Solved Over 600 spyware threats!

Bigalx58 · 2015/11/04

[Solved] Over 600 spyware threats!

Over the last 2 weeks or so, I've started to get a lot of spyware threats detected by Superantispyware tool (free). I ran it today and got 645 threats!!
should I be concerned? They seem to be tracking cookies, I think. I use AVG Internet Security and I have Malwarebytes, Spyware blaster and Ad Aware on my computer. I'm not running Ad Aware and Malwarebytes in real time. My OS is windows 10. What to do? Thanks!

MrBill · 2015/11/04

Go to the Malware section and read what to run and post. Broni is good at what he does in there.

Bigalx58 · 2015/11/04

OK will do...can you move me there or should I start a new post? Thanks.

PeteC · 2015/11/04

Moved to Malware & Virus Removal .

Read this post, then post the requested log(s) in the Malware and Virus Removal forum.
Click to expand...

Bigalx58 · 2015/11/09

I got 4456 threats.!!!

Lately I've been getting a high number of spyware threats on my computer. Today, I set a personal record...4456!! What's wrong with the computer? I've not been visiting any more different places than usual. I scan the computer with SuperAntiSpyware every 2 days or so. Should I be very concerned? What to do? Thanks.

Evan Omo · 2015/11/09

Hi Bigalx58. Please read this and post the requested logs in your next reply. Thanks.

Bigalx58 · 2015/11/09

A question before I post FRST.txt and Addition.txt....You mention in Step 2 that I should start a new topic before posting the above files...Do you want me to start a new thread or just reply to this one? Thanks.

broni · 2015/11/09

Please, observe following rules:

Read all of my instructions very carefully. Your mistakes during cleaning process may have very serious consequences, like unbootable computer.

If you're stuck, or you're not sure about certain step, always ask before doing anything else.

Please refrain from running any tools, fixes or applying any changes to your computer other than those I suggest.

Never run more than one scan at a time.

Keep updating me regarding your computer behavior, good, or bad.

The cleaning process, once started, has to be completed. Even if your computer appears to act better, it may still be infected. Once the computer is totally clean, I'll certainly let you know.

If you leave the topic without explanation in the middle of a cleaning process, you may not be eligible to receive any more help in malware removal forum.

I close my topics if you have not replied in 5 days. If you need more time, simply let me know. If I closed your topic and you need it to be reopened, simply PM me.

===============================

Post both logs right here.

Just to let you know that tracking cookies are not security threats but rather privacy issue.
SAS is the only major security scan which even bothers with them.

Bigalx58 · 2015/11/09

dditional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
Ran by bigalx58 (2015-11-09 20:42:14)
Running from C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCache\IE\N1L0MK86
Windows 10 Home (X64) (2015-10-15 18:08:12)
Boot Mode: Normal
==========================================================

==================== Accounts: =============================

Administrator (S-1-5-21-2005715574-247312471-105162307-500 - Administrator - Disabled) => C:\Users\Administrator
bigalx58 (S-1-5-21-2005715574-247312471-105162307-1001 - Administrator - Enabled) => C:\Users\bigalx58
DefaultAccount (S-1-5-21-2005715574-247312471-105162307-503 - Limited - Disabled)
Guest (S-1-5-21-2005715574-247312471-105162307-501 - Limited - Disabled)
HomeGroupUser$ (S-1-5-21-2005715574-247312471-105162307-1006 - Limited - Enabled)

==================== Security Center ========================

(If an entry is included in the fixlist, it will be removed.)

AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
AS: Ad-Aware Antivirus (Disabled - Out of date) {0BADF922-C31D-6168-BDFC-A66BE9891CA4}
AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AS: AVG AntiVirus Free Edition (Enabled - Up to date) {F620D48B-1497-73CC-F290-58052563BEAE}
FW: AVG Internet Security (Disabled) {757AB44A-78C2-7D1A-E37F-CA42A037B368}
FW: Ad-Aware Firewall (Disabled) {88F799E3-AF48-6FBE-AC13-342C6CDD1162}

==================== Installed Programs ======================

(Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

Ad-Aware Antivirus (HKLM\...\{18A24EC3-2BA0-4438-AA5C-A3CF81194D22}_AdAwareUpdater) (Version: 11.8.586.8535 - Lavasoft)
AdAwareInstaller (Version: 11.8.586.8535 - Lavasoft) Hidden
AdAwareUpdater (Version: 11.8.586.8535 - Lavasoft) Hidden
AntimalwareEngine (Version: 3.0.98.0 - Lavasoft) Hidden
AntispamEngine (Version: 2.4.4192.0 - Lavasoft) Hidden
Auslogics BoostSpeed 8 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 8.1.0.0 - Auslogics Labs Pty Ltd)
Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 5.1.0.0 - Auslogics Labs Pty Ltd)
AvcEngine (Version: 3.11.11387.0 - Lavasoft) Hidden
AVG (HKLM\...\AvgZen) (Version: 1.21.1.34102 - AVG Technologies)
AVG (Version: 16.7.7227 - AVG Technologies) Hidden
AVG 2016 (Version: 16.0.4457 - AVG Technologies) Hidden
AVG Protection (HKLM\...\AVG) (Version: 2016.7.7227 - AVG Technologies)
AVG Web TuneUp (HKLM-x32\...\AVG Web TuneUp) (Version: 4.1.8.599 - AVG Technologies)
AVG Zen (Version: 1.21.6 - AVG Technologies) Hidden
Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version: - )
CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
FirewallEngine (Version: 1.6.0.0 - Lavasoft) Hidden
FMW 1 (Version: 1.22.2 - AVG Technologies) Hidden
Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
LibreOffice 4.4.5.2 (HKLM-x32\...\{406EECCC-AF98-4F2C-A99F-FED788F7580C}) (Version: 4.4.5.2 - The Document Foundation)
Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
MyDriveConnect 4.0.4.2260 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.4.2260 - TomTom)
NetViewer 2.1.373.0 (HKLM-x32\...\NetViewer) (Version: 2.1.373.0 - )
OnlineThreatsEngine (Version: 2.2.3.0 - Lavasoft) Hidden
RealDownloader (x32 Version: 18.1.0.1233 - RealNetworks, Inc.) Hidden
RealDownloader (x32 Version: 18.1.0.1243 - RealNetworks) Hidden
RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.0 - RealNetworks)
RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
Skype™ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.)
Smart Switch (x32 Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.) Hidden
SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1206 - SUPERAntiSpyware.com)
UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
Web Companion (HKLM-x32\...\{3b36208b-cff5-4f26-8ac0-5844fcd2b9d3}) (Version: 2.1.1159.2383 - Lavasoft)
Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

==================== Custom CLSID (Whitelisted): ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

CustomCLSID: HKU\S-1-5-21-2005715574-247312471-105162307-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

==================== Restore Points =========================

07-11-2015 13:32:18 Scheduled Checkpoint

==================== Hosts content: ===============================

(If needed Hosts: directive could be included in the fixlist to reset Hosts.)

2015-10-15 16:29 - 2015-10-15 16:27 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts

==================== Scheduled Tasks (Whitelisted) =============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

Task: {2740C686-D10F-4C84-8585-E00BD74ABF89} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-19] (Google Inc.)
Task: {59E7C5E0-4072-4C83-9023-4FAC487AC526} - System32\Tasks\{18B40370-4EB3-4AB3-BDFE-242E62AF4C24} => pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe "
Task: {6DC3BDF6-D851-4F79-A04E-121C8EAA95B8} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-09-16] ()
Task: {83D8F1DA-8D48-4A8E-8757-90108821AD00} - System32\Tasks\{7BFB9711-4FF6-491E-AF83-60763B60F811} => pcalua.exe -a C:\Users\bigalx58\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe -d C:\Users\bigalx58\Downloads
Task: {965CF55D-C9EE-4165-8CE2-F1425927248B} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => Rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule "
Task: {9F827A16-0A63-4EA3-B36F-6A8A3CC1BD5E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2005715574-247312471-105162307-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-09-16] (RealNetworks, Inc.)
Task: {A251005B-684A-4FCB-AA37-12D026C878A1} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2005715574-247312471-105162307-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-09-16] (RealNetworks, Inc.)
Task: {AB1A0A91-2D87-452B-8676-BE6F1A37546C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
Task: {C2D560C4-2DA3-454C-826E-4D937BC1E71E} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-10-02] (Microsoft Corporation)
Task: {C3A8D32F-2D4F-41CC-8206-0D404F8CD302} - System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013 => C:\Program Files (x86)\AVG\AVG PC TuneUp\OneClick.exe
Task: {D8D06428-F949-4EB3-A5C8-C10CDAD8CF63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-19] (Google Inc.)

(If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

==================== Loaded Modules (Whitelisted) ==============

2015-08-05 17:40 - 2015-08-05 17:40 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
2015-11-09 19:17 - 2015-11-09 19:17 - 01205136 ____N () C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
2015-10-15 12:57 - 2015-07-22 20:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
2015-08-18 17:10 - 2015-08-11 04:13 - 00413184 _____ () C:\WINDOWS\System32\diagtrack_win.dll
2015-08-27 14:54 - 2015-08-27 14:54 - 00712432 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
2015-08-27 14:57 - 2015-08-27 14:57 - 00025856 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_system-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00057096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_date_time-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00123656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_filesystem-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 13002488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareServiceKernel.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 03549904 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\RCF.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00911616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_regex-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00107776 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_thread-vc120-mt-1_57.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00035072 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_chrono-vc120-mt-1_57.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00709360 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareActivation.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00474368 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareApplicationUpdater.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00847600 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareGamingMode.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00101096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareReset.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00123104 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTime.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01011968 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdater.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00905488 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareDefinitionsUpdaterScheduler.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01146608 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIgnoreList.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00243440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareQuarantine.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01050880 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiMalwareEngine.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00206080 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiRootkitEngine.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01210616 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerHistory.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01373416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScanner.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00036096 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_timer-vc120-mt-1_57.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01019128 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareScannerScheduler.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01190656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtection.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00244472 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareIncompatibles.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00938728 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiSpam.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00883440 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAntiPhishing.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 03263736 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareParentalControl.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 02985208 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareWebProtection.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01324280 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareEmailProtection.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00059656 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\boost_iostreams-vc120-mt-1_57.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01312512 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNetworkProtection.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01013992 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePromo.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 00365288 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareFeedback.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 02958592 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareThreatWorkAlliance.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01261800 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwarePinCode.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01014504 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareNotice.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01014000 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareAvcEngine.dll
2015-08-27 14:56 - 2015-08-27 14:56 - 01222416 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareRealTimeProtectionHistory.dll
2015-08-27 14:57 - 2015-08-27 14:57 - 00469744 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareStatistics.dll
2015-10-18 15:06 - 2015-01-06 12:47 - 00156936 _____ () C:\WINDOWS\SYSTEM32\bdfwcore.dll
2015-11-07 11:55 - 2015-11-07 11:55 - 00875352 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpbr.mdl
2015-11-07 11:55 - 2015-11-07 11:55 - 00741952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpdsp.mdl
2015-11-07 11:55 - 2015-11-07 11:55 - 02800952 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttpph.mdl
2015-11-07 11:55 - 2015-11-07 11:55 - 01413024 _____ () C:\Program Files\Lavasoft\Ad-Aware Antivirus\Online Threats Engine\2.2.3.0\definitions\loc1\ashttprbl.mdl
2015-09-16 17:26 - 2015-09-16 17:26 - 00033088 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
2015-11-09 19:17 - 2015-11-09 19:17 - 00168336 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\loggingserver.exe
2015-10-01 07:48 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
2015-10-01 07:48 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
2015-10-01 07:48 - 2015-09-17 00:43 - 02028544 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
2015-10-01 07:47 - 2015-09-17 00:42 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
2015-10-01 07:47 - 2015-09-17 00:42 - 00619008 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
2015-10-01 07:48 - 2015-09-17 00:43 - 00928768 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
2015-10-01 07:47 - 2015-09-17 00:42 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
2015-10-01 07:47 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
2015-07-10 05:59 - 2015-07-10 05:59 - 00143360 ____N () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\XamlTileRendering.dll
2015-10-01 07:48 - 2015-09-17 00:44 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
2015-10-01 07:48 - 2015-09-17 00:49 - 00884736 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
2015-10-01 07:48 - 2015-09-17 00:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
2015-07-10 06:00 - 2015-07-10 08:14 - 00210432 ____N () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.ProxyStub.dll
2015-11-09 19:17 - 2015-11-09 19:17 - 03177360 _____ () C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
2015-09-16 15:31 - 2015-09-16 15:31 - 00598800 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
2015-09-16 17:26 - 2015-09-16 17:26 - 00037720 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
2015-09-16 17:26 - 2015-09-16 17:26 - 00039768 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
2015-09-16 17:26 - 2015-09-16 17:26 - 00037728 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
2015-11-09 19:17 - 2015-11-09 19:17 - 00528272 _____ () C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\log4cplusU.dll
2015-10-18 15:19 - 2015-10-18 15:19 - 40500224 _____ () C:\Program Files (x86)\AVG\UiDll\2171\libcef.dll
2015-11-09 19:17 - 2015-11-09 19:17 - 40638864 _____ () C:\Program Files (x86)\AVG Web TuneUp\libcef.dll
2015-09-16 15:22 - 2015-09-16 15:22 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
2015-10-29 20:26 - 2015-10-29 20:26 - 00653096 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll
2015-09-16 15:31 - 2015-09-16 15:31 - 00066832 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\dtvhooks.dll

==================== Alternate Data Streams (Whitelisted) =========

(If an entry is included in the fixlist, only the ADS will be removed.)

AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

==================== Safe Mode (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)

==================== EXE Association (Whitelisted) ===============

(If an entry is included in the fixlist, the registry item will be restored to default or removed.)

==================== Internet Explorer trusted/restricted ===============

(If an entry is included in the fixlist, it will be removed from the registry.)

IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
IE trusted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\localhost -> localhost
IE trusted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\webcompanion.com -> hxxp://webcompanion.com
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\008i.com -> 008i.com
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\008k.com -> 008k.com
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\00hq.com -> 00hq.com
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\0190-dialers.com -> 0190-dialers.com
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\01i.info -> 01i.info
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\0411dd.com -> 0411dd.com
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\0511zfhl.com -> 0511zfhl.com
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\05p.com -> 05p.com
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\0632qyw.com -> 0632qyw.com
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\0calories.net -> 0calories.net
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\0cj.net -> 0cj.net
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\0scan.com -> 0scan.com
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\1-se.com -> 1-se.com
IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\1001movie.com -> 1001movie.com

There are 6091 more sites.

==================== Other Areas ============================

(Currently there is no automatic fix for this section.)

HKU\S-1-5-21-2005715574-247312471-105162307-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\bigalx58\My Family Pictures\50th dinner anniver\DSCF1292.JPG
DNS Servers: 192.168.2.1
HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
Windows Firewall is enabled.

==================== MSCONFIG/TASK MANAGER disabled items ==

(Currently there is no automatic fix for this section.)

HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk "
HKLM\...\StartupApproved\Run: => "AdAwareTray "
HKLM\...\StartupApproved\Run32: => "RealDownloader "
HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\StartupApproved\Run: => "Web Companion "
HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\StartupApproved\Run: => "Skype "
HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\StartupApproved\Run: => "CCleaner Monitoring "
HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\StartupApproved\Run: => "SUPERAntiSpyware "
HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\StartupApproved\Run: => "Uninstall C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64 "

==================== FirewallRules (Whitelisted) ===============

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
FirewallRules: [{65F13ABB-524D-4D30-A8E0-7E6EE253402F}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{3706A3B2-4A08-4B27-BEC1-05C73AF061E3}] => (Allow) C:\Program Files (x86)\AVG\Av\avgmfapx.exe
FirewallRules: [{288D88A2-7B02-41DC-9FFE-CA1F2936D815}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
FirewallRules: [{3E313FC4-915F-465F-B5FB-D6651678A763}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
FirewallRules: [{AE43B53F-B077-4067-8037-29414C5B234C}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{F620375F-AE39-4AE6-B7CF-AF95D3CD9946}] => (Allow) C:\Program Files (x86)\AVG\Av\avgnsa.exe
FirewallRules: [{D712791B-CDBC-4AF1-AE33-0CB02A0F52EB}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{9A4D8C0E-5DF1-4AEE-A01A-0FC1C1FE77D6}] => (Allow) C:\Program Files (x86)\AVG\Av\avgdiagex.exe
FirewallRules: [{D2FAF1E4-70C9-47E3-9FCE-F3DFD471B49A}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{6FD8F2C5-5E15-4A71-9DF7-6D9EC095C40E}] => (Allow) C:\Program Files (x86)\AVG\Av\avgemca.exe
FirewallRules: [{2B740357-9344-4E80-A5C0-485CCC050D8E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
FirewallRules: [{3314F6BD-80EA-4AC6-8F88-A63F13D67E6D}] => (Allow) LPort=2869
FirewallRules: [{1082D69F-4EE6-40B4-9BBE-544EF0467C1C}] => (Allow) LPort=1900

==================== Faulty Device Manager Devices =============

==================== Event log errors: =========================

Application errors:
==================
Error: (11/09/2015 08:27:14 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BIGALX58-PC)
Description: Activation of app Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x failed with error: -2147023728 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/09/2015 08:22:24 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BIGALX58-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/09/2015 08:14:34 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BIGALX58-PC)
Description: Activation of app Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x failed with error: -2147023728 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/09/2015 08:10:08 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BIGALX58-PC)
Description: Activation of app Microsoft.Windows.Cortana_cw5n1h2txyewy!CortanaUI failed with error: -2144927141 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/09/2015 07:14:58 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 2484) (User: BIGALX58-PC)
Description: Package Microsoft.Windows.Cortana_1.4.8.176_neutral_neutral_cw5n1h2txyewy+CortanaUI was terminated because it took too long to suspend.

Error: (11/09/2015 07:14:42 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BIGALX58-PC)
Description: Activation of app Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x failed with error: -2147023728 See the Microsoft-Windows-TWinUI/Operational log for additional information.

Error: (11/09/2015 07:14:32 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language= "* ",type= "win32 ",version= "1.0.0.0 "1 ".
Dependent Assembly rpshellextension.1.0,language= "* ",type= "win32 ",version= "1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/09/2015 07:14:31 PM) (Source: SideBySide) (EventID: 33) (User: )
Description: Activation context generation failed for "rpshellextension.1.0,language= "* ",type= "win32 ",version= "1.0.0.0 "1 ".
Dependent Assembly rpshellextension.1.0,language= "* ",type= "win32 ",version= "1.0.0.0" could not be found.
Please use sxstrace.exe for detailed diagnosis.

Error: (11/09/2015 07:13:41 PM) (Source: MsiInstaller) (EventID: 11311) (User: NT AUTHORITY)
Description: SA_Error1709: StandardAction(0xC00706AD): Product: AVG -- Error 1311. SA_Error1311: StandardAction(0xC007051F): Source file not found(cabinet): C:\ProgramData\AVG\AV\SetupBackup\AntiSpma.cab. Verify that the file exists and that you can access it.

Error: (11/09/2015 07:12:09 PM) (Source: Windows Search Service) (EventID: 7010) (User: )
Description: The index cannot be initialized.

Details:
The specified object cannot be found. Specify the name of an existing object. (HRESULT : 0x80040d06) (0x80040d06)

System errors:
=============
Error: (11/09/2015 08:27:14 PM) (Source: DCOM) (EventID: 10001) (User: BIGALX58-PC)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppX368sbpk1kx658x0p332evjk2v0y02kxp.mca1168x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppXv1pa150fssxfwf8qn0j65z3gp1qhwkcs.mcaUnavailableUnavailable

Error: (11/09/2015 08:23:31 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (11/09/2015 08:22:24 PM) (Source: DCOM) (EventID: 10010) (User: BIGALX58-PC)
Description: CortanaUI.AppXd4tad4d57t4wtdbnnmb8v2xtzym8c1n8.mca

Error: (11/09/2015 08:22:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Access_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/09/2015 08:22:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The User Data Storage_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/09/2015 08:22:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Contact Data_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/09/2015 08:22:22 PM) (Source: Service Control Manager) (EventID: 7031) (User: )
Description: The Sync Host_Session1 service terminated unexpectedly. It has done this 1 time(s). The following corrective action will be taken in 10000 milliseconds: Restart the service.

Error: (11/09/2015 08:14:34 PM) (Source: DCOM) (EventID: 10001) (User: BIGALX58-PC)
Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppX368sbpk1kx658x0p332evjk2v0y02kxp.mca1168x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppXv1pa150fssxfwf8qn0j65z3gp1qhwkcs.mcaUnavailableUnavailable

Error: (11/09/2015 08:12:09 PM) (Source: NETLOGON) (EventID: 3095) (User: )
Description: This computer is configured as a member of a workgroup, not as
a member of a domain. The Netlogon service does not need to run in this
configuration.

Error: (11/09/2015 08:10:53 PM) (Source: Service Control Manager) (EventID: 7043) (User: )
Description: The Group Policy Client service did not shut down properly after receiving a preshutdown control.

==================== Memory info ===========================

Processor: Intel(R) Core(TM) i5-2300 CPU @ 2.80GHz
Percentage of memory in use: 40%
Total physical RAM: 6126.04 MB
Available physical RAM: 3655.39 MB
Total Virtual: 7150.04 MB
Available Virtual: 4577.51 MB

==================== Drives ================================

Drive c: (Gateway) (Fixed) (Total:915.41 GB) (Free:855.93 GB) NTFS

==================== MBR & Partition Table ==================

========================================================
Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 11A30115)
Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
Partition 3: (Not Active) - (Size=915.4 GB) - (Type=07 NTFS)

==================== End of Addition.txt =================

Bigalx58 · 2015/11/09

(FRST) (x64) Version:07-11-2015
Ran by bigalx58 (administrator) on BIGALX58-PC (09-11-2015 20:41:00)
Running from C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCache\IE\N1L0MK86
Loaded Profiles: bigalx58 (Available Profiles: bigalx58 & Administrator)
Platform: Windows 10 Home (X64) Language: English (United States)
Internet Explorer Version 11 (Default browser: Edge)
Boot Mode: Normal
Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

==================== Processes (Whitelisted) =================

(If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

() C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
(NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe
(SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
() C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
(Lavasoft Limited) C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgidsagent.exe
(Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
() C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
(AVG Secure Search) C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
() C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\loggingserver.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
(Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgnsa.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgemca.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgrsa.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgcsrva.exe
(Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Framework\Common\avguix.exe
(AVG Technologies CZ, s.r.o.) C:\Program Files (x86)\AVG\Av\avgui.exe
(RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
(Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
() C:\Program Files (x86)\AVG Web TuneUp\vprot.exe
(Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
(AVG Secure Search) C:\Program Files (x86)\AVG Web TuneUp\avgcefrend.exe
() C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
(Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdge.exe
(Microsoft Corporation) C:\Windows\System32\browser_broker.exe
(Microsoft Corporation) C:\Windows\System32\dllhost.exe
(Microsoft Corporation) C:\Windows\SystemApps\Microsoft.MicrosoftEdge_8wekyb3d8bbwe\MicrosoftEdgeCP.exe
(Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
(LastPass) C:\Users\bigalx58\AppData\LocalLow\LastPass\LastPassBroker.exe
(Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe

==================== Registry (Whitelisted) ===========================

(If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
HKLM\...\Run: [] => [X]
HKLM\...\Run: [AdAwareTray] => C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareTray.exe [9558752 2015-08-27] ()
HKLM-x32\...\Run: [AvgUi] => C:\Program Files (x86)\AVG\Framework\Common\avguix.exe [1130408 2015-10-16] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [AVG_UI] => C:\Program Files (x86)\AVG\Av\avgui.exe [3826600 2015-10-30] (AVG Technologies CZ, s.r.o.)
HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286984 2015-10-29] (RealNetworks, Inc.)
HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [598800 2015-09-16] ()
HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
HKLM-x32\...\Run: [vProt] => C:\Program Files (x86)\AVG Web TuneUp\vprot.exe [3177360 2015-11-09] ()
HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\Run: [Web Companion] => C:\Program Files (x86)\Lavasoft\Web Companion\Application\WebCompanion.exe [1382672 2015-10-18] (Lavasoft)
HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-29] (SUPERAntiSpyware)
HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\RunOnce: [Uninstall C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 "
HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\RunOnce: [Uninstall C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64 "
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-11-09]
ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-10-29]
ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
GroupPolicy: Restriction - Chrome <======= ATTENTION

