[SOLVED] FAKE BSOD - Windows 10 x64

W

Win10 Puzzled

Member
Joined
Aug 12, 2015
Posts
10
This is the original message I submitted to the Windows Secrets Lounge:
____________________

"Blue screen requesting to contact Microsoft Technician


I switched to Win 10 in the hope that I could eliminate some security issues.

First, I got infected with a browser hijacker under Win 8.1 that sent my default browser addresses in Chrome and Internet Explorer to:
hXXp://usa-aa.s3-website-us-east-1.a...ws.com/?grp=10, by attaching itself to the end of the default address, like this:

"C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" hXXp://usa-aa.s3-website-us-east-1.a...ws.com/?grp=10.

I found out how to eliminate the added address and go back to my defaults, however I just could not stop this from reoccurring.

Second, I also was infected by a message that I felt was a scam. It opens a blue screen with several lines of text indicating that:

“A problem has been detected and your PC has been stopped to prevent damage.
0x00009af8 DRIVER_IRQL PENDING OPERATION
COMPUTER HEALTH IS CRITICAL
DO NOT RESTART
. . . . .ETC”

And ends by making a request to contact a Microsoft Certified Technician and a toll free number.

I didn’t heed the request and restarted. The process repeated itself several times and I could not find any other solution than restarting, until I found that by using the Sign Out option in the CTRL + ALT + DEL call for Task Manager, I could go back to the screen prior to the message and continue working.

After any of the two occurrences I would run Malwarebytes Anti-Malware, Spybot and ADW Cleaner, plus CCleaner, although the first two are scheduled to run periodically.

Once I switched to Win 10, the hijackers apparently stopped, but the blue screen is back again, which has given me the reason to send this message to seek some help.

Thanks."

__________________

Later on I found out that the message itself provides a way out by means of the ESC key, which I had not seen before.

Member 'satrow' suggested I contacted you, which is what I am doing with this message.

In regards Point 5 BSOD Posting Instructions, here are some answers:

· OS - Windows 10
· x86 - x64
· Originally came with Windows 7 OEM. I replaced it with Retail Win 8 and later upgraded to Win 8.1
· Age of system (hardware) - 3 years
· Age of OS installation - I re-installed the OS in March 2014
· System Manufacturer - HP
· Exact model number - g7 1070us
· Laptop or Desktop? - Laptop

I have an older HP dv9005us laptop that I am still using with Win 7, waiting to resolve this issue to upgrade it to WIn 10.

Thank you very much for your assistance.

_______________

At the suggestion of Tekno Venus I am now providing additional information
 

Attachments

Last edited by a moderator:
Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:16-08-2015
Ran by Alvaro (administrator) on G7 (16-08-2015 23:18:34)
Running from C:\Users\Alvar_000\Desktop\Fake BSOD
Loaded Profiles: Alvaro (Available Profiles: Alvaro)
Platform: Windows 10 Pro (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: FF)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: FRST Tutorial - How to use Farbar Recovery Scan Tool - Geeks to Go Forum

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

(Sandboxie Holdings, LLC) D:\Security\SandBoxie\SbieSvc.exe
(Stardock Software, Inc) D:\System\Start 8\Ver 1.5\Start8Srv.exe
(Stardock Software, Inc) D:\System\Start 8\Ver 1.5\Start8_64.exe
(Microsoft Corporation) C:\Windows\System32\wlanext.exe
(Apple Inc.) C:\Program Files (x86)\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
(Broadcom Corporation.) C:\Windows\System32\BtwRSupportService.exe
(CHENGDU YIWO Tech Development Co., Ltd) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
() D:\Storage\ADrive\Desktop\mounter.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Apple Inc.) C:\Program Files\Bonjour\mDNSResponder.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
(Nuance Communications, Inc.) C:\Program Files (x86)\Common Files\Nuance\dgnsvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(Tablet Driver) C:\Windows\System32\drivers\WTSrv.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psia.exe
(TeamViewer GmbH) C:\Program Files (x86)\TeamViewer\Version9\TeamViewer_Service.exe
(CyberGhost S.R.L) C:\Program Files\CyberGhost 5\Service.exe
(Microsoft Corporation) C:\Windows\System32\vds.exe
() C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(Microsoft) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\sua.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe
(Microsoft Corporation) C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
(Synaptics Incorporated) C:\Program Files\Synaptics\SynTP\SynTPHelper.exe
(Microsoft Corporation) C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\ShellExperienceHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SearchUI.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.1\GoogleCrashHandler64.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Skype Technologies S.A.) D:\Online\Skype\Phone\Skype.exe
(Dropbox, Inc.) C:\Users\Alvar_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe
(Sandboxie Holdings, LLC) D:\Security\SandBoxie\SbieCtrl.exe
(Microsoft Corporation) C:\Users\Alvar_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe
(Secunia) C:\Program Files (x86)\Secunia\PSI\psi_tray.exe
(Dropbox, Inc.) C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\Dropbox.exe
(Piriform Ltd) D:\Maintenance\Cleaners\CCleaner\Ver 5.06.5219\CCleaner64.exe
(Microsoft Corporation) C:\Windows\SysWOW64\wbem\WmiPrvSE.exe
(Microsoft Corporation) C:\Windows\System32\backgroundTaskHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
(Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6106.23501.0_x64__8wekyb3d8bbwe\OHub.exe
() C:\Users\Alvar_000\Desktop\New folder\3. FRST64.exe
() C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersHelper.exe


==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [SynTPEnh] => C:\Program Files\Synaptics\SynTP\SynTPEnh.exe [3944136 2015-07-17] (Synaptics Incorporated)
HKLM-x32\...\Run: [EaseUS EPM tray] => D:\System\EaseUS\Partition Master Ver 10.2\EaseUS Partition Master 10.2\bin\EpmNews.exe [2089056 2014-11-18] (CHENGDU YIWO Tech Development Co., Ltd)
HKLM-x32\...\Run: [EaseUS EPM Tray Agent] => D:\System\EaseUS\Partition Master Ver 10.2\EaseUS Partition Master 10.2\bin\TrayPopupE\TrayTipAgentE.exe [255072 2014-11-18] ()
HKLM-x32\...\Run: [EaseUS TB Tray Agent] => C:\Program Files (x86)\EaseUS\TrayPopup\TrayTipAgent.exe [253992 2014-12-15] ()
HKLM-x32\...\Run: [OpwareSE2] => D:\Images\Scanning\CanoScan 8400 F\OpwareSE2.exe [49152 2003-05-08] (ScanSoft, Inc.)
HKLM-x32\...\Run: [OPSE reminder] => D:\Images\Scanning\CanoScan 8400 F\EregEng\Ereg.exe [729088 2003-07-07] (ScanSoft, Inc.)
HKLM-x32\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\\isuspm.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKLM-x32\...\Run: [DNS7reminder] => D:\Office\Dragon\Ereg\Ereg.exe [328992 2010-10-27] (Nuance Communications, Inc.)
Winlogon\Notify\igfxcui: C:\WINDOWS\system32\igfxdev.dll (Intel Corporation)
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
HKU\S-1-5-19\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-20\...\Run: [OneDriveSetup] => C:\Windows\SysWOW64\OneDriveSetup.exe [7805120 2015-07-10] (Microsoft Corporation)
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\Run: [CyberGhost] => C:\Program Files\CyberGhost 5\CyberGhost.exe [430048 2015-05-21] (CyberGhost S.R.L.)
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\Run: [Spotify] => C:\Users\Alvar_000\AppData\Roaming\Spotify\Spotify.exe [6162488 2014-07-27] (Spotify Ltd)
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\Run: [Spotify Web Helper] => C:\Users\Alvar_000\AppData\Roaming\Spotify\Data\SpotifyWebHelper.exe [1178168 2014-07-27] (Spotify Ltd)
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\Run: [CCleaner Monitoring] => D:\Maintenance\Cleaners\CCleaner\Ver 5.06.5219\CCleaner64.exe [8322328 2015-05-08] (Piriform Ltd)
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\Run: [Skype] => D:\Online\Skype\Phone\Skype.exe [53282944 2015-06-29] (Skype Technologies S.A.)
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\Run: [Boxcryptor.exe] => D:\Security\Boxcryptor\Boxcryptor.exe [1063168 2014-02-19] (Secomba GmbH)
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\Run: [Spybot-S&D Cleaning] => D:\Security\Spybot\Ver 2.4\Spybot - Search & Destroy 2\SDCleaner.exe [4566952 2014-06-24] (Safer-Networking Ltd.)
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\Run: [ISUSPM] => C:\ProgramData\FLEXnet\Connect\11\ISUSPM.exe [2068856 2011-10-12] (Flexera Software LLC.)
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\Run: [Dropbox Update] => C:\Users\Alvar_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [134512 2015-06-17] (Dropbox, Inc.)
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\Run: [SandboxieControl] => D:\Security\SandBoxie\SbieCtrl.exe [787592 2015-06-23] (Sandboxie Holdings, LLC)
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\Run: [OneDrive] => C:\Users\Alvar_000\AppData\Local\Microsoft\OneDrive\OneDrive.exe [402632 2015-08-01] (Microsoft Corporation)
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\RunOnce: [Uninstall C:\Users\Alvar_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\Alvar_000\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64"
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Secunia PSI Tray.lnk [2014-04-30]
ShortcutTarget: Secunia PSI Tray.lnk -> C:\Program Files (x86)\Secunia\PSI\psi_tray.exe (Secunia)
Startup: C:\Users\Alvar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\Dropbox.lnk [2015-06-17]
ShortcutTarget: Dropbox.lnk -> C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
SSODL: EldosMountNotificator-cbfs4 - {D5C905A3-7EE6-4ABF-BD67-D41F5E96D4EF} - C:\WINDOWS\system32\cbfsMntNtf4.dll (EldoS Corporation)
SSODL-x32: EldosMountNotificator-cbfs4 - {D5C905A3-7EE6-4ABF-BD67-D41F5E96D4EF} - C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll (EldoS Corporation)
ShellIconOverlayIdentifiers: ["DropboxExt1"] -> {FB314ED9-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt2"] -> {FB314EDA-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt3"] -> {FB314EDD-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt4"] -> {FB314EDE-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt5"] -> {FB314EDB-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt6"] -> {FB314EDF-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt7"] -> {FB314EDC-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: ["DropboxExt8"] -> {FB314EE0-A251-47B7-93E1-CDD82E34AF8B} => C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll [2015-08-05] (Dropbox, Inc.)
ShellIconOverlayIdentifiers: [EldosIconOverlay-cbfs4] -> {3808E0B8-D504-496D-93BD-35E76180E006} => C:\WINDOWS\system32\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
ShellIconOverlayIdentifiers-x32: [EldosIconOverlay-cbfs4] -> {3808E0B8-D504-496D-93BD-35E76180E006} => C:\WINDOWS\SysWOW64\cbfsMntNtf4.dll [2013-11-15] (EldoS Corporation)
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

HKU\S-1-5-19\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-20\Software\Microsoft\Internet Explorer\Main,Local Page = %11%\blank.htm
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\Software\Microsoft\Internet Explorer\Main,Start Page Redirect Cache = hxxp://www.msn.com/?ocid=iehp
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\Software\Microsoft\Internet Explorer\Main,Start Page = hxxp://www.my.msn.com/
SearchScopes: HKU\.DEFAULT -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-19 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
SearchScopes: HKU\S-1-5-20 -> DefaultScope {0633EE93-D776-472f-A0FF-E1416B8B2E3A} URL =
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> D:\Security\LastPass\LPToolbar_x64.dll [2015-05-11] (LastPass)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> D:\Security\LastPass\LPToolbar.dll [2015-05-11] (LastPass)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Toolbar: HKLM - No Name - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - No File
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Security\LastPass\LPToolbar_x64.dll [2015-05-11] (LastPass)
Toolbar: HKLM-x32 - No Name - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - No File
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - D:\Security\LastPass\LPToolbar.dll [2015-05-11] (LastPass)
Handler-x32: belarc - {6318E0AB-2E93-11D1-B8ED-00608CC9A71F} - C:\Program Files (x86)\Belarc\BelarcAdvisor\System\BAVoilaX.dll [2013-04-16] (Belarc, Inc.)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-05-01] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-05-01] (Microsoft Corporation)
Tcpip\Parameters: [DhcpNameServer] 192.168.1.1
Tcpip\..\Interfaces\{8ddeaaf6-9c2a-4b13-9dbc-ddf863405d85}: [DhcpNameServer] 192.168.1.1

FireFox:
========
FF ProfilePath: C:\Users\Alvar_000\AppData\Roaming\Mozilla\Firefox\Profiles\d1jrku5i.default-1431271501302
FF DefaultSearchEngine.US: Google
FF Homepage: https://news.google.com/
FF Plugin: @adobe.com/FlashPlayer -> C:\WINDOWS\system32\Macromed\Flash\NPSWF64_18_0_0_209.dll [2015-07-16] ()
FF Plugin: @lastpass.com/NPLastPass -> D:\Security\LastPass\nplastpass64.dll [2015-05-11] (LastPass)
FF Plugin: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin: adobe.com/AdobeAAMDetect -> C:\Program Files (x86)\Common Files\Adobe\OOBE\PDApp\CCM\Utilities\npAdobeAAMDetect64.dll [No File]
FF Plugin-x32: @adobe.com/FlashPlayer -> C:\WINDOWS\SysWOW64\Macromed\Flash\NPSWF32_18_0_0_209.dll [2015-07-16] ()
FF Plugin-x32: @Apple.com/iTunes,version=1.0 -> D:\Music\Apple\iTunes\Mozilla Plugins\npitunes.dll [2014-02-21] ()
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/pdf -> D:\Office\PDF\FoxIt\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @foxitsoftware.com/Foxit Reader Plugin,version=1.0,application/vnd.fdf -> D:\Office\PDF\FoxIt\Foxit Reader\plugins\npFoxitReaderPlugin.dll [2013-04-02] (Foxit Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> D:\Security\LastPass\nplastpass.dll [2015-05-11] (LastPass)
FF Plugin-x32: @Microsoft.com/NpCtrl,version=1.0 -> C:\Program Files (x86)\Microsoft Silverlight\5.1.40728.0\npctrl.dll [2015-07-28] ( Microsoft Corporation)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @playon.tv/PlayOnToolbar -> C:\Program Files (x86)\MediaMall\toolbar\npVT.dll [No File]
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.1\npGoogleUpdate3.dll [2015-07-15] (Google Inc.)
FF Plugin-x32: @videolan.org/vlc,version=2.1.2 -> D:\Images\VLC\VLC\npvlc.dll [No File]
FF Plugin-x32: nuance.com/DragonRIAPlugin -> D:\Office\Dragon\Program\npDgnRia.dll [2013-02-11] (Nuance Communications Inc.)
FF Extension: LastPass - C:\Users\Alvar_000\AppData\Roaming\Mozilla\Firefox\Profiles\d1jrku5i.default-1431271501302\Extensions\support@lastpass.com [2015-07-17]
FF Extension: WOT - C:\Users\Alvar_000\AppData\Roaming\Mozilla\Firefox\Profiles\d1jrku5i.default-1431271501302\Extensions\{a0d7ccb3-214d-498b-b4aa-0e8fda9a7bf7} [2015-07-13]
FF Extension: Self-Destructing Cookies - C:\Users\Alvar_000\AppData\Roaming\Mozilla\Firefox\Profiles\d1jrku5i.default-1431271501302\Extensions\jid0-9XfBwUWnvPx4wWsfBWMCm4Jj69E@jetpack.xpi [2015-05-17]
FF Extension: AdF.ly Skipper ★WORKING★ - C:\Users\Alvar_000\AppData\Roaming\Mozilla\Firefox\Profiles\d1jrku5i.default-1431271501302\Extensions\jid0-hyjN250ZzTOOX3evFwwAQBxE4ik@jetpack.xpi [2015-05-12]
FF Extension: Adblock Plus - C:\Users\Alvar_000\AppData\Roaming\Mozilla\Firefox\Profiles\d1jrku5i.default-1431271501302\Extensions\{d10d0bf8-f5b5-c8b4-a8b2-2b9879e08c5d}.xpi [2015-05-17]
FF HKLM-x32\...\Firefox\Extensions: [jid0-lmZNVK7a82O8cufhdfB9dUDfA2w@jetpack] - D:\Office\Dragon\Program\ffShim.xpi
FF Extension: No Name - D:\Office\Dragon\Program\ffShim.xpi [2013-02-11]
StartMenuInternet: FIREFOX.EXE - D:\Online\Mozilla\Firefox\Ver 35.0.1\firefox.exe

Chrome:
=======
CHR Profile: C:\Users\Alvar_000\AppData\Local\Google\Chrome\User Data\Default
CHR Extension: (Google Docs) - C:\Users\Alvar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\aohghmighlieiainnegkcijnfilokake [2015-05-11]
CHR Extension: (Google Drive) - C:\Users\Alvar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\apdfllckaahabafndbhieahigkjlhalf [2015-05-11]
CHR Extension: (YouTube) - C:\Users\Alvar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\blpcfgokakmgnkcojhhkbfbldkacnbeo [2015-05-11]
CHR Extension: (Google Search) - C:\Users\Alvar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\coobgpohoikkiipiblmjeljniedjpjpf [2015-05-11]
CHR Extension: (Dragon NaturallySpeaking Rich Internet Application Support) - C:\Users\Alvar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\mikhcaiakabeeokmenglcdebplfdjicn [2015-04-16]
CHR Extension: (Chrome Web Store Payments) - C:\Users\Alvar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\nmmhkkegccagdldgiimedpiccmgmieda [2015-04-16]
CHR Extension: (Gmail) - C:\Users\Alvar_000\AppData\Local\Google\Chrome\User Data\Default\Extensions\pjkljhegncpnkpknbcohdijeoejaedia [2015-05-11]
CHR HKLM-x32\...\Chrome\Extension: [lifbcibllhkdhoafpjfnlhfpfgnpldfl] - C:\Program Files (x86)\Skype\Toolbars\ChromeExtension\skype_chrome_extension.crx [2015-05-01]
CHR HKLM-x32\...\Chrome\Extension: [mikhcaiakabeeokmenglcdebplfdjicn] - D:\Office\Dragon\Program\chromeShim.crx [2013-02-11]

Opera:
=======
OPR Extension: (WOT) - C:\Users\Alvar_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\eeokceolphhfjdfcibaiiopmekmcbedp [2015-05-17]
OPR Extension: (Disconnect) - C:\Users\Alvar_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\hciohocinlhbdkbjldffomiadmnhjnoj [2015-05-17]
OPR Extension: (µBlock) - C:\Users\Alvar_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\kccohkcpppjjkkjppopfnflnebibpida [2015-02-06]
OPR Extension: (SaveFrom.net helper) - C:\Users\Alvar_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\npdpplbicnmpoigidfdjadamgfkilaak [2014-10-22]
OPR Extension: (Adblock Plus) - C:\Users\Alvar_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\oidhhegpmlfpoeialbgcdocjalghfpkp [2014-12-22]
OPR Extension: (Bookmarks Import & Export) - C:\Users\Alvar_000\AppData\Roaming\Opera Software\Opera Stable\Extensions\omhcddilnfoiiplehpjihipcocdplljn [2015-07-31]
StartMenuInternet: (HKLM) OperaStable - D:\Online\Opera\Launcher.exe

