Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads

User Tag List

Extremly slow pc suspected maleware

This is a discussion on Extremly slow pc suspected maleware within the Resolved HJT Threads forums, part of the Tech Support Forum category. Hi Thanks firstly for taking the time to read my issue. My PC (originally running Windows 7) was running really


 
 
Thread Tools Search this Thread
Old 10-31-2015, 02:35 AM   #1
Registered Member
 
Join Date: Oct 2015
Posts: 27
OS: Was Win7 now Win10



Hi
Thanks firstly for taking the time to read my issue.

My PC (originally running Windows 7) was running really slow, it would sometimes take 5 minuets to action a mouse click (IE close an app, click a button etc) I did what I could with my Norton AV but after 5 days I couldn't get to the bottom of this issue. I eventually ran CCleaner, didn't help, ran windows update. This started with over 100 updates as I had turned live update off. Got down to one file which wouldn't update.

Last update I decided to try and update to Windows10. Hoping it could repair the issue.

I have also tried running the MS Malicious Software Removal Tool but because if the go slow issue it does not get to complete a scan before stalling & eventual reluctant reboot. It will perform a quick scan without crashing but that only finds one infected file (No idea what the file is from MRT) Even when running a full scan, before it locks up it says it has found 3 infected files so I figure a full scan is in order.

One last note: I called Norton help line & after remote operating my PC for a few minutes the guy informed me I had a rundll.exe file that was causing the issue. He said it was disabling a lot of things on my PC. Unfortunately the same guy then went on to try and skin me of AU$400 to help fix the problem. Sorry but I don't have $400. I have a sick PC and hope fading fast.

I have learnt several things from this. Hindsight is a wonderful thing!
- Firstly I should have backed up my PC on a restore point.
- I should have probably not turned windows update off.
- I really understand people smashing computers!

Any help will be graciously appreciated.
Here's my dds file;
PS - I hope I've posted in the right area.

EDIT: I forgot to mention that there are some other behaviours which may help diagnostics.
-Control Alt Delete does not work.
-I cannot enable windows defender (not sure if Norton has anything to do with that?)
-PC runs ok for a few minutes the instant go slow. I might get 4 mins or 30 mins before it freezes up.
-It doesn't matter what programs I am running, it can freeze up immediately after start up if I don't interact with it at all for a bit.