==================== Internet (Whitelisted) ====================

(If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{4a608703-3c58-4f17-83d0-bd9f4b541882}: [DhcpNameServer] 192.168.2.1
Tcpip\..\Interfaces\{68060fb7-c15e-40b7-8d50-9f0fda80ce62}: [DhcpNameServer] 192.168.2.1

Internet Explorer:
==================
HKLM\SOFTWARE\Policies\Microsoft\Internet Explorer: Restriction <======= ATTENTION
SearchScopes: HKU\S-1-5-21-2005715574-247312471-105162307-1001 -> {95B7759C-8C7F-4BF1-B163-73684A933233} URL = hxxps://mysearch.avg.com/search?cid={EF101C8D-EDCA-4AE8-94B2-9651321DAF5D}&mid=cc211cd6abec47cc9577294607f08528-da2e1f4743aa79183ef8c8027b7a89ffc9213af1&lang=en&ds=AVG&coid=avgtbavg&cmpid=0615piz&pr=fr&d=2015-11-09 19:17:29&v=4.1.8.599&pid=wtu&sg=&sap=dsp&q={searchTerms}
BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-09-16] (RealDownloader)
BHO: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files\AVG Web TuneUp\4.1.8.599\AVG Web TuneUp.dll [2015-11-09] (AVG)
BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-11-09] (LastPass)
BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-09-16] (RealDownloader)
BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-06] (Oracle Corporation)
BHO-x32: AVG Web TuneUp -> {95B7759C-8C7F-4BF1-B163-73684A933233} -> C:\Program Files (x86)\AVG Web TuneUp\4.1.8.599\AVG Web TuneUp.dll [2015-11-09] (AVG)
BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-11-09] (LastPass)
BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-06] (Oracle Corporation)
Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-11-09] (LastPass)
Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-11-09] (LastPass)
Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

FireFox:
========
FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-11-09] (LastPass)
FF Plugin-x32: @avg.com/AVG SiteSafety plugin,version=11.0.0.1,application/x-avg-sitesafety-plugin -> C:\Program Files (x86)\Common Files\AVG Secure Search\SiteSafetyInstaller\40.1.8\\npsitesafety.dll [No File]
FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-06] (Oracle Corporation)
FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-06] (Oracle Corporation)
FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-11-09] (LastPass)
FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
FF Plugin-x32: @real.com/nppl3260;version=18.1.0.1236 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-10-29] (RealNetworks, Inc.)
FF Plugin-x32: @real.com/nprpplugin;version=18.1.0.1236 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-10-29] (RealTimes)
FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-19] (Google Inc.)
FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-19] (Google Inc.)

==================== Services (Whitelisted) ========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
S3 AvgAMPS; C:\Program Files (x86)\AVG\Av\avgamps.exe [595376 2015-10-30] (AVG Technologies CZ, s.r.o.)
S2 avgfws; C:\Program Files (x86)\AVG\Av\avgfws.exe [1569416 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 AVGIDSAgent; C:\Program Files (x86)\AVG\Av\avgidsagent.exe [3815648 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 avgsvc; C:\Program Files (x86)\AVG\Framework\Common\avgsvca.exe [1046952 2015-10-16] (AVG Technologies CZ, s.r.o.)
R2 avgwd; C:\Program Files (x86)\AVG\Av\avgwdsvcx.exe [579776 2015-10-30] (AVG Technologies CZ, s.r.o.)
R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
R2 LavasoftAdAwareService11; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Ad-Aware Antivirus\11.8.586.8535\AdAwareService.exe [712432 2015-08-27] ()
R2 LavasoftTcpService; C:\Program Files (x86)\Lavasoft\Web Companion\TcpService\2.3.4.7\LavasoftTcpService.exe [2751760 2015-10-18] (Lavasoft Limited)
S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-09-16] ()
R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1103656 2015-10-29] (RealNetworks, Inc.)
R2 vToolbarUpdater40.1.8; C:\Program Files (x86)\Common Files\AVG Secure Search\vToolbarUpdater\40.1.8\ToolbarUpdater.exe [1875856 2015-11-09] (AVG Secure Search)
R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)
R2 WtuSystemSupport; C:\Program Files (x86)\AVG Web TuneUp\WtuSystemSupport.exe [1205136 2015-11-09] ()

===================== Drivers (Whitelisted) ==========================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

S3 a016bus; C:\Windows\System32\drivers\a016bus.sys [109096 2008-01-18] (MCCI Corporation)
S3 a016mgmt; C:\Windows\System32\drivers\a016mgmt.sys [130600 2008-01-18] (MCCI Corporation)
S3 a016obex; C:\Windows\System32\drivers\a016obex.sys [125480 2008-01-18] (MCCI Corporation)
R3 avc3; C:\Windows\System32\DRIVERS\avc3.sys [1369288 2015-07-29] (BitDefender)
R3 avchv; C:\Windows\system32\DRIVERS\avchv.sys [271272 2015-07-29] (BitDefender)
R3 avckf; C:\Windows\System32\DRIVERS\avckf.sys [747120 2015-07-29] (BitDefender)
S0 Avgboota; C:\Windows\System32\DRIVERS\avgboota.sys [23152 2015-09-09] (AVG Technologies CZ, s.r.o.)
R1 Avgdiska; C:\Windows\System32\DRIVERS\avgdiska.sys [197040 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgfwfd; C:\Windows\system32\DRIVERS\avgfwd6a.sys [97208 2015-08-29] (AVG Technologies CZ, s.r.o.)
R1 AVGIDSDriver; C:\Windows\System32\DRIVERS\avgidsdrivera.sys [313776 2015-10-19] (AVG Technologies CZ, s.r.o.)
R0 AVGIDSHA; C:\Windows\System32\DRIVERS\avgidsha.sys [298416 2015-08-20] (AVG Technologies CZ, s.r.o.)
R1 Avgldx64; C:\Windows\System32\DRIVERS\avgldx64.sys [284080 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgloga; C:\Windows\System32\DRIVERS\avgloga.sys [398256 2015-08-14] (AVG Technologies CZ, s.r.o.)
R0 Avgmfx64; C:\Windows\System32\DRIVERS\avgmfx64.sys [255408 2015-10-21] (AVG Technologies CZ, s.r.o.)
R0 Avgrkx64; C:\Windows\System32\DRIVERS\avgrkx64.sys [42416 2015-08-10] (AVG Technologies CZ, s.r.o.)
R1 Avgwfpa; C:\Windows\system32\DRIVERS\avgwfpa.sys [306608 2015-10-08] (AVG Technologies CZ, s.r.o.)
R1 BdfNdisf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfndisf6.sys [97816 2015-01-06] (BitDefender LLC)
R1 bdfwfpf; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Firewall Engine\1.6.0.0\Drivers\bdfwfpf.sys [107080 2015-01-06] (BitDefender LLC)
R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [498032 2012-07-15] (Intel Corporation)
R3 gzflt; C:\Program Files\Lavasoft\Ad-Aware Antivirus\Antimalware Engine\3.0.98.0\gzflt.sys [155912 2015-01-22] (BitDefender LLC)
R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
S3 MBAMSwissArmy; C:\WINDOWS\system32\drivers\MBAMSwissArmy.sys [192216 2015-11-01] (Malwarebytes)
S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2512016 2015-07-10] (MediaTek Inc.)
S3 NvStUSB; C:\Windows\System32\drivers\nvstusb.sys [70248 2010-07-09] ()
S3 s0016bus; C:\Windows\System32\drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
S3 s0016mgmt; C:\Windows\System32\drivers\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
S3 s0016obex; C:\Windows\System32\drivers\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
S3 s0016unic; C:\Windows\System32\drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
S3 s0017bus; C:\Windows\System32\drivers\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
S3 s0017mgmt; C:\Windows\System32\drivers\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
S3 s0017obex; C:\Windows\System32\drivers\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
S3 s0017unic; C:\Windows\System32\drivers\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
S3 s1018bus; C:\Windows\System32\drivers\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
S3 s1018mgmt; C:\Windows\System32\drivers\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
S3 s1018obex; C:\Windows\System32\drivers\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
S3 s1018unic; C:\Windows\System32\drivers\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
S3 s1029bus; C:\Windows\System32\drivers\s1029bus.sys [116264 2009-05-25] (MCCI Corporation)
S3 s1029mgmt; C:\Windows\System32\drivers\s1029mgmt.sys [139304 2009-05-25] (MCCI Corporation)
S3 s1029obex; C:\Windows\System32\drivers\s1029obex.sys [135208 2009-05-25] (MCCI Corporation)
S3 s1029unic; C:\Windows\System32\drivers\s1029unic.sys [151592 2009-05-25] (MCCI Corporation)
S3 s1039bus; C:\Windows\System32\drivers\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
S3 s1039mgmt; C:\Windows\System32\drivers\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
S3 s1039obex; C:\Windows\System32\drivers\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
S3 s1039unic; C:\Windows\System32\drivers\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
S3 s916bus; C:\Windows\System32\drivers\s916bus.sys [108072 2007-11-02] (MCCI Corporation)
S3 s916mgmt; C:\Windows\System32\drivers\s916mgmt.sys [130088 2007-11-02] (MCCI Corporation)
S3 s916obex; C:\Windows\System32\drivers\s916obex.sys [124968 2007-11-02] (MCCI Corporation)
R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
S3 se3ebus; C:\Windows\System32\drivers\se3ebus.sys [107784 2007-04-10] (MCCI Corporation)
S3 se3emgmt; C:\Windows\System32\drivers\se3emgmt.sys [126216 2007-04-10] (MCCI Corporation)
S3 se3eobex; C:\Windows\System32\drivers\se3eobex.sys [123144 2007-04-10] (MCCI Corporation)
S3 Trufos; C:\Windows\System32\DRIVERS\Trufos.sys [452040 2015-01-22] (BitDefender S.R.L.)
S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
S3 usbbus; C:\Windows\System32\drivers\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
S3 UsbDiag; C:\Windows\System32\drivers\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
S3 UsbGps; C:\Windows\System32\drivers\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)
S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