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 BcmBtRSupport; C:\Windows\system32\BtwRSupportService.exe [2255064 2013-10-28] (Broadcom Corporation.)
S3 BthHFSrv; C:\Windows\System32\BthHFSrv.dll [326144 2015-07-10] (Microsoft Corporation)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1394816 2015-05-01] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1772672 2015-05-01] (Microsoft Corporation)
S3 CDPSvc; C:\Windows\System32\CDPSvc.dll [134144 2015-07-10] (Microsoft Corporation)
R2 CGVPNCliService; C:\Program Files\CyberGhost 5\Service.exe [63968 2015-05-21] (CyberGhost S.R.L)
R2 CoreMessagingRegistrar; C:\Windows\system32\coremessaging.dll [808856 2015-08-01] (Microsoft Corporation)
R2 CoreMessagingRegistrar; C:\Windows\SysWOW64\coremessaging.dll [510976 2015-08-01] (Microsoft Corporation)
S3 diagnosticshub.standardcollector.service; C:\Windows\system32\DiagSvcs\DiagnosticsHub.StandardCollector.Service.exe [27136 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\system32\Windows.Internal.Management.dll [267776 2015-07-10] (Microsoft Corporation)
S3 DmEnrollmentSvc; C:\Windows\SysWOW64\Windows.Internal.Management.dll [193024 2015-07-10] (Microsoft Corporation)
R2 DokanMounter; D:\Storage\ADrive\Desktop\mounter.exe [14848 2014-07-09] () [File not signed]
R2 EaseUS Agent; C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe [37416 2014-12-15] (CHENGDU YIWO Tech Development Co., Ltd)
S3 embeddedmode; C:\Windows\System32\embeddedmodesvc.dll [87040 2015-07-10] (Microsoft Corporation)
S3 EntAppSvc; C:\Windows\system32\EnterpriseAppMgmtSvc.dll [275456 2015-07-10] (Microsoft Corporation)
S3 icssvc; C:\Windows\System32\tetheringservice.dll [148992 2015-08-01] (Microsoft Corporation)
R3 lfsvc; C:\Windows\SysWOW64\lfsvc.dll [22528 2015-07-10] (Microsoft Corporation)
R3 LicenseManager; C:\Windows\system32\LicenseManagerSvc.dll [21504 2015-07-10] (Microsoft Corporation)
S2 MapsBroker; C:\Windows\System32\moshost.dll [62464 2015-07-10] (Microsoft Corporation)
S2 MouseWithoutBordersSvc; C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBordersSvc.exe [27872 2012-12-28] (Microsoft)
S2 OneSyncSvc; C:\Windows\System32\APHostService.dll [296960 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R2 OneSyncSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 PimIndexMaintenanceSvc; C:\Windows\System32\PimIndexMaintenance.dll [289280 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 PimIndexMaintenanceSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 RetailDemo; C:\Windows\system32\RDXService.dll [988672 2015-08-02] (Microsoft Corporation)
R2 SbieSvc; D:\Security\SandBoxie\SbieSvc.exe [175752 2015-06-23] (Sandboxie Holdings, LLC)
R2 Secunia PSI Agent; C:\Program Files (x86)\Secunia\PSI\PSIA.exe [1228504 2013-07-03] (Secunia)
R2 Secunia Update Agent; C:\Program Files (x86)\Secunia\PSI\sua.exe [660184 2013-07-03] (Secunia)
S3 SensorDataService; C:\Windows\System32\SensorDataService.exe [1031680 2015-08-01] (Microsoft Corporation)
S2 SkypeUpdate; D:\Online\Skype\Updater\Updater.exe [327296 2015-06-03] (Skype Technologies)
R2 Start8; D:\System\Start 8\Ver 1.5\Start8Srv.exe [143288 2014-06-12] (Stardock Software, Inc)
R3 StateRepository; C:\Windows\system32\windows.staterepository.dll [2674176 2015-07-10] (Microsoft Corporation)
R3 StateRepository; C:\Windows\SysWOW64\windows.staterepository.dll [2049024 2015-07-10] (Microsoft Corporation)
R2 SynTPEnhService; C:\Program Files\Synaptics\SynTP\SynTPEnhService.exe [246472 2015-07-17] (Synaptics Incorporated)
S3 UnistoreSvc; C:\Windows\System32\unistore.dll [1203200 2015-08-01] (Microsoft Corporation)
S3 UnistoreSvc; C:\Windows\SysWOW64\unistore.dll [925696 2015-08-01] (Microsoft Corporation)
R3 UnistoreSvc_Session1; C:\WINDOWS\System32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UnistoreSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 UserDataSvc; C:\Windows\System32\userdataservice.dll [1420288 2015-07-29] (Microsoft Corporation)
R3 UserDataSvc_Session1; C:\WINDOWS\system32\svchost.exe [39856 2015-07-10] (Microsoft Corporation)
R3 UserDataSvc_Session1; C:\WINDOWS\SysWOW64\svchost.exe [35176 2015-07-10] (Microsoft Corporation)
S3 vmicvmsession; C:\Windows\System32\ICSvc.dll [506880 2015-07-10] (Microsoft Corporation)
S3 WalletService; C:\Windows\system32\WalletService.dll [504320 2015-07-10] (Microsoft Corporation)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WinTabService; C:\WINDOWS\System32\Drivers\WTSRV.EXE [73728 2009-10-06] (Tablet Driver) [File not signed]
S3 XblAuthManager; C:\Windows\System32\XblAuthManager.dll [918016 2015-07-10] (Microsoft Corporation)
S3 XblGameSave; C:\Windows\System32\XblGameSave.dll [1149440 2015-07-10] (Microsoft Corporation)
S3 XboxNetApiSvc; C:\Windows\system32\XboxNetApiSvc.dll [1019392 2015-07-10] (Microsoft Corporation)

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R3 bcbtums; C:\Windows\system32\drivers\bcbtums.sys [170712 2013-10-28] (Broadcom Corporation.)
R1 cbfs4; C:\WINDOWS\system32\drivers\cbfs4.sys [387776 2013-11-15] (EldoS Corporation)
R3 CompositeBus; C:\Windows\System32\DriverStore\FileRepository\compositebus.inf_amd64_98334ba6e76853ba\CompositeBus.sys [39936 2015-07-10] (Microsoft Corporation)
R2 Dokan; C:\WINDOWS\system32\drivers\dokan.sys [120408 2014-07-09] (Windows (R) Win 7 DDK provider)
S0 ebdrv; C:\Windows\System32\drivers\evbda.sys [3436896 2015-07-10] (QLogic Corporation)
S3 epmntdrv; C:\WINDOWS\system32\epmntdrv.sys [18528 2014-11-18] ()
S3 epmntdrv; C:\WINDOWS\SysWOW64\epmntdrv.sys [14944 2014-11-18] ()
R0 EUBKMON; C:\Windows\System32\drivers\EUBKMON.sys [48168 2014-12-15] ()
S3 EuGdiDrv; C:\WINDOWS\system32\EuGdiDrv.sys [10848 2014-11-18] ()
S3 EuGdiDrv; C:\WINDOWS\SysWOW64\EuGdiDrv.sys [10208 2014-11-18] ()
R1 FileCrypt; C:\Windows\System32\drivers\filecrypt.sys [83968 2015-07-10] (Microsoft Corporation)
S3 genericusbfn; C:\Windows\System32\drivers\genericusbfn.sys [20992 2015-07-10] (Microsoft Corporation)
R1 GpuEnergyDrv; C:\Windows\System32\drivers\gpuenergydrv.sys [8192 2015-07-10] (Microsoft Corporation)
R3 i8042HDR; C:\Windows\system32\DRIVERS\i8042HDR.sys [15920 2009-08-15] (Windows (R) Codename Longhorn DDK provider)
S3 ibbus; C:\Windows\System32\drivers\ibbus.sys [424800 2015-07-10] (Mellanox)
S3 IoQos; C:\Windows\System32\drivers\ioqos.sys [26624 2015-07-10] (Microsoft Corporation)
S0 LSI_SAS3i; C:\Windows\System32\drivers\lsi_sas3i.sys [99168 2015-07-10] (Avago Technologies)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [113880 2015-08-16] (Malwarebytes Corporation)
S3 mlx4_bus; C:\Windows\System32\drivers\mlx4_bus.sys [705376 2015-07-10] (Mellanox)
R3 msvad_simple; C:\Windows\system32\drivers\povrtdev.sys [28528 2013-12-17] (MediaMall Technologies, Inc.)
S3 ndfltr; C:\Windows\System32\drivers\ndfltr.sys [76128 2015-07-10] (Mellanox)
R3 PSI; C:\Windows\System32\DRIVERS\psi_mf_amd64.sys [18456 2013-07-03] (Secunia)
R3 rt640x64; C:\Windows\System32\drivers\rt640x64.sys [587264 2015-07-10] (Realtek )
R3 SbieDrv; D:\Security\SandBoxie\SbieDrv.sys [190088 2015-06-23] (Sandboxie Holdings, LLC)
R3 SmbDrvI; C:\Windows\system32\DRIVERS\Smb_driver_Intel.sys [42696 2015-07-17] (Synaptics Incorporated)
R2 storqosflt; C:\Windows\System32\drivers\storqosflt.sys [61952 2015-07-10] (Microsoft Corporation)
R3 swenum; C:\Windows\System32\DriverStore\FileRepository\swenum.inf_amd64_2a699e44676b7781\swenum.sys [17760 2015-07-10] (Microsoft Corporation)
S3 UcmCx0101; C:\Windows\System32\Drivers\UcmCx.sys [61952 2015-07-10] (Microsoft Corporation)
S3 UcmUcsi; C:\Windows\System32\drivers\UcmUcsi.sys [46080 2015-08-01] (Microsoft Corporation)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
R3 vpnpbus; C:\Windows\System32\drivers\vpnpbus.sys [18624 2013-11-15] (EldoS Corporation)
R0 WindowsTrustedRT; C:\Windows\System32\drivers\WindowsTrustedRT.sys [106520 2015-07-10] (Microsoft Corporation)
R0 WindowsTrustedRTProxy; C:\Windows\System32\drivers\WindowsTrustedRTProxy.sys [17944 2015-07-10] (Microsoft Corporation)
S3 WinMad; C:\Windows\System32\drivers\winmad.sys [26976 2015-07-10] (Mellanox)
S3 WinVerbs; C:\Windows\System32\drivers\winverbs.sys [59232 2015-07-10] (Mellanox)
S3 xboxgip; C:\Windows\System32\drivers\xboxgip.sys [222720 2015-07-10] (Microsoft Corporation)
S3 xinputhid; C:\Windows\System32\drivers\xinputhid.sys [25600 2015-07-10] (Microsoft Corporation)
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