DDS (Ver_2012-11-20.01) - NTFS_AMD64
Internet Explorer: 11.0.10240.16412 BrowserJavaVersion: 10.71.2
Run by Mik at 20:10:45 on 2015-10-31
Microsoft Windows 10 Home 10.0.10240.0.1252.1.1033.18.16365.13443 [GMT 11:00]
.
AV: Norton 360 *Disabled/Updated* {53C7D717-52E2-B95E-FA61-6F32ECC805DB}
AV: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Windows Defender *Disabled/Updated* {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
SP: Norton 360 *Disabled/Updated* {E8A636F3-74D8-B6D0-C0D1-5440974F4F66}
FW: Norton 360 *Enabled* {6BFC5632-188D-B806-D13E-C607121B42A0}
.
============== Running Processes ===============
.
C:\WINDOWS\system32\svchost.exe -k DcomLaunch
C:\WINDOWS\system32\svchost.exe -k RPCSS
C:\WINDOWS\system32\svchost.exe -k netsvcs
C:\WINDOWS\system32\svchost.exe -k LocalSystemNetworkRestricted
C:\WINDOWS\system32\dwm.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceAndNoImpersonation
C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\WINDOWS\system32\svchost.exe -k LocalService
C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
C:\WINDOWS\system32\nvvsvc.exe
C:\WINDOWS\System32\svchost.exe -k NetworkService
C:\Program Files\IDT\WDM\STacSV64.exe
C:\WINDOWS\System32\spoolsv.exe
C:\WINDOWS\system32\svchost.exe -k LocalServiceNoNetwork
C:\Program Files\IDT\WDM\AESTSr64.exe
C:\WINDOWS\System32\svchost.exe -k utcsvc
C:\WINDOWS\system32\svchost.exe -k apphost
C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
C:\WINDOWS\system32\mqsvc.exe
C:\WINDOWS\system32\svchost.exe -k iissvcs
C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\WINDOWS\system32\svchost.exe -k appmodel
C:\WINDOWS\system32\dashost.exe
C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\N360.exe
c:\postgreSQL\bin\pg_ctl.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
C:\WINDOWS\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
c:\postgreSQL\bin\postgres.exe
c:\postgreSQL\bin\postgres.exe
c:\postgreSQL\bin\postgres.exe
c:\postgreSQL\bin\postgres.exe
c:\postgreSQL\bin\postgres.exe
C:\WINDOWS\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\N360.exe
C:\WINDOWS\system32\taskhostw.exe
C:\WINDOWS\system32\sihost.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
C:\WINDOWS\Explorer.EXE
C:\Windows\System32\RuntimeBroker.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
C:\WINDOWS\system32\ApplicationFrameHost.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
C:\Program Files\IDT\WDM\beats64.exe
C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
C:\WINDOWS\system32\browser_broker.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Program Files\IDT\WDM\sttray64.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Users\Mik\AppData\Local\Microsoft\OneDrive\OneDrive.exe
C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
C:\Program Files (x86)\ASUS\O!Direct\O!Direct.exe
C:\Program Files (x86)\Portrait Displays\HP My Display\DTHtml.exe
C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
C:\Program Files (x86)\ASUS\O!Direct\Server.exe
C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
svchost.exe
C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
C:\Program Files\CCleaner\CCleaner64.exe
C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
C:\WINDOWS\system32\svchost.exe -k UnistackSvcGroup
C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\hpsa_service.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\WINDOWS\system32\SearchFilterHost.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\microsoftedgecp.exe
C:\WINDOWS\System32\cscript.exe
.
============== Pseudo HJT Report ===============
.
uStart Page = file:///C:/Homepage/Homepage.html
uURLSearchHooks: {3bbd3c14-4c16-4989-8366-95bc9179779d} - <orphaned>
BHO: Canon Easy-WebPrint EX BHO: {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll
BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll
BHO: Java(tm) Plug-In SSV Helper: {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files (x86)\Java\jre7\bin\ssv.dll
BHO: Adobe PDF Conversion Toolbar Helper: {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
BHO: Java(tm) Plug-In 2 SSV Helper: {DBC80044-A445-435b-BC74-9C25C1C588A9} - C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll
BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll
BHO: SmartSelect Class: {F4971EE7-DAA0-4053-9964-665D8EE6A077} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Adobe PDF: {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll
TB: Canon Easy-WebPrint EX: {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll
EB: Canon Easy-WebPrint EX: {21347690-EC41-4F9A-8887-1F4AEE672439} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll
EB: {c585d593-e7f4-4852-a200-561686ee02e4} - <orphaned>
uRun: [CCleaner Monitoring] "C:\Program Files\CCleaner\CCleaner64.exe" /MONITOR
uRun: [OneDrive] "C:\Users\Mik\AppData\Local\Microsoft\OneDrive\OneDrive.exe" /background
mRun: [Norton Online Backup] C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe
mRun: [DT HPW] C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe -HPW
mRun: [O!Direct] C:\Program Files (x86)\ASUS\O!Direct\O!Direct.exe
mRun: [NUSB3MON] "C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe"
mRun: [UpdatePDRShortCut] "C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" "C:\Program Files (x86)\CyberLink\PowerDirector" UpdateWithCreateOnce "Software\CyberLink\PowerDirector\7.0"
mRun: [HP Software Update] C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\NETGEA~2.LNK - C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
StartupFolder: C:\PROGRA~3\MICROS~1\Windows\STARTM~1\Programs\StartUp\NETGEA~1.LNK - C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
uPolicies-Explorer: NoThumbnailCache = dword:1
mPolicies-System: DSCAutomationHostEnabled = dword:2
IE: E&xport to Microsoft Excel - C:\Program Files (x86)\Microsoft Office\Office12\EXCEL.EXE/3000
IE: {219C3416-8CB2-491a-A3C7-D9FCDDC9D600} - {5F7B1267-94A9-47F5-98DB-E99415F33AEC} - C:\Program Files (x86)\Windows Live\Writer\WriterBrowserExtension.dll
IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503}
DPF: {17492023-C23A-453E-A040-C7C580BBF700} - hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab
TCP: NameServer = 10.0.0.138
TCP: Interfaces\{5cf49556-ad5e-4b87-b87b-bbf31d8e3d38} : DHCPNameServer = 10.0.0.138
TCP: Interfaces\{5fadb7ea-30a2-44dd-bab5-321991cd3d04} : DHCPNameServer = 172.20.10.1
TCP: Interfaces\{8d1c909f-53e8-41f8-bfa7-07cabf70b725} : DHCPNameServer = 10.0.0.138
Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\Windows\SysWOW64\tbauth.dll
Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - C:\Program Files (x86)\Windows Live\Photo Gallery\AlbumDownloadProtocolHandler.dll
SSODL: WebCheck - <orphaned>
CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
x64-mStart Page = hxxp://start.mysearchdial.com/?f=1&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzytD0AyDzyyDzztCyDzytN0D0Tzu0CyCtDyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=27593314&ir=
x64-BHO: Norton Identity Protection: {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} - C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coieplg.dll
x64-BHO: HP Network Check Helper: {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll
x64-TB: Norton Toolbar: {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coieplg.dll
x64-Run: [Logitech Download Assistant] C:\WINDOWS\System32\rundll32.exe C:\WINDOWS\System32\LogiLDA.dll,LogiFetch
x64-Run: [BeatsOSDApp] C:\Program Files\IDT\WDM\beats64.exe
x64-Run: [hpsysdrv] c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe
x64-Run: [IAStorIcon] "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIconLaunch.exe" "C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe" 60
x64-Run: [NvBackend] "C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe"
x64-Run: [SysTrayApp] C:\Program Files\IDT\WDM\sttray64.exe
x64-mPolicies-System: DSCAutomationHostEnabled = dword:2
x64-IE: {25510184-5A38-4A99-B273-DCA8EEF6CD08} - C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\NCLauncherFromIE.exe
x64-DPF: {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} - hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
x64-Handler: tbauth - {14654CA6-5711-491D-B89A-58E571679951} - C:\WINDOWS\System32\tbauth.dll
x64-Handler: wlpg - {E43EF6CD-A37A-4A9B-9E6F-83F89B8E6324} - <orphaned>
x64-SSODL: WebCheck - <orphaned>
x64-mASetup: {2C7339CF-2B09-4501-B3F3-F3508C9228ED} - /UserInstall
x64-mASetup: {89820200-ECBD-11cf-8B85-00AA005B4340} - U
x64-CLSID: {603D3801-BD81-11d0-A3A5-00C04FD706EC} - C:\WINDOWS\System32\windows.storage.dll
.
============= SERVICES / DRIVERS ===============
.
R0 SymEFASI;Symantec Extended File Attributes (SI);C:\WINDOWS\System32\drivers\N360x64\1605040.018\symefasi64.sys [2015-10-1 1620720]
R0 WindowsTrustedRT;Windows Trusted Execution Environment Class Extension;C:\WINDOWS\System32\drivers\WindowsTrustedRT.sys [2015-7-10 106520]
R0 WindowsTrustedRTProxy;Microsoft Windows Trusted Runtime Secure Service;C:\WINDOWS\System32\drivers\WindowsTrustedRTProxy.sys [2015-7-10 17944]
R0 Wof;Windows Overlay File System Filter Driver;C:\WINDOWS\System32\drivers\wof.sys [2015-9-10 200528]
R1 ahcache;Application Compatibility Cache;C:\WINDOWS\System32\drivers\ahcache.sys [2015-7-10 215552]
R1 BHDrvx64;BHDrvx64;C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20151022.001\BHDrvx64.sys [2015-10-26 1665608]
R1 ccSet_N360;N360 Settings Manager;C:\WINDOWS\System32\drivers\N360x64\1605040.018\ccsetx64.sys [2015-10-1 173808]
R1 FileCrypt;FileCrypt;C:\WINDOWS\System32\drivers\filecrypt.sys [2015-7-10 83968]
R1 GpuEnergyDrv;GPU Energy Driver;C:\WINDOWS\System32\drivers\gpuenergydrv.sys [2015-7-10 8192]
R1 IDSVia64;IDSVia64;C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20151030.001\IDSviA64.sys [2015-10-31 767224]
R1 SymIRON;Symantec Iron Driver;C:\WINDOWS\System32\drivers\N360x64\1605040.018\ironx64.sys [2015-10-1 297720]
R1 SymNetS;Symantec Network Security WFP Driver;C:\WINDOWS\System32\drivers\N360x64\1605040.018\symnets.sys [2015-10-1 577768]
R2 AESTFilters;Andrea ST Filters Service;C:\Program Files\IDT\WDM\AESTSr64.exe [2012-3-8 89600]
R2 CoreMessagingRegistrar;CoreMessaging;C:\WINDOWS\System32\svchost.exe -k LocalServiceNoNetwork [2015-7-10 39856]
R2 DiagTrack;Diagnostics Tracking Service;C:\WINDOWS\System32\svchost.exe -k utcsvc [2015-7-10 39856]
R2 HP Support Assistant Service;HP Support Assistant Service;C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe [2013-11-4 99128]
R2 HPClientSvc;HP Client Services;C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe [2010-10-11 346168]
R2 N360;Norton 360;C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe [2015-10-1 282016]
R2 NOBU;Norton Online Backup;C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2010-6-2 2804568]
R2 postgresql-8.4;postgresql-8.4 - PostgreSQL Server 8.4;c:/postgreSQL/bin/pg_ctl.exe runservice -N "postgresql-8.4" -D "c:/postgreSQL/data" -w --> c:/postgreSQL/bin/pg_ctl.exe runservice -N postgresql-8.4 [?]
R2 Stereo Service;NVIDIA Stereoscopic 3D Driver Service;C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe [2015-10-28 410952]
R2 storqosflt;Storage QoS Filter Driver;C:\WINDOWS\System32\drivers\storqosflt.sys [2015-7-10 61952]
R2 tiledatamodelsvc;Tile Data model server;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
R2 UNS;Intel(R) Management and Security Application User Notification Service;C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe [2012-3-8 2656280]
R2 UserManager;User Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 AmUStor;AM USB Stroage Driver;C:\WINDOWS\System32\drivers\AmUStor.sys [2000-1-1 51712]
R3 AppXSvc;AppX Deployment Service (AppXSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 athur;Wireless Network Adapter Service;C:\WINDOWS\System32\drivers\athurx.sys [2013-10-18 1930240]
R3 ClipSVC;Client License Service (ClipSVC);C:\WINDOWS\System32\svchost.exe -k wsappx [2015-7-10 39856]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2015-8-7 153936]
R3 ffusb2audio;Focusrite USB 2.0 Audio Driver;C:\WINDOWS\System32\drivers\ffusb2audio.sys [2015-8-25 127280]
R3 lfsvc;Geolocation Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
R3 NcbService;Network Connection Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
R3 NdisVirtualBus;Microsoft Virtual Network Adapter Enumerator;C:\WINDOWS\System32\drivers\NdisVirtualBus.sys [2015-7-10 20992]
R3 rt640x64;Realtek RT640 NT Driver;C:\WINDOWS\System32\drivers\rt640x64.sys [2015-7-10 587264]
R3 SmbDrvI;SmbDrvI;C:\WINDOWS\System32\drivers\Smb_driver_Intel.sys [2013-10-25 34544]
R3 StateRepository;State Repository Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S0 SymELAM;Symantec ELAM Driver;C:\WINDOWS\System32\drivers\N360x64\1605040.018\symelam.sys [2015-10-1 24192]
S2 dmwappushservice;dmwappushsvc;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 DoSvc;Delivery Optimization;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S2 IAStorDataMgrSvc;Intel(R) Rapid Storage Technology;C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [2013-9-27 15720]
S2 MapsBroker;Downloaded Maps Manager;C:\WINDOWS\System32\svchost.exe -k NetworkService [2015-7-10 39856]
S2 SkypeUpdate;Skype Updater;C:\Program Files (x86)\Skype\Updater\Updater.exe [2014-12-11 315496]
S3 ADP80XX;ADP80XX;C:\WINDOWS\System32\drivers\adp80xx.sys [2015-7-10 1135456]
S3 AJRouter;AllJoyn Router Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 AppReadiness;App Readiness;C:\WINDOWS\System32\svchost.exe -k AppReadiness [2015-7-10 39856]
S3 bcmfn2;bcmfn2 Service;C:\WINDOWS\System32\drivers\bcmfn2.sys [2015-7-10 17624]
S3 BthHFSrv;Bluetooth Handsfree Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceAndNoImpersonation [2015-7-10 39856]
S3 buttonconverter;Service for Portable Device Control devices;C:\WINDOWS\System32\drivers\buttonconverter.sys [2015-10-31 36352]
S3 CapImg;HID driver for CapImg touch screen;C:\WINDOWS\System32\drivers\capimg.sys [2015-7-10 116736]
S3 CDPSvc;CDPSvc;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 DcpSvc;DataCollectionPublishingService;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DevQueryBroker;DevQuery Background Discovery Broker;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 diagnosticshub.standardcollector.service;Microsoft (R) Diagnostics Hub Standard Collector Service;C:\WINDOWS\System32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [2015-7-10 27136]
S3 DmEnrollmentSvc;Device Management Enrollment Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 DsSvc;Data Sharing Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 embeddedmode;embeddedmode;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 EntAppSvc;Enterprise App Management Service;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 genericusbfn;Generic USB Function Class;C:\WINDOWS\System32\drivers\genericusbfn.sys [2015-7-10 20992]
S3 hidinterrupt;Common Driver for HID Buttons implemented with interrupts;C:\WINDOWS\System32\drivers\hidinterrupt.sys [2015-7-10 50016]
S3 iaLPSSi_GPIO;Intel(R) Serial IO GPIO Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_GPIO.sys [2015-7-10 38128]
S3 iaLPSSi_I2C;Intel(R) Serial IO I2C Controller Driver;C:\WINDOWS\System32\drivers\iaLPSSi_I2C.sys [2015-7-10 122608]
S3 iaStorA;iaStorA;C:\WINDOWS\System32\drivers\iaStorA.sys [2013-9-27 630632]
S3 iaStorAV;Intel(R) SATA RAID Controller Windows;C:\WINDOWS\System32\drivers\iaStorAV.sys [2015-7-10 673120]
S3 ibbus;Mellanox InfiniBand Bus/AL (Filter Driver);C:\WINDOWS\System32\drivers\ibbus.sys [2015-7-10 424800]
S3 icssvc;Windows Mobile Hotspot Service;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 IEEtwCollectorService;Internet Explorer ETW Collector Service;C:\WINDOWS\System32\ieetwcollector.exe [2015-7-10 115200]
S3 intelpep;Intel(R) Power Engine Plug-in Driver;C:\WINDOWS\System32\drivers\intelpep.sys [2015-7-10 43872]
S3 IoQos;IoQos;C:\WINDOWS\System32\drivers\ioqos.sys [2015-7-10 26624]
S3 LicenseManager;Windows License Manager Service;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 LSI_SAS2i;LSI_SAS2i;C:\WINDOWS\System32\drivers\lsi_sas2i.sys [2015-7-10 104800]
S3 LSI_SAS3i;LSI_SAS3i;C:\WINDOWS\System32\drivers\lsi_sas3i.sys [2015-7-10 99168]
S3 mlx4_bus;Mellanox ConnectX Bus Enumerator;C:\WINDOWS\System32\drivers\mlx4_bus.sys [2015-7-10 705376]
S3 ndfltr;NetworkDirect Service;C:\WINDOWS\System32\drivers\ndfltr.sys [2015-7-10 76128]
S3 NetSetupSvc;Network Setup Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 netvsc;netvsc;C:\WINDOWS\System32\drivers\netvsc.sys [2015-7-10 94720]
S3 NgcCtnrSvc;Microsoft Passport Container;C:\WINDOWS\System32\svchost.exe -k LocalServiceNetworkRestricted [2015-7-10 39856]
S3 NgcSvc;Microsoft Passport;C:\WINDOWS\System32\lsass.exe [2015-7-10 56344]
S3 percsas2i;percsas2i;C:\WINDOWS\System32\drivers\percsas2i.sys [2015-7-10 58208]
S3 percsas3i;percsas3i;C:\WINDOWS\System32\drivers\percsas3i.sys [2015-7-10 58720]
S3 ReFSv1;ReFSv1;C:\WINDOWS\System32\drivers\refsv1.sys [2015-9-10 934752]
S3 RetailDemo;Retail Demo Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 ScDeviceEnum;Smart Card Device Enumeration Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SensorDataService;Sensor Data Service;C:\WINDOWS\System32\SensorDataService.exe [2015-9-10 1031680]
S3 SensorService;Sensor Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 SerCx2;Serial UART Support Library;C:\WINDOWS\System32\drivers\SerCx2.sys [2015-7-10 155488]
S3 smphost;Microsoft Storage Spaces SMP;C:\WINDOWS\System32\svchost.exe -k smphost [2015-7-10 39856]
S3 SmsRouter;Microsoft Windows SMS Router Service.;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 stornvme;Microsoft Standard NVM Express Driver;C:\WINDOWS\System32\drivers\stornvme.sys [2015-9-10 80720]
S3 storufs;Microsoft Universal Flash Storage (UFS) Driver;C:\WINDOWS\System32\drivers\storufs.sys [2015-7-10 40288]
S3 SWDUMon;SWDUMon;C:\WINDOWS\System32\drivers\SWDUMon.sys [2014-1-21 16152]
S3 UcmCx0101;USB Connector Manager KMDF Class Extension;C:\WINDOWS\System32\drivers\UcmCx.sys [2015-7-10 61952]
S3 UcmUcsi;USB Connector Manager UCSI Client;C:\WINDOWS\System32\drivers\UcmUcsi.sys [2015-9-10 46080]
S3 UdeCx;USB Device Emulation Support Library;C:\WINDOWS\System32\drivers\Udecx.sys [2015-7-10 44032]
S3 UEFI;Microsoft UEFI Driver;C:\WINDOWS\System32\drivers\uefi.sys [2015-7-10 28512]
S3 Ufx01000;USB Function Class Extension;C:\WINDOWS\System32\drivers\ufx01000.sys [2015-7-10 245088]
S3 UfxChipidea;USB Chipidea Controller;C:\WINDOWS\System32\drivers\UfxChipidea.sys [2015-7-10 94048]
S3 ufxsynopsys;USB Synopsys Controller;C:\WINDOWS\System32\drivers\ufxsynopsys.sys [2015-7-10 127840]
S3 UrsChipidea;Chipidea USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urschipidea.sys [2015-7-10 28512]
S3 UrsCx01000;USB Role-Switch Support Library;C:\WINDOWS\System32\drivers\urscx01000.sys [2015-7-10 57696]
S3 UrsSynopsys;Synopsys USB Role-Switch Driver;C:\WINDOWS\System32\drivers\urssynopsys.sys [2015-7-10 27488]
S3 USBAAPL64;Apple Mobile USB Driver;C:\WINDOWS\System32\drivers\usbaapl64.sys [2014-8-15 54784]
S3 UsoSvc;Update Orchestrator Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 vhf;Virtual HID Framework (VHF) Driver;C:\WINDOWS\System32\drivers\vhf.sys [2015-7-10 31744]
S3 vmicguestinterface;Hyper-V Guest Service Interface;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 vmicvmsession;Hyper-V VM Session Service;C:\WINDOWS\System32\svchost.exe -k LocalSystemNetworkRestricted [2015-7-10 39856]
S3 w3logsvc;W3C Logging Service;C:\WINDOWS\System32\svchost.exe -k apphost [2015-7-10 39856]
S3 WalletService;WalletService;C:\WINDOWS\System32\svchost.exe -k appmodel [2015-7-10 39856]
S3 wdiwifi;WDI Driver Framework;C:\WINDOWS\System32\drivers\WdiWiFi.sys [2015-9-10 685568]
S3 WdNisDrv;Windows Defender Network Inspection System Driver;C:\WINDOWS\System32\drivers\WdNisDrv.sys [2015-7-10 119648]
S3 WdNisSvc;Windows Defender Network Inspection Service;C:\Program Files\Windows Defender\NisSrv.exe [2015-7-10 362928]
S3 WEPHOSTSVC;Windows Encryption Provider Host Service;C:\WINDOWS\System32\svchost.exe -k WepHostSvcGroup [2015-7-10 39856]
S3 WinMad;WinMad Service;C:\WINDOWS\System32\drivers\winmad.sys [2015-7-10 26976]
S3 WinVerbs;WinVerbs Service;C:\WINDOWS\System32\drivers\winverbs.sys [2015-7-10 59232]
S3 workfolderssvc;Work Folders;C:\WINDOWS\System32\svchost.exe -k LocalService [2015-7-10 39856]
S3 WpnService;Windows Push Notifications Service;C:\WINDOWS\System32\svchost.exe -k wswpnservice [2015-7-10 39856]
S3 XblAuthManager;Xbox Live Auth Manager;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 XblGameSave;Xbox Live Game Save;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xboxgip;Xbox Game Input Protocol Driver;C:\WINDOWS\System32\drivers\xboxgip.sys [2015-7-10 222720]
S3 XboxNetApiSvc;Xbox Live Networking Service;C:\WINDOWS\System32\svchost.exe -k netsvcs [2015-7-10 39856]
S3 xinputhid;XINPUT HID Filter Driver;C:\WINDOWS\System32\drivers\xinputhid.sys [2015-7-10 25600]
S4 ABBYY.Licensing.FineReader.Sprint.9.0;ABBYY FineReader 9.0 Sprint Licensing Service;C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [2009-5-14 759048]
S4 CLKMSVC10_38F51D56;CyberLink Product - 2012/03/07 13:27:20;C:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [2011-1-26 241648]
S4 pdfcDispatcher;PDF Document Manager;C:\Program Files (x86)\PDF Complete\pdfsvc.exe [2012-3-8 1127448]
S4 wlcrasvc;Windows Live Mesh remote connections service;C:\Program Files\Windows Live\Mesh\wlcrasvc.exe [2010-9-23 57184]
.
=============== File Associations ===============
.
FileExt: .inf: inffile=C:\WINDOWS\System32\NOTEPAD.EXE %1 [UserChoice]
.
=============== Created Last 30 ================
.
2015-10-31 08:44:23 16148 ----a-w- C:\WINDOWS\System32\BIGBOSS_Mik_HistoryPrediction.bin
2015-10-31 06:42:10 -------- d-----w- C:\WINDOWS\System32\SleepStudy
2015-10-31 03:50:54 81920 ----a-w- C:\WINDOWS\eSellerateControl350.dll
2015-10-31 03:50:54 -------- d-----w- C:\Program Files (x86)\Rundll Errors Fix Wizard
2015-10-30 18:55:44 -------- dc----w- C:\WINDOWS\Panther
2015-10-30 18:55:16 -------- d-sh--w- C:\Recovery
2015-10-30 18:52:30 -------- d-----w- C:\Windows.old
2015-10-30 18:41:51 -------- d-----w- C:\WINDOWS\SysWow64\BestPractices
2015-10-30 07:54:31 -------- d-----w- C:\NVIDIA
2015-10-30 03:54:08 21871616 ----a-w- C:\WINDOWS\System32\edgehtml.dll
2015-10-30 03:54:05 18801664 ----a-w- C:\WINDOWS\SysWow64\edgehtml.dll
2015-10-30 03:54:01 3248128 ----a-w- C:\WINDOWS\System32\Windows.Media.dll
2015-10-30 03:54:00 2647040 ----a-w- C:\WINDOWS\SysWow64\Windows.Media.dll
2015-10-30 03:54:00 2418688 ----a-w- C:\WINDOWS\System32\MFMediaEngine.dll
2015-10-30 03:54:00 1392480 ----a-w- C:\WINDOWS\System32\LicenseManager.dll
2015-10-30 01:09:49 -------- d-----w- C:\Users\Mik\AppData\Local\Comms
2015-10-30 00:58:23 -------- d-----w- C:\Users\Mik\AppData\Local\Publishers
2015-10-30 00:57:17 -------- d-----w- C:\Users\Mik\AppData\Local\MicrosoftEdge
2015-10-30 00:44:32 -------- d-----r- C:\Users\Mik\OneDrive
2015-10-30 00:41:37 -------- d-----w- C:\Users\Mik\AppData\Local\Packages
2015-10-30 00:41:34 -------- d-----w- C:\Users\Mik\AppData\Local\TileDataLayer
2015-10-30 00:10:52 -------- d-----w- C:\Program Files (x86)\Common Files\SpeechEngines
2015-10-30 00:10:46 -------- d-----w- C:\Program Files\Common Files\SpeechEngines
2015-10-30 00:02:07 937616 ----a-w- C:\WINDOWS\System32\nvvsvc.exe
2015-10-30 00:02:07 6873232 ----a-w- C:\WINDOWS\System32\nvcpl.dll
2015-10-30 00:02:07 62608 ----a-w- C:\WINDOWS\System32\nvshext.dll
2015-10-30 00:02:07 4421614 ----a-w- C:\WINDOWS\System32\nvcoproc.bin
2015-10-30 00:02:07 385168 ----a-w- C:\WINDOWS\System32\nvmctray.dll
2015-10-30 00:02:07 3492168 ----a-w- C:\WINDOWS\System32\nvsvc64.dll
2015-10-30 00:02:07 2558792 ----a-w- C:\WINDOWS\System32\nvsvcr.dll
2015-10-30 00:01:58 -------- d-----w- C:\ProgramData\NVIDIA Corporation
2015-10-30 00:01:48 -------- d-----w- C:\Program Files (x86)\NVIDIA Corporation
2015-10-30 00:01:47 -------- d-----w- C:\Program Files\NVIDIA Corporation
2015-10-30 00:00:08 -------- d-----w- C:\Program Files\Synaptics
2015-10-29 19:49:36 13824 ----a-w- C:\WINDOWS\System32\TsUsbRedirectionGroupPolicyControl.exe
2015-10-28 21:29:50 -------- d-----w- C:\WINDOWS\Hewlett-Packard
2015-10-28 19:35:12 29696 ----a-w- C:\WINDOWS\System32\powertracker.dll
2015-10-27 23:24:38 -------- d-----w- C:\Users\Mik\AppData\Local\GWX
2015-10-27 23:24:15 -------- d-----w- C:\Users\Mik\AppData\Local\NVIDIA
2015-10-27 18:27:38 617288 ----a-w- C:\WINDOWS\SysWow64\nvStreaming.exe
2015-10-27 18:27:07 72904 ----a-w- C:\WINDOWS\System32\OpenCL.dll
2015-10-27 18:27:07 60744 ----a-w- C:\WINDOWS\SysWow64\OpenCL.dll
2015-10-27 08:13:33 -------- d-----r- C:\Program Files (x86)\Skype
2015-10-27 07:56:59 968704 ----a-w- C:\WINDOWS\System32\MsSpellCheckingFacility.exe
2015-10-27 07:56:58 1155072 ----a-w- C:\WINDOWS\SysWow64\mshtmlmedia.dll
2015-10-27 07:56:56 1359360 ----a-w- C:\WINDOWS\System32\mshtmlmedia.dll
2015-10-27 05:30:35 41984 ----a-w- C:\WINDOWS\System32\UtcResources.dll
2015-10-27 05:25:45 12288 ----a-w- C:\WINDOWS\System32\wu.upgrade.ps.dll
2015-10-27 01:14:37 -------- d-----w- C:\Program Files\CCleaner
2015-10-19 08:23:33 -------- d-----w- C:\WINDOWS\pss
2015-10-19 02:00:25 -------- d-----w- C:\Users\Mik\AppData\Roaming\3789
2015-10-02 05:40:50 17314496 ----a-w- C:\Program Files (x86)\Common Files\Microsoft Shared\OFFICE12\MSO.DLL
.
==================== Find3M ====================
.
2015-10-30 18:41:48 96768 ----a-w- C:\WINDOWS\SysWow64\mqoa.tlb
2015-10-21 12:45:50 541024 ----a-w- C:\WINDOWS\System32\mcupdate_GenuineIntel.dll
2015-10-21 12:44:41 459104 ----a-w- C:\WINDOWS\System32\drivers\netio.sys
2015-10-21 11:59:51 76800 ----a-w- C:\WINDOWS\System32\browserbroker.dll
2015-10-21 11:52:58 2987520 ----a-w- C:\WINDOWS\System32\esent.dll
2015-10-21 11:50:51 333312 ----a-w- C:\WINDOWS\System32\MusUpdateHandlers.dll
2015-10-21 11:48:00 1068032 ----a-w- C:\WINDOWS\System32\audiosrv.dll
2015-10-21 11:47:00 453120 ----a-w- C:\WINDOWS\System32\Windows.Devices.Usb.dll
2015-10-21 11:46:03 2179584 ----a-w- C:\WINDOWS\System32\AppXDeploymentServer.dll
2015-10-21 11:44:17 579072 ----a-w- C:\WINDOWS\System32\winlogon.exe
2015-10-21 11:44:07 713216 ----a-w- C:\WINDOWS\System32\usermgr.dll
2015-10-21 11:43:11 2675200 ----a-w- C:\WINDOWS\System32\Windows.StateRepository.dll
2015-10-21 11:42:37 627712 ----a-w- C:\WINDOWS\System32\Windows.UI.dll
2015-10-21 11:41:27 48128 ----a-w- C:\WINDOWS\apppatch\apppatch64\acspecfc.dll
2015-10-21 11:41:25 1795072 ----a-w- C:\WINDOWS\System32\AppXDeploymentExtensions.dll
2015-10-21 11:40:17 145408 ----a-w- C:\WINDOWS\System32\dssvc.dll
2015-10-21 11:38:32 502272 ----a-w- C:\WINDOWS\System32\dlnashext.dll
2015-10-21 05:53:48 961376 ----a-w- C:\WINDOWS\SysWow64\LicenseManager.dll
2015-10-21 05:08:29 1918976 ----a-w- C:\WINDOWS\SysWow64\MFMediaEngine.dll
2015-10-21 05:05:36 2639872 ----a-w- C:\WINDOWS\SysWow64\esent.dll
2015-10-21 05:03:19 311296 ----a-w- C:\WINDOWS\SysWow64\Windows.Devices.Usb.dll
2015-10-21 04:58:48 2049536 ----a-w- C:\WINDOWS\SysWow64\Windows.StateRepository.dll
2015-10-21 04:58:12 464896 ----a-w- C:\WINDOWS\SysWow64\Windows.UI.dll
2015-10-21 04:57:27 457728 ----a-w- C:\WINDOWS\apppatch\AcSpecfc.dll
2015-10-21 04:55:14 441344 ----a-w- C:\WINDOWS\SysWow64\dlnashext.dll
2015-10-16 03:10:46 810488 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerApp.exe
2015-10-16 03:10:46 176632 ----a-w- C:\WINDOWS\SysWow64\FlashPlayerCPLApp.cpl
2015-09-23 22:49:23 577768 ----a-w- C:\WINDOWS\System32\drivers\N360x64\1605040.018\symnets.sys
2015-09-23 22:49:21 930024 ----a-w- C:\WINDOWS\System32\drivers\N360x64\1605040.018\srtsp64.sys
2015-09-10 05:45:10 16148 ----a-w- C:\WINDOWS\System32\WIN-NNT08T7CH0A_Administrator_HistoryPrediction.bin
2015-09-10 05:18:58 176128 ----a-w- C:\WINDOWS\System32\drivers\rdpdr.sys
2015-09-10 05:18:50 512512 ----a-w- C:\WINDOWS\System32\SnippingTool.exe
2015-09-10 05:18:50 38912 ----a-w- C:\WINDOWS\System32\rfxvmt.dll
2015-09-10 05:18:49 23552 ----a-w- C:\WINDOWS\System32\inetppui.dll
2015-09-10 05:18:49 21504 ----a-w- C:\WINDOWS\System32\wpnpinst.exe
2015-09-10 05:18:49 165888 ----a-w- C:\WINDOWS\System32\inetpp.dll
2015-09-10 05:18:48 3603968 ----a-w- C:\WINDOWS\System32\InkAnalysis.dll
2015-09-10 05:18:47 78848 ----a-w- C:\WINDOWS\System32\DFDWiz.exe
2015-09-10 05:04:27 8704 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\fwpkclnt.sys.mui
2015-09-10 05:04:27 7168 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\ndiscap.sys.mui
2015-09-10 05:04:27 3584 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\wfplwfs.sys.mui
2015-09-10 05:04:27 3072 ----a-w- C:\WINDOWS\SysWow64\drivers\UMDF\en-US\SensorsCx.dll.mui
2015-09-10 05:04:27 12288 ----a-w- C:\WINDOWS\SysWow64\drivers\en-US\NdisImPlatform.sys.mui
2015-08-25 05:57:27 16 ----a-w- C:\Users\Mik\AppData\Roaming\msregsvv.dll
2013-07-25 20:32:50 563416 ----a-w- C:\Program Files\ISSetup.dll
2013-07-25 20:32:50 473 ----a-w- C:\Program Files\layout.bin
2013-07-25 20:32:50 327384 ----a-w- C:\Program Files\_Setup.dll
2013-03-14 14:14:24 31 ----a-w- C:\Program Files\Silent_Uninstall.bat
2013-03-14 14:14:24 12 ----a-w- C:\Program Files\Silent_Install.bat
2013-03-14 14:14:20 88680 ----a-w- C:\Program Files\AutoInst.exe
2012-05-15 10:48:00 374080 ----a-w- C:\Program Files\setup.exe
.
============= FINISH: 20:12:01.64 ===============
Boofhead1967 is offline  
Sponsored Links
Advertisement
 
