1. You are viewing our forum as a guest. For full access please Register. WindowsBBS.com is completely free, paid for by advertisers and donations.

Solved Over 600 spyware threats!

Discussion in 'Malware and Virus Removal Archive' started by Bigalx58, 2015/11/04.

Page 2 of 2
  1. 2015/11/11
    Bigalx58

    Bigalx58 Well-Known Member Thread Starter

    Joined:
    2006/05/29
    Messages:
    205
    Likes Received:
    1
    Additional scan result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
    Ran by bigalx58 (2015-11-11 21:44:57)
    Running from C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCache\IE\N1L0MK86
    Windows 10 Home (X64) (2015-10-15 18:08:12)
    Boot Mode: Normal
    ==========================================================


    ==================== Accounts: =============================

    Administrator (S-1-5-21-2005715574-247312471-105162307-500 - Administrator - Disabled) => C:\Users\Administrator
    bigalx58 (S-1-5-21-2005715574-247312471-105162307-1001 - Administrator - Enabled) => C:\Users\bigalx58
    DefaultAccount (S-1-5-21-2005715574-247312471-105162307-503 - Limited - Disabled)
    Guest (S-1-5-21-2005715574-247312471-105162307-501 - Limited - Disabled)
    HomeGroupUser$ (S-1-5-21-2005715574-247312471-105162307-1006 - Limited - Enabled)

    ==================== Security Center ========================

    (If an entry is included in the fixlist, it will be removed.)

    AV: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}
    AS: Windows Defender (Enabled - Up to date) {D68DDC3A-831F-4fae-9E44-DA132C1ACF46}

    ==================== Installed Programs ======================

    (Only the adware programs with "Hidden" flag could be added to the fixlist to unhide them. The adware programs should be uninstalled manually.)

    Auslogics BoostSpeed 8 (HKLM-x32\...\{7216871F-869E-437C-B9BF-2A13F2DCE63F}_is1) (Version: 8.1.0.0 - Auslogics Labs Pty Ltd)
    Auslogics Registry Cleaner (HKLM-x32\...\{8D8024F1-2945-49A5-9B78-5AB7B11D7942}_is1) (Version: 5.1.0.0 - Auslogics Labs Pty Ltd)
    AVG Zen (Version: 1.21.6 - AVG Technologies) Hidden
    Canon MP Navigator EX 2.1 (HKLM-x32\...\MP Navigator EX 2.1) (Version: - )
    CCleaner (HKLM\...\CCleaner) (Version: 5.11 - Piriform)
    D3DX10 (x32 Version: 15.4.2368.0902 - Microsoft) Hidden
    FMW 1 (Version: 1.22.2 - AVG Technologies) Hidden
    Google Earth (HKLM-x32\...\{817750FA-EC6A-485D-9901-0683AE6FFDF1}) (Version: 7.1.5.1557 - Google)
    Google Update Helper (x32 Version: 1.3.28.15 - Google Inc.) Hidden
    Java 8 Update 65 (HKLM-x32\...\{26A24AE4-039D-4CA4-87B4-2F83218065F0}) (Version: 8.0.650.17 - Oracle Corporation)
    LastPass (uninstall only) (HKLM-x32\...\LastPass) (Version: - LastPass)
    LibreOffice 4.4.5.2 (HKLM-x32\...\{406EECCC-AF98-4F2C-A99F-FED788F7580C}) (Version: 4.4.5.2 - The Document Foundation)
    Malwarebytes Anti-Malware version 2.2.0.1024 (HKLM-x32\...\Malwarebytes Anti-Malware_is1) (Version: 2.2.0.1024 - Malwarebytes)
    Microsoft SQL Server 2005 Compact Edition [ENU] (HKLM-x32\...\{F0B430D1-B6AA-473D-9B06-AA3DD01FD0B8}) (Version: 3.1.0000 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x64 9.0.30729.6161 (HKLM\...\{5FCE6D76-F5DC-37AB-B2B8-22AB8CEDB1D4}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.21022 (HKLM-x32\...\{FF66E9F6-83E7-3A3E-AF14-8DE9A809A6A4}) (Version: 9.0.21022 - Microsoft Corporation)
    Microsoft Visual C++ 2008 Redistributable - x86 9.0.30729.6161 (HKLM-x32\...\{9BE518E6-ECC6-35A9-88E4-87755C07200F}) (Version: 9.0.30729.6161 - Microsoft Corporation)
    Movie Maker (x32 Version: 16.4.3528.0331 - Microsoft Corporation) Hidden
    MyDriveConnect 4.0.4.2260 (HKLM-x32\...\MyDriveConnect) (Version: 4.0.4.2260 - TomTom)
    NetViewer 2.1.373.0 (HKLM-x32\...\NetViewer) (Version: 2.1.373.0 - )
    RealDownloader (x32 Version: 18.1.0.1233 - RealNetworks, Inc.) Hidden
    RealDownloader (x32 Version: 18.1.0.1243 - RealNetworks) Hidden
    RealNetworks - Microsoft Visual C++ 2008 Runtime (x32 Version: 9.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (Version: 10.0 - RealNetworks, Inc) Hidden
    RealNetworks - Microsoft Visual C++ 2010 Runtime (x32 Version: 10.0 - RealNetworks, Inc) Hidden
    Realtek High Definition Audio Driver (HKLM-x32\...\{F132AF7F-7BCA-4EDE-8A7C-958108FE7DBC}) (Version: 6.0.1.7535 - Realtek Semiconductor Corp.)
    RealTimes (RealPlayer) (HKLM-x32\...\RealPlayer 18.1) (Version: 18.1.0 - RealNetworks)
    RealUpgrade 1.1 (x32 Version: 1.1.0 - RealNetworks, Inc.) Hidden
    Revo Uninstaller Pro 3.1.4 (HKLM\...\{67579783-0FB7-4F7B-B881-E5BE47C9DBE0}_is1) (Version: 3.1.4 - VS Revo Group, Ltd.)
    Samsung Kies3 (HKLM-x32\...\InstallShield_{88547073-C566-4895-9005-EBE98EA3F7C7}) (Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.)
    Samsung Kies3 (x32 Version: 3.2.15072.2 - Samsung Electronics Co., Ltd.) Hidden
    Skype Click to Call (HKLM-x32\...\{6D1221A9-17BF-4EC0-81F2-27D30EC30701}) (Version: 7.5.0.9082 - Microsoft Corporation)
    Skypeâ„¢ 7.13 (HKLM-x32\...\{6A0549A9-1B96-498C-ACBC-3943001FEB19}) (Version: 7.13.101 - Skype Technologies S.A.)
    Smart Switch (HKLM-x32\...\InstallShield_{74FA5314-85C8-4E2A-907D-D9ECCCB770A7}) (Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.)
    Smart Switch (x32 Version: 4.0.15104.7 - Samsung Electronics Co., Ltd.) Hidden
    SpywareBlaster 5.2 (HKLM-x32\...\SpywareBlaster_is1) (Version: 5.2.0 - BrightFort LLC)
    SUPERAntiSpyware (HKLM\...\{CDDCBBF1-2703-46BC-938B-BCC81A1EEAAA}) (Version: 6.0.1206 - SUPERAntiSpyware.com)
    UpdateService (x32 Version: 1.0.0 - RealNetworks, Inc.) Hidden
    Video Downloader (x32 Version: 1.0.0 - RealNetworks) Hidden
    Visual Studio 2012 x64 Redistributables (HKLM\...\{8C775E70-A791-4DA8-BCC3-6AB7136F4484}) (Version: 14.0.0.1 - AVG Technologies)
    Visual Studio 2012 x86 Redistributables (HKLM-x32\...\{98EFF19A-30AB-4E4B-B943-F06B1C63EBF8}) (Version: 14.0.0.1 - AVG Technologies CZ, s.r.o.)
    Visual Studio C++ 10.0 Runtime (HKLM-x32\...\{4412F224-3849-4461-A3E9-DEEF8D252790}) (Version: 10.0.0 - TomTom International B.V.)
    Windows Live Essentials (HKLM-x32\...\WinLiveSuite) (Version: 16.4.3528.0331 - Microsoft Corporation)

    ==================== Custom CLSID (Whitelisted): ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    CustomCLSID: HKU\S-1-5-21-2005715574-247312471-105162307-1001_Classes\CLSID\{71DCE5D6-4B57-496B-AC21-CD5B54EB93FD}\localserver32 -> C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.6201.1019\FileCoAuth.exe (Microsoft Corporation)

    ==================== Restore Points =========================

    07-11-2015 13:32:18 Scheduled Checkpoint
    10-11-2015 11:43:41 Removed AVG

    ==================== Hosts content: ===============================

    (If needed Hosts: directive could be included in the fixlist to reset Hosts.)

    2015-10-15 16:29 - 2015-10-15 16:27 - 00000824 ____A C:\WINDOWS\system32\Drivers\etc\hosts


    ==================== Scheduled Tasks (Whitelisted) =============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    Task: {2740C686-D10F-4C84-8585-E00BD74ABF89} - System32\Tasks\GoogleUpdateTaskMachineCore => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-19] (Google Inc.)
    Task: {59E7C5E0-4072-4C83-9023-4FAC487AC526} - System32\Tasks\{18B40370-4EB3-4AB3-BDFE-242E62AF4C24} => pcalua.exe -a "C:\Program Files (x86)\Windows Live\Installer\wlarp.exe "
    Task: {6DC3BDF6-D851-4F79-A04E-121C8EAA95B8} - System32\Tasks\RealDownloader Update Check => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [2015-09-16] ()
    Task: {83D8F1DA-8D48-4A8E-8757-90108821AD00} - System32\Tasks\{7BFB9711-4FF6-491E-AF83-60763B60F811} => pcalua.exe -a C:\Users\bigalx58\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe -d C:\Users\bigalx58\Downloads
    Task: {965CF55D-C9EE-4165-8CE2-F1425927248B} - System32\Tasks\Auslogics\BoostSpeed\Scan and Repair => Rundll32.exe TaskSchedulerHelper.dll,RunTask "BoostSpeed.exe" "-UseTray -Schedule "
    Task: {9F827A16-0A63-4EA3-B36F-6A8A3CC1BD5E} - System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2005715574-247312471-105162307-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-09-16] (RealNetworks, Inc.)
    Task: {A251005B-684A-4FCB-AA37-12D026C878A1} - System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2005715574-247312471-105162307-1001 => C:\Program Files (x86)\RealNetworks\RealDownloader\RealUpgrade.exe [2015-09-16] (RealNetworks, Inc.)
    Task: {AB1A0A91-2D87-452B-8676-BE6F1A37546C} - System32\Tasks\CCleanerSkipUAC => C:\Program Files\CCleaner\CCleaner.exe [2015-10-19] (Piriform Ltd)
    Task: {D8D06428-F949-4EB3-A5C8-C10CDAD8CF63} - System32\Tasks\GoogleUpdateTaskMachineUA => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe [2015-10-19] (Google Inc.)
    Task: {F13E5B9F-FE62-47E6-AA89-6F294BCAB8A3} - System32\Tasks\Microsoft\Windows\RemovalTools\MRT_HB => C:\WINDOWS\system32\MRT.exe [2015-11-10] (Microsoft Corporation)

    (If an entry is included in the fixlist, the task (.job) file will be moved. The file which is running by the task will not be moved.)

    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe
    Task: C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job => C:\Program Files (x86)\Google\Update\GoogleUpdate.exe

    ==================== Loaded Modules (Whitelisted) ==============

    2015-08-05 17:40 - 2015-08-05 17:40 - 00032768 _____ () C:\WINDOWS\SYSTEM32\licensemanagerapi.dll
    2015-10-15 12:57 - 2015-07-22 20:10 - 00116552 _____ () C:\Program Files\NVIDIA Corporation\Display\NvSmartMax64.dll
    2015-08-18 17:10 - 2015-08-11 04:13 - 00413184 _____ () C:\WINDOWS\System32\diagtrack_win.dll
    2015-09-16 17:26 - 2015-09-16 17:26 - 00033088 _____ () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    2015-10-01 07:48 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\system32\CoreUIComponents.dll
    2015-10-01 07:48 - 2015-09-17 01:48 - 02494712 _____ () C:\WINDOWS\System32\CoreUIComponents.dll
    2015-10-01 07:48 - 2015-09-17 00:43 - 02028544 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesService.dll
    2015-10-01 07:47 - 2015-09-17 00:42 - 00471040 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Core.dll
    2015-10-01 07:47 - 2015-09-17 00:42 - 00619008 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\SignalsManager.dll
    2015-10-01 07:48 - 2015-09-17 00:43 - 00928768 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RulesBackgroundTasks.dll
    2015-10-01 07:47 - 2015-09-17 00:42 - 01808384 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.BackgroundTask.dll
    2015-10-01 07:47 - 2015-09-17 00:48 - 00429056 _____ () C:\Windows\SystemApps\ShellExperienceHost_cw5n1h2txyewy\QuickActions.dll
    2015-10-01 07:48 - 2015-09-17 00:44 - 06569472 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\CortanaApi.dll
    2015-10-01 07:48 - 2015-09-17 00:49 - 00884736 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\Cortana.Actions.dll
    2015-10-01 07:48 - 2015-09-17 00:43 - 02274816 _____ () C:\WINDOWS\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersUI.dll
    2015-08-18 17:10 - 2015-08-11 04:10 - 00293376 _____ () C:\WINDOWS\SYSTEM32\textinputframework.dll
    2015-11-05 12:31 - 2015-11-05 12:31 - 08717824 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.21.12.0_x64__8wekyb3d8bbwe\WinStore.Entertainment.Mobile.dll
    2015-11-05 12:31 - 2015-11-05 12:31 - 02371072 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.21.12.0_x64__8wekyb3d8bbwe\MS.Entertainment.Common.Mobile.dll
    2015-10-16 07:38 - 2015-10-16 07:39 - 00012288 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1509.17010.0_x64__8wekyb3d8bbwe\CompanionApp.exe
    2015-10-16 07:38 - 2015-10-16 07:39 - 05732864 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1509.17010.0_x64__8wekyb3d8bbwe\CompanionApp.dll
    2015-10-16 07:38 - 2015-10-16 07:39 - 00628736 _____ () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1509.17010.0_x64__8wekyb3d8bbwe\CompanionAppDeviceManager.dll
    2015-09-16 15:31 - 2015-09-16 15:31 - 00598800 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
    2015-09-16 17:26 - 2015-09-16 17:26 - 00037720 _____ () C:\Program Files (x86)\Real\UpdateService\DL2UpdatePlugin.dll
    2015-09-16 17:26 - 2015-09-16 17:26 - 00039768 _____ () C:\Program Files (x86)\Real\UpdateService\RealDownloaderUpdatePlugin.dll
    2015-09-16 17:26 - 2015-09-16 17:26 - 00037728 _____ () C:\Program Files (x86)\Real\UpdateService\VideoDLUpdatePlugin.dll
    2015-09-16 15:22 - 2015-09-16 15:22 - 01382048 _____ () C:\Program Files (x86)\RealNetworks\RealDownloader\cpprest100_1_2.dll
    2015-10-29 20:26 - 2015-10-29 20:26 - 00653096 _____ () C:\Program Files (x86)\Real\RealPlayer\RPDS\Lib\r1api.dll

    ==================== Alternate Data Streams (Whitelisted) =========

    (If an entry is included in the fixlist, only the ADS will be removed.)

    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34

    ==================== Safe Mode (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The "AlternateShell" will be restored.)


    ==================== EXE Association (Whitelisted) ===============

    (If an entry is included in the fixlist, the registry item will be restored to default or removed.)


    ==================== Internet Explorer trusted/restricted ===============

    (If an entry is included in the fixlist, it will be removed from the registry.)

