48 JRT Pre-Junkware Removal

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (12/29/2015 06:50:37 AM) (Source: SideBySide) (EventID: 78) (User: )
Description: Activation context generation failed for "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest1".Error in manifest or policy file "C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest2" on line C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest3.
A component version required by the application conflicts with another component version already active.
Conflicting components are:.
Component 1: C:\WINDOWS\WinSxS\manifests\amd64_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_8c15ae12515e1c22.manifest.
Component 2: C:\WINDOWS\WinSxS\manifests\x86_microsoft.windows.common-controls_6595b64144ccf1df_6.0.10586.0_none_d3c2e4e965da4528.manifest.

Error: (12/29/2015 06:46:57 AM) (Source: Microsoft-Windows-CAPI2) (EventID: 513) (User: )
Description: Cryptographic Services failed while processing the OnIdentity() call in the System Writer Object.

Details:
AddLegacyDriverFiles: Unable to back up image of binary Microsoft Link-Layer Discovery Protocol.

System Error:
Access is denied.
.

Error: (12/29/2015 06:41:43 AM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (12/29/2015 06:41:43 AM) (Source: Windows Search Service) (EventID: 3058) (User: )
Description: The application cannot be initialized.

Context: Windows Application

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (12/29/2015 06:41:43 AM) (Source: Windows Search Service) (EventID: 3028) (User: )
Description: The gatherer object cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (12/29/2015 06:41:43 AM) (Source: Windows Search Service) (EventID: 3029) (User: )
Description: The plug-in in <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application, SystemIndex Catalog

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

Error: (12/29/2015 06:41:43 AM) (Source: Windows Search Service) (EventID: 3057) (User: )
Description: The plug-in manager <Search.TripoliIndexer> cannot be initialized.

Context: Windows Application

Details:
(HRESULT : 0x8e5e0210) (0x8e5e0210)

Error: (12/29/2015 06:41:43 AM) (Source: Windows Search Service) (EventID: 7042) (User: )
Description: The Windows Search Service is being stopped because there is a problem with the indexer: The catalog is corrupt.

Details:
The content index catalog is corrupt. 0xc0041801 (0xc0041801)

Error: (12/29/2015 06:41:40 AM) (Source: Windows Search Service) (EventID: 7040) (User: )
Description: The search service has detected corrupted data files in the index {id=4810 - base\appmodel\search\search\ytrip\common\util\jetutil.cpp (203)}. The service will attempt to automatically correct this problem by rebuilding the index.

Details:
0x8e5e0210 (0x8e5e0210)

Error: (12/29/2015 06:41:40 AM) (Source: ESENT) (EventID: 455) (User: )
Description: SearchIndexer (3568) Windows: Error -1811 (0xfffff8ed) occurred while opening logfile C:\ProgramData\Microsoft\Search\Data\Applications\Windows\edb00067.log.


System errors:
=============
Error: (12/29/2015 01:21:03 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_3ca61 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/29/2015 01:21:03 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/29/2015 10:56:27 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_699f2f service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/29/2015 10:56:27 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/29/2015 09:56:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_570746 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/29/2015 09:56:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_570746 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/29/2015 09:56:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_570746 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/29/2015 09:56:50 AM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_570746 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (12/29/2015 09:56:49 AM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYSYSTEMS-1-5-18LocalHost (Using LRPC)UnavailableUnavailable

Error: (12/29/2015 09:43:48 AM) (Source: DCOM) (EventID: 10016) (User: DESKTOP-QE9K77P)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}DESKTOP-QE9K77P4S-1-5-21-2060484803-181986161-1338721117-1002LocalHost (Using LRPC)UnavailableUnavailable


CodeIntegrity:
===================================
Date: 2015-12-29 12:39:46.448
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-29 10:35:05.478
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-28 05:34:47.036
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-27 05:00:13.177
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-19 08:39:13.938
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-13 11:27:10.514
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-12 10:10:16.426
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-12 09:35:39.701
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.

Date: 2015-12-12 07:50:12.369
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE14\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-12-10 06:16:09.545
Description: Code Integrity is unable to verify the image integrity of the file \Device\HarddiskVolume2\Windows\System32\efswrt.dll because the set of per-page image hashes could not be found on the system.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-4440 CPU @ 3.10GHz
Percentage of memory in use: 19%
Total physical RAM: 7105.02 MB
Available physical RAM: 5734.46 MB
Total Virtual: 8257.02 MB
Available Virtual: 6957.46 MB

==================== Drives ================================

Drive c: () (Fixed) (Total:698.15 GB) (Free:666.13 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 698.6 GB) (Disk ID: 18C7D957)
Partition 1: (Active) - (Size=500 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=698.1 GB) - (Type=07 NTFS)

==================== End of Addition.txt ============================

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:29-12-2015
Ran by 777 (administrator) on DESKTOP-QE9K77P (29-12-2015 13:34:05)
Running from C:\Users\777\Desktop
Loaded Profiles: 777 (Available Profiles: 93 & 4 & 1a & 777)
Platform: Windows 10 Home Version 1511 (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Malware Removal Guides and Tutorials

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Intel Corporation) C:\Windows\System32\igfxCUIService.exe
(Sandboxie Holdings, LLC) C:\Program Files\Sandboxie\SbieSvc.exe
() C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
() C:\Program Files (x86)\Canon\IJPLM\ijplmsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v3.0\WPF\PresentationFontCache.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Common Files\microsoft shared\OfficeSoftwareProtectionPlatform\OSPPSVC.EXE
(Intel Corporation) C:\Windows\System32\igfxEM.exe
(Intel Corporation) C:\Windows\System32\igfxHK.exe
() C:\Windows\System32\igfxTray.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe
(Flux Software LLC) C:\Users\777\AppData\Local\FluxSoftware\Flux\flux.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Adobe Systems Incorporated) C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\reader_sl.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RtkNGUI64.exe [8466136 2015-11-13] (Realtek Semiconductor)
HKLM-x32\...\Run: [CanonQuickMenu] => C:\Program Files (x86)\Canon\Quick Menu\CNQMMAIN.EXE [1298456 2015-04-20] (CANON INC.)
HKLM-x32\...\Run: [IJNetworkScannerSelectorEX] => C:\Program Files (x86)\Canon\IJ Network Scanner Selector EX\CNMNSST.exe [438888 2014-01-15] (CANON INC.)
HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\Run: [f.lux] => C:\Users\777\AppData\Local\FluxSoftware\Flux\flux.exe [1017224 2013-10-23] (Flux Software LLC)
HKU\S-1-5-21-2060484803-181986161-1338721117-1004\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8590760 2015-12-08] (Piriform Ltd)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.0.1 205.171.2.25
Tcpip\..\Interfaces\{d3d0495a-0e40-4629-919d-47020fe6d347}: [DhcpNameServer] 192.168.0.1 205.171.2.25

Internet Explorer:
==================
BHO: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2015-02-23] (CANON INC.)
BHO-x32: Office Document Cache Handler -> {B4F3A835-0E21-4959-BA22-42B3008E02FF} -> C:\Program Files (x86)\Microsoft Office\Office14\URLREDIR.DLL [2013-03-06] (Microsoft Corporation)
Toolbar: HKLM - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2015-02-23] (CANON INC.)

FireFox:
========
FF ProfilePath: C:\Users\777\AppData\Roaming\Mozilla\Firefox\Profiles\rtq5fwqz.default
FF Session Restore: -> is enabled.
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_20_0_0_235.dll [2015-12-24] ()
FF Plugin: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~1\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin: @videolan.org/vlc,version=2.2.1 -> C:\Program Files\VideoLAN\VLC\npvlc.dll [2015-04-16] (VideoLAN)
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_20_0_0_235.dll [2015-12-24] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\My Image Garden\AddOn\CIG\npmigfpi.dll [2011-11-30] (CANON INC.)
FF Plugin-x32: @microsoft.com/OfficeAuthz,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPAUTHZ.DLL [2010-01-09] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/SharePoint,version=14.0 -> C:\PROGRA~2\MICROS~1\Office14\NPSPWRAP.DLL [2010-03-24] (Microsoft Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-12] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.29.1\npGoogleUpdate3.dll [2015-12-12] (Google Inc.)
FF Plugin-x32: Adobe Reader -> C:\Program Files (x86)\Adobe\Acrobat Reader DC\Reader\AIR\nppdf32.dll [2015-10-23] (Adobe Systems Inc.)
FF Extension: Redirect Remover - C:\Users\777\AppData\Roaming\Mozilla\Firefox\Profiles\rtq5fwqz.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi [2015-12-12]
FF Extension: NoScript - C:\Users\777\AppData\Roaming\Mozilla\Firefox\Profiles\rtq5fwqz.default\extensions\{73a6fe31-595d-460b-a920-fcc0f8843232}.xpi [2015-12-12]
FF Extension: BetterPrivacy - C:\Users\777\AppData\Roaming\Mozilla\Firefox\Profiles\rtq5fwqz.default\extensions\{d40f5e7b-d2cf-4856-b441-cc613eeffbe3}.xpi [2015-12-12]
FF Extension: WOT - C:\Users\777\AppData\Roaming\Mozilla\Firefox\Profiles\rtq5fwqz.default\extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-12-12]
FF Extension: Cookie Monster - C:\Users\777\AppData\Roaming\Mozilla\Firefox\Profiles\rtq5fwqz.default\extensions\{45d8ff86-d909-11db-9705-005056c00008}.xpi [2015-12-28]
FF Extension: No Name - C:\Users\777\AppData\Roaming\Mozilla\Firefox\Profiles\rtq5fwqz.default\Extensions\[email protected] [2015-12-12] [not signed]
FF Extension: Adblock Plus - C:\Users\777\AppData\Roaming\Mozilla\Firefox\Profiles\rtq5fwqz.default\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-12-18]