Old 10-31-2015, 03:53 AM   #2
Registered Member
 
Join Date: Oct 2015
Posts: 27
OS: Was Win7 now Win10



I forgot to attach the other file.
Here it is.
Attached Files
File Type: txt attach.txt (10.3 KB, 25 views)
Boofhead1967 is offline  
Old 11-01-2015, 12:16 AM   #3
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello and Welcome to TSF.

If you haven't already, please Subscribe to this Thread to get immediate notification of replies as soon as they are posted. To do this click Thread Tools, then click Subscribe to this Thread. Make sure it is set to Instant notification by email, then click Add Subscription.

Please note that the forum is very busy and if I don't hear from you within three days this thread will be closed.

------------------------------------------------------

CCleaner

We do not recommend the use of registry cleaners, or the registry cleaner feature of CCleaner. Our colleague miekiemoes has an excellent writeup here

------------------------------------------------------

Quote:
ran windows update. This started with over 100 updates as I had turned live update off
Why did you disable automatic updates? Updates protect against known vulnerabilities to malware.

Quote:
Got down to one file which wouldn't update
Which one did not update?

Sure wish you would have seeked help before upgrading to Win10.

------------------------------------------------------

Check for additional security risks:
  • Please download CKScanner© by askey127 and save it to your desktop.
  • Double-click on CKScanner.exe and click Search For Files.
  • After a very short time, when the cursor hourglass disappears, click Save List To File. You will be prompted, just click OK.
  • Post the contents of ckfiles.txt in your next reply. It is located on your desktop.
------------------------------------------------------

Please download AdwCleaner from here and save it to your desktop.
  • Run AdwCleaner and select Scan
  • Once the Scan is done, select Cleaning
  • Once done it will ask to reboot, please allow the reboot.
  • On reboot, a log will be produced. It can also be found at C:\AdwCleaner\AdwCleaner[C#].txt
  • Please copy/paste the contents of the log in your next reply.
------------------------------------------------------

Please download Farbar Recovery Scan Tool and save it to your desktop.
  • Double-click FRST64 to run it. When the tool opens click Yes to the disclaimer.
  • Make sure the Addition.txt button is ticked.
  • Press Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please copy and paste it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). Please attach it to your reply.
------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Sponsored Links
Advertisement
 
Old 11-01-2015, 12:27 AM   #4
Registered Member
 
Join Date: Oct 2015
Posts: 27
OS: Was Win7 now Win10



Hello & thank you for your attention to my problem.
I have tried running CKScanner 3 times but each time it just freezes & does not respond.
'Should I roll back the Win10 install & go back to Win7?
Boofhead1967 is offline  
Old 11-01-2015, 01:12 AM   #5
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



You're welcome, Boofhead1967. Forget about CKScanner for now.

It appears you didn't address my questions.

Quote:
Why did you disable automatic updates?

Which one did not update after enabling automatic updates?
Also...

Quote:
Firstly I should have backed up my PC on a restore point
It appears system restore is turned off. Did you also disable system restore along with disabling Windows automatic updates?

Let's hold off on rolling back to Win7 for now. Just proceed with the rest of those previous instructions. Let me know.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-01-2015, 01:07 AM   #6
Registered Member
 
Join Date: Oct 2015
Posts: 27
OS: Was Win7 now Win10



AdwCleaner file.

As for the other questions I vaguely remember turning off updates & possibly restore when I installed Norton AV, perhaps it only asked for it to be temporary I'm not sure it was a long time ago. All I remember is some kind of conflict.



# AdwCleaner v5.015 - Logfile created 01/11/2015 at 19:56:46
# Updated 26/10/2015 by Xplode
# Database : 2015-10-29.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : Mik - BIGBOSS
# Running from : C:\Users\Mik\Desktop\adwcleaner_5.015.exe
# Option : Cleaning
# Support : Forum - ToolsLib

***** [ Services ] *****

[-] Service Deleted : swdumon

***** [ Folders ] *****

[-] Folder Deleted : C:\Program Files\slimcleaner plus
[-] Folder Deleted : C:\Program Files (x86)\globalUpdate
[-] Folder Deleted : C:\ProgramData\apn
[-] Folder Deleted : C:\ProgramData\PC Optimizer Pro
[-] Folder Deleted : C:\ProgramData\slimware utilities inc
[-] Folder Deleted : C:\Users\Mik\AppData\Local\apn
[-] Folder Deleted : C:\Users\Mik\AppData\Local\Conduit
[-] Folder Deleted : C:\Users\Mik\AppData\Local\globalUpdate
[-] Folder Deleted : C:\Users\Mik\AppData\Local\slimware utilities inc
[-] Folder Deleted : C:\Users\Mik\AppData\LocalLow\Conduit
[-] Folder Deleted : C:\Users\Mik\AppData\LocalLow\Mysearchdial
[-] Folder Deleted : C:\Users\Mik\AppData\Roaming\Mysearchdial

***** [ Files ] *****

[-] File Deleted : C:\Users\Mik\AppData\Local\mysearchdial_speedial_v9.0.2.crx
[-] File Deleted : C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_mphpbdjcljebbcnfopfngmfdackbbdgf_0.localstorage
[-] File Deleted : C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Local Storage\chrome-extension_pflphaooapbgpeakohlggbpidpppgdff_0.localstorage
[-] File Deleted : C:\WINDOWS\Reimage.ini
[-] File Deleted : C:\WINDOWS\SysNative\drivers\swdumon.sys

***** [ DLLs ] *****


***** [ Shortcuts ] *****


***** [ Scheduled tasks ] *****

[-] Task Deleted : PC Optimizer Pro Updates

***** [ Registry ] *****

[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\esrv.EXE
[-] Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc
[-] Key Deleted : HKLM\SOFTWARE\Classes\esrv.mysearchdialesrvc.1
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\REI_AxControl.DLL
[-] Key Deleted : HKCU\Software\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
[-] Key Deleted : HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
[-] Key Deleted : [x64] HKLM\SOFTWARE\Google\Chrome\Extensions\pflphaooapbgpeakohlggbpidpppgdff
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{CA5CAA63-B27C-4963-9BEC-CB16A36D56F8}
[-] Key Deleted : HKLM\SOFTWARE\Classes\AppID\{28FF42B8-A0DA-4BE5-9B81-E26DD59B350A}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{D40753C7-8A59-4C1F-BE88-C300F4624D5B}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{363F46BE-27B4-4C8D-99E7-B1E049B84376}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{90A9B7D2-3794-45EA-9E23-140E3938D2D9}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{A753A1EC-973E-4718-AF8E-A3F554D45C44}
[-] Key Deleted : HKLM\SOFTWARE\Classes\CLSID\{02AFA80F-4BEE-41FD-8572-214B58A9EF90}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{C292AD0A-C11F-479B-B8DB-743E72D283B0}
[-] Key Deleted : HKLM\SOFTWARE\Classes\TypeLib\{FA6468D2-FAA4-4951-A53B-2A5CF9CC0A36}
[-] Key Deleted : HKCU\Software\Microsoft\Windows\CurrentVersion\Ext\Settings\{10ECCE17-29B5-4880-A8F5-EAD298611484}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Stats\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{7F1796B2-BEC6-427B-B734-F9C75ED94A80}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\PreApproved\{8C338DDB-19FC-4C1F-B74D-6931EE55F7A1}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\Low Rights\ElevationPolicy\{219046AE-358F-4CF1-B1FD-2B4DE83642A8}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{9BB31AD8-5DB2-459E-A901-DEA536F23BA4}
[-] Key Deleted : [x64] HKLM\SOFTWARE\Classes\Interface\{BD51A48E-EB5F-4454-8774-EF962DF64546}
[-] Key Deleted : HKCU\Software\Conduit
[-] Key Deleted : HKCU\Software\GlobalUpdate
[-] Key Deleted : HKCU\Software\InstallCore
[-] Key Deleted : HKCU\Software\mysearchdial
[-] Key Deleted : HKCU\Software\pc optimizer pro
[-] Key Deleted : HKCU\Software\PrivitizeVPNInstallDates
[-] Key Deleted : HKCU\Software\StartSearch
[-] Key Deleted : HKCU\Software\Reimage
[-] Key Deleted : HKCU\Software\DownLite
[-] Key Deleted : HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Conduit
[-] Key Deleted : HKCU\Software\AppDataLow\Software\Crossrider
[-] Key Deleted : HKLM\SOFTWARE\Conduit
[-] Key Deleted : HKLM\SOFTWARE\Freeze.com
[-] Key Deleted : HKLM\SOFTWARE\InstallCore
[-] Key Deleted : HKLM\SOFTWARE\InstallIQ
[-] Key Deleted : HKLM\SOFTWARE\SlimWare Utilities Inc
[-] Key Deleted : HKLM\SOFTWARE\SLIMWARE UTILITIES, INC.
[!] Key Not Deleted : [x64] HKCU\Software\Conduit
[!] Key Not Deleted : [x64] HKCU\Software\GlobalUpdate
[!] Key Not Deleted : [x64] HKCU\Software\InstallCore
[!] Key Not Deleted : [x64] HKCU\Software\mysearchdial
[!] Key Not Deleted : [x64] HKCU\Software\pc optimizer pro
[!] Key Not Deleted : [x64] HKCU\Software\PrivitizeVPNInstallDates
[!] Key Not Deleted : [x64] HKCU\Software\StartSearch
[!] Key Not Deleted : [x64] HKCU\Software\Reimage
[!] Key Not Deleted : [x64] HKCU\Software\DownLite
[!] Key Not Deleted : [x64] HKCU\Software\SlimWare Utilities Inc
[-] Key Deleted : [x64] HKLM\SOFTWARE\pc optimizer pro
[-] Key Deleted : [x64] HKLM\SOFTWARE\Reimage
[!] Key Not Deleted : HKU\S-1-5-21-3809766135-4035193921-735686567-1001\Software\AppDataLow\Software\Conduit
[!] Key Not Deleted : HKU\S-1-5-21-3809766135-4035193921-735686567-1001\Software\AppDataLow\Software\Crossrider
[-] Data Restored : [x64] HKLM\SOFTWARE\Microsoft\Internet Explorer\Main [Start Page]
[-] Key Deleted : HKCU\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}
[-] Data Restored : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes [DefaultScope]
[-] Key Deleted : HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}
[!] Key Not Deleted : HKU\S-1-5-21-3809766135-4035193921-735686567-1001\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}
[!] Key Not Deleted : HKU\S-1-5-21-3809766135-4035193921-735686567-1007\Software\Microsoft\Internet Explorer\SearchScopes\{AFBCB7E0-F91A-4951-9F31-58FEE57A25C4}

***** [ Web browsers ] *****

[-] [C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Web Data] [Search Provider] Deleted : Mysearchdial.com

*************************

:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C1].txt - [7063 bytes] ##########
Boofhead1967 is offline  
Old 11-01-2015, 01:16 AM   #7
Registered Member
 
Join Date: Oct 2015
Posts: 27
OS: Was Win7 now Win10



Farbar text file 1 of 2

Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:31-10-2015
Ran by Mik (administrator) on BIGBOSS (01-11-2015 20:10:46)
Running from C:\Users\Mik\Desktop
Loaded Profiles: Mik (Available Profiles: Mik & postgres)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\3D Vision\nvSCPAPISvr.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\stacsv64.exe
(Andrea Electronics Corporation) C:\Program Files\IDT\WDM\AESTSr64.exe
() C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe
(Hewlett-Packard Company) C:\Program Files\Hewlett-Packard\HP Client Services\HPClientServices.exe
(Symantec Corporation) C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe
(Microsoft Corporation) C:\Windows\System32\mqsvc.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Windows\Microsoft.NET\Framework64\v4.0.30319\SMSvcHost.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Symantec Corporation) C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\n360.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvtray.exe
(NVIDIA Corporation) C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe
(Hewlett-Packard ) C:\Program Files\IDT\WDM\beats64.exe
(Hewlett-Packard) C:\Program Files (x86)\Hewlett-Packard\HP Odometer\hpsysdrv.exe
(IDT, Inc.) C:\Program Files\IDT\WDM\sttray64.exe
() C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
() C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe
(ASUSTeK COMPUTER INC.) C:\Program Files (x86)\ASUS\O!Direct\O!Direct.exe
(Portrait Displays, Inc) C:\Program Files (x86)\Portrait Displays\HP My Display\dthtml.exe
(Renesas Electronics Corporation) C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe
() C:\Program Files (x86)\ASUS\O!Direct\Server.exe
(Hewlett-Packard) C:\Program Files (x86)\Hp\HP Software Update\hpwuschd2.exe
(Piriform Ltd) C:\Program Files\CCleaner\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
(Intel Corporation) C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe
(Hewlett-Packard Company) C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\HPSA_Service.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\LMS\LMS.exe
(Intel Corporation) C:\Program Files (x86)\Intel\Intel(R) Management Engine Components\UNS\UNS.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [Logitech Download Assistant] => C:\Windows\system32\rundll32.exe C:\Windows\System32\LogiLDA.dll,LogiFetch
HKLM\...\Run: [BeatsOSDApp] => C:\Program Files\IDT\WDM\beats64.exe [37888 2010-10-21] (Hewlett-Packard )
HKLM\...\Run: [hpsysdrv] => c:\program files (x86)\hewlett-packard\HP odometer\hpsysdrv.exe [62768 2008-11-21] (Hewlett-Packard)
HKLM\...\Run: [IAStorIcon] => C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorIcon.exe [287592 2013-09-27] (Intel Corporation)
HKLM\...\Run: [NvBackend] => C:\Program Files (x86)\NVIDIA Corporation\Update Core\NvBackend.exe [1793736 2015-03-26] (NVIDIA Corporation)
HKLM\...\Run: [SysTrayApp] => C:\Program Files\IDT\WDM\sttray64.exe [1425408 2012-04-24] (IDT, Inc.)
HKLM-x32\...\Run: [Norton Online Backup] => C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuClient.exe [1155928 2010-06-02] (Symantec Corporation)
HKLM-x32\...\Run: [DT HPW] => C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DT_startup.exe [81920 2008-04-16] ()
HKLM-x32\...\Run: [O!Direct] => C:\Program Files (x86)\ASUS\O!Direct\O!Direct.exe [1383424 2011-04-21] (ASUSTeK COMPUTER INC.)
HKLM-x32\...\Run: [NUSB3MON] => C:\Program Files (x86)\Renesas Electronics\USB 3.0 Host Controller Driver\Application\nusb3mon.exe [113288 2010-04-27] (Renesas Electronics Corporation)
HKLM-x32\...\Run: [UpdatePDRShortCut] => C:\Program Files (x86)\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe [222504 2008-01-04] (CyberLink Corp.)
HKLM-x32\...\Run: [HP Software Update] => C:\Program Files (x86)\HP\HP Software Update\HPWuSchd2.exe [96056 2013-05-30] (Hewlett-Packard)
HKLM-x32\...\Run: [] => [X]
HKU\S-1-5-21-3809766135-4035193921-735686567-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-20] (Piriform Ltd)
HKU\S-1-5-21-3809766135-4035193921-735686567-1001\...\Policies\Explorer: [NoThumbnailCache] 1
ShellIconOverlayIdentifiers: [ OverlayExcluded] -> {4433A54A-1AC8-432F-90FC-85F045CF383C} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-28] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayPending] -> {F17C0B1E-EF8E-4AD4-8E1B-7D7E8CB23225} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-28] (Symantec Corporation)
ShellIconOverlayIdentifiers: [ OverlayProtected] -> {476D0EA3-80F9-48B5-B70B-05E677C9C148} => C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\buShell.dll [2015-08-28] (Symantec Corporation)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard..lnk [2013-10-18]
ShortcutTarget: NETGEAR WG111v2 Smart Wizard..lnk -> C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe ()
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\NETGEAR WG111v2 Smart Wizard.lnk [2013-10-18]
ShortcutTarget: NETGEAR WG111v2 Smart Wizard.lnk -> C:\Program Files (x86)\NETGEAR\WG111v2\WG111v2.exe ()