    IE trusted site: HKU\.DEFAULT\...\localhost -> localhost
    IE trusted site: HKU\.DEFAULT\...\webcompanion.com -> hxxp://webcompanion.com
    IE trusted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\localhost -> localhost
    IE trusted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\webcompanion.com -> hxxp://webcompanion.com
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\008i.com -> 008i.com
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\008k.com -> 008k.com
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\00hq.com -> 00hq.com
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\0190-dialers.com -> 0190-dialers.com
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\01i.info -> 01i.info
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\02pmnzy5eo29bfk4.com -> 02pmnzy5eo29bfk4.com
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\0411dd.com -> 0411dd.com
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\0511zfhl.com -> 0511zfhl.com
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\05p.com -> 05p.com
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\0632qyw.com -> 0632qyw.com
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\07ic5do2myz3vzpk.com -> 07ic5do2myz3vzpk.com
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\08nigbmwk43i01y6.com -> 08nigbmwk43i01y6.com
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\093qpeuqpmz6ebfa.com -> 093qpeuqpmz6ebfa.com
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\0calories.net -> 0calories.net
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\0cj.net -> 0cj.net
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\0scan.com -> 0scan.com
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\1-britney-spears-nude.com -> 1-britney-spears-nude.com
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\1-domains-registrations.com -> 1-domains-registrations.com
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\1-se.com -> 1-se.com
    IE restricted site: HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\1001movie.com -> 1001movie.com

    There are 6091 more sites.


    ==================== Other Areas ============================

    (Currently there is no automatic fix for this section.)

    HKU\S-1-5-21-2005715574-247312471-105162307-1001\Control Panel\Desktop\\Wallpaper -> C:\Users\bigalx58\My Family Pictures\50th dinner anniver\DSCF1292.JPG
    DNS Servers: 192.168.2.1
    HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\System => (ConsentPromptBehaviorAdmin: 5) (ConsentPromptBehaviorUser: 3) (EnableLUA: 1)
    Windows Firewall is enabled.

    ==================== MSCONFIG/TASK MANAGER disabled items ==

    (Currently there is no automatic fix for this section.)

    HKLM\...\StartupApproved\StartupFolder: => "RealTimes.lnk "
    HKLM\...\StartupApproved\Run: => "AdAwareTray "
    HKLM\...\StartupApproved\Run32: => "RealDownloader "
    HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\StartupApproved\Run: => "Web Companion "
    HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\StartupApproved\Run: => "Skype "
    HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\StartupApproved\Run: => "CCleaner Monitoring "
    HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\StartupApproved\Run: => "SUPERAntiSpyware "
    HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\StartupApproved\Run: => "Uninstall C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64 "

    ==================== FirewallRules (Whitelisted) ===============

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    FirewallRules: [vm-monitoring-nb-session] => (Allow) LPort=139
    FirewallRules: [{288D88A2-7B02-41DC-9FFE-CA1F2936D815}] => (Allow) C:\Program Files (x86)\Skype\Phone\Skype.exe
    FirewallRules: [{3E313FC4-915F-465F-B5FB-D6651678A763}] => (Allow) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    FirewallRules: [{2B740357-9344-4E80-A5C0-485CCC050D8E}] => (Allow) C:\Program Files (x86)\Windows Live\Contacts\wlcomm.exe
    FirewallRules: [{3314F6BD-80EA-4AC6-8F88-A63F13D67E6D}] => (Allow) LPort=2869
    FirewallRules: [{1082D69F-4EE6-40B4-9BBE-544EF0467C1C}] => (Allow) LPort=1900

    ==================== Faulty Device Manager Devices =============


    ==================== Event log errors: =========================

    Application errors:
    ==================
    Error: (11/11/2015 09:35:05 PM) (Source: Microsoft-Windows-Immersive-Shell) (EventID: 5973) (User: BIGALX58-PC)
    Description: Activation of app Microsoft.People_8wekyb3d8bbwe!x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x failed with error: -2147023728 See the Microsoft-Windows-TWinUI/Operational log for additional information.

    Error: (11/11/2015 05:17:41 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (3652) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (11/11/2015 05:17:41 PM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (3652) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (11/11/2015 05:17:31 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (3652) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (11/11/2015 05:17:31 PM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (3652) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (11/11/2015 05:17:21 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (3652) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (11/11/2015 05:17:21 PM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (3652) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (11/11/2015 05:17:10 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (3652) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.

    Error: (11/11/2015 05:17:10 PM) (Source: ESENT) (EventID: 488) (User: )
    Description: SettingSyncHost (3652) An attempt to create the file "C:\WINDOWS\system32\edbtmp.log" failed with system error 5 (0x00000005): "Access is denied. ". The create file operation will fail with error -1032 (0xfffffbf8).

    Error: (11/11/2015 05:17:00 PM) (Source: ESENT) (EventID: 413) (User: )
    Description: SettingSyncHost (3652) Unable to create a new logfile because the database cannot write to the log drive. The drive may be read-only, out of disk space, misconfigured, or corrupted. Error -1032.


    System errors:
    =============
    Error: (11/11/2015 09:35:05 PM) (Source: DCOM) (EventID: 10001) (User: BIGALX58-PC)
    Description: "C:\WINDOWS\system32\backgroundTaskHost.exe" -ServerName:x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppX368sbpk1kx658x0p332evjk2v0y02kxp.mca1168x4c7a3b7dy2188y46d4ya362y19ac5a5805e5x.AppXv1pa150fssxfwf8qn0j65z3gp1qhwkcs.mcaUnavailableUnavailable

    Error: (11/11/2015 05:42:43 PM) (Source: Microsoft-Windows-Kernel-Power) (EventID: 137) (User: )
    Description: 4

    Error: (11/11/2015 05:26:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Windows Camera.

    Error: (11/11/2015 05:26:48 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Windows Camera.

    Error: (11/11/2015 05:26:43 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Movies & TV.

    Error: (11/11/2015 05:26:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: Microsoft People.

    Error: (11/11/2015 05:26:38 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Microsoft People.

    Error: (11/11/2015 05:26:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070003: Windows Maps.

    Error: (11/11/2015 05:26:31 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80073cf9: OneNote.

    Error: (11/11/2015 05:26:26 PM) (Source: Microsoft-Windows-WindowsUpdateClient) (EventID: 20) (User: NT AUTHORITY)
    Description: Installation Failure: Windows failed to install the following update with error 0x80070003: OneNote.


    ==================== Memory info ===========================

    Processor: Intel(R) Core(TM) i5-2300 CPU @ 2.80GHz
    Percentage of memory in use: 28%
    Total physical RAM: 6126.04 MB
    Available physical RAM: 4372.55 MB
    Total Virtual: 7150.04 MB
    Available Virtual: 5153.68 MB

    ==================== Drives ================================

    Drive c: (Gateway) (Fixed) (Total:915.41 GB) (Free:855.1 GB) NTFS

    ==================== MBR & Partition Table ==================

    ========================================================
    Disk: 0 (MBR Code: Windows 7 or 8) (Size: 931.5 GB) (Disk ID: 11A30115)
    Partition 1: (Not Active) - (Size=16 GB) - (Type=27)
    Partition 2: (Active) - (Size=100 MB) - (Type=07 NTFS)
    Partition 3: (Not Active) - (Size=915.4 GB) - (Type=07 NTFS)

    ==================== End of Addition.txt ============================
     
    Bigalx58,
    #21
  2. 2015/11/11
    Bigalx58

    Bigalx58 Well-Known Member Thread Starter

    Joined:
    2006/05/29
    Messages:
    205
    Likes Received:
    1
    Scan result of Farbar Recovery Scan Tool (FRST) (x64) Version:07-11-2015
    Ran by bigalx58 (administrator) on BIGALX58-PC (11-11-2015 21:43:31)
    Running from C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCache\IE\N1L0MK86
    Loaded Profiles: bigalx58 (Available Profiles: bigalx58 & Administrator)
    Platform: Windows 10 Home (X64) Language: English (United States)
    Internet Explorer Version 11 (Default browser: Edge)
    Boot Mode: Normal
    Tutorial for Farbar Recovery Scan Tool: http://www.geekstogo.com/forum/topic/335081-frst-tutorial-how-to-use-farbar-recovery-scan-tool/

    ==================== Processes (Whitelisted) =================

    (If an entry is included in the fixlist, the process will be closed. The file will not be moved.)

    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (NVIDIA Corporation) C:\Program Files\NVIDIA Corporation\Display\nvxdsync.exe
    (NVIDIA Corporation) C:\Windows\System32\nvvsvc.exe
    (SUPERAntiSpyware.com) C:\Program Files\SUPERAntiSpyware\SASCore64.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe
    (Microsoft Corporation) C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MsMpEng.exe
    () C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\NisSrv.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\RemindersServer.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler.exe
    (Microsoft Corporation) C:\Windows\System32\Speech_OneCore\Common\SpeechRuntime.exe
    (Google Inc.) C:\Program Files (x86)\Google\Update\1.3.28.15\GoogleCrashHandler64.exe
    (Realtek Semiconductor) C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe
    (RealNetworks, Inc.) C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe
    (Oracle Corporation) C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe
    (Microsoft Corporation) C:\Windows\System32\SettingSyncHost.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6310.42251.0_x64__8wekyb3d8bbwe\HxMail.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\microsoft.windowscommunicationsapps_17.6310.42251.0_x64__8wekyb3d8bbwe\HxTsr.exe
    (Microsoft Corporation) C:\Program Files\WindowsApps\Microsoft.WindowsStore_2015.21.12.0_x64__8wekyb3d8bbwe\WinStore.Mobile.exe
    (Microsoft Corporation) C:\Windows\System32\InstallAgent.exe
    () C:\Program Files\WindowsApps\Microsoft.WindowsPhone_10.1509.17010.0_x64__8wekyb3d8bbwe\CompanionApp.exe
    () C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe
    (Microsoft Corporation) C:\Program Files\Internet Explorer\iexplore.exe
    (Microsoft Corporation) C:\Windows\SystemApps\Microsoft.Windows.Cortana_cw5n1h2txyewy\ActionUriServer.exe
    (LastPass) C:\Users\bigalx58\AppData\LocalLow\LastPass\LastPassBroker.exe
    (Adobe Systems Incorporated) C:\Windows\System32\Macromed\Flash\FlashUtil_ActiveX.exe
    (Microsoft Corporation) C:\Program Files\Windows Defender\MpCmdRun.exe
    (Microsoft Corporation) C:\Windows\System32\pcalua.exe
    (Microsoft Corporation) C:\Windows\System32\consent.exe


    ==================== Registry (Whitelisted) ===========================

    (If an entry is included in the fixlist, the registry item will be restored to default or removed. The file will not be moved.)

    HKLM\...\Run: [RTHDVCPL] => C:\Program Files\Realtek\Audio\HDA\RAVCpl64.exe [13885696 2015-06-24] (Realtek Semiconductor)
    HKLM-x32\...\Run: [TkBellExe] => C:\Program Files (x86)\Real\RealPlayer\Update\realsched.exe [286984 2015-10-29] (RealNetworks, Inc.)
    HKLM-x32\...\Run: [RealDownloader] => C:\Program Files (x86)\RealNetworks\RealDownloader\downloader2.exe [598800 2015-09-16] ()
    HKLM-x32\...\Run: [SunJavaUpdateSched] => C:\Program Files (x86)\Common Files\Java\Java Update\jusched.exe [597040 2015-10-06] (Oracle Corporation)
    HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\Run: [CCleaner Monitoring] => C:\Program Files\CCleaner\CCleaner64.exe [8551848 2015-10-19] (Piriform Ltd)
    HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\Run: [SUPERAntiSpyware] => C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe [7935904 2015-10-29] (SUPERAntiSpyware)
    HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\Run: [Skype] => C:\Program Files (x86)\Skype\Phone\Skype.exe [48138880 2015-10-14] (Skype Technologies S.A.)
    HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\RunOnce: [Uninstall C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.5892.0626\amd64 "
    HKU\S-1-5-21-2005715574-247312471-105162307-1001\...\RunOnce: [Uninstall C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64] => C:\WINDOWS\system32\cmd.exe /q /c rmdir /s /q "C:\Users\bigalx58\AppData\Local\Microsoft\OneDrive\17.3.5951.0827\amd64 "
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\Install LastPass IE RunOnce.lnk [2015-11-09]
    ShortcutTarget: Install LastPass IE RunOnce.lnk -> C:\Program Files (x86)\Common Files\lpuninstall.exe (LastPass)
    Startup: C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Startup\RealTimes.lnk [2015-10-29]
    ShortcutTarget: RealTimes.lnk -> C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpsystray.exe (RealNetworks, Inc.)
    GroupPolicy: Restriction - Chrome <======= ATTENTION

    ==================== Internet (Whitelisted) ====================

    (If an item is included in the fixlist, if it is a registry item it will be removed or restored to default.)

    Tcpip\Parameters: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{4a608703-3c58-4f17-83d0-bd9f4b541882}: [DhcpNameServer] 192.168.2.1
    Tcpip\..\Interfaces\{68060fb7-c15e-40b7-8d50-9f0fda80ce62}: [DhcpNameServer] 192.168.2.1

    Internet Explorer:
    ==================
    HKU\S-1-5-21-2005715574-247312471-105162307-1001\Software\Microsoft\Internet Explorer\Main,Start Page =
    BHO: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin64.dll [2015-09-16] (RealDownloader)
    BHO: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-11-09] (LastPass)
    BHO: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
    BHO-x32: RealNetworks Download and Record Plugin for Internet Explorer -> {3049C3E9-B461-4BC5-8870-4C09146192CA} -> C:\Program Files (x86)\RealNetworks\RealDownloader\BrowserPlugins\IE\rndlbrowserrecordplugin.dll [2015-09-16] (RealDownloader)
    BHO-x32: Java(tm) Plug-In SSV Helper -> {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\ssv.dll [2015-11-06] (Oracle Corporation)
    BHO-x32: LastPass Vault -> {95D9ECF5-2A4D-4550-BE49-70D42F71296E} -> C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-11-09] (LastPass)
    BHO-x32: Skype Click to Call for Internet Explorer -> {AE805869-2E5C-4ED4-8F7B-F1F7851A4497} -> C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)
    BHO-x32: Java(tm) Plug-In 2 SSV Helper -> {DBC80044-A445-435b-BC74-9C25C1C588A9} -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\jp2ssv.dll [2015-11-06] (Oracle Corporation)
    Toolbar: HKLM - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar_x64.dll [2015-11-09] (LastPass)
    Toolbar: HKLM-x32 - LastPass Toolbar - {9f6b5cc3-5c7b-4b5c-97af-19dec1e380e5} - C:\Program Files (x86)\LastPass\LPToolbar.dll [2015-11-09] (LastPass)
    Handler: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer x64\skypeieplugin.dll [2015-10-12] (Microsoft Corporation)
    Handler-x32: skypec2c - {91774881-D725-4E58-B298-07617B9B86A8} - C:\Program Files (x86)\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll [2015-10-12] (Microsoft Corporation)

    FireFox:
    ========
    FF Plugin: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-11-09] (LastPass)
    FF Plugin-x32: @Google.com/GoogleEarthPlugin -> C:\Program Files (x86)\Google\Google Earth\plugin\npgeplugin.dll [2015-05-20] (Google)
    FF Plugin-x32: @java.com/DTPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\dtplugin\npDeployJava1.dll [2015-11-06] (Oracle Corporation)
    FF Plugin-x32: @java.com/JavaPlugin,version=11.65.2 -> C:\Program Files (x86)\Java\jre1.8.0_65\bin\plugin2\npjp2.dll [2015-11-06] (Oracle Corporation)
    FF Plugin-x32: @lastpass.com/NPLastPass -> C:\Program Files (x86)\LastPass\nplastpass64.dll [2015-11-09] (LastPass)
    FF Plugin-x32: @microsoft.com/WLPG,version=16.4.3528.0331 -> C:\Program Files (x86)\Windows Live\Photo Gallery\NPWLPG.dll [2014-03-31] (Microsoft Corporation)
    FF Plugin-x32: @real.com/nppl3260;version=18.1.0.1236 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nppl3260.dll [2015-10-29] (RealNetworks, Inc.)
    FF Plugin-x32: @real.com/nprpplugin;version=18.1.0.1236 -> C:\Program Files (x86)\Real\RealPlayer\Netscape6\nprpplugin.dll [2015-10-29] (RealTimes)
    FF Plugin-x32: @tools.google.com/Google Update;version=3 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-19] (Google Inc.)
    FF Plugin-x32: @tools.google.com/Google Update;version=9 -> C:\Program Files (x86)\Google\Update\1.3.28.15\npGoogleUpdate3.dll [2015-10-19] (Google Inc.)