Chrome:
=======
CHR Profile: C:\Users\777\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Slides) - C:\Users\777\AppData\Local\Google\Chrome\User Data\Default\Extensions\aapocclcgogkmnckokdopfmhonfmgoek [2015-12-29]
CHR Extension: (Google Docs) - C:\Users\777\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-12-29]
CHR Extension: (Google Drive) - C:\Users\777\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-12-29]
CHR Extension: (YouTube) - C:\Users\777\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-12-29]
CHR Extension: (Adblock Plus) - C:\Users\777\AppData\Local\Google\Chrome\User Data\Default\Extensions\cfhdojbkjhnklbpkdaibdccddilifddb [2015-12-29]
CHR Extension: (Google Search) - C:\Users\777\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-12-29]
CHR Extension: (Ad.Block Plus) - C:\Users\777\AppData\Local\Google\Chrome\User Data\Default\Extensions\dbeafmdhnckjlkggjkdllmlfclfcmagh [2015-12-29]
CHR Extension: (Google Sheets) - C:\Users\777\AppData\Local\Google\Chrome\User Data\Default\Extensions\felcaaldnbdncclmgdcncolpebgiejap [2015-12-29]
CHR Extension: (Google Docs Offline) - C:\Users\777\AppData\Local\Google\Chrome\User Data\Default\Extensions\ghbmnnjooekpmoecnnnilnnbdlolhkhi [2015-12-29]
CHR Extension: (Ghostery) - C:\Users\777\AppData\Local\Google\Chrome\User Data\Default\Extensions\mlomiejdfkolichcflejclcbmpeaniij [2015-12-29]
CHR Extension: (Chrome Web Store Payments) - C:\Users\777\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-12-29]
CHR Extension: (Gmail) - C:\Users\777\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-12-29]