==================== NetSvcs (Whitelisted) ===================

(If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

==================== One Month Created files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-09 20:34 - 2015-11-09 20:34 - 00001152 _____ C:\Users\Public\Desktop\My LastPass Vault.lnk
2015-11-09 20:25 - 2015-11-09 20:25 - 00000000 ___HD C:\OneDriveTemp
2015-11-09 20:24 - 2015-11-09 20:24 - 00016148 _____ C:\WINDOWS\system32\BIGALX58-PC_bigalx58_HistoryPrediction.bin
2015-11-09 19:26 - 2015-11-09 19:26 - 00015761 _____ C:\Users\bigalx58\Documents\Tolls are cash grabs!!.odt
2015-11-09 19:17 - 2015-11-09 19:17 - 00000000 ____D C:\Users\bigalx58\AppData\Local\AVG Web TuneUp
2015-11-09 19:17 - 2015-11-09 19:17 - 00000000 ____D C:\ProgramData\AVG Web TuneUp
2015-11-09 19:17 - 2015-11-09 19:17 - 00000000 ____D C:\ProgramData\AVG Security Toolbar
2015-11-09 19:17 - 2015-11-09 19:17 - 00000000 ____D C:\ProgramData\AVG Secure Search
2015-11-09 19:17 - 2015-11-09 19:17 - 00000000 ____D C:\Program Files\AVG Web TuneUp
2015-11-09 19:17 - 2015-11-09 19:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
2015-11-09 19:17 - 2015-11-09 19:17 - 00000000 ____D C:\Program Files (x86)\AVG Web TuneUp
2015-11-09 19:11 - 2015-11-09 20:24 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
2015-11-06 16:04 - 2015-11-06 16:04 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
2015-11-05 11:30 - 2015-11-05 11:33 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Adobe
2015-11-04 20:29 - 2015-11-04 20:29 - 14503088 _____ (Auslogics Labs Pty Ltd ) C:\Users\bigalx58\Downloads\boost-speed-setup (2).exe
2015-11-04 16:32 - 2015-11-04 16:32 - 00000000 ____D C:\Users\bigalx58\Documents\My Weblog Posts
2015-11-04 16:08 - 2015-11-04 16:08 - 00003454 _____ C:\Users\bigalx58\Documents\cc_20151104_160853.reg
2015-11-04 12:31 - 2015-11-04 12:31 - 00001454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
2015-11-04 12:31 - 2015-11-04 12:31 - 00001385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
2015-11-04 12:31 - 2015-11-04 12:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
2015-11-04 12:31 - 2015-11-04 12:31 - 00000000 ____D C:\WINDOWS\en
2015-11-04 12:31 - 2015-11-04 12:31 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
2015-11-04 12:30 - 2015-11-04 12:31 - 00000000 ____D C:\Program Files (x86)\Windows Live
2015-11-04 12:30 - 2015-11-04 12:30 - 00000000 ____D C:\WINDOWS\PCHEALTH
2015-11-04 12:30 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
2015-11-04 12:30 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
2015-11-04 12:30 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
2015-11-04 12:30 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
2015-11-04 12:30 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
2015-11-04 12:30 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
2015-11-04 12:30 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
2015-11-04 12:30 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
2015-11-04 12:30 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
2015-11-04 12:30 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
2015-11-04 12:30 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
2015-11-04 12:30 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
2015-11-04 12:19 - 2015-11-04 12:19 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
2015-11-04 12:19 - 2015-11-04 12:19 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
2015-11-03 13:22 - 2015-11-08 10:04 - 00000258 __RSH C:\ProgramData\ntuser.pol
2015-11-03 13:20 - 2015-11-08 10:04 - 00000000 ____D C:\ProgramData\TEMP
2015-11-03 13:20 - 2015-11-08 10:03 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
2015-11-03 13:20 - 2015-11-03 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
2015-11-03 13:20 - 2015-11-03 13:20 - 00000000 ____D C:\ProgramData\Licenses
2015-11-03 13:20 - 2012-05-02 12:17 - 01070152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
2015-11-03 13:20 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
2015-11-01 17:15 - 2015-11-01 17:15 - 00002470 _____ C:\WINDOWS\system32\ScanResults.xml
2015-11-01 17:11 - 2015-11-01 17:11 - 00000464 _____ C:\WINDOWS\system32\ScannerSettings
2015-11-01 12:20 - 2015-11-01 12:23 - 00000000 ____D C:\WINDOWS\Prey
2015-11-01 09:23 - 2015-11-01 09:23 - 00000228 _____ C:\ProgramData\RmUserCfg.ini
2015-11-01 09:22 - 2015-11-01 09:23 - 00000000 ____D C:\Program Files (x86)\NetViewer
2015-10-31 11:00 - 2015-10-31 11:00 - 00059506 _____ C:\Users\bigalx58\Documents\cc_20151031_120007.reg
2015-10-31 10:50 - 2015-10-31 10:51 - 06762072 _____ (Piriform Ltd) C:\Users\bigalx58\Downloads\ccsetup511.exe
2015-10-31 09:27 - 2015-10-31 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
2015-10-31 09:27 - 2015-10-31 09:42 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
2015-10-31 09:27 - 2015-09-11 10:54 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
2015-10-30 10:49 - 2015-10-30 10:49 - 00239655 _____ C:\Users\bigalx58\Downloads\recovery-for-windows-live-setup.exe.cmwze17.partial
2015-10-30 08:42 - 2015-10-27 18:38 - 21871616 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
2015-10-30 08:42 - 2015-10-27 18:16 - 18801664 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
2015-10-30 08:42 - 2015-10-21 07:00 - 24595968 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
2015-10-30 08:42 - 2015-10-21 00:13 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
2015-10-30 08:41 - 2015-10-21 07:00 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
2015-10-30 08:40 - 2015-10-21 07:43 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
2015-10-30 08:40 - 2015-10-21 06:57 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
2015-10-30 08:40 - 2015-10-21 00:49 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
2015-10-30 08:40 - 2015-10-21 00:11 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
2015-10-30 08:40 - 2015-10-21 00:08 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
2015-10-30 08:39 - 2015-10-21 07:45 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
2015-10-30 08:39 - 2015-10-21 07:44 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
2015-10-30 08:39 - 2015-10-21 07:39 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
2015-10-30 08:39 - 2015-10-21 06:59 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
2015-10-30 08:39 - 2015-10-21 06:52 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
2015-10-30 08:39 - 2015-10-21 06:50 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
2015-10-30 08:39 - 2015-10-21 06:48 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
2015-10-30 08:39 - 2015-10-21 06:47 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
2015-10-30 08:39 - 2015-10-21 06:46 - 02179584 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
2015-10-30 08:39 - 2015-10-21 06:46 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
2015-10-30 08:39 - 2015-10-21 06:44 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
2015-10-30 08:39 - 2015-10-21 06:44 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
2015-10-30 08:39 - 2015-10-21 06:43 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
2015-10-30 08:39 - 2015-10-21 06:42 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
2015-10-30 08:39 - 2015-10-21 06:41 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
2015-10-30 08:39 - 2015-10-21 06:40 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
2015-10-30 08:39 - 2015-10-21 06:38 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
2015-10-30 08:39 - 2015-10-21 00:53 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
2015-10-30 08:39 - 2015-10-21 00:05 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
2015-10-30 08:39 - 2015-10-21 00:03 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
2015-10-30 08:39 - 2015-10-21 00:03 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
2015-10-30 08:39 - 2015-10-20 23:58 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
2015-10-30 08:39 - 2015-10-20 23:58 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
2015-10-30 08:39 - 2015-10-20 23:55 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
2015-10-29 20:27 - 2015-10-29 20:27 - 00003568 _____ C:\WINDOWS\System32\Tasks\RealDownloader Update Check
2015-10-29 20:27 - 2015-10-29 20:27 - 00003552 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2005715574-247312471-105162307-1001
2015-10-29 20:27 - 2015-10-29 20:27 - 00001284 _____ C:\Users\Public\Desktop\RealPlayer (RealTimes).lnk
2015-10-29 20:27 - 2015-10-29 20:27 - 00000000 ____D C:\Users\bigalx58\AppData\Local\CrashRpt
2015-10-29 20:26 - 2015-10-29 20:27 - 00003616 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2005715574-247312471-105162307-1001
2015-10-29 20:26 - 2015-10-29 20:27 - 00000000 ____D C:\Program Files (x86)\Real
2015-10-29 20:26 - 2015-10-29 20:26 - 00505608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
2015-10-29 20:26 - 2015-10-29 20:26 - 00354056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
2015-10-29 20:26 - 2015-10-29 20:26 - 00278792 _____ (Progressive Networks) C:\WINDOWS\SysWOW64\pncrt.dll
2015-10-29 20:26 - 2015-10-29 20:26 - 00200968 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll
2015-10-29 20:26 - 2015-10-29 20:26 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\RealNetworks
2015-10-29 20:26 - 2015-10-29 20:26 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Real
2015-10-29 20:26 - 2015-10-29 20:26 - 00000000 ____D C:\ProgramData\RealNetworks
2015-10-29 20:26 - 2015-10-29 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
2015-10-29 20:26 - 2015-10-29 20:26 - 00000000 ____D C:\Program Files (x86)\RealNetworks
2015-10-29 20:25 - 2015-10-29 20:29 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Real
2015-10-29 20:24 - 2015-10-29 20:27 - 00000000 ____D C:\ProgramData\Real
2015-10-29 12:38 - 2015-10-29 12:38 - 00003386 _____ C:\WINDOWS\System32\Tasks\{CA23FF5F-CB72-4B9B-8CF8-060B6B2A1CEB}
2015-10-29 10:43 - 2015-10-29 10:43 - 00000000 ___HD C:\ProgramData\CanonIJScan
2015-10-29 10:06 - 2015-10-29 10:07 - 01694208 _____ C:\Users\bigalx58\Downloads\adwcleaner_5.015.exe
2015-10-29 08:09 - 2015-10-29 08:11 - 00000000 ____D C:\Users\TEMP
2015-10-29 08:09 - 2015-10-29 08:09 - 00000000 ____D C:\Users\TEMP\AppData\Local\TileDataLayer
2015-10-28 19:03 - 2015-10-28 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
2015-10-28 19:02 - 2015-10-28 19:02 - 01503872 _____ (Skype Technologies S.A.) C:\Users\bigalx58\Downloads\SkypeSetup (3).exe
2015-10-28 18:11 - 2015-10-28 18:11 - 01239752 _____ (Microsoft Corporation) C:\Users\bigalx58\Downloads\wlsetup-web (5).exe
2015-10-28 18:07 - 2015-10-28 18:07 - 00003272 _____ C:\WINDOWS\System32\Tasks\{18B40370-4EB3-4AB3-BDFE-242E62AF4C24}
2015-10-28 12:14 - 2015-10-28 12:14 - 00000000 ____D C:\Program Files\Common Files\AV
2015-10-28 12:11 - 2015-10-28 13:48 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
2015-10-28 12:11 - 2015-10-28 12:49 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
2015-10-27 09:10 - 2015-10-27 09:11 - 00018375 _____ C:\Users\bigalx58\Documents\SuperSpyware.odt
2015-10-26 15:34 - 2015-10-26 15:34 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Trusteer
2015-10-26 15:34 - 2015-10-26 15:34 - 00000000 ____D C:\Program Files (x86)\Trusteer
2015-10-26 15:33 - 2015-10-26 15:33 - 00000000 ____D C:\ProgramData\Trusteer
2015-10-26 12:53 - 2015-10-26 13:02 - 320964525 _____ C:\Users\bigalx58\Downloads\Sea Cruise part 1 (4).mov
2015-10-26 12:48 - 2015-10-26 13:02 - 320964525 _____ C:\Users\bigalx58\Downloads\Sea Cruise part 1 (3).mov
2015-10-26 10:05 - 2015-10-26 10:05 - 00000000 ____D C:\ProgramData\Samsung
2015-10-26 10:00 - 2015-10-26 10:09 - 00000000 ____D C:\Users\bigalx58\Documents\samsung
2015-10-26 10:00 - 2015-10-26 10:03 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Samsung
2015-10-26 10:00 - 2015-10-26 10:03 - 00000000 ____D C:\Program Files (x86)\Samsung
2015-10-26 10:00 - 2015-10-26 10:00 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
2015-10-26 10:00 - 2015-10-26 10:00 - 00000000 ____D C:\Users\bigalx58\Documents\SelfMV
2015-10-25 13:07 - 2015-10-25 13:07 - 00000000 ____D C:\Users\bigalx58\AppData\Local\LogMeIn
2015-10-25 13:07 - 2015-10-25 13:07 - 00000000 ____D C:\ProgramData\LogMeIn
2015-10-25 13:01 - 2015-11-01 09:23 - 00000020 _____ C:\ProgramData\IpAndPort.fig
2015-10-25 13:00 - 2015-11-01 09:23 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetViewer
2015-10-25 13:00 - 2015-10-28 13:38 - 00000000 ____D C:\Users\bigalx58\Downloads\NetViewer
2015-10-25 12:59 - 2015-10-25 12:59 - 09345570 _____ C:\Users\bigalx58\Downloads\NetViewer.zip
2015-10-25 12:43 - 2015-10-25 12:44 - 00000000 ____D C:\Users\bigalx58\AppData\Local\join.me
2015-10-25 11:33 - 2015-10-28 13:49 - 00000000 ____D C:\Program Files (x86)\AVIGenerator2.0
2015-10-25 11:24 - 2015-10-25 11:23 - 17714276 ____R C:\Users\bigalx58\Downloads\DVR08C_V111208V111118V111227V120110V120110.sw
2015-10-24 09:34 - 2015-10-24 09:35 - 13739685 _____ C:\Users\bigalx58\Downloads\Sea Cruise part 1 (2).mov.7yi64pw.partial
2015-10-24 09:32 - 2015-10-24 09:32 - 14687082 _____ C:\Users\bigalx58\Downloads\Sea Cruise part 1 (1).mov.d58pkae.partial
2015-10-24 08:50 - 2015-10-24 08:56 - 320964525 _____ C:\Users\bigalx58\Downloads\Sea Cruise part 1.mov
2015-10-23 17:56 - 2015-10-23 17:56 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Sony Network Entertainment International LLC
2015-10-23 15:53 - 2015-10-29 20:26 - 00000000 ____D C:\ProgramData\Package Cache
2015-10-23 15:53 - 2015-10-28 13:38 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Sony
2015-10-23 15:53 - 2015-10-23 15:53 - 00000000 ____D C:\ProgramData\Sony Corporation
2015-10-23 15:53 - 2015-10-23 15:53 - 00000000 ____D C:\Program Files (x86)\Sony
2015-10-23 15:52 - 2015-10-28 13:49 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
2015-10-23 15:52 - 2015-10-23 15:54 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Sony
2015-10-23 14:58 - 2015-10-23 15:06 - 00014336 _____ C:\Users\bigalx58\Documents\Lion King.odt