    ==================== Services (Whitelisted) ========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    R2 !SASCORE; C:\Program Files\SUPERAntiSpyware\SASCORE64.EXE [172344 2014-07-22] (SUPERAntiSpyware.com)
    R2 c2cautoupdatesvc; C:\Program Files (x86)\Skype\Toolbars\AutoUpdate\SkypeC2CAutoUpdateSvc.exe [1433216 2015-10-12] (Microsoft Corporation)
    R2 c2cpnrsvc; C:\Program Files (x86)\Skype\Toolbars\PNRSvc\SkypeC2CPNRSvc.exe [1773696 2015-10-12] (Microsoft Corporation)
    S2 MBAMService; C:\Program Files (x86)\Malwarebytes Anti-Malware\mbamservice.exe [1135416 2015-10-05] (Malwarebytes)
    R2 RealPlayerUpdateSvc; C:\Program Files (x86)\Real\UpdateService\RealPlayerUpdateSvc.exe [33088 2015-09-16] ()
    R2 RealTimes Desktop Service; C:\Program Files (x86)\Real\RealPlayer\RPDS\Bin\rpdsvc.exe [1103656 2015-10-29] (RealNetworks, Inc.)
    R3 WdNisSvc; C:\Program Files\Windows Defender\NisSrv.exe [362928 2015-07-10] (Microsoft Corporation)
    R2 WinDefend; C:\Program Files\Windows Defender\MsMpEng.exe [24864 2015-07-10] (Microsoft Corporation)

    ===================== Drivers (Whitelisted) ==========================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)

    S3 a016bus; C:\Windows\System32\drivers\a016bus.sys [109096 2008-01-18] (MCCI Corporation)
    S3 a016mgmt; C:\Windows\System32\drivers\a016mgmt.sys [130600 2008-01-18] (MCCI Corporation)
    S3 a016obex; C:\Windows\System32\drivers\a016obex.sys [125480 2008-01-18] (MCCI Corporation)
    R3 e1cexpress; C:\Windows\system32\DRIVERS\e1c63x64.sys [498032 2012-07-15] (Intel Corporation)
    R3 MBAMProtector; C:\WINDOWS\system32\drivers\mbam.sys [25816 2015-10-05] (Malwarebytes)
    S3 MBAMWebAccessControl; C:\WINDOWS\system32\drivers\mwac.sys [64216 2015-10-05] (Malwarebytes Corporation)
    R3 netr28x; C:\Windows\System32\drivers\netr28x.sys [2512016 2015-07-10] (MediaTek Inc.)
    S3 NvStUSB; C:\Windows\System32\drivers\nvstusb.sys [70248 2010-07-09] ()
    S3 s0016bus; C:\Windows\System32\drivers\s0016bus.sys [115240 2008-05-16] (MCCI Corporation)
    S3 s0016mgmt; C:\Windows\System32\drivers\s0016mgmt.sys [137256 2008-05-16] (MCCI Corporation)
    S3 s0016obex; C:\Windows\System32\drivers\s0016obex.sys [136744 2008-05-16] (MCCI Corporation)
    S3 s0016unic; C:\Windows\System32\drivers\s0016unic.sys [151592 2008-05-16] (MCCI Corporation)
    S3 s0017bus; C:\Windows\System32\drivers\s0017bus.sys [113704 2008-10-21] (MCCI Corporation)
    S3 s0017mgmt; C:\Windows\System32\drivers\s0017mgmt.sys [133160 2008-10-21] (MCCI Corporation)
    S3 s0017obex; C:\Windows\System32\drivers\s0017obex.sys [128552 2008-10-21] (MCCI Corporation)
    S3 s0017unic; C:\Windows\System32\drivers\s0017unic.sys [145960 2008-10-21] (MCCI Corporation)
    S3 s1018bus; C:\Windows\System32\drivers\s1018bus.sys [113704 2009-03-25] (MCCI Corporation)
    S3 s1018mgmt; C:\Windows\System32\drivers\s1018mgmt.sys [133160 2009-03-25] (MCCI Corporation)
    S3 s1018obex; C:\Windows\System32\drivers\s1018obex.sys [128552 2009-03-25] (MCCI Corporation)
    S3 s1018unic; C:\Windows\System32\drivers\s1018unic.sys [146472 2009-03-25] (MCCI Corporation)
    S3 s1029bus; C:\Windows\System32\drivers\s1029bus.sys [116264 2009-05-25] (MCCI Corporation)
    S3 s1029mgmt; C:\Windows\System32\drivers\s1029mgmt.sys [139304 2009-05-25] (MCCI Corporation)
    S3 s1029obex; C:\Windows\System32\drivers\s1029obex.sys [135208 2009-05-25] (MCCI Corporation)
    S3 s1029unic; C:\Windows\System32\drivers\s1029unic.sys [151592 2009-05-25] (MCCI Corporation)
    S3 s1039bus; C:\Windows\System32\drivers\s1039bus.sys [127600 2010-03-15] (MCCI Corporation)
    S3 s1039mgmt; C:\Windows\System32\drivers\s1039mgmt.sys [141424 2010-03-15] (MCCI Corporation)
    S3 s1039obex; C:\Windows\System32\drivers\s1039obex.sys [137328 2010-03-15] (MCCI Corporation)
    S3 s1039unic; C:\Windows\System32\drivers\s1039unic.sys [158320 2010-03-15] (MCCI Corporation)
    S3 s916bus; C:\Windows\System32\drivers\s916bus.sys [108072 2007-11-02] (MCCI Corporation)
    S3 s916mgmt; C:\Windows\System32\drivers\s916mgmt.sys [130088 2007-11-02] (MCCI Corporation)
    S3 s916obex; C:\Windows\System32\drivers\s916obex.sys [124968 2007-11-02] (MCCI Corporation)
    R1 SASDIFSV; C:\Program Files\SUPERAntiSpyware\SASDIFSV64.SYS [14928 2011-07-22] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    R1 SASKUTIL; C:\Program Files\SUPERAntiSpyware\SASKUTIL64.SYS [12368 2011-07-12] (SUPERAdBlocker.com and SUPERAntiSpyware.com)
    S3 se3ebus; C:\Windows\System32\drivers\se3ebus.sys [107784 2007-04-10] (MCCI Corporation)
    S3 se3emgmt; C:\Windows\System32\drivers\se3emgmt.sys [126216 2007-04-10] (MCCI Corporation)
    S3 se3eobex; C:\Windows\System32\drivers\se3eobex.sys [123144 2007-04-10] (MCCI Corporation)
    U3 TrueSight; C:\Windows\System32\drivers\TrueSight.sys [35064 2015-11-11] ()
    S3 UdeCx; C:\Windows\System32\drivers\udecx.sys [44032 2015-07-10] ()
    S3 usbbus; C:\Windows\System32\drivers\lgx64bus.sys [17920 2008-11-11] (LG Electronics Inc.)
    S3 UsbDiag; C:\Windows\System32\drivers\lgx64diag.sys [27136 2008-11-11] (LG Electronics Inc.)
    S3 UsbGps; C:\Windows\System32\drivers\lgx64gps.sys [27136 2008-11-11] (LG Electronics Inc.)
    S0 WdBoot; C:\Windows\System32\drivers\WdBoot.sys [44568 2015-07-10] (Microsoft Corporation)
    R0 WdFilter; C:\Windows\System32\drivers\WdFilter.sys [291680 2015-07-10] (Microsoft Corporation)
    R2 WdNisDrv; C:\Windows\System32\Drivers\WdNisDrv.sys [119648 2015-07-10] (Microsoft Corporation)
    S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
    S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]

    ==================== NetSvcs (Whitelisted) ===================

    (If an entry is included in the fixlist, it will be removed from the registry. The file will not be moved unless listed separately.)