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 asComSvc; C:\Program Files (x86)\ASUS\AXSP\1.01.02\atkexComSvc.exe [936728 2015-11-12] ()
R2 igfxCUIService2.0.0.0; C:\Windows\system32\igfxCUIService.exe [359848 2015-11-12] (Intel Corporation)
R2 IJPLMSVC; C:\Program Files (x86)\Canon\IJPLM\IJPLMSVC.EXE [84616 2013-06-28] ()
R2 SbieSvc; C:\Program Files\Sandboxie\SbieSvc.exe [177800 2015-10-22] (Sandboxie Holdings, LLC)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [364464 2015-10-29] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-10-29] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R1 AsIO; C:\Windows\SysWow64\drivers\AsIO.sys [15232 2015-11-12] ()
R3 MEIx64; C:\Windows\System32\drivers\TeeDriverW8x64.sys [193336 2015-11-12] (Intel Corporation)
R3 SbieDrv; C:\Program Files\Sandboxie\SbieDrv.sys [192648 2015-10-22] (Sandboxie Holdings, LLC)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-10-29] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [293216 2015-10-29] (Microsoft Corporation)
R3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [118112 2015-10-29] (Microsoft Corporation)
S3 ALSysIO; \??\C:\Users\Teresa\AppData\Local\Temp\ALSysIO64.sys [X]
S3 cpuz135; \??\C:\Users\Teresa\AppData\Local\Temp\cpuz135\cpuz135_x64.sys [X]
S3 cpuz138; \??\C:\Users\Teresa\AppData\Local\Temp\cpuz138\cpuz138_x64.sys [X]
S3 GPU-Z; \??\C:\Users\Teresa\AppData\Local\Temp\GPU-Z.sys [X]
S3 WinRing0_1_2_0; \??\C:\install\Extra\RealTemp\WinRing0x64.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-29 13:34 - 2015-12-29 13:34 - 00010863 _____ C:\Users\777\Desktop\FRST.txt
2015-12-29 13:32 - 2015-12-29 13:34 - 00000000 ____D C:\FRST
2015-12-29 13:31 - 2015-12-29 13:32 - 02370560 _____ (Farbar) C:\Users\777\Desktop\FRST64.exe
2015-12-29 09:46 - 2015-12-29 09:46 - 00000000 ____D C:\Users\777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-29 09:46 - 2015-12-29 09:46 - 00000000 ____D C:\Users\777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Chrome Apps
2015-12-29 08:59 - 2015-12-29 08:59 - 00001296 _____ C:\Users\777\Desktop\startup windows.txt
2015-12-29 08:56 - 2015-12-29 08:56 - 00008580 _____ C:\Users\777\Desktop\install.txt
2015-12-29 08:55 - 2015-12-29 08:55 - 00000654 _____ C:\Users\777\Desktop\startup.txt
2015-12-29 07:48 - 2015-12-29 07:48 - 00000000 ____D C:\Users\777\AppData\LocalLow\Adobe
2015-12-29 07:48 - 2015-12-29 07:48 - 00000000 ____D C:\Users\777\AppData\Local\CEF
2015-12-29 07:48 - 2015-12-29 07:48 - 00000000 ____D C:\Users\777\AppData\Local\Adobe
2015-12-29 06:48 - 2015-12-29 06:48 - 00000545 _____ C:\Users\777\Desktop\JRT.txt
2015-12-29 06:45 - 2015-12-29 06:46 - 01599336 _____ (Malwarebytes) C:\Users\777\Desktop\JRT.exe
2015-12-29 06:36 - 2015-12-29 06:40 - 00000000 ____D C:\AdwCleaner
2015-12-29 06:35 - 2015-12-29 06:36 - 01743360 _____ C:\Users\777\Desktop\AdwCleaner.exe
2015-12-28 11:58 - 2015-12-28 13:03 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-12-24 09:53 - 2015-12-24 09:53 - 04274096 _____ (BrightFort LLC ) C:\Users\777\Downloads\spywareblastersetup54.exe
2015-12-20 07:30 - 2015-12-20 07:30 - 00000000 ____D C:\Users\4\AppData\LocalLow\Temp
2015-12-20 07:29 - 2015-12-20 07:29 - 00000000 ____D C:\Users\4\AppData\LocalLow\Adobe
2015-12-20 07:29 - 2015-12-20 07:29 - 00000000 ____D C:\Users\4\AppData\Local\CEF
2015-12-20 07:29 - 2015-12-20 07:29 - 00000000 ____D C:\Users\4\AppData\Local\Adobe
2015-12-19 09:02 - 2015-12-19 09:02 - 00028448 _____ C:\Users\777\Desktop\dds.txt
2015-12-19 09:02 - 2015-12-19 09:02 - 00022206 _____ C:\Users\777\Desktop\attach.txt
2015-12-19 09:01 - 2015-12-19 09:01 - 00688992 ____R (Swearware) C:\Users\777\Desktop\dds.scr
2015-12-19 07:55 - 2015-12-19 07:56 - 02870984 _____ (ESET) C:\Users\777\Downloads\esetsmartinstaller_enu.exe
2015-12-19 07:29 - 2015-12-19 07:31 - 00000000 ____D C:\ProgramData\WRData
2015-12-18 08:12 - 2015-12-06 20:57 - 00973664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-12-18 08:12 - 2015-12-06 20:55 - 01281376 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-12-18 08:12 - 2015-12-06 20:49 - 00412512 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifitask.exe
2015-12-18 08:12 - 2015-12-06 20:48 - 02544256 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 02180136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 01299504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfnetsrc.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 01155944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfasfsrcsnk.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 01118208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfnetsrc.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 01092456 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 01065080 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 01020096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 00983464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfasfsrcsnk.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 00884256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 00823264 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 00794888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 00696160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupEngine.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 00670928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 00526856 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfreadwrite.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 00502112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupEngine.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 00498448 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 00462760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfreadwrite.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 00450904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 00337840 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 00289248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 00245848 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 00115040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupApi.dll
2015-12-18 08:12 - 2015-12-06 20:48 - 00084832 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NetSetupApi.dll
2015-12-18 08:12 - 2015-12-06 20:47 - 00925064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-12-18 08:12 - 2015-12-06 20:47 - 00898184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-12-18 08:12 - 2015-12-06 20:47 - 00716928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-12-18 08:12 - 2015-12-06 20:47 - 00116720 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfps.dll
2015-12-18 08:12 - 2015-12-06 20:46 - 03671888 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-12-18 08:12 - 2015-12-06 20:46 - 02919320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-12-18 08:12 - 2015-12-06 20:45 - 00264544 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-12-18 08:12 - 2015-12-06 20:15 - 01035776 _____ (Microsoft Corporation) C:\WINDOWS\system32\XboxNetApiSvc.dll
2015-12-18 08:12 - 2015-12-06 20:15 - 00075776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.XboxLive.ProxyStub.dll
2015-12-18 08:12 - 2015-12-06 20:10 - 00824320 _____ (Microsoft Corporation) C:\WINDOWS\system32\WpcWebFilter.dll
2015-12-18 08:12 - 2015-12-06 20:09 - 00133120 _____ (Microsoft Corporation) C:\WINDOWS\system32\flvprophandler.dll
2015-12-18 08:12 - 2015-12-06 20:09 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\policymanagerprecheck.dll
2015-12-18 08:12 - 2015-12-06 20:09 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorageUsage.dll
2015-12-18 08:12 - 2015-12-06 20:07 - 16984064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-12-18 08:12 - 2015-12-06 20:07 - 00134656 _____ (Microsoft Corporation) C:\WINDOWS\system32\wificonnapi.dll
2015-12-18 08:12 - 2015-12-06 20:07 - 00077312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ProvPluginEng.dll
2015-12-18 08:12 - 2015-12-06 20:06 - 00572928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WpcWebFilter.dll
2015-12-18 08:12 - 2015-12-06 20:06 - 00231936 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-12-18 08:12 - 2015-12-06 20:06 - 00199168 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-12-18 08:12 - 2015-12-06 20:05 - 00192000 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-12-18 08:12 - 2015-12-06 20:05 - 00036864 _____ (Microsoft Corporation) C:\WINDOWS\system32\BackgroundTransferHost.exe
2015-12-18 08:12 - 2015-12-06 20:04 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshost.dll
2015-12-18 08:12 - 2015-12-06 20:04 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\provtool.exe
2015-12-18 08:12 - 2015-12-06 20:03 - 13017600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-12-18 08:12 - 2015-12-06 20:02 - 00269824 _____ (Microsoft Corporation) C:\WINDOWS\system32\moshostcore.dll
2015-12-18 08:12 - 2015-12-06 20:02 - 00161280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InstallAgent.exe
2015-12-18 08:12 - 2015-12-06 20:01 - 00543232 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-12-18 08:12 - 2015-12-06 20:01 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BackgroundTransferHost.exe
2015-12-18 08:12 - 2015-12-06 20:00 - 00618496 _____ (Microsoft Corporation) C:\WINDOWS\system32\StorSvc.dll
2015-12-18 08:12 - 2015-12-06 20:00 - 00323072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSFlacDecoder.dll
2015-12-18 08:12 - 2015-12-06 20:00 - 00210432 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-12-18 08:12 - 2015-12-06 20:00 - 00203776 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetSetupSvc.dll
2015-12-18 08:12 - 2015-12-06 19:59 - 00558080 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-12-18 08:12 - 2015-12-06 19:59 - 00292352 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-12-18 08:12 - 2015-12-06 19:59 - 00286208 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-12-18 08:12 - 2015-12-06 19:59 - 00165376 _____ (Microsoft Corporation) C:\WINDOWS\system32\provdatastore.dll
2015-12-18 08:12 - 2015-12-06 19:58 - 24601600 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-12-18 08:12 - 2015-12-06 19:58 - 00459776 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-12-18 08:12 - 2015-12-06 19:57 - 00409088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\StoreAgent.dll
2015-12-18 08:12 - 2015-12-06 19:57 - 00387072 _____ (Microsoft Corporation) C:\WINDOWS\system32\qdvd.dll
2015-12-18 08:12 - 2015-12-06 19:57 - 00270848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSFlacDecoder.dll
2015-12-18 08:12 - 2015-12-06 19:56 - 00607232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-12-18 08:12 - 2015-12-06 19:56 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-12-18 08:12 - 2015-12-06 19:55 - 07979008 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-12-18 08:12 - 2015-12-06 19:55 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-12-18 08:12 - 2015-12-06 19:54 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-12-18 08:12 - 2015-12-06 19:54 - 00569856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\qdvd.dll
2015-12-18 08:12 - 2015-12-06 19:53 - 19339264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-12-18 08:12 - 2015-12-06 19:53 - 00381952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-12-18 08:12 - 2015-12-06 19:51 - 01318912 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-12-18 08:12 - 2015-12-06 19:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapibase.dll
2015-12-18 08:12 - 2015-12-06 19:50 - 01131520 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Audio.dll
2015-12-18 08:12 - 2015-12-06 19:49 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Audio.dll
2015-12-18 08:12 - 2015-12-06 19:48 - 06297088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-12-18 08:12 - 2015-12-06 19:47 - 03428864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-12-18 08:12 - 2015-12-06 19:45 - 02582016 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-12-18 08:12 - 2015-12-06 19:45 - 00900608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.BackgroundTransfer.dll