NETSVC: XblGameSave -> C:\Windows\System32\XblGameSave.dll (Microsoft Corporation)
NETSVC: XboxNetApiSvc -> C:\Windows\system32\XboxNetApiSvc.dll (Microsoft Corporation)
NETSVC: UserManager -> C:\Windows\System32\usermgr.dll (Microsoft Corporation)
NETSVC: XblAuthManager -> C:\Windows\System32\XblAuthManager.dll (Microsoft Corporation)
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 23:16 - 2015-08-16 23:16 - 00017408 ___SH C:\Users\Alvar_000\Desktop\Thumbs.db
2015-08-16 23:15 - 2015-08-16 23:15 - 00016148 _____ C:\WINDOWS\system32\G7_Alvaro_HistoryPrediction.bin
2015-08-16 20:02 - 2015-08-16 20:02 - 00001068 _____ C:\Users\Alvar_000\Desktop\JRT.txt
2015-08-16 19:36 - 2015-08-16 23:17 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-08-16 18:51 - 2015-08-16 18:51 - 00000000 ___HD C:\OneDriveTemp
2015-08-16 17:32 - 2015-08-16 23:18 - 00000000 ____D C:\Users\Alvar_000\Desktop\Fake BSOD
2015-08-15 13:36 - 2015-08-12 04:57 - 02178560 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-08-15 13:36 - 2015-08-12 04:22 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-08-13 08:46 - 2015-08-13 08:47 - 04951180 _____ C:\Users\Alvar_000\Downloads\at-carla_cox_03_fgye_02.wmv
2015-08-12 16:31 - 2015-08-12 16:35 - 09636352 _____ C:\Users\Alvar_000\Downloads\tellegaru00E1unarosa-1.pps
2015-08-12 15:49 - 2015-08-12 15:49 - 00000000 ____D C:\Users\Alvar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Dropbox
2015-08-12 12:58 - 2015-08-12 12:58 - 00597283 _____ C:\Users\Alvar_000\Documents\SysnativeFileCollectionApp.zip
2015-08-12 12:41 - 2015-08-12 12:58 - 00000000 ____D C:\Users\Alvar_000\Documents\SysnativeFileCollectionApp
2015-08-12 12:40 - 2015-08-12 12:40 - 00158720 _____ (Sysnative) C:\Users\Alvar_000\Downloads\SysnativeBSODCollectionApp (1).exe
2015-08-12 12:39 - 2015-08-12 12:40 - 00158720 _____ (Sysnative) C:\Users\Alvar_000\Downloads\SysnativeBSODCollectionApp.exe
2015-08-12 06:46 - 2015-08-12 06:46 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-08-12 05:44 - 2015-08-05 22:36 - 21874176 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-08-12 05:44 - 2015-08-03 23:21 - 16709120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-08-12 05:44 - 2015-08-02 22:18 - 08613200 _____ (Microsoft Corp.) C:\WINDOWS\system32\Windows.Media.Protection.PlayReady.dll
2015-08-12 05:44 - 2015-08-02 21:56 - 06878256 _____ (Microsoft Corp.) C:\WINDOWS\SysWOW64\Windows.Media.Protection.PlayReady.dll
2015-08-12 05:44 - 2015-08-02 21:24 - 24592384 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-08-12 05:43 - 2015-08-08 03:30 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-08-12 05:43 - 2015-08-08 03:29 - 01822280 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntdll.dll
2015-08-12 05:43 - 2015-08-08 03:19 - 00608936 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
2015-08-12 05:43 - 2015-08-08 03:01 - 01533496 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntdll.dll
2015-08-12 05:43 - 2015-08-08 02:48 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
2015-08-12 05:43 - 2015-08-08 02:40 - 00365056 _____ (Adobe Systems Incorporated) C:\WINDOWS\system32\atmfd.dll
2015-08-12 05:43 - 2015-08-08 02:24 - 02415104 _____ (Microsoft Corporation) C:\WINDOWS\system32\DWrite.dll
2015-08-12 05:43 - 2015-08-08 02:24 - 01679360 _____ (Microsoft Corporation) C:\WINDOWS\system32\FntCache.dll
2015-08-12 05:43 - 2015-08-08 02:22 - 01105920 _____ (Microsoft Corporation) C:\WINDOWS\system32\sysmain.dll
2015-08-12 05:43 - 2015-08-08 02:21 - 00642048 _____ (Microsoft Corporation) C:\WINDOWS\system32\rdbui.dll
2015-08-12 05:43 - 2015-08-08 02:15 - 00303104 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\atmfd.dll
2015-08-12 05:43 - 2015-08-08 02:00 - 01985024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DWrite.dll
2015-08-12 05:43 - 2015-08-05 23:18 - 00290768 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppHost.exe
2015-08-12 05:43 - 2015-08-05 23:17 - 00237392 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\rdyboost.sys
2015-08-12 05:43 - 2015-08-05 23:17 - 00200528 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wof.sys
2015-08-12 05:43 - 2015-08-05 22:22 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\WdiWiFi.sys
2015-08-12 05:43 - 2015-08-05 22:03 - 18805248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-08-12 05:43 - 2015-08-05 00:49 - 00783112 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsvr.dll
2015-08-12 05:43 - 2015-08-05 00:29 - 00644128 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsvr.dll
2015-08-12 05:43 - 2015-08-05 00:03 - 02416640 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-08-12 05:43 - 2015-08-05 00:00 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActionCenter.dll
2015-08-12 05:43 - 2015-08-04 23:54 - 01274880 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-08-12 05:43 - 2015-08-04 23:47 - 03588096 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-08-12 05:43 - 2015-08-04 23:47 - 01383424 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-08-12 05:43 - 2015-08-04 23:43 - 01916416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-08-12 05:43 - 2015-08-04 23:39 - 00261632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ActionCenter.dll
2015-08-12 05:43 - 2015-08-04 00:08 - 02462648 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfcore.dll
2015-08-12 05:43 - 2015-08-04 00:07 - 00102752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\mountmgr.sys
2015-08-12 05:43 - 2015-08-04 00:06 - 00583128 _____ (Microsoft Corporation) C:\WINDOWS\system32\mf.dll
2015-08-12 05:43 - 2015-08-04 00:06 - 00243248 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfps.dll
2015-08-12 05:43 - 2015-08-03 23:50 - 02151208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfcore.dll
2015-08-12 05:43 - 2015-08-03 23:23 - 00078848 _____ (Microsoft Corporation) C:\WINDOWS\system32\VPNv2CSP.dll
2015-08-12 05:43 - 2015-08-03 23:10 - 13025792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-08-12 05:43 - 2015-08-03 22:59 - 01212416 _____ (Microsoft Corporation) C:\WINDOWS\system32\RemoteNaturalLanguage.dll
2015-08-12 05:43 - 2015-08-03 22:47 - 00898560 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\RemoteNaturalLanguage.dll
2015-08-12 05:43 - 2015-08-02 22:32 - 00306688 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationObjFactory.dll
2015-08-12 05:43 - 2015-08-02 22:28 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NotificationObjFactory.dll
2015-08-12 05:43 - 2015-08-02 22:19 - 00505696 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms2.sys
2015-08-12 05:43 - 2015-08-02 22:19 - 00393568 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgmms1.sys
2015-08-12 05:43 - 2015-08-02 22:18 - 01983840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dxgkrnl.sys
2015-08-12 05:43 - 2015-08-02 22:18 - 00594472 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Shell.Broker.dll
2015-08-12 05:43 - 2015-08-02 22:18 - 00046432 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\msgpiowin32.sys
2015-08-12 05:43 - 2015-08-02 22:17 - 00516960 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\USBHUB3.SYS
2015-08-12 05:43 - 2015-08-02 22:17 - 00052264 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\wpcfltr.sys
2015-08-12 05:43 - 2015-08-02 22:13 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-08-12 05:43 - 2015-08-02 22:12 - 00801632 _____ (Microsoft Corporation) C:\WINDOWS\system32\WWAHost.exe
2015-08-12 05:43 - 2015-08-02 21:50 - 20857848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-08-12 05:43 - 2015-08-02 21:49 - 00700256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\WWAHost.exe
2015-08-12 05:43 - 2015-08-02 21:31 - 00911360 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModel.dll
2015-08-12 05:43 - 2015-08-02 21:30 - 00253952 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_UserAccount.dll
2015-08-12 05:43 - 2015-08-02 21:24 - 00503808 _____ (Microsoft Corporation) C:\WINDOWS\system32\tileobjserver.dll
2015-08-12 05:43 - 2015-08-02 21:24 - 00282112 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEEventDispatcher.dll
2015-08-12 05:43 - 2015-08-02 21:24 - 00193536 _____ (Microsoft Corporation) C:\WINDOWS\system32\SharedStartModelShim.dll
2015-08-12 05:43 - 2015-08-02 21:23 - 02446336 _____ C:\WINDOWS\system32\InputService.dll
2015-08-12 05:43 - 2015-08-02 21:23 - 00122880 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEDataLayerHelpers.dll
2015-08-12 05:43 - 2015-08-02 21:22 - 01601536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Speech.dll
2015-08-12 05:43 - 2015-08-02 21:22 - 01008640 _____ (Microsoft Corporation) C:\WINDOWS\system32\schedsvc.dll
2015-08-12 05:43 - 2015-08-02 21:22 - 00317440 _____ (Microsoft Corporation) C:\WINDOWS\system32\configmanager2.dll
2015-08-12 05:43 - 2015-08-02 21:22 - 00293376 _____ C:\WINDOWS\system32\TextInputFramework.dll
2015-08-12 05:43 - 2015-08-02 21:21 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\coredpus.dll
2015-08-12 05:43 - 2015-08-02 21:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\system32\notepad.exe
2015-08-12 05:43 - 2015-08-02 21:19 - 00215040 _____ (Microsoft Corporation) C:\WINDOWS\notepad.exe
2015-08-12 05:43 - 2015-08-02 21:18 - 12503552 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-08-12 05:43 - 2015-08-02 21:18 - 03780096 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_nt.dll
2015-08-12 05:43 - 2015-08-02 21:18 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\system32\SubscriptionMgr.dll
2015-08-12 05:43 - 2015-08-02 21:18 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkStatus.dll
2015-08-12 05:43 - 2015-08-02 21:15 - 01290752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Shell.dll
2015-08-12 05:43 - 2015-08-02 21:15 - 00988672 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
2015-08-12 05:43 - 2015-08-02 21:15 - 00595456 _____ (Microsoft Corporation) C:\WINDOWS\system32\LogonController.dll
2015-08-12 05:43 - 2015-08-02 21:15 - 00573440 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.Desktop.dll
2015-08-12 05:43 - 2015-08-02 21:15 - 00384000 _____ (Microsoft Corporation) C:\WINDOWS\system32\LockAppBroker.dll
2015-08-12 05:43 - 2015-08-02 21:15 - 00171520 _____ (Microsoft Corporation) C:\WINDOWS\system32\WinBioDataModel.dll
2015-08-12 05:43 - 2015-08-02 21:14 - 00273920 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.LockScreen.dll
2015-08-12 05:43 - 2015-08-02 21:14 - 00247808 _____ C:\WINDOWS\system32\facecredentialprovider.dll
2015-08-12 05:43 - 2015-08-02 21:12 - 19323392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-08-12 05:43 - 2015-08-02 21:12 - 01890304 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmcore.dll
2015-08-12 05:43 - 2015-08-02 21:12 - 01823232 _____ C:\WINDOWS\SysWOW64\InputService.dll
2015-08-12 05:43 - 2015-08-02 21:12 - 00217088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEEventDispatcher.dll
2015-08-12 05:43 - 2015-08-02 21:12 - 00081920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VEDataLayerHelpers.dll
2015-08-12 05:43 - 2015-08-02 21:11 - 00814080 _____ (Microsoft Corporation) C:\WINDOWS\system32\msctfuimanager.dll
2015-08-12 05:43 - 2015-08-02 21:11 - 00200704 _____ C:\WINDOWS\SysWOW64\TextInputFramework.dll
2015-08-12 05:43 - 2015-08-02 21:10 - 01162240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Speech.dll
2015-08-12 05:43 - 2015-08-02 21:06 - 00207872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\notepad.exe
2015-08-12 05:43 - 2015-08-02 21:03 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LogonController.dll
2015-08-12 05:43 - 2015-08-02 21:02 - 00311808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppBroker.dll
2015-08-12 05:43 - 2015-08-02 21:02 - 00195072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.LockScreen.dll
2015-08-12 05:43 - 2015-08-02 21:01 - 11262464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-08-12 05:43 - 2015-08-02 21:00 - 01593856 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmcore.dll
2015-08-12 05:43 - 2015-08-02 20:59 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msctfuimanager.dll
2015-08-10 23:18 - 2015-08-10 23:19 - 06781852 _____ C:\Users\Alvar_000\Downloads\MOTOCICLISTAS ITALIANOS.wmv
2015-08-09 11:09 - 2015-08-09 11:09 - 10854986 _____ C:\Users\Alvar_000\Downloads\VID-20150607-WA0000.mp4
2015-08-09 11:07 - 2015-08-09 11:07 - 01314056 _____ C:\Users\Alvar_000\Downloads\VID-20150805-WA000.mp4
2015-08-09 01:23 - 2015-08-09 01:23 - 09355004 _____ C:\Users\Alvar_000\Downloads\VID-20150703-WA0008.mp4
2015-08-07 11:24 - 2015-08-07 11:24 - 00007600 _____ C:\Users\Alvar_000\AppData\Local\Resmon.ResmonCfg
2015-08-05 23:34 - 2015-07-30 02:24 - 01561872 _____ (Microsoft Corporation) C:\WINDOWS\system32\winmde.dll
2015-08-05 23:34 - 2015-07-30 02:21 - 00816576 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmpeg2srcsnk.dll
2015-08-05 23:34 - 2015-07-30 02:17 - 01200400 _____ (Microsoft Corporation) C:\WINDOWS\system32\rpcrt4.dll
2015-08-05 23:34 - 2015-07-30 02:17 - 01025840 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfsrcsnk.dll
2015-08-05 23:34 - 2015-07-30 02:16 - 02147080 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3d9.dll
2015-08-05 23:34 - 2015-07-30 02:09 - 01562968 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmpmde.dll
2015-08-05 23:34 - 2015-07-30 02:06 - 01043872 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmp4srcsnk.dll
2015-08-05 23:34 - 2015-07-30 02:05 - 02498808 _____ C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-05 23:34 - 2015-07-30 02:05 - 00501008 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEng.dll
2015-08-05 23:34 - 2015-07-30 02:04 - 01396064 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-08-05 23:34 - 2015-07-30 02:03 - 02116448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ntfs.sys
2015-08-05 23:34 - 2015-07-30 00:29 - 00705520 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\rpcrt4.dll
2015-08-05 23:34 - 2015-07-30 00:26 - 01867160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3d9.dll
2015-08-05 23:34 - 2015-07-30 00:26 - 00877016 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmp4srcsnk.dll
2015-08-05 23:34 - 2015-07-30 00:25 - 01356368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winmde.dll
2015-08-05 23:34 - 2015-07-30 00:25 - 00713312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmpeg2srcsnk.dll
2015-08-05 23:34 - 2015-07-30 00:24 - 01769056 _____ C:\WINDOWS\SysWOW64\CoreUIComponents.dll
2015-08-05 23:34 - 2015-07-30 00:21 - 00962400 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-08-05 23:34 - 2015-07-30 00:12 - 00287744 _____ (Microsoft Corporation) C:\WINDOWS\system32\provhandlers.dll
2015-08-05 23:34 - 2015-07-29 23:52 - 00859136 _____ (Microsoft Corporation) C:\WINDOWS\system32\modernexecserver.dll
2015-08-05 23:34 - 2015-07-29 23:52 - 00521216 _____ (Microsoft Corporation) C:\WINDOWS\system32\PsmServiceExtHost.dll
2015-08-05 23:34 - 2015-07-29 23:49 - 11557888 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.dll
2015-08-05 23:34 - 2015-07-29 23:49 - 00777728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.dll
2015-08-05 23:34 - 2015-07-29 23:46 - 02125312 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinui.appcore.dll
2015-08-05 23:34 - 2015-07-29 23:44 - 02662400 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Logon.dll
2015-08-05 23:34 - 2015-07-29 23:42 - 00518144 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationController.dll
2015-08-05 23:34 - 2015-07-29 23:41 - 00407040 _____ (Microsoft Corporation) C:\WINDOWS\system32\CredProvDataModel.dll
2015-08-05 23:34 - 2015-07-29 23:40 - 00846336 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpncore.dll
2015-08-05 23:34 - 2015-07-29 23:29 - 00654848 _____ (Microsoft Corporation) C:\WINDOWS\system32\PlayToManager.dll
2015-08-05 23:34 - 2015-07-29 23:15 - 09889792 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.dll
2015-08-05 23:34 - 2015-07-29 23:10 - 00585728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.dll
2015-08-05 23:34 - 2015-07-29 23:06 - 01820160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Logon.dll
2015-08-05 23:34 - 2015-07-29 23:04 - 01714176 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinui.appcore.dll
2015-08-05 23:34 - 2015-07-29 23:04 - 00335360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CredProvDataModel.dll
2015-08-05 23:33 - 2015-07-30 02:23 - 00527952 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioSes.dll
2015-08-05 23:33 - 2015-07-30 02:15 - 00632168 _____ (Microsoft Corporation) C:\WINDOWS\system32\dxgi.dll
2015-08-05 23:33 - 2015-07-30 02:14 - 00333168 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFPlay.dll
2015-08-05 23:33 - 2015-07-30 01:24 - 00252768 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContentDeliveryManager.Utilities.dll
2015-08-05 23:33 - 2015-07-30 00:42 - 01643872 _____ (Microsoft Corporation) C:\WINDOWS\system32\diagtrack.dll
2015-08-05 23:33 - 2015-07-30 00:24 - 00445240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioEng.dll
2015-08-05 23:33 - 2015-07-30 00:24 - 00407616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AudioSes.dll
2015-08-05 23:33 - 2015-07-30 00:24 - 00285632 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFPlay.dll
2015-08-05 23:33 - 2015-07-30 00:22 - 00896144 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfsrcsnk.dll
2015-08-05 23:33 - 2015-07-30 00:22 - 00507696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dxgi.dll
2015-08-05 23:33 - 2015-07-30 00:12 - 00268800 _____ (Microsoft Corporation) C:\WINDOWS\system32\provengine.dll
2015-08-05 23:33 - 2015-07-30 00:09 - 00024576 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManagerShellext.exe
2015-08-05 23:33 - 2015-07-30 00:08 - 00494592 _____ (Microsoft Corporation) C:\WINDOWS\system32\StoreAgent.dll
2015-08-05 23:33 - 2015-07-30 00:08 - 00168960 _____ (Microsoft Corporation) C:\WINDOWS\system32\InstallAgent.exe
2015-08-05 23:33 - 2015-07-30 00:08 - 00055296 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotificationUx.exe
2015-08-05 23:33 - 2015-07-29 23:59 - 00187904 _____ (Microsoft Corporation) C:\WINDOWS\system32\provisioningcsp.dll
2015-08-05 23:33 - 2015-07-29 23:52 - 00075264 _____ (Microsoft Corporation) C:\WINDOWS\system32\ACPBackgroundManagerPolicy.dll
2015-08-05 23:33 - 2015-07-29 23:49 - 00324096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-05 23:33 - 2015-07-29 23:46 - 00593920 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmsvc.dll
2015-08-05 23:33 - 2015-07-29 23:46 - 00487424 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfmkvsrcsnk.dll
2015-08-05 23:33 - 2015-07-29 23:46 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\wcmcsp.dll
2015-08-05 23:33 - 2015-07-29 23:45 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\system32\fwpolicyiomgr.dll
2015-08-05 23:33 - 2015-07-29 23:45 - 00155136 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tunnel.sys
2015-08-05 23:33 - 2015-07-29 23:44 - 00280064 _____ (Microsoft Corporation) C:\WINDOWS\system32\AudioEndpointBuilder.dll
2015-08-05 23:33 - 2015-07-29 23:44 - 00229376 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorService.dll
2015-08-05 23:33 - 2015-07-29 23:44 - 00091648 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsNativeApi.V2.dll
2015-08-05 23:33 - 2015-07-29 23:44 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthhfenum.sys
2015-08-05 23:33 - 2015-07-29 23:44 - 00041984 _____ (Microsoft Corporation) C:\WINDOWS\system32\VoiceActivationManager.dll
2015-08-05 23:33 - 2015-07-29 23:41 - 00028672 _____ (Microsoft Corporation) C:\WINDOWS\system32\NotificationControllerPS.dll
2015-08-05 23:33 - 2015-07-29 23:38 - 01420288 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-08-05 23:33 - 2015-07-29 23:38 - 00080384 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxSysprep.dll
2015-08-05 23:33 - 2015-07-29 23:34 - 00599552 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpnapps.dll
2015-08-05 23:33 - 2015-07-29 23:10 - 00247808 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.ApplicationModel.Store.TestingFramework.dll
2015-08-05 23:33 - 2015-07-29 23:07 - 00163328 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fwpolicyiomgr.dll
2015-08-05 23:33 - 2015-07-29 23:06 - 00373248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfmkvsrcsnk.dll
2015-08-05 23:33 - 2015-07-29 23:06 - 00078336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsNativeApi.V2.dll
2015-08-05 23:33 - 2015-07-29 23:06 - 00034816 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\VoiceActivationManager.dll
2015-08-05 23:33 - 2015-07-29 22:59 - 00473088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wpnapps.dll
2015-08-05 23:33 - 2015-07-29 22:58 - 00497152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PlayToManager.dll
2015-08-04 00:42 - 2015-08-04 00:42 - 01798176 _____ (Malwarebytes Corporation) C:\Users\Alvar_000\Desktop\JRT.exe
2015-08-03 13:22 - 2015-08-03 19:35 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-08-03 13:22 - 2015-08-03 13:22 - 00001535 _____ C:\Users\Alvar_000\Desktop\SDScan.exe - Shortcut.lnk
2015-08-03 07:34 - 2015-08-03 07:38 - 07493720 _____ C:\Users\Alvar_000\Downloads\VID-20150730-WA0004.mp4
2015-08-01 09:59 - 2015-08-01 09:59 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-08-01 09:39 - 2015-08-01 09:42 - 00000000 ____D C:\Users\Alvar_000\AppData\Local\MicrosoftEdge
2015-08-01 07:35 - 2015-08-01 07:35 - 00000000 ____D C:\Users\Alvar_000\AppData\Local\NetworkTiles
2015-08-01 04:15 - 2015-08-01 01:31 - 00000000 ___DC C:\WINDOWS\Panther
2015-08-01 04:08 - 2015-08-01 04:09 - 00000000 ____D C:\Windows.old
2015-08-01 04:07 - 2015-08-01 04:07 - 14241792 _____ (Microsoft Corporation) C:\WINDOWS\system32\wmp.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 12589056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wmp.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 07569408 _____ (Microsoft Corporation) C:\WINDOWS\system32\mos.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 07523328 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 07051264 _____ (Microsoft Corporation) C:\WINDOWS\system32\BingMaps.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 06488312 _____ (Microsoft Corporation) C:\WINDOWS\system32\windows.storage.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 06305792 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Search.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 06101504 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mos.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 05118024 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\windows.storage.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 05076480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\BingMaps.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 04791296 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 04760576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ExplorerFrame.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 04611584 _____ (Microsoft Corporation) C:\WINDOWS\system32\actxprxy.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 04532304 _____ (Microsoft Corporation) C:\WINDOWS\explorer.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 04398080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Search.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 04350464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ExplorerFrame.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 04169728 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbon.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 04047288 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\explorer.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 03687936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msi.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 03620736 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 03579904 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 03443200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbon.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 03362816 _____ (Microsoft Corporation) C:\WINDOWS\system32\msi.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 03248640 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\msftedit.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 02878000 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 02741760 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininet.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 02646528 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 02606080 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msftedit.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 02558976 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssrch.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 02235904 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuaueng.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 02224128 _____ (Microsoft Corporation) C:\WINDOWS\system32\NetworkMobileSettings.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 02207744 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wininet.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 02112512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\actxprxy.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01964544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mssrch.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01773056 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Immersive.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01611264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Immersive.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01591856 _____ (Microsoft Corporation) C:\WINDOWS\system32\gdi32.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01521664 _____ (Microsoft Corporation) C:\WINDOWS\system32\ActiveSyncProvider.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01418240 _____ (Microsoft Corporation) C:\WINDOWS\system32\RecoveryDrive.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 01417216 _____ (Microsoft Corporation) C:\WINDOWS\system32\lsasrv.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01411072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Editing.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01365072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\gdi32.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01334784 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIAutomationCore.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-08-01 04:07 - 2015-08-01 04:07 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Bluetooth.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01203200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01201664 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Cred.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01177600 _____ (Microsoft Corporation) C:\WINDOWS\system32\wwansvc.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01169408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dosvc.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01168736 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\ndis.sys
2015-08-01 04:07 - 2015-08-01 04:07 - 01135312 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipUp.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 01112064 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIAutomationCore.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01101792 _____ (Microsoft Corporation) C:\WINDOWS\system32\MrmCoreR.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01085776 _____ (Microsoft Corporation) C:\WINDOWS\system32\mfplat.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01067520 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01061888 _____ (Microsoft Corporation) C:\WINDOWS\system32\reseteng.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01043968 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Editing.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 01031680 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorDataService.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-08-01 04:07 - 2015-08-01 04:07 - 00991584 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReAgent.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-08-01 04:07 - 2015-08-01 04:07 - 00966424 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00934752 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\refsv1.sys
2015-08-01 04:07 - 2015-08-01 04:07 - 00925696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00916800 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mfplat.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00902656 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchIndexer.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00872448 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntshrui.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00869376 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapControlCore.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00856064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00855552 _____ (Microsoft Corporation) C:\WINDOWS\system32\winhttp.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00850432 _____ (Microsoft Corporation) C:\WINDOWS\system32\comdlg32.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00845664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReAgent.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00841728 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.Import.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00832512 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapsStore.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00828416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Bluetooth.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00823336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MrmCoreR.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00808856 _____ (Microsoft Corporation) C:\WINDOWS\system32\CoreMessaging.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00799232 _____ (Microsoft Corporation) C:\WINDOWS\system32\wpccpl.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00798208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ntshrui.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00783872 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuapi.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00762896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00754688 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Cred.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\efscore.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00750592 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\comdlg32.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00712192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchIndexer.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00695136 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimgapi.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00680448 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Networking.Connectivity.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00679424 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppContracts.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00677888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wuapi.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00670208 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieproxy.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00667136 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\winhttp.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00658568 _____ (Microsoft Corporation) C:\WINDOWS\system32\ClipSVC.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00630160 _____ (Microsoft Corporation) C:\WINDOWS\system32\wer.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00623616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00607008 _____ (Microsoft Corporation) C:\WINDOWS\system32\ci.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00601344 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\cng.sys
2015-08-01 04:07 - 2015-08-01 04:07 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00589824 _____ (Microsoft Corporation) C:\WINDOWS\system32\uxtheme.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00589312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\efscore.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UIRibbonRes.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Sensors.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00584704 _____ (Microsoft Corporation) C:\WINDOWS\system32\UIRibbonRes.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00584544 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wimgapi.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00578048 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00575488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.Import.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00569344 _____ (Microsoft Corporation) C:\WINDOWS\system32\MCRecvSrc.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00565088 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\acpi.sys
2015-08-01 04:07 - 2015-08-01 04:07 - 00562688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MbaeApi.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00553472 _____ (Microsoft Corporation) C:\WINDOWS\system32\GamePanel.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00542720 _____ (Microsoft Corporation) C:\WINDOWS\system32\SearchFolder.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00521568 _____ (Microsoft Corporation) C:\WINDOWS\system32\wimserv.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00510976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CoreMessaging.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00505344 _____ C:\WINDOWS\system32\EditionUpgradeManagerObj.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00503296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Networking.Connectivity.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-08-01 04:07 - 2015-08-01 04:07 - 00485888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BlockedShutdown.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MCRecvSrc.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00465920 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00458752 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\uxtheme.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00452608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SearchFolder.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00448512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MbaeApi.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00446976 _____ (Microsoft Corporation) C:\WINDOWS\system32\MapConfiguration.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppContracts.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00437248 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Sensors.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00430592 _____ (Microsoft Corporation) C:\WINDOWS\system32\sppcomapi.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00425824 _____ (Microsoft Corporation) C:\WINDOWS\system32\hal.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00421888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Internal.Bluetooth.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00420352 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\GamePanel.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00416256 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdedit.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00414720 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.BioFeedback.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00412672 _____ C:\WINDOWS\system32\diagtrack_win.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00403968 _____ C:\WINDOWS\system32\diagtrack_wininternal.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00366592 _____ (Microsoft Corporation) C:\WINDOWS\system32\wuuhext.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00359936 _____ (Microsoft Corporation) C:\WINDOWS\system32\ncsi.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00356352 _____ (Microsoft Corporation) C:\WINDOWS\system32\stobject.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00343040 _____ (Microsoft Corporation) C:\WINDOWS\system32\usocore.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00342528 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcastdvr.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00335248 _____ (Microsoft Corporation) C:\WINDOWS\system32\wintrust.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00329728 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00328704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MapConfiguration.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00325984 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\pci.sys
2015-08-01 04:07 - 2015-08-01 04:07 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BlockedShutdown.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00322048 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\stobject.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00316928 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConhostV2.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00310784 _____ (Microsoft Corporation) C:\WINDOWS\system32\SensorsApi.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00303616 _____ (Microsoft Corporation) C:\WINDOWS\system32\MBMediaManager.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00296960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Internal.Bluetooth.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00294912 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieproxy.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00291840 _____ (Microsoft Corporation) C:\WINDOWS\system32\systemcpl.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00290312 _____ (Microsoft Corporation) C:\WINDOWS\system32\wininit.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00283648 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.BioFeedback.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00279552 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\systemcpl.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00275456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcastdvr.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00271872 _____ (Microsoft Corporation) C:\WINDOWS\system32\ConsoleLogon.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00265480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\wintrust.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00263168 _____ (Microsoft Corporation) C:\WINDOWS\system32\DisplayManager.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00251392 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\SensorsApi.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00242264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LockAppHost.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00242176 _____ (Microsoft Corporation) C:\WINDOWS\system32\updatehandlers.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00235008 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Notifications.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00232960 _____ (Microsoft Corporation) C:\WINDOWS\system32\DevicesFlowBroker.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00208736 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppxAllUserStore.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\system32\srumsvc.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00204288 _____ (Microsoft Corporation) C:\WINDOWS\system32\OmaDmAgent.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00193024 _____ (Microsoft Corporation) C:\WINDOWS\system32\EnterpriseModernAppMgmtCSP.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00191488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\DisplayManager.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00190464 _____ (Microsoft Corporation) C:\WINDOWS\system32\ReInfo.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00186880 _____ (Microsoft Corporation) C:\WINDOWS\system32\BootMenuUX.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00185856 _____ (Microsoft Corporation) C:\WINDOWS\system32\psmsrv.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00185344 _____ (Microsoft Corporation) C:\WINDOWS\system32\cloudAP.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00181760 _____ (Microsoft Corporation) C:\WINDOWS\system32\shutdownux.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00181088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppxAllUserStore.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00179712 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_SignInOptions.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00179200 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\srumsvc.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00176640 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcdboot.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00169984 _____ (Microsoft Corporation) C:\WINDOWS\system32\storewuauth.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00167424 _____ (Microsoft Corporation) C:\WINDOWS\system32\SettingsHandlers_Privacy.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00162304 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ReInfo.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00151040 _____ (Microsoft Corporation) C:\WINDOWS\system32\TabSvc.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00150528 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusNotification.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00148992 _____ (Microsoft Corporation) C:\WINDOWS\system32\tetheringservice.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00137216 _____ (Microsoft Corporation) C:\WINDOWS\system32\VEStoreEventHandlers.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00123392 _____ (Microsoft Corporation) C:\WINDOWS\system32\mssprxy.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00120832 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmclient.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00116736 _____ (Microsoft Corporation) C:\WINDOWS\system32\sendmail.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00107520 _____ (Microsoft Corporation) C:\WINDOWS\system32\dwmapi.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00104960 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\sendmail.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00097128 _____ (Microsoft Corporation) C:\WINDOWS\system32\bcd.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00093696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dwmapi.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00084480 _____ (Microsoft Corporation) C:\WINDOWS\system32\spbcd.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00082616 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\bcd.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00069632 _____ (Microsoft Corporation) C:\WINDOWS\system32\setbcdlocale.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\spbcd.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00068096 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.ProxyStub.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00067072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbser.sys
2015-08-01 04:07 - 2015-08-01 04:07 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\msiexec.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00064000 _____ (Microsoft Corporation) C:\WINDOWS\system32\unenrollhook.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00061280 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\dam.sys
2015-08-01 04:07 - 2015-08-01 04:07 - 00060928 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.OneCore.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00058368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msiexec.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00057856 _____ (Microsoft Corporation) C:\WINDOWS\system32\hmkd.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00056320 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Cortana.PAL.Desktop.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00053248 _____ (Microsoft Corporation) C:\WINDOWS\system32\omadmprc.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00046080 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\UcmUcsi.sys
2015-08-01 04:07 - 2015-08-01 04:07 - 00045568 _____ (Adobe Systems) C:\WINDOWS\system32\atmlib.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00045056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\hmkd.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00037376 _____ (Adobe Systems) C:\WINDOWS\SysWOW64\atmlib.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00032768 _____ C:\WINDOWS\system32\LicenseManagerApi.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00032768 _____ (Microsoft Corporation) C:\WINDOWS\system32\calc.exe
2015-08-01 04:07 - 2015-08-01 04:07 - 00031232 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\calc.exe
2015-08-01 04:04 - 2015-07-10 00:37 - 09565696 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsData000a.dll
2015-08-01 04:04 - 2015-07-10 00:36 - 09893888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\NlsLexicons000a.dll
2015-08-01 04:04 - 2015-07-10 00:26 - 09687040 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsData000a.dll
2015-08-01 04:04 - 2015-07-10 00:25 - 09893888 _____ (Microsoft Corporation) C:\WINDOWS\system32\NlsLexicons000a.dll
2015-08-01 04:03 - 2015-08-01 04:03 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-08-01 04:01 - 2009-08-15 00:58 - 00015920 _____ (Windows (R) Codename Longhorn DDK provider) C:\WINDOWS\system32\Drivers\i8042HDR.sys
2015-08-01 04:00 - 2015-08-01 04:00 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-08-01 04:00 - 2015-08-01 04:00 - 00000000 ____D C:\Program Files\MSBuild
2015-08-01 04:00 - 2015-08-01 04:00 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-08-01 04:00 - 2015-08-01 04:00 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-08-01 04:00 - 2015-06-17 22:10 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\system32\TsWpfWrp.exe
2015-08-01 04:00 - 2015-05-30 01:07 - 00778936 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationNative_v0300.dll
2015-08-01 04:00 - 2015-05-30 01:07 - 00102608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PresentationCFFRasterizerNative_v0300.dll
2015-08-01 04:00 - 2015-05-30 01:07 - 00035480 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TsWpfWrp.exe
2015-08-01 03:59 - 2015-06-17 22:10 - 01166520 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationNative_v0300.dll
2015-08-01 03:59 - 2015-06-17 22:10 - 00124112 _____ (Microsoft Corporation) C:\WINDOWS\system32\PresentationCFFRasterizerNative_v0300.dll
2015-08-01 01:43 - 2015-08-01 01:43 - 00000000 ____D C:\Users\Alvar_000\AppData\Local\PeerDistRepub
2015-08-01 01:33 - 2015-08-01 01:33 - 00001053 _____ C:\Users\Alvar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Optional Features.lnk
2015-08-01 01:30 - 2015-08-09 00:32 - 00002561 _____ C:\Users\Public\Desktop\Mouse without Borders.lnk
2015-08-01 01:25 - 2015-08-01 01:26 - 00002386 _____ C:\Users\Alvar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-08-01 01:23 - 2015-08-01 01:23 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-08-01 01:22 - 2015-08-01 08:56 - 00000000 ____D C:\Users\Alvar_000\AppData\Local\Comms
2015-08-01 01:20 - 2015-08-01 01:20 - 00000000 ____D C:\Users\Alvar_000\AppData\Local\Publishers
2015-08-01 01:18 - 2015-08-01 01:18 - 00000020 ___SH C:\Users\Alvar_000\ntuser.ini
2015-08-01 01:18 - 2015-08-01 01:18 - 00000000 ____D C:\Users\Alvar_000\AppData\Local\TileDataLayer
2015-08-01 00:43 - 2015-08-07 11:24 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-08-01 00:38 - 2015-07-10 06:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-08-01 00:32 - 2015-08-01 00:32 - 00001576 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Media Player.lnk
2015-08-01 00:32 - 2015-08-01 00:32 - 00000000 ____D C:\Users\Default\Documents\Visual Studio 2008
2015-08-01 00:32 - 2015-08-01 00:32 - 00000000 ____D C:\Users\Default\AppData\Local\Microsoft Help
2015-08-01 00:32 - 2015-08-01 00:32 - 00000000 ____D C:\Users\Default User\Documents\Visual Studio 2008
2015-08-01 00:32 - 2015-08-01 00:32 - 00000000 ____D C:\Users\Default User\AppData\Local\Microsoft Help
2015-08-01 00:26 - 2015-08-01 00:26 - 00000000 ____D C:\WINDOWS\system32\config\bbimigrate
2015-08-01 00:24 - 2015-08-16 11:39 - 00000000 ____D C:\Users\Alvar_000
2015-08-01 00:24 - 2015-08-01 01:18 - 00000000 ___RD C:\Users\Alvar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-01 00:24 - 2015-08-01 00:34 - 00000000 ___RD C:\Users\Alvar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-08-01 00:24 - 2015-08-01 00:25 - 00000000 ___RD C:\Users\Alvar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-08-01 00:24 - 2015-07-10 07:04 - 00000000 __RSD C:\Users\Alvar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-08-01 00:24 - 2015-07-10 07:04 - 00000000 ____D C:\Users\Alvar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-08-01 00:20 - 2015-08-01 00:26 - 00000000 ____D C:\ProgramData\Brother
2015-08-01 00:20 - 2015-08-01 00:20 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_SynTP_01011.Wdf
2015-08-01 00:19 - 2015-08-01 00:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-08-01 00:19 - 2015-08-01 00:19 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_Smb_driver_Intel_01011.Wdf
2015-08-01 00:19 - 2015-08-01 00:19 - 00000000 ____D C:\WINDOWS\SysWOW64\sda
2015-08-01 00:19 - 2015-08-01 00:19 - 00000000 ____D C:\Program Files\Synaptics
2015-08-01 00:17 - 2015-08-01 00:18 - 00037945 _____ C:\WINDOWS\system32\NetSetupMig.log
2015-07-30 14:13 - 2015-07-30 14:13 - 00011264 _____ C:\8
2015-07-28 09:12 - 2015-08-14 10:19 - 00001576 _____ C:\WINDOWS\Sandboxie.ini
2015-07-28 09:12 - 2015-08-01 00:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Sandboxie
2015-07-28 09:12 - 2015-07-28 09:12 - 00000849 _____ C:\Users\Alvar_000\Desktop\Sandboxed Web Browser.lnk
2015-07-27 23:03 - 2015-07-27 23:03 - 00000000 ____D C:\Users\Alvar_000\AppData\Roaming\Auslogics
2015-07-26 07:09 - 2015-07-26 07:09 - 01996896 _____ (BitTorrent Inc.) C:\Users\Alvar_000\Downloads\uTorrent.exe
2015-07-26 06:44 - 2015-07-26 06:44 - 04614144 _____ C:\Users\Alvar_000\Downloads\msxml6_SDK.msi
2015-07-25 00:37 - 2015-08-13 23:55 - 00000000 ____D C:\Users\Alvar_000\AppData\Local\meq5tzhtzei3lwf
2015-07-25 00:37 - 2015-08-02 10:31 - 00003370 _____ C:\WINDOWS\System32\Tasks\Maintenance Service-meq5tzhtzei3lwf
2015-07-18 01:01 - 2015-07-18 01:01 - 00028672 ___SH C:\Users\Alvar_000\Downloads\Thumbs.db
2015-07-17 07:51 - 2015-07-17 07:51 - 01804696 _____ (Microsoft Corporation) C:\WINDOWS\system32\WdfCoInstaller01011.dll
2015-07-17 07:51 - 2015-07-17 07:51 - 00764616 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynCOM.dll
2015-07-17 07:51 - 2015-07-17 07:51 - 00614088 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\SynTP.sys
2015-07-17 07:51 - 2015-07-17 07:51 - 00419528 _____ (Synaptics Incorporated) C:\WINDOWS\SysWOW64\SynCom.dll
2015-07-17 07:51 - 2015-07-17 07:51 - 00269000 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPAPI.dll
2015-07-17 07:51 - 2015-07-17 07:51 - 00255688 _____ (Synaptics Incorporated) C:\WINDOWS\system32\SynTPCo31.dll
2015-07-17 07:51 - 2015-07-17 07:51 - 00042696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel_Aux.sys
2015-07-17 07:51 - 2015-07-17 07:51 - 00042696 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_Intel.sys
2015-07-17 07:51 - 2015-07-17 07:51 - 00042184 _____ (Synaptics Incorporated) C:\WINDOWS\system32\Drivers\Smb_driver_AMDASF_Aux.sys