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{5cf49556-ad5e-4b87-b87b-bbf31d8e3d38}: [DhcpNameServer] 10.0.0.138
Tcpip\..\Interfaces\{5fadb7ea-30a2-44dd-bab5-321991cd3d04}: [DhcpNameServer] 172.20.10.1
Tcpip\..\Interfaces\{8d1c909f-53e8-41f8-bfa7-07cabf70b725}: [DhcpNameServer] 10.0.0.138

Internet Explorer:
==================
HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.google.com
HKU\.DEFAULT\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.symantec.com/redirects/security_response/fix_homepage/index.jsp?lg=en&pid=N360&pvid=21.6.0.32
HKU\S-1-5-21-3809766135-4035193921-735686567-1001\Software\Microsoft\Internet Explorer\Main,Start Page = file:///C:/Homepage/Homepage.html
HKU\S-1-5-21-3809766135-4035193921-735686567-1001\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = hxxp://g.jp.msn.com/HPALL/51
URLSearchHook: HKU\S-1-5-21-3809766135-4035193921-735686567-1001 - (No Name) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzytD0AyDzyyDzztCyDzytN0D0Tzu0CyCtDyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=27593314&ir=
SearchScopes: HKLM -> {0611B3F5-159E-5B71-1783-44537EAA689B} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzytD0AyDzyyDzztCyDzytN0D0Tzu0CyCtDyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=27593314&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKLM-x32 -> {3B9FECC2-348F-9CB9-A6E5-357FBB280A87} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKLM-x32 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL = hxxp://au.search.yahoo.com/search?p={searchTerms}&ei={inputEncoding}&fr=chr-hp-psg&type=HPDTDF
SearchScopes: HKLM-x32 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKLM-x32 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
SearchScopes: HKU\S-1-5-21-3809766135-4035193921-735686567-1001 -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://www.bing.com/search?q={searchTerms}&form=HPDTDF&pc=HPDTDF&src=IE-SearchBox
SearchScopes: HKU\S-1-5-21-3809766135-4035193921-735686567-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-3809766135-4035193921-735686567-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
SearchScopes: HKU\S-1-5-21-3809766135-4035193921-735686567-1001 -> {d43b3890-80c7-4010-a95d-1e77b5924dc3} URL = hxxp://en.wikipedia.org/wiki/Special:Search?search={searchTerms}
SearchScopes: HKU\S-1-5-21-3809766135-4035193921-735686567-1001 -> {D944BB61-2E34-4DBF-A683-47E505C587DC} URL = hxxp://rover.ebay.com/rover/1/5221-111072-7833-2/4?mpre=hxxp://shop.ebay.com/?_nkw={searchTerms}
BHO: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPluginx64.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: Canon Easy-WebPrint EX BHO -> {3785D0AD-BFFF-47F6-BF5B-A587C162FED9} -> C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexbho.dll [2010-11-08] (CANON INC.)
BHO-x32: Norton Identity Protection -> {602ADB0E-4AFF-4217-8AA1-95DAC4DFA408} -> C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre7\bin\ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: Adobe PDF Conversion Toolbar Helper -> {AE7CD045-E861-484f-8273-0445EE161910} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-10] (Adobe Systems Incorporated)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre7\bin\jp2ssv.dll [2014-09-26] (Oracle Corporation)
BHO-x32: HP Network Check Helper -> {E76FD755-C1BA-4DCB-9F13-99BD91223ADE} -> C:\Program Files (x86)\Hewlett-Packard\HP Support Framework\Resources\HPNetworkCheck\HPNetworkCheckPlugin.dll [2013-08-28] (Hewlett-Packard)
BHO-x32: SmartSelect Class -> {F4971EE7-DAA0-4053-9964-665D8EE6A077} -> C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine64\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKLM-x32 - Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files (x86)\Common Files\Adobe\Acrobat\ActiveX\AcroIEFavClient.dll [2013-05-10] (Adobe Systems Incorporated)
Toolbar: HKLM-x32 - Canon Easy-WebPrint EX - {759D9886-0C6F-4498-BAB6-4A5F47C6C72F} - C:\Program Files (x86)\Canon\Easy-WebPrint EX\ewpexhlp.dll [2010-11-08] (CANON INC.)
Toolbar: HKLM-x32 - Norton Toolbar - {7FEBEFE3-6B19-4349-98D2-FFB09D4B49CA} - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\coIEPlg.dll [2015-09-23] (Symantec Corporation)
Toolbar: HKU\S-1-5-21-3809766135-4035193921-735686567-1001 -> No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No File
DPF: HKLM {02BF25D5-8C17-4B23-BC80-D3488ABDDC6B} hxxp://qtinstall.apple.com/qtactivex/qtplugin.cab
DPF: HKLM-x32 {17492023-C23A-453E-A040-C7C580BBF700} hxxp://download.microsoft.com/download/E/5/6/E5611B10-0D6D-4117-8430-A67417AA88CD/LegitCheckControl.cab

FireFox:
========
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> C:\Program Files (x86)\iTunes\Mozilla Plugins\npitunes.dll [2014-02-18] ()
FF Plugin-x32: @canon.com/EPPEX -> C:\Program Files (x86)\Canon\Easy-PhotoPrint EX\NPEZFFPI.DLL [2010-04-15] (CANON INC.)
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-21] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\dtplugin\npDeployJava1.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=10.71.2 -> C:\Program Files (x86)\Java\jre7\bin\plugin2\npjp2.dll [2014-09-26] (Oracle Corporation)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3502.0922 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3508.1109 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=15.4.3555.0308 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2012-03-08] (Microsoft Corporation)
FF Plugin-x32: @nvidia.com/3DVision -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dv.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @nvidia.com/3DVisionStreaming -> C:\Program Files (x86)\NVIDIA Corporation\3D Vision\npnv3dvstreaming.dll [2015-02-05] (NVIDIA Corporation)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-09-17] (Google Inc.)
FF Plugin-x32: Adobe Acrobat -> C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Air\nppdf32.dll [2013-05-10] (Adobe Systems Inc.)
FF HKLM-x32\...\Firefox\Extensions: [[email protected]] - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn
FF Extension: Adobe Acrobat - Create PDF - C:\Program Files (x86)\Adobe\Acrobat 10.0\Acrobat\Browser\WCFirefoxExtn [2014-02-24] [not signed]
FF HKLM-x32\...\Firefox\Extensions: [{EBA722F5-038F-4CAF-9EE2-545A221628BC}] - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn
FF Extension: Norton Toolbar - C:\ProgramData\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\N360_22.5.0.124\coFFPlgn [2015-11-01]

Chrome:
=======
CHR Profile: C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Mysearchdial) - C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-09]
CHR Extension: (Mysearchdial) - C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-09]
CHR Extension: (TopArcadeHits) - C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp [2013-08-28]
CHR Extension: (Mysearchdial) - C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-09]
CHR HKLM\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-01]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [cjabmdjcfcfdmffimndhafhblfmpjdpe] - C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\Exts\Chrome.crx [2015-10-01]
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S4 ABBYY.Licensing.FineReader.Sprint.9.0; C:\Program Files (x86)\Common Files\ABBYY\FineReaderSprint\9.00\Licensing\NetworkLicenseServer.exe [759048 2009-05-14] (ABBYY)
S4 ACDaemon; C:\Program Files (x86)\Common Files\ArcSoft\Connection Service\Bin\ACService.exe [113152 2010-03-18] (ArcSoft Inc.)
S4 CLKMSVC10_38F51D56; c:\Program Files (x86)\CyberLink\PowerDVD10\NavFilter\kmsvc.exe [241648 2011-01-26] (CyberLink)
R2 DTSRVC; C:\Program Files (x86)\Common Files\Portrait Displays\Shared\DTSRVC.exe [69632 2008-04-16] () [File not signed]
S2 IAStorDataMgrSvc; C:\Program Files\Intel\Intel(R) Rapid Storage Technology\IAStorDataMgrSvc.exe [15720 2013-09-27] (Intel Corporation)
R2 MSMQ; C:\Windows\system32\mqsvc.exe [26112 2015-10-31] (Microsoft Corporation)
R2 N360; C:\Program Files (x86)\Norton 360\Engine\22.5.4.24\N360.exe [282016 2015-09-24] (Symantec Corporation)
R2 NOBU; C:\Program Files (x86)\Symantec\Norton Online Backup\NOBuAgent.exe [2804568 2010-06-02] (Symantec Corporation)
S4 pdfcDispatcher; C:\Program Files (x86)\PDF Complete\pdfsvc.exe [1127448 2011-02-01] (PDF Complete Inc)
S2 postgresql-8.4; c:\postgreSQL\bin\pg_ctl.exe [81920 2013-04-02] (PostgreSQL Global Development Group) [File not signed]
S4 RichVideo; C:\Program Files (x86)\CyberLink\Shared files\RichVideo.exe [247152 2009-02-16] ()
S3 w3logsvc; C:\Windows\system32\inetsrv\w3logsvc.dll [84480 2015-10-31] (Microsoft Corporation)
R2 W3SVC; C:\Windows\system32\inetsrv\iisw3adm.dll [578560 2015-10-31] (Microsoft Corporation)
S3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
S3 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 AnyDVD; C:\Windows\System32\Drivers\AnyDVD.sys [138664 2014-04-25] (SlySoft, Inc.)
R3 AnyDVD; C:\Windows\SysWOW64\Drivers\AnyDVD.sys [138664 2014-04-25] (SlySoft, Inc.)
R1 BHDrvx64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\BASHDefs\20151022.001\BHDrvx64.sys [1665608 2015-10-09] (Symantec Corporation)
R1 ccSet_N360; C:\Windows\system32\drivers\N360x64\1605040.018\ccSetx64.sys [173808 2015-07-11] (Symantec Corporation)
R1 eeCtrl; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\eeCtrl64.sys [498512 2015-07-28] (Symantec Corporation)
R3 EraserUtilRebootDrv; C:\Program Files (x86)\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [155456 2015-10-27] (Symantec Corporation)
R3 ffusb2audio; C:\Windows\system32\DRIVERS\ffusb2audio.sys [127280 2013-09-25] (Focusrite Audio Engineering Limited.)
R1 IDSVia64; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\IPSDefs\20151030.001\IDSvia64.sys [767224 2015-10-20] (Symantec Corporation)
R3 MQAC; C:\Windows\System32\drivers\mqac.sys [175104 2015-10-31] (Microsoft Corporation)
R3 NAVENG; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20151031.001\ENG64.SYS [138488 2015-10-27] (Symantec Corporation)
R3 NAVEX15; C:\Program Files (x86)\Norton 360\NortonData\22.5.0.124\Definitions\VirusDefs\20151031.001\EX64.SYS [2148080 2015-10-27] (Symantec Corporation)
R3 PdiPorts; C:\Windows\System32\drivers\PdiPorts.sys [19248 2006-11-16] (Portrait Displays, Inc.)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-06-18] (Realtek )
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [34544 2013-10-25] (Synaptics Incorporated)
R1 SRTSP; C:\Windows\System32\Drivers\N360x64\1605040.018\SRTSP64.SYS [930024 2015-09-24] (Symantec Corporation)
R1 SRTSPX; C:\Windows\system32\drivers\N360x64\1605040.018\SRTSPX64.SYS [50936 2015-07-11] (Symantec Corporation)
R0 SymEFASI; C:\Windows\System32\drivers\N360x64\1605040.018\SYMEFASI64.SYS [1620720 2015-07-11] (Symantec Corporation)
S0 SymELAM; C:\Windows\System32\drivers\N360x64\1605040.018\SymELAM.sys [24192 2015-07-11] (Symantec Corporation)
R3 SymEvent; C:\Windows\system32\Drivers\SYMEVENT64x86.SYS [111344 2015-07-26] (Symantec Corporation)
R1 SymIRON; C:\Windows\system32\drivers\N360x64\1605040.018\Ironx64.SYS [297720 2015-07-11] (Symantec Corporation)
R1 SymNetS; C:\Windows\System32\Drivers\N360x64\1605040.018\SYMNETS.SYS [577768 2015-09-24] (Symantec Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 WdBoot; C:\Windows\system32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
S3 WdFilter; C:\Windows\system32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
S3 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
U3 idsvc; no ImagePath
U5 RTL2832UUSB; C:\Windows\SysWOW64\Drivers\RTL2832UUSB.sys [38944 2009-10-26] (REALTEK SEMICONDUCTOR Corp.)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
U3 wpcsvc; no ImagePath