2015-12-18 08:12 - 2015-12-06 19:45 - 00683008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.BackgroundTransfer.dll
2015-12-18 08:12 - 2015-12-06 19:44 - 02796032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-12-18 08:12 - 2015-12-06 19:43 - 02598400 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-12-18 08:12 - 2015-12-06 19:43 - 00931328 _____ (Microsoft Corporation) C:\WINDOWS\system32\MSMPEG2ENC.DLL
2015-12-18 08:12 - 2015-12-06 19:41 - 02061824 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-12-18 08:12 - 2015-12-06 19:40 - 03593216 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-12-18 08:12 - 2015-12-06 19:40 - 01995776 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-12-18 08:12 - 2015-12-06 19:40 - 01706496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActiveSyncProvider.dll
2015-12-18 08:12 - 2015-12-06 19:39 - 00764928 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-12-18 08:12 - 2015-12-06 19:38 - 00871936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSMPEG2ENC.DLL
2015-12-18 08:12 - 2015-12-06 19:33 - 00375296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDEServer.exe
2015-12-18 08:12 - 2015-12-06 19:32 - 00126464 _____ (Microsoft Corporation) C:\WINDOWS\system32\dialserver.dll
2015-12-17 05:14 - 2015-12-19 09:33 - 00002260 _____ C:\Users\4\Desktop\Google Chrome.lnk
2015-12-15 07:39 - 2015-12-15 07:40 - 01592394 _____ C:\Users\4\Documents\bookmarks.html
2015-12-12 11:44 - 2015-12-12 11:44 - 00597304 _____ C:\Users\777\Downloads\flux-setup.exe
2015-12-12 11:44 - 2015-12-12 11:44 - 00000000 ____D C:\Users\777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-12-12 11:44 - 2015-12-12 11:44 - 00000000 ____D C:\Users\777\AppData\Local\FluxSoftware
2015-12-12 11:12 - 2015-12-12 11:13 - 00000000 ____D C:\Users\777\AppData\Local\Comms
2015-12-12 11:11 - 2015-12-12 11:11 - 00000000 ____D C:\Users\777\AppData\Local\Publishers
2015-12-12 11:10 - 2015-12-12 11:19 - 00000000 ____D C:\Users\777\AppData\Local\Mozilla
2015-12-12 11:10 - 2015-12-12 11:10 - 00000000 ____D C:\Users\777\AppData\Roaming\Mozilla
2015-12-12 11:07 - 2015-12-27 04:51 - 00000000 ____D C:\Users\777\Documents\computer
2015-12-12 11:06 - 2015-12-05 06:58 - 01590550 _____ C:\Users\777\Documents\bookmarks.html
2015-12-12 10:58 - 2015-11-18 12:55 - 00000956 _____ C:\Users\777\Desktop\Sandboxie Control.lnk
2015-12-12 10:56 - 2015-12-12 10:57 - 00002402 _____ C:\Users\777\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-12 10:56 - 2015-12-12 10:57 - 00000000 ___RD C:\Users\777\OneDrive
2015-12-12 10:55 - 2015-12-12 10:55 - 00000000 ____D C:\Users\777\AppData\Local\ActiveSync
2015-12-12 10:54 - 2015-12-29 07:48 - 00000000 ____D C:\Users\777\AppData\Roaming\Adobe
2015-12-12 10:53 - 2015-12-29 13:21 - 00000000 __SHD C:\Users\777\IntelGraphicsProfiles
2015-12-12 10:53 - 2015-12-29 09:38 - 00000000 ____D C:\Users\777\AppData\Local\Packages
2015-12-12 10:53 - 2015-12-12 10:56 - 00000000 ____D C:\Users\777
2015-12-12 10:53 - 2015-12-12 10:53 - 00000020 ___SH C:\Users\777\ntuser.ini
2015-12-12 10:53 - 2015-12-12 10:53 - 00000000 _SHDL C:\Users\777\My Documents
2015-12-12 10:53 - 2015-12-12 10:53 - 00000000 _SHDL C:\Users\777\Documents\My Videos
2015-12-12 10:53 - 2015-12-12 10:53 - 00000000 _SHDL C:\Users\777\Documents\My Pictures
2015-12-12 10:53 - 2015-12-12 10:53 - 00000000 _SHDL C:\Users\777\Documents\My Music
2015-12-12 10:53 - 2015-12-12 10:53 - 00000000 ____D C:\Users\777\AppData\Local\VirtualStore
2015-12-12 10:53 - 2015-12-12 10:53 - 00000000 ____D C:\Users\777\AppData\Local\TileDataLayer
2015-12-12 10:53 - 2015-12-12 10:53 - 00000000 ____D C:\Users\777\AppData\Local\Google
2015-12-12 10:53 - 2015-11-18 12:47 - 00000000 ____D C:\Users\777\AppData\Local\Microsoft Help
2015-12-12 10:16 - 2015-12-29 13:21 - 00002218 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-12-12 09:59 - 2015-11-30 23:12 - 02152800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-12-12 09:59 - 2015-11-24 04:07 - 01817160 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-12-12 09:59 - 2015-11-24 03:06 - 01540768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-12-12 09:59 - 2015-11-24 02:26 - 01399224 _____ (Microsoft Corporation) C:\WINDOWS\system32\user32.dll
2015-12-12 09:59 - 2015-11-24 02:01 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.tlb
2015-12-12 09:59 - 2015-11-24 01:54 - 00007680 _____ (Microsoft Corporation) C:\WINDOWS\system32\readingviewresources.dll
2015-12-12 09:59 - 2015-11-24 01:53 - 00115200 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32k.sys
2015-12-12 09:59 - 2015-11-24 01:45 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\wshrm.dll
2015-12-12 09:59 - 2015-11-24 01:37 - 00147968 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rmcast.sys
2015-12-12 09:59 - 2015-11-24 01:26 - 01337240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\user32.dll
2015-12-12 09:59 - 2015-11-24 01:19 - 00182784 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-12-12 09:59 - 2015-11-24 01:12 - 00523776 _____ (Microsoft Corporation) C:\WINDOWS\system32\catsrvut.dll
2015-12-12 09:59 - 2015-11-24 00:58 - 00604672 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-12-12 09:59 - 2015-11-24 00:55 - 01393664 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-12-12 09:59 - 2015-11-24 00:54 - 02756096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.tlb
2015-12-12 09:59 - 2015-11-24 00:52 - 01717248 _____ (Microsoft Corporation) C:\WINDOWS\system32\GdiPlus.dll
2015-12-12 09:59 - 2015-11-24 00:49 - 01648640 _____ (Microsoft Corporation) C:\WINDOWS\system32\comsvcs.dll
2015-12-12 09:59 - 2015-11-24 00:14 - 00415744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\catsrvut.dll
2015-12-12 09:59 - 2015-11-24 00:03 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-12-12 09:59 - 2015-11-23 23:59 - 01467392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GdiPlus.dll
2015-12-12 09:59 - 2015-11-23 23:57 - 01328128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comsvcs.dll
2015-12-12 09:59 - 2015-11-23 23:35 - 22393856 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-12-12 09:59 - 2015-11-23 23:29 - 02352128 _____ (Microsoft Corporation) C:\WINDOWS\system32\authui.dll
2015-12-12 09:59 - 2015-11-23 23:23 - 13381120 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-12-12 09:59 - 2015-11-23 23:11 - 18678272 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-12-12 09:59 - 2015-11-23 23:08 - 12125184 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-12-12 09:59 - 2015-11-23 23:04 - 02155008 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\authui.dll
2015-12-12 09:59 - 2015-11-22 02:47 - 07476576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-12-12 09:59 - 2015-11-22 02:47 - 02653816 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-12-12 09:59 - 2015-11-22 02:41 - 01859448 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-12-12 09:59 - 2015-11-22 02:41 - 00026408 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuauclt.exe
2015-12-12 09:59 - 2015-11-22 02:35 - 00538632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-12-12 09:59 - 2015-11-22 02:34 - 00080600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwapi.dll
2015-12-12 09:59 - 2015-11-22 02:33 - 00095072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdstor.sys
2015-12-12 09:59 - 2015-11-22 02:33 - 00058408 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.dll
2015-12-12 09:59 - 2015-11-22 02:33 - 00051680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsUtilsV2.dll
2015-12-12 09:59 - 2015-11-22 02:30 - 00604928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-12-12 09:59 - 2015-11-22 02:30 - 00161632 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ksecpkg.sys
2015-12-12 09:59 - 2015-11-22 02:26 - 00431232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-12-12 09:59 - 2015-11-22 02:25 - 00063528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wwapi.dll
2015-12-12 09:59 - 2015-11-22 02:24 - 02772584 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d11.dll
2015-12-12 09:59 - 2015-11-22 02:20 - 00795840 _____ (Microsoft Corporation) C:\WINDOWS\system32\generaltel.dll
2015-12-12 09:59 - 2015-11-22 02:19 - 00440160 _____ (Microsoft Corporation) C:\WINDOWS\system32\services.exe
2015-12-12 09:59 - 2015-11-22 02:14 - 02185840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d11.dll
2015-12-12 09:59 - 2015-11-22 02:00 - 00089088 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsCSP.dll
2015-12-12 09:59 - 2015-11-22 02:00 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosResource.dll
2015-12-12 09:59 - 2015-11-22 01:57 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MapControls.dll
2015-12-12 09:59 - 2015-11-22 01:57 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCoreRes.dll
2015-12-12 09:59 - 2015-11-22 01:57 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosTrace.dll
2015-12-12 09:59 - 2015-11-22 01:57 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-MosHost.dll
2015-12-12 09:59 - 2015-11-22 01:56 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.Resources.dll
2015-12-12 09:59 - 2015-11-22 01:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosHostClient.dll
2015-12-12 09:59 - 2015-11-22 01:56 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\ihvrilproxy.dll
2015-12-12 09:59 - 2015-11-22 01:56 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\rilproxy.dll
2015-12-12 09:59 - 2015-11-22 01:55 - 00070656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManagerProxy.dll
2015-12-12 09:59 - 2015-11-22 01:55 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvcProxy.dll
2015-12-12 09:59 - 2015-11-22 01:54 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\system32\ETWCoreUIComponentsResources.dll
2015-12-12 09:59 - 2015-11-22 01:54 - 00117248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\capimg.sys
2015-12-12 09:59 - 2015-11-22 01:54 - 00092160 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-12-12 09:59 - 2015-11-22 01:54 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanprotdim.dll
2015-12-12 09:59 - 2015-11-22 01:54 - 00044032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wsplib.dll
2015-12-12 09:59 - 2015-11-22 01:54 - 00032256 _____ (Microsoft Corporation) C:\WINDOWS\system32\wups2.dll
2015-12-12 09:59 - 2015-11-22 01:54 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\WordBreakers.dll
2015-12-12 09:59 - 2015-11-22 01:54 - 00028160 _____ (Microsoft Corporation) C:\WINDOWS\system32\nativemap.dll
2015-12-12 09:59 - 2015-11-22 01:54 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlStringsRes.dll
2015-12-12 09:59 - 2015-11-22 01:52 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininetlui.dll
2015-12-12 09:59 - 2015-11-22 01:52 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthTokenBrokerExt.dll
2015-12-12 09:59 - 2015-11-22 01:52 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\jsproxy.dll
2015-12-12 09:59 - 2015-11-22 01:52 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapsupdatetask.dll
2015-12-12 09:59 - 2015-11-22 01:51 - 00157184 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-12-12 09:59 - 2015-11-22 01:51 - 00119808 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsBtSvc.dll
2015-12-12 09:59 - 2015-11-22 01:51 - 00072704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MosStorage.dll
2015-12-12 09:59 - 2015-11-22 01:51 - 00042496 _____ (Microsoft Corporation) C:\WINDOWS\system32\mapstoasttask.dll
2015-12-12 09:59 - 2015-11-22 01:51 - 00034304 _____ (Microsoft Corporation) C:\WINDOWS\system32\iernonce.dll
2015-12-12 09:59 - 2015-11-22 01:50 - 00074240 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssign32.dll
2015-12-12 09:59 - 2015-11-22 01:49 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceCensus.exe
2015-12-12 09:59 - 2015-11-22 01:49 - 00066560 _____ (Microsoft Corporation) C:\WINDOWS\system32\iesetup.dll
2015-12-12 09:59 - 2015-11-22 01:49 - 00052224 _____ (Microsoft Corporation) C:\WINDOWS\system32\Wwanpref.dll