Bigalx58 · 2015/11/09

2015-10-23 11:59 - 2015-10-23 12:00 - 00000000 ____D C:\Users\bigalx58\AppData\Local\{2D0E4A9C-2C57-40AE-A7E1-735A5CF7505A}
2015-10-23 09:01 - 2015-11-04 12:28 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Windows Live
2015-10-21 18:32 - 2015-11-06 16:04 - 00000000 ____D C:\ProgramData\Oracle
2015-10-21 18:32 - 2015-11-06 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
2015-10-21 18:32 - 2015-11-06 16:04 - 00000000 ____D C:\Program Files (x86)\Java
2015-10-21 18:32 - 2015-10-21 18:32 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Sun
2015-10-21 16:16 - 2015-10-21 16:16 - 00284080 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgldx64.sys
2015-10-21 16:15 - 2015-10-21 16:15 - 00255408 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\Drivers\avgmfx64.sys
2015-10-21 08:04 - 2015-10-21 08:21 - 00017075 _____ C:\Users\bigalx58\Documents\PASSWORDS.odt
2015-10-20 14:25 - 2015-10-28 13:28 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\LibreOffice
2015-10-20 14:24 - 2015-10-28 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
2015-10-20 14:12 - 2015-10-28 13:19 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
2015-10-20 14:10 - 2015-10-20 14:12 - 224563200 _____ C:\Users\bigalx58\Downloads\LibreOffice_4.4.5_Win_x86.msi
2015-10-20 13:46 - 2015-10-20 13:47 - 140852175 _____ C:\Users\bigalx58\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US (1).exe
2015-10-20 13:29 - 2015-10-20 13:29 - 00003374 _____ C:\WINDOWS\System32\Tasks\{7BFB9711-4FF6-491E-AF83-60763B60F811}
2015-10-20 13:07 - 2015-10-28 13:28 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\OpenOffice
2015-10-20 12:21 - 2015-10-20 14:17 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
2015-10-20 12:15 - 2015-10-20 12:18 - 140852175 _____ C:\Users\bigalx58\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
2015-10-20 12:06 - 2015-05-13 12:37 - 00010715 _____ C:\Users\bigalx58\Downloads\INVITES FOR 50TH..ods
2015-10-20 11:45 - 2015-11-08 13:55 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\U3
2015-10-19 19:04 - 2015-10-19 19:04 - 00021670 _____ C:\Users\bigalx58\Documents\cc_20151019_200407.reg
2015-10-19 18:14 - 2015-11-09 20:37 - 00000000 ____D C:\Users\bigalx58\AppData\LocalLow\LastPass
2015-10-19 18:14 - 2015-11-09 20:34 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
2015-10-19 18:14 - 2015-11-09 20:34 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
2015-10-19 18:14 - 2015-11-09 20:34 - 00000000 ____D C:\Program Files (x86)\LastPass
2015-10-19 17:15 - 2015-10-19 17:16 - 16790552 _____ (LastPass) C:\Users\bigalx58\Downloads\lastpass_x64.exe
2015-10-19 15:52 - 2015-10-19 15:52 - 00929872 _____ (Google Inc.) C:\Users\bigalx58\Downloads\GoogleEarthSetup (1).exe
2015-10-19 15:52 - 2015-10-19 15:52 - 00002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
2015-10-19 15:27 - 2015-11-09 20:32 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
2015-10-19 15:27 - 2015-11-09 20:26 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
2015-10-19 15:27 - 2015-10-28 13:18 - 00000000 ____D C:\Program Files (x86)\Google
2015-10-19 15:27 - 2015-10-19 15:27 - 00929872 _____ (Google Inc.) C:\Users\bigalx58\Downloads\GoogleEarthSetup.exe
2015-10-19 15:27 - 2015-10-19 15:27 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
2015-10-19 15:27 - 2015-10-19 15:27 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
2015-10-19 15:27 - 2015-10-19 15:27 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Google
2015-10-19 15:25 - 2015-10-28 13:20 - 00000000 ___HD C:\ProgramData\CanonBJ
2015-10-19 15:25 - 2015-10-21 11:18 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Canon
2015-10-19 15:24 - 2015-10-28 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
2015-10-19 15:24 - 2015-10-28 13:17 - 00000000 ____D C:\Program Files (x86)\Canon
2015-10-19 15:24 - 2015-10-19 15:24 - 00002175 _____ C:\Users\Public\Desktop\Canon MP Navigator EX 2.1.lnk
2015-10-19 15:23 - 2015-10-19 15:24 - 48655952 _____ C:\Users\bigalx58\Downloads\mpnx_2_1-win-2_13-ea23_2 (1).exe
2015-10-19 15:11 - 2015-10-19 15:12 - 50138704 _____ C:\Users\bigalx58\Downloads\mpnx_5_1-win-5_1_1-ea23_2.exe
2015-10-19 14:04 - 2015-11-01 17:22 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
2015-10-19 14:04 - 2015-10-28 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
2015-10-19 14:04 - 2015-10-28 13:20 - 00000000 ____D C:\ProgramData\Malwarebytes
2015-10-19 14:04 - 2015-10-28 13:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
2015-10-19 14:04 - 2015-10-05 08:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
2015-10-19 14:04 - 2015-10-05 08:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
2015-10-19 14:04 - 2015-10-05 08:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
2015-10-19 14:03 - 2015-10-19 14:04 - 22908888 _____ (Malwarebytes ) C:\Users\bigalx58\Downloads\mbam-setup-2.2.0.1024.exe
2015-10-19 14:00 - 2015-10-28 13:27 - 00000000 ____D C:\Users\bigalx58\AppData\Local\VS Revo Group
2015-10-19 14:00 - 2015-10-28 13:20 - 00000000 ____D C:\ProgramData\VS Revo Group
2015-10-19 14:00 - 2015-10-28 13:19 - 00000000 ____D C:\Program Files\VS Revo Group
2015-10-19 14:00 - 2015-10-19 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
2015-10-19 14:00 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
2015-10-19 13:59 - 2015-10-19 13:59 - 11069616 _____ (VS Revo Group ) C:\Users\bigalx58\Downloads\RevoUninProSetup.exe
2015-10-19 13:58 - 2015-11-08 09:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Auslogics
2015-10-19 13:58 - 2015-11-08 09:24 - 00000000 ____D C:\ProgramData\Auslogics
2015-10-19 13:57 - 2015-11-08 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
2015-10-19 13:57 - 2015-11-08 09:24 - 00000000 ____D C:\Program Files (x86)\Auslogics
2015-10-19 13:57 - 2015-10-19 13:57 - 07750968 _____ (Auslogics Labs Pty Ltd ) C:\Users\bigalx58\Downloads\registry-cleaner-setup (3).exe
2015-10-19 13:56 - 2015-10-19 13:57 - 07750968 _____ (Auslogics Labs Pty Ltd ) C:\Users\bigalx58\Downloads\registry-cleaner-setup (2).exe
2015-10-19 13:53 - 2015-10-19 13:53 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\SUPERAntiSpyware.com
2015-10-19 13:52 - 2015-10-29 10:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
2015-10-19 13:52 - 2015-10-28 13:20 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
2015-10-19 13:52 - 2015-10-19 13:52 - 23720352 _____ (SUPERAntiSpyware) C:\Users\bigalx58\Downloads\SUPERAntiSpyware.exe
2015-10-19 13:52 - 2015-10-19 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
2015-10-19 13:50 - 2015-10-28 13:19 - 00000000 ____D C:\Program Files\CCleaner
2015-10-19 13:50 - 2015-10-19 13:50 - 06677440 _____ (Piriform Ltd) C:\Users\bigalx58\Downloads\ccsetup510 (1).exe
2015-10-19 13:50 - 2015-10-19 13:50 - 00002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
2015-10-19 13:47 - 2015-10-28 13:19 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
2015-10-19 13:47 - 2015-10-28 13:19 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
2015-10-19 13:47 - 2015-10-19 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
2015-10-19 13:46 - 2015-10-19 13:46 - 23514192 _____ (TomTom International B.V.) C:\Users\bigalx58\Downloads\InstallMyDriveConnect (2).exe
2015-10-19 12:39 - 2015-10-28 13:28 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\TomTom
2015-10-19 12:39 - 2015-10-28 13:27 - 00000000 ____D C:\Users\bigalx58\AppData\Local\TomTom
2015-10-19 12:39 - 2015-10-19 12:44 - 00000000 ____D C:\Program Files (x86)\TomTom HOME 2
2015-10-19 12:39 - 2015-10-19 12:39 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Mozilla
2015-10-19 12:38 - 2015-10-28 13:20 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Downloaded Installations
2015-10-19 12:37 - 2015-10-19 12:37 - 31109864 _____ C:\Users\bigalx58\Downloads\TomTomHOME2winlatest (1).exe
2015-10-19 12:35 - 2015-10-19 12:35 - 31109864 _____ C:\Users\bigalx58\Downloads\TomTomHOME2winlatest.exe
2015-10-19 12:13 - 2015-10-19 12:13 - 00002922 _____ C:\WINDOWS\System32\Tasks\TuneUpUtilities_Task_BkGndMaintenance2013
2015-10-19 11:24 - 2015-10-19 11:24 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
2015-10-18 19:06 - 2015-10-28 19:03 - 00000000 ___RD C:\Program Files (x86)\Skype
2015-10-18 19:06 - 2015-10-28 13:27 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Skype
2015-10-18 19:03 - 2015-10-18 19:03 - 01503872 _____ (Skype Technologies S.A.) C:\Users\bigalx58\Downloads\SkypeSetup (2).exe
2015-10-18 18:29 - 2015-10-28 19:04 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Skype
2015-10-18 18:29 - 2015-10-28 19:03 - 00000000 ____D C:\ProgramData\Skype
2015-10-18 18:28 - 2015-11-04 16:32 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Windows Live Writer
2015-10-18 18:28 - 2015-10-30 17:51 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Windows Live Writer
2015-10-18 18:25 - 2015-10-18 18:25 - 01239752 _____ (Microsoft Corporation) C:\Users\bigalx58\Downloads\wlsetup-web (4).exe
2015-10-18 17:59 - 2015-11-09 17:41 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4817BCF8-46B0-4610-8FE7-434EF13F4E40}
2015-10-18 17:00 - 2015-10-18 17:00 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
2015-10-18 16:04 - 2015-10-18 16:04 - 00002215 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG PC TuneUp.lnk
2015-10-18 16:04 - 2015-10-14 10:05 - 00045992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
2015-10-18 16:04 - 2015-10-14 09:59 - 00037288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\authuitu.dll
2015-10-18 16:04 - 2015-10-14 09:59 - 00032680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\authuitu.dll
2015-10-18 15:22 - 2015-10-18 16:04 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\AVG
2015-10-18 15:21 - 2015-11-04 12:19 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG
2015-10-18 15:21 - 2015-10-18 15:21 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\TuneUp Software
2015-10-18 15:20 - 2015-11-09 19:16 - 00000000 ____D C:\ProgramData\MFAData
2015-10-18 15:20 - 2015-11-04 12:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
2015-10-18 15:20 - 2015-10-18 15:20 - 00000000 ____D C:\Users\bigalx58\AppData\Local\MFAData
2015-10-18 15:19 - 2015-10-26 17:28 - 00000000 ____D C:\Users\bigalx58\AppData\Local\AvgSetupLog
2015-10-18 15:19 - 2015-10-26 17:26 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Avg
2015-10-18 15:19 - 2015-10-20 08:19 - 00000000 ____D C:\Program Files (x86)\AVG
2015-10-18 15:19 - 2015-10-18 16:04 - 00000000 ____D C:\ProgramData\Avg
2015-10-18 15:19 - 2015-10-18 15:19 - 02895464 _____ (AVG Technologies) C:\Users\bigalx58\Downloads\AVG_Protection_Free_1115.exe
2015-10-18 15:11 - 2015-11-03 13:26 - 00000000 ____D C:\Users\bigalx58\Desktop\Cleaners-Security
2015-10-18 15:10 - 2015-10-18 15:10 - 00000000 ____D C:\ProgramData\BitDefender
2015-10-18 15:08 - 2015-10-18 15:08 - 00000264 _____ C:\prefs.js
2015-10-18 15:08 - 2015-10-18 15:08 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\LavasoftStatistics
2015-10-18 15:08 - 2015-10-18 15:08 - 00000000 ____D C:\searchplugins
2015-10-18 15:07 - 2015-10-28 13:50 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Lavasoft
2015-10-18 15:07 - 2015-10-28 13:49 - 00000000 ____D C:\Program Files (x86)\Lavasoft
2015-10-18 15:07 - 2015-10-26 18:22 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Lavasoft
2015-10-18 15:07 - 2015-10-18 15:13 - 00002936 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
2015-10-18 15:07 - 2015-10-18 15:13 - 00002936 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
2015-10-18 15:07 - 2015-10-18 15:07 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
2015-10-18 15:07 - 2015-10-18 15:07 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
2015-10-18 15:06 - 2015-10-28 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
2015-10-18 15:06 - 2015-10-18 15:06 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
2015-10-18 15:06 - 2015-10-18 15:06 - 00000000 ____D C:\Program Files\Lavasoft
2015-10-18 15:06 - 2015-01-06 12:47 - 01061776 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdsmtpp.dll
2015-10-18 15:06 - 2015-01-06 12:47 - 00209984 _____ (BitDefender) C:\WINDOWS\system32\BdFirewallSDK.dll
2015-10-18 15:06 - 2015-01-06 12:47 - 00195016 _____ (BitDefender) C:\WINDOWS\system32\httproxy.dll