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-01 20:10 - 2015-11-01 20:11 - 00023164 _____ C:\Users\Mik\Desktop\FRST.txt
2015-11-01 20:10 - 2015-11-01 20:10 - 00000000 ____D C:\FRST
2015-11-01 20:09 - 2015-11-01 20:09 - 02198016 _____ (Farbar) C:\Users\Mik\Desktop\frst64.exe
2015-11-01 19:59 - 2015-11-01 19:59 - 00016148 _____ C:\WINDOWS\system32\BIGBOSS_Mik_HistoryPrediction.bin
2015-11-01 19:55 - 2015-11-01 19:56 - 00000000 ____D C:\AdwCleaner
2015-11-01 19:54 - 2015-11-01 19:55 - 01694208 _____ C:\Users\Mik\Desktop\adwcleaner_5.015.exe
2015-11-01 18:19 - 2015-11-01 18:21 - 00468480 _____ () C:\Users\Mik\Desktop\CKScanner.exe
2015-10-31 23:33 - 2015-10-31 23:33 - 00204496 _____ (Malwarebytes) C:\Users\Mik\Desktop\startuplite-setup-1.07.exe
2015-10-31 21:53 - 2015-10-31 21:53 - 00010551 _____ C:\Users\Mik\Downloads\attach.txt
2015-10-31 20:14 - 2015-10-31 20:14 - 00010551 _____ C:\Users\Mik\Desktop\attach.txt
2015-10-31 20:14 - 2015-10-31 20:12 - 00033191 _____ C:\Users\Mik\Desktop\dds.txt
2015-10-31 20:13 - 2015-10-31 20:13 - 00688992 _____ (Swearware) C:\Users\Mik\Downloads\dds (2).scr
2015-10-31 20:12 - 2015-10-31 20:12 - 00688992 _____ (Swearware) C:\Users\Mik\Downloads\dds (1).scr
2015-10-31 20:10 - 2015-10-31 20:10 - 00688992 ____R (Swearware) C:\Users\Mik\Downloads\dds.scr
2015-10-31 19:04 - 2015-10-31 19:04 - 00000214 _____ C:\WINDOWS\Tasks\CreateExplorerShellUnelevatedTask.job
2015-10-31 17:42 - 2015-10-31 17:42 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-10-31 14:50 - 2015-10-31 14:50 - 00001397 _____ C:\Users\Mik\Desktop\Rundll Errors Fix Wizard.lnk
2015-10-31 14:50 - 2015-10-31 14:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rundll Errors Fix Wizard
2015-10-31 14:50 - 2015-10-31 14:50 - 00000000 ____D C:\Program Files (x86)\Rundll Errors Fix Wizard
2015-10-31 14:50 - 2011-02-17 18:35 - 00081920 _____ (eSellerate Inc.) C:\WINDOWS\eSellerateControl350.dll
2015-10-31 14:49 - 2015-10-31 14:50 - 01933872 _____ (Security Stronghold ) C:\Users\Mik\Downloads\RundllErrorsFixWizard.exe
2015-10-31 11:24 - 2015-11-01 14:14 - 00004146 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{C2BAB5AA-54FE-45FE-A2BE-4A2F6301063C}
2015-10-31 11:24 - 2015-10-31 11:24 - 00000318 _____ C:\Users\Mik\Documents\01.txt
2015-10-31 11:02 - 2015-10-31 11:03 - 01570040 _____ (LogMeIn, Inc.) C:\Users\Mik\Downloads\Support-LogMeInRescue.exe
2015-10-31 10:27 - 2015-10-31 11:11 - 00000120 _____ C:\Users\Mik\Downloads\FixKlez.log
2015-10-31 10:23 - 2015-10-31 10:23 - 00100472 _____ (Symantec Corporation) C:\Users\Mik\Downloads\FixKlez.com
2015-10-31 05:55 - 2015-10-30 14:33 - 00000000 ___DC C:\WINDOWS\Panther
2015-10-31 05:55 - 2015-10-30 11:05 - 00000000 __SHD C:\Recovery
2015-10-31 05:52 - 2015-10-31 05:52 - 00000000 ____D C:\Windows.old
2015-10-31 05:51 - 2015-10-31 05:51 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-31 05:51 - 2015-10-31 05:51 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 07055872 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 06572032 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanmm.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 06487248 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 05120056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 05079552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 03781120 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-31 05:51 - 2015-10-31 05:51 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 02824248 _____ (Microsoft Corporation) C:\WINDOWS\system32\msmpeg2vdec.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 02740224 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 02660864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 02494712 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 02464216 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 02446648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msmpeg2vdec.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 02432336 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tcpip.sys
2015-10-31 05:51 - 2015-10-31 05:51 - 02236416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 02228736 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlansvc.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 02226688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 02207232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 02156400 _____ (Microsoft Corporation) C:\WINDOWS\system32\hevcdecoder.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 02154808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 02093056 _____ (Microsoft Corporation) C:\WINDOWS\system32\wlidsvc.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01983824 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-10-31 05:51 - 2015-10-31 05:51 - 01895568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hevcdecoder.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01844736 _____ (Microsoft Corporation) C:\WINDOWS\system32\workfolderssvc.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01812480 _____ (Microsoft Corporation) C:\WINDOWS\system32\pnidui.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01766952 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01563472 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01563392 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-31 05:51 - 2015-10-31 05:51 - 01357888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01331200 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01295712 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpx.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-31 05:51 - 2015-10-31 05:51 - 01290240 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01216512 _____ (Microsoft Corporation) C:\WINDOWS\system32\netcenter.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01213440 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01203712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01181696 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01171456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\netcenter.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-10-31 05:51 - 2015-10-31 05:51 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-31 05:51 - 2015-10-31 05:51 - 01104384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-31 05:51 - 2015-10-31 05:51 - 01010176 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-31 05:51 - 2015-10-31 05:51 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\system32\JpMapControl.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00910848 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00899584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00894256 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\Wdf01000.sys
2015-10-31 05:51 - 2015-10-31 05:51 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-31 05:51 - 2015-10-31 05:51 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\MPSSVC.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00828928 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00809352 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00784136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00781976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfds.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00780288 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00764416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00701952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\JpMapControl.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00690688 _____ (Microsoft Corporation) C:\WINDOWS\system32\CellularAPI.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapControlCore.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00671232 _____ (Microsoft Corporation) C:\WINDOWS\system32\WUDFx02000.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00658528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfds.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00646672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00621056 _____ (Microsoft Corporation) C:\WINDOWS\system32\enterprisecsps.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00591360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00587264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00584656 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00570880 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00555768 _____ (Microsoft Corporation) C:\WINDOWS\system32\directmanipulation.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00553808 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingSyncHost.exe
2015-10-31 05:51 - 2015-10-31 05:51 - 00537080 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWanAPI.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00526336 _____ (Microsoft Corporation) C:\WINDOWS\system32\bisrv.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00521728 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00517632 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00516448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-10-31 05:51 - 2015-10-31 05:51 - 00513536 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngcsvc.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00512000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00508248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mf.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-10-31 05:51 - 2015-10-31 05:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\system32\DataSenseHandlers.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-31 05:51 - 2015-10-31 05:51 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00483328 _____ (Microsoft Corporation) C:\WINDOWS\system32\OneDriveSettingSyncProvider.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00476760 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFCaptureEngine.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00467968 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwanconn.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00454656 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00454512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\directmanipulation.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00441168 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SettingSyncHost.exe
2015-10-31 05:51 - 2015-10-31 05:51 - 00439296 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWebproxy.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00434376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFCaptureEngine.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00428128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWanAPI.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00414208 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentClient.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00408064 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00407608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00406864 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\FWPKCLNT.SYS
2015-10-31 05:51 - 2015-10-31 05:51 - 00403456 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmenrollengine.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00395088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-10-31 05:51 - 2015-10-31 05:51 - 00387584 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00378368 _____ (Microsoft Corporation) C:\WINDOWS\system32\SystemEventsBrokerServer.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\OneDriveSettingSyncProvider.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00371712 _____ (Microsoft Corporation) C:\WINDOWS\system32\nlasvc.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00347136 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncryptprov.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00346112 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngccredprov.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00342016 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationGeofences.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00336384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00332624 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\fastfat.sys
2015-10-31 05:51 - 2015-10-31 05:51 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00320000 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\portcls.sys
2015-10-31 05:51 - 2015-10-31 05:51 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00313856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00312832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppXDeploymentClient.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00281600 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00278352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\sdbus.sys
2015-10-31 05:51 - 2015-10-31 05:51 - 00274944 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncutil.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00269312 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ncryptprov.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationFramework.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00267776 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Management.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00253440 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00243760 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00224256 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCore.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00221184 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeWiFi.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00215552 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationCrowdsource.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00204800 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeCell.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\accountaccessor.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Management.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationPeIP.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmregistration.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\mdmmigrator.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00160256 _____ (Microsoft Corporation) C:\WINDOWS\system32\enrollmentapi.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00154624 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcertinst.exe
2015-10-31 05:51 - 2015-10-31 05:51 - 00149504 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00145920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mdmregistration.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00143360 _____ (Microsoft Corporation) C:\WINDOWS\system32\provops.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00137728 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00121856 _____ (Microsoft Corporation) C:\WINDOWS\system32\dmcsps.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-10-31 05:51 - 2015-10-31 05:51 - 00118272 _____ (Microsoft Corporation) C:\WINDOWS\system32\KnobsCsp.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00106496 _____ (Microsoft Corporation) C:\WINDOWS\system32\KeywordDetectorMsftSidAdapter.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00102304 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmapi.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00099664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pdc.sys
2015-10-31 05:51 - 2015-10-31 05:51 - 00095744 _____ (Microsoft Corporation) C:\WINDOWS\system32\LocationWiFiAdapter.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00088384 _____ (Microsoft Corporation) C:\WINDOWS\system32\remoteaudioendpoint.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00088064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ngckeyenum.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\MDMAppInstaller.exe
2015-10-31 05:51 - 2015-10-31 05:51 - 00083968 _____ (Microsoft Corporation) C:\WINDOWS\system32\DeviceEnroller.exe
2015-10-31 05:51 - 2015-10-31 05:51 - 00079872 _____ (Microsoft Corporation) C:\WINDOWS\system32\HttpsDataSource.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00074880 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\remoteaudioendpoint.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00073728 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwancfg.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseDesktopAppMgmtCSP.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\usoapi.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00053760 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Speech.Pal.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00041472 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Speech.Pal.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00036352 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\buttonconverter.sys
2015-10-31 05:51 - 2015-10-31 05:51 - 00030208 _____ (Microsoft Corporation) C:\WINDOWS\system32\syncmlhook.dll
2015-10-31 05:51 - 2015-10-31 05:51 - 00026624 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-10-31 05:48 - 2015-10-31 05:48 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-10-31 05:41 - 2015-10-31 05:41 - 00000000 ____D C:\WINDOWS\SysWOW64\BestPractices
2015-10-31 05:41 - 2015-10-31 05:41 - 00000000 ____D C:\WINDOWS\system32\msmq
2015-10-31 05:41 - 2015-10-31 05:41 - 00000000 ____D C:\WINDOWS\system32\BestPractices
2015-10-31 05:41 - 2015-10-31 05:41 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-10-31 05:41 - 2015-10-31 05:41 - 00000000 ____D C:\Program Files\MSBuild
2015-10-31 05:41 - 2015-10-31 05:41 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-10-31 05:41 - 2015-10-31 05:41 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-10-31 05:41 - 2015-10-31 05:41 - 00000000 ____D C:\inetpub
2015-10-31 05:41 - 2015-06-18 13:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-10-31 05:41 - 2015-06-18 13:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-10-31 05:41 - 2015-06-18 13:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-10-31 05:41 - 2015-05-30 16:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-10-31 05:41 - 2015-05-30 16:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-10-31 05:41 - 2015-05-30 16:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-10-30 18:54 - 2015-10-30 18:54 - 00000000 ____D C:\NVIDIA
2015-10-30 18:18 - 2015-10-30 18:52 - 301556840 _____ (NVIDIA Corporation) C:\Users\Mik\Downloads\358.50-desktop-win8-win7-winvista-64bit-international-whql.exe
2015-10-30 16:12 - 2015-10-30 16:12 - 00000039 _____ C:\WINDOWS\setupact.log
2015-10-30 16:12 - 2015-10-30 16:12 - 00000000 _____ C:\WINDOWS\setuperr.log
2015-10-30 15:47 - 2015-11-01 20:05 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-10-30 14:54 - 2015-10-28 10:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-30 14:54 - 2015-10-28 10:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-30 14:54 - 2015-10-21 23:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-30 14:54 - 2015-10-21 23:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-30 14:54 - 2015-10-21 23:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-30 14:54 - 2015-10-21 22:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-30 14:54 - 2015-10-21 16:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-30 14:54 - 2015-10-21 16:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-30 14:53 - 2015-10-21 23:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-10-30 14:53 - 2015-10-21 23:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-10-30 14:53 - 2015-10-21 23:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-30 14:53 - 2015-10-21 22:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-10-30 14:53 - 2015-10-21 22:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-30 14:53 - 2015-10-21 22:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-10-30 14:53 - 2015-10-21 22:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-30 14:53 - 2015-10-21 22:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-10-30 14:53 - 2015-10-21 22:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-30 14:53 - 2015-10-21 22:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-30 14:53 - 2015-10-21 22:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-10-30 14:53 - 2015-10-21 22:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-30 14:53 - 2015-10-21 22:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-10-30 14:53 - 2015-10-21 22:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-30 14:53 - 2015-10-21 22:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-30 14:53 - 2015-10-21 22:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-10-30 14:53 - 2015-10-21 22:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-10-30 14:53 - 2015-10-21 16:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-30 14:53 - 2015-10-21 16:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-30 14:53 - 2015-10-21 16:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-30 14:53 - 2015-10-21 16:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-30 14:53 - 2015-10-21 16:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-30 14:53 - 2015-10-21 16:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-10-30 14:53 - 2015-10-21 15:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-10-30 14:53 - 2015-10-21 15:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-30 14:53 - 2015-10-21 15:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-10-30 12:09 - 2015-10-30 12:09 - 00000000 ____D C:\Users\Mik\AppData\Local\Comms
2015-10-30 11:58 - 2015-10-30 11:58 - 00000000 ____D C:\Users\Mik\AppData\Local\Publishers
2015-10-30 11:57 - 2015-10-30 12:11 - 00000000 ____D C:\Users\Mik\AppData\Local\MicrosoftEdge
2015-10-30 11:45 - 2015-10-30 11:45 - 00001049 _____ C:\Users\Mik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2015-10-30 11:44 - 2015-10-30 11:44 - 00002369 _____ C:\Users\Mik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-30 11:44 - 2015-10-30 11:44 - 00000000 ___RD C:\Users\Mik\OneDrive
2015-10-30 11:41 - 2015-10-30 14:55 - 00000000 ____D C:\Users\Mik\AppData\Local\Packages
2015-10-30 11:41 - 2015-10-30 11:41 - 00000020 ___SH C:\Users\Mik\ntuser.ini
2015-10-30 11:41 - 2015-10-30 11:41 - 00000000 ____D C:\Users\Mik\AppData\Local\TileDataLayer
2015-10-30 11:34 - 2015-10-30 11:34 - 00022744 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-10-30 11:26 - 2015-10-30 11:26 - 00000020 ___SH C:\Users\postgres\ntuser.ini
2015-10-30 11:18 - 2015-10-30 11:18 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector
2015-10-30 11:18 - 2015-10-30 11:18 - 00000000 ____D C:\Users\Default\AppData\Roaming\Macromedia
2015-10-30 11:18 - 2015-10-30 11:18 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-10-30 11:18 - 2015-10-30 11:18 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector
2015-10-30 11:18 - 2015-10-30 11:18 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Macromedia
2015-10-30 11:18 - 2015-10-30 11:18 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-10-30 11:17 - 2015-10-30 11:17 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-10-30 11:10 - 2015-10-30 11:10 - 00000000 ____D C:\Program Files\Common Files\SpeechEngines
2015-10-30 11:08 - 2015-11-01 19:57 - 00000000 ____D C:\Users\Mik
2015-10-30 11:08 - 2015-11-01 19:56 - 00000000 ____D C:\Users\postgres
2015-10-30 11:08 - 2015-10-30 11:41 - 00000000 ___RD C:\Users\Mik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-30 11:08 - 2015-10-30 11:09 - 00000000 ___RD C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-30 11:08 - 2015-07-31 09:42 - 00000000 __RSD C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-30 11:08 - 2015-07-31 09:42 - 00000000 __RSD C:\Users\Mik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-30 11:08 - 2015-07-31 09:42 - 00000000 ___RD C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-30 11:08 - 2015-07-31 09:42 - 00000000 ___RD C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-30 11:08 - 2015-07-31 09:42 - 00000000 ___RD C:\Users\Mik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-30 11:08 - 2015-07-31 09:42 - 00000000 ___RD C:\Users\Mik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-30 11:08 - 2015-07-31 09:42 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-30 11:08 - 2015-07-31 09:42 - 00000000 ____D C:\Users\Mik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-30 11:05 - 2015-11-01 20:04 - 01011546 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-30 11:05 - 2015-10-30 11:28 - 01004122 _____ C:\WINDOWS\SysWOW64\PerfStringBackup.INI
2015-10-30 11:02 - 2015-11-01 19:58 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-30 11:02 - 2015-06-17 17:30 - 06873232 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-10-30 11:02 - 2015-06-17 17:30 - 03492168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-10-30 11:02 - 2015-06-17 17:30 - 02558792 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-10-30 11:02 - 2015-06-17 17:30 - 00937616 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-10-30 11:02 - 2015-06-17 17:30 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-10-30 11:02 - 2015-06-17 17:30 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-10-30 11:02 - 2015-06-14 15:18 - 04421614 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-10-30 11:01 - 2015-10-30 11:11 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-30 11:01 - 2015-10-30 11:10 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-10-30 11:01 - 2015-10-30 11:10 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-10-30 11:00 - 2015-10-30 11:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-10-30 11:00 - 2015-10-30 11:00 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-10-30 11:00 - 2015-10-30 11:00 - 00000000 ____D C:\Program Files\Synaptics
2015-10-30 10:58 - 2015-10-30 10:59 - 00028846 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-10-30 06:49 - 2013-10-02 13:11 - 00013824 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsUsbRedirectionGroupPolicyControl.exe
2015-10-29 12:47 - 2015-10-30 11:35 - 00019911 _____ C:\WINDOWS\diagerr.xml
2015-10-29 12:47 - 2015-10-30 11:35 - 00017148 _____ C:\WINDOWS\diagwrn.xml
2015-10-29 08:29 - 2015-10-29 08:29 - 00000000 ____D C:\WINDOWS\Hewlett-Packard
2015-10-29 06:35 - 2015-01-09 14:14 - 00029696 _____ (Microsoft Corporation) C:\WINDOWS\system32\powertracker.dll
2015-10-28 10:24 - 2015-10-28 10:24 - 00000000 ____D C:\Users\Mik\AppData\Local\NVIDIA
2015-10-28 10:24 - 2015-10-28 10:24 - 00000000 ____D C:\Users\Mik\AppData\Local\GWX
2015-10-28 05:27 - 2015-03-26 07:14 - 00072904 _____ (Khronos Group) C:\WINDOWS\system32\OpenCL.dll
2015-10-28 05:27 - 2015-03-26 07:14 - 00060744 _____ (Khronos Group) C:\WINDOWS\SysWOW64\OpenCL.dll
2015-10-28 05:27 - 2015-02-05 05:48 - 00617288 _____ (NVIDIA Corporation) C:\WINDOWS\SysWOW64\nvStreaming.exe
2015-10-27 19:13 - 2015-10-30 11:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-27 19:13 - 2015-10-27 19:13 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-27 18:56 - 2015-09-16 15:01 - 00968704 _____ (Microsoft Corporation) C:\WINDOWS\system32\MsSpellCheckingFacility.exe
2015-10-27 18:56 - 2015-09-16 14:28 - 01359360 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtmlmedia.dll
2015-10-27 18:56 - 2015-09-16 13:55 - 01155072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtmlmedia.dll
2015-10-27 16:30 - 2015-07-23 03:48 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\UtcResources.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00066400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-private-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00063840 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-private-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00022368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-math-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-math-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00019808 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-multibyte-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-string-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-string-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00017760 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-stdio-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00016224 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-runtime-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-convert-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00015712 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-convert-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-time-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-localization-l1-2-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-time-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00014176 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-localization-l1-2-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00013664 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-filesystem-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-process-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-heap-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-conio-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-process-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-heap-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00012640 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-conio-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-utility-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-locale-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-crt-environment-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-synch-l1-2-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-utility-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-locale-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-crt-environment-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-synch-l1-2-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00012128 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-processthreads-l1-1-1.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-xstate-l2-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-timezone-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l2-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\api-ms-win-core-file-l1-2-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-eventing-provider-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-xstate-l2-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-timezone-l1-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l2-1-0.dll
2015-10-27 16:28 - 2015-07-19 00:08 - 00011616 _____ (Microsoft Corporation) C:\WINDOWS\system32\api-ms-win-core-file-l1-2-0.dll
2015-10-27 16:25 - 2015-09-26 05:06 - 00012288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wu.upgrade.ps.dll
2015-10-27 12:23 - 2015-10-30 14:35 - 00000000 ____D C:\Users\Mik\Documents\Registry Backup
2015-10-27 12:14 - 2015-10-30 11:34 - 00002894 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-10-27 12:14 - 2015-10-30 11:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-10-27 12:14 - 2015-10-27 12:14 - 00000824 _____ C:\Users\Public\Desktop\CCleaner.lnk
2015-10-27 12:14 - 2015-10-27 12:14 - 00000000 ____D C:\Program Files\CCleaner
2015-10-19 19:23 - 2015-10-19 19:23 - 00000000 ____D C:\WINDOWS\pss
2015-10-19 13:00 - 2015-10-19 13:00 - 00000000 ____D C:\Users\Mik\AppData\Roaming\3789
2015-10-07 16:19 - 2015-11-01 20:04 - 00000000 ____D C:\WINDOWS\System32\Tasks\Norton 360