2015-12-12 09:59 - 2015-11-22 01:48 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosResource.dll
2015-12-12 09:59 - 2015-11-22 01:46 - 00248832 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserMgrProxy.dll
2015-12-12 09:59 - 2015-11-22 01:45 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-12-12 09:59 - 2015-11-22 01:45 - 00638464 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-12-12 09:59 - 2015-11-22 01:45 - 00264192 _____ (Nokia) C:\WINDOWS\system32\NmaDirect.dll
2015-12-12 09:59 - 2015-11-22 01:45 - 00220672 _____ (Microsoft Corporation) C:\WINDOWS\system32\ie4uinit.exe
2015-12-12 09:59 - 2015-11-22 01:45 - 00110592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MapControls.dll
2015-12-12 09:59 - 2015-11-22 01:45 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-12-12 09:59 - 2015-11-22 01:45 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCoreRes.dll
2015-12-12 09:59 - 2015-11-22 01:45 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosTrace.dll
2015-12-12 09:59 - 2015-11-22 01:45 - 00009728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Microsoft-Windows-MosHost.dll
2015-12-12 09:59 - 2015-11-22 01:44 - 01268736 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.Resources.dll
2015-12-12 09:59 - 2015-11-22 01:44 - 00048640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosHostClient.dll
2015-12-12 09:59 - 2015-11-22 01:43 - 00704000 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-12-12 09:59 - 2015-11-22 01:43 - 00382464 _____ (Microsoft Corporation) C:\WINDOWS\system32\iedkcs32.dll
2015-12-12 09:59 - 2015-11-22 01:43 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-12-12 09:59 - 2015-11-22 01:43 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthManagerProxy.dll
2015-12-12 09:59 - 2015-11-22 01:42 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-12-12 09:59 - 2015-11-22 01:42 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-12-12 09:59 - 2015-11-22 01:42 - 00138240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ETWCoreUIComponentsResources.dll
2015-12-12 09:59 - 2015-11-22 01:42 - 00024064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WordBreakers.dll
2015-12-12 09:59 - 2015-11-22 01:42 - 00003072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlStringsRes.dll
2015-12-12 09:59 - 2015-11-22 01:41 - 01814528 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-12-12 09:59 - 2015-11-22 01:41 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\system32\XblAuthManager.dll
2015-12-12 09:59 - 2015-11-22 01:40 - 01056256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-12-12 09:59 - 2015-11-22 01:40 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-12-12 09:59 - 2015-11-22 01:40 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininetlui.dll
2015-12-12 09:59 - 2015-11-22 01:40 - 00049152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XblAuthTokenBrokerExt.dll
2015-12-12 09:59 - 2015-11-22 01:39 - 02126848 _____ (Microsoft Corporation) C:\WINDOWS\system32\inetcpl.cpl
2015-12-12 09:59 - 2015-11-22 01:39 - 01713664 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRHInproc.dll
2015-12-12 09:59 - 2015-11-22 01:39 - 00988160 _____ (Microsoft Corporation) C:\WINDOWS\system32\NMAA.dll
2015-12-12 09:59 - 2015-11-22 01:39 - 00957440 _____ (Microsoft Corporation) C:\WINDOWS\system32\SRH.dll
2015-12-12 09:59 - 2015-11-22 01:39 - 00938496 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-12-12 09:59 - 2015-11-22 01:39 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-12-12 09:59 - 2015-11-22 01:39 - 00783360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msfeeds.dll
2015-12-12 09:59 - 2015-11-22 01:39 - 00114688 _____ (Microsoft Corporation) C:\WINDOWS\system32\offlinelsa.dll
2015-12-12 09:59 - 2015-11-22 01:39 - 00086528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapsBtSvc.dll
2015-12-12 09:59 - 2015-11-22 01:39 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MosStorage.dll
2015-12-12 09:59 - 2015-11-22 01:39 - 00045568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jsproxy.dll
2015-12-12 09:59 - 2015-11-22 01:38 - 01223168 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-12-12 09:59 - 2015-11-22 01:38 - 01212928 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-12-12 09:59 - 2015-11-22 01:38 - 00912384 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-12-12 09:59 - 2015-11-22 01:38 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\cryptngc.dll
2015-12-12 09:59 - 2015-11-22 01:38 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssign32.dll
2015-12-12 09:59 - 2015-11-22 01:37 - 02624512 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputService.dll
2015-12-12 09:59 - 2015-11-22 01:37 - 01395200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-12-12 09:59 - 2015-11-22 01:37 - 00515584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-12-12 09:59 - 2015-11-22 01:36 - 01042432 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingOnlineServices.dll
2015-12-12 09:59 - 2015-11-22 01:34 - 02843136 _____ (Microsoft Corporation) C:\WINDOWS\system32\cdp.dll
2015-12-12 09:59 - 2015-11-22 01:34 - 00345600 _____ (Microsoft Corporation) C:\WINDOWS\system32\TextInputFramework.dll
2015-12-12 09:59 - 2015-11-22 01:34 - 00175616 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Core.TextInput.dll
2015-12-12 09:59 - 2015-11-22 01:34 - 00166912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserMgrProxy.dll
2015-12-12 09:59 - 2015-11-22 01:34 - 00108544 _____ (Microsoft Corporation) C:\WINDOWS\system32\InputLocaleManager.dll
2015-12-12 09:59 - 2015-11-22 01:34 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\EditBufferTestHook.dll
2015-12-12 09:59 - 2015-11-22 01:33 - 00205824 _____ (Nokia) C:\WINDOWS\SysWOW64\NmaDirect.dll
2015-12-12 09:59 - 2015-11-22 01:32 - 00340480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToDevice.dll
2015-12-12 09:59 - 2015-11-22 01:32 - 00334848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iedkcs32.dll
2015-12-12 09:59 - 2015-11-22 01:31 - 07199232 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-12-12 09:59 - 2015-11-22 01:31 - 00470528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-12-12 09:59 - 2015-11-22 01:31 - 00416768 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-12-12 09:59 - 2015-11-22 01:29 - 00800768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-12-12 09:59 - 2015-11-22 01:28 - 01734656 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-12-12 09:59 - 2015-11-22 01:28 - 01443328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRHInproc.dll
2015-12-12 09:59 - 2015-11-22 01:28 - 01387008 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-12-12 09:59 - 2015-11-22 01:28 - 00948224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-12-12 09:59 - 2015-11-22 01:28 - 00870400 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-12-12 09:59 - 2015-11-22 01:28 - 00793600 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SRH.dll
2015-12-12 09:59 - 2015-11-22 01:28 - 00784896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NMAA.dll
2015-12-12 09:59 - 2015-11-22 01:28 - 00686592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msfeeds.dll
2015-12-12 09:59 - 2015-11-22 01:28 - 00100864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\offlinelsa.dll
2015-12-12 09:59 - 2015-11-22 01:27 - 03993600 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-12-12 09:59 - 2015-11-22 01:27 - 02049024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\inetcpl.cpl
2015-12-12 09:59 - 2015-11-22 01:27 - 01944576 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputService.dll
2015-12-12 09:59 - 2015-11-22 01:27 - 00711680 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-12-12 09:59 - 2015-11-22 01:27 - 00241664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cryptngc.dll
2015-12-12 09:59 - 2015-11-22 01:27 - 00160768 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-12-12 09:59 - 2015-11-22 01:26 - 03355136 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-12-12 09:59 - 2015-11-22 01:26 - 01139200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-12-12 09:59 - 2015-11-22 01:26 - 00709120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingOnlineServices.dll
2015-12-12 09:59 - 2015-11-22 01:26 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-12-12 09:59 - 2015-11-22 01:25 - 02280448 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-12-12 09:59 - 2015-11-22 01:25 - 00133632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Core.TextInput.dll
2015-12-12 09:59 - 2015-11-22 01:24 - 02647552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-12-12 09:59 - 2015-11-22 01:24 - 00245760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-12-12 09:59 - 2015-11-22 01:24 - 00083456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\InputLocaleManager.dll
2015-12-12 09:59 - 2015-11-22 01:24 - 00059904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EditBufferTestHook.dll
2015-12-12 09:59 - 2015-11-22 01:23 - 05202944 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-12-12 09:59 - 2015-11-22 01:20 - 01860096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\cdp.dll
2015-12-12 09:59 - 2015-11-22 01:18 - 01505280 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-12-12 09:59 - 2015-11-22 01:18 - 00697856 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-12-12 09:59 - 2015-11-22 01:18 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToDevice.dll
2015-12-12 09:59 - 2015-11-22 01:17 - 02680320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-12-12 09:59 - 2015-11-22 01:17 - 02121216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-12-12 09:59 - 2015-11-22 01:11 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-12-12 09:59 - 2015-11-20 22:21 - 00809312 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-12-12 09:59 - 2015-11-20 22:02 - 00704352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-12-12 09:59 - 2015-11-20 21:44 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\Microsoft-Windows-AppModelExecEvents.dll
2015-12-12 09:59 - 2015-11-20 21:29 - 00286720 _____ (Microsoft Corporation) C:\WINDOWS\system32\deviceaccess.dll
2015-12-12 09:59 - 2015-11-20 21:07 - 00227840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\deviceaccess.dll
2015-12-10 12:59 - 2015-12-10 12:59 - 00000000 ____D C:\Users\801\AppData\Local\Comms
2015-12-10 12:54 - 2015-12-10 12:54 - 00000000 ____D C:\Users\801\AppData\Roaming\Mozilla
2015-12-10 12:54 - 2015-12-10 12:54 - 00000000 ____D C:\Users\801\AppData\Local\Mozilla
2015-12-10 12:43 - 2015-12-10 12:43 - 00000000 ___RD C:\Users\801\OneDrive
2015-12-10 12:43 - 2015-12-10 12:43 - 00000000 ____D C:\Users\801\AppData\Local\ActiveSync
2015-12-10 12:42 - 2015-12-10 12:42 - 00000000 ____D C:\Users\801\AppData\Local\Publishers
2015-12-10 12:41 - 2015-12-12 09:33 - 00000000 ____D C:\Users\801
2015-12-10 12:41 - 2015-12-10 12:59 - 00000000 ____D C:\Users\801\AppData\Local\Packages
2015-12-10 12:41 - 2015-12-10 12:41 - 00000000 _SHDL C:\Users\801\My Documents
2015-12-10 12:41 - 2015-12-10 12:41 - 00000000 _SHDL C:\Users\801\Documents\My Videos
2015-12-10 12:41 - 2015-12-10 12:41 - 00000000 _SHDL C:\Users\801\Documents\My Pictures
2015-12-10 12:41 - 2015-12-10 12:41 - 00000000 _SHDL C:\Users\801\Documents\My Music
2015-12-10 12:41 - 2015-12-10 12:41 - 00000000 __SHD C:\Users\801\IntelGraphicsProfiles
2015-12-10 12:41 - 2015-12-10 12:41 - 00000000 ____D C:\Users\801\AppData\Roaming\Adobe
2015-12-10 12:41 - 2015-12-10 12:41 - 00000000 ____D C:\Users\801\AppData\Local\VirtualStore
2015-12-10 12:41 - 2015-12-10 12:41 - 00000000 ____D C:\Users\801\AppData\Local\TileDataLayer
2015-12-10 12:41 - 2015-12-10 12:41 - 00000000 ____D C:\Users\801\AppData\Local\Google
2015-12-10 12:41 - 2015-11-18 12:47 - 00000000 ____D C:\Users\801\AppData\Local\Microsoft Help
2015-12-10 07:49 - 2015-12-12 09:31 - 00000000 ____D C:\Users\4\3D Objects
2015-12-09 12:02 - 2015-12-09 12:02 - 00000000 ____D C:\Program Files (x86)\ESET