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-08-16 23:18 - 2015-05-11 09:12 - 00000000 ____D C:\FRST
2015-08-16 23:17 - 2015-01-01 03:41 - 00000000 ___RD C:\Users\Alvar_000\Dropbox
2015-08-16 23:17 - 2015-01-01 03:34 - 00000000 ____D C:\Users\Alvar_000\AppData\Roaming\Dropbox
2015-08-16 23:17 - 2014-12-08 15:40 - 00000000 ____D C:\Users\Alvar_000\AppData\Roaming\Skype
2015-08-16 23:17 - 2014-04-30 11:50 - 00000000 __RDO C:\Users\Alvar_000\OneDrive
2015-08-16 23:16 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sru
2015-08-16 23:16 - 2015-02-04 13:19 - 00000902 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-08-16 23:15 - 2015-05-09 14:25 - 00001034 _____ C:\WINDOWS\Tasks\scqArpeMw4fHYqQ18UzErMR.job
2015-08-16 23:15 - 2015-05-09 14:25 - 00001022 _____ C:\WINDOWS\Tasks\cKDeY9eRuMbjiUnpS.job
2015-08-16 23:13 - 2015-07-10 08:21 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-08-16 23:13 - 2015-07-10 05:05 - 00262144 ___SH C:\WINDOWS\system32\config\BBI
2015-08-16 23:12 - 2015-04-16 14:13 - 00000000 ____D C:\AdwCleaner
2015-08-16 20:40 - 2015-02-04 13:19 - 00000906 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-08-16 19:55 - 2015-06-17 14:44 - 00000934 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4177520706-2818649810-840986709-1001UA.job
2015-08-16 19:00 - 2014-06-22 23:34 - 00113880 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-08-16 18:35 - 2014-05-01 21:47 - 00000000 ____D C:\ProgramData\Corel
2015-08-16 18:35 - 2014-05-01 21:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CorelDRAW Graphics Suite X6
2015-08-16 18:04 - 2015-02-20 19:13 - 00000000 ____D C:\Program Files\Common Files\Adobe
2015-08-16 18:04 - 2014-09-17 14:34 - 00000000 ____D C:\ProgramData\Adobe
2015-08-16 18:03 - 2015-02-22 01:54 - 00000000 ____D C:\Program Files (x86)\Adobe
2015-08-16 17:27 - 2014-05-05 20:48 - 00000000 ____D C:\Users\Alvar_000\AppData\Roaming\uTorrent
2015-08-16 03:33 - 2014-09-17 14:22 - 00000000 ____D C:\Users\Alvar_000\AppData\Local\Adobe
2015-08-15 13:47 - 2015-07-16 01:37 - 00000892 _____ C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job
2015-08-15 13:42 - 2015-07-10 06:55 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-08-13 23:55 - 2015-07-10 07:04 - 00000000 __RSD C:\WINDOWS\Media
2015-08-13 23:51 - 2015-07-01 13:30 - 00000000 ____D C:\Users\Alvar_000\AppData\Local\mew5bzhvzg43c2e
2015-08-13 10:20 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\rescache
2015-08-12 15:03 - 2015-07-10 08:20 - 00430928 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-08-12 15:02 - 2014-06-13 22:19 - 00000000 ____D C:\Program Files\Microsoft Silverlight
2015-08-12 15:02 - 2014-06-13 22:19 - 00000000 ____D C:\Program Files (x86)\Microsoft Silverlight
2015-08-12 15:00 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 15:00 - 2015-07-10 07:04 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-08-12 14:59 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-08-12 14:59 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-08-12 14:59 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-08-12 13:09 - 2014-04-30 23:20 - 00115832 _____ C:\Users\Alvar_000\AppData\Local\GDIPFONTCACHEV1.DAT
2015-08-12 07:03 - 2014-06-13 22:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Silverlight
2015-08-12 07:03 - 2014-04-30 18:58 - 00000000 ____D C:\ProgramData\Microsoft Help
2015-08-12 07:01 - 2014-04-29 00:58 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-08-12 06:51 - 2014-04-29 00:58 - 132483416 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-08-10 23:47 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-08-10 03:00 - 2015-04-02 21:42 - 00000000 ____D C:\ProgramData\TEMP
2015-08-10 02:54 - 2015-06-17 14:44 - 00000882 _____ C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4177520706-2818649810-840986709-1001Core.job
2015-08-10 00:30 - 2014-04-30 23:54 - 00000000 ____D C:\Users\Alvar_000\AppData\Local\CyberGhost
2015-08-09 00:32 - 2014-12-21 15:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Garage
2015-08-08 11:38 - 2015-07-10 07:06 - 00794088 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-08-08 11:38 - 2015-07-10 07:06 - 00179688 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-08-07 08:36 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Provisioning
2015-08-07 00:26 - 2014-05-03 17:22 - 00000000 ____D C:\Users\Alvar_000\AppData\Roaming\vlc
2015-08-05 23:56 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\restore
2015-08-05 23:45 - 2015-06-10 11:31 - 00000802 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Opera.lnk
2015-08-03 19:40 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-08-03 19:35 - 2015-06-17 09:28 - 00000000 ____D C:\Users\Alvar_000\AppData\Local\mfa5vtgtzek3bmf
2015-08-01 07:36 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-08-01 07:34 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\appcompat
2015-08-01 04:14 - 2015-07-10 07:04 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-08-01 04:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-08-01 04:08 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-08-01 04:08 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-08-01 04:08 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-08-01 01:38 - 2014-04-28 22:19 - 00000000 ____D C:\Users\Alvar_000\AppData\Local\Packages
2015-08-01 01:34 - 2014-04-30 06:34 - 00000405 _____ C:\Users\Alvar_000\Desktop\Control Panel.lnk
2015-08-01 01:33 - 2015-07-10 09:12 - 00000000 ____D C:\WINDOWS\OCR
2015-08-01 01:19 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-08-01 01:19 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-08-01 01:19 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-08-01 01:18 - 2015-07-10 07:04 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-08-01 00:51 - 2014-04-30 06:34 - 00011433 _____ C:\WINDOWS\diagwrn.xml
2015-08-01 00:51 - 2014-04-30 06:34 - 00011433 _____ C:\WINDOWS\diagerr.xml
2015-08-01 00:49 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Registration
2015-08-01 00:48 - 2015-07-16 01:40 - 00003324 _____ C:\WINDOWS\System32\Tasks\{4CD69DC4-9310-4B31-B3B1-04DAA76A4B5A}
2015-08-01 00:48 - 2015-07-16 01:37 - 00003956 _____ C:\WINDOWS\System32\Tasks\Adobe Flash Player PPAPI Notifier
2015-08-01 00:48 - 2015-06-17 14:44 - 00003992 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4177520706-2818649810-840986709-1001UA
2015-08-01 00:48 - 2015-06-17 14:44 - 00003612 _____ C:\WINDOWS\System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4177520706-2818649810-840986709-1001Core
2015-08-01 00:48 - 2015-05-09 14:25 - 00004140 _____ C:\WINDOWS\System32\Tasks\scqArpeMw4fHYqQ18UzErMR
2015-08-01 00:48 - 2015-05-09 14:25 - 00004128 _____ C:\WINDOWS\System32\Tasks\cKDeY9eRuMbjiUnpS
2015-08-01 00:48 - 2015-04-08 06:57 - 00003270 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe
2015-08-01 00:48 - 2015-04-08 06:57 - 00003244 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe
2015-08-01 00:48 - 2015-04-08 06:57 - 00003242 _____ C:\WINDOWS\System32\Tasks\Microsoft_Hardware_Launch_itype_exe
2015-08-01 00:48 - 2015-04-08 06:57 - 00003214 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe
2015-08-01 00:48 - 2015-04-08 06:57 - 00003212 _____ C:\WINDOWS\System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe
2015-08-01 00:48 - 2015-04-01 11:37 - 00003284 _____ C:\WINDOWS\System32\Tasks\{7CC9FD2E-7F31-4CAA-94E6-2A0CF60EC3BF}
2015-08-01 00:48 - 2015-02-04 13:19 - 00003988 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-08-01 00:48 - 2015-02-04 13:19 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-08-01 00:48 - 2014-12-08 15:35 - 00003292 _____ C:\WINDOWS\System32\Tasks\{3C662AA4-E3E5-4401-A537-DC0DF2824C1A}
2015-08-01 00:48 - 2014-09-11 19:33 - 00002932 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-08-01 00:48 - 2014-04-30 06:42 - 00022840 _____ C:\WINDOWS\system32\emptyregdb.dat
2015-08-01 00:48 - 2014-04-28 22:43 - 00003708 _____ C:\WINDOWS\System32\Tasks\Optimize Start Menu Cache Files-S-1-5-21-4177520706-2818649810-840986709-1001
2015-08-01 00:45 - 2015-07-10 07:04 - 00000000 __RHD C:\Users\Public\Libraries
2015-08-01 00:34 - 2015-07-10 09:14 - 00000000 ____D C:\WINDOWS\ShellNew
2015-08-01 00:34 - 2015-07-10 05:05 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-08-01 00:34 - 2015-06-01 18:09 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CanoScan LiDE 600F
2015-08-01 00:34 - 2015-05-14 11:45 - 00000000 ____D C:\Users\Alvar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\MultiCommander
2015-08-01 00:34 - 2015-04-21 12:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Chrome
2015-08-01 00:34 - 2015-04-08 06:57 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Mouse and Keyboard Center
2015-08-01 00:34 - 2015-04-02 21:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Dragon NaturallySpeaking 12.0
2015-08-01 00:34 - 2015-03-23 12:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ScanSoft OmniPage SE 2.0
2015-08-01 00:34 - 2015-03-20 15:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Todo Backup Free 8.2
2015-08-01 00:34 - 2015-03-20 15:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\EaseUS Partition Master 10.2
2015-08-01 00:34 - 2015-03-12 11:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Software995
2015-08-01 00:34 - 2015-02-20 19:18 - 00000000 ____D C:\ProgramData\regid.1986-12.com.adobe
2015-08-01 00:34 - 2015-02-16 11:35 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Duplicate Finder 2009
2015-08-01 00:34 - 2015-02-11 13:53 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon MX890 series Manual
2015-08-01 00:34 - 2015-02-11 13:40 - 00000000 ____D C:\WINDOWS\SysWOW64\STRING
2015-08-01 00:34 - 2015-02-11 13:35 - 00000000 ____D C:\WINDOWS\system32\STRING
2015-08-01 00:34 - 2015-02-04 13:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth Pro
2015-08-01 00:34 - 2015-02-02 23:55 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Boxcryptor
2015-08-01 00:34 - 2015-01-14 21:46 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CamStudio 2.7
2015-08-01 00:34 - 2014-12-08 15:40 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-08-01 00:34 - 2014-11-30 09:37 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\DOSBox-0.74
2015-08-01 00:34 - 2014-10-05 00:52 - 00000000 ____D C:\WINDOWS\en
2015-08-01 00:34 - 2014-09-11 19:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CCleaner
2015-08-01 00:34 - 2014-09-07 11:27 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\ExamDiff
2015-08-01 00:34 - 2014-08-16 16:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MyMedia
2015-08-01 00:34 - 2014-08-03 15:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Microsoft Office
2015-08-01 00:34 - 2014-08-01 13:18 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\MediaMonkey
2015-08-01 00:34 - 2014-07-16 11:12 - 00000000 ____D C:\Users\Alvar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-08-01 00:34 - 2014-07-16 11:12 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\WinRAR
2015-08-01 00:34 - 2014-07-03 14:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\FotoSketcher
2015-08-01 00:34 - 2014-06-22 23:33 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-08-01 00:34 - 2014-06-01 01:17 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\iTunes
2015-08-01 00:34 - 2014-05-29 17:44 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Rhapsody
2015-08-01 00:34 - 2014-05-20 12:36 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet Software
2015-08-01 00:34 - 2014-05-20 12:23 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet
2015-08-01 00:34 - 2014-05-20 12:22 - 00000000 ____D C:\WINDOWS\SysWOW64\TabletPmt
2015-08-01 00:34 - 2014-05-01 01:54 - 00000000 ____D C:\Users\Alvar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\IrfanView
2015-08-01 00:34 - 2014-05-01 01:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Foxit Reader
2015-08-01 00:34 - 2014-05-01 01:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Bonjour Print Services
2015-08-01 00:34 - 2014-04-30 23:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\CyberGhost 5
2015-08-01 00:34 - 2014-04-30 12:43 - 00000000 ____D C:\Users\Alvar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-08-01 00:32 - 2013-08-22 09:36 - 00000000 ____D C:\Users\Default.migrated
2015-08-01 00:29 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-08-01 00:29 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2015-08-01 00:29 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-08-01 00:29 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2015-08-01 00:29 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-08-01 00:29 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2015-08-01 00:29 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2015-08-01 00:29 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2015-08-01 00:29 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-08-01 00:29 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-08-01 00:29 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\th-TH
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\spool
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\IME
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\he-IL
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-08-01 00:28 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-08-01 00:28 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Shared
2015-08-01 00:28 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\system32\WindowsInternal.Inbox.Media.Shared
2015-08-01 00:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2015-08-01 00:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-08-01 00:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Speech
2015-08-01 00:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\Resources
2015-08-01 00:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-08-01 00:27 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\InputMethod
2015-08-01 00:27 - 2015-06-01 18:09 - 00000000 ___HD C:\WINDOWS\system32\CanonIJ Uninstaller Information
2015-08-01 00:27 - 2014-06-22 10:36 - 00000000 ____D C:\WINDOWS\system32\appmgmt
2015-08-01 00:27 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\MediaViewer
2015-08-01 00:27 - 2013-08-22 11:36 - 00000000 ____D C:\WINDOWS\ADFS
2015-08-01 00:26 - 2015-07-10 07:04 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-08-01 00:26 - 2015-07-10 07:04 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-08-01 00:26 - 2015-06-24 08:48 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-08-01 00:26 - 2015-04-22 17:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Stardock
2015-08-01 00:26 - 2015-03-24 12:31 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon
2015-08-01 00:26 - 2015-03-16 17:59 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Digital Photo Software
2015-08-01 00:26 - 2014-10-22 00:39 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AnvSoft
2015-08-01 00:26 - 2014-09-17 16:07 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\National Geographic
2015-08-01 00:26 - 2014-05-03 07:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\PolderbitS
2015-08-01 00:26 - 2014-04-28 22:19 - 00000000 ____D C:\ProgramData\PRICache
2015-08-01 00:25 - 2014-10-27 17:22 - 00000000 ____D C:\Users\Alvar_000\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Freemake
2015-08-01 00:23 - 2015-07-10 05:05 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-08-01 00:23 - 2014-04-27 05:31 - 00000000 __SHD C:\Recovery
2015-08-01 00:16 - 2015-07-10 05:05 - 00000000 __RHD C:\Users\Default
2015-07-31 23:41 - 2015-07-10 09:39 - 00000000 ___HD C:\$Windows.~BT
2015-07-27 19:26 - 2014-05-01 21:54 - 00000000 ____D C:\Users\Alvar_000\AppData\Roaming\MediaMonkey
2015-07-26 06:47 - 2015-04-28 18:27 - 00000000 ____D C:\Program Files (x86)\Skype
2015-07-26 06:47 - 2014-12-08 15:39 - 00000000 ____D C:\ProgramData\Skype
2015-07-23 16:30 - 2015-02-25 11:17 - 00111068 _____ C:\WINDOWS\wininit.ini

==================== Files in the root of some directories =======

2015-04-01 11:36 - 2015-04-01 11:37 - 0000378 _____ () C:\Program Files (x86)\temp995.bat
2015-01-14 21:44 - 2015-01-14 21:44 - 0000046 _____ () C:\Users\Alvar_000\AppData\Roaming\Camdata.ini
2015-01-14 21:44 - 2015-01-14 21:44 - 0000408 _____ () C:\Users\Alvar_000\AppData\Roaming\CamLayout.ini
2015-01-14 21:44 - 2015-01-14 21:44 - 0000408 _____ () C:\Users\Alvar_000\AppData\Roaming\CamShapes.ini
2015-01-14 21:44 - 2015-01-14 21:44 - 0004535 _____ () C:\Users\Alvar_000\AppData\Roaming\CamStudio.cfg
2015-04-14 12:28 - 2015-04-14 12:28 - 0004387 _____ () C:\Users\Alvar_000\AppData\Roaming\cKDeY9eRuMbjiUnpS
2014-08-13 08:17 - 2014-12-10 21:11 - 0000307 _____ () C:\Users\Alvar_000\AppData\Roaming\FotoSketcher.ini
2014-06-01 16:16 - 2013-04-19 02:13 - 13492224 _____ () C:\Users\Alvar_000\AppData\Roaming\Sandra.mdb
2015-04-02 22:51 - 2015-04-02 22:51 - 0001555 _____ () C:\Users\Alvar_000\AppData\Roaming\SAS7_000.DAT
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Alvar_000\AppData\Roaming\scqArpeMw4fHYqQ18UzErMR
2015-01-14 21:43 - 2015-01-14 21:43 - 0000096 _____ () C:\Users\Alvar_000\AppData\Roaming\version2.xml
2014-09-26 12:02 - 2015-02-02 18:19 - 0005632 _____ () C:\Users\Alvar_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
2015-08-07 11:24 - 2015-08-07 11:24 - 0007600 _____ () C:\Users\Alvar_000\AppData\Local\Resmon.ResmonCfg
2015-04-01 11:35 - 2015-04-01 11:36 - 0011834 _____ () C:\Users\Alvar_000\AppData\Local\Temp-log.txt

Some files in TEMP:
====================
C:\Users\Alvar_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplwgdhb.dll
C:\Users\Alvar_000\AppData\Local\Temp\Quarantine.exe
C:\Users\Alvar_000\AppData\Local\Temp\sqlite3.dll


==================== Bamital & volsnap =================

(There is no automatic fix for files that do not pass verification.)

C:\WINDOWS\system32\winlogon.exe => File is digitally signed
C:\WINDOWS\system32\wininit.exe => File is digitally signed
C:\WINDOWS\explorer.exe => File is digitally signed
C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
C:\WINDOWS\system32\svchost.exe => File is digitally signed
C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
C:\WINDOWS\system32\services.exe => File is digitally signed
C:\WINDOWS\system32\User32.dll => File is digitally signed
C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
C:\WINDOWS\system32\userinit.exe => File is digitally signed
C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
C:\WINDOWS\system32\rpcss.dll => File is digitally signed
C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


LastRegBack: 2015-08-12 06:37

==================== End of log ============================
 
Last edited by a moderator:
Additional scan result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Alvaro (2015-08-16 23:20:58)
Running from C:\Users\Alvar_000\Desktop\Fake BSOD
Boot Mode: Normal
==========================================================


==================== Accounts: =============================

Administrator (S-1-5-21-4177520706-2818649810-840986709-500 - Administrator - Disabled)
Alitos (S-1-5-21-4177520706-2818649810-840986709-1003 - Limited - Enabled)
Alvaro (S-1-5-21-4177520706-2818649810-840986709-1001 - Administrator - Enabled) => C:\Users\Alvar_000
DefaultAccount (S-1-5-21-4177520706-2818649810-840986709-503 - Limited - Disabled)
Guest (S-1-5-21-4177520706-2818649810-840986709-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-4177520706-2818649810-840986709-1004 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Adobe Flash Player 18 NPAPI (HKLM-x32\...\Adobe Flash Player NPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
Adobe Flash Player 18 PPAPI (HKLM-x32\...\Adobe Flash Player PPAPI) (Version: 18.0.0.209 - Adobe Systems Incorporated)
ADrive Desktop (HKLM-x32\...\ADrive Desktop) (Version: 2.1 - ADrive)
Any Video Converter 5.7.3 (HKLM-x32\...\Any Video Converter_is1) (Version: - Any-Video-Converter.com)
Apple Application Support (HKLM-x32\...\{D9DAD0FF-495A-472B-9F10-BAE430A26682}) (Version: 3.0.3 - Apple Inc.)
Apple Mobile Device Support (HKLM\...\{787136D2-F0F8-4625-AA3F-72D7795AC842}) (Version: 7.1.1.3 - Apple Inc.)
Apple Software Update (HKLM-x32\...\{789A5B64-9DD9-4BA5-915A-F0FC0A1B7BFE}) (Version: 2.1.3.127 - Apple Inc.)
Belarc Advisor 8.4 (HKLM-x32\...\Belarc Advisor) (Version: 8.4.0.0 - Belarc Inc.)
Bonjour (HKLM\...\{6E3610B2-430D-4EB0-81E3-2B57E8B9DE8D}) (Version: 3.0.0.10 - Apple Inc.)
Bonjour Print Services (HKLM\...\{0DA20600-6130-443B-9D4B-F30520315FA6}) (Version: 2.0.2.0 - Apple Inc.)
Boxcryptor 2.0 (HKLM-x32\...\{682BE88C-F965-4127-AE0E-7A7DEA0192AB}) (Version: 2.0.415.357 - Secomba GmbH)
CamStudio 2.7.2 (HKLM\...\{04B83666-3A62-452B-85D3-70F8117F2329}_is1) (Version: 2.7.2 - CamStudio Open Source)
Canon CanoScan Toolbox 5.0 (HKLM-x32\...\CanoScan Toolbox 5.0) (Version: - )
Canon MX890 series On-screen Manual (HKLM-x32\...\Canon MX890 series On-screen Manual) (Version: - )
CanoScan LiDE 600F (HKLM\...\{1199FAD5-9546-44f3-81CF-FFDB8040B7BF}_CNQ4802) (Version: - )
CanoScan Toolbox Ver4.8 (HKLM-x32\...\{444B6A7B-0E26-4416-A43F-D1C9AAE6075D}) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.06 - Piriform)
ConvertHelper 3.1.1 (HKLM\...\{27CC6AB1-E72B-4179-AF1A-EAE507EBAF52}}_is1) (Version: - DownloadHelper)
CyberGhost 5 (HKLM\...\CyberGhost 5_is1) (Version: - CyberGhost S.R.L.)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
Do It Again (HKLM-x32\...\{85BF0E64-6ABB-4EA1-A026-A3DEA6554A60}) (Version: 1.6.0 - spacetornado software)
Dragon NaturallySpeaking 12 (HKLM-x32\...\{D5D422B9-6976-4E98-8DDF-9632CB515D7E}) (Version: 12.50.000 - Nuance Communications Inc.)
Dropbox (HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\Dropbox) (Version: 3.8.6 - Dropbox, Inc.)
EaseUS Partition Master 10.2 (HKLM-x32\...\EaseUS Partition Master_is1) (Version: - EaseUS)
EaseUS Todo Backup Free 8.2 (HKLM-x32\...\EaseUS Todo Backup_is1) (Version: 8.2 - CHENGDU YIWO Tech Development Co., Ltd)
ESET Online Scanner v3 (HKLM-x32\...\ESET Online Scanner) (Version: - )
ExamDiff 1.9 (Build 1.9.0.2) (HKLM-x32\...\ExamDiff_is1) (Version: 1.9.0.2 - PrestoSoft LLC)
FotoMorph version 13.8 (HKLM-x32\...\{87A9A094-22A8-4F8A-9B7D-03D7CA48CE15}_is1) (Version: 13.8 - Digital Photo Software)
FotoSketcher 2.85 (HKLM-x32\...\{E7C6D565-2E48-4303-A114-AFE7B2E561AF}_is1) (Version: - David THOIRON)
Foxit Reader (HKLM-x32\...\Foxit Reader_is1) (Version: 6.0.5.618 - Foxit Corporation)
Glary Duplicate Cleaner 5.0.1.18 (HKLM-x32\...\Glary Duplicate Cleaner) (Version: 5.0.1.18 - Glarysoft Ltd)
Google Chrome (HKLM-x32\...\Google Chrome) (Version: 44.0.2403.155 - Google Inc.)
Google Earth Pro (HKLM-x32\...\{44FC61F0-2F8A-11E3-8CAE-B8AC6F97B88E}) (Version: 7.1.2.2041 - Google)
Google Update Helper (x32 Version: 1.3.25.11 - Google Inc.) Hidden
Google Update Helper (x32 Version: 1.3.28.1 - Google Inc.) Hidden
IrfanView (remove only) (HKLM-x32\...\IrfanView) (Version: 4.37 - Irfan Skiljan)
iTunes (HKLM\...\{5A68A656-979F-4168-8795-E2E368AA4DC2}) (Version: 11.2.2.3 - Apple Inc.)
LastPass (uninstall only) (HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\LastPass) (Version: - LastPass)
Malwarebytes Anti-Malware version 2.1.8.1057 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.1.8.1057 - Malwarebytes Corporation)
Manual CanoScan 8400F (HKLM-x32\...\{50CD421F-CAFD-46C4-BEFD-E1C46FE63062}) (Version: - )
MediaMonkey 4.1 (HKLM-x32\...\MediaMonkey_is1) (Version: 4.1 - Ventis Media Inc.)
Microsoft Garage Mouse without Borders (HKLM-x32\...\{D3BC954F-D661-474C-B367-30EB6E56542E}) (Version: 2.1.2.1212 - Microsoft Garage)
Microsoft Mouse and Keyboard Center (HKLM\...\Microsoft Mouse and Keyboard Center) (Version: 2.3.188.0 - Microsoft Corporation)
Microsoft Office 2007 Service Pack 3 (SP3) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{6E107EB7-8B55-48BF-ACCB-199F86A2CD93}) (Version: - Microsoft)
Microsoft Office File Validation Add-In (HKLM-x32\...\{90140000-2005-0000-0000-0000000FF1CE}) (Version: 14.0.5130.5003 - Microsoft Corporation)
Microsoft Office Professional 2007 (HKLM-x32\...\PROR) (Version: 12.0.6612.1000 - Microsoft Corporation)
Microsoft Silverlight (HKLM\...\{89F4137D-6C26-4A84-BDB8-2E5A4BB71E00}) (Version: 5.1.40728.0 - Microsoft Corporation)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.17 (HKLM\...\{8220EEFE-38CD-377E-8595-13398D740ACE}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.17 (HKLM-x32\...\{9A25302D-30C0-39D9-BD6F-21E6EC160475}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2010 x64 Redistributable - 10.0.40219 (HKLM\...\{1D8E6291-B0D5-35EC-8441-6616F567A0F7}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2010 x86 Redistributable - 10.0.40219 (HKLM-x32\...\{F0C3E5D1-1ADE-321E-8167-68EF0DE699A5}) (Version: 10.0.40219 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x64) - 11.0.61030 (HKLM-x32\...\{ca67548a-5ebe-413a-b50c-4b9ceb6d66c6}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2012 Redistributable (x86) - 11.0.61030 (HKLM-x32\...\{33d1fd90-4274-48a1-9bc1-97e33d9c2d6f}) (Version: 11.0.61030.0 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x64) - 12.0.21005 (HKLM-x32\...\{7f51bdb9-ee21-49ee-94d6-90afc321780e}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual C++ 2013 Redistributable (x86) - 12.0.21005 (HKLM-x32\...\{ce085a78-074e-4823-8dc1-8a721b94b76d}) (Version: 12.0.21005.1 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 - ENU (HKLM-x32\...\{AA4A4B2C-0465-3CF8-BA76-27A027D8ACAB}) (Version: 9.0.30729 - Microsoft Corporation)
Microsoft Visual Studio Tools for Applications 2.0 Runtime (HKLM-x32\...\{299C0434-4F4E-341F-A916-4E07AEB35E79}) (Version: 9.0.30729 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
Mozilla Firefox 38.0.5 (x86 en-US) (HKLM-x32\...\Mozilla Firefox 38.0.5 (x86 en-US)) (Version: 38.0.5 - Mozilla)
Mozilla Firefox 40.0.2 (x86 en-US) (HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\Mozilla Firefox 40.0.2 (x86 en-US)) (Version: 40.0.2 - Mozilla)
Mozilla Maintenance Service (HKLM-x32\...\MozillaMaintenanceService) (Version: 23.0 - Mozilla)
MSXML 4.0 SP2 Parser and SDK (HKLM-x32\...\{716E0306-8318-4364-8B8F-0CC4E9376BAC}) (Version: 4.20.9818.0 - Microsoft Corporation)
MultiCommander (x64) (HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\MultiCommander x64) (Version: 5.1.1.1926 - Mathias Svensson)
MyMedia (HKLM-x32\...\{B02FC041-77B8-4C86-B0E1-0A6304070CEB}) (Version: 3.10.0 - MediaMall Technologies, Inc.)
OmniPage SE 2.0 (HKLM-x32\...\{79D5997E-BF79-48BB-8B41-9BE59C15C2D7}) (Version: 2.00.0004 - ScanSoft, Inc.)
Opera Stable 31.0.1889.99 (HKLM-x32\...\Opera 31.0.1889.99) (Version: 31.0.1889.99 - Opera Software)
PolderbitS Sound Recorder and Editor (64-bit Edition) (HKLM\...\PolderbitSRecorder64) (Version: 9.0.0.129 - PolderbitS Software)
Rhapsody (HKLM-x32\...\Rhapsody) (Version: - )
Sandboxie 4.20 (64-bit) (HKLM\...\Sandboxie) (Version: 4.20 - Sandboxie Holdings, LLC)
Secunia PSI (3.0.0.7011) (HKLM-x32\...\Secunia PSI) (Version: 3.0.0.7011 - Secunia)
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.4.0.9058 - Microsoft Corporation)
Skype™ 7.6 (HKLM-x32\...\{24991BA0-F0EE-44AD-9CC8-5EC50AECF6B7}) (Version: 7.6.105 - Skype Technologies S.A.)
Spotify (HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\Spotify) (Version: 0.9.11.27.g2b1a638c - Spotify AB)
Spybot - Search & Destroy (HKLM-x32\...\{B4092C6D-E886-4CB2-BA68-FE5A99D31DE7}_is1) (Version: 2.4.40 - Safer-Networking Ltd.)
Stardock Start8 (HKLM-x32\...\Stardock Start8) (Version: 1.50 - Stardock Software, Inc.)
Synaptics TouchPad Driver (HKLM\...\SynTPDeinstKey) (Version: 19.0.12.95 - Synaptics Incorporated)
TAP-Windows 9.9.2 (HKLM\...\TAP-Windows) (Version: 9.9.2 - )
TeamViewer 9 (HKLM-x32\...\TeamViewer 9) (Version: 9.0.41110 - TeamViewer)
The Complete National Geographic (HKLM-x32\...\com.nationalgeographic.products.cng120.68B1CC4249876152EBE333BD4B7514ADB4D94062.1) (Version: 1.59 build 1121 - National Geographic Society)
The Complete National Geographic (x32 Version: 1.59.1121 - National Geographic Society) Hidden
Update for 2007 Microsoft Office System (KB967642) (HKLM-x32\...\{91120000-0014-0000-0000-0000000FF1CE}_PROR_{C444285D-5E4F-48A4-91DD-47AAAA68E92D}) (Version: - Microsoft)
Vuze (HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\8461-7759-5462-8226) (Version: 5.6.0.0 - Azureus Software, Inc.)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{005A3A96-BAC4-4B0A-94EA-C0CE100EA736}\localserver32 -> C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\Dropbox.exe (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{018D5C66-4533-4307-9B53-224DE2ED1FE6}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{1BF42E4C-4AF4-4CFD-A1A0-CF2960B8F63E}\InprocServer32 -> C:\Users\Alvar_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{5AB7172C-9C11-405C-8DD5-AF20F3606282}\InprocServer32 -> C:\Users\Alvar_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{7AFDFDDB-F914-11E4-8377-6C3BE50D980C}\InprocServer32 -> C:\Users\Alvar_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{82CA8DE3-01AD-4CEA-9D75-BE4C51810A9E}\InprocServer32 -> C:\Users\Alvar_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{A0396A93-DC06-4AEF-BEE9-95FFCCAEF20E}\InprocServer32 -> C:\Users\Alvar_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{A78ED123-AB77-406B-9962-2A5D9D2F7F30}\InprocServer32 -> C:\Users\Alvar_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{BBACC218-34EA-4666-9D7A-C78F2274A524}\InprocServer32 -> C:\Users\Alvar_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{CB3D0F55-BC2C-4C1A-85ED-23ED75B5106B}\InprocServer32 -> C:\Users\Alvar_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1A}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{E31EA727-12ED-4702-820C-4B6445F28E1B}\InprocServer32 -> C:\Windows\system32\shell32.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{ECD97DE5-3C8F-4ACB-AEEE-CCAB78F7711C}\InprocServer32 -> C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{F241C880-6982-4CE5-8CF7-7085BA96DA5A}\InprocServer32 -> C:\Users\Alvar_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncShell64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{F8071786-1FD0-4A66-81A1-3CBE29274458}\InprocServer32 -> C:\Users\Alvar_000\AppData\Local\Microsoft\OneDrive\17.3.5907.0716\amd64\FileSyncApi64.dll (Microsoft Corporation)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{FB314ED9-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{FB314EDA-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{FB314EDB-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{FB314EDC-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{FB314EDD-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{FB314EDE-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{FB314EDF-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{FB314EE0-A251-47B7-93E1-CDD82E34AF8B}\InprocServer32 -> C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)
CustomCLSID: HKU\S-1-5-21-4177520706-2818649810-840986709-1001_Classes\CLSID\{FBC9D74C-AF55-4309-9FB2-C426E071637F}\InprocServer32 -> C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\DropboxExt64.27.dll (Dropbox, Inc.)

==================== Restore Points =========================

15-08-2015 13:39:48 Windows Update
16-08-2015 18:23:00 Removed Corel Graphics - Windows Shell Extension.
16-08-2015 18:23:47 Removed Corel Graphics - Windows Shell Extension 64 Bit.

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2013-08-22 09:25 - 2013-08-22 09:25 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {00EEBA9C-F9EF-4272-B793-C830FBADD359} - System32\Tasks\Microsoft\Windows\ApplicationData\DsSvcCleanup => C:\Windows\system32\dstokenclean.exe [2015-07-10] (Microsoft Corporation)
Task: {05ED45FC-3FA5-406A-8693-672AB8FB4FA6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {06044E7B-1274-428B-8290-57442E8C74F2} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
Task: {0CCA7916-2916-4F12-BD32-1E3BE31E1269} - System32\Tasks\Microsoft\Windows\Workplace Join\Automatic-Device-Join => C:\Windows\System32\dsregcmd.exe [2015-07-10] (Microsoft Corporation)
Task: {113E16F9-7142-4812-A20F-794B57877371} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {122C4E3E-6E29-4922-B592-D3CF1F62E324} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {1302D1B9-0813-48BE-8A52-CDE8AEE55A91} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4177520706-2818649810-840986709-1001UA => C:\Users\Alvar_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {19865544-CE08-40BE-8B8C-87C47681433D} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sihboot => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {2C76BA45-2C34-401F-A81C-B35A6AE0D62D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {347470D6-D224-465A-BBBB-3A81331A5301} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {39E8D01D-EB74-4480-BE45-C0B3374FD243} - System32\Tasks\Microsoft_Hardware_Launch_ipoint_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {3AD74097-B029-4C26-991F-DCDA97BE558D} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {3F6E048D-6404-433B-8F5F-CFF4D89BF89E} - System32\Tasks\Microsoft\Windows\Application Experience\Microsoft Compatibility Appraiser => Rundll32.exe generaltel.dll,RunTelemetryW
Task: {41160EA0-208B-4C3E-B4DB-805BBABC6B93} - System32\Tasks\Microsoft\Windows\Feedback\Siuf\DmClient => C:\Windows\system32\dmclient.exe [2015-07-10] (Microsoft Corporation)
Task: {50840722-82F6-4024-9631-242AE1BD4ECC} - System32\Tasks\DropboxUpdateTaskUserS-1-5-21-4177520706-2818649810-840986709-1001Core => C:\Users\Alvar_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe [2015-06-17] (Dropbox, Inc.)
Task: {56311A08-F837-4C8A-93B4-49BDB1976447} - System32\Tasks\Microsoft_Hardware_Launch_mousekeyboardcenter_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\mousekeyboardcenter.exe [2014-03-19] (Microsoft)
Task: {56FE1397-5B34-471C-81A6-A18A99FEBC5C} - System32\Tasks\{7CC9FD2E-7F31-4CAA-94E6-2A0CF60EC3BF} => pcalua.exe -a "C:\Program Files (x86)\pdf995\res\utilities\thinsetup.exe" -c - uninstall
Task: {594DD267-9A1D-4A41-B6CC-917D9A119BD6} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-08-12] (Microsoft Corporation)
Task: {5C9AFD6A-D090-403B-B24F-F4FA6C8C71E4} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {5F475BE9-9314-40F4-BCEA-BDB6F11BC9DD} - System32\Tasks\cKDeY9eRuMbjiUnpS => C:\Users\Alvar_000\AppData\Roaming\cKDeY9eRuMbjiUnpS.exe <==== ATTENTION
Task: {68E85AB8-7A9A-44C3-AD93-0DC589EBCA24} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-02-04] (Google Inc.)
Task: {6A074816-0C25-4F2B-A20F-738C85A1F8B8} - System32\Tasks\Maintenance Service-meq5tzhtzei3lwf => C:\Users\Alvar_000\AppData\Local\meq5tzhtzei3lwf\mgi5czhvzgq3lmf.exe
Task: {70F0BAC1-F89E-4F39-BF9B-7E2F8A1214EC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {73551810-E5F4-433E-9494-0D00B55C855E} - System32\Tasks\Microsoft\Windows\Maps\MapsToastTask
Task: {78B77FA3-9D97-441D-97B6-68CEA40B4F74} - System32\Tasks\Microsoft\Windows\Application Experience\ProgramDataUpdater => Rundll32.exe generaltel.dll,RunTelemetry -maintenance
Task: {8A0FF036-4504-4FC2-93AA-18F1545278ED} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {8BDE9CD2-1985-4E81-9E71-8880B0AC7E90} - System32\Tasks\CCleanerSkipUAC => D:\Maintenance\Cleaners\CCleaner\Ver 5.06.5219\CCleaner.exe [2015-05-08] (Piriform Ltd)
Task: {8DF84CB3-D8E0-4307-A35B-CA74E21786DB} - System32\Tasks\Microsoft\Windows\Clip\License Validation => C:\Windows\system32\ClipUp.exe [2015-08-01] (Microsoft Corporation)
Task: {8F7722B9-FD4C-4A9A-818B-952D6EB65304} - System32\Tasks\Microsoft_Hardware_Launch_itype_exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {93168D3F-CD41-4940-B02A-9958B3BC6A29} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A5B6CD85-1B57-49B9-BA80-5D5D65F02826} - System32\Tasks\Microsoft\Windows\AppID\EDP Policy Manager
Task: {A8BF2741-6673-4F98-B3E3-8019F6BC41A4} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {BD4E75CE-DA6C-4DB5-A8E2-9A4EC1B74314} - System32\Tasks\scqArpeMw4fHYqQ18UzErMR => C:\Users\Alvar_000\AppData\Roaming\scqArpeMw4fHYqQ18UzErMR.exe <==== ATTENTION
Task: {BE3E835C-81E7-417F-A073-C30AEBDCD33D} - System32\Tasks\{4CD69DC4-9310-4B31-B3B1-04DAA76A4B5A} => pcalua.exe -a C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe -c -maintain pepperplugin
Task: {C56AFFD3-06B8-4A16-AF7E-F7A6EB3FAE9E} - System32\Tasks\Microsoft\Windows\TPM\Tpm-HASCertRetr
Task: {C5EE2EA2-5312-4D1F-B9D0-41B18DF31B78} - System32\Tasks\Microsoft\Windows\WindowsUpdate\sih => C:\Windows\System32\sihclient.exe [2015-07-10] (Microsoft Corporation)
Task: {C680BA7D-BD03-40AA-816D-00DA607961FD} - System32\Tasks\Microsoft_MKC_Logon_Task_itype.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\itype.exe [2014-03-19] (Microsoft Corporation)
Task: {C7A236B2-12E1-46DC-9501-3B1B0209CC09} - System32\Tasks\Microsoft\Windows\Location\WindowsActionDialog => C:\Windows\System32\WindowsActionDialog.exe [2015-07-10] (Microsoft Corporation)
Task: {C8724AEA-A4DC-4851-9DF3-6C577ED4FB7B} - System32\Tasks\Adobe Flash Player PPAPI Notifier => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe [2015-07-16] (Adobe Systems Incorporated)
Task: {ECBFEC14-BDE1-477D-BD44-41F79E214943} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {ED2E0E9F-C899-444E-9CED-9B81212F6334} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {F116B023-9218-4435-963D-66BC80D4E277} - System32\Tasks\{3C662AA4-E3E5-4401-A537-DC0DF2824C1A} => Chrome.exe Downloading and setting up Skype
Task: {F318662F-C7E2-4466-B2C5-778D77E89DF3} - System32\Tasks\Microsoft_MKC_Logon_Task_ipoint.exe => C:\Program Files\Microsoft Mouse and Keyboard Center\ipoint.exe [2014-03-19] (Microsoft Corporation)
Task: {FBCD72CB-7992-4FF7-AA11-E4274C3EED1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\Adobe Flash Player PPAPI Notifier.job => C:\WINDOWS\SysWOW64\Macromed\Flash\FlashUtil32_18_0_0_209_pepper.exe
Task: C:\WINDOWS\Tasks\cKDeY9eRuMbjiUnpS.job => C:\Users\Alvar_000\AppData\Roaming\cKDeY9eRuMbjiUnpS.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4177520706-2818649810-840986709-1001Core.job => C:\Users\Alvar_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\DropboxUpdateTaskUserS-1-5-21-4177520706-2818649810-840986709-1001UA.job => C:\Users\Alvar_000\AppData\Local\Dropbox\Update\DropboxUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\scqArpeMw4fHYqQ18UzErMR.job => C:\Users\Alvar_000\AppData\Roaming\scqArpeMw4fHYqQ18UzErMR.exe <==== ATTENTION

==================== Loaded Modules (Whitelisted) ==============

2015-07-10 07:00 - 2015-07-10 07:00 - 00028160 _____ () C:\WINDOWS\SYSTEM32\efsext.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00403968 _____ () C:\WINDOWS\System32\diagtrack_wininternal.dll
2014-07-09 07:54 - 2014-07-09 07:54 - 00014848 _____ () D:\Storage\ADrive\Desktop\mounter.exe
2015-03-20 15:52 - 2014-12-15 01:03 - 00241704 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
2015-08-05 23:34 - 2015-07-30 02:05 - 02498808 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-08-05 23:34 - 2015-07-30 02:05 - 02498808 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00471040 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-08-12 05:43 - 2015-08-02 21:09 - 02028544 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00619008 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-08-12 05:43 - 2015-08-02 21:09 - 00928768 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-08-12 05:43 - 2015-08-02 21:08 - 01806848 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-07-10 06:59 - 2015-07-10 06:59 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-08-12 05:43 - 2015-08-02 21:11 - 06569472 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-08-12 05:43 - 2015-08-02 21:14 - 00882688 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-08-12 05:43 - 2015-08-02 21:09 - 02274816 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00156160 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Dss.BackgroundTask.dll
2015-08-12 05:43 - 2015-08-02 21:08 - 01261568 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.IntentExtraction.dll
2015-07-10 07:00 - 2015-07-10 09:14 - 00099328 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\DeviceSideServicesActionUriHandler.dll
2015-08-01 04:07 - 2015-08-01 04:07 - 00577024 _____ () C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.NodeWinrtWrap.dll
2015-08-12 05:43 - 2015-08-02 22:13 - 02590560 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentDeliveryManager.Background.dll
2015-08-12 05:43 - 2015-08-02 22:12 - 02108256 _____ () C:\Windows\SystemApps\Microsoft.Windows.ContentDeliveryManager_cw5n1h2txyewy\ContentManagementSDK.dll
2015-08-10 23:38 - 2015-08-10 23:38 - 00253504 _____ () C:\Program Files\WindowsApps\Microsoft.MicrosoftOfficeHub_17.6106.23501.0_x64__8wekyb3d8bbwe\OfficeHub.Background.dll
2012-12-28 10:44 - 2012-12-28 10:44 - 00039648 _____ () C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MousewithoutBordersHelper.exe
2014-04-23 16:05 - 2014-04-23 16:05 - 00073544 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\zlib1.dll
2014-04-23 16:04 - 2014-04-23 16:04 - 01044808 _____ () C:\Program Files (x86)\Common Files\Apple\Apple Application Support\libxml2.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00098856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CodeLog.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00031272 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckTool.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00017448 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CompressFile.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00088616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBGetRemoteNetInfo.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 01296424 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\libxml2.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00060968 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\zlib1.dll
2015-03-20 15:52 - 2015-03-14 11:53 - 00107560 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActivationOnline.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\logsys.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00030248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DiskSearchImg.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00068136 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\MountImg.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00158248 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ImgFile.dll
2015-03-20 15:52 - 2015-03-14 11:54 - 00281128 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DsImgFile.dll
2015-03-20 15:52 - 2015-03-14 11:54 - 00072232 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CheckImg.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00139816 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\vhdvmdk.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00037416 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\BootDriver.dll
2015-03-20 15:52 - 2015-03-14 11:54 - 00759848 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ExImage.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00193064 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBackupSize.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00407080 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidImage.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00148008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumDisk.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00207912 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSLib.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00076840 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FatLib.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00024616 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\GetDriverInfo.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00020520 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CorrectMbr.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00032296 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EnumTapeDevice.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00034856 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbTapeBrowse.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00022568 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AccountManager.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00064040 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\RegLib.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00115752 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NasOperator.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00194088 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\EmailBrowser.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00077864 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\CloudOperator.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00037928 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\ActiveOnline.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00135720 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\VMConfig.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00020008 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\AndroidDeviceManager.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00043048 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TbDataSwap.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00096808 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\TBFireWall.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00353832 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceManager.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00027176 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\DeviceAdapter.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00137256 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Device.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00146984 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Partition.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00050216 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FileSystemAnalyser.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00061992 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\FATFileSystemAnalyser.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00089640 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\Common.dll
2015-03-20 15:52 - 2014-12-15 00:53 - 00056360 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\NTFSFileSystemAnalyser.dll
2009-10-06 14:49 - 2009-10-06 14:49 - 00266752 _____ () C:\WINDOWS\SYSTEM32\WinTab32.DLL
2015-03-20 15:52 - 2014-12-15 00:53 - 00223784 _____ () C:\Program Files (x86)\EaseUS\Todo Backup\bin\SmartBackup.dll
2015-08-16 23:17 - 2015-08-16 23:17 - 00071168 _____ () c:\Users\Alvar_000\AppData\Local\Temp\dropbox_sqlite_ext.{5f3e3153-5bce-5766-8f84-3e3e7ecf0d81}.tmplwgdhb.dll
2009-10-06 14:49 - 2009-10-06 14:49 - 00266752 _____ () C:\WINDOWS\system32\wintab32.dll
2015-03-04 17:45 - 2015-08-05 16:49 - 00012800 _____ () C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\QtQuick.2\qtquick2plugin.dll
2015-03-04 17:45 - 2015-08-05 16:49 - 00779776 _____ () C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\QtQuick\Controls\qtquickcontrolsplugin.dll
2015-07-30 13:47 - 2015-08-05 16:49 - 00056320 _____ () C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\QtQuick\Layouts\qquicklayoutsplugin.dll
2015-03-04 17:45 - 2015-08-05 16:49 - 00012288 _____ () C:\Users\Alvar_000\AppData\Roaming\Dropbox\bin\QtQuick\Window.2\windowplugin.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
AlternateDataStreams: C:\Users\Alvar_000\OneDrive:ms-properties

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\UserManager => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\Ahcache.sys => ""="Driver"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\CoreMessagingRegistrar => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\StateRepository => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\TileDataModelSvc => ""="Service"
HKLM\SYSTEM\CurrentControlSet\Control\SafeBoot\Network\UserManager => ""="Service"

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)


==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\real.com -> hxxps://rhap-app-4-0.real.com


==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-4177520706-2818649810-840986709-1001\Control Panel\Desktop\\Wallpaper -> C:\WINDOWS\web\wallpaper\Windows\img0.jpg
DNS Servers: 192.168.1.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "Install LastPass IE RunOnce.lnk"
HKLM\...\StartupApproved\StartupFolder: => "Install LastPass FF RunOnce.lnk"
HKLM\...\StartupApproved\Run: => "AdobeAAMUpdater-1.0"
HKLM\...\StartupApproved\Run32: => "iTunesHelper"
HKLM\...\StartupApproved\Run32: => "Adobe Creative Cloud"
HKLM\...\StartupApproved\Run32: => "ISUSPM"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM tray"
HKLM\...\StartupApproved\Run32: => "DNS7reminder"
HKLM\...\StartupApproved\Run32: => "OPSE reminder"
HKLM\...\StartupApproved\Run32: => "OpwareSE2"
HKLM\...\StartupApproved\Run32: => "EaseUS TB Tray Agent"
HKLM\...\StartupApproved\Run32: => "EaseUS EPM Tray Agent"
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\StartupApproved\StartupFolder: => "Nuance Dragon NaturallySpeaking Premium v13.00.000.071 Incl Keymaker-CORE-[MUMBAI-TPB].lnk"
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\StartupApproved\StartupFolder: => "bm.lnk"
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\StartupApproved\Run: => "CyberGhost"
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\StartupApproved\Run: => "uTorrent"
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\StartupApproved\Run: => "Spotify"
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\StartupApproved\Run: => "Spotify Web Helper"
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\StartupApproved\Run: => "PlayOn"
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\StartupApproved\Run: => "Spybot-S&D Cleaning"
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\StartupApproved\Run: => "Boxcryptor.exe"
HKU\S-1-5-21-4177520706-2818649810-840986709-1001\...\StartupApproved\Run: => "ISUSPM"

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [SPPSVC-In-TCP-NoScope] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [SPPSVC-In-TCP] => (Allow) %SystemRoot%\system32\sppextcomobj.exe
FirewallRules: [{67412137-0B87-4B7B-9B26-44CF55C847F9}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{1578D85A-A6FF-46A4-B3AE-32808D64DE9C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{6AAB90C6-1467-4CDB-85D1-AA83D40E168C}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\Agent.exe
FirewallRules: [TCP Query User{107C02F9-A70D-4BA3-BB4D-5EDA8E18D8D9}D:\online\skype\phone\skype.exe] => (Allow) D:\online\skype\phone\skype.exe
FirewallRules: [UDP Query User{C3D94379-C7BE-4278-A837-85945023F448}D:\online\skype\phone\skype.exe] => (Allow) D:\online\skype\phone\skype.exe
FirewallRules: [TCP Query User{02201B67-E1D3-44E7-98CE-859ADE1BADBB}D:\online\skype\phone\skype.exe] => (Block) D:\online\skype\phone\skype.exe
FirewallRules: [UDP Query User{4217FFFC-1A26-4DA4-BF4C-2158283B597A}D:\online\skype\phone\skype.exe] => (Block) D:\online\skype\phone\skype.exe
FirewallRules: [{F6589F70-6540-44A3-A582-5B5FBF6C9414}] => (Allow) C:\Program Files (x86)\Microsoft Garage\Mouse without Borders\MouseWithoutBorders.exe
FirewallRules: [{43453BF2-75BB-4C18-8E43-FE283C94A835}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{C9DB3C26-B718-4E7D-A00D-CE3353EA8F08}] => (Allow) C:\Program Files (x86)\EaseUS\Todo Backup\bin\TodoBackupService.exe
FirewallRules: [{F2816CCD-33FB-48A5-B09A-668B917B9AD3}] => (Allow) C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
StandardProfile\AuthorizedApplications: [D:\Security\Spybot\Ver 2.4\Spybot - Search & Destroy 2\SDTray.exe] => Enabled:Spybot - Search & Destroy tray access
StandardProfile\AuthorizedApplications: [D:\Security\Spybot\Ver 2.4\Spybot - Search & Destroy 2\SDFSSvc.exe] => Enabled:Spybot-S&D 2 Scanner Service
StandardProfile\AuthorizedApplications: [D:\Security\Spybot\Ver 2.4\Spybot - Search & Destroy 2\SDUpdate.exe] => Enabled:Spybot-S&D 2 Updater
StandardProfile\AuthorizedApplications: [D:\Security\Spybot\Ver 2.4\Spybot - Search & Destroy 2\SDUpdSvc.exe] => Enabled:Spybot-S&D 2 Background update service

==================== Faulty Device Manager Devices =============


==================== Event log errors: =========================

Application errors:
==================
Error: (08/16/2015 11:18:47 PM) (Source: Application Error) (EventID: 1000) (User: )
Description: Faulting application name: OHub.exe, version: 16.0.6106.2350, time stamp: 0x55c40ea1
Faulting module name: ntdll.dll, version: 10.0.10240.16430, time stamp: 0x55c59f92
Exception code: 0xc0000374
Fault offset: 0x00000000000ea28c
Faulting process id: 0x1d98
Faulting application start time: 0xOHub.exe0
Faulting application path: OHub.exe1
Faulting module path: OHub.exe2
Report Id: OHub.exe3
Faulting package full name: OHub.exe4
Faulting package-relative application ID: OHub.exe5

Error: (08/16/2015 11:10:12 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7740) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (08/16/2015 11:10:12 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7740) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (08/16/2015 11:10:02 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7740) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (08/16/2015 11:10:02 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7740) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (08/16/2015 11:09:52 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7740) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (08/16/2015 11:09:52 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7740) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (08/16/2015 11:09:41 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7740) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

Error: (08/16/2015 11:09:41 PM) (Source: ESENT) (EventID: 488) (User: )
Description: SettingSyncHost (7740) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

Error: (08/16/2015 11:09:31 PM) (Source: ESENT) (EventID: 413) (User: )
Description: SettingSyncHost (7740) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.


System errors:
=============
Error: (08/16/2015 11:19:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2015 11:19:31 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2015 11:19:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2015 11:19:30 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2015 11:19:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2015 11:19:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2015 11:19:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2015 11:19:29 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2015 11:19:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable

Error: (08/16/2015 11:19:28 PM) (Source: DCOM) (EventID: 10016) (User: NT AUTHORITY)
Description: application-specificLocalActivation{D63B10C5-BB46-4990-A94F-E40B9D520160}{9CA88EE3-ACB7-47C8-AFC4-AB702511C276}NT AUTHORITYLOCAL SERVICES-1-5-19LocalHost (Using LRPC)UnavailableUnavailable


Microsoft Office:
=========================

CodeIntegrity:
===================================
Date: 2015-08-16 11:26:08.681
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-14 10:41:06.263
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-13 09:11:57.291
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-12 12:49:53.369
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-12 12:49:53.024
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-12 06:40:45.294
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-10 00:17:22.468
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-10 00:17:21.251
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-10 00:17:21.182
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Microsoft Silverlight\xapauthenticodesip.dll that did not meet the Custom 3 / Antimalware signing level requirements.

Date: 2015-08-09 01:44:13.528
Description: Code Integrity determined that a process (\Device\HarddiskVolume2\Program Files\Windows Defender\MsMpEng.exe) attempted to load \Device\HarddiskVolume2\Program Files\Common Files\microsoft shared\OFFICE12\MSOXMLMF.DLL that did not meet the Custom 3 / Antimalware signing level requirements.


==================== Memory info ===========================

Processor: Intel(R) Core(TM) i3 CPU M 380 @ 2.53GHz
Percentage of memory in use: 58%
Total physical RAM: 3893.86 MB
Available physical RAM: 1618.87 MB
Total Virtual: 4597.86 MB
Available Virtual: 2199.12 MB

==================== Drives ================================

Drive c: (0 Main) (Fixed) (Total:96.96 GB) (Free:41.28 GB) NTFS
Drive d: (1 Apps) (Fixed) (Total:143.78 GB) (Free:122.21 GB) NTFS
Drive e: (CNG_DISC6) (CDROM) (Total:7.22 GB) (Free:0 GB) UDF

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 465.8 GB) (Disk ID: 4979AE1A)
Partition 1: (Active) - (Size=350 MB) - (Type=07 NTFS)
Partition 2: (Not Active) - (Size=97 GB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=833 MB) - (Type=27)
Partition 4: (Not Active) - (Size=143.8 GB) - (Type=07 NTFS)

==================== End of log ============================

Results of screen317's Security Check version 1.007
x64 (UAC is enabled)
Internet Explorer 11
``````````````Antivirus/Firewall Check:``````````````
Windows Firewall Enabled!
Windows Defender
WMI entry may not exist for antivirus; attempting automatic update.
`````````Anti-malware/Other Utilities Check:`````````
Spybot - Search & Destroy
Secunia PSI (3.0.0.7011)
Glary Duplicate Cleaner 5.0.1.18
Adobe Flash Player 18.0.0.209
Mozilla Firefox 38.0.5 Firefox out of Date!
Google Chrome (44.0.2403.130)
Google Chrome (44.0.2403.155)
````````Process Check: objlist.exe by Laurent````````
Windows Defender MSMpEng.exe
Skype Phone Skype.exe
Mozilla Firefox Ver 35.0.1 firefox.exe
`````````````````System Health check`````````````````
Total Fragmentation on Drive C: %
````````````````````End of Log``````````````````````
 
Last edited by a moderator:
Hi, Win10 Puzzled.

Just so you're not confused when you see the two additional posts, in order to facilitate researching your logs, I used the forum software to copy your first post and edit it to paste the logs.

1. You are using Stardock Start8. Since that was created specifically for Windows 8, you may want to replace it with Start 10.

2. A strong word of caution: P2P programs form a direct conduit on to your computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. As a result, I encourage you to uninstall Vuze.

3. Disabling via MSConfig is most definitely not the way to go. The reason is that when uninstalling or updating programs, the entry remains in MSConfig, in particular, leaving behind orphans, including adware or malware. MSConfig should only be used for trouble-shooting. A custom install or WinPatrol for controlling startup items is the best way of handling unwanted startup programs. Unfortunately, there is no guaranteed safe automated method of reversing that long list of changes made to startup via MSConfig and you'll need to do it manually if you wish to remove them.

4. Mozilla Firefox 38.0.5 is out of date. If you are using the Extended Release (Firefox ESR), it has been updated to 38.2.0. Otherwise, you need to update to version 40.

4. Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
Code: 
start
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - No File
Toolbar: HKLM-x32 - No Name - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - No File
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File
2015-07-25 00:37 - 2015-08-13 23:55 - 00000000 ____D C:\Users\Alvar_000\AppData\Local\meq5tzhtzei3lwf
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Alvar_000\AppData\Roaming\scqArpeMw4fHYqQ18UzErMR
2014-09-26 12:02 - 2015-02-02 18:19 - 0005632 _____ () C:\Users\Alvar_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Task: {05ED45FC-3FA5-406A-8693-672AB8FB4FA6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {113E16F9-7142-4812-A20F-794B57877371} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {122C4E3E-6E29-4922-B592-D3CF1F62E324} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2C76BA45-2C34-401F-A81C-B35A6AE0D62D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {347470D6-D224-465A-BBBB-3A81331A5301} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3AD74097-B029-4C26-991F-DCDA97BE558D} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {5C9AFD6A-D090-403B-B24F-F4FA6C8C71E4} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {5F475BE9-9314-40F4-BCEA-BDB6F11BC9DD} - System32\Tasks\cKDeY9eRuMbjiUnpS => C:\Users\Alvar_000\AppData\Roaming\cKDeY9eRuMbjiUnpS.exe <==== ATTENTION
Task: {70F0BAC1-F89E-4F39-BF9B-7E2F8A1214EC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8A0FF036-4504-4FC2-93AA-18F1545278ED} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {93168D3F-CD41-4940-B02A-9958B3BC6A29} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A8BF2741-6673-4F98-B3E3-8019F6BC41A4} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {BD4E75CE-DA6C-4DB5-A8E2-9A4EC1B74314} - System32\Tasks\scqArpeMw4fHYqQ18UzErMR => C:\Users\Alvar_000\AppData\Roaming\scqArpeMw4fHYqQ18UzErMR.exe <==== ATTENTION
Task: {ECBFEC14-BDE1-477D-BD44-41F79E214943} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {ED2E0E9F-C899-444E-9CED-9B81212F6334} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FBCD72CB-7992-4FF7-AA11-E4274C3EED1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\cKDeY9eRuMbjiUnpS.job => C:\Users\Alvar_000\AppData\Roaming\cKDeY9eRuMbjiUnpS.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\scqArpeMw4fHYqQ18UzErMR.job => C:\Users\Alvar_000\AppData\Roaming\scqArpeMw4fHYqQ18UzErMR.exe <==== ATTENTION
C:\Users\Alvar_000\AppData\Roaming\scqArpeMw4fHYqQ18UzErMR.exe
C:\Users\Alvar_000\AppData\Roaming\cKDeY9eRuMbjiUnpS.exe
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
C:\ProgramData\TEMP:0FF263E8
EmptyTemp:
end
  • Click Format and ensure Wordwrap is unchecked.
  • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.
 
Corrine said:
Hi, Win10 Puzzled.

Just so you're not confused when you see the two additional posts, in order to facilitate researching your logs, I used the forum software to copy your first post and edit it to paste the logs.

1. You are using Stardock Start8. Since that was created specifically for Windows 8, you may want to replace it with Start 10.

2. A strong word of caution: P2P programs form a direct conduit on to your computer. They have always been a target of malware writers and are increasingly so of late. P2P security measures are easily circumvented and if your P2P program is not configured correctly, you may be sharing more files than you realize. As a result, I encourage you to uninstall Vuze.

3. Disabling via MSConfig is most definitely not the way to go. The reason is that when uninstalling or updating programs, the entry remains in MSConfig, in particular, leaving behind orphans, including adware or malware. MSConfig should only be used for trouble-shooting. A custom install or WinPatrol for controlling startup items is the best way of handling unwanted startup programs. Unfortunately, there is no guaranteed safe automated method of reversing that long list of changes made to startup via MSConfig and you'll need to do it manually if you wish to remove them.

4. Mozilla Firefox 38.0.5 is out of date. If you are using the Extended Release (Firefox ESR), it has been updated to 38.2.0. Otherwise, you need to update to version 40.

4. Please do the following to run FRST:

Note: If the tool warns you about the version you're using being an outdated version please download and run the updated version.

NOTICE: This script was written specifically for this user. Running it on another machine may cause damage to your operating system
  • Open Notepad (Start =>All Programs => Accessories => Notepad).
  • Copy/Paste the entire contents of the code box below into Notepad.
Code: 
start
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - No File
Toolbar: HKLM-x32 - No Name - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - No File
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File
2015-07-25 00:37 - 2015-08-13 23:55 - 00000000 ____D C:\Users\Alvar_000\AppData\Local\meq5tzhtzei3lwf
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Alvar_000\AppData\Roaming\scqArpeMw4fHYqQ18UzErMR
2014-09-26 12:02 - 2015-02-02 18:19 - 0005632 _____ () C:\Users\Alvar_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Task: {05ED45FC-3FA5-406A-8693-672AB8FB4FA6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {113E16F9-7142-4812-A20F-794B57877371} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {122C4E3E-6E29-4922-B592-D3CF1F62E324} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2C76BA45-2C34-401F-A81C-B35A6AE0D62D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {347470D6-D224-465A-BBBB-3A81331A5301} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3AD74097-B029-4C26-991F-DCDA97BE558D} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {5C9AFD6A-D090-403B-B24F-F4FA6C8C71E4} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {5F475BE9-9314-40F4-BCEA-BDB6F11BC9DD} - System32\Tasks\cKDeY9eRuMbjiUnpS => C:\Users\Alvar_000\AppData\Roaming\cKDeY9eRuMbjiUnpS.exe <==== ATTENTION
Task: {70F0BAC1-F89E-4F39-BF9B-7E2F8A1214EC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8A0FF036-4504-4FC2-93AA-18F1545278ED} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {93168D3F-CD41-4940-B02A-9958B3BC6A29} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A8BF2741-6673-4F98-B3E3-8019F6BC41A4} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {BD4E75CE-DA6C-4DB5-A8E2-9A4EC1B74314} - System32\Tasks\scqArpeMw4fHYqQ18UzErMR => C:\Users\Alvar_000\AppData\Roaming\scqArpeMw4fHYqQ18UzErMR.exe <==== ATTENTION
Task: {ECBFEC14-BDE1-477D-BD44-41F79E214943} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {ED2E0E9F-C899-444E-9CED-9B81212F6334} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FBCD72CB-7992-4FF7-AA11-E4274C3EED1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\cKDeY9eRuMbjiUnpS.job => C:\Users\Alvar_000\AppData\Roaming\cKDeY9eRuMbjiUnpS.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\scqArpeMw4fHYqQ18UzErMR.job => C:\Users\Alvar_000\AppData\Roaming\scqArpeMw4fHYqQ18UzErMR.exe <==== ATTENTION
C:\Users\Alvar_000\AppData\Roaming\scqArpeMw4fHYqQ18UzErMR.exe
C:\Users\Alvar_000\AppData\Roaming\cKDeY9eRuMbjiUnpS.exe
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
C:\ProgramData\TEMP:0FF263E8
EmptyTemp:
end
  • Click Format and ensure Wordwrap is unchecked.
  • Important: Save the code to the same folder/directory that FRST.exe is located in, naming it as fixlist.txt
  • Start FRST in a similar manner to when you ran a scan earlier, but this time when it opens ....
    • Press the Fix button once and wait.
    • FRST will process fixlist.txt
    • When finished, it will produce a log fixlog.txt in the same folder/directory as FRST64.exe
    • Please post the log in your next reply.
Click to expand...

Thank you very much for your response. Following your suggestions:


  1. I upgraded to Start 10
  2. I used Vuze several months ago, but now it is uninstalled, using Control Panel
  3. Firefox has been upgraded to Version 40.0.2
  4. Run Fix under FRST and this is the resulting fixlog.txt

Fix result of Farbar Recovery Scan Tool (x64) Version:16-08-2015
Ran by Alvaro (2015-08-17 21:51:09) Run:1
Running from C:\Users\Alvar_000\Desktop\Fake BSOD
Loaded Profiles: Alvaro (Available Profiles: Alvaro)
Boot Mode: Normal
==============================================

fixlist content:
*****************
start
CreateRestorePoint:
CloseProcesses:
Winlogon\Notify\SDWinLogon-x32: SDWinLogon.dll [X]
CHR HKLM\SOFTWARE\Policies\Google: Policy restriction <======= ATTENTION
Toolbar: HKLM - No Name - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - No File
Toolbar: HKLM-x32 - No Name - {9A87E478-A2BD-44C4-9F8C-D3989A5271B1} - No File
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
NETSVCx32: UserManager -> C:\Windows\SysWOW64\usermgr.dll ==> No File
2015-07-25 00:37 - 2015-08-13 23:55 - 00000000 ____D C:\Users\Alvar_000\AppData\Local\meq5tzhtzei3lwf
2015-04-19 08:20 - 2015-04-19 08:20 - 0005872 _____ () C:\Users\Alvar_000\AppData\Roaming\scqArpeMw4fHYqQ18UzErMR
2014-09-26 12:02 - 2015-02-02 18:19 - 0005632 _____ () C:\Users\Alvar_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini
Task: {05ED45FC-3FA5-406A-8693-672AB8FB4FA6} - \Microsoft\Windows\Setup\gwx\refreshgwxcontent -> No File <==== ATTENTION
Task: {113E16F9-7142-4812-A20F-794B57877371} - \Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent -> No File <==== ATTENTION
Task: {122C4E3E-6E29-4922-B592-D3CF1F62E324} - \Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B -> No File <==== ATTENTION
Task: {2C76BA45-2C34-401F-A81C-B35A6AE0D62D} - \Microsoft\Windows\Setup\GWXTriggers\Logon-5d -> No File <==== ATTENTION
Task: {347470D6-D224-465A-BBBB-3A81331A5301} - \Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d -> No File <==== ATTENTION
Task: {3AD74097-B029-4C26-991F-DCDA97BE558D} - \Safer-Networking\Spybot - Search and Destroy\Refresh immunization -> No File <==== ATTENTION
Task: {5C9AFD6A-D090-403B-B24F-F4FA6C8C71E4} - \Safer-Networking\Spybot - Search and Destroy\Check for updates -> No File <==== ATTENTION
Task: {5F475BE9-9314-40F4-BCEA-BDB6F11BC9DD} - System32\Tasks\cKDeY9eRuMbjiUnpS => C:\Users\Alvar_000\AppData\Roaming\cKDeY9eRuMbjiUnpS.exe <==== ATTENTION
Task: {70F0BAC1-F89E-4F39-BF9B-7E2F8A1214EC} - \Microsoft\Windows\Setup\GWXTriggers\Time-5d -> No File <==== ATTENTION
Task: {8A0FF036-4504-4FC2-93AA-18F1545278ED} - \Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d -> No File <==== ATTENTION
Task: {93168D3F-CD41-4940-B02A-9958B3BC6A29} - \Microsoft\Windows\Setup\gwx\refreshgwxconfig -> No File <==== ATTENTION
Task: {A8BF2741-6673-4F98-B3E3-8019F6BC41A4} - \Safer-Networking\Spybot - Search and Destroy\Scan the system -> No File <==== ATTENTION
Task: {BD4E75CE-DA6C-4DB5-A8E2-9A4EC1B74314} - System32\Tasks\scqArpeMw4fHYqQ18UzErMR => C:\Users\Alvar_000\AppData\Roaming\scqArpeMw4fHYqQ18UzErMR.exe <==== ATTENTION
Task: {ECBFEC14-BDE1-477D-BD44-41F79E214943} - \Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d -> No File <==== ATTENTION
Task: {ED2E0E9F-C899-444E-9CED-9B81212F6334} - \Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd -> No File <==== ATTENTION
Task: {FBCD72CB-7992-4FF7-AA11-E4274C3EED1C} - \Microsoft\Windows\Setup\gwx\launchtrayprocess -> No File <==== ATTENTION
Task: C:\WINDOWS\Tasks\cKDeY9eRuMbjiUnpS.job => C:\Users\Alvar_000\AppData\Roaming\cKDeY9eRuMbjiUnpS.exe <==== ATTENTION
Task: C:\WINDOWS\Tasks\scqArpeMw4fHYqQ18UzErMR.job => C:\Users\Alvar_000\AppData\Roaming\scqArpeMw4fHYqQ18UzErMR.exe <==== ATTENTION
C:\Users\Alvar_000\AppData\Roaming\scqArpeMw4fHYqQ18UzErMR.exe
C:\Users\Alvar_000\AppData\Roaming\cKDeY9eRuMbjiUnpS.exe
AlternateDataStreams: C:\ProgramData\TEMP:0FF263E8
C:\ProgramData\TEMP:0FF263E8
EmptyTemp:
end
*****************

Restore point was successfully created.
Processes closed successfully.
"HKLM\Software\Wow6432Node\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\SDWinLogon" => key removed successfully
"HKLM\SOFTWARE\Policies\Google" => key removed successfully
HKLM\SOFTWARE\Microsoft\Internet Explorer\Toolbar\\{9A87E478-A2BD-44C4-9F8C-D3989A5271B1} => value removed successfully
HKCR\CLSID\{9A87E478-A2BD-44C4-9F8C-D3989A5271B1} => key not found.
HKLM\SOFTWARE\Wow6432Node\Microsoft\Internet Explorer\Toolbar\\{9A87E478-A2BD-44C4-9F8C-D3989A5271B1} => value removed successfully
HKCR\Wow6432Node\CLSID\{9A87E478-A2BD-44C4-9F8C-D3989A5271B1} => key not found.
wfpcapture => service removed successfully
HKLM\SOFTWARE\Wow6432Node\Microsoft\Windows NT\CurrentVersion\SvcHost\\netsvcs UserManager => removed successfully
C:\Users\Alvar_000\AppData\Local\meq5tzhtzei3lwf => moved successfully.
C:\Users\Alvar_000\AppData\Roaming\scqArpeMw4fHYqQ18UzErMR => moved successfully.
C:\Users\Alvar_000\AppData\Local\DCBC2A71-70D8-4DAN-EHR8-E0D61DEA3FDF.ini => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{05ED45FC-3FA5-406A-8693-672AB8FB4FA6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{05ED45FC-3FA5-406A-8693-672AB8FB4FA6}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{113E16F9-7142-4812-A20F-794B57877371}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{113E16F9-7142-4812-A20F-794B57877371}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfigandcontent" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{122C4E3E-6E29-4922-B592-D3CF1F62E324}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{122C4E3E-6E29-4922-B592-D3CF1F62E324}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\refreshgwxconfig-B" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{2C76BA45-2C34-401F-A81C-B35A6AE0D62D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{2C76BA45-2C34-401F-A81C-B35A6AE0D62D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Logon-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{347470D6-D224-465A-BBBB-3A81331A5301}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{347470D6-D224-465A-BBBB-3A81331A5301}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfIdle-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{3AD74097-B029-4C26-991F-DCDA97BE558D}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{3AD74097-B029-4C26-991F-DCDA97BE558D}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Refresh immunization => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5C9AFD6A-D090-403B-B24F-F4FA6C8C71E4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5C9AFD6A-D090-403B-B24F-F4FA6C8C71E4}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Check for updates => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{5F475BE9-9314-40F4-BCEA-BDB6F11BC9DD}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{5F475BE9-9314-40F4-BCEA-BDB6F11BC9DD}" => key removed successfully
C:\WINDOWS\System32\Tasks\cKDeY9eRuMbjiUnpS => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cKDeY9eRuMbjiUnpS" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{70F0BAC1-F89E-4F39-BF9B-7E2F8A1214EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{70F0BAC1-F89E-4F39-BF9B-7E2F8A1214EC}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Time-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{8A0FF036-4504-4FC2-93AA-18F1545278ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{8A0FF036-4504-4FC2-93AA-18F1545278ED}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\MachineUnlock-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{93168D3F-CD41-4940-B02A-9958B3BC6A29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{93168D3F-CD41-4940-B02A-9958B3BC6A29}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\refreshgwxconfig" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{A8BF2741-6673-4F98-B3E3-8019F6BC41A4}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{A8BF2741-6673-4F98-B3E3-8019F6BC41A4}" => key removed successfully
HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Safer-Networking\Spybot - Search and Destroy\Scan the system => key not found.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{BD4E75CE-DA6C-4DB5-A8E2-9A4EC1B74314}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{BD4E75CE-DA6C-4DB5-A8E2-9A4EC1B74314}" => key removed successfully
C:\WINDOWS\System32\Tasks\scqArpeMw4fHYqQ18UzErMR => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\scqArpeMw4fHYqQ18UzErMR" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ECBFEC14-BDE1-477D-BD44-41F79E214943}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ECBFEC14-BDE1-477D-BD44-41F79E214943}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\OutOfSleep-5d" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Plain\{ED2E0E9F-C899-444E-9CED-9B81212F6334}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{ED2E0E9F-C899-444E-9CED-9B81212F6334}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\GWXTriggers\Telemetry-4xd" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Logon\{FBCD72CB-7992-4FF7-AA11-E4274C3EED1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tasks\{FBCD72CB-7992-4FF7-AA11-E4274C3EED1C}" => key removed successfully
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\Microsoft\Windows\Setup\gwx\launchtrayprocess" => key removed successfully
C:\WINDOWS\Tasks\cKDeY9eRuMbjiUnpS.job => moved successfully.
C:\WINDOWS\Tasks\scqArpeMw4fHYqQ18UzErMR.job => moved successfully.
"C:\Users\Alvar_000\AppData\Roaming\scqArpeMw4fHYqQ18UzErMR.exe" => File/Folder not found.
"C:\Users\Alvar_000\AppData\Roaming\cKDeY9eRuMbjiUnpS.exe" => File/Folder not found.
C:\ProgramData\TEMP => ":0FF263E8" ADS removed successfully.
"C:\ProgramData\TEMP:0FF263E8" => File/Folder not found.
EmptyTemp: => 222.4 MB temporary data Removed.


The system needed a reboot..

==== End of Fixlog 21:52:36 ====

Thanks again
 
Are you still getting the redirect to the malicious website (blue screen)?
 
Corrine said:
Are you still getting the redirect to the malicious website (blue screen)?
Click to expand...

No, I have not seen it again for the last two or three days, but I have only used this laptop for very short tasks.

If you know what the problem is/was, I would appreciate it knowing about it.

Thanks for following up.
 
Hi, Win10 Puzzled.

There were leftover files but there were also a bunch of files that shouldn't have on your computer.

Let's take care of removing the tools used:

Please download Delfix from here.

Ensure the following boxes are checked:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
 
Corrine said:
Hi, Win10 Puzzled.

There were leftover files but there were also a bunch of files that shouldn't have on your computer.

Let's take care of removing the tools used:

Please download Delfix from here.

Ensure the following boxes are checked:
  • Remove disinfection tools
  • Create registry backup
  • Purge system restore
    delfix.jpg
  • Click Run
The program will run for a few moments and then notepad will open with a log. Please paste the log in your next reply.
Click to expand...

I got the DelFix.txt file but I just can not attach it. It appears I reached the limit of 5 files.
 
That's ok. The main thing is that you ran it. I like Delfix because because not only does it clean up any tools and logs, a clean restore point is created with any infected system restore points removed.
 
Corrine said:
That's ok. The main thing is that you ran it. I like Delfix because because not only does it clean up any tools and logs, a clean restore point is created with any infected system restore points removed.
Click to expand...

Decided to Copy and paste the text of the log since it was too short. Here it is:

########## - SOF - ##########

# DelFix v1.011 - Logfile created 20/08/2015 at 17:13:57
# Updated 18/08/2015 by Xplode
# Username : Alvaro - G7
# Operating System : Windows 10 Pro (64 bits)

~ Removing disinfection tools ...

Deleted : C:\FRST
Deleted : C:\AdwCleaner
Deleted : C:\Users\Alvar_000\Desktop\adwcleaner_4.203.exe - Shortcut.lnk
Deleted : C:\Users\Alvar_000\Desktop\JRT.exe
Deleted : C:\Users\Alvar_000\Desktop\JRT.txt
Deleted : HKLM\SOFTWARE\AdwCleaner

~ Creating registry backup ... OK

~ Cleaning system restore ...

Deleted : RP #10 [Scheduled Checkpoint | 08/19/2015 21:02:58]

New restore point created !

########## - EOF - ##########
 
Corrine,

I just noticed that this thread has been considered Solved.

In fact, I have not seen the blue screen lately. I would have liked to know what was the problem, how was it detected and how to prevent it in the future, but in any case I want to express my appreciation for all the effort and magic you put to assist me in resolving my issue.

Thank you very much.
 
Hi, Win10 Puzzled. I am happy that I was able to help you remove the fake BSOD.

The file name that is commonly associated with the fake BSOD was not in your logs. However, I spent a considerable period of time researching the entries in your logs. If you look at names of some of the file I listed for removal, sucvh as listed below, the only result in a Google search is your topic here at Sysnative.

C:\WINDOWS\Tasks\cKDeY9eRuMbjiUnpS.job => moved successfully.
C:\WINDOWS\System32\Tasks\cKDeY9eRuMbjiUnpS => moved successfully.
"HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Schedule\TaskCache\Tree\cKDeY9eRuMbjiUnpS" => key removed successfully

That is only one example. There were others so I won't attempt to point a finger at which file it was. As to how you got it on your computer -- most likely downloaded with another file, perhaps a driver or some other file or a drive-by download when the browser hijack was on the computer. My suggestion is, whenever possible, always download files from the vendor/developer website.
 
You must log in or register to reply here.

Has Sysnative Forums helped you? Please consider donating to help us support the site!

Back
Top