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-01 20:00 - 2012-06-18 10:36 - 00000894 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-11-01 19:59 - 2012-07-02 01:59 - 00000410 _____ C:\WINDOWS\Tasks\PC Optimizer Pro64 startups.job
2015-11-01 19:58 - 2015-07-31 08:52 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-11-01 19:57 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\system32\sru
2015-11-01 19:57 - 2015-07-10 20:05 - 00131072 ___SH C:\WINDOWS\system32\config\BBI
2015-11-01 18:48 - 2012-06-18 10:36 - 00000898 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-11-01 14:30 - 2015-01-10 14:30 - 00000362 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Mik).job
2015-11-01 13:52 - 2012-06-12 14:02 - 00000000 ____D C:\ProgramData\Recovery
2015-11-01 11:33 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-31 18:59 - 2012-06-25 13:29 - 00000000 ____D C:\Users\Mik\AppData\Local\CrashDumps
2015-10-31 10:57 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-10-31 10:26 - 2013-05-19 15:49 - 00000000 ____D C:\Users\Mik\AppData\Local\NPE
2015-10-31 10:11 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\appcompat
2015-10-31 10:11 - 2012-05-28 19:01 - 00157976 _____ C:\Users\Mik\AppData\Local\GDIPFONTCACHEV1.DAT
2015-10-31 05:55 - 2015-07-31 09:42 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-10-31 05:52 - 2015-07-31 09:42 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-31 05:52 - 2015-07-31 09:42 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-31 05:52 - 2015-07-31 09:42 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-31 05:52 - 2015-07-31 09:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-31 05:52 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-31 05:52 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-31 05:52 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-31 05:52 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-31 05:41 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-10-31 05:41 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-10-31 05:41 - 2015-07-10 16:13 - 00009096 _____ C:\WINDOWS\SysWOW64\msmqtrc.mof
2015-10-31 05:41 - 2015-07-10 16:02 - 00009096 _____ C:\WINDOWS\system32\msmqtrc.mof
2015-10-31 05:41 - 2015-07-10 14:36 - 00635904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqsnap.dll
2015-10-31 05:41 - 2015-07-10 14:36 - 00562176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqutil.dll
2015-10-31 05:41 - 2015-07-10 14:36 - 00265728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.dll
2015-10-31 05:41 - 2015-07-10 14:36 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisRtl.dll
2015-10-31 05:41 - 2015-07-10 14:36 - 00161792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqrt.dll
2015-10-31 05:41 - 2015-07-10 14:36 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa.tlb
2015-10-31 05:41 - 2015-07-10 14:36 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa30.tlb
2015-10-31 05:41 - 2015-07-10 14:36 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa20.tlb
2015-10-31 05:41 - 2015-07-10 14:36 - 00050688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\admwprox.dll
2015-10-31 05:41 - 2015-07-10 14:36 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqoa10.tlb
2015-10-31 05:41 - 2015-07-10 14:36 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ahadmin.dll
2015-10-31 05:41 - 2015-07-10 14:36 - 00016896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisreset.exe
2015-10-31 05:41 - 2015-07-10 14:36 - 00014848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mqcertui.dll
2015-10-31 05:41 - 2015-07-10 14:36 - 00011264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wamregps.dll
2015-10-31 05:41 - 2015-07-10 14:36 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iisrstap.dll
2015-10-31 05:41 - 2015-07-10 14:26 - 01417728 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqqm.dll
2015-10-31 05:41 - 2015-07-10 14:25 - 00813056 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsnap.dll
2015-10-31 05:41 - 2015-07-10 14:25 - 00564224 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqutil.dll
2015-10-31 05:41 - 2015-07-10 14:25 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.dll
2015-10-31 05:41 - 2015-07-10 14:25 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqrt.dll
2015-10-31 05:41 - 2015-07-10 14:25 - 00202240 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisRtl.dll
2015-10-31 05:41 - 2015-07-10 14:25 - 00175104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mqac.sys
2015-10-31 05:41 - 2015-07-10 14:25 - 00096768 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa.tlb
2015-10-31 05:41 - 2015-07-10 14:25 - 00091136 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa30.tlb
2015-10-31 05:41 - 2015-07-10 14:25 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa20.tlb
2015-10-31 05:41 - 2015-07-10 14:25 - 00055808 _____ (Microsoft Corporation) C:\WINDOWS\system32\admwprox.dll
2015-10-31 05:41 - 2015-07-10 14:25 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\ahadmin.dll
2015-10-31 05:41 - 2015-07-10 14:25 - 00052736 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqbkup.exe
2015-10-31 05:41 - 2015-07-10 14:25 - 00037376 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqoa10.tlb
2015-10-31 05:41 - 2015-07-10 14:25 - 00026112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqsvc.exe
2015-10-31 05:41 - 2015-07-10 14:25 - 00018944 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqcertui.dll
2015-10-31 05:41 - 2015-07-10 14:25 - 00018432 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisreset.exe
2015-10-31 05:41 - 2015-07-10 14:25 - 00015360 _____ (Microsoft Corporation) C:\WINDOWS\system32\wamregps.dll
2015-10-31 05:41 - 2015-07-10 14:25 - 00013312 _____ (Microsoft Corporation) C:\WINDOWS\system32\iisrstap.dll
2015-10-31 05:41 - 2015-07-10 14:20 - 00130048 _____ (Microsoft Corporation) C:\WINDOWS\system32\mqlogmgr.dll
2015-10-30 16:17 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-30 16:09 - 2015-07-31 08:49 - 00476568 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-30 14:55 - 2015-07-31 09:25 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-30 11:46 - 2015-09-10 16:09 - 00000000 ____D C:\WINDOWS\OCR
2015-10-30 11:37 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\rescache
2015-10-30 11:34 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\Registration
2015-10-30 11:34 - 2015-02-11 11:12 - 00003092 _____ C:\WINDOWS\System32\Tasks\{D2EC3CA0-0B44-4EAD-8387-75DB102D3F2B}
2015-10-30 11:34 - 2015-02-11 11:11 - 00003092 _____ C:\WINDOWS\System32\Tasks\{43DE9897-5F3F-4E85-97C0-063F8D0616CD}
2015-10-30 11:34 - 2015-02-11 11:10 - 00003092 _____ C:\WINDOWS\System32\Tasks\{8B2D61CC-C465-4B3A-A247-4ACC14648A78}
2015-10-30 11:34 - 2015-02-11 11:09 - 00003092 _____ C:\WINDOWS\System32\Tasks\{0B854F63-9689-46CF-87D2-BEB92963E308}
2015-10-30 11:34 - 2015-01-10 14:30 - 00003130 _____ C:\WINDOWS\System32\Tasks\SlimCleaner Plus (Scheduled Scan - Mik)
2015-10-30 11:34 - 2015-01-07 14:21 - 00003182 _____ C:\WINDOWS\System32\Tasks\{08576B70-0D23-48DA-8595-0AA48E5B61D6}
2015-10-30 11:34 - 2014-11-02 09:29 - 00003092 _____ C:\WINDOWS\System32\Tasks\{27D85D21-5398-426B-B780-BED7C05D7986}
2015-10-30 11:34 - 2014-11-02 09:18 - 00003248 _____ C:\WINDOWS\System32\Tasks\{0AA992CE-585B-4E3F-AC7E-52E06C168CA5}
2015-10-30 11:34 - 2014-10-28 14:10 - 00003284 _____ C:\WINDOWS\System32\Tasks\HPCeeScheduleForMik
2015-10-30 11:34 - 2014-10-05 21:57 - 00003294 _____ C:\WINDOWS\System32\Tasks\{9F8F6D72-EC88-4A85-A159-FC314C0989A2}
2015-10-30 11:34 - 2014-04-22 22:36 - 00003088 _____ C:\WINDOWS\System32\Tasks\{39DC4620-38AD-48AB-8122-3E60C4E65651}
2015-10-30 11:34 - 2013-10-18 10:37 - 00003428 _____ C:\WINDOWS\System32\Tasks\{98E129C0-551F-4F0A-BE40-B34C257A4157}
2015-10-30 11:34 - 2013-08-28 00:58 - 00003486 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeScheduledTaskS-1-5-21-3809766135-4035193921-735686567-1001
2015-10-30 11:34 - 2013-08-28 00:58 - 00003348 _____ C:\WINDOWS\System32\Tasks\RealPlayerRealUpgradeLogonTaskS-1-5-21-3809766135-4035193921-735686567-1001
2015-10-30 11:34 - 2013-05-19 16:52 - 00003406 _____ C:\WINDOWS\System32\Tasks\Norton WSC Integration
2015-10-30 11:34 - 2013-02-21 09:03 - 00003270 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-10-30 11:34 - 2013-02-21 09:03 - 00003214 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-10-30 11:34 - 2013-02-21 09:03 - 00003212 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-10-30 11:34 - 2012-10-01 07:50 - 00003202 _____ C:\WINDOWS\System32\Tasks\{0DB0357A-0F5E-4028-8CD6-8D83D50048F8}
2015-10-30 11:34 - 2012-07-02 01:59 - 00002940 _____ C:\WINDOWS\System32\Tasks\PC Optimizer Pro64 startups
2015-10-30 11:34 - 2012-07-01 19:11 - 00003188 _____ C:\WINDOWS\System32\Tasks\{7485C338-B4AD-466A-932C-532DBAA54F94}
2015-10-30 11:34 - 2012-06-18 10:36 - 00004004 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-30 11:34 - 2012-06-18 10:36 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-30 11:34 - 2012-05-28 21:36 - 00003242 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-10-30 11:34 - 2012-05-28 19:38 - 00003244 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-10-30 11:34 - 2012-05-28 18:57 - 00003400 _____ C:\WINDOWS\System32\Tasks\RMCreator
2015-10-30 11:33 - 2015-07-31 09:42 - 00000000 __RSD C:\WINDOWS\Media
2015-10-30 11:33 - 2015-07-31 09:42 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-30 11:26 - 2015-07-31 09:42 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-30 11:26 - 2015-07-08 11:59 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton 360
2015-10-30 11:20 - 2015-09-10 16:19 - 00000000 ____D C:\WINDOWS\ShellNew
2015-10-30 11:20 - 2015-08-11 16:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\IK Multimedia
2015-10-30 11:20 - 2015-07-31 09:42 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-30 11:20 - 2015-07-10 20:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-30 11:20 - 2015-01-10 14:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AGEIA
2015-10-30 11:20 - 2014-12-07 17:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Epson Software
2015-10-30 11:20 - 2014-12-07 17:38 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ABBYY FineReader 9.0 Sprint
2015-10-30 11:20 - 2014-12-07 17:25 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Scan-n-Stitch Deluxe
2015-10-30 11:20 - 2014-12-07 17:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft MediaImpression 2
2015-10-30 11:20 - 2014-12-07 17:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EPSON
2015-10-30 11:20 - 2014-11-07 21:06 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-30 11:20 - 2014-11-07 06:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\QuickTime
2015-10-30 11:20 - 2014-11-07 06:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-10-30 11:20 - 2014-08-18 20:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CalorieKing Australia
2015-10-30 11:20 - 2014-06-11 23:10 - 00000000 ____D C:\Users\Mik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\ASIO4ALL v2
2015-10-30 11:20 - 2014-06-11 23:08 - 00000000 ____D C:\Users\Mik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Image-Line
2015-10-30 11:20 - 2014-05-30 21:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 9
2015-10-30 11:20 - 2014-01-30 15:45 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP Help and Support
2015-10-30 11:20 - 2014-01-24 10:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HD Tune
2015-10-30 11:20 - 2014-01-22 07:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-10-30 11:20 - 2014-01-06 19:35 - 00000000 ____D C:\Users\Mik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-30 11:20 - 2014-01-06 19:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-10-30 11:20 - 2013-10-18 12:11 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TP-LINK
2015-10-30 11:20 - 2013-10-18 10:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NETGEAR WG111v2 Smart Wizard
2015-10-30 11:20 - 2013-09-12 19:17 - 00000000 ____D C:\Users\postgres\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector
2015-10-30 11:20 - 2013-09-12 19:15 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PostgreSQL 8.4
2015-10-30 11:20 - 2013-06-29 00:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Looks Vegas HD
2015-10-30 11:20 - 2013-05-30 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iX6500 series Manual
2015-10-30 11:20 - 2013-05-30 18:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon iX6500 series
2015-10-30 11:20 - 2013-05-25 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Collab
2015-10-30 11:20 - 2013-05-25 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FL Studio 6
2015-10-30 11:20 - 2013-05-19 15:23 - 00000000 ____D C:\Users\Mik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Norton
2015-10-30 11:20 - 2013-04-10 03:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\GPS Utility
2015-10-30 11:20 - 2013-03-15 03:01 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-10-30 11:20 - 2012-10-21 11:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Adobe LiveCycle ES2
2015-10-30 11:20 - 2012-10-13 15:09 - 00000000 ____D C:\Users\Mik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDirector
2015-10-30 11:20 - 2012-07-02 01:49 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\7-zip
2015-10-30 11:20 - 2012-06-27 00:28 - 00000000 ____D C:\Users\Mik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Games
2015-10-30 11:20 - 2012-06-25 01:39 - 00000000 ____D C:\WINDOWS\en
2015-10-30 11:20 - 2012-06-09 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Edit Pro 2.0
2015-10-30 11:20 - 2012-05-31 23:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVDFab 8 Qt
2015-10-30 11:20 - 2012-05-29 01:14 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-10-30 11:20 - 2012-05-29 00:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP My Display
2015-10-30 11:20 - 2012-05-28 23:54 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DVD Shrink
2015-10-30 11:20 - 2012-05-28 21:51 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft Connect
2015-10-30 11:20 - 2012-05-28 21:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ArcSoft TotalMedia 3.5
2015-10-30 11:20 - 2012-05-28 21:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\REALTEK DTV USB DEVICE
2015-10-30 11:20 - 2012-05-28 18:58 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP User Manuals
2015-10-30 11:20 - 2012-03-08 08:28 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-10-30 11:20 - 2012-03-08 08:27 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberLink PowerDVD 10
2015-10-30 11:20 - 2012-03-08 08:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PDF Complete
2015-10-30 11:20 - 2012-03-08 08:21 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Online Services
2015-10-30 11:20 - 2012-03-08 08:21 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Norton Online Backup
2015-10-30 11:20 - 2012-03-08 08:18 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Recovery Manager
2015-10-30 11:20 - 2012-03-08 08:16 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\HP
2015-10-30 11:20 - 2012-03-08 08:15 - 00000000 ___SD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PC Help & Tools
2015-10-30 11:20 - 2009-07-14 16:32 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Games
2015-10-30 11:18 - 2015-07-31 09:42 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-30 11:18 - 2015-07-31 09:42 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-30 11:18 - 2009-07-14 14:20 - 00000000 ____D C:\Users\Default.migrated
2015-10-30 11:17 - 2012-03-08 08:11 - 00000000 ____D C:\ProgramData\SonicFocus
2015-10-30 11:12 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-10-30 11:12 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-10-30 11:12 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-10-30 11:12 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-10-30 11:12 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-10-30 11:12 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-10-30 11:12 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-10-30 11:12 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-30 11:12 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\system32\IME
2015-10-30 11:12 - 2015-01-10 14:43 - 00000000 ____D C:\WINDOWS\SysWOW64\AGEIA
2015-10-30 11:11 - 2015-08-25 18:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Novation
2015-10-30 11:11 - 2015-08-25 15:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Focusrite
2015-10-30 11:11 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\schemas
2015-10-30 11:11 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\Resources
2015-10-30 11:11 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-10-30 11:11 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\Help
2015-10-30 11:11 - 2014-01-22 16:20 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Intel
2015-10-30 11:11 - 2013-05-30 18:07 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2015-10-30 11:11 - 2013-04-18 23:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\NewBlue
2015-10-30 11:11 - 2013-04-18 23:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sony
2015-10-30 11:11 - 2012-11-13 04:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-10-30 11:11 - 2012-05-31 12:02 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Renesas Electronics
2015-10-30 11:11 - 2012-05-29 16:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ASUS
2015-10-30 11:11 - 2012-05-28 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SlySoft
2015-10-30 11:11 - 2010-11-21 18:16 - 00000000 ___RD C:\Users\Public\Recorded TV
2015-10-30 11:10 - 2015-07-31 09:42 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-10-30 11:10 - 2015-07-31 09:42 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-10-30 11:10 - 2015-07-31 09:42 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-10-30 11:10 - 2015-07-31 09:42 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-30 11:10 - 2009-07-14 16:32 - 00000000 ____D C:\Program Files\Microsoft Games
2015-10-30 11:10 - 2009-07-14 16:32 - 00000000 ____D C:\Program Files\DVD Maker
2015-10-30 11:09 - 2013-05-25 21:39 - 00000000 ____D C:\Users\Mik\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\FL Studio 6
2015-10-30 11:05 - 2015-07-10 20:47 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-10-30 11:02 - 2015-07-09 19:05 - 00000000 ____D C:\Temp
2015-10-30 10:58 - 2015-07-10 20:47 - 00000000 __RHD C:\Users\Default
2015-10-30 10:32 - 2009-07-14 15:45 - 00024608 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-1.C7483456-A289-439d-8115-601632D005A0
2015-10-30 10:32 - 2009-07-14 15:45 - 00024608 ____H C:\WINDOWS\system32\7B296FB0-376B-497e-B012-9C450E1B7327-5P-0.C7483456-A289-439d-8115-601632D005A0
2015-10-30 10:04 - 2015-02-04 00:50 - 00000024 _____ C:\Users\Mik\AppData\Roaming\Network Meter_Usage.ini
2015-10-30 10:00 - 2015-02-04 00:00 - 00009031 _____ C:\Users\Mik\Network_Meter_Data.js
2015-10-30 09:19 - 2015-02-03 23:48 - 00002717 _____ C:\Users\Mik\IP_Log_Data.js
2015-10-29 12:47 - 2015-09-10 17:58 - 00000000 ___HD C:\$Windows.~BT
2015-10-29 08:32 - 2012-05-29 15:19 - 00000000 ____D C:\Users\Mik\AppData\Roaming\HpUpdate
2015-10-29 08:31 - 2012-03-08 08:16 - 00000000 ____D C:\Program Files (x86)\Hp
2015-10-28 01:55 - 2012-05-29 01:12 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-10-27 23:21 - 2013-03-15 03:01 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-10-27 23:21 - 2013-03-15 03:01 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-10-27 23:18 - 2014-01-20 16:28 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-27 19:17 - 2012-03-08 08:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Office
2015-10-27 19:13 - 2012-07-23 18:25 - 00000000 ____D C:\Users\Mik\AppData\Roaming\Skype
2015-10-27 19:13 - 2012-07-23 18:25 - 00000000 ____D C:\ProgramData\Skype
2015-10-27 14:23 - 2012-05-29 15:22 - 00000052 _____ C:\WINDOWS\SysWOW64\DOErrors.log
2015-10-27 13:48 - 2012-06-14 21:33 - 00000000 ____D C:\Users\Mik\AppData\Local\Adobe
2015-10-20 17:40 - 2012-07-30 13:42 - 00000000 ____D C:\Users\Mik\Documents\Banking & Budget
2015-10-20 12:48 - 2012-07-07 22:43 - 00000000 ____D C:\Users\Mik\AppData\Roaming\WildTangent
2015-10-20 12:48 - 2012-03-08 08:22 - 00000000 ____D C:\ProgramData\WildTangent
2015-10-20 12:48 - 2012-03-08 08:22 - 00000000 ____D C:\Program Files (x86)\HP Games
2015-10-20 12:45 - 2012-03-08 08:19 - 00000000 ____D C:\Program Files (x86)\CyberLink
2015-10-20 12:45 - 2012-03-08 08:16 - 00000000 ___HD C:\Program Files (x86)\InstallShield Installation Information
2015-10-20 12:43 - 2012-10-06 19:12 - 00000000 ____D C:\Users\Mik\AppData\Local\Unity
2015-10-20 12:43 - 2012-06-30 23:35 - 00000000 ____D C:\Program Files (x86)\Ubisoft
2015-10-20 12:39 - 2013-04-17 00:36 - 00000000 ____D C:\Program Files (x86)\Sony
2015-10-20 12:36 - 2013-08-08 02:20 - 00000000 ____D C:\Program Files (x86)\Full Tilt Poker
2015-10-20 12:35 - 2013-09-13 16:00 - 00000000 ____D C:\Program Files (x86)\PokerTracker 4
2015-10-20 12:34 - 2014-02-21 23:10 - 00000000 ____D C:\Program Files\Fraps
2015-10-20 12:34 - 2014-02-21 22:49 - 00000000 ____D C:\Users\Mik\AppData\Local\Dxtory Software
2015-10-20 12:34 - 2013-12-25 06:46 - 00000000 ____D C:\Program Files (x86)\Nike
2015-10-19 19:30 - 2014-01-21 20:09 - 00007599 _____ C:\Users\Mik\AppData\Local\Resmon.ResmonCfg
2015-10-19 00:07 - 2012-03-08 08:27 - 00000000 ____D C:\ProgramData\PDFC
2015-10-16 14:10 - 2015-07-31 09:43 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-16 14:10 - 2015-07-31 09:43 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 14:55 - 2014-10-28 14:10 - 00000324 _____ C:\WINDOWS\Tasks\HPCeeScheduleForMik.job
2015-10-14 10:49 - 2012-03-08 08:29 - 00000000 ____D C:\ProgramData\Norton
2015-10-12 14:17 - 2015-08-26 00:21 - 00000000 ____D C:\Audio Scratch
2015-10-07 16:11 - 2013-05-19 16:50 - 00000000 ____D C:\WINDOWS\system32\Drivers\N360x64
2015-10-07 16:10 - 2013-05-19 16:51 - 00002227 _____ C:\Users\Public\Desktop\Norton 360.LNK
2015-10-06 16:55 - 2009-07-14 13:34 - 00000506 _____ C:\WINDOWS\win.ini
2015-10-06 16:55 - 2009-07-14 13:34 - 00000245 _____ C:\WINDOWS\system.ini
2015-10-02 12:09 - 2014-01-20 16:28 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-02 11:40 - 2014-08-12 21:29 - 00046258 _____ C:\Users\Mik\Documents\Mik-Health Chart.xlsx
Attached Files
File Type: txt Addition.txt (51.6 KB, 24 views)
Boofhead1967 is offline  
Old 11-01-2015, 01:16 AM   #8
Registered Member
 