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-12-29 13:32 - 2015-10-29 22:28 - 00000000 ____D C:\Windows
2015-12-29 13:21 - 2015-11-16 15:54 - 00000180 _____ C:\WINDOWS\system32\{A6D608F0-0BDE-491A-97AE-5C4B05D86E01}.bat
2015-12-29 12:41 - 2015-11-12 11:59 - 00879220 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-12-29 12:41 - 2015-10-29 23:21 - 00000000 ____D C:\WINDOWS\INF
2015-12-29 12:38 - 2015-11-18 13:21 - 00000000 __SHD C:\Users\4\IntelGraphicsProfiles
2015-12-29 12:35 - 2015-11-12 15:21 - 00000938 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-12-29 12:35 - 2015-11-12 15:21 - 00000934 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-12-29 12:35 - 2015-11-12 13:01 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-12-29 10:56 - 2015-10-29 22:28 - 00786432 ___SH C:\WINDOWS\system32\config\BBI
2015-12-29 10:34 - 2015-10-29 23:11 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-12-29 09:38 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-12-29 09:37 - 2015-11-12 15:21 - 00003510 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-12-29 09:37 - 2015-11-12 15:21 - 00003286 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-12-29 08:38 - 2015-11-13 14:12 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-12-29 06:38 - 2015-10-29 23:24 - 00000000 ___HD C:\Program Files\WindowsApps
2015-12-29 06:29 - 2015-11-19 05:46 - 00000000 __SHD C:\Users\1a\IntelGraphicsProfiles
2015-12-29 06:26 - 2015-11-18 12:55 - 00003036 _____ C:\WINDOWS\Sandboxie.ini
2015-12-29 06:07 - 2015-11-23 14:13 - 00000000 ____D C:\ProgramData\CanonIJPLM
2015-12-28 13:03 - 2015-11-12 15:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Maintenance Service
2015-12-27 13:10 - 2015-10-29 23:26 - 00826872 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-12-27 13:10 - 2015-10-29 23:26 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-12-26 20:21 - 2015-11-18 13:29 - 00000000 ____D C:\Users\4\Documents\computer
2015-12-26 09:33 - 2015-11-18 13:21 - 00000000 ____D C:\Users\4\AppData\Local\Microsoft Help
2015-12-24 09:54 - 2015-11-18 12:40 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-12-24 09:54 - 2015-11-18 12:39 - 00000000 ____D C:\ProgramData\TEMP
2015-12-24 09:54 - 2015-11-18 12:39 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-12-24 09:53 - 2015-11-18 12:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-12-24 09:51 - 2015-11-18 13:25 - 00001119 _____ C:\Users\4\Desktop\Sandboxie Control.lnk
2015-12-24 07:47 - 2015-11-18 12:32 - 00000000 ____D C:\Users\Teresa\AppData\Local\Adobe
2015-12-20 07:29 - 2015-11-18 13:21 - 00000000 ____D C:\Users\4\AppData\Roaming\Adobe
2015-12-20 07:03 - 2015-11-12 12:57 - 00000000 ____D C:\Users\Teresa
2015-12-19 13:02 - 2015-11-18 13:21 - 00000000 ____D C:\Users\4
2015-12-19 11:03 - 2015-11-18 13:29 - 00000000 ____D C:\Users\4\Documents\housing DHSH HUD
2015-12-19 08:46 - 2015-11-12 13:59 - 00004168 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C1AC7404-A09F-4561-B976-DFBA4A20D844}
2015-12-19 08:37 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-12-19 08:37 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\Provisioning
2015-12-19 08:37 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\bcastdvr
2015-12-17 05:54 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-12-16 12:09 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\rescache
2015-12-15 10:30 - 2015-11-18 13:29 - 00000000 ____D C:\Users\4\Documents\important phone numbers
2015-12-13 08:09 - 2015-11-18 13:29 - 00000000 ____D C:\Users\4\Documents\library
2015-12-12 13:25 - 2015-11-19 05:47 - 00002399 _____ C:\Users\1a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-12 13:25 - 2015-11-19 05:47 - 00000000 ___RD C:\Users\1a\OneDrive
2015-12-12 13:25 - 2015-11-12 11:55 - 00000000 __RHD C:\Users\Public\AccountPictures
2015-12-12 13:23 - 2015-11-19 05:46 - 00000000 ____D C:\Users\1a\AppData\Local\Packages
2015-12-12 10:37 - 2015-11-12 15:17 - 00002457 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Acrobat Reader DC.lnk
2015-12-12 10:16 - 2015-11-27 09:34 - 00000000 ____D C:\Program Files\CCleaner
2015-12-12 10:09 - 2015-11-16 15:54 - 00273752 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-12-12 10:08 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-12-12 10:08 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-12-12 10:04 - 2015-11-18 10:57 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-12-12 10:03 - 2015-11-12 12:08 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-12-12 10:01 - 2015-11-12 12:08 - 140158008 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-12-12 09:37 - 2015-11-18 13:23 - 00002396 _____ C:\Users\4\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-12-12 09:37 - 2015-11-18 13:23 - 00000000 ___RD C:\Users\4\OneDrive
2015-12-12 09:32 - 2015-11-23 14:08 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-12-12 09:32 - 2015-11-19 06:10 - 00000000 ____D C:\Users\1a\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Flux
2015-12-12 09:32 - 2015-11-19 05:57 - 00000000 ____D C:\Users\1a\Documents\computer
2015-12-12 09:32 - 2015-11-19 05:46 - 00000000 ____D C:\Users\1a\AppData\Local\TileDataLayer
2015-12-12 09:32 - 2015-11-19 05:46 - 00000000 ____D C:\Users\1a
2015-12-12 09:32 - 2015-11-18 12:39 - 00000000 ____D C:\ProgramData\Licenses
2015-12-12 09:32 - 2015-11-12 15:22 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-12-12 09:32 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-12-12 09:32 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-12-12 09:32 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-12-12 09:32 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\Branding
2015-12-12 09:32 - 2015-10-29 23:24 - 00000000 ____D C:\ProgramData\regid.1991-06.com.microsoft
2015-12-12 09:32 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-12-12 09:32 - 2015-10-29 22:28 - 00000000 ____D C:\WINDOWS\servicing
2015-12-12 09:32 - 2015-07-10 03:04 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-12-12 09:24 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\registration
2015-12-12 09:20 - 2015-11-18 13:21 - 00000000 ____D C:\Users\4\AppData\Local\Packages
2015-12-12 09:20 - 2015-11-12 11:55 - 00000000 ____D C:\Users\Teresa\AppData\Local\Packages
2015-12-12 09:19 - 2015-11-19 05:49 - 00000000 ____D C:\Users\1a\AppData\Roaming\Mozilla
2015-12-12 09:18 - 2015-11-23 13:35 - 00000000 ____D C:\Program Files (x86)\Canon
2015-12-12 09:18 - 2015-11-19 06:10 - 00000000 ____D C:\Users\1a\AppData\Local\FluxSoftware
2015-12-12 09:18 - 2015-11-19 05:49 - 00000000 ____D C:\Users\1a\AppData\Local\Mozilla
2015-12-12 09:17 - 2015-11-18 10:56 - 00000000 __RHD C:\MSOCache
2015-12-11 09:59 - 2015-11-18 13:29 - 00000000 ____D C:\Users\4\Documents\consumer
2015-12-11 04:24 - 2015-10-29 23:24 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-12-09 14:39 - 2015-11-18 13:30 - 00000000 ____D C:\Users\4\Documents\misc doc
2015-12-09 07:18 - 2015-11-25 05:00 - 00000000 ____D C:\Users\4\AppData\Local\MicrosoftEdge
2015-12-08 19:39 - 2015-11-12 12:04 - 00301728 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-12-08 16:47 - 2015-11-18 12:44 - 00000000 ____D C:\WINDOWS\Panther