    ==================== One Month Created files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-11 21:42 - 2015-11-11 21:42 - 00003376 _____ C:\WINDOWS\System32\Tasks\{55A73A79-9BE0-4910-8EFB-EF443B1BFF00}
    2015-11-11 21:35 - 2015-11-11 21:35 - 00016148 _____ C:\WINDOWS\system32\BIGALX58-PC_bigalx58_HistoryPrediction.bin
    2015-11-11 17:12 - 2015-11-11 17:12 - 00000275 _____ C:\WINDOWS\WindowsUpdate.log
    2015-11-11 11:15 - 2015-11-11 11:15 - 00035440 _____ C:\Users\bigalx58\Documents\cc_20151111_111504.reg
    2015-11-11 09:29 - 2015-11-11 09:29 - 00000000 ___HD C:\OneDriveTemp
    2015-11-10 21:16 - 2015-11-11 11:14 - 00000000 ____D C:\Users\bigalx58\AppData\Local\CrashDumps
    2015-11-10 20:44 - 2015-11-11 08:53 - 00035064 _____ C:\WINDOWS\system32\Drivers\TrueSight.sys
    2015-11-10 20:44 - 2015-11-10 20:59 - 00000000 ____D C:\ProgramData\RogueKiller
    2015-11-10 13:32 - 2015-11-05 00:15 - 08020832 _____ (Microsoft Corporation) C:\WINDOWS\system32\ntoskrnl.exe
    2015-11-10 13:32 - 2015-11-05 00:15 - 00541024 _____ (Microsoft Corporation) C:\WINDOWS\system32\mcupdate_GenuineIntel.dll
    2015-11-10 13:32 - 2015-11-05 00:14 - 00459104 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\netio.sys
    2015-11-10 13:32 - 2015-11-05 00:13 - 00577888 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\afd.sys
    2015-11-10 13:32 - 2015-11-05 00:11 - 01392480 _____ (Microsoft Corporation) C:\WINDOWS\system32\LicenseManager.dll
    2015-11-10 13:32 - 2015-11-05 00:06 - 03621248 _____ (Microsoft Corporation) C:\WINDOWS\system32\iertutil.dll
    2015-11-10 13:32 - 2015-11-05 00:06 - 00966416 _____ (Microsoft Corporation) C:\WINDOWS\system32\twinapi.appcore.dll
    2015-11-10 13:32 - 2015-11-05 00:01 - 00607408 _____ (Microsoft Corporation) C:\WINDOWS\system32\fontdrvhost.exe
    2015-11-10 13:32 - 2015-11-04 23:56 - 01083072 _____ (Microsoft Corporation) C:\WINDOWS\system32\appraiser.dll
    2015-11-10 13:32 - 2015-11-04 23:56 - 00116064 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\tdx.sys
    2015-11-10 13:32 - 2015-11-04 23:56 - 00025280 _____ (Microsoft Corporation) C:\WINDOWS\system32\CompatTelRunner.exe
    2015-11-10 13:32 - 2015-11-04 23:30 - 00961376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\LicenseManager.dll
    2015-11-10 13:32 - 2015-11-04 23:24 - 02878512 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\iertutil.dll
    2015-11-10 13:32 - 2015-11-04 23:23 - 00762888 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\twinapi.appcore.dll
    2015-11-10 13:32 - 2015-11-04 23:23 - 00076800 _____ (Microsoft Corporation) C:\WINDOWS\system32\browserbroker.dll
    2015-11-10 13:32 - 2015-11-04 23:20 - 21873664 _____ (Microsoft Corporation) C:\WINDOWS\system32\edgehtml.dll
    2015-11-10 13:32 - 2015-11-04 23:18 - 24597504 _____ (Microsoft Corporation) C:\WINDOWS\system32\mshtml.dll
    2015-11-10 13:32 - 2015-11-04 23:18 - 03248128 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Media.dll
    2015-11-10 13:32 - 2015-11-04 23:18 - 00539728 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\fontdrvhost.exe
    2015-11-10 13:32 - 2015-11-04 23:17 - 02418688 _____ (Microsoft Corporation) C:\WINDOWS\system32\MFMediaEngine.dll
    2015-11-10 13:32 - 2015-11-04 23:12 - 00515072 _____ (Microsoft Corporation) C:\WINDOWS\system32\internetmail.dll
    2015-11-10 13:32 - 2015-11-04 23:11 - 00333312 _____ (Microsoft Corporation) C:\WINDOWS\system32\MusUpdateHandlers.dll
    2015-11-10 13:32 - 2015-11-04 23:10 - 12504064 _____ (Microsoft Corporation) C:\WINDOWS\system32\ieframe.dll
    2015-11-10 13:32 - 2015-11-04 23:10 - 02987520 _____ (Microsoft Corporation) C:\WINDOWS\system32\esent.dll
    2015-11-10 13:32 - 2015-11-04 23:07 - 01068032 _____ (Microsoft Corporation) C:\WINDOWS\system32\audiosrv.dll
    2015-11-10 13:32 - 2015-11-04 23:06 - 00453120 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Devices.Usb.dll
    2015-11-10 13:32 - 2015-11-04 23:05 - 01602560 _____ (Microsoft Corporation) C:\WINDOWS\system32\urlmon.dll
    2015-11-10 13:32 - 2015-11-04 23:05 - 00826880 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript.dll
    2015-11-10 13:32 - 2015-11-04 23:03 - 02180608 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentServer.dll
    2015-11-10 13:32 - 2015-11-04 23:03 - 01015808 _____ (Microsoft Corporation) C:\WINDOWS\system32\RDXService.dll
    2015-11-10 13:32 - 2015-11-04 23:01 - 00949760 _____ (Microsoft Corporation) C:\WINDOWS\system32\kerberos.dll
    2015-11-10 13:32 - 2015-11-04 23:01 - 00713216 _____ (Microsoft Corporation) C:\WINDOWS\system32\usermgr.dll
    2015-11-10 13:32 - 2015-11-04 23:01 - 00579072 _____ (Microsoft Corporation) C:\WINDOWS\system32\winlogon.exe
    2015-11-10 13:32 - 2015-11-04 22:59 - 03587072 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kfull.sys
    2015-11-10 13:32 - 2015-11-04 22:59 - 02675200 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.StateRepository.dll
    2015-11-10 13:32 - 2015-11-04 22:58 - 01383936 _____ (Microsoft Corporation) C:\WINDOWS\system32\win32kbase.sys
    2015-11-10 13:32 - 2015-11-04 22:58 - 00627712 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.dll
    2015-11-10 13:32 - 2015-11-04 22:56 - 01795072 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppXDeploymentExtensions.dll
    2015-11-10 13:32 - 2015-11-04 22:55 - 00145408 _____ (Microsoft Corporation) C:\WINDOWS\system32\dssvc.dll
    2015-11-10 13:32 - 2015-11-04 22:54 - 00502272 _____ (Microsoft Corporation) C:\WINDOWS\system32\dlnashext.dll
    2015-11-10 13:32 - 2015-11-04 22:47 - 19326464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\mshtml.dll
    2015-11-10 13:32 - 2015-11-04 22:42 - 02647040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Media.dll
    2015-11-10 13:32 - 2015-11-04 22:40 - 01918976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MFMediaEngine.dll
    2015-11-10 13:32 - 2015-11-04 22:35 - 18803712 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\edgehtml.dll
    2015-11-10 13:32 - 2015-11-04 22:35 - 02639872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\esent.dll
    2015-11-10 13:32 - 2015-11-04 22:34 - 00311296 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Devices.Usb.dll
    2015-11-10 13:32 - 2015-11-04 22:33 - 01380864 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\urlmon.dll
    2015-11-10 13:32 - 2015-11-04 22:33 - 00650240 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript.dll
    2015-11-10 13:32 - 2015-11-04 22:30 - 00767488 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\kerberos.dll
    2015-11-10 13:32 - 2015-11-04 22:28 - 11262976 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ieframe.dll
    2015-11-10 13:32 - 2015-11-04 22:27 - 02049536 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.StateRepository.dll
    2015-11-10 13:32 - 2015-11-04 22:27 - 00464896 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.dll
    2015-11-10 13:32 - 2015-11-04 22:23 - 00441344 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dlnashext.dll
    2015-11-09 19:26 - 2015-11-09 19:26 - 00015761 _____ C:\Users\bigalx58\Documents\Tolls are cash grabs!!.odt
    2015-11-09 19:17 - 2015-11-09 19:17 - 00000000 ____D C:\Program Files (x86)\Mozilla Firefox
    2015-11-06 16:04 - 2015-11-06 16:04 - 00097888 _____ (Oracle Corporation) C:\WINDOWS\SysWOW64\WindowsAccessBridge-32.dll
    2015-11-05 11:30 - 2015-11-05 11:33 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Adobe
    2015-11-04 20:29 - 2015-11-04 20:29 - 14503088 _____ (Auslogics Labs Pty Ltd ) C:\Users\bigalx58\Downloads\boost-speed-setup (2).exe
    2015-11-04 16:32 - 2015-11-04 16:32 - 00000000 ____D C:\Users\bigalx58\Documents\My Weblog Posts
    2015-11-04 16:08 - 2015-11-04 16:08 - 00003454 _____ C:\Users\bigalx58\Documents\cc_20151104_160853.reg
    2015-11-04 12:31 - 2015-11-04 12:31 - 00001454 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Photo Gallery.lnk
    2015-11-04 12:31 - 2015-11-04 12:31 - 00001385 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Movie Maker.lnk
    2015-11-04 12:31 - 2015-11-04 12:31 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Windows Live
    2015-11-04 12:31 - 2015-11-04 12:31 - 00000000 ____D C:\WINDOWS\en
    2015-11-04 12:31 - 2015-11-04 12:31 - 00000000 ____D C:\Program Files (x86)\Microsoft SQL Server Compact Edition
    2015-11-04 12:30 - 2015-11-04 12:31 - 00000000 ____D C:\Program Files (x86)\Windows Live
    2015-11-04 12:30 - 2015-11-04 12:30 - 00000000 ____D C:\WINDOWS\PCHEALTH
    2015-11-04 12:30 - 2010-06-02 04:55 - 00527192 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAudio2_7.dll
    2015-11-04 12:30 - 2010-06-02 04:55 - 00518488 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAudio2_7.dll
    2015-11-04 12:30 - 2010-06-02 04:55 - 00077656 _____ (Microsoft Corporation) C:\WINDOWS\system32\XAPOFX1_5.dll
    2015-11-04 12:30 - 2010-06-02 04:55 - 00074072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\XAPOFX1_5.dll
    2015-11-04 12:30 - 2010-05-26 11:41 - 02526056 _____ (Microsoft Corporation) C:\WINDOWS\system32\D3DCompiler_43.dll
    2015-11-04 12:30 - 2010-05-26 11:41 - 02106216 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\D3DCompiler_43.dll
    2015-11-04 12:30 - 2010-05-26 11:41 - 00276832 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx11_43.dll
    2015-11-04 12:30 - 2010-05-26 11:41 - 00248672 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx11_43.dll
    2015-11-04 12:30 - 2009-09-04 17:29 - 00523088 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx10_42.dll
    2015-11-04 12:30 - 2009-09-04 17:29 - 00453456 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx10_42.dll
    2015-11-04 12:30 - 2006-11-29 13:06 - 04398360 _____ (Microsoft Corporation) C:\WINDOWS\system32\d3dx9_32.dll
    2015-11-04 12:30 - 2006-11-29 13:06 - 03426072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\d3dx9_32.dll
    2015-11-04 12:19 - 2015-11-04 12:19 - 00000000 ____D C:\Users\Default\AppData\Roaming\TuneUp Software
    2015-11-04 12:19 - 2015-11-04 12:19 - 00000000 ____D C:\Users\Default User\AppData\Roaming\TuneUp Software
    2015-11-03 13:20 - 2015-11-08 10:04 - 00000000 ____D C:\ProgramData\TEMP
    2015-11-03 13:20 - 2015-11-08 10:03 - 00000000 ____D C:\Program Files (x86)\SpywareBlaster
    2015-11-03 13:20 - 2015-11-03 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SpywareBlaster
    2015-11-03 13:20 - 2015-11-03 13:20 - 00000000 ____D C:\ProgramData\Licenses
    2015-11-03 13:20 - 2012-05-02 12:17 - 01070152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSCOMCTL.OCX
    2015-11-03 13:20 - 2009-03-24 13:52 - 00129872 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MSSTDFMT.DLL
    2015-11-01 17:15 - 2015-11-01 17:15 - 00002470 _____ C:\WINDOWS\system32\ScanResults.xml
    2015-11-01 17:11 - 2015-11-01 17:11 - 00000464 _____ C:\WINDOWS\system32\ScannerSettings
    2015-11-01 12:20 - 2015-11-01 12:23 - 00000000 ____D C:\WINDOWS\Prey
    2015-11-01 09:23 - 2015-11-01 09:23 - 00000228 _____ C:\ProgramData\RmUserCfg.ini
    2015-11-01 09:22 - 2015-11-01 09:23 - 00000000 ____D C:\Program Files (x86)\NetViewer
    2015-10-31 11:00 - 2015-10-31 11:00 - 00059506 _____ C:\Users\bigalx58\Documents\cc_20151031_120007.reg
    2015-10-31 10:50 - 2015-10-31 10:51 - 06762072 _____ (Piriform Ltd) C:\Users\bigalx58\Downloads\ccsetup511.exe
    2015-10-31 09:27 - 2015-10-31 09:42 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Samsung
    2015-10-31 09:27 - 2015-10-31 09:42 - 00000000 ____D C:\Program Files (x86)\InstallShield Installation Information
    2015-10-31 09:27 - 2015-09-11 10:54 - 00144664 _____ (MAPILab Ltd. & Add-in Express Ltd.) C:\WINDOWS\SysWOW64\secman.dll
    2015-10-30 10:49 - 2015-10-30 10:49 - 00239655 _____ C:\Users\bigalx58\Downloads\recovery-for-windows-live-setup.exe.cmwze17.partial
    2015-10-29 20:27 - 2015-10-29 20:27 - 00003568 _____ C:\WINDOWS\System32\Tasks\RealDownloader Update Check
    2015-10-29 20:27 - 2015-10-29 20:27 - 00003552 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeLogonTaskS-1-5-21-2005715574-247312471-105162307-1001
    2015-10-29 20:27 - 2015-10-29 20:27 - 00001284 _____ C:\Users\Public\Desktop\RealPlayer (RealTimes).lnk
    2015-10-29 20:26 - 2015-10-29 20:27 - 00003616 _____ C:\WINDOWS\System32\Tasks\RealDownloaderRealUpgradeScheduledTaskS-1-5-21-2005715574-247312471-105162307-1001
    2015-10-29 20:26 - 2015-10-29 20:27 - 00000000 ____D C:\Program Files (x86)\Real
    2015-10-29 20:26 - 2015-10-29 20:26 - 00505608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcp71.dll
    2015-10-29 20:26 - 2015-10-29 20:26 - 00354056 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msvcr71.dll
    2015-10-29 20:26 - 2015-10-29 20:26 - 00278792 _____ (Progressive Networks) C:\WINDOWS\SysWOW64\pncrt.dll
    2015-10-29 20:26 - 2015-10-29 20:26 - 00200968 _____ (RealNetworks, Inc.) C:\WINDOWS\SysWOW64\rmoc3260.dll
    2015-10-29 20:26 - 2015-10-29 20:26 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\RealNetworks
    2015-10-29 20:26 - 2015-10-29 20:26 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Real
    2015-10-29 20:26 - 2015-10-29 20:26 - 00000000 ____D C:\ProgramData\RealNetworks
    2015-10-29 20:26 - 2015-10-29 20:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\RealNetworks
    2015-10-29 20:26 - 2015-10-29 20:26 - 00000000 ____D C:\Program Files (x86)\RealNetworks
    2015-10-29 20:25 - 2015-10-29 20:29 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Real
    2015-10-29 20:24 - 2015-10-29 20:27 - 00000000 ____D C:\ProgramData\Real
    2015-10-29 12:38 - 2015-10-29 12:38 - 00003386 _____ C:\WINDOWS\System32\Tasks\{CA23FF5F-CB72-4B9B-8CF8-060B6B2A1CEB}
    2015-10-29 10:43 - 2015-10-29 10:43 - 00000000 ___HD C:\ProgramData\CanonIJScan
    2015-10-29 10:06 - 2015-10-29 10:07 - 01694208 _____ C:\Users\bigalx58\Downloads\adwcleaner_5.015.exe
    2015-10-29 08:09 - 2015-10-29 08:11 - 00000000 ____D C:\Users\TEMP
    2015-10-29 08:09 - 2015-10-29 08:09 - 00000000 ____D C:\Users\TEMP\AppData\Local\TileDataLayer
    2015-10-28 19:03 - 2015-10-28 19:03 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Skype
    2015-10-28 19:02 - 2015-10-28 19:02 - 01503872 _____ (Skype Technologies S.A.) C:\Users\bigalx58\Downloads\SkypeSetup (3).exe
    2015-10-28 18:11 - 2015-10-28 18:11 - 01239752 _____ (Microsoft Corporation) C:\Users\bigalx58\Downloads\wlsetup-web (5).exe
    2015-10-28 18:07 - 2015-10-28 18:07 - 00003272 _____ C:\WINDOWS\System32\Tasks\{18B40370-4EB3-4AB3-BDFE-242E62AF4C24}
    2015-10-28 12:14 - 2015-10-28 12:14 - 00000000 ____D C:\Program Files\Common Files\AV
    2015-10-28 12:11 - 2015-10-28 13:48 - 00000000 ____D C:\Program Files (x86)\Spybot - Search & Destroy 2
    2015-10-28 12:11 - 2015-10-28 12:49 - 00000000 ____D C:\ProgramData\Spybot - Search & Destroy
    2015-10-27 09:10 - 2015-10-27 09:11 - 00018375 _____ C:\Users\bigalx58\Documents\SuperSpyware.odt
    2015-10-26 15:34 - 2015-10-26 15:34 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Trusteer
    2015-10-26 15:34 - 2015-10-26 15:34 - 00000000 ____D C:\Program Files (x86)\Trusteer
    2015-10-26 15:33 - 2015-10-26 15:33 - 00000000 ____D C:\ProgramData\Trusteer
    2015-10-26 12:53 - 2015-10-26 13:02 - 320964525 _____ C:\Users\bigalx58\Downloads\Sea Cruise part 1 (4).mov
    2015-10-26 12:48 - 2015-10-26 13:02 - 320964525 _____ C:\Users\bigalx58\Downloads\Sea Cruise part 1 (3).mov
    2015-10-26 10:05 - 2015-10-26 10:05 - 00000000 ____D C:\ProgramData\Samsung
    2015-10-26 10:00 - 2015-10-26 10:09 - 00000000 ____D C:\Users\bigalx58\Documents\samsung
    2015-10-26 10:00 - 2015-10-26 10:03 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Samsung
    2015-10-26 10:00 - 2015-10-26 10:03 - 00000000 ____D C:\Program Files (x86)\Samsung
    2015-10-26 10:00 - 2015-10-26 10:00 - 00000000 ____D C:\Users\Public\Documents\NativeFus_Log
    2015-10-26 10:00 - 2015-10-26 10:00 - 00000000 ____D C:\Users\bigalx58\Documents\SelfMV
    2015-10-25 13:07 - 2015-10-25 13:07 - 00000000 ____D C:\Users\bigalx58\AppData\Local\LogMeIn
    2015-10-25 13:07 - 2015-10-25 13:07 - 00000000 ____D C:\ProgramData\LogMeIn
    2015-10-25 13:01 - 2015-11-01 09:23 - 00000020 _____ C:\ProgramData\IpAndPort.fig
    2015-10-25 13:00 - 2015-11-01 09:23 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\NetViewer
    2015-10-25 13:00 - 2015-10-28 13:38 - 00000000 ____D C:\Users\bigalx58\Downloads\NetViewer
    2015-10-25 12:59 - 2015-10-25 12:59 - 09345570 _____ C:\Users\bigalx58\Downloads\NetViewer.zip
    2015-10-25 12:43 - 2015-10-25 12:44 - 00000000 ____D C:\Users\bigalx58\AppData\Local\join.me
    2015-10-25 11:33 - 2015-10-28 13:49 - 00000000 ____D C:\Program Files (x86)\AVIGenerator2.0
    2015-10-25 11:24 - 2015-10-25 11:23 - 17714276 ____R C:\Users\bigalx58\Downloads\DVR08C_V111208V111118V111227V120110V120110.sw
    2015-10-24 09:34 - 2015-10-24 09:35 - 13739685 _____ C:\Users\bigalx58\Downloads\Sea Cruise part 1 (2).mov.7yi64pw.partial
    2015-10-24 09:32 - 2015-10-24 09:32 - 14687082 _____ C:\Users\bigalx58\Downloads\Sea Cruise part 1 (1).mov.d58pkae.partial
    2015-10-24 08:50 - 2015-10-24 08:56 - 320964525 _____ C:\Users\bigalx58\Downloads\Sea Cruise part 1.mov
    2015-10-23 17:56 - 2015-10-23 17:56 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Sony Network Entertainment International LLC
    2015-10-23 15:53 - 2015-10-29 20:26 - 00000000 ____D C:\ProgramData\Package Cache
    2015-10-23 15:53 - 2015-10-28 13:38 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Sony
    2015-10-23 15:53 - 2015-10-23 15:53 - 00000000 ____D C:\ProgramData\Sony Corporation
    2015-10-23 15:53 - 2015-10-23 15:53 - 00000000 ____D C:\Program Files (x86)\Sony
    2015-10-23 15:52 - 2015-10-28 13:49 - 00000000 ____D C:\Program Files (x86)\Sony Media Go Install
    2015-10-23 15:52 - 2015-10-23 15:54 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Sony
    2015-10-23 14:58 - 2015-10-23 15:06 - 00014336 _____ C:\Users\bigalx58\Documents\Lion King.odt
    2015-10-23 09:01 - 2015-11-10 08:24 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Windows Live
    2015-10-21 18:32 - 2015-11-06 16:04 - 00000000 ____D C:\ProgramData\Oracle
    2015-10-21 18:32 - 2015-11-06 16:04 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Java
    2015-10-21 18:32 - 2015-11-06 16:04 - 00000000 ____D C:\Program Files (x86)\Java
    2015-10-21 18:32 - 2015-10-21 18:32 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Sun
    2015-10-21 08:04 - 2015-10-21 08:21 - 00017075 _____ C:\Users\bigalx58\Documents\PASSWORDS.odt
    2015-10-20 14:25 - 2015-10-28 13:28 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\LibreOffice
    2015-10-20 14:24 - 2015-10-28 13:50 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LibreOffice 4.4
    2015-10-20 14:12 - 2015-10-28 13:19 - 00000000 ____D C:\Program Files (x86)\LibreOffice 4