Join Date: Oct 2015
Posts: 27
OS: Was Win7 now Win10



Farbar text file 2 of 2

==================== Files in the root of some directories =======

2013-10-03 09:21 - 2013-10-03 09:21 - 0000042 _____ () C:\Program Files\all_in_one_pkg_note.txt
2013-03-15 01:14 - 2013-03-15 01:14 - 0088680 _____ (Realtek Semiconductor Corp.) C:\Program Files\AutoInst.exe
2013-07-26 07:32 - 2013-07-26 07:32 - 3556289 _____ () C:\Program Files\data1.cab
2013-07-26 07:32 - 2013-07-26 07:32 - 0036589 _____ () C:\Program Files\data1.hdr
2013-07-26 07:32 - 2013-07-26 07:32 - 0000512 _____ () C:\Program Files\data2.cab
2013-03-15 01:14 - 2013-03-15 01:14 - 0000014 _____ () C:\Program Files\EngLangID.txt
2012-06-22 14:10 - 2012-05-15 21:48 - 0008204 _____ () C:\Program Files\EULA.txt
2013-07-26 07:32 - 2013-07-26 07:32 - 0563416 _____ (Acresso Software Inc.) C:\Program Files\ISSetup.dll
2013-07-26 07:32 - 2013-07-26 07:32 - 0000473 _____ () C:\Program Files\layout.bin
2012-06-22 14:10 - 2012-05-15 21:48 - 0021887 _____ () C:\Program Files\license.txt
2012-06-22 14:10 - 2012-05-15 21:48 - 0008112 _____ () C:\Program Files\Setup.cfg
2012-06-22 14:10 - 2012-05-15 21:48 - 0374080 _____ (NVIDIA Corporation) C:\Program Files\setup.exe
2013-07-26 07:32 - 2013-07-26 07:32 - 0000993 _____ () C:\Program Files\setup.ini
2013-07-26 07:32 - 2013-07-26 07:32 - 0329272 _____ () C:\Program Files\setup.inx
2013-07-26 07:32 - 2013-07-26 07:32 - 0070113 _____ () C:\Program Files\setup.isn
2013-03-15 01:14 - 2013-03-15 01:14 - 0000865 _____ () C:\Program Files\setup.iss
2013-10-29 08:05 - 2013-10-29 08:05 - 0000208 _____ () C:\Program Files\setup.log
2013-10-03 09:21 - 2013-10-03 09:21 - 0000414 _____ () C:\Program Files\setupctrl.txt
2013-03-15 01:14 - 2013-03-15 01:14 - 0000012 _____ () C:\Program Files\Silent_Install.bat
2013-03-15 01:14 - 2013-03-15 01:14 - 0000031 _____ () C:\Program Files\Silent_Uninstall.bat
2013-11-14 10:20 - 2013-11-14 10:20 - 0003629 _____ () C:\Program Files\SP64340.cva
2013-11-13 15:57 - 2013-11-13 15:57 - 0000932 _____ () C:\Program Files\SP64340.rtf
2013-03-15 01:14 - 2013-03-15 01:14 - 0000684 _____ () C:\Program Files\uninstall.iss
2013-03-15 01:14 - 2013-03-15 01:14 - 0000697 _____ () C:\Program Files\uninstall_vista_39.iss
2013-03-15 01:14 - 2013-03-15 01:14 - 0000672 _____ () C:\Program Files\uninstall_vista_69.iss
2013-03-15 01:14 - 2013-03-15 01:14 - 0000667 _____ () C:\Program Files\uninstall_xp_pci.iss
2013-03-15 01:14 - 2013-03-15 01:14 - 0000669 _____ () C:\Program Files\uninstall_xp_pcie.iss
2013-07-26 07:32 - 2013-07-26 07:32 - 0327384 _____ (Acresso Software Inc.) C:\Program Files\_Setup.dll
2015-08-11 16:44 - 2015-08-25 16:57 - 0000016 _____ () C:\Users\Mik\AppData\Roaming\msregsvv.dll
2015-02-03 23:49 - 2015-02-04 23:56 - 0001096 _____ () C:\Users\Mik\AppData\Roaming\Network Meter_Settings.ini
2015-02-04 00:50 - 2015-10-30 10:04 - 0000024 _____ () C:\Users\Mik\AppData\Roaming\Network Meter_Usage.ini
2015-04-03 17:29 - 2015-04-03 17:29 - 0003584 _____ () C:\Users\Mik\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2014-01-21 20:09 - 2015-10-19 19:30 - 0007599 _____ () C:\Users\Mik\AppData\Local\Resmon.ResmonCfg
2013-04-17 18:49 - 2013-04-17 18:49 - 0017408 _____ () C:\Users\Mik\AppData\Local\WebpageIcons.db
2012-05-29 00:40 - 2012-05-31 23:23 - 0000040 ___SH () C:\ProgramData\.zreglib
2015-08-11 16:44 - 2015-08-25 16:57 - 0000016 _____ () C:\ProgramData\autobk.inc
2013-09-13 16:00 - 2013-09-13 16:00 - 0004925 _____ () C:\ProgramData\flwjycbm.bab
2013-09-13 16:07 - 2013-09-13 16:07 - 0004886 _____ () C:\ProgramData\lrbivjdu.eai

ZeroAccess:
C:\$Recycle.Bin\S-1-5-21-3809766135-4035193921-735686567-1001\$af618d5d060df77f59f3becf9f1eea26

ZeroAccess:
C:\$Recycle.Bin\S-1-5-18\$af618d5d060df77f59f3becf9f1eea26

Files to move or delete:
====================
C:\Users\Mik\IP_Log_Data.js
C:\Users\Mik\Network_Meter_Data.js


Some files in TEMP:
====================
C:\Users\Mik\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-10-30 12:52

==================== End of FRST.txt ============================
Boofhead1967 is offline  
Old 11-01-2015, 01:45 AM   #9
Registered Member
 
Join Date: Oct 2015
Posts: 27
OS: Was Win7 now Win10



Got CKCleaner to finish finally.

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
c:\program downloads\cooledit pro\cooledit pro\crack\cep2reg.exe
c:\program downloads\cooledit pro\cooledit pro\crack\info.txt
c:\program files (x86)\cyberlink\powerdvd10\navfilter\kmsvc.exe
c:\program files (x86)\image-line\fl studio 11\data\patches\plugin presets\generators\drumpad\sound fx\crack.fst
c:\program files (x86)\image-line\fl studio 11\plugins\fruity\effects\hardcore\presets\i cracked my tube!.hdprg
c:\program files (x86)\image-line\fl studio 11\plugins\fruity\generators\drumaxx\drum patches\sound fx\crack.dmpatch
c:\program files (x86)\image-line\fl studio 11\plugins\fruity\generators\drumpad\drum patches\sound fx\crack.dmpatch
c:\users\mik\documents\image-line\data\drumaxx\drum patches\sound fx\crack.dmpatch
scanner sequence 3.CE.11.CSNAK0
----- EOF -----
Boofhead1967 is offline  
Old 11-01-2015, 01:18 PM   #10
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello Boofhead1967. It appears you didn't attach the Addition.txt log from FRST.

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-01-2015, 04:46 PM   #11
Registered Member
 
Join Date: Oct 2015
Posts: 27
OS: Was Win7 now Win10



Hi Chemist
The file was attached to the first post containing part 1 of 2 for the FRST.txt (It was too big to fit in one post)
Anyway, here it is now re-run this morning.
Attached Files
File Type: txt Addition.txt (50.9 KB, 27 views)
Boofhead1967 is offline  
Old 11-01-2015, 05:45 PM   #12
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Boofhead1967. Sorry I missed it.

Quote:
c:\program downloads\cooledit pro\cooledit pro\crack\cep2reg.exe
This is one reason your computer is infected. Visiting cracksites/warezsites - and other questionable/illegal sites is always a risk.

Even a single click on the site can drop multiple forms of very serious malware, many of which disable your onboard protection, and System Restore.

If you install the cracked software, you are running executable files from these dubious, unknown sources. You are in effect giving these sources access to information on your hard disk, and potential control over the operation of your computer.

Additionally, cracked programs are illegal. Before posting for help, we ask that you uninstall any such applications, as indicated in this sticky topic.

Referring to the Forum Rules which you should have read at the time of Registering at this forum, TSF does not support illegal activity. As such, be advised that any request for assistance in removing malware may go unanswered, or may be discontinued, if the cracked (illegal) software is still present on the machine.

A study revealed that more often than not, keygens and crack tools downloaded from peer-to-peer networks contained malicious or "unwanted" software.

------------------------------------------------------

==== Installed Programs ====

Cool Edit Pro 2.0

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-01-2015, 09:02 PM   #13
Registered Member
 
Join Date: Oct 2015
Posts: 27
OS: Was Win7 now Win10



Chemist
I humbly apologise for the installation of the crack. I will remove this now. I'm not arguing against this sites rules but I do wish to point out that the particular program has been superseded by Adobe Audition which for whatever reason I was unable to install correctly (before I installed the cracked version of CoolEdit) I tried several work arounds way back when I was trying to install a legal copy (trial version from memory) but nothing worked. Someone suggested I try the older version & I guess I ended up downloading a cracked version. I have had this program for so long I genuinely forgot it was cracked. Regardless I will uninstall & hope that you are willing to continue to help me as I am unsure what to do without assistance.
Offending software removed. New scan file as follows;
Mik (Boofhead)

CKScanner 2.5 - Additional Security Risks - These are not necessarily bad
scanner sequence 3.RP.11.PVBBQ0
----- EOF -----
Boofhead1967 is offline  
Old 11-02-2015, 04:25 AM   #14
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Boofhead1967. Understood. Please make sure you uninstalled the app via Programs and Features.

------------------------------------------------------

One or more of the identified infections is a backdoor trojan/rootkit.

This type of infection allows hackers to remotely control your computer, log keystrokes, steal critical system information, and download and execute files without your knowledge.

If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation.

Please refer to Microsoft's Online Safety article for tips on creating a strong password.

Do not change passwords or do any transactions from the infected computer until it has been cleaned.

------------------------------------------------------

Please note that these fixes are not instantaneous. Most infections require more than one round to properly eradicate.

Please stay with me until given the 'all clear' even if symptoms seemingly abate.

Kindly follow my instructions and please do no fixing on your own or running of scanners unless requested by a helper.

------------------------------------------------------

If there are any personal files, pics, etc. on your computer you cannot live without, back them up now just as a precaution.

Back up and restore your files - Windows Help

------------------------------------------------------

Also, if you haven't done so already, you might want to create a USB recovery drive. It's really easy and quick.

Create a recovery drive - Windows Help -

------------------------------------------------------

Please re-enable System Restore before running this fix:
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    createrestorepoint:
    Task: {09034DF0-28D8-452C-954F-9097799F5646} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
    Task: {0B83D506-170A-4D32-8C62-4752031EA82A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
    Task: {1289D947-BD8D-45DA-85DA-5291517E99E2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
    Task: {5D6697FB-EA78-400A-AFAA-BA465D1FCA22} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
    Task: {5F40A6EE-B603-4030-977C-A256F4B1A846} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
    Task: {65AAD935-5C15-4113-822D-8E2A3833656D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
    Task: {871EDF87-7E71-45CC-B766-1CD713590CE2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
    Task: {8B1C5D3B-1C34-44CB-9178-FBDF3CAA9B25} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
    Task: {8E9644EA-CCC4-4523-8E7C-AFCDD136B065} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
    Task: {93396B83-9902-4457-8A63-00FFCA485445} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
    Task: C:\WINDOWS\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
    Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Mik).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
    C:\Program Files\PC Optimizer Pro
    C:\Program Files\SlimCleaner Plus
    c:\program downloads\cooledit pro
    HKLM-x32\...\Run: [] => [X]
    URLSearchHook: HKU\S-1-5-21-3809766135-4035193921-735686567-1001 - (No Name) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - No File
    SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzytD0AyDzyyDzztCyDzytN0D0Tzu0CyCtDyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=27593314&ir=
    SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzytD0AyDzyyDzztCyDzytN0D0Tzu0CyCtDyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=27593314&ir=
    SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
    SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
    SearchScopes: HKU\S-1-5-21-3809766135-4035193921-735686567-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
    SearchScopes: HKU\S-1-5-21-3809766135-4035193921-735686567-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
    Toolbar: HKU\S-1-5-21-3809766135-4035193921-735686567-1001 -> No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No File
    CHR Extension: (Mysearchdial) - C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-09]
    CHR Extension: (Mysearchdial) - C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-09]
    CHR Extension: (TopArcadeHits) - C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp [2013-08-28]
    CHR Extension: (Mysearchdial) - C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-09]
    CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
    2015-11-01 19:59 - 2012-07-02 01:59 - 00000410 _____ C:\WINDOWS\Tasks\PC Optimizer Pro64 startups.job
    2015-11-01 14:30 - 2015-01-10 14:30 - 00000362 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Mik).job
    2015-10-30 11:20 - 2012-06-09 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Edit Pro 2.0
    C:\Users\Mik\IP_Log_Data.js
    C:\Users\Mik\Network_Meter_Data.js
    C:\$Recycle.Bin\S-1-5-21-3809766135-4035193921-735686567-1001\$af618d5d060df77f59f3becf9f1eea26
    C:\$Recycle.Bin\S-1-5-18\$af618d5d060df77f59f3becf9f1eea26
    Folder: C:\Users\Mik\AppData\Roaming\3789
    EmptyTemp:
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • If you receive a message that a reboot is required, please make sure you allow it to restart normally.
  • The tool will complete its run after the restart.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-02-2015, 05:00 AM   #15
Registered Member
 
Join Date: Oct 2015
Posts: 27
OS: Was Win7 now Win10



Hi
Thanks for continuing. I can't create a recovery drive. After clicking OK the message;

"We can't create the recovery drive. A problem occurred while creating the recovery drive"

Also, I am not sure how to turn System Restore back on. I used "Settings > Update & Security > Recovery" and I'm not sure where to from here, I have 3 options.
1 - Reset this PC
2 - Go back to Windows 7
3 - Advanced Startup

Sorry for the ignorance, I know you've already said it but I really regret updating to Windows 10 before coming on here, I'm much more familiar with Windows 7.
Boofhead1967 is offline  
Old 11-02-2015, 05:20 AM   #16
Registered Member
 
Join Date: Oct 2015
Posts: 27
OS: Was Win7 now Win10



Cancel that last bit, I have found how to turn System Restore on & have done that. I still can't create a system recovery drive though.
Boofhead1967 is offline  
Old 11-02-2015, 12:37 PM   #17
Registered Member
 
Join Date: Oct 2015
Posts: 27
OS: Was Win7 now Win10



Chemist

Although I could not create a system recovery file I have run the script. I have backed up all my important files to a separate hard drive and took the risk as I am fast approaching a deadline for a work related issue in which I desperately need this PC functioning at least for longer than 30 minutes. I understand I have taken a risk but given my situation I really needed to weigh up the options & the decision to take the risk was warranted in my view. I hope I have not caused any problems for you personally by doing this. Here is the fixlog result. The PC rebooted no problems but I thought I would mention that for the last 24 hours or so every reboot (And there have been a lot to get my files copied) there has been a message appearing at the first startup screen (before login) that says "hit any key to skip disk scan" I have stopped the scan on all but the first occasion where the scan got to 46% & froze. Not sure if its relevant but I thought I'd let you know. I also got this message on the latest reboot after running your script.


Fix result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Mik (2015-11-03 07:20:15) Run:1
Running from C:\Users\Mik\Desktop
Loaded Profiles: Mik & postgres (Available Profiles: Mik & postgres & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
createrestorepoint:
Task: {09034DF0-28D8-452C-954F-9097799F5646} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {0B83D506-170A-4D32-8C62-4752031EA82A} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {1289D947-BD8D-45DA-85DA-5291517E99E2} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: {5D6697FB-EA78-400A-AFAA-BA465D1FCA22} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {5F40A6EE-B603-4030-977C-A256F4B1A846} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {65AAD935-5C15-4113-822D-8E2A3833656D} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {871EDF87-7E71-45CC-B766-1CD713590CE2} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8B1C5D3B-1C34-44CB-9178-FBDF3CAA9B25} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {8E9644EA-CCC4-4523-8E7C-AFCDD136B065} - System32\Tasks\PC Optimizer Pro64 startups => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: {93396B83-9902-4457-8A63-00FFCA485445} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\PC Optimizer Pro64 startups.job => C:\Program Files\PC Optimizer Pro\StartApps.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Mik).job => C:\Program Files\SlimCleaner Plus\SlimCleanerPlus.exe
C:\Program Files\PC Optimizer Pro
C:\Program Files\SlimCleaner Plus
c:\program downloads\cooledit pro
HKLM-x32\...\Run: [] => [X]
URLSearchHook: HKU\S-1-5-21-3809766135-4035193921-735686567-1001 - (No Name) - {3bbd3c14-4c16-4989-8366-95bc9179779d} - No File
SearchScopes: HKLM -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzytD0AyDzyyDzztCyDzytN0D0Tzu0CyCtDyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=27593314&ir=
SearchScopes: HKLM -> {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL = hxxp://start.mysearchdial.com/results.php?f=4&q={searchTerms}&a=dnldmsd&cd=2XzuyEtN2Y1L1QzutAzzyCtDyByBzytD0AyDzyyDzztCyDzytN0D0Tzu0CyCtDyDtN1L2XzutBtFtBtFyEtFyBtAtCtN1L1Czu1Q1G1I1Q1H1B1Q&cr=27593314&ir=
SearchScopes: HKLM -> {2fa28606-de77-4029-af96-b231e3b8f827} URL = hxxp://eu.ask.com/web?q={searchterms}&l=dis&o=HPDTDF
SearchScopes: HKLM-x32 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-21-3809766135-4035193921-735686567-1001 -> {2fa28606-de77-4029-af96-b231e3b8f827} URL =
SearchScopes: HKU\S-1-5-21-3809766135-4035193921-735686567-1001 -> {b7fca997-d0fb-4fe0-8afd-255e89cf9671} URL =
Toolbar: HKU\S-1-5-21-3809766135-4035193921-735686567-1001 -> No Name - {3BBD3C14-4C16-4989-8366-95BC9179779D} - No File
CHR Extension: (Mysearchdial) - C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2012-07-09]
CHR Extension: (Mysearchdial) - C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2012-07-09]
CHR Extension: (TopArcadeHits) - C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp [2013-08-28]
CHR Extension: (Mysearchdial) - C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2012-07-09]
CHR HKLM\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
CHR HKLM-x32\...\Chrome\Extension: [iikflkcanblccfahdhdonehdalibjnif] - hxxps://clients2.google.com/service/update2/crx
2015-11-01 19:59 - 2012-07-02 01:59 - 00000410 _____ C:\WINDOWS\Tasks\PC Optimizer Pro64 startups.job
2015-11-01 14:30 - 2015-01-10 14:30 - 00000362 _____ C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Mik).job
2015-10-30 11:20 - 2012-06-09 12:32 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Edit Pro 2.0
C:\Users\Mik\IP_Log_Data.js
C:\Users\Mik\Network_Meter_Data.js
C:\$Recycle.Bin\S-1-5-21-3809766135-4035193921-735686567-1001\$af618d5d060df77f59f3becf9f1eea26
C:\$Recycle.Bin\S-1-5-18\$af618d5d060df77f59f3becf9f1eea26
Folder: C:\Users\Mik\AppData\Roaming\3789
EmptyTemp:
end
*****************

Restore point was successfully created.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{09034DF0-28D8-452C-954F-9097799F5646}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{09034DF0-28D8-452C-954F-9097799F5646}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{0B83D506-170A-4D32-8C62-4752031EA82A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{0B83D506-170A-4D32-8C62-4752031EA82A}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{1289D947-BD8D-45DA-85DA-5291517E99E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{1289D947-BD8D-45DA-85DA-5291517E99E2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5D6697FB-EA78-400A-AFAA-BA465D1FCA22}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5D6697FB-EA78-400A-AFAA-BA465D1FCA22}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{5F40A6EE-B603-4030-977C-A256F4B1A846}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F40A6EE-B603-4030-977C-A256F4B1A846}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{65AAD935-5C15-4113-822D-8E2A3833656D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{65AAD935-5C15-4113-822D-8E2A3833656D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{871EDF87-7E71-45CC-B766-1CD713590CE2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{871EDF87-7E71-45CC-B766-1CD713590CE2}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8B1C5D3B-1C34-44CB-9178-FBDF3CAA9B25}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8B1C5D3B-1C34-44CB-9178-FBDF3CAA9B25}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{8E9644EA-CCC4-4523-8E7C-AFCDD136B065}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8E9644EA-CCC4-4523-8E7C-AFCDD136B065}" => key removed successfully
C:\WINDOWS\System32\Tasks\PC Optimizer Pro64 startups => moved successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\PC Optimizer Pro64 startups" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93396B83-9902-4457-8A63-00FFCA485445}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93396B83-9902-4457-8A63-00FFCA485445}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
C:\WINDOWS\Tasks\PC Optimizer Pro64 startups.job => moved successfully
C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Mik).job => moved successfully
"C:\Program Files\PC Optimizer Pro" => not found.
"C:\Program Files\SlimCleaner Plus" => not found.
"c:\program downloads\cooledit pro" => not found.
HKLM\Software\WOW6432Node\Microsoft\Windows\CurrentVersion\Run\\ => value removed successfully
HKU\S-1-5-21-3809766135-4035193921-735686567-1001\Software\Microsoft\Internet Explorer\URLSearchHooks\\{3bbd3c14-4c16-4989-8366-95bc9179779d} => value removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{0633EE93-D776-472f-A0FF-E1416B8B2E3A}" => key removed successfully
HKCR\CLSID\{0633EE93-D776-472f-A0FF-E1416B8B2E3A} => key not found.
"HKLM\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\SearchScopes\\DefaultScope => value restored successfully
"HKU\S-1-5-21-3809766135-4035193921-735686567-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{2fa28606-de77-4029-af96-b231e3b8f827}" => key removed successfully
HKCR\CLSID\{2fa28606-de77-4029-af96-b231e3b8f827} => key not found.
"HKU\S-1-5-21-3809766135-4035193921-735686567-1001\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{b7fca997-d0fb-4fe0-8afd-255e89cf9671}" => key removed successfully
HKCR\CLSID\{b7fca997-d0fb-4fe0-8afd-255e89cf9671} => key not found.
HKU\S-1-5-21-3809766135-4035193921-735686567-1001\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser\\{3BBD3C14-4C16-4989-8366-95BC9179779D} => value removed successfully
HKCR\CLSID\{3BBD3C14-4C16-4989-8366-95BC9179779D} => key not found.
C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo => moved successfully
C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf => moved successfully
C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Extensions\gpdgdlcjhlbaphcjmagicjhhgfnkiihp => moved successfully
C:\Users\Mik\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia => moved successfully
"HKLM\SOFTWARE\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"HKLM\SOFTWARE\Wow6432Node\Google\Chrome\Extensions\iikflkcanblccfahdhdonehdalibjnif" => key removed successfully
"C:\WINDOWS\Tasks\PC Optimizer Pro64 startups.job" => not found.
"C:\WINDOWS\Tasks\SlimCleaner Plus (Scheduled Scan - Mik).job" => not found.
"C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Cool Edit Pro 2.0" => not found.
C:\Users\Mik\IP_Log_Data.js => moved successfully
C:\Users\Mik\Network_Meter_Data.js => moved successfully
C:\$Recycle.Bin\S-1-5-21-3809766135-4035193921-735686567-1001\$af618d5d060df77f59f3becf9f1eea26 => moved successfully
C:\$Recycle.Bin\S-1-5-18\$af618d5d060df77f59f3becf9f1eea26 => moved successfully

========================= Folder: C:\Users\Mik\AppData\Roaming\3789 ========================


====== End of Folder: ======

EmptyTemp: => 1.1 GB temporary data Removed.


The system needed a reboot.

==== End of Fixlog 07:23:16 ====
Boofhead1967 is offline  
Old 11-02-2015, 01:29 PM   #18
Registered Member
 
Join Date: Oct 2015
Posts: 27
OS: Was Win7 now Win10



Chemist, since running the script I have not noticed much improvement. The PC still hangs requiring a manual reboot. Also, something I forgot to mention in the list of many things wrong with my PC, I have been getting Mail Administrator - Mail System Failure - Returned Mail. I am 100% positive that I have not sent any mail and assume these are bogus email that have something to do with my infection. I have not opened any of the files attached to these email (they all have "details.txt & something like AT000004.eml" files attached to them)

For now I am not doing anything else with the PC until I hear from you except reboot & see if the hang issue resolves.

Regards
PS - Thank you for the effort with that script, in awe of anyone who can decipher that stuff!
Boofhead1967 is offline  
Old 11-02-2015, 02:18 PM   #19
Security Team
Moderator, Analyst
Rangemaster, TSF Academy
 
chemist's Avatar

Microsoft Most Valuable Professional
 
Join Date: Oct 2007
Location: Georgia
Posts: 29,790
OS: XP/Win7/Win10



Hello again, Boofhead1967. You're very welcome. Thanks for the info. Not all problems are due to malware.

------------------------------------------------------

Press the Windows "logo" key and "R" key then copy/paste the following single-line command into the Run box and click OK:

cmd /c rd /s /q "C:\Users\Mik\AppData\Roaming\3789"

A DOS window will open and close again, this is normal.

------------------------------------------------------
  • Open Notepad (Start > All Programs > Accessories > Notepad).
  • Please copy all the text in the codebox below. (To do this highlight the contents of the box, right-click on it and select Copy. Right-click in the open Notepad and select Paste).
  • Save it as fixlist.txt next to FRST64.exe
  • If asked to change 'Encoding:' to 'Unicode:', please agree and save it.

    NOTE: Both FRST64.exe and the fixlist.txt must be in the same location or the fix will not work.


    Code:
    start
    Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute
    end
  • Double-click FRST64 to run the tool. If the tool warns you the version is outdated, please download and run the updated version.
  • Click the Fix button just once, and wait.
  • When finished, the tool will make a log (Fixlog.txt) in the same location from where it was run. Please post the Fixlog.txt log in your reply.

NOTE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

------------------------------------------------------
__________________
Our services are free, but you may contribute to the author of ComboFix via PayPal

Proud member of UNITE

Microsoft MVP - Consumer Security 2014, 2015
chemist is offline  
Old 11-02-2015, 04:09 PM   #20
Registered Member
 
Join Date: Oct 2015
Posts: 27
OS: Was Win7 now Win10



Chemist
Ok, noted.


Fix result of Farbar Recovery Scan Tool (x64) Version:31-10-2015
Ran by Mik (2015-11-03 11:08:38) Run:2
Running from C:\Users\Mik\Desktop
Loaded Profiles: Mik & postgres (Available Profiles: Mik & postgres & DefaultAppPool)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
Reg: reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute
end
*****************


========= reg query "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager" /v BootExecute =========


HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Session Manager
BootExecute REG_MULTI_SZ autocheck autochk *



========= End of Reg: =========


==== End of Fixlog 11:08:38 ====
Boofhead1967 is offline  
 

Thread Tools Search this Thread
Search this Thread:

Advanced Search

Similar Threads
Thread Thread Starter Forum Replies Last Post
Web browsing is REALLY slow, but downloads are fine
This is my first post here, so please bear with me... I was originally going to post this in the "malware" forum, but I am not convinced that linked to anything malicious and wanted to get peoples thoughts first. I have 2-3MB/S DSL and a desktop PC connected to the router with a cable. Its...
jweaver Windows XP Support 12 12-14-2011 07:42 PM
Frustrated - Slow load at "Starting windows"
Hi guys, I am facing a very frustrating issue that I went google for almost a month. Need you guys to tell me what is next step i should take to test my system or guide me with bios settings. -- My home PC's build: Biostar H61 Intel i3 3.1GHz 4gb kingston Ram x 1 piece
eladarea Windows 7 , Windows Vista Support 1 07-27-2011 11:37 PM
Suspected Virus/Trojan Causing Slow Internet?
Around sunday, I have notcied that my computer is acting really strange. Internet is the main noticeable thing. It slows down to a crawl over time in a matter of a couple hours and I have to restart my computer for a better connection. I was thinking i may of caught a virus. So, I ran a full...
DonoJoshu Resolved HJT Threads 1 01-27-2011 12:01 AM
Is your PC running slow...?
Version control – v2.0 – dated November 2010 Version control - v2.1 - dated April 2012 - updated SysInternals link Version control – v2.2 – dated March 2014 - general updates, links and additions for Windows 8 Introduction This article is intended to provide you with some hints and tips...
Glaswegian General Computer Security 0 11-29-2010 01:15 PM

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is on
Smilies are on
[IMG] code is on
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


Post a Question


» Site Navigation
 > FAQ
  > 10.0.0.2
Powered by vBadvanced CMPS v3.2.3


All times are GMT -7. The time now is 10:36 AM.


Powered by vBulletin® Version 3.8.8
Copyright ©2000 - 2020, vBulletin Solutions, Inc.
vBulletin Security provided by vBSecurity v2.2.2 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
User Alert System provided by Advanced User Tagging v3.1.0 (Pro) - vBulletin Mods & Addons Copyright © 2020 DragonByte Technologies Ltd.
Copyright 2001 - 2018, Tech Support Forum

Windows 10 - Windows 7 - Windows XP - Windows Vista - Trojan Removal - Spyware Removal - Virus Removal - Networking - Security - Top Web Hosts