==================== Files in the root of some directories =======

2015-11-13 07:44 - 2015-11-13 07:44 - 0000000 ____H () C:\ProgramData\DP45977C.lfl

Some files in TEMP:
====================
C:\Users\777\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-12-24 08:51

==================== End of FRST.txt ============================
tierra is offline  
Old 12-29-2015, 01:55 PM   #7
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,091
OS: Windows 10 home premium 64-bit



PS I forgot, I've run ESET online twice since and it's found nothing. The first time was the download of the update to CCleaner.
tierra is offline  
Old 12-29-2015, 02:23 PM   #8
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, tierra. As I suspected, FRST didn't find much.
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
    GroupPolicy: Restriction - Chrome <======= ATTENTION
    FF Extension: Redirect Remover - C:\Users\777\AppData\Roaming\Mozilla\Firefox\Profiles\rtq5fwqz.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi [2015-12-12]
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-29-2015, 02:39 PM   #9
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,091
OS: Windows 10 home premium 64-bit



Thank you - Chemist.

Here's the log:

Fix result of Farbar Recovery Scan Tool (x64) Version:29-12-2015
Ran by 777 (2015-12-29 14:36:48) Run:1
Running from C:\Users\777\Desktop
Loaded Profiles: 777 (Available Profiles: 93 & 4 & 1a & 777)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
GroupPolicy: Restriction - Chrome <======= ATTENTION
FF Extension: Redirect Remover - C:\Users\777\AppData\Roaming\Mozilla\Firefox\Profiles\rtq5fwqz.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi [2015-12-12]
EmptyTemp:
end
*****************

Restore point was successfully created.
C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
C:\WINDOWS\system32\GroupPolicy\Machine => moved successfully
C:\WINDOWS\system32\GroupPolicy\GPT.ini => moved successfully
C:\WINDOWS\SysWOW64\GroupPolicy\GPT.ini => moved successfully
C:\Users\777\AppData\Roaming\Mozilla\Firefox\Profiles\rtq5fwqz.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi => moved successfully
C:\Users\777\AppData\Roaming\Mozilla\Firefox\Profiles\rtq5fwqz.default\extensions\{fe0258ab-4f74-43a1-8781-bcdf340f9ee9}.xpi => path removed successfully
EmptyTemp: => 29.2 MB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 14:36:50 ====
tierra is offline  
Old 12-29-2015, 02:51 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, tierra. Are you still getting errors in FF and Chrome? Use them and let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-29-2015, 03:01 PM   #11
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,091
OS: Windows 10 home premium 64-bit



Hi Chemist,

The only time I had problems with FF and chrome was the day of the false BSOD. I went to watch a video and wouldn't run on FF so went to chrome and got the false BSOD immediately. I found out later that although the site is usually safe (I check clicking the wheel on the mouse on the site with noscripts), was under attack for a short while the day I got the false BSOD and think that's why FF wouldn't run the vid and no security on chrome as almost never use.

I'm still getting some problems with a driver or two (can't read well as having vision problems) and with magnifier. Once the computer is clean and I have the time was going to reload win10, as the magnifier problem since win 10 was installed and think the driver problem too. I'll do that with the help of my computer manufacturer.

Do you think my documents and pictures were infected?

Do you think it's safe to load my kindle from Amazon with a USB cord?

Thank you so very much.
tierra is offline  
Old 12-29-2015, 03:06 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome, tierra. Use the machine normally over the next day or so, and let me know how it behaves.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-29-2015, 03:08 PM   #13
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,091
OS: Windows 10 home premium 64-bit



Thank you Chemist,

I'll let you know how it's working.
tierra is offline  
Old 12-30-2015, 05:47 AM   #14
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,091
OS: Windows 10 home premium 64-bit



Hi Chemist,

That candy crush soda saga that wasn't on add/remove in control panel but was in the CCleaner install that I uninstalled through CCleaner and my computer company says they didn't install is still on the apps list.

Other than that, no problems other than the ongoing problems with magnifier - which I doubt have anything to do with the malware as has been a problem since upgrading to 10.

Thank you.
Attached Thumbnails
Click image for larger version

Name:	candy crush soda saga.jpg
Views:	199
Size:	150.5 KB
ID:	267665  
tierra is offline  
Old 12-30-2015, 10:03 PM   #15
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, tierra. You're very welcome.

You keep referring to Add/Remove Programs. You do mean Programs and Features, correct?

It would be preferable if you uninstall applications via Programs and Features in your Control Panel.

I don't see any problem with your Documents or Pictures, nor with loading my kindle from Amazon with a USB cord, but would wait until you reloaded Win10, if that is your plan of action.

------------------------------------------------------

Please download SystemLook from one of the links below and save it to your Desktop.
Download Mirror #1
Download Mirror #2
  • Double-click SystemLook_x64.exe to run it. (Vista/Win7/Win8/Win10 users, right-click > Run as administrator)
  • Copy/paste the contents of the following codebox into the main textfield:
    Code:
    :filefind
    atbroker.exe
    
    :folderfind
    candy*
    
    :regfind
    candy
  • Click the Look button to start the scan.
  • Please be patient, as it may take a while.
  • When finished, a Notepad file will open with the results of the scan. Please post this log in your next reply.
Note: The log can also be found on your Desktop entitled SystemLook.txt

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 12-31-2015, 05:44 AM   #16
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,091
OS: Windows 10 home premium 64-bit



Thank you Chemist.

I've never found it in Control Panels Add/Remove programs but did in CCleaner and thought removed but didn't.

Here are the results:

SystemLook 30.07.11 by jpshortstuff
Log created at 05:40 on 31/12/2015 by 777
Administrator - Elevation successful

========== filefind ==========

Searching for "atbroker.exe"
C:\Windows\System32\AtBroker.exe --a---- 54272 bytes [07:17 30/10/2015] [07:17 30/10/2015] CA410B8A3A6B8BE1C9D0E52853955F26
C:\Windows\SysWOW64\AtBroker.exe --a---- 41472 bytes [07:18 30/10/2015] [07:18 30/10/2015] 6EB0DECAC5EBF1A6ED3A4629FD23DA94
C:\Windows\WinSxS\amd64_microsoft-windows-atbroker_31bf3856ad364e35_10.0.10586.0_none_5c264829c8ac6b25\AtBroker.exe --a---- 54272 bytes [07:17 30/10/2015] [07:17 30/10/2015] CA410B8A3A6B8BE1C9D0E52853955F26
C:\Windows\WinSxS\x86_microsoft-windows-atbroker_31bf3856ad364e35_10.0.10586.0_none_0007aca6104ef9ef\AtBroker.exe --a---- 41472 bytes [07:18 30/10/2015] [07:18 30/10/2015] 6EB0DECAC5EBF1A6ED3A4629FD23DA94

========== folderfind ==========

Searching for "candy*"
C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32\res_output\shared\diorama\common\scenes\candybar d------ [13:11 17/12/2015]
C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32\res_output\shared\diorama\common\scenes\candycrush d------ [13:11 17/12/2015]
C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32\res_output\shared\game\common\materials\candy d------ [13:12 17/12/2015]
C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32\res_output\shared\game\common\models\candy_cannon d------ [13:12 17/12/2015]
C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32\res_output\shared\game\common\tex\candy d------ [13:12 17/12/2015]