    2015-10-20 14:10 - 2015-10-20 14:12 - 224563200 _____ C:\Users\bigalx58\Downloads\LibreOffice_4.4.5_Win_x86.msi
    2015-10-20 13:46 - 2015-10-20 13:47 - 140852175 _____ C:\Users\bigalx58\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US (1).exe
    2015-10-20 13:29 - 2015-10-20 13:29 - 00003374 _____ C:\WINDOWS\System32\Tasks\{7BFB9711-4FF6-491E-AF83-60763B60F811}
    2015-10-20 13:07 - 2015-10-28 13:28 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\OpenOffice
    2015-10-20 12:21 - 2015-10-20 14:17 - 00000000 ____D C:\Program Files (x86)\OpenOffice 4
    2015-10-20 12:15 - 2015-10-20 12:18 - 140852175 _____ C:\Users\bigalx58\Downloads\Apache_OpenOffice_4.1.1_Win_x86_install_en-US.exe
    2015-10-20 12:06 - 2015-05-13 12:37 - 00010715 _____ C:\Users\bigalx58\Downloads\INVITES FOR 50TH..ods
    2015-10-20 11:45 - 2015-11-08 13:55 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\U3
    2015-10-19 19:04 - 2015-10-19 19:04 - 00021670 _____ C:\Users\bigalx58\Documents\cc_20151019_200407.reg
    2015-10-19 18:14 - 2015-11-11 11:10 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LastPass
    2015-10-19 18:14 - 2015-11-10 12:51 - 00000000 ____D C:\Users\bigalx58\AppData\LocalLow\LastPass
    2015-10-19 18:14 - 2015-11-09 20:34 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\LastPass
    2015-10-19 18:14 - 2015-11-09 20:34 - 00000000 ____D C:\Program Files (x86)\LastPass
    2015-10-19 17:15 - 2015-10-19 17:16 - 16790552 _____ (LastPass) C:\Users\bigalx58\Downloads\lastpass_x64.exe
    2015-10-19 15:52 - 2015-10-19 15:52 - 00929872 _____ (Google Inc.) C:\Users\bigalx58\Downloads\GoogleEarthSetup (1).exe
    2015-10-19 15:52 - 2015-10-19 15:52 - 00002240 _____ C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Google Earth.lnk
    2015-10-19 15:27 - 2015-11-11 17:32 - 00000926 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineUA.job
    2015-10-19 15:27 - 2015-11-11 17:13 - 00000922 _____ C:\WINDOWS\Tasks\GoogleUpdateTaskMachineCore.job
    2015-10-19 15:27 - 2015-10-28 13:18 - 00000000 ____D C:\Program Files (x86)\Google
    2015-10-19 15:27 - 2015-10-19 15:27 - 00929872 _____ (Google Inc.) C:\Users\bigalx58\Downloads\GoogleEarthSetup.exe
    2015-10-19 15:27 - 2015-10-19 15:27 - 00003984 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineUA
    2015-10-19 15:27 - 2015-10-19 15:27 - 00003752 _____ C:\WINDOWS\System32\Tasks\GoogleUpdateTaskMachineCore
    2015-10-19 15:27 - 2015-10-19 15:27 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Google
    2015-10-19 15:25 - 2015-10-28 13:20 - 00000000 ___HD C:\ProgramData\CanonBJ
    2015-10-19 15:25 - 2015-10-21 11:18 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Canon
    2015-10-19 15:24 - 2015-10-28 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Canon Utilities
    2015-10-19 15:24 - 2015-10-28 13:17 - 00000000 ____D C:\Program Files (x86)\Canon
    2015-10-19 15:24 - 2015-10-19 15:24 - 00002175 _____ C:\Users\Public\Desktop\Canon MP Navigator EX 2.1.lnk
    2015-10-19 15:23 - 2015-10-19 15:24 - 48655952 _____ C:\Users\bigalx58\Downloads\mpnx_2_1-win-2_13-ea23_2 (1).exe
    2015-10-19 15:11 - 2015-10-19 15:12 - 50138704 _____ C:\Users\bigalx58\Downloads\mpnx_5_1-win-5_1_1-ea23_2.exe
    2015-10-19 14:04 - 2015-11-11 09:29 - 00192216 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\MBAMSwissArmy.sys
    2015-10-19 14:04 - 2015-10-28 13:20 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Malwarebytes Anti-Malware
    2015-10-19 14:04 - 2015-10-28 13:20 - 00000000 ____D C:\ProgramData\Malwarebytes
    2015-10-19 14:04 - 2015-10-28 13:19 - 00000000 ____D C:\Program Files (x86)\Malwarebytes Anti-Malware
    2015-10-19 14:04 - 2015-10-05 08:50 - 00109272 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbamchameleon.sys
    2015-10-19 14:04 - 2015-10-05 08:50 - 00064216 _____ (Malwarebytes Corporation) C:\WINDOWS\system32\Drivers\mwac.sys
    2015-10-19 14:04 - 2015-10-05 08:50 - 00025816 _____ (Malwarebytes) C:\WINDOWS\system32\Drivers\mbam.sys
    2015-10-19 14:03 - 2015-10-19 14:04 - 22908888 _____ (Malwarebytes ) C:\Users\bigalx58\Downloads\mbam-setup-2.2.0.1024.exe
    2015-10-19 14:00 - 2015-10-28 13:27 - 00000000 ____D C:\Users\bigalx58\AppData\Local\VS Revo Group
    2015-10-19 14:00 - 2015-10-28 13:20 - 00000000 ____D C:\ProgramData\VS Revo Group
    2015-10-19 14:00 - 2015-10-28 13:19 - 00000000 ____D C:\Program Files\VS Revo Group
    2015-10-19 14:00 - 2015-10-19 14:00 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Revo Uninstaller Pro
    2015-10-19 14:00 - 2009-12-30 10:21 - 00031800 _____ (VS Revo Group) C:\WINDOWS\system32\Drivers\revoflt.sys
    2015-10-19 13:59 - 2015-10-19 13:59 - 11069616 _____ (VS Revo Group ) C:\Users\bigalx58\Downloads\RevoUninProSetup.exe
    2015-10-19 13:58 - 2015-11-08 09:30 - 00000000 ____D C:\WINDOWS\System32\Tasks\Auslogics
    2015-10-19 13:58 - 2015-11-08 09:24 - 00000000 ____D C:\ProgramData\Auslogics
    2015-10-19 13:57 - 2015-11-08 09:30 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Auslogics
    2015-10-19 13:57 - 2015-11-08 09:24 - 00000000 ____D C:\Program Files (x86)\Auslogics
    2015-10-19 13:57 - 2015-10-19 13:57 - 07750968 _____ (Auslogics Labs Pty Ltd ) C:\Users\bigalx58\Downloads\registry-cleaner-setup (3).exe
    2015-10-19 13:56 - 2015-10-19 13:57 - 07750968 _____ (Auslogics Labs Pty Ltd ) C:\Users\bigalx58\Downloads\registry-cleaner-setup (2).exe
    2015-10-19 13:53 - 2015-10-19 13:53 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\SUPERAntiSpyware.com
    2015-10-19 13:52 - 2015-10-29 10:09 - 00000000 ____D C:\Program Files\SUPERAntiSpyware
    2015-10-19 13:52 - 2015-10-28 13:20 - 00000000 ____D C:\ProgramData\SUPERAntiSpyware.com
    2015-10-19 13:52 - 2015-10-19 13:52 - 23720352 _____ (SUPERAntiSpyware) C:\Users\bigalx58\Downloads\SUPERAntiSpyware.exe
    2015-10-19 13:52 - 2015-10-19 13:52 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\SUPERAntiSpyware
    2015-10-19 13:50 - 2015-10-28 13:19 - 00000000 ____D C:\Program Files\CCleaner
    2015-10-19 13:50 - 2015-10-19 13:50 - 06677440 _____ (Piriform Ltd) C:\Users\bigalx58\Downloads\ccsetup510 (1).exe
    2015-10-19 13:50 - 2015-10-19 13:50 - 00002868 _____ C:\WINDOWS\System32\Tasks\CCleanerSkipUAC
    2015-10-19 13:47 - 2015-10-28 13:19 - 00000000 ____D C:\Program Files (x86)\TomTom International B.V
    2015-10-19 13:47 - 2015-10-28 13:19 - 00000000 ____D C:\Program Files (x86)\MyDrive Connect
    2015-10-19 13:47 - 2015-10-19 13:47 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\TomTom
    2015-10-19 13:46 - 2015-10-19 13:46 - 23514192 _____ (TomTom International B.V.) C:\Users\bigalx58\Downloads\InstallMyDriveConnect (2).exe
    2015-10-19 12:39 - 2015-10-28 13:28 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\TomTom
    2015-10-19 12:39 - 2015-10-28 13:27 - 00000000 ____D C:\Users\bigalx58\AppData\Local\TomTom
    2015-10-19 12:39 - 2015-10-19 12:44 - 00000000 ____D C:\Program Files (x86)\TomTom HOME 2
    2015-10-19 12:39 - 2015-10-19 12:39 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Mozilla
    2015-10-19 12:38 - 2015-10-28 13:20 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Downloaded Installations
    2015-10-19 12:37 - 2015-10-19 12:37 - 31109864 _____ C:\Users\bigalx58\Downloads\TomTomHOME2winlatest (1).exe
    2015-10-19 12:35 - 2015-10-19 12:35 - 31109864 _____ C:\Users\bigalx58\Downloads\TomTomHOME2winlatest.exe
    2015-10-19 11:24 - 2015-10-19 11:24 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdFs_01_11_00.Wdf
    2015-10-18 19:06 - 2015-10-28 19:03 - 00000000 ___RD C:\Program Files (x86)\Skype
    2015-10-18 19:06 - 2015-10-28 13:27 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Skype
    2015-10-18 19:03 - 2015-10-18 19:03 - 01503872 _____ (Skype Technologies S.A.) C:\Users\bigalx58\Downloads\SkypeSetup (2).exe
    2015-10-18 18:29 - 2015-10-28 19:04 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Skype
    2015-10-18 18:29 - 2015-10-28 19:03 - 00000000 ____D C:\ProgramData\Skype
    2015-10-18 18:28 - 2015-11-04 16:32 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Windows Live Writer
    2015-10-18 18:28 - 2015-10-30 17:51 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Windows Live Writer
    2015-10-18 18:25 - 2015-10-18 18:25 - 01239752 _____ (Microsoft Corporation) C:\Users\bigalx58\Downloads\wlsetup-web (4).exe
    2015-10-18 17:59 - 2015-11-11 21:38 - 00004162 _____ C:\WINDOWS\System32\Tasks\User_Feed_Synchronization-{4817BCF8-46B0-4610-8FE7-434EF13F4E40}
    2015-10-18 17:00 - 2015-10-18 17:00 - 00000000 ____D C:\WINDOWS\system32\SleepStudy
    2015-10-18 16:04 - 2015-10-14 10:05 - 00045992 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\TURegOpt.exe
    2015-10-18 16:04 - 2015-10-14 09:59 - 00037288 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\system32\authuitu.dll
    2015-10-18 16:04 - 2015-10-14 09:59 - 00032680 _____ (AVG Technologies CZ, s.r.o.) C:\WINDOWS\SysWOW64\authuitu.dll
    2015-10-18 15:22 - 2015-10-18 16:04 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\AVG
    2015-10-18 15:21 - 2015-10-18 15:21 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\TuneUp Software
    2015-10-18 15:20 - 2015-11-10 12:26 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\AVG Zen
    2015-10-18 15:19 - 2015-11-10 12:26 - 00000000 ____D C:\Program Files (x86)\AVG
    2015-10-18 15:19 - 2015-11-10 12:24 - 00000000 ____D C:\Users\bigalx58\AppData\Local\AvgSetupLog
    2015-10-18 15:19 - 2015-11-10 11:46 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Avg
    2015-10-18 15:19 - 2015-11-10 11:46 - 00000000 ____D C:\ProgramData\Avg
    2015-10-18 15:19 - 2015-10-18 15:19 - 02895464 _____ (AVG Technologies) C:\Users\bigalx58\Downloads\AVG_Protection_Free_1115.exe
    2015-10-18 15:11 - 2015-11-11 08:48 - 00000000 ____D C:\Users\bigalx58\Desktop\Cleaners-Security
    2015-10-18 15:08 - 2015-10-18 15:08 - 00000264 _____ C:\prefs.js
    2015-10-18 15:08 - 2015-10-18 15:08 - 00000000 ____D C:\searchplugins
    2015-10-18 15:07 - 2015-11-11 09:40 - 00000000 ____D C:\Program Files (x86)\Lavasoft
    2015-10-18 15:07 - 2015-10-28 13:50 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Lavasoft
    2015-10-18 15:07 - 2015-10-18 15:13 - 00002936 _____ C:\WINDOWS\SysWOW64\LavasoftTcpServiceOff.ini
    2015-10-18 15:07 - 2015-10-18 15:13 - 00002936 _____ C:\WINDOWS\system32\LavasoftTcpServiceOff.ini
    2015-10-18 15:07 - 2015-10-18 15:07 - 00425744 _____ (Lavasoft Limited) C:\WINDOWS\system32\LavasoftTcpService64.dll
    2015-10-18 15:07 - 2015-10-18 15:07 - 00345360 _____ (Lavasoft Limited) C:\WINDOWS\SysWOW64\LavasoftTcpService.dll
    2015-10-18 15:06 - 2015-11-11 08:43 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Lavasoft
    2015-10-18 15:06 - 2015-10-18 15:06 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_Kernel_avchv_01009.Wdf
    2015-10-18 15:04 - 2015-11-11 09:40 - 00000000 ____D C:\ProgramData\Lavasoft
    2015-10-18 14:27 - 2015-10-18 14:27 - 01239752 _____ (Microsoft Corporation) C:\Users\bigalx58\Downloads\wlsetup-web (3).exe
    2015-10-18 14:26 - 2015-10-18 14:26 - 01239752 _____ (Microsoft Corporation) C:\Users\bigalx58\Downloads\wlsetup-web (2).exe
    2015-10-16 11:30 - 2015-10-16 11:30 - 00206080 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudmdm.sys
    2015-10-16 11:30 - 2015-10-16 11:30 - 00108800 _____ (DEVGURU Co., LTD.(www.devguru.co.kr)) C:\WINDOWS\system32\Drivers\ssudbus.sys
    2015-10-16 11:26 - 2015-10-16 11:26 - 00000000 ____H C:\WINDOWS\system32\Drivers\Msft_User_WpdMtpDr_01_11_00.Wdf
    2015-10-16 07:30 - 2015-10-16 07:31 - 00000000 ____D C:\Users\bigalx58\AppData\Local\PackageStaging
    2015-10-16 07:30 - 2015-10-16 07:30 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Macromedia
    2015-10-16 06:48 - 2015-07-05 05:08 - 00300704 ____N (Microsoft Corporation) C:\WINDOWS\system32\MpSigStub.exe
    2015-10-16 06:47 - 2015-11-10 15:03 - 00000000 ____D C:\WINDOWS\system32\MRT
    2015-10-16 06:47 - 2015-11-10 15:00 - 145617392 _____ (Microsoft Corporation) C:\WINDOWS\system32\MRT.exe
    2015-10-15 19:55 - 2015-10-15 19:55 - 00000000 ____D C:\Users\bigalx58\AppData\Local\NetworkTiles
    2015-10-15 19:55 - 2015-10-15 19:55 - 00000000 ____D C:\Users\bigalx58\AppData\Local\MicrosoftEdge
    2015-10-15 19:54 - 2015-11-11 17:13 - 00000000 ___RD C:\Users\bigalx58\OneDrive
    2015-10-15 19:54 - 2015-10-30 14:55 - 00002350 _____ C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\OneDrive.lnk
    2015-10-15 19:54 - 2015-10-15 19:59 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Comms
    2015-10-15 19:54 - 2015-10-15 19:54 - 00000000 ____D C:\ProgramData\Microsoft OneDrive
    2015-10-15 19:53 - 2015-10-15 19:53 - 00038704 _____ C:\Users\bigalx58\Desktop\Removed Apps.html
    2015-10-15 19:52 - 2015-11-04 16:31 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Packages
    2015-10-15 19:52 - 2015-10-18 16:04 - 00000000 ____D C:\Users\bigalx58\AppData\Local\VirtualStore
    2015-10-15 19:52 - 2015-10-15 19:52 - 00000020 ___SH C:\Users\bigalx58\ntuser.ini
    2015-10-15 19:52 - 2015-10-15 19:52 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Adobe
    2015-10-15 19:52 - 2015-10-15 19:52 - 00000000 ____D C:\Users\bigalx58\AppData\Local\TileDataLayer
    2015-10-15 19:52 - 2015-10-15 19:52 - 00000000 ____D C:\Users\bigalx58\AppData\Local\Publishers
    2015-10-15 16:45 - 2015-11-04 16:20 - 00000000 ____D C:\Windows.old
    2015-10-15 16:45 - 2015-10-15 16:45 - 00028672 ___SH C:\WINDOWS\system32\config\BCD-Template.LOG
    2015-10-15 16:45 - 2015-10-15 16:45 - 00008192 _____ C:\WINDOWS\system32\config\userdiff
    2015-10-15 16:38 - 2015-10-15 16:38 - 00000000 ____D C:\WINDOWS\Setup
    2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\winrm
    2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\WCN
    2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\sysprep
    2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\slmgr
    2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\Printing_Admin_Scripts
    2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\0409
    2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\system32\winrm
    2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\system32\WCN
    2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\system32\slmgr
    2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\system32\Printing_Admin_Scripts
    2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\system32\0409
    2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\OCR
    2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\DigitalLocker
    2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files\Reference Assemblies
    2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files\MSBuild
    2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files (x86)\Reference Assemblies
    2015-10-15 16:34 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files (x86)\MSBuild
    2015-10-15 16:31 - 2015-11-03 13:20 - 00810488 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerApp.exe
    2015-10-15 16:31 - 2015-11-03 13:20 - 00176632 _____ (Adobe Systems Incorporated) C:\WINDOWS\SysWOW64\FlashPlayerCPLApp.cpl
    2015-10-15 16:30 - 2015-10-15 16:27 - 00208384 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msclmd.dll
    2015-10-15 16:30 - 2015-10-15 16:27 - 00008798 _____ C:\WINDOWS\SysWOW64\icrav03.rat
    2015-10-15 16:30 - 2015-10-15 16:27 - 00001988 _____ C:\WINDOWS\SysWOW64\ticrf.rat
    2015-10-15 16:30 - 2015-10-15 16:27 - 00000741 _____ C:\WINDOWS\SysWOW64\NOISE.DAT
    2015-10-15 16:29 - 2015-11-11 21:35 - 00000000 ____D C:\WINDOWS\system32\sru
    2015-10-15 16:29 - 2015-11-11 17:26 - 00000000 ____D C:\WINDOWS\AppReadiness
    2015-10-15 16:29 - 2015-11-10 21:18 - 00000000 ____D C:\WINDOWS\system32\appraiser
    2015-10-15 16:29 - 2015-11-10 11:44 - 00000000 ___HD C:\WINDOWS\ELAMBKUP
    2015-10-15 16:29 - 2015-11-04 12:30 - 00000000 ____D C:\Program Files\Common Files\microsoft shared
    2015-10-15 16:29 - 2015-11-03 13:22 - 00000000 ___HD C:\WINDOWS\system32\GroupPolicy
    2015-10-15 16:29 - 2015-11-03 13:22 - 00000000 ____D C:\WINDOWS\SysWOW64\GroupPolicy
    2015-10-15 16:29 - 2015-11-02 17:21 - 00000000 ____D C:\WINDOWS\rescache
    2015-10-15 16:29 - 2015-10-28 14:02 - 00000000 ____D C:\WINDOWS\system32\WinMetadata
    2015-10-15 16:29 - 2015-10-28 14:02 - 00000000 ____D C:\WINDOWS\system32\Sysprep
    2015-10-15 16:29 - 2015-10-28 14:02 - 00000000 ____D C:\WINDOWS\system32\en-GB
    2015-10-15 16:29 - 2015-10-28 13:29 - 00000000 ____D C:\WINDOWS\registration
    2015-10-15 16:29 - 2015-10-20 14:14 - 00000000 ____D C:\WINDOWS\LiveKernelReports
    2015-10-15 16:29 - 2015-10-19 15:25 - 00000000 __RSD C:\WINDOWS\Media
    2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ___SD C:\WINDOWS\SysWOW64\F12
    2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ___SD C:\WINDOWS\system32\F12
    2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ___RD C:\WINDOWS\PurchaseDialog
    2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ___RD C:\WINDOWS\ImmersiveControlPanel
    2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\WINDOWS\SysWOW64\oobe
    2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\WINDOWS\SysWOW64\Dism
    2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\WINDOWS\system32\WinBioPlugIns
    2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\WINDOWS\system32\SystemResetPlatform
    2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\WINDOWS\system32\oobe
    2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\WINDOWS\system32\Dism
    2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\WINDOWS\Provisioning
    2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\WINDOWS\L2Schemas
    2015-10-15 16:29 - 2015-10-18 14:30 - 00000000 ____D C:\Program Files\Windows Journal
    2015-10-15 16:29 - 2015-10-16 06:45 - 00000000 ____D C:\WINDOWS\system32\restore
    2015-10-15 16:29 - 2015-10-16 06:45 - 00000000 ____D C:\WINDOWS\appcompat
    2015-10-15 16:29 - 2015-10-15 19:52 - 00000000 ___RD C:\WINDOWS\PrintDialog
    2015-10-15 16:29 - 2015-10-15 19:52 - 00000000 ___RD C:\WINDOWS\MiracastView
    2015-10-15 16:29 - 2015-10-15 16:45 - 00028672 _____ C:\WINDOWS\system32\config\BCD-Template
    2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ___SD C:\WINDOWS\SysWOW64\DiagSvcs
    2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ___SD C:\WINDOWS\system32\dsc
    2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ___SD C:\WINDOWS\system32\DiagSvcs
    2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\setup
    2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\MUI
    2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\SysWOW64\Com
    2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\system32\setup
    2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\system32\MUI
    2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\system32\migwiz
     
    Bigalx58,
    #22


  3. to hide this advert.

  4. 2015/11/11
    Bigalx58

    Bigalx58 Well-Known Member Thread Starter

    Joined:
    2006/05/29
    Messages:
    205
    Likes Received:
    1
    0000000 ____D C:\WINDOWS\system32\Com
    2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\PolicyDefinitions
    2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\IME
    2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files\Windows Photo Viewer
    2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files\Windows Defender
    2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files\Common Files\System
    2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files (x86)\Windows Photo Viewer
    2015-10-15 16:29 - 2015-10-15 16:34 - 00000000 ____D C:\Program Files (x86)\Windows Defender
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 __RSD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 __RSD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ___SD C:\WINDOWS\SysWOW64\Nui
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\zh-HK
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\WinMetadata
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\uk-UA
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\tr-TR
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\th-TH
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-RS
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\sr-Latn-CS
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\sppui
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\sl-SI
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\sk-SK
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\ro-RO
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\Recovery
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\MSDRM
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\migwiz
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\lv-LV
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\lt-LT
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\InstallShield
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\icsxml
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\hr-HR
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\he-IL
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\fr-CA
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\et-EE
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\es-MX
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\en-GB
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\downlevel
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\Bthprops
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\bg-BG
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\ar-SA
    2015-10-15 16:29 - 2015-10-15 16:30 - 00000000 ____D C:\WINDOWS\SysWOW64\AdvancedInstallers
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 __SHD C:\Program Files\Windows Sidebar
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 __SHD C:\Program Files (x86)\Windows Sidebar
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 __RHD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Tablet PC
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___SD C:\WINDOWS\SysWOW64\Configuration
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___SD C:\WINDOWS\system32\Nui
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___SD C:\WINDOWS\system32\Configuration
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___SD C:\Program Files\WindowsPowerShell
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___SD C:\Program Files (x86)\WindowsPowerShell
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___RD C:\WINDOWS\Offline Web Pages
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___RD C:\WINDOWS\DesktopTileResources
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ___RD C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Web
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Vss
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\tracing
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\TAPI
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\WindowsPowerShell
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\sru
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\spp
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech_OneCore
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\Speech
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\SMI
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\restore
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\RasToast
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\ras
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\networklist
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\NDF
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\MsDtc
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\Macromed
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\Licenses
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\Ipmi
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\InputMethod
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\inetsrv
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\IME
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\FxsTmp
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SysWOW64\AppLocker
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SystemResources
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\zh-HK
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\winevt
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\WindowsPowerShell
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\uk-UA
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\tr-TR
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\th-TH
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-RS
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\sr-Latn-CS
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\sppui
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\spp
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\Speech_OneCore
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\Speech
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\sl-SI
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\sk-SK
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\SecureBootUpdates
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\ro-RO
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\RasToast
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\ras
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\ProximityToast
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\PointOfService
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\networklist
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\NDF
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\MsDtc
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\MSDRM
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\MailContactsCalendarSync
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\Macromed
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\lv-LV
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\lt-LT
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\Licenses
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\Ipmi
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\InputMethod
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\inetsrv
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\IME
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\icsxml
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\ias
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\hr-HR
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\he-IL
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\fr-CA
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\et-EE
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\es-MX
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\downlevel
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\config\Journal
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\Bthprops
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\bg-BG
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\ar-SA
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\AppLocker
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\AdvancedInstallers
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system\Speech
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\System
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Speech_OneCore
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Speech
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SKB
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\ShellNew
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\security
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\schemas
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\SchCache
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Resources
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\PLA
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Performance
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\InputMethod
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Globalization
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Cursors
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\Branding
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\addins
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Users\Default\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Users\Default User\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\ProgramData\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\ProgramData\Comms
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Program Files\Windows Portable Devices
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Program Files\Windows NT
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Program Files\Windows Multimedia Platform
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Program Files\Common Files\Services
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Program Files (x86)\Windows Portable Devices
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Program Files (x86)\Windows NT
    2015-10-15 16:29 - 2015-10-15 16:29 - 00000000 ____D C:\Program Files (x86)\Windows Multimedia Platform
    2015-10-15 16:29 - 2015-10-15 16:27 - 00229888 _____ (Microsoft Corporation) C:\WINDOWS\system32\msclmd.dll
    2015-10-15 16:29 - 2015-10-15 16:27 - 00215943 _____ C:\WINDOWS\SysWOW64\dssec.dat
    2015-10-15 16:29 - 2015-10-15 16:27 - 00215943 _____ C:\WINDOWS\system32\dssec.dat
    2015-10-15 16:29 - 2015-10-15 16:27 - 00017463 _____ C:\WINDOWS\system32\Drivers\etc\services
    2015-10-15 16:29 - 2015-10-15 16:27 - 00015462 _____ C:\WINDOWS\system32\OEMDefaultAssociations.xml
    2015-10-15 16:29 - 2015-10-15 16:27 - 00008798 _____ C:\WINDOWS\system32\icrav03.rat
    2015-10-15 16:29 - 2015-10-15 16:27 - 00003683 _____ C:\WINDOWS\system32\Drivers\etc\lmhosts.sam
    2015-10-15 16:29 - 2015-10-15 16:27 - 00001988 _____ C:\WINDOWS\system32\ticrf.rat
    2015-10-15 16:29 - 2015-10-15 16:27 - 00001358 _____ C:\WINDOWS\system32\Drivers\etc\protocol
    2015-10-15 16:29 - 2015-10-15 16:27 - 00000858 _____ C:\WINDOWS\system32\DefaultQuestions.json
    2015-10-15 16:29 - 2015-10-15 16:27 - 00000741 _____ C:\WINDOWS\system32\NOISE.DAT
    2015-10-15 16:29 - 2015-10-15 16:27 - 00000407 _____ C:\WINDOWS\system32\Drivers\etc\networks
    2015-10-15 16:29 - 2015-10-15 16:27 - 00000219 _____ C:\WINDOWS\system.ini
    2015-10-15 16:29 - 2015-10-15 16:27 - 00000092 _____ C:\WINDOWS\win.ini
    2015-10-15 16:29 - 2015-10-15 13:07 - 00000000 ____D C:\WINDOWS\system32\WinBioDatabase
    2015-10-15 16:29 - 2015-10-15 13:06 - 00000000 __RHD C:\Users\Public\Libraries
    2015-10-15 16:29 - 2015-10-15 13:06 - 00000000 ____D C:\WINDOWS\system32\Recovery
    2015-10-15 16:29 - 2015-10-15 13:04 - 00000000 ____D C:\WINDOWS\system32\spool
    2015-10-15 16:29 - 2015-10-15 13:04 - 00000000 ____D C:\WINDOWS\system32\FxsTmp
    2015-10-15 16:29 - 2015-10-15 12:57 - 00000000 ____D C:\WINDOWS\Help
    2015-10-15 16:29 - 2015-10-15 12:56 - 00000000 ____D C:\ProgramData\USOPrivate
    2015-10-15 16:19 - 2015-11-10 15:03 - 00000000 ____D C:\WINDOWS\CbsTemp
    2015-10-15 16:06 - 2015-11-11 17:11 - 01048576 ___SH C:\WINDOWS\system32\config\BBI
    2015-10-15 16:06 - 2015-11-06 09:06 - 00032768 ___SH C:\WINDOWS\system32\config\ELAM
    2015-10-15 16:06 - 2015-10-20 17:27 - 00786432 ___SH C:\WINDOWS\system32\config\BBI(702)
    2015-10-15 16:06 - 2015-10-15 16:34 - 00000000 ____D C:\WINDOWS\servicing
    2015-10-15 16:06 - 2015-10-15 16:29 - 00000000 ____D C:\WINDOWS\system32\SMI
    2015-10-15 16:06 - 2015-10-15 13:08 - 00000000 __RHD C:\Users\Default
    2015-10-15 16:06 - 2015-07-10 04:11 - 00000164 _____ C:\WINDOWS\system32\config\FP
    2015-10-15 16:05 - 2015-10-16 09:54 - 00000000 ___HD C:\$SysReset
    2015-10-15 13:09 - 2015-11-11 17:18 - 00875126 _____ C:\WINDOWS\system32\PerfStringBackup.INI
    2015-10-15 13:08 - 2015-10-15 13:08 - 00000000 __SHD C:\Recovery
    2015-10-15 13:07 - 2015-10-15 13:07 - 00012081 _____ C:\Users\Administrator\AppData\Local\Application.xml
    2015-10-15 13:05 - 2015-11-09 20:10 - 00000000 ____D C:\Users\bigalx58
    2015-10-15 13:05 - 2015-10-28 14:12 - 00000000 ____D C:\Users\DefaultAppPool
    2015-10-15 13:05 - 2015-10-28 14:12 - 00000000 ____D C:\Users\Administrator
    2015-10-15 13:05 - 2015-10-15 19:52 - 00000000 ___RD C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-10-15 13:05 - 2015-10-15 16:30 - 00000000 __RSD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
    2015-10-15 13:05 - 2015-10-15 16:30 - 00000000 __RSD C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
    2015-10-15 13:05 - 2015-10-15 16:30 - 00000000 __RSD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Windows PowerShell
    2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\System Tools
    2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessories
    2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ___RD C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Accessibility
    2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ____D C:\Users\DefaultAppPool\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ____D C:\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-10-15 13:05 - 2015-10-15 16:29 - 00000000 ____D C:\Users\Administrator\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Maintenance
    2015-10-15 12:57 - 2015-10-15 12:57 - 00000000 ____D C:\ProgramData\NVIDIA Corporation
    2015-10-15 12:57 - 2015-10-15 12:57 - 00000000 ____D C:\ProgramData\NVIDIA
    2015-10-15 12:57 - 2015-10-15 12:57 - 00000000 ____D C:\Program Files (x86)\NVIDIA Corporation
    2015-10-15 12:57 - 2015-07-22 20:10 - 06873928 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvcpl.dll
    2015-10-15 12:57 - 2015-07-22 20:10 - 03493008 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvc64.dll
    2015-10-15 12:57 - 2015-07-22 20:10 - 02558608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvsvcr.dll
    2015-10-15 12:57 - 2015-07-22 20:10 - 00937800 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvvsvc.exe
    2015-10-15 12:57 - 2015-07-22 20:10 - 00385168 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvmctray.dll
    2015-10-15 12:57 - 2015-07-22 20:10 - 00062608 _____ (NVIDIA Corporation) C:\WINDOWS\system32\nvshext.dll
    2015-10-15 12:57 - 2015-07-21 23:29 - 05121613 _____ C:\WINDOWS\system32\nvcoproc.bin
    2015-10-15 12:56 - 2015-10-15 12:57 - 00000000 ____D C:\Program Files\NVIDIA Corporation
    2015-10-15 12:56 - 2015-10-15 12:56 - 00000000 ____H C:\ProgramData\DP45977C.lfl
    2015-10-15 12:56 - 2015-10-15 12:56 - 00000000 ____D C:\WINDOWS\system32\DAX2
    2015-10-15 12:56 - 2015-10-15 12:56 - 00000000 ____D C:\ProgramData\USOShared
    2015-10-15 12:56 - 2015-10-15 12:56 - 00000000 ____D C:\Program Files\Realtek
    2015-10-15 12:55 - 2015-10-15 12:56 - 00000000 ____D C:\WINDOWS\SysWOW64\RTCOM
    2015-10-15 12:54 - 2015-07-10 05:59 - 02718208 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PrintConfig.dll
    2015-10-15 12:51 - 2015-11-11 17:11 - 00000006 ____H C:\WINDOWS\Tasks\SA.DAT
    2015-10-15 12:50 - 2015-10-21 07:31 - 00253112 _____ C:\WINDOWS\system32\FNTCACHE.DAT
    2015-10-14 20:02 - 2015-10-14 20:00 - 00026624 ____T C:\Users\bigalx58\Documents\Oakville Happy Tappers - Sea Cruise - placements.xls
    2015-10-14 12:37 - 2015-10-14 12:37 - 04236400 _____ C:\Users\bigalx58\Downloads\advisorinstaller.exe
    2015-10-14 12:37 - 2015-10-14 12:37 - 04236400 _____ C:\Users\bigalx58\Downloads\advisorinstaller (1).exe
    2015-10-14 12:08 - 2015-10-14 12:12 - 303687256 _____ (NVIDIA Corporation) C:\Users\bigalx58\Downloads\358.50-desktop-win10-64bit-international-whql.exe
    2015-10-14 12:04 - 2015-10-14 12:04 - 00000000 ____D C:\Users\Public\Documents\Logishrd
    2015-10-14 11:59 - 2015-10-14 12:01 - 81354761 _____ C:\Users\bigalx58\Downloads\logitech_full_setpoint_6_65_62_64bit.zip
    2015-10-14 11:54 - 2015-10-14 11:54 - 05345280 _____ C:\Users\bigalx58\Downloads\INF_allOS_9.4.0.1027.exe
    2015-10-14 11:52 - 2015-10-14 11:53 - 02449376 _____ (Megaify Software ) C:\Users\bigalx58\Downloads\DriverToolkitInstaller (4).exe
    2015-10-14 11:51 - 2015-10-14 11:51 - 02449376 _____ (Megaify Software ) C:\Users\bigalx58\Downloads\DriverToolkitInstaller (3).exe
    2015-10-14 11:50 - 2015-10-14 11:50 - 02449376 _____ (Megaify Software ) C:\Users\bigalx58\Downloads\DriverToolkitInstaller (2).exe
    2015-10-14 11:50 - 2015-10-14 11:50 - 02449376 _____ (Megaify Software ) C:\Users\bigalx58\Downloads\DriverToolkitInstaller (1).exe
    2015-10-14 11:49 - 2015-10-14 11:50 - 02449376 _____ (Megaify Software ) C:\Users\bigalx58\Downloads\DriverToolkitInstaller.exe
    2015-10-13 13:51 - 2015-10-10 02:12 - 00078528 _____ (Microsoft Corporation) C:\WINDOWS\system32\acmigration.dll
    2015-10-13 13:51 - 2015-10-05 22:03 - 16708608 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.UI.Xaml.dll
    2015-10-13 13:51 - 2015-10-05 21:46 - 13027840 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.UI.Xaml.dll
    2015-10-13 13:51 - 2015-09-30 23:01 - 01294352 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.efi
    2015-10-13 13:51 - 2015-09-30 23:01 - 01123400 _____ (Microsoft Corporation) C:\WINDOWS\system32\winload.exe
    2015-10-13 13:51 - 2015-09-30 23:01 - 01018568 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.efi
    2015-10-13 13:51 - 2015-09-30 23:01 - 00858408 _____ (Microsoft Corporation) C:\WINDOWS\system32\winresume.exe
    2015-10-13 13:51 - 2015-09-30 22:03 - 00757760 _____ (Microsoft Corporation) C:\WINDOWS\system32\fveapi.dll
    2015-10-13 13:51 - 2015-09-24 23:01 - 02573768 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml6.dll
    2015-10-13 13:51 - 2015-09-24 23:01 - 00498016 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\usbhub.sys
    2015-10-13 13:51 - 2015-09-24 22:56 - 22322624 _____ (Microsoft Corporation) C:\WINDOWS\system32\shell32.dll
    2015-10-13 13:51 - 2015-09-24 22:52 - 00980832 _____ (Microsoft Corporation) C:\WINDOWS\system32\SecConfig.efi
    2015-10-13 13:51 - 2015-09-24 22:33 - 01997336 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml6.dll
    2015-10-13 13:51 - 2015-09-24 22:26 - 20858360 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\shell32.dll
    2015-10-13 13:51 - 2015-09-24 22:11 - 00257024 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataAccountApis.dll
    2015-10-13 13:51 - 2015-09-24 22:11 - 00223232 _____ (Microsoft Corporation) C:\WINDOWS\system32\PhoneCallHistoryApis.dll
    2015-10-13 13:51 - 2015-09-24 22:07 - 01276416 _____ (Microsoft Corporation) C:\WINDOWS\system32\wifinetworkmanager.dll
    2015-10-13 13:51 - 2015-09-24 22:04 - 00771072 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakradiag.dll
    2015-10-13 13:51 - 2015-09-24 22:03 - 00796160 _____ (Microsoft Corporation) C:\WINDOWS\system32\TokenBroker.dll
    2015-10-13 13:51 - 2015-09-24 22:03 - 00576000 _____ (Microsoft Corporation) C:\WINDOWS\system32\vbscript.dll
    2015-10-13 13:51 - 2015-09-24 22:02 - 07523840 _____ (Microsoft Corporation) C:\WINDOWS\system32\Chakra.dll
    2015-10-13 13:51 - 2015-09-24 22:02 - 00689152 _____ (Microsoft Corporation) C:\WINDOWS\system32\Windows.Security.Authentication.Web.Core.dll
    2015-10-13 13:51 - 2015-09-24 22:01 - 04792320 _____ (Microsoft Corporation) C:\WINDOWS\system32\jscript9.dll
    2015-10-13 13:51 - 2015-09-24 22:00 - 01423872 _____ (Microsoft Corporation) C:\WINDOWS\system32\UserDataService.dll
    2015-10-13 13:51 - 2015-09-24 22:00 - 00856576 _____ (Microsoft Corporation) C:\WINDOWS\system32\ContactApis.dll
    2015-10-13 13:51 - 2015-09-24 22:00 - 00752640 _____ (Microsoft Corporation) C:\WINDOWS\system32\ChatApis.dll
    2015-10-13 13:51 - 2015-09-24 21:59 - 01205248 _____ (Microsoft Corporation) C:\WINDOWS\system32\Unistore.dll
    2015-10-13 13:51 - 2015-09-24 21:59 - 00720896 _____ (Microsoft Corporation) C:\WINDOWS\system32\EmailApis.dll
    2015-10-13 13:51 - 2015-09-24 21:59 - 00685568 _____ (Microsoft Corporation) C:\WINDOWS\system32\AppointmentApis.dll
    2015-10-13 13:51 - 2015-09-24 21:59 - 00590336 _____ (Microsoft Corporation) C:\WINDOWS\system32\MessagingDataModel2.dll
    2015-10-13 13:51 - 2015-09-24 21:59 - 00288256 _____ (Microsoft Corporation) C:\WINDOWS\system32\PimIndexMaintenance.dll
    2015-10-13 13:51 - 2015-09-24 21:59 - 00163840 _____ (Microsoft Corporation) C:\WINDOWS\system32\CallHistoryClient.dll
    2015-10-13 13:51 - 2015-09-24 21:58 - 01871360 _____ (Microsoft Corporation) C:\WINDOWS\system32\msxml3.dll
    2015-10-13 13:51 - 2015-09-24 21:47 - 00195584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\UserDataAccountApis.dll
    2015-10-13 13:51 - 2015-09-24 21:47 - 00172032 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\PhoneCallHistoryApis.dll
    2015-10-13 13:51 - 2015-09-24 21:38 - 03580416 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\jscript9.dll
    2015-10-13 13:51 - 2015-09-24 21:38 - 00574464 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakradiag.dll
    2015-10-13 13:51 - 2015-09-24 21:38 - 00504320 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\vbscript.dll
    2015-10-13 13:51 - 2015-09-24 21:37 - 00613376 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\TokenBroker.dll
    2015-10-13 13:51 - 2015-09-24 21:37 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Windows.Security.Authentication.Web.Core.dll
    2015-10-13 13:51 - 2015-09-24 21:36 - 05454848 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Chakra.dll
    2015-10-13 13:51 - 2015-09-24 21:34 - 00928256 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\Unistore.dll
    2015-10-13 13:51 - 2015-09-24 21:34 - 00625152 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ContactApis.dll
    2015-10-13 13:51 - 2015-09-24 21:34 - 00579584 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\AppointmentApis.dll
    2015-10-13 13:51 - 2015-09-24 21:34 - 00557568 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\ChatApis.dll
    2015-10-13 13:51 - 2015-09-24 21:34 - 00525312 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\EmailApis.dll
    2015-10-13 13:51 - 2015-09-24 21:33 - 00131072 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\CallHistoryClient.dll
    2015-10-13 13:51 - 2015-09-24 21:32 - 01594368 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\msxml3.dll
    2015-10-13 13:51 - 2015-09-24 21:32 - 00466432 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\MessagingDataModel2.dll

    ==================== One Month Modified files and folders ========

    (If an entry is included in the fixlist, the file/folder will be moved.)

    2015-11-11 21:43 - 2013-08-12 08:09 - 00000000 ____D C:\FRST
    2015-11-11 11:10 - 2012-08-05 15:10 - 00000000 ____D C:\Users\bigalx58\Desktop\ACCESSORIES
    2015-11-11 09:33 - 2013-08-13 16:58 - 00000000 ____D C:\AdwCleaner
    2015-11-06 16:04 - 2015-09-02 12:18 - 00000000 ____D C:\Users\bigalx58\.oracle_jre_usage
    2015-11-04 15:41 - 2013-05-24 09:49 - 00000000 ____D C:\Users\bigalx58\SkyDrive
    2015-11-02 16:08 - 2015-07-10 05:59 - 00480256 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnet.dll
    2015-11-02 16:08 - 2015-07-10 05:59 - 00395264 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnet.dll
    2015-11-02 16:08 - 2015-07-10 05:59 - 00220160 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplayx.dll
    2015-11-02 16:08 - 2015-07-10 05:59 - 00069120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnathlp.dll
    2015-11-02 16:08 - 2015-07-10 05:59 - 00061952 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnathlp.dll
    2015-11-02 16:08 - 2015-07-10 05:59 - 00047104 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpwsockx.dll
    2015-11-02 16:08 - 2015-07-10 05:59 - 00027648 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnsvr.exe
    2015-11-02 16:08 - 2015-07-10 05:59 - 00025088 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpmodemx.dll
    2015-11-02 16:08 - 2015-07-10 05:59 - 00023040 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnsvr.exe
    2015-11-02 16:08 - 2015-07-10 05:59 - 00020992 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dplaysvr.exe
    2015-11-02 16:08 - 2015-07-10 05:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhupnp.dll
    2015-11-02 16:08 - 2015-07-10 05:59 - 00010240 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnhpast.dll
    2015-11-02 16:08 - 2015-07-10 05:59 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhupnp.dll
    2015-11-02 16:08 - 2015-07-10 05:59 - 00008704 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnhpast.dll
    2015-11-02 16:08 - 2015-07-10 05:59 - 00005632 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnlobby.dll
    2015-11-02 16:08 - 2015-07-10 05:59 - 00005120 _____ (Microsoft Corporation) C:\WINDOWS\system32\dpnaddr.dll
    2015-11-02 16:08 - 2015-07-10 05:59 - 00004608 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnlobby.dll
    2015-11-02 16:08 - 2015-07-10 05:59 - 00004096 _____ (Microsoft Corporation) C:\WINDOWS\SysWOW64\dpnaddr.dll
    2015-10-31 10:59 - 2015-10-07 08:07 - 00000000 ____D C:\Users\bigalx58\Tracing
    2015-10-30 18:13 - 2013-12-27 13:58 - 00001390 _____ C:\Users\bigalx58\Desktop\Internet Explorer.lnk
    2015-10-29 12:03 - 2012-11-15 12:48 - 00015887 _____ C:\Users\bigalx58\Documents\PERSONAL ASSETS.odt
    2015-10-28 17:09 - 2012-04-15 14:46 - 00000000 ___SD C:\Users\bigalx58\AppData\LocalLow\Temp
    2015-10-28 14:02 - 2013-04-10 17:15 - 00000000 ____D C:\Users\bigalx58\Documents\favo_src
    2015-10-23 15:01 - 2011-05-08 16:30 - 00000000 ____D C:\Users\bigalx58\Documents\My Digital Editions
    2015-10-15 16:25 - 2015-07-10 05:59 - 00065536 _____ (Microsoft Corporation) C:\WINDOWS\system32\Drivers\bthmodem.sys
    2015-10-15 13:06 - 2010-11-21 02:16 - 00000000 ___RD C:\Users\Public\Recorded TV
    2015-10-15 12:57 - 2004-08-16 17:07 - 00000000 ____D C:\temp

    ==================== Files in the root of some directories =======

    2015-10-19 17:16 - 2015-11-09 20:34 - 20320792 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
    2015-10-15 12:56 - 2015-10-15 12:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-10-25 13:01 - 2015-11-01 09:23 - 0000020 _____ () C:\ProgramData\IpAndPort.fig
    2015-11-01 09:23 - 2015-11-01 09:23 - 0000228 _____ () C:\ProgramData\RmUserCfg.ini

    Files to move or delete:
    ====================
    C:\Users\Administrator\ntuser (1).dat
    C:\Users\bigalx58\ntuser (1).dat


    ==================== Bamital & volsnap =================

    (There is no automatic fix for files that do not pass verification.)

    C:\WINDOWS\system32\winlogon.exe => File is digitally signed
    C:\WINDOWS\system32\wininit.exe => File is digitally signed
    C:\WINDOWS\explorer.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\explorer.exe => File is digitally signed
    C:\WINDOWS\system32\svchost.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\svchost.exe => File is digitally signed
    C:\WINDOWS\system32\services.exe => File is digitally signed
    C:\WINDOWS\system32\User32.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\User32.dll => File is digitally signed
    C:\WINDOWS\system32\userinit.exe => File is digitally signed
    C:\WINDOWS\SysWOW64\userinit.exe => File is digitally signed
    C:\WINDOWS\system32\rpcss.dll => File is digitally signed
    C:\WINDOWS\system32\dnsapi.dll => File is digitally signed
    C:\WINDOWS\SysWOW64\dnsapi.dll => File is digitally signed
    C:\WINDOWS\system32\Drivers\volsnap.sys => File is digitally signed


    LastRegBack: 2015-11-07 13:01

    ==================== End of FRST.txt ============================
     
    Bigalx58,
    #23
  5. 2015/11/11
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Download attached fixlist.txt file and save it to the Desktop.
    NOTE. It's important that both files, FRST and fixlist.txt are in the same location or the fix will not work.

    NOTICE: This script was written specifically for this user, for use on that particular machine. Running this on another machine may cause damage to your operating system

    Run FRST(FRST64) and press the Fix button just once and wait.
    The tool will make a log on the Desktop (Fixlog.txt). Please post it to your reply.
     

    Attached Files:

    broni,
    #24
  6. 2015/11/12
    Bigalx58

    Bigalx58 Well-Known Member Thread Starter

    Joined:
    2006/05/29
    Messages:
    205
    Likes Received:
    1
    I'm having a problem here...I've saved the fixlist.txt to the desktop. When I download FRST, I press the Fix button without scanning and I get the message that says that the fixlist cannot be found.
     
    Bigalx58,
    #25
  7. 2015/11/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Please download SystemLook from one of the links below and save it to your Desktop.
    Download Mirror #1
    Download Mirror #2
    64-bit users go HERE

    • Double-click SystemLook.exe to run it.
    • Vista users:: Right click on SystemLook.exe, click Run As Administrator
    • Copy the content of the following box and paste it into the main textfield:

    Code:
    :filefind
frst*
fixlist*
    • Click the Look button to start the scan.
    • When finished, a notepad window will open with the results of the scan. Please post this log in your next reply.
    • Note: The log can also be found on your Desktop entitled SystemLook.txt
     
    broni,
    #26
  8. 2015/11/12
    Bigalx58

    Bigalx58 Well-Known Member Thread Starter

    Joined:
    2006/05/29
    Messages:
    205
    Likes Received:
    1
    SystemLook 30.07.11 by jpshortstuff
    Log created at 21:26 on 12/11/2015 by bigalx58
    Administrator - Elevation successful

    No Context:

    No Context:

    No Context: Code:

    ========== filefind ==========

    Searching for "frst* "
    C:\FRST\Logs\FRST_09-11-2015_20-42-54.txt --a---- 93236 bytes [01:42 10/11/2015] [01:42 10/11/2015] 0274137EE46FE182A5B483C92543E914
    C:\FRST\Logs\FRST_11-11-2015_21-45-38.txt --a---- 86293 bytes [02:45 12/11/2015] [02:45 12/11/2015] 0BC6E568A5EDBE04FA8A0B420E2DAF5E
    C:\FRST\Logs\FRST_12-11-2015_08-53-37.txt --a---- 85640 bytes [13:53 12/11/2015] [13:53 12/11/2015] 62B41EAEE61B54D85E9FECB39C0D0775
    C:\FRST\Logs\FRST_12-11-2015_09-05-42.txt --a---- 85800 bytes [14:05 12/11/2015] [14:05 12/11/2015] 3B451931AF49B622C92A1F6F08FAB952
    C:\Users\bigalx58\AppData\Local\Microsoft\Windows\FileHistory\Data\422\C\Users\bigalx58\AppData\Roaming\Microsoft\Windows\Recent\FRST_09-11-2015_20-42-54.txt.lnk -ra---- 825 bytes [02:29 10/11/2015] [01:57 10/11/2015] 3120B047E412EED6AF694CAE3AA02AB3
    C:\Users\bigalx58\Downloads\FRST64.exe --a---- 1575246 bytes [13:07 12/08/2013] [13:07 12/08/2013] 5CC22E5608580D182D624320A20166FE
    C:\Windows\prefetch\FRST.EXE-19696BCF.pf --a---- 6802 bytes [02:42 12/11/2015] [02:42 12/11/2015] B845F68FB30C27CC4E6F6D69FC70BEA4
    C:\Windows\prefetch\FRST64 (1).EXE-A18215EE.pf --a---- 9311 bytes [13:55 12/11/2015] [13:55 12/11/2015] 37A0F5084DE03E2B104EE529AC112A31
    C:\Windows\prefetch\FRST64.EXE-134928DB.pf --a---- 9392 bytes [13:58 12/11/2015] [14:04 12/11/2015] 6846ABDFD36999EFD568C6CBCB7DA287
    C:\Windows\prefetch\FRST64.EXE-3B2FC38C.pf --a---- 9385 bytes [13:52 12/11/2015] [13:52 12/11/2015] 2F12E4E0A38911216CCE2AE1A2000444
    C:\Windows\prefetch\FRST64.EXE-D0A7B13D.pf --a---- 9398 bytes [02:43 12/11/2015] [02:43 12/11/2015] BE6ED04C647CF1298D2FD843AC695133
    C:\Windows\prefetch\FRST64.EXE-DE0D16C1.pf --a---- 9486 bytes [13:49 12/11/2015] [14:04 12/11/2015] DD62D380FD82835A51C513F9AB6B1FB4

    Searching for "fixlist* "
    No files found.

    -= EOF =-
     
    Bigalx58,
    #27
  9. 2015/11/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    C:\Users\bigalx58\Downloads\FRST64.exe
    Please move "FRST64.exe" file from "Downloads" folder to your Desktop.

    "fixlist.txt" is nowhere to bee seen.
    You need to download it from my reply #24 and place it on your Desktop as well.

    When done, double click on FRST64.exe and click "Fix" button.
     
    broni,
    #28
  10. 2015/11/12
    Bigalx58

    Bigalx58 Well-Known Member Thread Starter

    Joined:
    2006/05/29
    Messages:
    205
    Likes Received:
    1
    OK..I have fixlis.txt on my desktop (as before), but when I double clicked the FRST shortcut, I got the message that said that it was 823 days old...It seems to me if I download the new version I'm going to be in the same predicament as before? I'll try it tomorrow ( I'm in the EST zone).
     
    Bigalx58,
    #29
  11. 2015/11/12
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Ok....
     
    broni,
    #30
  12. 2015/11/13
    Bigalx58

    Bigalx58 Well-Known Member Thread Starter

    Joined:
    2006/05/29
    Messages:
    205
    Likes Received:
    1
    Fix result of Farbar Recovery Scan Tool (x64) Version:07-11-2015
    Ran by bigalx58 (2015-11-13 10:02:40) Run:1
    Running from C:\Users\bigalx58\Downloads
    Loaded Profiles: bigalx58 (Available Profiles: bigalx58 & Administrator)
    Boot Mode: Normal
    ==============================================

    fixlist content:
    *****************
    AlternateDataStreams: C:\ProgramData\TEMP:5C321E34
    S3 avchv; \SystemRoot\system32\DRIVERS\avchv.sys [X]
    S3 TuneUpUtilitiesDrv; \??\C:\Program Files (x86)\AVG\AVG PC TuneUp\TuneUpUtilitiesDriver64.sys [X]
    S3 wfpcapture; \SystemRoot\System32\drivers\wfpcapture.sys [X]
    2015-10-19 17:16 - 2015-11-09 20:34 - 20320792 _____ (LastPass) C:\Program Files (x86)\Common Files\lpuninstall.exe
    2015-10-15 12:56 - 2015-10-15 12:56 - 0000000 ____H () C:\ProgramData\DP45977C.lfl
    2015-10-25 13:01 - 2015-11-01 09:23 - 0000020 _____ () C:\ProgramData\IpAndPort.fig
    2015-11-01 09:23 - 2015-11-01 09:23 - 0000228 _____ () C:\ProgramData\RmUserCfg.ini
    C:\Users\Administrator\ntuser (1).dat
    C:\Users\bigalx58\ntuser (1).dat
    *****************

    C:\ProgramData\TEMP => ":5C321E34" ADS removed successfully.
    avchv => service removed successfully
    TuneUpUtilitiesDrv => service removed successfully
    wfpcapture => service removed successfully
    C:\Program Files (x86)\Common Files\lpuninstall.exe => moved successfully
    C:\ProgramData\DP45977C.lfl => moved successfully
    C:\ProgramData\IpAndPort.fig => moved successfully
    C:\ProgramData\RmUserCfg.ini => moved successfully
    C:\Users\Administrator\ntuser (1).dat => moved successfully
    C:\Users\bigalx58\ntuser (1).dat => moved successfully

    ==== End of Fixlog 10:02:40 ====

    I hope I did it right this time!:)
     
    Bigalx58,
    #31
  13. 2015/11/13
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    Yes.

    Last scans...

    [​IMG] Download Security Check from here or here and save it to your Desktop.
    • Double-click SecurityCheck.exe
    • Follow the onscreen instructions inside of the black box.
    • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

    NOTE 1. If one of your security applications (e.g., third-party firewall) requests permission to allow DIG.EXE access the Internet, allow it to do so.
    NOTE 2. SecurityCheck may produce some false warning(s), so leave the results reading to me.
    NOTE 3. If you receive UNSUPPORTED OPERATING SYSTEM! ABORTED! message restart computer and Security Check should run


    [​IMG] Please download Farbar Service Scanner (FSS) and run it on the computer with the issue.
    Make sure the following options are checked:
    • Internet Services
    • Windows Firewall
    • System Restore
    • Security Center
    • Windows Update
    • Windows Defender
    • Other Services

    Press "Scan ".
    It will create a log (FSS.txt) in the same directory the tool is run.
    Please copy and paste the log to your reply.


    [​IMG] Download Temp File Cleaner (TFC)
    Alternate download: http://www.itxassociates.com/OT-Tools/TFC.exe
    • Double click on TFC.exe to run the program.
    • Click on Start button to begin cleaning process.
    • TFC will close all running programs, and it may ask you to restart computer.


    [​IMG] Download Sophos Free Virus Removal Tool and save it to your desktop.
    • Double click the icon and select Run
    • Click Next
    • Select I accept the terms in this license agreement, then click Next twice
    • Click Install
    • Click Finish to launch the program
    • Once the virus database has been updated click Start Scanning
    • If any threats are found click Details, then View log file... (bottom left hand corner)
    • Copy and paste the results in your reply
    • Close the Notepad document, close the Threat Details screen, then click Start cleanup
    • Click Exit to close the program
     
    broni,
    #32
  14. 2015/11/14
    Bigalx58

    Bigalx58 Well-Known Member Thread Starter

    Joined:
    2006/05/29
    Messages:
    205
    Likes Received:
    1
    Results of screen317's Security Check version 1.009
    x64 (UAC is enabled)
    Internet Explorer 11
    ``````````````Antivirus/Firewall Check:``````````````
    Windows Firewall Enabled!
    Windows Defender
    WMI entry may not exist for antivirus; attempting automatic update.
    `````````Anti-malware/Other Utilities Check:`````````
    SpywareBlaster 5.2
    Auslogics Registry Cleaner
    Java 8 Update 65
    Java version 32-bit out of Date!
    ````````Process Check: objlist.exe by Laurent````````
    Windows Defender MSMpEng.exe
    Windows Defender MpCmdRun.exe
    `````````````````System Health check`````````````````
    Total Fragmentation on Drive C: %
    ````````````````````End of Log``````````````````````
     
    Bigalx58,
    #33
  15. 2015/11/14
    Bigalx58

    Bigalx58 Well-Known Member Thread Starter

    Joined:
    2006/05/29
    Messages:
    205
    Likes Received:
    1
    Farbar Service Scanner Version: 26-07-2015
    Ran by bigalx58 (administrator) on 14-11-2015 at 11:20:12
    Running from "C:\Users\bigalx58\AppData\Local\Microsoft\Windows\INetCache\IE\N1L0MK86 "
    Microsoft Windows 10 Home (X64)
    Boot Mode: Normal
    ****************************************************************

    Internet Services:
    ============

    Connection Status:
    ==============
    Localhost is accessible.
    LAN connected.
    Google IP is accessible.
    Google.com is accessible.
    Yahoo.com is accessible.


    Windows Firewall:
    =============

    Firewall Disabled Policy:
    ==================


    System Restore:
    ============

    System Restore Policy:
    ========================


    Action Center:
    ============


    Windows Update:
    ============

    Windows Autoupdate Disabled Policy:
    ============================


    Windows Defender:
    ==============

    Other Services:
    ==============


    File Check:
    ========
    C:\Windows\System32\nsisvc.dll => File is digitally signed
    C:\Windows\System32\drivers\nsiproxy.sys => File is digitally signed
    C:\Windows\System32\dhcpcore.dll => File is digitally signed
    C:\Windows\System32\drivers\afd.sys => File is digitally signed
    C:\Windows\System32\drivers\tdx.sys => File is digitally signed
    C:\Windows\System32\Drivers\tcpip.sys => File is digitally signed
    C:\Windows\System32\dnsrslvr.dll => File is digitally signed
    C:\Windows\System32\mpssvc.dll => File is digitally signed
    C:\Windows\System32\bfe.dll => File is digitally signed
    C:\Windows\System32\drivers\mpsdrv.sys => File is digitally signed
    C:\Windows\System32\wscsvc.dll => File is digitally signed
    C:\Windows\System32\wbem\WMIsvc.dll => File is digitally signed
    C:\Windows\System32\wuaueng.dll => File is digitally signed
    C:\Windows\System32\qmgr.dll => File is digitally signed
    C:\Windows\System32\es.dll => File is digitally signed
    C:\Windows\System32\cryptsvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MpSvc.dll => File is digitally signed
    C:\Program Files\Windows Defender\MsMpEng.exe => File is digitally signed
    C:\Windows\System32\ipnathlp.dll => File is digitally signed
    C:\Windows\System32\iphlpsvc.dll => File is digitally signed
    C:\Windows\System32\svchost.exe => File is digitally signed
    C:\Windows\System32\rpcss.dll => File is digitally signed


    **** End of log ****
     
    Bigalx58,
    #34
  16. 2015/11/14
    Bigalx58

    Bigalx58 Well-Known Member Thread Starter

    Joined:
    2006/05/29
    Messages:
    205
    Likes Received:
    1
    There were no threats with Sophos and TFC
     
    Bigalx58,
    #35
  17. 2015/11/14
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    [​IMG] Uninstall Auslogics Registry Cleaner.

    Registry cleaners/optimizers are not recommended for several reasons:

    • Registry cleaners are extremely powerful applications that can damage the registry by using aggressive cleaning routines and cause your computer to become unbootable.

      The Windows registry is a central repository (database) for storing configuration data, user settings and machine-dependent settings, and options for the operating system. It contains information and settings for all hardware, software, users, and preferences. Whenever a user makes changes to settings, file associations, system policies, or installed software, the changes are reflected and stored in this repository. The registry is a crucial component because it is where Windows "remembers" all this information, how it works together, how Windows boots the system and what files it uses when it does. The registry is also a vulnerable subsystem, in that relatively small changes done incorrectly can render the system inoperable. For a more detailed explanation, read Understanding The Registry.
    • Not all registry cleaners are created equal. There are a number of them available but they do not all work entirely the same way. Each vendor uses different criteria as to what constitutes a "bad entry ". One cleaner may find entries on your system that will not cause problems when removed, another may not find the same entries, and still another may want to remove entries required for a program to work.
    • Not all registry cleaners create a backup of the registry before making changes. If the changes prevent the system from booting up, then there is no backup available to restore it in order to regain functionality. A backup of the registry is essential BEFORE making any changes to the registry.
    • Improperly removing registry entries can hamper malware disinfection and make the removal process more difficult if your computer becomes infected. For example, removing malware related registry entries before the infection is properly identified can contribute to system instability and even make the malware undetectable to removal tools.
    • The usefulness of cleaning the registry is highly overrated and can be dangerous. In most cases, using a cleaner to remove obsolete, invalid, and erroneous entries does not affect system performance but it can result in "unpredictable results ".
    Unless you have a particular problem that requires a registry edit to correct it, I would suggest you leave the registry alone. Using registry cleaning tools unnecessarily or incorrectly could lead to disastrous effects on your operating system such as preventing it from ever starting again. For routine use, the benefits to your computer are negligible while the potential risks are great.


    ==============================

    Your computer is clean [​IMG]

    1. This step will remove all cleaning tools we used, it'll reset restore points (so you won't get reinfected by accidentally using some older restore point) and it'll make some other minor adjustments...
    This is a very crucial step so make sure you don't skip it.
    Download [​IMG]DelFix by Xplode to your desktop. Delfix will delete all the used tools and logfiles.

    Double-click Delfix.exe to start the tool.
    Make sure the following items are checked:
    • Activate UAC (optional; some users prefer to keep it off)
    • Remove disinfection tools
    • Create registry backup
    • Purge System Restore
    • Reset system settings
    Now click "Run" and wait patiently.
    Once finished a logfile will be created. You don't have to attach it to your next reply.

    2. Make sure Windows Updates are current.

    3. If any trojans, rootkits or bootkits were listed among your infection(s), make sure, you change all of your on-line important passwords (bank account(s), secured web sites, etc.) immediately!

    4. Check if your browser plugins are up to date.
    Firefox - https://www.mozilla.org/en-US/plugincheck/
    other browsers: https://browsercheck.qualys.com/ (click on "Scan without installing plugin" and then on "Scan now ")

    5. Download, and install WOT (Web OF Trust): http://www.mywot.com/. It'll warn you (in most cases) about dangerous web sites.

    6. Run Malwarebytes "Quick scan" once in a while to assure safety of your computer.

    7. Run Temporary File Cleaner (TFC), AdwCleaner and Junkware Removal Tool (JRT) weekly (you need to redownload these tools since they were removed by DelFix).

    8. Download and install Secunia Personal Software Inspector (PSI): http://secunia.com/vulnerability_scanning/personal/. The Secunia PSI is a FREE security tool designed to detect vulnerable and out-dated programs and plug-ins which expose your PC to attacks. Run it weekly.

    9. (optional) If you want to keep all your programs up to date, download and install FileHippo Update Checker.
    The Update Checker will scan your computer for installed software, check the versions and then send this information to FileHippo.com to see if there are any newer releases.

    10. When installing\updating ANY program, make sure you always select "Custom " installation, so you can UN-check any possible "drive-by-install" (foistware), like toolbars etc., which may try to install along with the legitimate program. Do NOT click "Next" button without looking at any given page.

    11. Read:
    How did I get infected?, With steps so it does not happen again!: http://www.bleepingcomputer.com/forums/topic2520.html
    Simple and easy ways to keep your computer safe and secure on the Internet: http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/
    About those Toolbars and Add-ons - Potentially Unwanted Programs (PUPs) which change your browser settings: http://www.bleepingcomputer.com/for...curity-questions-best-practices/#entry3187642

    12. Please, let me know, how your computer is doing.
     
    broni,
    #36
  18. 2015/11/15
    Bigalx58

    Bigalx58 Well-Known Member Thread Starter

    Joined:
    2006/05/29
    Messages:
    205
    Likes Received:
    1
    Thank you so much for taking the time to help me! I don't want to beleaguer the point, but why would I get start getting all of those 'threats' when I really haven't changed my web surfing style? Is it Windows 10? That's the only major change that I did to the computer.
     
    Bigalx58,
    #37
  19. 2015/11/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    As I said at the beginning tracking cookies are not considered as security threats but privacy issue.
    No other scan even bothers with them.
    Run SAS on any computer and it'll discover some.
    Nothing to worry about.

    Good luck and stay safe :)
     
    broni,
    #38
  20. 2015/11/15
    Bigalx58

    Bigalx58 Well-Known Member Thread Starter

    Joined:
    2006/05/29
    Messages:
    205
    Likes Received:
    1
    Thanks again and all the best to you!
     
    Bigalx58,
    #39
  21. 2015/11/15
    broni

    broni Moderator Malware Analyst

    Joined:
    2002/08/01
    Messages:
    21,701
    Likes Received:
    116
    You're very welcome [​IMG]
     
    broni,
    #40
Page 2 of 2

Share This Page

  1. This site uses cookies to help personalise content, tailor your experience and to keep you logged in if you register.
    By continuing to use this site, you are consenting to our use of cookies.
    Accept Learn More...