2015-10-18 15:06 - 2015-01-06 12:47 - 00156936 _____ C:\WINDOWS\system32\bdfwcore.dll
2015-10-18 15:06 - 2015-01-06 12:47 - 00155912 _____ (BitDefender S.R.L.) C:\WINDOWS\system32\bdpop3p.dll
2015-10-18 15:06 - 2015-01-06 12:47 - 00122928 _____ (BitDefender) C:\WINDOWS\system32\OEMbdpredir.dll
2015-10-18 15:06 - 2015-01-06 12:47 - 00096160 _____ (BitDefender) C:\WINDOWS\system32\bdpredir.dll
2015-10-18 15:06 - 2015-01-06 12:37 - 02084072 _____ (Bitdefender) C:\WINDOWS\system32\bdnc.dll
2015-10-18 15:05 - 2015-10-18 15:05 - 00000000 ____D C:\Program Files\Common Files\Lavasoft
2015-10-18 15:04 - 2015-10-28 13:50 - 00000000 ____D C:\ProgramData\Lavasoft
2015-10-18 14:27 - 2015-10-18 14:27 - 01239752 _____ (Microsoft Corporation) C:\Users\bigalx58\Downloads\wlsetup-web (3).exe
2015-10-18 14:26 - 2015-10-18 14:26 - 01239752 _____ (Microsoft Corporation) C:\Users\bigalx58\Downloads\wlsetup-web (2).exe
2015-10-16 11:30 - 2015-10-16 11:30 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
2015-10-16 11:30 - 2015-10-16 11:30 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
2015-10-16 11:26 - 2015-10-16 11:26 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
2015-10-16 07:30 - 2015-10-16 07:31 - 00000000 ____D C:\Users\bigalx58\AppData\Local\PackageStaging
2015-10-16 07:30 - 2015-10-16 07:30 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Macromedia
2015-10-16 06:48 - 2015-07-05 05:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
2015-10-16 06:47 - 2015-10-16 06:48 - 00000000 ____D C:\WINDOWS\system32\MRT
2015-10-16 06:47 - 2015-10-02 11:09 - 143481208 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
2015-10-15 19:55 - 2015-10-15 19:55 - 00000000 ____D C:\Users\bigalx58\AppData\Local\NetworkTiles
2015-10-15 19:55 - 2015-10-15 19:55 - 00000000 ____D C:\Users\bigalx58\AppData\Local\MicrosoftEdge
2015-10-15 19:54 - 2015-11-09 20:25 - 00000000 ___RD C:\Users\bigalx58\OneDrive
2015-10-15 19:54 - 2015-10-30 14:55 - 00002350 _____ C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
2015-10-15 19:54 - 2015-10-15 19:59 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Comms
2015-10-15 19:54 - 2015-10-15 19:54 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
2015-10-15 19:53 - 2015-10-15 19:53 - 00038704 _____ C:\Users\bigalx58\Desktop\Removed Apps.html
2015-10-15 19:52 - 2015-11-04 16:31 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Packages
2015-10-15 19:52 - 2015-10-18 16:04 - 00000000 ____D C:\Users\bigalx58\AppData\Local\VirtualStore
2015-10-15 19:52 - 2015-10-15 19:52 - 00000020 ___SH C:\Users\bigalx58\ntuser.ini
2015-10-15 19:52 - 2015-10-15 19:52 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Adobe
2015-10-15 19:52 - 2015-10-15 19:52 - 00000000 ____D C:\Users\bigalx58\AppData\Local\TileDataLayer
2015-10-15 19:52 - 2015-10-15 19:52 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Publishers
2015-10-15 16:45 - 2015-11-04 16:20 - 00000000 ____D C:\Windows.old
2015-10-15 16:45 - 2015-10-15 16:45 - 00028672 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG
2015-10-15 16:45 - 2015-10-15 16:45 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
2015-10-15 16:38 - 2015-10-15 16:38 - 00000000 ____D C:\WINDOWS\Setup
2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\system32\winrm
2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\system32\WCN
2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\system32\slmgr
2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\system32\0409
2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\OCR
2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\DigitalLocker
2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files\Reference Assemblies
2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files\MSBuild
2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files (x86)\MSBuild
2015-10-15 16:31 - 2015-10-15 22:10 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
2015-10-15 16:31 - 2015-10-15 22:10 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
2015-10-15 16:30 - 2015-10-15 16:27 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
2015-10-15 16:30 - 2015-10-15 16:27 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
2015-10-15 16:30 - 2015-10-15 16:27 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
2015-10-15 16:30 - 2015-10-15 16:27 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
2015-10-15 16:29 - 2015-11-09 20:22 - 00000000 ____D C:\WINDOWS\system32\sru
2015-10-15 16:29 - 2015-11-09 19:38 - 00000000 ____D C:\WINDOWS\AppReadiness
2015-10-15 16:29 - 2015-11-04 12:30 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
2015-10-15 16:29 - 2015-11-03 13:22 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
2015-10-15 16:29 - 2015-11-03 13:22 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
2015-10-15 16:29 - 2015-11-02 17:21 - 00000000 ____D C:\WINDOWS\rescache
2015-10-15 16:29 - 2015-10-30 19:40 - 00000000 ____D C:\WINDOWS\system32\appraiser
2015-10-15 16:29 - 2015-10-28 14:02 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
2015-10-15 16:29 - 2015-10-28 14:02 - 00000000 ____D C:\WINDOWS\system32\Sysprep
2015-10-15 16:29 - 2015-10-28 14:02 - 00000000 ____D C:\WINDOWS\system32\en-GB
2015-10-15 16:29 - 2015-10-28 13:29 - 00000000 ____D C:\WINDOWS\registration
2015-10-15 16:29 - 2015-10-20 14:14 - 00000000 ____D C:\WINDOWS\LiveKernelReports
2015-10-15 16:29 - 2015-10-19 15:25 - 00000000 __RSD C:\WINDOWS\Media
2015-10-15 16:29 - 2015-10-18 15:21 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ___SD C:\WINDOWS\system32\F12
2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\WINDOWS\system32\oobe
2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\WINDOWS\system32\Dism
2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\WINDOWS\Provisioning
2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\WINDOWS\L2Schemas
2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\Program Files\Windows Journal
2015-10-15 16:29 - 2015-10-16 06:45 - 00000000 ____D C:\WINDOWS\system32\restore
2015-10-15 16:29 - 2015-10-16 06:45 - 00000000 ____D C:\WINDOWS\appcompat
2015-10-15 16:29 - 2015-10-15 19:52 - 00000000 ___RD C:\WINDOWS\PrintDialog
2015-10-15 16:29 - 2015-10-15 19:52 - 00000000 ___RD C:\WINDOWS\MiracastView
2015-10-15 16:29 - 2015-10-15 16:45 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ___SD C:\WINDOWS\system32\dsc
2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\system32\setup
2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\system32\MUI
2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\system32\migwiz
2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\system32\Com
2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\IME
2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files\Windows Photo Viewer
2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files\Windows Defender
2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files\Common Files\System
2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files (x86)\Windows Defender
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 __RSD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 __RSD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-CS
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\sppui
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\Recovery
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\MSDRM
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\InstallShield
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\fr-CA
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\es-MX
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 __SHD C:\Program Files\Windows Sidebar
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___SD C:\WINDOWS\system32\Nui
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___SD C:\WINDOWS\system32\Configuration
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___SD C:\Program Files\WindowsPowerShell
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___SD C:\Program Files (x86)\WindowsPowerShell
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Web
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Vss
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\tracing
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\TAPI
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\WindowsPowerShell
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\sru
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\spp
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech_OneCore
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\restore
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\RasToast
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\networklist
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\Licenses
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SystemResources
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\zh-HK
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\winevt
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\uk-UA
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\tr-TR
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\th-TH
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\sppui
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\spp
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\Speech_OneCore
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\Speech
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\sl-SI
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\sk-SK
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\ro-RO
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\RasToast
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\ras
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\PointOfService
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\networklist
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\NDF
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\MsDtc
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\MSDRM
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\Macromed
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\lv-LV
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\lt-LT
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\Licenses
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\Ipmi
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\InputMethod
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\inetsrv
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\IME
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\icsxml
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\ias
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\hr-HR
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\he-IL
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\fr-CA
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\et-EE
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\es-MX
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\downlevel
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\config\Journal
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\Bthprops
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\bg-BG
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\ar-SA
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\AppLocker
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system\Speech
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\System
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Speech_OneCore
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Speech
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SKB
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\ShellNew
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\security
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\schemas
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SchCache
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Resources
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\PLA
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Performance
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\InputMethod
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Globalization
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Cursors
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Branding
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\addins
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\ProgramData\Comms
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Program Files\Windows Portable Devices
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Program Files\Windows NT
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Program Files\Common Files\Services
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Program Files (x86)\Windows NT
2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
2015-10-15 16:29 - 2015-10-15 16:27 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
2015-10-15 16:29 - 2015-10-15 16:27 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
2015-10-15 16:29 - 2015-10-15 16:27 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
2015-10-15 16:29 - 2015-10-15 16:27 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
2015-10-15 16:29 - 2015-10-15 16:27 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
2015-10-15 16:29 - 2015-10-15 16:27 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
2015-10-15 16:29 - 2015-10-15 16:27 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
2015-10-15 16:29 - 2015-10-15 16:27 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
2015-10-15 16:29 - 2015-10-15 16:27 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
2015-10-15 16:29 - 2015-10-15 16:27 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
2015-10-15 16:29 - 2015-10-15 16:27 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
2015-10-15 16:29 - 2015-10-15 16:27 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
2015-10-15 16:29 - 2015-10-15 16:27 - 00000219 _____ C:\WINDOWS\system.ini
2015-10-15 16:29 - 2015-10-15 16:27 - 00000092 _____ C:\WINDOWS\win.ini
2015-10-15 16:29 - 2015-10-15 13:07 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
2015-10-15 16:29 - 2015-10-15 13:06 - 00000000 __RHD C:\Users\Public\Libraries
2015-10-15 16:29 - 2015-10-15 13:06 - 00000000 ____D C:\WINDOWS\system32\Recovery
2015-10-15 16:29 - 2015-10-15 13:04 - 00000000 ____D C:\WINDOWS\system32\spool
2015-10-15 16:29 - 2015-10-15 13:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
2015-10-15 16:29 - 2015-10-15 12:57 - 00000000 ____D C:\WINDOWS\Help
2015-10-15 16:29 - 2015-10-15 12:56 - 00000000 ____D C:\ProgramData\USOPrivate
2015-10-15 16:19 - 2015-11-02 16:09 - 00000000 ____D C:\WINDOWS\CbsTemp
2015-10-15 16:06 - 2015-11-09 20:22 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
2015-10-15 16:06 - 2015-11-06 09:06 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
2015-10-15 16:06 - 2015-10-20 17:27 - 00786432 ___SH C:\WINDOWS\system32\config\BBI(702)
2015-10-15 16:06 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\servicing
2015-10-15 16:06 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\SMI
2015-10-15 16:06 - 2015-10-15 13:08 - 00000000 __RHD C:\Users\Default
2015-10-15 16:06 - 2015-07-10 04:11 - 00000164 _____ C:\WINDOWS\system32\config\FP
2015-10-15 16:05 - 2015-10-16 09:54 - 00000000 ___HD C:\$SysReset
2015-10-15 13:09 - 2015-11-08 13:11 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
2015-10-15 13:08 - 2015-10-15 13:08 - 00000000 __SHD C:\Recovery
2015-10-15 13:07 - 2015-10-15 13:07 - 00012081 _____ C:\Users\Administrator\AppData\Local\Application.xml
2015-10-15 13:05 - 2015-11-09 20:10 - 00000000 ____D C:\Users\bigalx58
2015-10-15 13:05 - 2015-10-28 14:12 - 00000000 ____D C:\Users\DefaultAppPool
2015-10-15 13:05 - 2015-10-28 14:12 - 00000000 ____D C:\Users\Administrator
2015-10-15 13:05 - 2015-10-15 19:52 - 00000000 ___RD C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-15 13:05 - 2015-10-15 16:30 - 00000000 __RSD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-15 13:05 - 2015-10-15 16:30 - 00000000 __RSD C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-15 13:05 - 2015-10-15 16:30 - 00000000 __RSD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
2015-10-15 12:57 - 2015-10-15 12:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
2015-10-15 12:57 - 2015-10-15 12:57 - 00000000 ____D C:\ProgramData\NVIDIA
2015-10-15 12:57 - 2015-10-15 12:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
2015-10-15 12:57 - 2015-07-22 20:10 - 06873928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
2015-10-15 12:57 - 2015-07-22 20:10 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
2015-10-15 12:57 - 2015-07-22 20:10 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
2015-10-15 12:57 - 2015-07-22 20:10 - 00937800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
2015-10-15 12:57 - 2015-07-22 20:10 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
2015-10-15 12:57 - 2015-07-22 20:10 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
2015-10-15 12:57 - 2015-07-21 23:29 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin
2015-10-15 12:56 - 2015-10-15 12:57 - 00000000 ____D C:\Program Files\NVIDIA Corporation
2015-10-15 12:56 - 2015-10-15 12:56 - 00000000 ____H C:\ProgramData\DP45977C.lfl
2015-10-15 12:56 - 2015-10-15 12:56 - 00000000 ____D C:\WINDOWS\system32\DAX2
2015-10-15 12:56 - 2015-10-15 12:56 - 00000000 ____D C:\ProgramData\USOShared
2015-10-15 12:56 - 2015-10-15 12:56 - 00000000 ____D C:\Program Files\Realtek
2015-10-15 12:55 - 2015-10-15 12:56 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
2015-10-15 12:54 - 2015-07-10 05:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
2015-10-15 12:51 - 2015-11-09 20:23 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
2015-10-15 12:50 - 2015-10-21 07:31 - 00253112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
2015-10-14 20:02 - 2015-10-14 20:00 - 00026624 ____T C:\Users\bigalx58\Documents\Oakville Happy Tappers - Sea Cruise - placements.xls
2015-10-14 12:37 - 2015-10-14 12:37 - 04236400 _____ C:\Users\bigalx58\Downloads\advisorinstaller.exe
2015-10-14 12:37 - 2015-10-14 12:37 - 04236400 _____ C:\Users\bigalx58\Downloads\advisorinstaller (1).exe
2015-10-14 12:08 - 2015-10-14 12:12 - 303687256 _____ (NVIDIA Corporation) C:\Users\bigalx58\Downloads\358.50-desktop-win10-64bit-international-whql.exe
2015-10-14 12:04 - 2015-10-14 12:04 - 00000000 ____D C:\Users\Public\Documents\Logishrd
2015-10-14 11:59 - 2015-10-14 12:01 - 81354761 _____ C:\Users\bigalx58\Downloads\logitech_full_setpoint_6_65_62_64bit.zip
2015-10-14 11:54 - 2015-10-14 11:54 - 05345280 _____ C:\Users\bigalx58\Downloads\INF_allOS_9.4.0.1027.exe
2015-10-14 11:52 - 2015-10-14 11:53 - 02449376 _____ (Megaify Software ) C:\Users\bigalx58\Downloads\DriverToolkitInstaller (4).exe
2015-10-14 11:51 - 2015-10-14 11:51 - 02449376 _____ (Megaify Software ) C:\Users\bigalx58\Downloads\DriverToolkitInstaller (3).exe
2015-10-14 11:50 - 2015-10-14 11:50 - 02449376 _____ (Megaify Software ) C:\Users\bigalx58\Downloads\DriverToolkitInstaller (2).exe
2015-10-14 11:50 - 2015-10-14 11:50 - 02449376 _____ (Megaify Software ) C:\Users\bigalx58\Downloads\DriverToolkitInstaller (1).exe
2015-10-14 11:49 - 2015-10-14 11:50 - 02449376 _____ (Megaify Software ) C:\Users\bigalx58\Downloads\DriverToolkitInstaller.exe
2015-10-13 13:51 - 2015-10-10 02:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
2015-10-13 13:51 - 2015-10-05 22:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
2015-10-13 13:51 - 2015-10-05 21:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
2015-10-13 13:51 - 2015-09-30 23:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
2015-10-13 13:51 - 2015-09-30 23:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
2015-10-13 13:51 - 2015-09-30 23:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
2015-10-13 13:51 - 2015-09-30 23:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
2015-10-13 13:51 - 2015-09-30 23:00 - 08020320 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
2015-10-13 13:51 - 2015-09-30 22:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
2015-10-13 13:51 - 2015-09-24 23:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
2015-10-13 13:51 - 2015-09-24 23:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
2015-10-13 13:51 - 2015-09-24 22:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
2015-10-13 13:51 - 2015-09-24 22:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
2015-10-13 13:51 - 2015-09-24 22:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
2015-10-13 13:51 - 2015-09-24 22:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
2015-10-13 13:51 - 2015-09-24 22:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
2015-10-13 13:51 - 2015-09-24 22:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
2015-10-13 13:51 - 2015-09-24 22:09 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
2015-10-13 13:51 - 2015-09-24 22:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
2015-10-13 13:51 - 2015-09-24 22:04 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
2015-10-13 13:51 - 2015-09-24 22:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
2015-10-13 13:51 - 2015-09-24 22:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
2015-10-13 13:51 - 2015-09-24 22:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
2015-10-13 13:51 - 2015-09-24 22:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
2015-10-13 13:51 - 2015-09-24 22:02 - 00949248 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
2015-10-13 13:51 - 2015-09-24 22:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
2015-10-13 13:51 - 2015-09-24 22:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
2015-10-13 13:51 - 2015-09-24 22:01 - 03586560 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
2015-10-13 13:51 - 2015-09-24 22:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
2015-10-13 13:51 - 2015-09-24 22:00 - 01382400 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
2015-10-13 13:51 - 2015-09-24 22:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
2015-10-13 13:51 - 2015-09-24 22:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
2015-10-13 13:51 - 2015-09-24 21:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
2015-10-13 13:51 - 2015-09-24 21:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
2015-10-13 13:51 - 2015-09-24 21:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
2015-10-13 13:51 - 2015-09-24 21:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
2015-10-13 13:51 - 2015-09-24 21:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
2015-10-13 13:51 - 2015-09-24 21:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
2015-10-13 13:51 - 2015-09-24 21:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
2015-10-13 13:51 - 2015-09-24 21:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
2015-10-13 13:51 - 2015-09-24 21:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
2015-10-13 13:51 - 2015-09-24 21:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
2015-10-13 13:51 - 2015-09-24 21:38 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
2015-10-13 13:51 - 2015-09-24 21:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
2015-10-13 13:51 - 2015-09-24 21:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
2015-10-13 13:51 - 2015-09-24 21:37 - 00766976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
2015-10-13 13:51 - 2015-09-24 21:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
2015-10-13 13:51 - 2015-09-24 21:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
2015-10-13 13:51 - 2015-09-24 21:36 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
2015-10-13 13:51 - 2015-09-24 21:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
2015-10-13 13:51 - 2015-09-24 21:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
2015-10-13 13:51 - 2015-09-24 21:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
2015-10-13 13:51 - 2015-09-24 21:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
2015-10-13 13:51 - 2015-09-24 21:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
2015-10-13 13:51 - 2015-09-24 21:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
2015-10-13 13:51 - 2015-09-24 21:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
2015-10-13 13:51 - 2015-09-24 21:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
2015-10-13 13:51 - 2015-09-24 21:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll
2015-10-11 12:38 - 2015-10-11 12:38 - 02895448 _____ (AVG Technologies) C:\Users\bigalx58\Downloads\AVG_Protection_Free_698.exe
2015-10-11 09:13 - 2015-10-11 09:13 - 02012464 _____ C:\Users\bigalx58\Downloads\Adaware_Installer.exe

==================== One Month Modified files and folders ========

(If an entry is included in the fixlist, the file/folder will be moved.)

2015-11-09 20:41 - 2013-08-12 08:09 - 00000000 ____D C:\FRST
2015-11-08 09:46 - 2012-08-05 15:10 - 00000000 ____D C:\Users\bigalx58\Desktop\ACCESSORIES
2015-11-06 16:04 - 2015-09-02 12:18 - 00000000 ____D C:\Users\bigalx58\.oracle_jre_usage
2015-11-06 14:05 - 2013-08-13 16:58 - 00000000 ____D C:\AdwCleaner
2015-11-04 15:41 - 2013-05-24 09:49 - 00000000 ____D C:\Users\bigalx58\SkyDrive
2015-11-02 16:08 - 2015-07-10 05:59 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
2015-11-02 16:08 - 2015-07-10 05:59 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
2015-11-02 16:08 - 2015-07-10 05:59 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
2015-11-02 16:08 - 2015-07-10 05:59 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
2015-11-02 16:08 - 2015-07-10 05:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
2015-11-02 16:08 - 2015-07-10 05:59 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
2015-11-02 16:08 - 2015-07-10 05:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
2015-11-02 16:08 - 2015-07-10 05:59 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
2015-11-02 16:08 - 2015-07-10 05:59 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
2015-11-02 16:08 - 2015-07-10 05:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
2015-11-02 16:08 - 2015-07-10 05:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
2015-11-02 16:08 - 2015-07-10 05:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
2015-11-02 16:08 - 2015-07-10 05:59 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
2015-11-02 16:08 - 2015-07-10 05:59 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
2015-11-02 16:08 - 2015-07-10 05:59 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
2015-11-02 16:08 - 2015-07-10 05:59 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
2015-11-02 16:08 - 2015-07-10 05:59 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
2015-11-02 16:08 - 2015-07-10 05:59 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
2015-10-31 10:59 - 2015-10-07 08:07 - 00000000 ____D C:\Users\bigalx58\Tracing
2015-10-30 18:13 - 2013-12-27 13:58 - 00001390 _____ C:\Users\bigalx58\Desktop\Internet Explorer.lnk
2015-10-29 12:03 - 2012-11-15 12:48 - 00015887 _____ C:\Users\bigalx58\Documents\PERSONAL ASSETS.odt
2015-10-28 17:09 - 2012-04-15 14:46 - 00000000 ___SD C:\Users\bigalx58\AppData\LocalLow\Temp
2015-10-28 14:02 - 2013-04-10 17:15 - 00000000 ____D C:\Users\bigalx58\Documents\favo_src

============================

Bigalx58 · 2015/11/09

Sorry, I had to chop the log up a bit...hope it's OK.
What to do now?

broni · 2015/11/10

You did fine

You're running three AV programs:
AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
AV: Ad-Aware Antivirus (Disabled - Out of date) {B0CC18C6-E527-6EE6-874C-9D19920E5619}
AV: AVG AntiVirus Free Edition (Enabled - Up to date) {4D41356F-32AD-7C42-C820-63775EE4F413}
You must uninstall TWO of them.
I suggest Ad-aware goes.
If you don't want to use Windows Defender disable it (you can't uninstall it): http://www.tenforums.com/tutorials/5918-windows-defender-turn-off-windows-10-a.html
If you want to uninstall AVG use AVG Remover: http://www.avg.com/us-en/utilities

Download RogueKiller from one of the following links and save it to your Desktop:

Link 1
Link 2

Close all the running programs

Windows Vista/7/8 users: right click on RogueKiller.exe, click Run as Administrator

Otherwise just double-click on RogueKiller.exe

Pre-scan will start. Let it finish.

Click on SCAN button.

Wait until the Status box shows Scan Finished

Click on Delete.

Wait until the Status box shows Deleting Finished.

Click on Report and copy/paste the content of the Notepad into your next reply.

RKreport.txt could also be found on your desktop.

If more than one log is produced post all logs.

If RogueKiller has been blocked, do not hesitate to try a few times more. If really won't run, rename it to winlogon.exe (or winlogon.com) and try again

Please download Malwarebytes Anti-Malware (MBAM) to your desktop.
NOTE. If you already have MBAM 2.0 installed scroll down.

Double-click mbam-setup-2.0.0.1000.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to the following:

Launch Malwarebytes Anti-Malware

A 14 day trial of the Premium features is pre-selected. You may deselect this if you wish, and it will not diminish the scanning and removal capabilities of the program.

Click Finish.

On the Dashboard, click the 'Update Now >>' link

After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

If an update is available, click the Update Now button.

A Threat Scan will begin.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

If you already have MBAM 2.0 installed:

On the Dashboard, click the 'Update Now >>' link

After the update completes, click the 'Scan Now >>' button.

Or, on the Dashboard, click the Scan Now >> button.

If an update is available, click the Update Now button.

A Threat Scan will begin.

When the scan is complete, if there have been detections, click Apply Actions to allow MBAM to clean what was detected.

In most cases, a restart will be required.

Wait for the prompt to restart the computer to appear, then click on Yes.

How to get logs:
(Export log to save as txt)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the Scan Log which shows the Date and time of the scan just performed.

Click 'Export'.

Click 'Text file (*.txt)'

In the Save File dialog box which appears, click on Desktop.

In the File name: box type a name for your scan log.

A message box named 'File Saved' should appear stating "Your file has been successfully exported ".

Click Ok

Attach that saved log to your next reply.

(Copy to clipboard for pasting into forum replies or tickets)

After the restart once you are back at your desktop, open MBAM once more.

Click on the History tab > Application Logs.

Double click on the Scan Log which shows the Date and time of the scan just performed.

Click 'Copy to Clipboard'

Paste the contents of the clipboard into your reply.

Please download AdwCleaner by Xplode onto your desktop.

Close all open programs and internet browsers.

Double click on adwcleaner.exe to run the tool.

Click on Scan button.

When the scan has finished click on Clean button.

Your computer will be rebooted automatically. A text file will open after the restart.

Please post the contents of that logfile with your next reply.

You can find the logfile at C:\AdwCleaner[S1].txt as well.

Please download Junkware Removal Tool to your desktop.

Shut down your protection software now to avoid potential conflicts.

Run the tool by double-clicking it. If you are using Windows Vista, 7, or 8; instead of double-clicking, right-mouse click JRT.exe and select "Run as Administrator ".

The tool will open and start scanning your system.

Please be patient as this can take a while to complete depending on your system's specifications.

On completion, a log (JRT.txt) is saved to your desktop and will automatically open.

Post the contents of JRT.txt into your next message.

Bigalx58 · 2015/11/10

I ran RogueKiller. but couldn't find any report. Maybe I messed up...will try again tomorrow and also run the rest of your suggestions. BTW, my AVG was a trial version and it's uninstalled. Ad Aware is not providing real time protection...so I have only Windows Defender running right now along with the Windows firewall.

broni · 2015/11/10

1. Make sure you run AVG Remover. Regular uninstaller is not enough.
2. Uninstall Ad-aware no matter if it runs in real time or not.

Bigalx58 · 2015/11/11

RogueKiller V10.11.5.0 [Nov 9 2015] (Free) by Adlice Software
mail : http://www.adlice.com/contact/
Feedback : http://forum.adlice.com
Website : http://www.adlice.com/software/roguekiller/
Blog : http://www.adlice.com

Operating System : Windows 10 (10.0.10240) 64 bits version
Started in : Normal mode
User : bigalx58 [Administrator]
Started from : C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCache\IE\VQT19712\RogueKiller.exe
Mode : Delete -- Date : 11/11/2015 09:05:18

¤¤¤ Processes : 0 ¤¤¤

¤¤¤ Registry : 4 ¤¤¤
[PUM.HomePage] (X64) HKEY_USERS\S-1-5-21-2005715574-247312471-105162307-1001\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.HomePage] (X86) HKEY_USERS\S-1-5-21-2005715574-247312471-105162307-1001\Software\Microsoft\Internet Explorer\Main | Start Page : -> Not selected
[PUM.SearchPage] (X64) HKEY_USERS\S-1-5-21-2005715574-247312471-105162307-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected
[PUM.SearchPage] (X86) HKEY_USERS\S-1-5-21-2005715574-247312471-105162307-1001\Software\Microsoft\Internet Explorer\Main | Search Bar : Preserve -> Not selected

¤¤¤ Tasks : 0 ¤¤¤

¤¤¤ Files : 0 ¤¤¤

¤¤¤ Hosts File : 0 ¤¤¤

¤¤¤ Antirootkit : 0 (Driver: Not loaded [0xc000036b]) ¤¤¤

¤¤¤ Web browsers : 0 ¤¤¤

¤¤¤ MBR Check : ¤¤¤
+++++ PhysicalDrive0: +++++
--- User ---
[MBR] fc64a9b5c9a6948eeb5993ecf61512b8
[BSP] 6338cb5489982990de02b174364ef13c : Windows Vista/7/8 MBR Code
Partition table:
0 - [XXXXXX] ACER (0x27) [VISIBLE] Offset (sectors): 2048 | Size: 16384 MB
1 - [ACTIVE] NTFS (0x7) [VISIBLE] Offset (sectors): 33556480 | Size: 100 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
2 - [XXXXXX] NTFS (0x7) [VISIBLE] Offset (sectors): 33761280 | Size: 937383 MB [Windows Vista/7/8 Bootstrap | Windows Vista/7/8 Bootloader]
User = LL1 ... OK
User = LL2 ... OK

+++++ PhysicalDrive1: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive2: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive3: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive4: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

+++++ PhysicalDrive5: +++++
Error reading User MBR! ([15] The device is not ready. )
Error reading LL1 MBR! NOT VALID!
Error reading LL2 MBR! ([32] The request is not supported. )

Bigalx58 · 2015/11/11

# AdwCleaner v5.019 - Logfile created 11/11/2015 at 09:33:10
# Updated 08/11/2015 by Xplode
# Database : 2015-11-09.1 [Server]
# Operating system : Windows 10 Home (x64)
# Username : bigalx58 - BIGALX58-PC
# Running from : C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCache\IE\C7TR25RS\AdwCleaner.exe
# Option : Cleaning
# Support : http://toolslib.net/forum

***** [ Services ] *****

***** [ Folders ] *****

***** [ Files ] *****

***** [ DLLs ] *****

***** [ Shortcuts ] *****

***** [ Scheduled tasks ] *****

***** [ Registry ] *****

[-] Key Deleted : HKCU\Software\AppDataLow\Software\adawarebp

***** [ Web browsers ] *****

*************************

:: "Tracing" keys removed
:: Winsock settings cleared

########## EOF - C:\AdwCleaner\AdwCleaner[C5].txt - [771 bytes] ##########

Bigalx58 · 2015/11/11

Junkware Removal Tool (JRT) by Malwarebytes
Version: 7.6.4 (09.28.2015:1)
OS: Windows 10 Home x64
Ran by bigalx58 on 2015-11-11 at 9:39:27.49
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

~~~ Services

~~~ Tasks

Successfully deleted: [Task] C:\WINDOWS\system32\tasks\TuneUpUtilities_Task_BkGndMaintenance2013

~~~ Registry Values

~~~ Registry Keys

~~~ Files

~~~ Folders

Successfully deleted: [Empty Folder] C:\Users\bigalx58\Appdata\Local\{2D0E4A9C-2C57-40AE-A7E1-735A5CF7505A}
Successfully deleted: [Folder] C:\Program Files (x86)\lavasoft\web companion
Successfully deleted: [Folder] C:\ProgramData\lavasoft\web companion
Successfully deleted: [Folder] C:\Users\bigalx58\Appdata\Local\crashrpt

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Scan was completed on 2015-11-11 at 9:40:44.33
End of JRT log
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Bigalx58 · 2015/11/11

The MBAM scan produced no log...The history had last month's scan logs.
I uninstalled Ad Aware Antivirus using the control panel method...I hope that did the trick and nothing was left hanging around.
I ran the AVG uninstaller to make sure that AVG was gone.
I eagerly await your decision!

broni · 2015/11/11

Cool

Re-run Farbar Recovery Scan Tool (FRST/FRST64) you ran at the very beginning of this topic.

Double click to run it.

Make sure you checkmark Addition.txt box.

Press Scan button.

Scan will create two logs, FRST.txt and Addition.txt in the same directory the tool is run. Please copy and paste them to your reply.

Log in or Sign up

Solved Over 600 spyware threats!

Bigalx58 Well-Known Member Thread Starter

MrBill SuperGeek WindowsBBS Team Member

Bigalx58 Well-Known Member Thread Starter

PeteC SuperGeek Staff

Bigalx58 Well-Known Member Thread Starter

Evan Omo Computer Support Technician Staff

Bigalx58 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bigalx58 Well-Known Member Thread Starter

Bigalx58 Well-Known Member Thread Starter

Bigalx58 Well-Known Member Thread Starter

Bigalx58 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bigalx58 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bigalx58 Well-Known Member Thread Starter

Bigalx58 Well-Known Member Thread Starter

Bigalx58 Well-Known Member Thread Starter

Bigalx58 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Log in or Sign up

Solved Over 600 spyware threats!

Bigalx58 Well-Known Member Thread Starter

MrBill SuperGeek WindowsBBS Team Member

Bigalx58 Well-Known Member Thread Starter

PeteC SuperGeek Staff

Bigalx58 Well-Known Member Thread Starter

Evan Omo Computer Support Technician Staff

Bigalx58 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bigalx58 Well-Known Member Thread Starter

Bigalx58 Well-Known Member Thread Starter

Bigalx58 Well-Known Member Thread Starter

Bigalx58 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bigalx58 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Bigalx58 Well-Known Member Thread Starter

Bigalx58 Well-Known Member Thread Starter

Bigalx58 Well-Known Member Thread Starter

Bigalx58 Well-Known Member Thread Starter

broni Moderator Malware Analyst

Share This Page

Useful Searches