========== regfind ==========

Searching for "candy"
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\candyasians.com]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\candycantaloupes.com]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\candycrushsodasaga]
[HKEY_CURRENT_USER\SOFTWARE\RegisteredApplications]
"AppXva39kr4hvrvq0b68ec3ry14mfevwtjws"="Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32\App\Capabilities"
[HKEY_CURRENT_USER\SOFTWARE\Classes\candycrushsodasaga]
[HKEY_CURRENT_USER\SOFTWARE\Classes\candycrushsodasaga]
@="URL:candycrushsodasaga"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5Cking.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32%5Cresources.pri]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5Cking.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32%5Cresources.pri\1d122493b33a8fb\fae8ab0e]
"@{king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32?ms-resource://king.com.CandyCrushSodaSaga/Files/square44x44logo.png}"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32\square44x44logo.scale-100.png"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5Cking.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32%5Cresources.pri\1d122493b33a8fb\fae8ab0e]
"@{king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32?ms-resource://king.com.CandyCrushSodaSaga/Files/badge24x24logo.png}"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32\badge24x24logo.scale-100.png"
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5Cking.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32%5Cresources.pri]
[HKEY_CURRENT_USER\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5Cking.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32%5Cresources.pri\1d138123508a4fe\fae8ab0e]
"@{king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32?ms-resource://king.com.CandyCrushSodaSaga/Files/square44x44logo.png}"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32\square44x44logo.scale-100.png"
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\PackageRepository\Packages\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32]
"Path"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\Upgrade\S-1-5-21-2060484803-181986161-1338721117-1001\king.com.CandyCrushSodaSaga_kgqvnymyfvs32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\Upgrade\S-1-5-21-2060484803-181986161-1338721117-1001\king.com.CandyCrushSodaSaga_kgqvnymyfvs32\king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\Upgrade\S-1-5-21-2060484803-181986161-1338721117-1001\king.com.CandyCrushSodaSaga_kgqvnymyfvs32\king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32]
"Path"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\Upgrade\S-1-5-21-2060484803-181986161-1338721117-1001\king.com.CandyCrushSodaSaga_kgqvnymyfvs32\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\Upgrade\S-1-5-21-2060484803-181986161-1338721117-1001\king.com.CandyCrushSodaSaga_kgqvnymyfvs32\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32]
"Path"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\Upgrade\S-1-5-21-2060484803-181986161-1338721117-1003\king.com.CandyCrushSodaSaga_kgqvnymyfvs32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\Upgrade\S-1-5-21-2060484803-181986161-1338721117-1003\king.com.CandyCrushSodaSaga_kgqvnymyfvs32\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\Upgrade\S-1-5-21-2060484803-181986161-1338721117-1003\king.com.CandyCrushSodaSaga_kgqvnymyfvs32\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32]
"Path"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\Upgrade\S-1-5-21-2060484803-181986161-1338721117-1004\king.com.CandyCrushSodaSaga_kgqvnymyfvs32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\Upgrade\S-1-5-21-2060484803-181986161-1338721117-1004\king.com.CandyCrushSodaSaga_kgqvnymyfvs32\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\Deleted\Upgrade\S-1-5-21-2060484803-181986161-1338721117-1004\king.com.CandyCrushSodaSaga_kgqvnymyfvs32\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32]
"Path"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2060484803-181986161-1338721117-1001\king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2060484803-181986161-1338721117-1001\king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32]
"Path"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2060484803-181986161-1338721117-1001\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2060484803-181986161-1338721117-1001\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32]
"Path"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2060484803-181986161-1338721117-1003\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2060484803-181986161-1338721117-1003\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32]
"Path"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2060484803-181986161-1338721117-1004\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Appx\AppxAllUserStore\S-1-5-21-2060484803-181986161-1338721117-1004\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32]
"Path"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32\AppxManifest.xml"
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\InstallAgent\CategoryCache]
"007cac78-c79b-923b-71a8-b5dfae2af4c2"="{"WuCategoryId":"25316f12-963a-4d4e-b782-b74e97666bae","WuBundleId":"a384a0b5-b4bd-436d-a81f-cfffad1c619b","Content":[{"ContentId":"8aabcdf1-3039-6b8f-4760-953b8826c504","PackageIds":["328a95bb-5037-41b1-8728-54a3295916e6"] },{"ContentId":"007cac78-c79b-923b-71a8-b5dfae2af4c2","PackageIds":["9edf7f8a-d293-4a8c-8ca3-64e7c423f2b3"] }],"ReleaseRank":27672313,"ProductId":"9NBLGGH1ZRPV","SkuId":"0010","PackageFamilyName":"king.com.CandyCrushSodaSaga_kgqvnymyfvs32","LicensingPolicy":"","PackagesShouldBePublishedToWu":true}"
[HKEY_LOCAL_MACHINE\SOFTWARE\WOW6432Node\Microsoft\SecurityManager\CapAuthz\ApplicationsEx\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32]
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E17E726F-E907-4B18-99F8-C567410ED384}"="v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1002|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10F92179-98A2-42AD-AC1C-9E977D910CE1}"="v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1001|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7B5AA8FC-F0AE-4FC3-9D29-BD691E6670F5}"="v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1003|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{2AE54820-AC31-43AB-8794-C732A882FA02}"="v2.25|Action=Block|Active=TRUE|Dir=In|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1002|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{A8ECDE57-91DB-4250-9086-C172FA1B2CA4}"="v2.25|Action=Block|Active=TRUE|Dir=Out|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1002|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{ACFBFA2D-7556-43FF-9EEC-C21C57C31CAD}"="v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1002|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{EC5D7332-6CA7-48CC-8D11-82CEF9943D38}"="v2.25|Action=Block|Active=TRUE|Dir=In|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1001|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{410D48C9-B313-436D-B0EA-E5E57F9BCE50}"="v2.25|Action=Block|Active=TRUE|Dir=Out|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1001|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{EC799B0B-A3A5-477A-A6EF-D39D3990615B}"="v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1001|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{C1834E66-E186-4575-864E-674D205E8564}"="v2.25|Action=Block|Active=TRUE|Dir=In|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1003|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{AC5B50A1-D66E-4A2D-9F26-7CB61982A6E5}"="v2.25|Action=Block|Active=TRUE|Dir=Out|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1003|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{67D69ADF-EBA6-40CF-86F1-982E2FB92750}"="v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1003|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{E17E726F-E907-4B18-99F8-C567410ED384}"="v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1002|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{10F92179-98A2-42AD-AC1C-9E977D910CE1}"="v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1001|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\FirewallRules]
"{7B5AA8FC-F0AE-4FC3-9D29-BD691E6670F5}"="v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1003|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|Platform=2:6:2|Platform2=GTEQ|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{2AE54820-AC31-43AB-8794-C732A882FA02}"="v2.25|Action=Block|Active=TRUE|Dir=In|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1002|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{A8ECDE57-91DB-4250-9086-C172FA1B2CA4}"="v2.25|Action=Block|Active=TRUE|Dir=Out|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1002|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{ACFBFA2D-7556-43FF-9EEC-C21C57C31CAD}"="v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1002|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{EC5D7332-6CA7-48CC-8D11-82CEF9943D38}"="v2.25|Action=Block|Active=TRUE|Dir=In|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1001|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{410D48C9-B313-436D-B0EA-E5E57F9BCE50}"="v2.25|Action=Block|Active=TRUE|Dir=Out|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1001|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{EC799B0B-A3A5-477A-A6EF-D39D3990615B}"="v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1001|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{C1834E66-E186-4575-864E-674D205E8564}"="v2.25|Action=Block|Active=TRUE|Dir=In|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1003|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{AC5B50A1-D66E-4A2D-9F26-7CB61982A6E5}"="v2.25|Action=Block|Active=TRUE|Dir=Out|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1003|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\SharedAccess\Parameters\FirewallPolicy\RestrictedServices\Configurable\System]
"{67D69ADF-EBA6-40CF-86F1-982E2FB92750}"="v2.25|Action=Allow|Active=TRUE|Dir=Out|Profile=Domain|Profile=Private|Profile=Public|RA42=IntErnet|RA62=IntErnet|Name=Candy Crush Soda Saga|Desc=Candy Crush Soda Saga|LUAuth=O:LSD:(A;;CC;;;S-1-15-3-1)(A;;CC;;;WD)(A;;CC;;;AN)|LUOwn=S-1-5-21-2060484803-181986161-1338721117-1003|AppPkgId=S-1-15-2-3055884410-2067824683-223899546-422323478-2359388318-2114876276-1379654078|EmbedCtxt=Candy Crush Soda Saga|"
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\candyasians.com]
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\candycantaloupes.com]
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\candycrushsodasaga]
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004\SOFTWARE\RegisteredApplications]
"AppXva39kr4hvrvq0b68ec3ry14mfevwtjws"="Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Repository\Packages\king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32\App\Capabilities"
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004\SOFTWARE\Classes\candycrushsodasaga]
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004\SOFTWARE\Classes\candycrushsodasaga]
@="URL:candycrushsodasaga"
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5Cking.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32%5Cresources.pri]
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5Cking.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32%5Cresources.pri\1d122493b33a8fb\fae8ab0e]
"@{king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32?ms-resource://king.com.CandyCrushSodaSaga/Files/square44x44logo.png}"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32\square44x44logo.scale-100.png"
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5Cking.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32%5Cresources.pri\1d122493b33a8fb\fae8ab0e]
"@{king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32?ms-resource://king.com.CandyCrushSodaSaga/Files/badge24x24logo.png}"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32\badge24x24logo.scale-100.png"
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5Cking.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32%5Cresources.pri]
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004\SOFTWARE\Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5Cking.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32%5Cresources.pri\1d138123508a4fe\fae8ab0e]
"@{king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32?ms-resource://king.com.CandyCrushSodaSaga/Files/square44x44logo.png}"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32\square44x44logo.scale-100.png"
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004_Classes\candycrushsodasaga]
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004_Classes\candycrushsodasaga]
@="URL:candycrushsodasaga"
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5Cking.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32%5Cresources.pri]
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5Cking.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32%5Cresources.pri\1d122493b33a8fb\fae8ab0e]
"@{king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32?ms-resource://king.com.CandyCrushSodaSaga/Files/square44x44logo.png}"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32\square44x44logo.scale-100.png"
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5Cking.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32%5Cresources.pri\1d122493b33a8fb\fae8ab0e]
"@{king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32?ms-resource://king.com.CandyCrushSodaSaga/Files/badge24x24logo.png}"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.54.900.0_x86__kgqvnymyfvs32\badge24x24logo.scale-100.png"
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5Cking.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32%5Cresources.pri]
[HKEY_USERS\S-1-5-21-2060484803-181986161-1338721117-1004_Classes\Local Settings\MrtCache\C:%5CProgram Files%5CWindowsApps%5Cking.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32%5Cresources.pri\1d138123508a4fe\fae8ab0e]
"@{king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32?ms-resource://king.com.CandyCrushSodaSaga/Files/square44x44logo.png}"="C:\Program Files\WindowsApps\king.com.CandyCrushSodaSaga_1.57.200.0_x86__kgqvnymyfvs32\square44x44logo.scale-100.png"

-= EOF =-

My computer company at first said they didn't install it; however, now they think it may have been in the MS package for win10 when downloaded.

If you think benign I could leave alone.

Thank you.
tierra is offline  
Old 12-31-2015, 11:44 AM   #17
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, tierra. You're very welcome. Yes, Candy Crush is a harmless, and very popular, game.

And yes, Candy Crush Soda Saga gets installed when upgrading to Windows 10. It won't have an uninstall entry listed in Programs and Features.

------------------------------------------------------

When do you plan on reloading Win10? I could keep this thread open while you do. Let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-08-2016, 06:13 AM   #18
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,091
OS: Windows 10 home premium 64-bit



Hi Chemist,

Thank you for your help. I've been very busy and won't have the time for another 1.5 weeks to load windows 10.
tierra is offline  
Old 01-08-2016, 09:43 AM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome. Let me know.
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 01-31-2016, 02:01 AM   #20
TSF Enthusiast
 
Join Date: Nov 2007
Location: Seattle, Washington, USA
Posts: 1,091
OS: Windows 10 home premium 64-bit



Hi Chemist,

When I went to reinstall win10 the usb stick didn't work so the computer went back to the manufacturer to be reinstalled.

I only have the one computer - and it was gone almost 2 weeks. Sorry, it's taken so long to get back to you.

Thank you for all your help.
tierra is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 09:21 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts